[v1] ACPI: processor_pdc: Fix uninitialized access of buf

Message ID	20230914222527.3472379-1-michal.wilczynski@intel.com (mailing list archive)
State	Mainlined, archived
Headers	show Return-Path: <linux-acpi-owner@vger.kernel.org> From: Michal Wilczynski <michal.wilczynski@intel.com> To: linux-acpi@vger.kernel.org Cc: rafael@kernel.org, linux-kernel@vger.kernel.org, lenb@kernel.org, Michal Wilczynski <michal.wilczynski@intel.com> Subject: [PATCH v1] ACPI: processor_pdc: Fix uninitialized access of buf Date: Fri, 15 Sep 2023 01:25:27 +0300 Message-ID: <20230914222527.3472379-1-michal.wilczynski@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	[v1] ACPI: processor_pdc: Fix uninitialized access of buf \| expand [v1] ACPI: processor_pdc: Fix uninitialized access of buf

Message ID

20230914222527.3472379-1-michal.wilczynski@intel.com (mailing list archive)

State

Mainlined, archived

Headers

From: Michal Wilczynski <michal.wilczynski@intel.com>
To: linux-acpi@vger.kernel.org
Cc: rafael@kernel.org, linux-kernel@vger.kernel.org, lenb@kernel.org,
        Michal Wilczynski <michal.wilczynski@intel.com>
Subject: [PATCH v1] ACPI: processor_pdc: Fix uninitialized access of buf
Date: Fri, 15 Sep 2023 01:25:27 +0300
Message-ID: <20230914222527.3472379-1-michal.wilczynski@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

[v1] ACPI: processor_pdc: Fix uninitialized access of buf | expand

Commit Message

Wilczynski, Michal Sept. 14, 2023, 10:25 p.m. UTC

Bug was introduced during unification of setting CAP_SMP_T_SWCOORD for
_PDC and _OSC methods. Third u32 in buffer is never being zero-ed before
setting bits on it. The memory is not guaranteed to be zero as it was
allocated by kmalloc() instead of kzalloc(). Fix this by initializing
third u32 in buffer to 0.

Fixes: b9e8d0168a7a ("ACPI: processor: Set CAP_SMP_T_SWCOORD in arch_acpi_set_proc_cap_bits()")
Signed-off-by: Michal Wilczynski <michal.wilczynski@intel.com>
---
 drivers/acpi/processor_pdc.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Rafael J. Wysocki Sept. 18, 2023, 10:17 a.m. UTC | #1

On Fri, Sep 15, 2023 at 12:25 AM Michal Wilczynski
<michal.wilczynski@intel.com> wrote:
>
> Bug was introduced during unification of setting CAP_SMP_T_SWCOORD for
> _PDC and _OSC methods. Third u32 in buffer is never being zero-ed before
> setting bits on it. The memory is not guaranteed to be zero as it was
> allocated by kmalloc() instead of kzalloc(). Fix this by initializing
> third u32 in buffer to 0.
>
> Fixes: b9e8d0168a7a ("ACPI: processor: Set CAP_SMP_T_SWCOORD in arch_acpi_set_proc_cap_bits()")
> Signed-off-by: Michal Wilczynski <michal.wilczynski@intel.com>
> ---
>  drivers/acpi/processor_pdc.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/drivers/acpi/processor_pdc.c b/drivers/acpi/processor_pdc.c
> index 1a8591e9a9bf..994091bd52de 100644
> --- a/drivers/acpi/processor_pdc.c
> +++ b/drivers/acpi/processor_pdc.c
> @@ -19,6 +19,7 @@ static void acpi_set_pdc_bits(u32 *buf)
>  {
>         buf[0] = ACPI_PDC_REVISION_ID;
>         buf[1] = 1;
> +       buf[2] = 0;
>
>         /* Twiddle arch-specific bits needed for _PDC */
>         arch_acpi_set_proc_cap_bits(&buf[2]);
> --

Applied as 6.6-rc material, thanks!

diff --git a/drivers/acpi/processor_pdc.c b/drivers/acpi/processor_pdc.c
index 1a8591e9a9bf..994091bd52de 100644
--- a/drivers/acpi/processor_pdc.c
+++ b/drivers/acpi/processor_pdc.c
@@ -19,6 +19,7 @@  static void acpi_set_pdc_bits(u32 *buf)
 {
 	buf[0] = ACPI_PDC_REVISION_ID;
 	buf[1] = 1;
+	buf[2] = 0;
 
 	/* Twiddle arch-specific bits needed for _PDC */
 	arch_acpi_set_proc_cap_bits(&buf[2]);

[v1] ACPI: processor_pdc: Fix uninitialized access of buf

Commit Message

Comments

Patch