From: Bartlomiej Zolnierkiewicz <bzolnier@xxxxxxxxx>
Subject: [PATCH] acpi: fix NULL pointer dereference in acpi_ex_release_mutex()
>From Dan's list:
drivers/acpi/acpica/exmutex.c +397 acpi_ex_release_mutex(40) warning: variable derefenced before check 'walk_state->thread'
Reorder the code to make it check for walk_state->thread existence before
accessing walk_state->thread->thread_id and fix the comment while at it.
Reported-by: Dan Carpenter <error27@xxxxxxxxx>
Cc: corbet@xxxxxxx
Cc: eteo@xxxxxxxxxx
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@xxxxxxxxx>
---
2.6.31 material
drivers/acpi/acpica/exmutex.c | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
Index: b/drivers/acpi/acpica/exmutex.c
===================================================================
--- a/drivers/acpi/acpica/exmutex.c
+++ b/drivers/acpi/acpica/exmutex.c
@@ -375,6 +375,14 @@ acpi_ex_release_mutex(union acpi_operand
return_ACPI_STATUS(AE_AML_MUTEX_NOT_ACQUIRED);
}
+ /* must have a valid thread */
+ if (!walk_state->thread) {
+ ACPI_ERROR((AE_INFO,
+ "Cannot release Mutex [%4.4s], null thread info",
+ acpi_ut_get_node_name(obj_desc->mutex.node)));
+ return_ACPI_STATUS(AE_AML_INTERNAL);
+ }
+
/*
* The Mutex is owned, but this thread must be the owner.
* Special case for Global Lock, any thread can release
@@ -392,15 +400,6 @@ acpi_ex_release_mutex(union acpi_operand
return_ACPI_STATUS(AE_AML_NOT_OWNER);
}
- /* Must have a valid thread ID */
-
- if (!walk_state->thread) {
- ACPI_ERROR((AE_INFO,
- "Cannot release Mutex [%4.4s], null thread info",
- acpi_ut_get_node_name(obj_desc->mutex.node)));
- return_ACPI_STATUS(AE_AML_INTERNAL);
- }
-
/*
* The sync level of the mutex must be equal to the current sync level. In
* other words, the current level means that at least one mutex at that
--
To unsubscribe from this list: send the line "unsubscribe linux-acpi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
