From patchwork Mon May 30 08:57:37 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lin Ming X-Patchwork-Id: 829522 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter1.kernel.org (8.14.4/8.14.3) with ESMTP id p4U8sVGi006240 for ; Mon, 30 May 2011 08:57:17 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752093Ab1E3I5R (ORCPT ); Mon, 30 May 2011 04:57:17 -0400 Received: from mga11.intel.com ([192.55.52.93]:19127 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751878Ab1E3I5Q (ORCPT ); Mon, 30 May 2011 04:57:16 -0400 Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP; 30 May 2011 01:57:16 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="4.65,290,1304319600"; d="scan'208";a="10825751" Received: from minggr.sh.intel.com (HELO [10.239.13.5]) ([10.239.13.5]) by fmsmga001.fm.intel.com with ESMTP; 30 May 2011 01:57:15 -0700 Subject: re: ACPI: Add D3 cold state From: Lin Ming To: Dan Carpenter Cc: "open list:ACPI" , Len Brown In-Reply-To: <20110530084250.GM3099@shale.localdomain> References: <20110530084250.GM3099@shale.localdomain> Date: Mon, 30 May 2011 16:57:37 +0800 Message-ID: <1306745857.9702.19.camel@minggr.sh.intel.com> Mime-Version: 1.0 X-Mailer: Evolution 2.30.3 Sender: linux-acpi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-acpi@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.6 (demeter1.kernel.org [140.211.167.41]); Mon, 30 May 2011 08:57:17 +0000 (UTC) On Mon, 2011-05-30 at 16:42 +0800, Dan Carpenter wrote: > Commit 28c2103dad04 "ACPI: Add D3 cold state" introduced a read past > the end of the array in drivers/acpi/bus.c > > 224 static int __acpi_bus_set_power(struct acpi_device *device, int state) > 225 { > 226 int result = 0; > 227 acpi_status status = AE_OK; > 228 char object_name[5] = { '_', 'P', 'S', '0' + state, '\0' }; > 229 > 230 if (!device || (state < ACPI_STATE_D0) || (state > ACPI_STATE_D3_COLD)) > ^^^^^^^^^^^^^^^^^^ > This is 4 now. > > 231 return -EINVAL; > 232 > 233 /* Make sure this is a valid target state */ > 234 > 235 if (state == device->power.state) { > 236 ACPI_DEBUG_PRINT((ACPI_DB_INFO, "Device is already at D%d\n", > 237 state)); > 238 return 0; > 239 } > 240 > 241 if (!device->power.states[state].flags.valid) { > ^^^^^^^^^^^^^ > This array has 4 elements so we are one space past the end > of the array. Ah! We need fix like below. --- To unsubscribe from this list: send the line "unsubscribe linux-acpi" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/include/acpi/acpi_bus.h b/include/acpi/acpi_bus.h index 3a10ef5..ff246e8 100644 --- a/include/acpi/acpi_bus.h +++ b/include/acpi/acpi_bus.h @@ -210,7 +210,7 @@ struct acpi_device_power_state { struct acpi_device_power { int state; /* Current state */ struct acpi_device_power_flags flags; - struct acpi_device_power_state states[4]; /* Power states (D0-D3) */ + struct acpi_device_power_state states[5]; /* Power states (D0-D3Cold) */ }; /* Performance Management */