Re: [PATCH] ACPI / memhotplug: Fix a stale pointer in error path

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2013-07-12 at 23:40 +0200, Rafael J. Wysocki wrote:
> On Friday, July 12, 2013 03:12:24 PM Toshi Kani wrote:
> > On Fri, 2013-07-12 at 23:13 +0200, Rafael J. Wysocki wrote:
> > > On Friday, July 12, 2013 03:01:15 PM Toshi Kani wrote:
> > > > On Fri, 2013-07-12 at 22:42 +0200, Rafael J. Wysocki wrote:
> > > > > On Friday, July 12, 2013 08:51:29 AM Toshi Kani wrote:
> > > > > > On Fri, 2013-07-12 at 09:24 +0900, Yasuaki Ishimatsu wrote:
> > > > > > > (2013/07/11 1:47), Toshi Kani wrote:
> > > > > > > > device->driver_data needs to be cleared when releasing its data,
> > > > > > > > mem_device, in an error path of acpi_memory_device_add().
> > > > > > > > 
> > > > > > > > Signed-off-by: Toshi Kani <toshi.kani@xxxxxx>
> > > > > > > > ---
> > > > > > > 
> > > > > > > Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@xxxxxxxxxxxxxx>
> > > > > > 
> > > > > > Thanks Yasuaki!
> > > > > 
> > > > > Queued up as a fix for 3.11.
> > > > 
> > > > Thanks!
> > > > 
> > > > > Do we need that in -stable as well?
> > > > 
> > > > Good point.  Yes, we need that in -stable as well.
> > > 
> > > What's the oldest mainline major release that fix is applicable to?
> > 
> > The fix is applicable all ways up to 2.6.32.
> 
> For -stable I'll need to say some more about what practical consequences of
> the bug are.  Is it difficult to trigger?

The function evaluates _CRS of memory device objects, and fails when it
gets an unexpected resource or cannot allocate a memory.  A kernel crash
or data corruption may occur when the kernel accessed a stale pointer.
That said, I am not sure how critical this issue is for old kernels
since I do not think there are many platforms that support memory
hotplug today.  After reading the recent -stable discussion on LKML, now
I am not sure if this fix should be applied for -stable.  I instrumented
the kernel to generate an error for testing this change.
 
Thanks,
-Toshi


> 
> Rafael
> 
> 
> > > > > > > >   drivers/acpi/acpi_memhotplug.c |    1 +
> > > > > > > >   1 file changed, 1 insertion(+)
> > > > > > > > 
> > > > > > > > diff --git a/drivers/acpi/acpi_memhotplug.c b/drivers/acpi/acpi_memhotplug.c
> > > > > > > > index c711d11..999adb5 100644
> > > > > > > > --- a/drivers/acpi/acpi_memhotplug.c
> > > > > > > > +++ b/drivers/acpi/acpi_memhotplug.c
> > > > > > > > @@ -323,6 +323,7 @@ static int acpi_memory_device_add(struct acpi_device *device,
> > > > > > > >   	/* Get the range from the _CRS */
> > > > > > > >   	result = acpi_memory_get_device_resources(mem_device);
> > > > > > > >   	if (result) {
> > > > > > > > +		device->driver_data = NULL;
> > > > > > > >   		kfree(mem_device);
> > > > > > > >   		return result;
> > > > > > > >   	}
> > > > > > > > --
> > > > > > > > To unsubscribe from this list: send the line "unsubscribe linux-acpi" in
> > > > > > > > the body of a message to majordomo@xxxxxxxxxxxxxxx
> > > > > > > > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> > > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > 
> > > > > > 
> > > > 
> > > > 
> > 
> > 


--
To unsubscribe from this list: send the line "unsubscribe linux-acpi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux IBM ACPI]     [Linux Power Management]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux