Patch "firmware: arm_scmi: Harden accesses to the reset domains" has been added to the 5.10-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Thu, 23 May 2024 14:09:32 +0200

This is a note to let you know that I've just added the patch titled

    firmware: arm_scmi: Harden accesses to the reset domains

to the 5.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     firmware-arm_scmi-harden-accesses-to-the-reset-domains.patch
and it can be found in the queue-5.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From e9076ffbcaed5da6c182b144ef9f6e24554af268 Mon Sep 17 00:00:00 2001
From: Cristian Marussi <cristian.marussi@xxxxxxx>
Date: Wed, 17 Aug 2022 18:27:29 +0100
Subject: firmware: arm_scmi: Harden accesses to the reset domains

From: Cristian Marussi <cristian.marussi@xxxxxxx>

commit e9076ffbcaed5da6c182b144ef9f6e24554af268 upstream.

Accessing reset domains descriptors by the index upon the SCMI drivers
requests through the SCMI reset operations interface can potentially
lead to out-of-bound violations if the SCMI driver misbehave.

Add an internal consistency check before any such domains descriptors
accesses.

Link: https://lore.kernel.org/r/20220817172731.1185305-5-cristian.marussi@xxxxxxx
Signed-off-by: Cristian Marussi <cristian.marussi@xxxxxxx>
Signed-off-by: Sudeep Holla <sudeep.holla@xxxxxxx>
Signed-off-by: Dominique Martinet <dominique.martinet@xxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 drivers/firmware/arm_scmi/reset.c |    6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

--- a/drivers/firmware/arm_scmi/reset.c
+++ b/drivers/firmware/arm_scmi/reset.c
@@ -149,8 +149,12 @@ static int scmi_domain_reset(const struc
 	struct scmi_xfer *t;
 	struct scmi_msg_reset_domain_reset *dom;
 	struct scmi_reset_info *pi = handle->reset_priv;
-	struct reset_dom_info *rdom = pi->dom_info + domain;
+	struct reset_dom_info *rdom;
 
+	if (domain >= pi->num_domains)
+		return -EINVAL;
+
+	rdom = pi->dom_info + domain;
 	if (rdom->async_reset)
 		flags |= ASYNCHRONOUS_RESET;
 


Patches currently in stable-queue which might be from cristian.marussi@xxxxxxx are

queue-5.10/firmware-arm_scmi-harden-accesses-to-the-reset-domains.patch







