Message ID | 20200708134613.131555-1-bsz@semihalf.com (mailing list archive) |
---|---|
State | Not Applicable, archived |
Delegated to: | Zhang Rui |
Headers | show |
Series | thermal/int340x_thermal: Prevent page fault on .set_mode() op | expand |
Hi Rui, Matthew, I think this regression should be corrected still in the 5.8 release cycle. It may cause kernel panic if .set_mode() is called before current_uuid_store(), and from what I see both operations can be triggered from sysfs. What I'm not 100% sure about is if we should apply the above fix, or rather revert the driver to its default behaviour of using uuid=0 if it wasn't set from userspace (this is how it was before Matthew's commit). What do you think? Best regards, Bartosz On Wed, Jul 8, 2020 at 3:46 PM Bartosz Szczepanek <bsz@semihalf.com> wrote: > > Starting from commit "thermal/int340x_thermal: Don't require IDSP to > exist", priv->current_uuid_index is initialized to -1. This value may > be passed to int3400_thermal_run_osc() from int3400_thermal_set_mode, > contributing to page fault when accessing int3400_thermal_uuids array > at index -1. > > This commit adds a check on uuid value to int3400_thermal_run_osc. > > Signed-off-by: Bartosz Szczepanek <bsz@semihalf.com> > --- > drivers/thermal/intel/int340x_thermal/int3400_thermal.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/drivers/thermal/intel/int340x_thermal/int3400_thermal.c b/drivers/thermal/intel/int340x_thermal/int3400_thermal.c > index 0b3a62655843..12448ccd27f1 100644 > --- a/drivers/thermal/intel/int340x_thermal/int3400_thermal.c > +++ b/drivers/thermal/intel/int340x_thermal/int3400_thermal.c > @@ -216,11 +216,16 @@ static int int3400_thermal_run_osc(acpi_handle handle, > acpi_status status; > int result = 0; > struct acpi_osc_context context = { > - .uuid_str = int3400_thermal_uuids[uuid], > + .uuid_str = NULL, > .rev = 1, > .cap.length = 8, > }; > > + if (uuid < 0 || uuid >= INT3400_THERMAL_MAXIMUM_UUID) > + return -EINVAL; > + > + context.uuid_str = int3400_thermal_uuids[uuid]; > + > buf[OSC_QUERY_DWORD] = 0; > buf[OSC_SUPPORT_DWORD] = enable; > > -- > 2.17.1 >
On Wed, 2020-07-08 at 15:46 +0200, Bartosz Szczepanek wrote: > Starting from commit "thermal/int340x_thermal: Don't require IDSP to > exist", priv->current_uuid_index is initialized to -1. This value may > be passed to int3400_thermal_run_osc() from int3400_thermal_set_mode, > contributing to page fault when accessing int3400_thermal_uuids array > at index -1. > > This commit adds a check on uuid value to int3400_thermal_run_osc. > > Signed-off-by: Bartosz Szczepanek <bsz@semihalf.com> Reviewed-by: Pandruvada, Srinivas <srinivas.pandruvada@linux.intel.com> > --- > drivers/thermal/intel/int340x_thermal/int3400_thermal.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/drivers/thermal/intel/int340x_thermal/int3400_thermal.c > b/drivers/thermal/intel/int340x_thermal/int3400_thermal.c > index 0b3a62655843..12448ccd27f1 100644 > --- a/drivers/thermal/intel/int340x_thermal/int3400_thermal.c > +++ b/drivers/thermal/intel/int340x_thermal/int3400_thermal.c > @@ -216,11 +216,16 @@ static int int3400_thermal_run_osc(acpi_handle > handle, > acpi_status status; > int result = 0; > struct acpi_osc_context context = { > - .uuid_str = int3400_thermal_uuids[uuid], > + .uuid_str = NULL, > .rev = 1, > .cap.length = 8, > }; > > + if (uuid < 0 || uuid >= INT3400_THERMAL_MAXIMUM_UUID) > + return -EINVAL; > + > + context.uuid_str = int3400_thermal_uuids[uuid]; > + > buf[OSC_QUERY_DWORD] = 0; > buf[OSC_SUPPORT_DWORD] = enable; >
diff --git a/drivers/thermal/intel/int340x_thermal/int3400_thermal.c b/drivers/thermal/intel/int340x_thermal/int3400_thermal.c index 0b3a62655843..12448ccd27f1 100644 --- a/drivers/thermal/intel/int340x_thermal/int3400_thermal.c +++ b/drivers/thermal/intel/int340x_thermal/int3400_thermal.c @@ -216,11 +216,16 @@ static int int3400_thermal_run_osc(acpi_handle handle, acpi_status status; int result = 0; struct acpi_osc_context context = { - .uuid_str = int3400_thermal_uuids[uuid], + .uuid_str = NULL, .rev = 1, .cap.length = 8, }; + if (uuid < 0 || uuid >= INT3400_THERMAL_MAXIMUM_UUID) + return -EINVAL; + + context.uuid_str = int3400_thermal_uuids[uuid]; + buf[OSC_QUERY_DWORD] = 0; buf[OSC_SUPPORT_DWORD] = enable;
Starting from commit "thermal/int340x_thermal: Don't require IDSP to exist", priv->current_uuid_index is initialized to -1. This value may be passed to int3400_thermal_run_osc() from int3400_thermal_set_mode, contributing to page fault when accessing int3400_thermal_uuids array at index -1. This commit adds a check on uuid value to int3400_thermal_run_osc. Signed-off-by: Bartosz Szczepanek <bsz@semihalf.com> --- drivers/thermal/intel/int340x_thermal/int3400_thermal.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)