Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/drivers/acpi
History
Takashi Iwai 847d1c16ab ACPI: APEI / ERST: Fix missing error handling in erst_reader() 
commit bb82e0b4a7e96494f0c1004ce50cec3d7b5fb3d1 upstream.

The commit f6f8285132 ("pstore: pass allocated memory region back to
caller") changed the check of the return value from erst_read() in
erst_reader() in the following way:

        if (len == -ENOENT)
                goto skip;
-       else if (len < 0) {
-               rc = -1;
+       else if (len < sizeof(*rcd)) {
+               rc = -EIO;
                goto out;

This introduced another bug: since the comparison with sizeof() is
cast to unsigned, a negative len value doesn't hit any longer.
As a result, when an error is returned from erst_read(), the code
falls through, and it may eventually lead to some weird thing like
memory corruption.

This patch adds the negative error value check more explicitly for
addressing the issue.

Fixes: f6f8285132 (pstore: pass allocated memory region back to caller)
Tested-by: Jerry Tang <jtang@suse.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Acked-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
 		2019-07-27 21:46:19 +02:00
..
acpica ACPICA: Dispatcher: Update thread ID for recursive method calls 2016-06-07 10:42:53 +02:00
apei ACPI: APEI / ERST: Fix missing error handling in erst_reader() 2019-07-27 21:46:19 +02:00
Kconfig Merge branch 'acpi-assorted' 2013-04-28 01:54:08 +02:00
Makefile ACPI: Add CMOS RTC Operation Region handler support 2013-07-21 18:21:28 -07:00
ac.c ACPI / AC: Add sleep quirk for Thinkpad e530 2013-05-12 14:03:15 +02:00
acpi_cmos_rtc.c ACPI: Add CMOS RTC Operation Region handler support 2013-07-21 18:21:28 -07:00
acpi_i2c.c ACPI / I2C: Use parent's ACPI_HANDLE() in acpi_i2c_register_devices() 2013-04-02 15:30:41 +02:00
acpi_ipmi.c ACPI / IPMI: Fix atomic context requirement of ipmi_msg_handler() 2013-10-13 16:08:34 -07:00
acpi_lpss.c ACPI / LPSS: don't crash if a device has no MMIO resources 2013-09-26 17:18:05 -07:00
acpi_memhotplug.c ACPI / memhotplug: Fix a stale pointer in error path 2013-08-04 16:51:02 +08:00
acpi_pad.c ACPI / acpi_pad: Used PTR_RET 2013-03-25 00:13:15 +01:00
acpi_platform.c ACPI / scan: Add special handler for Intel Lynxpoint LPSS devices 2013-03-21 22:44:38 +01:00
battery.c ACPI / battery: Retry to get battery information if failed during probing 2014-07-17 15:58:04 -07:00
bgrt.c
blacklist.c ACPI / blacklist: Add dmi_enable_osi_linux quirk for Asus EEE PC 1015PX 2014-06-07 13:25:39 -07:00
bus.c ACPI: Fix conflict between customized DSDT and DSDT local copy 2014-06-30 20:09:44 -07:00
button.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
cm_sbs.c
container.c Merge branch 'acpi-assorted' 2013-04-28 01:54:08 +02:00
custom_method.c The sweeping change is to make add_taint() explicitly indicate whether to disable 2013-02-25 15:41:43 -08:00
debugfs.c
device_pm.c ACPI / PM: Fix corner case in acpi_bus_update_power() 2013-07-21 18:21:29 -07:00
dock.c ACPI / dock / PCI: Synchronous handling of dock events for PCI devices 2013-06-24 11:22:53 +02:00
ec.c ACPI / EC: Ensure lock is acquired before accessing ec struct members 2013-11-29 11:11:43 -08:00
ec_sys.c
event.c
fan.c ACPI / fan: avoid null pointer deference error 2013-03-25 23:01:00 +01:00
glue.c ACPI: Try harder to resolve _ADR collisions for bridges 2013-08-29 09:47:29 -07:00
hed.c
internal.h ACPI: Add CMOS RTC Operation Region handler support 2013-07-21 18:21:28 -07:00
numa.c x86, ACPI, mm: Revert movablemem_map support 2013-03-02 09:34:39 -08:00
nvs.c
osl.c ACPI / init: Fix the ordering of acpi_reserve_resources() 2015-06-05 23:20:00 -07:00
pci_irq.c ACPI / PCI: Fix memory leak in acpi_pci_irq_enable() 2014-03-06 21:30:09 -08:00
pci_link.c ACPI: Set length even for TYPE_END_TAG acpi resource 2013-03-24 01:00:38 +01:00
pci_root.c ACPI / hotplug: Fix conflicted PCI bridge notify handlers 2013-12-04 10:57:04 -08:00
pci_slot.c PCI/ACPI: Handle PCI slot devices when creating/destroying PCI buses 2013-04-12 15:38:25 -06:00
power.c ACPI / PM: Fix error code path for power resources initialization 2013-06-20 00:47:55 +02:00
proc.c ACPI / PM: Walk physical_node_list under physical_node_lock 2013-08-14 22:59:07 -07:00
processor_core.c ACPI / processor: Remove redundant NULL check before kfree 2013-03-04 14:23:39 +01:00
processor_driver.c ACPI / PM: Move processor suspend/resume to syscore_ops 2013-05-12 14:03:14 +02:00
processor_idle.c cpuidle: ACPI: do not overwrite name and description of C0 2015-04-19 10:10:49 +02:00
processor_perflib.c acpi: Export the acpi_processor_get_performance_info 2013-03-06 10:00:34 -05:00
processor_thermal.c ACPI / processor_thermal: avoid null pointer deference error 2013-03-25 23:01:01 +01:00
processor_throttling.c ACPI / processor: Rework processor throttling with work_on_cpu() 2014-03-06 21:30:09 -08:00
reboot.c
resource.c ACPI / resources: only reject zero length resources based at address zero 2014-07-17 15:58:01 -07:00
sbs.c proc: Supply a function to remove a proc entry by PDE 2013-05-01 17:29:46 -04:00
sbshc.c
sbshc.h
scan.c ACPI: Run fixed event device notifications in process context 2014-09-17 09:03:59 -07:00
sleep.c ACPI / sleep: Add extra checks for HW Reduced ACPI mode sleep states 2014-03-23 21:38:17 -07:00
sleep.h
sysfs.c ACPI / hotplug: Make acpi_hotplug_profile_ktype static 2013-03-19 00:16:15 +01:00
tables.c
thermal.c ACPI / thermal: do not always return THERMAL_TREND_RAISING for active trip points 2013-04-26 13:34:40 +02:00
utils.c
video.c ACPI / video: Load the module even if ACPI is disabled 2015-03-18 13:22:35 +01:00
video_detect.c ACPI / video: Add "Asus UL30A" to ACPI video detect blacklist 2013-05-23 01:41:45 +02:00
wakeup.c