| Message ID | 1350318870-5700-1-git-send-email-toshi.kani@hp.com (mailing list archive) |
|---|---|
| State | Accepted, archived |
| Headers | show |
2012/10/16 1:34, Toshi Kani wrote: > During hot-remove, acpi_bus_hot_remove_device() calls ACPI _LCK > method when device->flags.lockable is set. However, this device > pointer is stale since the target acpi_device object has been > already kfree'd by acpi_bus_trim(). > > The flags.lockable indicates whether or not this ACPI object > implements _LCK method. Fix the stable pointer access by replacing > it with acpi_get_handle() to check if _LCK is implemented. > > Signed-off-by: Toshi Kani <toshi.kani@hp.com> Looks good to me. Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com> > --- > drivers/acpi/scan.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c > index 1fcb867..ed87f43 100644 > --- a/drivers/acpi/scan.c > +++ b/drivers/acpi/scan.c > @@ -97,6 +97,7 @@ void acpi_bus_hot_remove_device(void *context) > struct acpi_eject_event *ej_event = (struct acpi_eject_event *) context; > struct acpi_device *device; > acpi_handle handle = ej_event->handle; > + acpi_handle temp; > struct acpi_object_list arg_list; > union acpi_object arg; > acpi_status status = AE_OK; > @@ -117,13 +118,16 @@ void acpi_bus_hot_remove_device(void *context) > goto err_out; > } > > + /* device has been freed */ > + device = NULL; > + > /* power off device */ > status = acpi_evaluate_object(handle, "_PS3", NULL, NULL); > if (ACPI_FAILURE(status) && status != AE_NOT_FOUND) > printk(KERN_WARNING PREFIX > "Power-off device failed\n"); > > - if (device->flags.lockable) { > + if (ACPI_SUCCESS(acpi_get_handle(handle, "_LCK", &temp))) { > arg_list.count = 1; > arg_list.pointer = &arg; > arg.type = ACPI_TYPE_INTEGER; > -- To unsubscribe from this list: send the line "unsubscribe linux-acpi" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, 2012-10-17 at 10:25 +0900, Yasuaki Ishimatsu wrote: > 2012/10/16 1:34, Toshi Kani wrote: > > During hot-remove, acpi_bus_hot_remove_device() calls ACPI _LCK > > method when device->flags.lockable is set. However, this device > > pointer is stale since the target acpi_device object has been > > already kfree'd by acpi_bus_trim(). > > > > The flags.lockable indicates whether or not this ACPI object > > implements _LCK method. Fix the stable pointer access by replacing > > it with acpi_get_handle() to check if _LCK is implemented. > > > > Signed-off-by: Toshi Kani <toshi.kani@hp.com> > > Looks good to me. > Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com> Thanks Yasuaki for reviewing! -Toshi > > --- > > drivers/acpi/scan.c | 6 +++++- > > 1 file changed, 5 insertions(+), 1 deletion(-) > > > > diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c > > index 1fcb867..ed87f43 100644 > > --- a/drivers/acpi/scan.c > > +++ b/drivers/acpi/scan.c > > @@ -97,6 +97,7 @@ void acpi_bus_hot_remove_device(void *context) > > struct acpi_eject_event *ej_event = (struct acpi_eject_event *) context; > > struct acpi_device *device; > > acpi_handle handle = ej_event->handle; > > + acpi_handle temp; > > struct acpi_object_list arg_list; > > union acpi_object arg; > > acpi_status status = AE_OK; > > @@ -117,13 +118,16 @@ void acpi_bus_hot_remove_device(void *context) > > goto err_out; > > } > > > > + /* device has been freed */ > > + device = NULL; > > + > > /* power off device */ > > status = acpi_evaluate_object(handle, "_PS3", NULL, NULL); > > if (ACPI_FAILURE(status) && status != AE_NOT_FOUND) > > printk(KERN_WARNING PREFIX > > "Power-off device failed\n"); > > > > - if (device->flags.lockable) { > > + if (ACPI_SUCCESS(acpi_get_handle(handle, "_LCK", &temp))) { > > arg_list.count = 1; > > arg_list.pointer = &arg; > > arg.type = ACPI_TYPE_INTEGER; > > > > -- To unsubscribe from this list: send the line "unsubscribe linux-acpi" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wednesday 17 of October 2012 07:55:42 Toshi Kani wrote: > On Wed, 2012-10-17 at 10:25 +0900, Yasuaki Ishimatsu wrote: > > 2012/10/16 1:34, Toshi Kani wrote: > > > During hot-remove, acpi_bus_hot_remove_device() calls ACPI _LCK > > > method when device->flags.lockable is set. However, this device > > > pointer is stale since the target acpi_device object has been > > > already kfree'd by acpi_bus_trim(). > > > > > > The flags.lockable indicates whether or not this ACPI object > > > implements _LCK method. Fix the stable pointer access by replacing > > > it with acpi_get_handle() to check if _LCK is implemented. > > > > > > Signed-off-by: Toshi Kani <toshi.kani@hp.com> > > > > Looks good to me. > > Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com> > > Thanks Yasuaki for reviewing! Applied to linux-pm.git/linux-next as v3.8 material. Thanks, Rafael > > > --- > > > drivers/acpi/scan.c | 6 +++++- > > > 1 file changed, 5 insertions(+), 1 deletion(-) > > > > > > diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c > > > index 1fcb867..ed87f43 100644 > > > --- a/drivers/acpi/scan.c > > > +++ b/drivers/acpi/scan.c > > > @@ -97,6 +97,7 @@ void acpi_bus_hot_remove_device(void *context) > > > struct acpi_eject_event *ej_event = (struct acpi_eject_event *) context; > > > struct acpi_device *device; > > > acpi_handle handle = ej_event->handle; > > > + acpi_handle temp; > > > struct acpi_object_list arg_list; > > > union acpi_object arg; > > > acpi_status status = AE_OK; > > > @@ -117,13 +118,16 @@ void acpi_bus_hot_remove_device(void *context) > > > goto err_out; > > > } > > > > > > + /* device has been freed */ > > > + device = NULL; > > > + > > > /* power off device */ > > > status = acpi_evaluate_object(handle, "_PS3", NULL, NULL); > > > if (ACPI_FAILURE(status) && status != AE_NOT_FOUND) > > > printk(KERN_WARNING PREFIX > > > "Power-off device failed\n"); > > > > > > - if (device->flags.lockable) { > > > + if (ACPI_SUCCESS(acpi_get_handle(handle, "_LCK", &temp))) { > > > arg_list.count = 1; > > > arg_list.pointer = &arg; > > > arg.type = ACPI_TYPE_INTEGER; > > > > > > > > > >
diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c index 1fcb867..ed87f43 100644 --- a/drivers/acpi/scan.c +++ b/drivers/acpi/scan.c @@ -97,6 +97,7 @@ void acpi_bus_hot_remove_device(void *context) struct acpi_eject_event *ej_event = (struct acpi_eject_event *) context; struct acpi_device *device; acpi_handle handle = ej_event->handle; + acpi_handle temp; struct acpi_object_list arg_list; union acpi_object arg; acpi_status status = AE_OK; @@ -117,13 +118,16 @@ void acpi_bus_hot_remove_device(void *context) goto err_out; } + /* device has been freed */ + device = NULL; + /* power off device */ status = acpi_evaluate_object(handle, "_PS3", NULL, NULL); if (ACPI_FAILURE(status) && status != AE_NOT_FOUND) printk(KERN_WARNING PREFIX "Power-off device failed\n"); - if (device->flags.lockable) { + if (ACPI_SUCCESS(acpi_get_handle(handle, "_LCK", &temp))) { arg_list.count = 1; arg_list.pointer = &arg; arg.type = ACPI_TYPE_INTEGER;
During hot-remove, acpi_bus_hot_remove_device() calls ACPI _LCK method when device->flags.lockable is set. However, this device pointer is stale since the target acpi_device object has been already kfree'd by acpi_bus_trim(). The flags.lockable indicates whether or not this ACPI object implements _LCK method. Fix the stable pointer access by replacing it with acpi_get_handle() to check if _LCK is implemented. Signed-off-by: Toshi Kani <toshi.kani@hp.com> --- drivers/acpi/scan.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)