From: Hans de Goede <hdegoede@redhat.com>
To: "Rafael J. Wysocki" <rafael@kernel.org>,
Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Cc: "Rafael J . Wysocki" <rjw@rjwysocki.net>,
ACPI Devel Maling List <linux-acpi@vger.kernel.org>
Subject: Re: [PATCH] ACPI: scan: Make acpi_bus_get_device() clear the adev ptr on error
Date: Mon, 18 Jan 2021 17:08:18 +0100 [thread overview]
Message-ID: <9e548c41-fdb0-4b4b-ccc3-81dba39d4904@redhat.com> (raw)
In-Reply-To: <CAJZ5v0gk0ninRntm508SAgzSrRe5gjZ+-e5ac1h-Cx2reVOSfg@mail.gmail.com>
Hi,
On 1/18/21 2:58 PM, Rafael J. Wysocki wrote:
> On Fri, Jan 15, 2021 at 10:59 PM Hans de Goede <hdegoede@redhat.com> wrote:
>>
>> Set the acpi_device pointer which acpi_bus_get_device()
>> returns-by-reference to NULL on error.
>>
>> We've recently had 2 cases where callers of acpi_bus_get_device()
>> did not properly error check the return value, using the
>> returned-by-reference acpi_device pointer blindly, set it to NULL
>> so that this will lead to an immediate oops, rather then following
>> a pointer to who knows what.
>>
>> Signed-off-by: Hans de Goede <hdegoede@redhat.com>
>
> This should fix the crash reported by Pierre-Louis,
Ack, sounds good.
> so let me apply it
> instead of the two debug changes posted by me
> (https://lore.kernel.org/linux-acpi/98e6ed8e-884e-adb4-a146-a66daefa94a7@redhat.com/T/#md5add2fe554a30e3a929d87a66b435f4cc8bf628).
Note we should still fix the USB case, my patch will make failure
there more obvious, but the code can theoretically still dereference
a NULL pointer in drivers/usb/core/usb-acpi.c.
And we probably also want this change:
--- linux-pm.orig/drivers/acpi/scan.c
+++ linux-pm/drivers/acpi/scan.c
@@ -1867,7 +1867,8 @@ static u32 acpi_scan_check_dep(acpi_hand
* 2. ACPI nodes describing USB ports.
* Still, checking for _HID catches more then just these cases ...
*/
- if (!acpi_has_method(handle, "_DEP") || !acpi_has_method(handle, "_HID"))
+ if (!acpi_has_method(handle, "_DEP") || acpi_has_method(handle, "_ADR")
+ || !acpi_has_method(handle, "_HID"))
return 0;
status = acpi_evaluate_reference(handle, "_DEP", NULL, &dep_devices);
To reduce the amount of work we do checking _DEP-s.
If you want I can submit patches for both ?
Regards,
Hans
>
> Pierre-Louis, can you please double check that the issue goes away
> with this patch applied?
>
>> ---
>> drivers/acpi/scan.c | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c
>> index c575c9b67f76..c53e88deee1d 100644
>> --- a/drivers/acpi/scan.c
>> +++ b/drivers/acpi/scan.c
>> @@ -585,6 +585,8 @@ static int acpi_get_device_data(acpi_handle handle, struct acpi_device **device,
>> if (!device)
>> return -EINVAL;
>>
>> + *device = NULL;
>> +
>> status = acpi_get_data_full(handle, acpi_scan_drop_device,
>> (void **)device, callback);
>> if (ACPI_FAILURE(status) || !*device) {
>> --
>> 2.28.0
>>
>
next prev parent reply other threads:[~2021-01-18 16:11 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-15 21:57 [PATCH] ACPI: scan: Make acpi_bus_get_device() clear the adev ptr on error Hans de Goede
2021-01-18 13:58 ` Rafael J. Wysocki
2021-01-18 16:08 ` Hans de Goede [this message]
2021-01-18 16:21 ` Rafael J. Wysocki
2021-01-18 16:23 ` Hans de Goede
2021-01-19 15:41 ` Pierre-Louis Bossart
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9e548c41-fdb0-4b4b-ccc3-81dba39d4904@redhat.com \
--to=hdegoede@redhat.com \
--cc=linux-acpi@vger.kernel.org \
--cc=pierre-louis.bossart@linux.intel.com \
--cc=rafael@kernel.org \
--cc=rjw@rjwysocki.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).