[PATCH] Subject: Prevent acpi_run_osc from using NULL objects (was: Re: Oops in ACPI with git latest)

["Rafael J. Wysocki" <rjw@sisk.pl>]

On Friday, 24 of October 2008, Rafael J. Wysocki wrote:
> On Friday, 24 of October 2008, James Bottomley wrote:
> > On Thu, 2008-10-23 at 15:34 -0700, Moore, Robert wrote:
> > > +	if (!output.pointer)
> > > +		return AE_NULL_OBJECT;
> > > +
> > > 
> > > This probably won't work. acpi_evaluate_object currently doesn't touch the pointer parameter if there is no return value, it only sets the length to zero.
> > 
> > Actually, it does.
> 
> Well, this was the only candidate for a NULL pointer dereference, so I'd be
> surprised if it didn't. :-)
> 
> > > So, you might try this:
> > > 
> > > +	if (!output.length)
> > > +		return AE_NULL_OBJECT;
> > > +
> 
> Still, I'd expect the AML interpreter to return error code in this case.
> 
> > This also works.
> 
> Why don't we make it extra safe, then. ;-)
> 
> ---
> From: Rafael J. Wysocki <rjw@sisk.pl>
> Subject: Prevent acpi_osc_run from using NULL objects

Ah, mistake in the subject.

---
From: Rafael J. Wysocki <rjw@sisk.pl>
Subject: Prevent acpi_run_osc from using NULL objects

Check if the object returned by acpi_evaluate_object() in
acpi_run_osc() is not NULL before using it.

Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
---
 drivers/pci/pci-acpi.c |    3 +++
 1 file changed, 3 insertions(+)

Index: linux-2.6/drivers/pci/pci-acpi.c
===================================================================
--- linux-2.6.orig/drivers/pci/pci-acpi.c
+++ linux-2.6/drivers/pci/pci-acpi.c
@@ -83,6 +83,9 @@ static acpi_status acpi_run_osc(acpi_han
 	if (ACPI_FAILURE(status))
 		return status;
 
+	if (!output.pointer || !output.length)
+		return AE_NULL_OBJECT;
+
 	out_obj = output.pointer;
 	if (out_obj->type != ACPI_TYPE_BUFFER) {
 		printk(KERN_DEBUG "Evaluate _OSC returns wrong type\n");