From 77df5e385a3995a099a68d2462c661e65f0915ff Mon Sep 17 00:00:00 2001
From: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
Date: Sat, 4 Mar 2023 11:28:42 +0000
Subject: [PATCH] ACPI: bus: Avoid non-ACPI device objects in walks over
 children

mainline inclusion
from mainline-v5.19-rc1
commit 10fa1b2cdc899ab471000968af56215bf3c90d8e
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I67QNJ
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=10fa1b2cdc899ab471000968af56215bf3c90d8e

---------------------------------------------

When walking the children of an ACPI device, take extra care to avoid
using to_acpi_device() on the ones that are not ACPI devices, because
that may lead to out-of-bounds access and memory corruption.

While at it, make the function passed to acpi_dev_for_each_child()
take a struct acpi_device pointer argument (instead of a struct device
one), so it is more straightforward to use.

Fixes: b7dd6298db81 ("ACPI: PM: Introduce acpi_dev_power_up_children_with_adr()")
Reported-by: kernel test robot <oliver.sang@intel.com>
BugLink: https://lore.kernel.org/lkml/20220420064725.GB16310@xsang-OptiPlex-9020/
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Reviewed-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Zhang Zekun <zhangzekun11@huawei.com>
Reviewed-by: Kefeng Wang <wangkefeng.wang@huawei.com>
---
 drivers/acpi/bus.c      | 24 ++++++++++++++++++++++--
 include/acpi/acpi_bus.h |  2 +-
 2 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/drivers/acpi/bus.c b/drivers/acpi/bus.c
index 7cc9809264fc..e0193c0eb976 100644
--- a/drivers/acpi/bus.c
+++ b/drivers/acpi/bus.c
@@ -966,10 +966,30 @@ struct bus_type acpi_bus_type = {
 	.uevent		= acpi_device_uevent,
 };
 
+struct acpi_dev_walk_context {
+	int (*fn)(struct acpi_device *, void *);
+	void *data;
+};
+
+static int acpi_dev_for_one_check(struct device *dev, void *context)
+{
+	struct acpi_dev_walk_context *adwc = context;
+
+	if (dev->bus != &acpi_bus_type)
+		return 0;
+
+	return adwc->fn(to_acpi_device(dev), adwc->data);
+}
+
 int acpi_dev_for_each_child(struct acpi_device *adev,
-			    int (*fn)(struct device *, void *), void *data)
+			    int (*fn)(struct acpi_device *, void *), void *data)
 {
-	return device_for_each_child(&adev->dev, data, fn);
+	struct acpi_dev_walk_context adwc = {
+		.fn = fn,
+		.data = data,
+	};
+
+	return device_for_each_child(&adev->dev, &adwc, acpi_dev_for_one_check);
 }
 
 /* --------------------------------------------------------------------------
diff --git a/include/acpi/acpi_bus.h b/include/acpi/acpi_bus.h
index d16a181d8a0e..fc0693c1b87e 100644
--- a/include/acpi/acpi_bus.h
+++ b/include/acpi/acpi_bus.h
@@ -495,7 +495,7 @@ extern int acpi_notifier_call_chain(struct acpi_device *, u32, u32);
 extern int register_acpi_notifier(struct notifier_block *);
 extern int unregister_acpi_notifier(struct notifier_block *);
 int acpi_dev_for_each_child(struct acpi_device *adev,
-			    int (*fn)(struct device *, void *), void *data);
+			    int (*fn)(struct acpi_device *, void *), void *data);
 
 /*
  * External Functions
-- 
GitLab