From: Chris Mason <chris.mason@oracle.com>
To: Alex Chiang <achiang@hp.com>
Cc: lenb@kernel.org, linux-acpi@vger.kernel.org,
linux-kernel@vger.kernel.org, stable@kernel.org
Subject: Re: [PATCH] set dock_station->flags to zero during dock_add
Date: Fri, 12 Feb 2010 15:45:48 -0500 [thread overview]
Message-ID: <20100212204548.GS3524@think> (raw)
In-Reply-To: <20100201173518.GA28002@ldl.fc.hp.com>
On Mon, Feb 01, 2010 at 10:35:18AM -0700, Alex Chiang wrote:
> Hi Chris,
>
> Thanks for catching this. Seems better to just memset the stack
> variable before we kmemdup it in platform_deivce_register_data().
>
I don't see either patch in rc8, I think we want to do something for
docking in 2.6.33...Len are you interested in picking up either of these
fixes?
[ full quote below ]
-chris
> How about this instead?
>
> ---
> From: Alex Chiang <achiang@hp.com>
>
> ACPI: dock: properly initialize local struct dock_station in dock_add()
>
> Commit fe06fba2 (ACPI: dock: add struct dock_station * directly
> to platform device data) changed dock_add() to use the
> platform_device_register_data() API.
>
> We passed that interface a stack variable, which is kmemdup'ed
> and assigned to the device's platform_data pointer.
>
> Unfortunately, whatever random garbage is in the stack variable
> gets coped during the kmemdup, and that leads to broken behavior.
>
> Explicitly zero out the structure before passing it to the API.
>
> Cc: stable@kernel.org
> Reported-by: Chris Mason <chris.mason@oracle.com>
> Signed-off-by: Alex Chiang <achiang@hp.com>
> ---
> Commit fe06fba2 was introduced in 2.6.32-rc5, so we need this fix
> for the .32 stable series only.
>
> ---
> diff --git a/drivers/acpi/dock.c b/drivers/acpi/dock.c
> index bbc2c13..b2586f5 100644
> --- a/drivers/acpi/dock.c
> +++ b/drivers/acpi/dock.c
> @@ -935,6 +935,7 @@ static int dock_add(acpi_handle handle)
> struct platform_device *dd;
>
> id = dock_station_count;
> + memset(&ds, 0, sizeof(ds));
> dd = platform_device_register_data(NULL, "dock", id, &ds, sizeof(ds));
> if (IS_ERR(dd))
> return PTR_ERR(dd);
next prev parent reply other threads:[~2010-02-12 20:46 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-01 16:30 [PATCH] set dock_station->flags to zero during dock_add Chris Mason
2010-02-01 17:35 ` Alex Chiang
2010-02-01 17:45 ` Chris Mason
2010-02-01 17:57 ` Alex Chiang
2010-02-12 20:45 ` Chris Mason [this message]
2010-02-13 9:34 ` Len Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100212204548.GS3524@think \
--to=chris.mason@oracle.com \
--cc=achiang@hp.com \
--cc=lenb@kernel.org \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.