From 72e4d07d9499d979a3fc38c77f4120707c709ea5 Mon Sep 17 00:00:00 2001
From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Fri, 17 Dec 2021 10:12:09 +0300
Subject: [PATCH] platform/x86: think-lmi: Prevent underflow in index_store()
Git-commit: 72e4d07d9499d979a3fc38c77f4120707c709ea5
Patch-mainline: v5.17-rc1
References: bsc#1210050

There needs to be a check to prevent negative offsets for
setting->index.  I have reviewed this code and I think that the
"if (block->instance_count <= instance)" check in __query_block() will
prevent this from resulting in an out of bounds access.  But it's
still worth fixing.

Fixes: 640a5fa50a42 ("platform/x86: think-lmi: Opcode support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20211217071209.GF26548@kili
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Takashi Iwai <tiwai@suse.de>

---
 drivers/platform/x86/think-lmi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/platform/x86/think-lmi.c b/drivers/platform/x86/think-lmi.c
index 27ab8e4e5b83..0b73e16cccea 100644
--- a/drivers/platform/x86/think-lmi.c
+++ b/drivers/platform/x86/think-lmi.c
@@ -573,7 +573,7 @@ static ssize_t index_store(struct kobject *kobj,
 	if (err < 0)
 		return err;
 
-	if (val > TLMI_INDEX_MAX)
+	if (val < 0 || val > TLMI_INDEX_MAX)
 		return -EINVAL;
 
 	setting->index = val;
-- 
2.35.3