CVE-2024-35995

In the Linux kernel, the following vulnerability has been resolved:

ACPI: CPPC: Use accesswidth over bitwidth for system memory accesses

To align with ACPI 6.3+, since bit_width can be any 8-bit value, it cannot be depended on to be always on a clean 8b boundary. This was uncovered on the Cobalt 100 platform.

SError Interrupt on CPU26, code 0xbe000011 -- SError CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : cppcgetperfcaps+0xec/0x410 lr : cppcgetperfcaps+0xe8/0x410 sp : ffff8000155ab730 x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078 x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000 x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008 x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006 x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028 x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000 Kernel panic - not syncing: Asynchronous SError Interrupt CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION Call trace: dumpbacktrace+0x0/0x1e0 showstack+0x24/0x30 dumpstacklvl+0x8c/0xb8 dumpstack+0x18/0x34 panic+0x16c/0x384 addtaint+0x0/0xc0 arm64serrorpanic+0x7c/0x90 arm64isfatalrasserror+0x34/0xa4 doserror+0x50/0x6c el1h64errorhandler+0x40/0x74 el1h64error+0x7c/0x80 cppcgetperfcaps+0xec/0x410 cppccpufreqcpuinit+0x74/0x400 [cppccpufreq] cpufreqonline+0x2dc/0xa30 cpufreqadddev+0xc0/0xd4 subsysinterfaceregister+0x134/0x14c cpufreqregisterdriver+0x1b0/0x354 cppccpufreqinit+0x1a8/0x1000 [cppccpufreq] dooneinitcall+0x50/0x250 doinitmodule+0x60/0x27c loadmodule+0x2300/0x2570 _dosysfinitmodule+0xa8/0x114 _arm64sysfinitmodule+0x2c/0x3c invokesyscall+0x78/0x100 el0svccommon.constprop.0+0x180/0x1a0 doel0svc+0x84/0xa0 el0svc+0x2c/0xc0 el0t64synchandler+0xa4/0x12c el0t64_sync+0x1a4/0x1a8

Instead, use accesswidth to determine the size and use the offset and width to shift and mask the bits to read/write out. Make sure to add a check for system memory since pcc redefines the accesswidth to subspace id.

If accesswidth is not set, then fall back to using bitwidth.

[ rjw: Subject and changelog edits, comment adjustments ]