* [PATCH] ACPI / extlog: don't dereference extlog_l1_addr if it is null
@ 2015-12-02 11:58 Colin King
2015-12-02 12:12 ` Borislav Petkov
0 siblings, 1 reply; 2+ messages in thread
From: Colin King @ 2015-12-02 11:58 UTC (permalink / raw)
To: Rafael J . Wysocki, Len Brown, linux-acpi; +Cc: linux-kernel
From: Colin Ian King <colin.king@canonical.com>
There is a check to see if extlog_l1_addr is null before calling
acpi_os_unmap_iomem, however, before that call there is a
dereference on this that could trip an oops. Move the
extlog_l1_addr dereference so it occurs only if it is not null.
Found by static analysis by smatch.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
drivers/acpi/acpi_extlog.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/acpi/acpi_extlog.c b/drivers/acpi/acpi_extlog.c
index b3842ff..183b7b2 100644
--- a/drivers/acpi/acpi_extlog.c
+++ b/drivers/acpi/acpi_extlog.c
@@ -309,9 +309,10 @@ static void __exit extlog_exit(void)
{
set_edac_report_status(old_edac_report_status);
mce_unregister_decode_chain(&extlog_mce_dec);
- ((struct extlog_l1_head *)extlog_l1_addr)->flags &= ~FLAG_OS_OPTIN;
- if (extlog_l1_addr)
+ if (extlog_l1_addr) {
+ ((struct extlog_l1_head *)extlog_l1_addr)->flags &= ~FLAG_OS_OPTIN;
acpi_os_unmap_iomem(extlog_l1_addr, l1_size);
+ }
if (elog_addr)
acpi_os_unmap_iomem(elog_addr, elog_size);
release_mem_region(elog_base, elog_size);
--
2.6.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] ACPI / extlog: don't dereference extlog_l1_addr if it is null
2015-12-02 11:58 [PATCH] ACPI / extlog: don't dereference extlog_l1_addr if it is null Colin King
@ 2015-12-02 12:12 ` Borislav Petkov
0 siblings, 0 replies; 2+ messages in thread
From: Borislav Petkov @ 2015-12-02 12:12 UTC (permalink / raw)
To: Colin King
Cc: Rafael J . Wysocki, Len Brown, linux-acpi, linux-kernel,
Chen, Gong, Tony Luck
CCing authors too.
On Wed, Dec 02, 2015 at 11:58:28AM +0000, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
>
> There is a check to see if extlog_l1_addr is null before calling
> acpi_os_unmap_iomem, however, before that call there is a
> dereference on this that could trip an oops. Move the
> extlog_l1_addr dereference so it occurs only if it is not null.
>
> Found by static analysis by smatch.
>
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
> drivers/acpi/acpi_extlog.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/acpi/acpi_extlog.c b/drivers/acpi/acpi_extlog.c
> index b3842ff..183b7b2 100644
> --- a/drivers/acpi/acpi_extlog.c
> +++ b/drivers/acpi/acpi_extlog.c
> @@ -309,9 +309,10 @@ static void __exit extlog_exit(void)
> {
> set_edac_report_status(old_edac_report_status);
> mce_unregister_decode_chain(&extlog_mce_dec);
> - ((struct extlog_l1_head *)extlog_l1_addr)->flags &= ~FLAG_OS_OPTIN;
> - if (extlog_l1_addr)
> + if (extlog_l1_addr) {
> + ((struct extlog_l1_head *)extlog_l1_addr)->flags &= ~FLAG_OS_OPTIN;
> acpi_os_unmap_iomem(extlog_l1_addr, l1_size);
> + }
> if (elog_addr)
> acpi_os_unmap_iomem(elog_addr, elog_size);
> release_mem_region(elog_base, elog_size);
> --
> 2.6.2
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
--
Regards/Gruss,
Boris.
ECO tip #101: Trim your mails when you reply.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-12-02 12:12 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-12-02 11:58 [PATCH] ACPI / extlog: don't dereference extlog_l1_addr if it is null Colin King
2015-12-02 12:12 ` Borislav Petkov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).