[PATCH v2 1/4] platform/x86/amd/hsmp: Validate ACPI UID before parsing socket index
From: Muralidhara M K
Date: Mon Jun 29 2026 - 12:19:47 EST
hsmp_get_uid() passed the device UID directly to kstrtou16(uid + 2)
without checking it. A NULL UID or one shorter than three characters
would dereference a NULL pointer or read past the end of the string.
Reject such UIDs with -EINVAL before stripping the "ID" prefix.
Signed-off-by: Muralidhara M K <muralidhara.mk@xxxxxxx>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@xxxxxxxxxxxxxxx>
Link: https://patch.msgid.link/20260625123337.886435-3-muralidhara.mk@xxxxxxx
---
drivers/platform/x86/amd/hsmp/acpi.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/platform/x86/amd/hsmp/acpi.c b/drivers/platform/x86/amd/hsmp/acpi.c
index 97ed71593bdf..4a1ce4cb25e7 100644
--- a/drivers/platform/x86/amd/hsmp/acpi.c
+++ b/drivers/platform/x86/amd/hsmp/acpi.c
@@ -21,6 +21,7 @@
#include <linux/kstrtox.h>
#include <linux/module.h>
#include <linux/platform_device.h>
+#include <linux/string.h>
#include <linux/sysfs.h>
#include <linux/topology.h>
#include <linux/uuid.h>
@@ -77,6 +78,8 @@ static inline int hsmp_get_uid(struct device *dev, u16 *sock_ind)
* bytes to integer.
*/
uid = acpi_device_uid(ACPI_COMPANION(dev));
+ if (!uid || strlen(uid) < 3)
+ return -EINVAL;
return kstrtou16(uid + 2, 10, sock_ind);
}
--
2.43.0