korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2025-01-06 05:44:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

platform/x86: wmi: Break possible infinite loop when parsing GUID

Browse Source 
[ Upstream commit 028e6e204a ]

The while-loop may break on one of the two conditions, either ID string
is empty or GUID matches. The second one, may never be reached if the
parsed string is not correct GUID. In such a case the loop will never
advance to check the next ID.

Break possible infinite loop by factoring out guid_parse_and_compare()
helper which may be moved to the generic header for everyone later on
and preventing from similar mistake in the future.

Interestingly that firstly it appeared when WMI was turned into a bus
driver, but later when duplicated GUIDs were checked, the while-loop
has been replaced by for-loop and hence no mistake made again.

Fixes: a48e23385f ("platform/x86: wmi: add context pointer field to struct wmi_device_id")
Fixes: 844af950da ("platform/x86: wmi: Turn WMI into a bus driver")
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20230621151155.78279-1-andriy.shevchenko@linux.intel.com
Tested-by: Armin Wolf <W_Armin@gmx.de>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Andy Shevchenko 2023-06-21 18:11:54 +03:00 committed by Greg Kroah-Hartman
parent 02081e5718
commit 7aefc43277
1 changed files with 12 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
drivers/platform/x86/wmi.c
View File

@ -133,6 +133,16 @@ static bool find_guid(const char *guid_string, struct wmi_block **out)
return false;
}
static bool guid_parse_and_compare(const char *string, const guid_t *guid)
{
guid_t guid_input;
if (guid_parse(string, &guid_input))
return false;
return guid_equal(&guid_input, guid);
}
static const void *find_guid_context(struct wmi_block *wblock,
struct wmi_driver *wdriver)
{
@ -145,11 +155,7 @@ static const void *find_guid_context(struct wmi_block *wblock,
id = wdriver->id_table;
while (*id->guid_string) {
guid_t guid_input;
if (guid_parse(id->guid_string, &guid_input))
continue;
if (guid_equal(&wblock->gblock.guid, &guid_input))
if (guid_parse_and_compare(id->guid_string, &wblock->gblock.guid))
return id->context;
id++;
}
@ -811,11 +817,7 @@ static int wmi_dev_match(struct device *dev, struct device_driver *driver)
return 0;
while (*id->guid_string) {
guid_t driver_guid;
if (WARN_ON(guid_parse(id->guid_string, &driver_guid)))
continue;
if (guid_equal(&driver_guid, &wblock->gblock.guid))
if (guid_parse_and_compare(id->guid_string, &wblock->gblock.guid))
return 1;
id++;