From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev,
Cristian Marussi <cristian.marussi@arm.com>,
Sudeep Holla <sudeep.holla@arm.com>,
Dominique Martinet <dominique.martinet@atmark-techno.com>
Subject: [PATCH 5.4 10/16] firmware: arm_scmi: Harden accesses to the reset domains
Date: Thu, 23 May 2024 15:12:43 +0200 [thread overview]
Message-ID: <20240523130326.138140225@linuxfoundation.org> (raw)
In-Reply-To: <20240523130325.743454852@linuxfoundation.org>
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Cristian Marussi <cristian.marussi@arm.com>
commit e9076ffbcaed5da6c182b144ef9f6e24554af268 upstream.
Accessing reset domains descriptors by the index upon the SCMI drivers
requests through the SCMI reset operations interface can potentially
lead to out-of-bound violations if the SCMI driver misbehave.
Add an internal consistency check before any such domains descriptors
accesses.
Link: https://lore.kernel.org/r/20220817172731.1185305-5-cristian.marussi@arm.com
Signed-off-by: Cristian Marussi <cristian.marussi@arm.com>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/firmware/arm_scmi/reset.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/firmware/arm_scmi/reset.c
+++ b/drivers/firmware/arm_scmi/reset.c
@@ -135,8 +135,12 @@ static int scmi_domain_reset(const struc
struct scmi_xfer *t;
struct scmi_msg_reset_domain_reset *dom;
struct scmi_reset_info *pi = handle->reset_priv;
- struct reset_dom_info *rdom = pi->dom_info + domain;
+ struct reset_dom_info *rdom;
+ if (domain >= pi->num_domains)
+ return -EINVAL;
+
+ rdom = pi->dom_info + domain;
if (rdom->async_reset)
flags |= ASYNCHRONOUS_RESET;
next prev parent reply other threads:[~2024-05-23 13:15 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-23 13:12 [PATCH 5.4 00/16] 5.4.277-rc1 review Greg Kroah-Hartman
2024-05-23 13:12 ` [PATCH 5.4 01/16] pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() Greg Kroah-Hartman
2024-05-23 13:12 ` [PATCH 5.4 02/16] ext4: fix bug_on in __es_tree_search Greg Kroah-Hartman
2024-05-23 13:12 ` [PATCH 5.4 03/16] Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems" Greg Kroah-Hartman
2024-05-23 13:12 ` [PATCH 5.4 04/16] Revert "net: bcmgenet: use RGMII loopback for MAC reset" Greg Kroah-Hartman
2024-05-23 13:12 ` [PATCH 5.4 05/16] net: bcmgenet: keep MAC in reset until PHY is up Greg Kroah-Hartman
2024-05-23 13:12 ` [PATCH 5.4 06/16] net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access Greg Kroah-Hartman
2024-05-23 13:12 ` [PATCH 5.4 07/16] net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Greg Kroah-Hartman
2024-05-23 13:12 ` [PATCH 5.4 08/16] net: bcmgenet: synchronize UMAC_CMD access Greg Kroah-Hartman
2024-05-23 13:12 ` [PATCH 5.4 09/16] smb: client: fix potential OOBs in smb2_parse_contexts() Greg Kroah-Hartman
2024-05-23 13:12 ` Greg Kroah-Hartman [this message]
2024-05-23 13:12 ` [PATCH 5.4 11/16] arm64: dts: qcom: Fix interrupt-map parent address cells Greg Kroah-Hartman
2024-05-23 13:12 ` [PATCH 5.4 12/16] btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Greg Kroah-Hartman
2024-05-23 13:12 ` [PATCH 5.4 13/16] drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() Greg Kroah-Hartman
2024-05-23 13:12 ` [PATCH 5.4 14/16] usb: typec: ucsi: displayport: Fix potential deadlock Greg Kroah-Hartman
2024-05-23 13:12 ` [PATCH 5.4 15/16] serial: kgdboc: Fix NMI-safety problems from keyboard reset code Greg Kroah-Hartman
2024-05-23 13:12 ` [PATCH 5.4 16/16] docs: kernel_include.py: Cope with docutils 0.21 Greg Kroah-Hartman
2024-05-23 17:50 ` [PATCH 5.4 00/16] 5.4.277-rc1 review Florian Fainelli
2024-05-23 18:20 ` Mark Brown
2024-05-24 6:54 ` Harshit Mogalapalli
2024-05-24 11:50 ` Anders Roxell
2024-05-24 15:19 ` Jon Hunter
2024-05-24 16:26 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240523130326.138140225@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=cristian.marussi@arm.com \
--cc=dominique.martinet@atmark-techno.com \
--cc=patches@lists.linux.dev \
--cc=stable@vger.kernel.org \
--cc=sudeep.holla@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.