From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Vishal Verma <vishal.l.verma@intel.com>,
Grzegorz Burzynski <grzegorz.burzynski@intel.com>,
Jeff Moyer <jmoyer@redhat.com>,
Dan Williams <dan.j.williams@intel.com>
Subject: [PATCH 4.14 32/38] acpi/nfit: Fix bus command validation
Date: Sat, 11 Apr 2020 14:09:16 +0200 [thread overview]
Message-ID: <20200411115440.974333990@linuxfoundation.org> (raw)
In-Reply-To: <20200411115437.795556138@linuxfoundation.org>
From: Dan Williams <dan.j.williams@intel.com>
commit ebe9f6f19d80d8978d16078dff3d5bd93ad8d102 upstream.
Commit 11189c1089da "acpi/nfit: Fix command-supported detection" broke
ND_CMD_CALL for bus-level commands. The "func = cmd" assumption is only
valid for:
ND_CMD_ARS_CAP
ND_CMD_ARS_START
ND_CMD_ARS_STATUS
ND_CMD_CLEAR_ERROR
The function number otherwise needs to be pulled from the command
payload for:
NFIT_CMD_TRANSLATE_SPA
NFIT_CMD_ARS_INJECT_SET
NFIT_CMD_ARS_INJECT_CLEAR
NFIT_CMD_ARS_INJECT_GET
Update cmd_to_func() for the bus case and call it in the common path.
Fixes: 11189c1089da ("acpi/nfit: Fix command-supported detection")
Cc: <stable@vger.kernel.org>
Reviewed-by: Vishal Verma <vishal.l.verma@intel.com>
Reported-by: Grzegorz Burzynski <grzegorz.burzynski@intel.com>
Tested-by: Jeff Moyer <jmoyer@redhat.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/nfit/core.c | 24 +++++++++++++-----------
1 file changed, 13 insertions(+), 11 deletions(-)
--- a/drivers/acpi/nfit/core.c
+++ b/drivers/acpi/nfit/core.c
@@ -214,7 +214,7 @@ static int cmd_to_func(struct nfit_mem *
if (call_pkg) {
int i;
- if (nfit_mem->family != call_pkg->nd_family)
+ if (nfit_mem && nfit_mem->family != call_pkg->nd_family)
return -ENOTTY;
for (i = 0; i < ARRAY_SIZE(call_pkg->nd_reserved2); i++)
@@ -223,6 +223,10 @@ static int cmd_to_func(struct nfit_mem *
return call_pkg->nd_command;
}
+ /* In the !call_pkg case, bus commands == bus functions */
+ if (!nfit_mem)
+ return cmd;
+
/* Linux ND commands == NVDIMM_FAMILY_INTEL function numbers */
if (nfit_mem->family == NVDIMM_FAMILY_INTEL)
return cmd;
@@ -238,6 +242,7 @@ int acpi_nfit_ctl(struct nvdimm_bus_desc
unsigned int cmd, void *buf, unsigned int buf_len, int *cmd_rc)
{
struct acpi_nfit_desc *acpi_desc = to_acpi_nfit_desc(nd_desc);
+ struct nfit_mem *nfit_mem = nvdimm_provider_data(nvdimm);
union acpi_object in_obj, in_buf, *out_obj;
const struct nd_cmd_desc *desc = NULL;
struct device *dev = acpi_desc->dev;
@@ -252,18 +257,18 @@ int acpi_nfit_ctl(struct nvdimm_bus_desc
if (cmd_rc)
*cmd_rc = -EINVAL;
+ if (cmd == ND_CMD_CALL)
+ call_pkg = buf;
+ func = cmd_to_func(nfit_mem, cmd, call_pkg);
+ if (func < 0)
+ return func;
+
if (nvdimm) {
- struct nfit_mem *nfit_mem = nvdimm_provider_data(nvdimm);
struct acpi_device *adev = nfit_mem->adev;
if (!adev)
return -ENOTTY;
- if (cmd == ND_CMD_CALL)
- call_pkg = buf;
- func = cmd_to_func(nfit_mem, cmd, call_pkg);
- if (func < 0)
- return func;
dimm_name = nvdimm_name(nvdimm);
cmd_name = nvdimm_cmd_name(cmd);
cmd_mask = nvdimm_cmd_mask(nvdimm);
@@ -274,12 +279,9 @@ int acpi_nfit_ctl(struct nvdimm_bus_desc
} else {
struct acpi_device *adev = to_acpi_dev(acpi_desc);
- func = cmd;
cmd_name = nvdimm_bus_cmd_name(cmd);
cmd_mask = nd_desc->cmd_mask;
- dsm_mask = cmd_mask;
- if (cmd == ND_CMD_CALL)
- dsm_mask = nd_desc->bus_dsm_mask;
+ dsm_mask = nd_desc->bus_dsm_mask;
desc = nd_cmd_bus_desc(cmd);
guid = to_nfit_uuid(NFIT_DEV_BUS);
handle = adev->handle;
next prev parent reply other threads:[~2020-04-11 12:14 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-11 12:08 [PATCH 4.14 00/38] 4.14.176-rc1 review Greg Kroah-Hartman
2020-04-11 12:08 ` [PATCH 4.14 01/38] ipv4: fix a RCU-list lock in fib_triestat_seq_show Greg Kroah-Hartman
2020-04-11 12:08 ` [PATCH 4.14 02/38] net, ip_tunnel: fix interface lookup with no key Greg Kroah-Hartman
2020-04-11 12:08 ` [PATCH 4.14 03/38] sctp: fix refcount bug in sctp_wfree Greg Kroah-Hartman
2020-04-11 12:08 ` [PATCH 4.14 04/38] sctp: fix possibly using a bad saddr with a given dst Greg Kroah-Hartman
2020-04-11 12:08 ` [PATCH 4.14 05/38] drm/bochs: downgrade pci_request_region failure from error to warning Greg Kroah-Hartman
2020-04-11 12:08 ` [PATCH 4.14 06/38] initramfs: restore default compression behavior Greg Kroah-Hartman
2020-04-11 12:08 ` [PATCH 4.14 07/38] tools/power turbostat: Fix gcc build warnings Greg Kroah-Hartman
2020-04-11 12:08 ` [PATCH 4.14 08/38] drm/etnaviv: replace MMU flush marker with flush sequence Greg Kroah-Hartman
2020-04-11 12:08 ` [PATCH 4.14 09/38] blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter Greg Kroah-Hartman
2020-04-11 12:08 ` [PATCH 4.14 10/38] blk-mq: Allow blocking queue tag iter callbacks Greg Kroah-Hartman
2020-04-11 12:08 ` [PATCH 4.14 11/38] misc: pci_endpoint_test: Fix to support > 10 pci-endpoint-test devices Greg Kroah-Hartman
2020-04-11 12:08 ` [PATCH 4.14 12/38] coresight: do not use the BIT() macro in the UAPI header Greg Kroah-Hartman
2020-04-11 12:08 ` [PATCH 4.14 13/38] padata: always acquire cpu_hotplug_lock before pinst->lock Greg Kroah-Hartman
2020-04-11 12:08 ` [PATCH 4.14 14/38] mm: mempolicy: require at least one nodeid for MPOL_PREFERRED Greg Kroah-Hartman
2020-04-11 12:08 ` [PATCH 4.14 15/38] ipv6: dont auto-add link-local address to lag ports Greg Kroah-Hartman
2020-04-11 12:09 ` [PATCH 4.14 16/38] net: dsa: bcm_sf2: Ensure correct sub-node is parsed Greg Kroah-Hartman
2020-04-11 12:09 ` [PATCH 4.14 17/38] net: phy: micrel: kszphy_resume(): add delay after genphy_resume() before accessing PHY registers Greg Kroah-Hartman
2020-04-11 12:09 ` [PATCH 4.14 18/38] net: stmmac: dwmac1000: fix out-of-bounds mac address reg setting Greg Kroah-Hartman
2020-04-11 12:09 ` [PATCH 4.14 19/38] slcan: Dont transmit uninitialized stack data in padding Greg Kroah-Hartman
2020-04-11 12:09 ` [PATCH 4.14 20/38] mlxsw: spectrum_flower: Do not stop at FLOW_ACTION_VLAN_MANGLE Greg Kroah-Hartman
2020-04-11 12:09 ` [PATCH 4.14 21/38] random: always use batched entropy for get_random_u{32,64} Greg Kroah-Hartman
2020-04-11 12:09 ` [PATCH 4.14 22/38] tools/accounting/getdelays.c: fix netlink attribute length Greg Kroah-Hartman
2020-04-11 12:09 ` [PATCH 4.14 23/38] hwrng: imx-rngc - fix an error path Greg Kroah-Hartman
2020-04-11 12:09 ` [PATCH 4.14 24/38] ASoC: jz4740-i2s: Fix divider written at incorrect offset in register Greg Kroah-Hartman
2020-04-11 12:09 ` [PATCH 4.14 25/38] IB/hfi1: Call kobject_put() when kobject_init_and_add() fails Greg Kroah-Hartman
2020-04-11 12:09 ` [PATCH 4.14 26/38] IB/hfi1: Fix memory leaks in sysfs registration and unregistration Greg Kroah-Hartman
2020-04-11 12:09 ` [PATCH 4.14 27/38] ceph: remove the extra slashes in the server path Greg Kroah-Hartman
2020-04-11 12:09 ` [PATCH 4.14 28/38] ceph: canonicalize server path in place Greg Kroah-Hartman
2020-04-11 12:09 ` [PATCH 4.14 29/38] Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl Greg Kroah-Hartman
2020-04-11 12:09 ` [PATCH 4.14 30/38] RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow Greg Kroah-Hartman
2020-04-11 12:09 ` [PATCH 4.14 31/38] fbcon: fix null-ptr-deref in fbcon_switch Greg Kroah-Hartman
2020-04-11 12:09 ` Greg Kroah-Hartman [this message]
2020-04-11 12:09 ` [PATCH 4.14 33/38] clk: qcom: rcg: Return failure for RCG update Greg Kroah-Hartman
2020-04-11 12:09 ` [PATCH 4.14 34/38] drm/msm: stop abusing dma_map/unmap for cache Greg Kroah-Hartman
2020-04-11 12:09 ` [PATCH 4.14 35/38] arm64: Fix size of __early_cpu_boot_status Greg Kroah-Hartman
2020-04-11 12:09 ` [PATCH 4.14 36/38] rpmsg: glink: Remove chunk size word align warning Greg Kroah-Hartman
2020-04-13 5:16 ` nobuhiro1.iwamatsu
2020-04-13 8:20 ` Greg KH
2020-04-11 12:09 ` [PATCH 4.14 37/38] usb: dwc3: dont set gadget->is_otg flag Greg Kroah-Hartman
2020-04-11 12:09 ` [PATCH 4.14 38/38] drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read() Greg Kroah-Hartman
2020-04-11 20:38 ` [PATCH 4.14 00/38] 4.14.176-rc1 review Guenter Roeck
2020-04-12 8:51 ` Naresh Kamboju
2020-04-14 10:36 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200411115440.974333990@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dan.j.williams@intel.com \
--cc=grzegorz.burzynski@intel.com \
--cc=jmoyer@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=vishal.l.verma@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).