Commit c89b250
committed
platform/x86: wmi: Fix opening of char device
jira LE-1907
cve CVE-2023-52864
Rebuild_History Non-Buildable kernel-5.14.0-427.31.1.el9_4
commit-author Armin Wolf <W_Armin@gmx.de>
commit eba9ac7
Since commit fa1f68d ("drivers: misc: pass miscdevice pointer via
file private data"), the miscdevice stores a pointer to itself inside
filp->private_data, which means that private_data will not be NULL when
wmi_char_open() is called. This might cause memory corruption should
wmi_char_open() be unable to find its driver, something which can
happen when the associated WMI device is deleted in wmi_free_devices().
Fix the problem by using the miscdevice pointer to retrieve the WMI
device data associated with a char device using container_of(). This
also avoids wmi_char_open() picking a wrong WMI device bound to a
driver with the same name as the original driver.
Fixes: 44b6b76 ("platform/x86: wmi: create userspace interface for drivers")
Signed-off-by: Armin Wolf <W_Armin@gmx.de>
Link: https://lore.kernel.org/r/20231020211005.38216-5-W_Armin@gmx.de
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
(cherry picked from commit eba9ac7)
Signed-off-by: Jonathan Maple <jmaple@ciq.com>1 parent 9108eb0 commit c89b250
1 file changed
+6
-14
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
803 | 803 | | |
804 | 804 | | |
805 | 805 | | |
806 | | - | |
807 | | - | |
808 | | - | |
809 | | - | |
810 | | - | |
811 | | - | |
812 | | - | |
813 | | - | |
814 | | - | |
815 | | - | |
816 | | - | |
817 | | - | |
| 806 | + | |
| 807 | + | |
| 808 | + | |
| 809 | + | |
| 810 | + | |
818 | 811 | | |
819 | | - | |
820 | | - | |
| 812 | + | |
821 | 813 | | |
822 | 814 | | |
823 | 815 | | |
| |||
0 commit comments