From mboxrd@z Thu Jan  1 00:00:00 1970
From: Lin Ming <ming.m.lin@intel.com>
Subject: Re: FW: next-20090724: null pointer dereference from
 ibm_find_acpi_device
Date: Mon, 27 Jul 2009 17:03:57 +0800
Message-ID: <1248685437.3166.28.camel@minggr.sh.intel.com>
References: <4911F71203A09E4D9981D27F9D8308582EE836AE@orsmsx503.amr.corp.intel.com>
Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Return-path: <linux-next-owner@vger.kernel.org>
Received: from mga11.intel.com ([192.55.52.93]:39458 "EHLO mga11.intel.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1753539AbZG0JCW (ORCPT <rfc822;linux-next@vger.kernel.org>);
	Mon, 27 Jul 2009 05:02:22 -0400
In-Reply-To: <4911F71203A09E4D9981D27F9D8308582EE836AE@orsmsx503.amr.corp.intel.com>
Sender: linux-next-owner@vger.kernel.org
List-ID: <linux-next.vger.kernel.org>
To: thomas@m3y3r.de
Cc: "Moore, Robert" <robert.moore@intel.com>, Len Brown <len.brown@intel.com>, linux-next@vger.kernel.org

Hi, Thomas

Would you please try below patch?

info->hardware_id.string[sizeof(info->hardware_id.length) - 1] = '\0' is
not needed anymore because acpi_get_object_info already handles it.

        /* Allocate a buffer for the HID */

        hid =
            ACPI_ALLOCATE_ZEROED(sizeof(struct acpica_device_id) +
                                 (acpi_size) length);

And it would cause null pointer deference if info->hardware_id.string is
NULL.

So delete it.

diff --git a/drivers/pci/hotplug/acpiphp_ibm.c b/drivers/pci/hotplug/acpiphp_ibm.c
index a9d926b..e7be66d 100644
--- a/drivers/pci/hotplug/acpiphp_ibm.c
+++ b/drivers/pci/hotplug/acpiphp_ibm.c
@@ -406,7 +406,6 @@ static acpi_status __init ibm_find_acpi_device(acpi_handle handle,
 			__func__, status);
 		return retval;
 	}
-	info->hardware_id.string[sizeof(info->hardware_id.length) - 1] = '\0';
 
 	if (info->current_status && (info->valid & ACPI_VALID_HID) &&
 			(!strcmp(info->hardware_id.string, IBM_HARDWARE_ID1) ||


On Mon, 2009-07-27 at 13:09 +0800, Moore, Robert wrote:
> Lin Ming,
> 
> Can you take a look at this?
> 
> Thanks
> Bob
> 
> 
> -----Original Message-----
> From: Thomas Meyer [mailto:thomas@m3y3r.de] 
> Sent: Sunday, July 26, 2009 3:15 AM
> To: Moore, Robert; Brown, Len; linux-next@vger.kernel.org
> Subject: next-20090724: null pointer dereference from ibm_find_acpi_device
> 
> Hi.
> 
> Probably caused by commit fbe8cddd2d85979d273d7937a2b8a47498694d91.
> 
> See attached screenshot.
>