Commit 5e3f5973 authored by Hans de Goede's avatar Hans de Goede

platform/x86: dell-wmi-sysman: Make init_bios_attributes() ACPI object parsing more robust

Make init_bios_attributes() ACPI object parsing more robust:
1. Always check that the type of the return ACPI object is package, rather
   then only checking this for instance_id == 0
2. Check that the package has the minimum amount of elements which will
   be consumed by the populate_foo_data() for the attr_type

Note/TODO: The populate_foo_data() functions should also be made more
robust. The should check the type of each of the elements matches the
type which they expect and in case of populate_enum_data()
obj->package.count should be passed to it as an argument and it should
re-check this itself since it consume a variable number of elements.

Fixes: e8a60aa7 ("platform/x86: Introduce support for Systems Management Driver over WMI for Dell Systems")
Cc: Divya Bharathi <Divya_Bharathi@dell.com>
Cc: Mario Limonciello <mario.limonciello@dell.com>
Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20210321121607.35717-1-hdegoede@redhat.com
parent f1fba086
...@@ -399,6 +399,7 @@ static int init_bios_attributes(int attr_type, const char *guid) ...@@ -399,6 +399,7 @@ static int init_bios_attributes(int attr_type, const char *guid)
union acpi_object *obj = NULL; union acpi_object *obj = NULL;
union acpi_object *elements; union acpi_object *elements;
struct kset *tmp_set; struct kset *tmp_set;
int min_elements;
/* instance_id needs to be reset for each type GUID /* instance_id needs to be reset for each type GUID
* also, instance IDs are unique within GUID but not across * also, instance IDs are unique within GUID but not across
...@@ -409,14 +410,38 @@ static int init_bios_attributes(int attr_type, const char *guid) ...@@ -409,14 +410,38 @@ static int init_bios_attributes(int attr_type, const char *guid)
retval = alloc_attributes_data(attr_type); retval = alloc_attributes_data(attr_type);
if (retval) if (retval)
return retval; return retval;
switch (attr_type) {
case ENUM: min_elements = 8; break;
case INT: min_elements = 9; break;
case STR: min_elements = 8; break;
case PO: min_elements = 4; break;
default:
pr_err("Error: Unknown attr_type: %d\n", attr_type);
return -EINVAL;
}
/* need to use specific instance_id and guid combination to get right data */ /* need to use specific instance_id and guid combination to get right data */
obj = get_wmiobj_pointer(instance_id, guid); obj = get_wmiobj_pointer(instance_id, guid);
if (!obj || obj->type != ACPI_TYPE_PACKAGE) if (!obj)
return -ENODEV; return -ENODEV;
elements = obj->package.elements;
mutex_lock(&wmi_priv.mutex); mutex_lock(&wmi_priv.mutex);
while (elements) { while (obj) {
if (obj->type != ACPI_TYPE_PACKAGE) {
pr_err("Error: Expected ACPI-package type, got: %d\n", obj->type);
retval = -EIO;
goto err_attr_init;
}
if (obj->package.count < min_elements) {
pr_err("Error: ACPI-package does not have enough elements: %d < %d\n",
obj->package.count, min_elements);
goto nextobj;
}
elements = obj->package.elements;
/* sanity checking */ /* sanity checking */
if (elements[ATTR_NAME].type != ACPI_TYPE_STRING) { if (elements[ATTR_NAME].type != ACPI_TYPE_STRING) {
pr_debug("incorrect element type\n"); pr_debug("incorrect element type\n");
...@@ -481,7 +506,6 @@ static int init_bios_attributes(int attr_type, const char *guid) ...@@ -481,7 +506,6 @@ static int init_bios_attributes(int attr_type, const char *guid)
kfree(obj); kfree(obj);
instance_id++; instance_id++;
obj = get_wmiobj_pointer(instance_id, guid); obj = get_wmiobj_pointer(instance_id, guid);
elements = obj ? obj->package.elements : NULL;
} }
mutex_unlock(&wmi_priv.mutex); mutex_unlock(&wmi_priv.mutex);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment