[SRU][F][PATCH 0/1] CVE-2023-52614

[Koichiro Den]

[Impact]

PM / devfreq: Fix buffer overflow in trans_stat_show

Fix buffer overflow in trans_stat_show().

Convert simple snprintf to the more secure scnprintf with size of
PAGE_SIZE.

Add condition checking if we are exceeding PAGE_SIZE and exit early from
loop. Also add at the end a warning that we exceeded PAGE_SIZE and that
stats is disabled.

Return -EFBIG in the case where we don't have enough space to write the
full transition table.

Also document in the ABI that this function can return -EFBIG error.

[Backport]

I crafted a custom diff that suits our tree to avoid unnecessary changes
and new features. The key missing dependencies missing from our tree are
as follows:
- commit b5d281f6c16d ("PM / devfreq: Rework freq_table to be local to devfreq struct")
- commit a03dacb0316f ("PM / devfreq: Add cpu based scaling support to passive governor")
- commit 483d557ee9a3 ("PM / devfreq: Clean up the devfreq instance name in sysfs attr")
- commit 1ebd0bc0e8ad ("PM / devfreq: Move statistics to separate struct devfreq_stats")
- commit 14a343968199 ("PM / devfreq: Add clearing transitions stats")
- commit b76b3479dab9 ("PM / devfreq: Change time stats to 64-bit")
- commit 5c0f6c795957 ("PM / devfreq: Add new interrupt_driven flag for governors")

[Fix]

Noble:  fixed via stable
Jammy:  fixed via stable
Focal:  Backport - crafted diff manually, see [Backport]
Bionic: fix sent to esm ML
Xenial: fix sent to esm ML
Trusty: won't fix

[Test Case]

Compile and boot tested

[Where problems could occur]

This fix affects platforms that provide OPP table and request devfreq
feature, an issue with this fix would cause buffer overflow when reading
/sys/class/devfreq/.../trans_stat if the output exceeds PAGE_SIZE.


Christian Marangi (1):
  PM / devfreq: Fix buffer overflow in trans_stat_show

 Documentation/ABI/testing/sysfs-class-devfreq |  2 +
 drivers/devfreq/devfreq.c                     | 60 +++++++++++++------
 2 files changed, 43 insertions(+), 19 deletions(-)

-- 
2.43.0