From: Toshi Kani <toshi.kani@hp.com>
To: "Rafael J. Wysocki" <rjw@sisk.pl>
Cc: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>,
linux-acpi@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] ACPI / memhotplug: Fix a stale pointer in error path
Date: Mon, 15 Jul 2013 10:11:12 -0600 [thread overview]
Message-ID: <1373904672.24916.46.camel@misato.fc.hp.com> (raw)
In-Reply-To: <1628443.pD3ROIrBQn@vostro.rjw.lan>
On Sat, 2013-07-13 at 01:53 +0200, Rafael J. Wysocki wrote:
> On Friday, July 12, 2013 04:28:36 PM Toshi Kani wrote:
> > On Fri, 2013-07-12 at 23:40 +0200, Rafael J. Wysocki wrote:
> > > On Friday, July 12, 2013 03:12:24 PM Toshi Kani wrote:
> > > > On Fri, 2013-07-12 at 23:13 +0200, Rafael J. Wysocki wrote:
> > > > > On Friday, July 12, 2013 03:01:15 PM Toshi Kani wrote:
> > > > > > On Fri, 2013-07-12 at 22:42 +0200, Rafael J. Wysocki wrote:
> > > > > > > On Friday, July 12, 2013 08:51:29 AM Toshi Kani wrote:
> > > > > > > > On Fri, 2013-07-12 at 09:24 +0900, Yasuaki Ishimatsu wrote:
> > > > > > > > > (2013/07/11 1:47), Toshi Kani wrote:
> > > > > > > > > > device->driver_data needs to be cleared when releasing its data,
> > > > > > > > > > mem_device, in an error path of acpi_memory_device_add().
> > > > > > > > > >
> > > > > > > > > > Signed-off-by: Toshi Kani <toshi.kani@hp.com>
> > > > > > > > > > ---
> > > > > > > > >
> > > > > > > > > Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
> > > > > > > >
> > > > > > > > Thanks Yasuaki!
> > > > > > >
> > > > > > > Queued up as a fix for 3.11.
> > > > > >
> > > > > > Thanks!
> > > > > >
> > > > > > > Do we need that in -stable as well?
> > > > > >
> > > > > > Good point. Yes, we need that in -stable as well.
> > > > >
> > > > > What's the oldest mainline major release that fix is applicable to?
> > > >
> > > > The fix is applicable all ways up to 2.6.32.
> > >
> > > For -stable I'll need to say some more about what practical consequences of
> > > the bug are. Is it difficult to trigger?
> >
> > The function evaluates _CRS of memory device objects, and fails when it
> > gets an unexpected resource or cannot allocate a memory.
>
> OK, so this is essentially about surviving unexpected external input, which
> I suppose is serious enough.
>
> > A kernel crash
> > or data corruption may occur when the kernel accessed a stale pointer.
> > That said, I am not sure how critical this issue is for old kernels
> > since I do not think there are many platforms that support memory
> > hotplug today.
>
> Which doesn't matter. People may want to run 3.10.y on future hardware too.
Good point. Thanks for the clarification!
-Toshi
prev parent reply other threads:[~2013-07-15 16:12 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-10 16:47 [PATCH] ACPI / memhotplug: Fix a stale pointer in error path Toshi Kani
2013-07-12 0:24 ` Yasuaki Ishimatsu
2013-07-12 14:51 ` Toshi Kani
2013-07-12 20:42 ` Rafael J. Wysocki
2013-07-12 21:01 ` Toshi Kani
2013-07-12 21:13 ` Rafael J. Wysocki
2013-07-12 21:12 ` Toshi Kani
2013-07-12 21:40 ` Rafael J. Wysocki
2013-07-12 22:28 ` Toshi Kani
2013-07-12 23:53 ` Rafael J. Wysocki
2013-07-15 16:11 ` Toshi Kani [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1373904672.24916.46.camel@misato.fc.hp.com \
--to=toshi.kani@hp.com \
--cc=isimatu.yasuaki@jp.fujitsu.com \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rjw@sisk.pl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox