[PATCH 3.11 04/36] ACPICA: Return error if DerefOf resolves to a null package element.

public inbox for stable@vger.kernel.org
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Bob Moore <robert.moore@intel.com>,
	Lv Zheng <lv.zheng@intel.com>,
	"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
Subject: [PATCH 3.11 04/36] ACPICA: Return error if DerefOf resolves to a null package element.
Date: Tue, 26 Nov 2013 10:12:14 -0800	[thread overview]
Message-ID: <20131126181025.967007429@linuxfoundation.org> (raw)
In-Reply-To: <20131126181025.029404973@linuxfoundation.org>

3.11-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Bob Moore <robert.moore@intel.com>

commit a50abf4842dd7d603a2ad6dcc7f1467fd2a66f03 upstream.

Disallow the dereference of a reference (via index) to an uninitialized
package element. Provides compatibility with other ACPI
implementations. ACPICA BZ 1003.

References: https://bugs.acpica.org/show_bug.cgi?id=431
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/acpi/acpica/exoparg1.c |   13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

--- a/drivers/acpi/acpica/exoparg1.c
+++ b/drivers/acpi/acpica/exoparg1.c
@@ -962,10 +962,17 @@ acpi_status acpi_ex_opcode_1A_0T_1R(stru
 					 */
 					return_desc =
 					    *(operand[0]->reference.where);
-					if (return_desc) {
-						acpi_ut_add_reference
-						    (return_desc);
+					if (!return_desc) {
+						/*
+						 * Element is NULL, do not allow the dereference.
+						 * This provides compatibility with other ACPI
+						 * implementations.
+						 */
+						return_ACPI_STATUS
+						    (AE_AML_UNINITIALIZED_ELEMENT);
 					}
+
+					acpi_ut_add_reference(return_desc);
 					break;
 
 				default:

next prev parent reply	other threads:[~2013-11-26 18:12 UTC|newest]

Thread overview: 40+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-11-26 18:12 [PATCH 3.11 00/36] 3.11.10-stable review Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 01/36] ACPICA: DeRefOf operator: Update to fully resolve FieldUnit and BufferField refs Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 02/36] libertas: potential oops in debugfs Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 03/36] aacraid: prevent invalid pointer dereference Greg Kroah-Hartman
2013-11-26 18:12 ` Greg Kroah-Hartman [this message]
2013-11-26 18:12 ` [PATCH 3.11 05/36] ACPICA: Fix for a Store->ArgX when ArgX contains a reference to a field Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 06/36] USB: mos7840: fix tiocmget error handling Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 07/36] can: kvaser_usb: fix usb endpoints detection Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 08/36] Btrfs: relocate csums properly with prealloc extents Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 09/36] crypto: ansi_cprng - Fix off by one error in non-block size request Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 10/36] crypto: s390 - Fix aes-cbc IV corruption Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 11/36] can: c_can: Fix RX message handling, handle lost message before EOB Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 12/36] alx: Reset phy speed after resume Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 13/36] ipc,shm: correct error return value in shmctl (SHM_UNLOCK) Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 14/36] ipc,shm: fix shm_file deletion races Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 15/36] drm/nvc0-/gr: fix a number of missing explicit array terminators Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 16/36] thinkpad_acpi: Fix build error when CONFIG_SND_MAX_CARDS > 32 Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 17/36] SUNRPC: dont map EKEYEXPIRED to EACCES in call_refreshresult Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 18/36] sched, idle: Fix the idle polling state logic Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 19/36] PCI: Allow PCIe Capability link-related register access for switches Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 20/36] PCI: Remove PCIe Capability version checks Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 21/36] PCI: Support PCIe Capability Slot registers only for ports with slots Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 22/36] perf/ftrace: Fix paranoid level for enabling function tracer Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 23/36] ACPI / EC: Ensure lock is acquired before accessing ec struct members Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 24/36] ACPI / video: Quirk initial backlight level 0 Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 25/36] ACPI / hotplug: Fix handle_root_bridge_removal() Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 26/36] ACPI / hotplug: Do not execute "insert in progress" _OST Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 27/36] Staging: zram: Fix access of NULL pointer Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 28/36] staging: comedi: avoid memleak for subdevice private Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 29/36] Drivers: hv: vmbus: Fix a bug in channel rescind code Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 30/36] rt2x00: fix a crash bug in the HT descriptor handling fix Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 31/36] rt2x00: check if device is still available on rt2x00mac_flush() Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 32/36] rt2x00: rt2800lib: fix VGC adjustment for RT5592 Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 33/36] rt2x00: fix HT TX descriptor settings regression Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 34/36] Bluetooth: revert: "Bluetooth: Add missing reset_resume dev_pm_ops" Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 35/36] Revert "ima: policy for RAMFS" Greg Kroah-Hartman
2013-11-26 18:12 ` [PATCH 3.11 36/36] exec/ptrace: fix get_dumpable() incorrect tests Greg Kroah-Hartman
2013-11-27  4:12 ` [PATCH 3.11 00/36] 3.11.10-stable review Guenter Roeck
2013-11-27 22:30 ` Shuah Khan
2013-11-28 10:56 ` Satoru Takeuchi

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20131126181025.967007429@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lv.zheng@intel.com \
    --cc=rafael.j.wysocki@intel.com \
    --cc=robert.moore@intel.com \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox