From: Tuan Phan tuanphan@os.amperecomputing.com
mainline inclusion from mainline-v5.8-rc1 commit 50c8ab8d9fbf5b18d5162a797ca26568afc0af1a category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5LBE7 CVE: NA
--------------------------------
An IORT PMCG node can have no ID mapping if its overflow interrupt is wire based therefore the code that parses the PMCG node can not assume the node will always have a single mapping present at index 0.
Fix iort_get_id_mapping_index() by checking for an overflow interrupt and mapping count.
Fixes: 24e516049360 ("ACPI/IORT: Add support for PMCG")
Signed-off-by: Tuan Phan tuanphan@os.amperecomputing.com Reviewed-by: Hanjun Guo guoahanjun@huawei.com Acked-by: Lorenzo Pieralisi lorenzo.pieralisi@arm.com Link: https://lore.kernel.org/r/1589994787-28637-1-git-send-email-tuanphan@os.ampe... Signed-off-by: Will Deacon will@kernel.org Signed-off-by: Xiongfeng Wang wangxiongfeng2@huawei.com Reviewed-by: Hanjun Guo guohanjun@huawei.com Signed-off-by: Yongqiang Liu liuyongqiang13@huawei.com --- drivers/acpi/arm64/iort.c | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/drivers/acpi/arm64/iort.c b/drivers/acpi/arm64/iort.c index 611628f9d679..9ad4ee8884de 100644 --- a/drivers/acpi/arm64/iort.c +++ b/drivers/acpi/arm64/iort.c @@ -422,6 +422,7 @@ static struct acpi_iort_node *iort_node_get_id(struct acpi_iort_node *node, static int iort_get_id_mapping_index(struct acpi_iort_node *node) { struct acpi_iort_smmu_v3 *smmu; + struct acpi_iort_pmcg *pmcg;
switch (node->type) { case ACPI_IORT_NODE_SMMU_V3: @@ -449,6 +450,10 @@ static int iort_get_id_mapping_index(struct acpi_iort_node *node)
return smmu->id_mapping_index; case ACPI_IORT_NODE_PMCG: + pmcg = (struct acpi_iort_pmcg *)node->node_data; + if (pmcg->overflow_gsiv || node->mapping_count == 0) + return -EINVAL; + return 0; default: return -EINVAL;