From: Toshi Kani Date: Fri, 26 Oct 2012 11:38:57 +0000 (+0200) Subject: ACPI: Fix stale pointer access to flags.lockable X-Git-Tag: v3.12-rc1~1849^2~1^2~35 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=b3c450c38075f414077e58439cff6bdce9e47df8;p=kernel%2Fkernel-generic.git ACPI: Fix stale pointer access to flags.lockable During hot-remove, acpi_bus_hot_remove_device() calls ACPI _LCK method when device->flags.lockable is set. However, this device pointer is stale since the target acpi_device object has been already kfree'd by acpi_bus_trim(). The flags.lockable indicates whether or not this ACPI object implements _LCK method. Fix the stable pointer access by replacing it with acpi_get_handle() to check if _LCK is implemented. Signed-off-by: Toshi Kani Reviewed-by: Yasuaki Ishimatsu Signed-off-by: Rafael J. Wysocki --- diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c index 1fcb867..ed87f43 100644 --- a/drivers/acpi/scan.c +++ b/drivers/acpi/scan.c @@ -97,6 +97,7 @@ void acpi_bus_hot_remove_device(void *context) struct acpi_eject_event *ej_event = (struct acpi_eject_event *) context; struct acpi_device *device; acpi_handle handle = ej_event->handle; + acpi_handle temp; struct acpi_object_list arg_list; union acpi_object arg; acpi_status status = AE_OK; @@ -117,13 +118,16 @@ void acpi_bus_hot_remove_device(void *context) goto err_out; } + /* device has been freed */ + device = NULL; + /* power off device */ status = acpi_evaluate_object(handle, "_PS3", NULL, NULL); if (ACPI_FAILURE(status) && status != AE_NOT_FOUND) printk(KERN_WARNING PREFIX "Power-off device failed\n"); - if (device->flags.lockable) { + if (ACPI_SUCCESS(acpi_get_handle(handle, "_LCK", &temp))) { arg_list.count = 1; arg_list.pointer = &arg; arg.type = ACPI_TYPE_INTEGER;