From: Nishanth Aravamudan <nacc-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
To: len.brown-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org
Cc: acpi-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
Subject: [UPDATE PATCH] acpi/video: check brightness is non-NULL before writing
Date: Wed, 16 Nov 2005 12:43:39 -0800 [thread overview]
Message-ID: <20051116204339.GK3122@us.ibm.com> (raw)
In-Reply-To: <20050912184401.GC25471-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
On 12.09.2005 [11:44:01 -0700], Nishanth Aravamudan wrote:
> Hi Len, acpi-devel,
>
> An easy to reproduce oops:
>
> if
>
> cat /proc/acpi/video/VID/LCD0/brightness
>
> reports <not supported>
>
> and then one does
>
> echo 1 > /proc/acpi/video/VID/LCD0/brightness
>
> the following oops will occur every time.
>
> Sep 12 11:39:27 joust kernel: [4606058.981000] <1>Unable to handle kernel NULL pointer dereference at virtual address 00000004
> Sep 12 11:39:27 joust kernel: [4606313.261000] c024a542
> Sep 12 11:39:27 joust kernel: [4606313.261000] PREEMPT
> Sep 12 11:39:27 joust kernel: [4606313.261000] Modules linked in: dummy wlan_wep ath_pci ath_rate_sample wlan ath_hal
> Sep 12 11:39:27 joust kernel: [4606313.261000] CPU: 0
> Sep 12 11:39:27 joust kernel: [4606313.261000] EIP: 0060:[acpi_video_device_write_brightness+91/140] Tainted: P VLI
> Sep 12 11:39:27 joust kernel: [4606313.261000] EFLAGS: 00010246 (2.6.13)
> Sep 12 11:39:27 joust kernel: [4606313.261000] EIP is at acpi_video_device_write_brightness+0x5b/0x8c
> Sep 12 11:39:27 joust kernel: [4606313.261000] eax: 00000001 ebx: 00000001 ecx: 00000000 edx: 00000000
> Sep 12 11:39:27 joust kernel: [4606313.261000] esi: c1b62ec0 edi: 00000002 ebp: de191f74 esp: de191f64
> Sep 12 11:39:27 joust kernel: [4606313.261000] ds: 007b es: 007b ss: 0068
> Sep 12 11:39:27 joust kernel: [4606313.261000] Process bash (pid: 406, threadinfo=de190000 task=e3012a80)
> Sep 12 11:39:27 joust kernel: [4606313.261000] Stack: 00000a31 c050e8e0 ea258e80 080eec08 de191f94 c015ff6c de191fa0 c050e8e0
> Sep 12 11:39:27 joust kernel: [4606313.261000] 00000000 ea258e80 fffffff7 080eec08 de191fb4 c01600d1 de191fa0 00000000
> Sep 12 11:39:27 joust kernel: [4606313.261000] 00000000 00000000 00000001 00000002 de190000 c0103165 00000001 080eec08
> Sep 12 11:39:27 joust kernel: [4606313.261000] Call Trace:
> Sep 12 11:39:27 joust kernel: [4606313.261000] [show_stack+122/144] show_stack+0x7a/0x90
> Sep 12 11:39:27 joust kernel: [4606313.261000] [show_registers+342/448] show_registers+0x156/0x1c0
> Sep 12 11:39:27 joust kernel: [4606313.261000] [die+224/368] die+0xe0/0x170
> Sep 12 11:39:27 joust kernel: [4606313.261000] [do_page_fault+831/1674] do_page_fault+0x33f/0x68a
> Sep 12 11:39:27 joust kernel: [4606313.261000] [error_code+79/84] error_code+0x4f/0x54
> Sep 12 11:39:27 joust kernel: [4606313.261000] [vfs_write+172/352] vfs_write+0xac/0x160
> Sep 12 11:39:27 joust kernel: [4606313.261000] [sys_write+65/112] sys_write+0x41/0x70
> Sep 12 11:39:27 joust kernel: [4606313.261000] [syscall_call+7/11] syscall_call+0x7/0xb
> Sep 12 11:39:27 joust kernel: [4606313.261000] Code: ff 85 c0 b9 f2 ff ff ff 75 4a 8d 45 f0 31 c9 31 d2 c6 04 07 00 e8 9f 29 fd ff 83 f8 64 89 c3 b9 f2 ff ff ff 77 2e 8b 56 1c 31 c9 <3b> 4a 04 7d 22 8b 42 08 3b 1c 88 75 14 89 da 89 f0 e8 51 f8 ff
>
> The following patch fixes the issue for me.
Haven't heard anything for the past few months. Here's an updated patch
for 2.6.15-rc1.
Thanks,
Nish
Description: acpi_video_device_brightness_seq_show() checks for both dev
and dev->brightness to be non-NULL, but
acpi_video_device_write_brightness() only checks if dev is non-NULL,
leading to an easily reproducible oops. Checking for dev->brightness in
the write routine fixes the problem.
Signed-off-by: Nishanth Aravamudan <nacc-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
---
drivers/acpi/video.c | 2 +-
1 files changed, 1 insertion(+), 1 deletion(-)
diff -urpN 2.6.15-rc1/drivers/acpi/video.c 2.6.15-rc1-dev/drivers/acpi/video.c
--- 2.6.15-rc1/drivers/acpi/video.c 2005-11-11 20:32:50.000000000 -0800
+++ 2.6.15-rc1-dev/drivers/acpi/video.c 2005-11-16 12:40:42.000000000 -0800
@@ -812,7 +812,7 @@ acpi_video_device_write_brightness(struc
ACPI_FUNCTION_TRACE("acpi_video_device_write_brightness");
- if (!dev || count + 1 > sizeof str)
+ if (!dev || !dev->brightness || count + 1 > sizeof str)
return_VALUE(-EINVAL);
if (copy_from_user(str, buffer, count))
-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc. Get Certified Today
Register for a JBoss Training Course. Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click
next prev parent reply other threads:[~2005-11-16 20:43 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-09-12 18:44 [PATCH] acpi/video: check brightness is non-NULL before writing Nishanth Aravamudan
[not found] ` <20050912184401.GC25471-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2005-11-16 20:43 ` Nishanth Aravamudan [this message]
[not found] ` <20051116204339.GK3122-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2005-11-17 6:30 ` [UPDATE PATCH] " Yu, Luming
[not found] ` <200511171430.16431.luming.yu-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2005-11-17 16:58 ` Nishanth Aravamudan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20051116204339.GK3122@us.ibm.com \
--to=nacc-r/jw6+rmf7hqt0dzr+alfa@public.gmane.org \
--cc=acpi-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \
--cc=len.brown-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox