From: "Rafael J. Wysocki" rafael.j.wysocki@intel.com
mainline inclusion from mainline-v5.19-rc1 commit 10fa1b2cdc899ab471000968af56215bf3c90d8e category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I67QNJ CVE: NA
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?...
---------------------------------------------
When walking the children of an ACPI device, take extra care to avoid using to_acpi_device() on the ones that are not ACPI devices, because that may lead to out-of-bounds access and memory corruption.
While at it, make the function passed to acpi_dev_for_each_child() take a struct acpi_device pointer argument (instead of a struct device one), so it is more straightforward to use.
Fixes: b7dd6298db81 ("ACPI: PM: Introduce acpi_dev_power_up_children_with_adr()") Reported-by: kernel test robot oliver.sang@intel.com BugLink: https://lore.kernel.org/lkml/20220420064725.GB16310@xsang-OptiPlex-9020/ Signed-off-by: Rafael J. Wysocki rafael.j.wysocki@intel.com Reviewed-by: Mika Westerberg mika.westerberg@linux.intel.com Signed-off-by: Zhang Zekun zhangzekun11@huawei.com --- drivers/acpi/bus.c | 24 ++++++++++++++++++++++-- include/acpi/acpi_bus.h | 2 +- 2 files changed, 23 insertions(+), 3 deletions(-)
diff --git a/drivers/acpi/bus.c b/drivers/acpi/bus.c index d8a6b32a17ad..de8185585f46 100644 --- a/drivers/acpi/bus.c +++ b/drivers/acpi/bus.c @@ -963,10 +963,30 @@ struct bus_type acpi_bus_type = { .uevent = acpi_device_uevent, };
+struct acpi_dev_walk_context { + int (*fn)(struct acpi_device *, void *); + void *data; +}; + +static int acpi_dev_for_one_check(struct device *dev, void *context) +{ + struct acpi_dev_walk_context *adwc = context; + + if (dev->bus != &acpi_bus_type) + return 0; + + return adwc->fn(to_acpi_device(dev), adwc->data); +} + int acpi_dev_for_each_child(struct acpi_device *adev, - int (*fn)(struct device *, void *), void *data) + int (*fn)(struct acpi_device *, void *), void *data) { - return device_for_each_child(&adev->dev, data, fn); + struct acpi_dev_walk_context adwc = { + .fn = fn, + .data = data, + }; + + return device_for_each_child(&adev->dev, &adwc, acpi_dev_for_one_check); }
/* -------------------------------------------------------------------------- diff --git a/include/acpi/acpi_bus.h b/include/acpi/acpi_bus.h index d16a181d8a0e..fc0693c1b87e 100644 --- a/include/acpi/acpi_bus.h +++ b/include/acpi/acpi_bus.h @@ -495,7 +495,7 @@ extern int acpi_notifier_call_chain(struct acpi_device *, u32, u32); extern int register_acpi_notifier(struct notifier_block *); extern int unregister_acpi_notifier(struct notifier_block *); int acpi_dev_for_each_child(struct acpi_device *adev, - int (*fn)(struct device *, void *), void *data); + int (*fn)(struct acpi_device *, void *), void *data);
/* * External Functions