From: "Rafael J. Wysocki" <rjw@sisk.pl>
To: Len Brown <lenb@kernel.org>, Jesse Barnes <jbarnes@virtuousgeek.org>
Cc: chepioq@gmail.com, Alex Chiang <achiang@hp.com>,
Linux PCI <linux-pci@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
ACPI Devel Maling List <linux-acpi@vger.kernel.org>,
Danny Feng <dfeng@redhat.com>,
linux-pm@lists.linux-foundation.org
Subject: [PATCH] ACPI / PCI: Fix NULL pointer dereference in acpi_get_pci_dev() (rev. 2)
Date: Tue, 13 Oct 2009 01:01:57 +0200 [thread overview]
Message-ID: <200910130101.57595.rjw@sisk.pl> (raw)
In-Reply-To: <200910060130.43246.rjw@sisk.pl>
From: Rafael J. Wysocki <rjw@sisk.pl>
acpi_get_pci_dev() may be called for a non-PCI device, in which case
it should return NULL. However, it assumes that every handle it
finds in the ACPI CA name space, between given device handle and the
PCI root bridge handle, corresponds to a PCI-to-PCI bridge with an
existing secondary bus. For this reason, when it finds a struct
pci_dev object corresponding to one of them, it doesn't check if
its 'subordinate' field is a valid pointer. This obviously leads to
a NULL pointer dereference if acpi_get_pci_dev() is called for a
non-PCI device with a PCI parent which is not a bridge.
To fix this issue make acpi_get_pci_dev() check if pdev->subordinate
is not NULL for every device it finds on the path between the root
bridge and the device it's supposed to get to and return NULL if the
"target" device cannot be found.
Fixes http://bugzilla.kernel.org/show_bug.cgi?id=14129, which is a
regression from 2.6.30.
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
---
Jesse, Len,
This is a replacement for the original $subject patch (now in the Len's tree
as commit 5988eaded02e3cca2702f46efc255143468255bd).
The code was correct, but the comment and the changelog were not. Please
use the one below instead.
Thanks,
Rafael
---
drivers/acpi/pci_root.c | 11 +++++++++++
1 file changed, 11 insertions(+)
Index: linux-2.6/drivers/acpi/pci_root.c
===================================================================
--- linux-2.6.orig/drivers/acpi/pci_root.c
+++ linux-2.6/drivers/acpi/pci_root.c
@@ -389,6 +389,17 @@ struct pci_dev *acpi_get_pci_dev(acpi_ha
pbus = pdev->subordinate;
pci_dev_put(pdev);
+
+ /*
+ * This function may be called for a non-PCI device that has a
+ * PCI parent (eg. a disk under a PCI SATA controller). In that
+ * case pdev->subordinate will be NULL for the parent.
+ */
+ if (!pbus) {
+ dev_dbg(&pdev->dev, "Not a PCI-to-PCI bridge\n");
+ pdev = NULL;
+ break;
+ }
}
out:
list_for_each_entry_safe(node, tmp, &device_list, node)
next prev parent reply other threads:[~2009-10-12 23:01 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-05 23:30 [PATCH] ACPI / PCI: Fix NULL pointer dereference in acpi_get_pci_dev() Rafael J. Wysocki
2009-10-05 23:37 ` Alex Chiang
[not found] ` <20091005233759.GB14394@ldl.fc.hp.com>
2009-10-06 0:01 ` Rafael J. Wysocki
2009-10-06 2:41 ` Len Brown
2009-10-12 23:01 ` Rafael J. Wysocki [this message]
2009-10-13 5:16 ` [PATCH] ACPI / PCI: Fix NULL pointer dereference in acpi_get_pci_dev() (rev. 2) Len Brown
2009-10-14 22:41 ` Alex Chiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200910130101.57595.rjw@sisk.pl \
--to=rjw@sisk.pl \
--cc=achiang@hp.com \
--cc=chepioq@gmail.com \
--cc=dfeng@redhat.com \
--cc=jbarnes@virtuousgeek.org \
--cc=lenb@kernel.org \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=linux-pm@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox