[PATCH] ACPI / memhotplug: Fix a stale pointer in error path

[PATCH] ACPI / memhotplug: Fix a stale pointer in error path

[Toshi Kani]

device->driver_data needs to be cleared when releasing its data,
mem_device, in an error path of acpi_memory_device_add().

Signed-off-by: Toshi Kani <toshi.kani@hp.com>
---
 drivers/acpi/acpi_memhotplug.c |    1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/acpi/acpi_memhotplug.c b/drivers/acpi/acpi_memhotplug.c
index c711d11..999adb5 100644
--- a/drivers/acpi/acpi_memhotplug.c
+++ b/drivers/acpi/acpi_memhotplug.c
@@ -323,6 +323,7 @@ static int acpi_memory_device_add(struct acpi_device *device,
 	/* Get the range from the _CRS */
 	result = acpi_memory_get_device_resources(mem_device);
 	if (result) {
+		device->driver_data = NULL;
 		kfree(mem_device);
 		return result;
 	}

Re: [PATCH] ACPI / memhotplug: Fix a stale pointer in error path

[Yasuaki Ishimatsu]

(2013/07/11 1:47), Toshi Kani wrote:
> device->driver_data needs to be cleared when releasing its data,
> mem_device, in an error path of acpi_memory_device_add().
> 
> Signed-off-by: Toshi Kani <toshi.kani@hp.com>
> ---

Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>

Thanks,
Yasuaki Ishimatsu

>   drivers/acpi/acpi_memhotplug.c |    1 +
>   1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/acpi/acpi_memhotplug.c b/drivers/acpi/acpi_memhotplug.c
> index c711d11..999adb5 100644
> --- a/drivers/acpi/acpi_memhotplug.c
> +++ b/drivers/acpi/acpi_memhotplug.c
> @@ -323,6 +323,7 @@ static int acpi_memory_device_add(struct acpi_device *device,
>   	/* Get the range from the _CRS */
>   	result = acpi_memory_get_device_resources(mem_device);
>   	if (result) {
> +		device->driver_data = NULL;
>   		kfree(mem_device);
>   		return result;
>   	}
> --
> To unsubscribe from this list: send the line "unsubscribe linux-acpi" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

Re: [PATCH] ACPI / memhotplug: Fix a stale pointer in error path

[Yasuaki Ishimatsu]

(2013/07/11 1:47), Toshi Kani wrote:
> device->driver_data needs to be cleared when releasing its data,
> mem_device, in an error path of acpi_memory_device_add().
> 
> Signed-off-by: Toshi Kani <toshi.kani@hp.com>
> ---

Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>

Thanks,
Yasuaki Ishimatsu

>   drivers/acpi/acpi_memhotplug.c |    1 +
>   1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/acpi/acpi_memhotplug.c b/drivers/acpi/acpi_memhotplug.c
> index c711d11..999adb5 100644
> --- a/drivers/acpi/acpi_memhotplug.c
> +++ b/drivers/acpi/acpi_memhotplug.c
> @@ -323,6 +323,7 @@ static int acpi_memory_device_add(struct acpi_device *device,
>   	/* Get the range from the _CRS */
>   	result = acpi_memory_get_device_resources(mem_device);
>   	if (result) {
> +		device->driver_data = NULL;
>   		kfree(mem_device);
>   		return result;
>   	}
> --
> To unsubscribe from this list: send the line "unsubscribe linux-acpi" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

Re: [PATCH] ACPI / memhotplug: Fix a stale pointer in error path

[Toshi Kani]

On Fri, 2013-07-12 at 09:24 +0900, Yasuaki Ishimatsu wrote:
> (2013/07/11 1:47), Toshi Kani wrote:
> > device->driver_data needs to be cleared when releasing its data,
> > mem_device, in an error path of acpi_memory_device_add().
> > 
> > Signed-off-by: Toshi Kani <toshi.kani@hp.com>
> > ---
> 
> Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>

Thanks Yasuaki!
-Toshi



> 
> Thanks,
> Yasuaki Ishimatsu
> 
> >   drivers/acpi/acpi_memhotplug.c |    1 +
> >   1 file changed, 1 insertion(+)
> > 
> > diff --git a/drivers/acpi/acpi_memhotplug.c b/drivers/acpi/acpi_memhotplug.c
> > index c711d11..999adb5 100644
> > --- a/drivers/acpi/acpi_memhotplug.c
> > +++ b/drivers/acpi/acpi_memhotplug.c
> > @@ -323,6 +323,7 @@ static int acpi_memory_device_add(struct acpi_device *device,
> >   	/* Get the range from the _CRS */
> >   	result = acpi_memory_get_device_resources(mem_device);
> >   	if (result) {
> > +		device->driver_data = NULL;
> >   		kfree(mem_device);
> >   		return result;
> >   	}
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-acpi" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> > 
> 
> 

Re: [PATCH] ACPI / memhotplug: Fix a stale pointer in error path

[Rafael J. Wysocki]

On Friday, July 12, 2013 08:51:29 AM Toshi Kani wrote:
> On Fri, 2013-07-12 at 09:24 +0900, Yasuaki Ishimatsu wrote:
> > (2013/07/11 1:47), Toshi Kani wrote:
> > > device->driver_data needs to be cleared when releasing its data,
> > > mem_device, in an error path of acpi_memory_device_add().
> > > 
> > > Signed-off-by: Toshi Kani <toshi.kani@hp.com>
> > > ---
> > 
> > Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
> 
> Thanks Yasuaki!

Queued up as a fix for 3.11.

Do we need that in -stable as well?

Rafael


> > 
> > >   drivers/acpi/acpi_memhotplug.c |    1 +
> > >   1 file changed, 1 insertion(+)
> > > 
> > > diff --git a/drivers/acpi/acpi_memhotplug.c b/drivers/acpi/acpi_memhotplug.c
> > > index c711d11..999adb5 100644
> > > --- a/drivers/acpi/acpi_memhotplug.c
> > > +++ b/drivers/acpi/acpi_memhotplug.c
> > > @@ -323,6 +323,7 @@ static int acpi_memory_device_add(struct acpi_device *device,
> > >   	/* Get the range from the _CRS */
> > >   	result = acpi_memory_get_device_resources(mem_device);
> > >   	if (result) {
> > > +		device->driver_data = NULL;
> > >   		kfree(mem_device);
> > >   		return result;
> > >   	}
> > > --
> > > To unsubscribe from this list: send the line "unsubscribe linux-acpi" in
> > > the body of a message to majordomo@vger.kernel.org
> > > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> > > 
> > 
> > 
> 
> 
-- 
I speak only for myself.
Rafael J. Wysocki, Intel Open Source Technology Center.

Re: [PATCH] ACPI / memhotplug: Fix a stale pointer in error path

[Toshi Kani]

On Fri, 2013-07-12 at 22:42 +0200, Rafael J. Wysocki wrote:
> On Friday, July 12, 2013 08:51:29 AM Toshi Kani wrote:
> > On Fri, 2013-07-12 at 09:24 +0900, Yasuaki Ishimatsu wrote:
> > > (2013/07/11 1:47), Toshi Kani wrote:
> > > > device->driver_data needs to be cleared when releasing its data,
> > > > mem_device, in an error path of acpi_memory_device_add().
> > > > 
> > > > Signed-off-by: Toshi Kani <toshi.kani@hp.com>
> > > > ---
> > > 
> > > Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
> > 
> > Thanks Yasuaki!
> 
> Queued up as a fix for 3.11.

Thanks!

> Do we need that in -stable as well?

Good point.  Yes, we need that in -stable as well.

-Toshi


> Rafael
> 
> 
> > > 
> > > >   drivers/acpi/acpi_memhotplug.c |    1 +
> > > >   1 file changed, 1 insertion(+)
> > > > 
> > > > diff --git a/drivers/acpi/acpi_memhotplug.c b/drivers/acpi/acpi_memhotplug.c
> > > > index c711d11..999adb5 100644
> > > > --- a/drivers/acpi/acpi_memhotplug.c
> > > > +++ b/drivers/acpi/acpi_memhotplug.c
> > > > @@ -323,6 +323,7 @@ static int acpi_memory_device_add(struct acpi_device *device,
> > > >   	/* Get the range from the _CRS */
> > > >   	result = acpi_memory_get_device_resources(mem_device);
> > > >   	if (result) {
> > > > +		device->driver_data = NULL;
> > > >   		kfree(mem_device);
> > > >   		return result;
> > > >   	}
> > > > --
> > > > To unsubscribe from this list: send the line "unsubscribe linux-acpi" in
> > > > the body of a message to majordomo@vger.kernel.org
> > > > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> > > > 
> > > 
> > > 
> > 
> > 

Re: [PATCH] ACPI / memhotplug: Fix a stale pointer in error path

[Toshi Kani]

On Fri, 2013-07-12 at 23:13 +0200, Rafael J. Wysocki wrote:
> On Friday, July 12, 2013 03:01:15 PM Toshi Kani wrote:
> > On Fri, 2013-07-12 at 22:42 +0200, Rafael J. Wysocki wrote:
> > > On Friday, July 12, 2013 08:51:29 AM Toshi Kani wrote:
> > > > On Fri, 2013-07-12 at 09:24 +0900, Yasuaki Ishimatsu wrote:
> > > > > (2013/07/11 1:47), Toshi Kani wrote:
> > > > > > device->driver_data needs to be cleared when releasing its data,
> > > > > > mem_device, in an error path of acpi_memory_device_add().
> > > > > > 
> > > > > > Signed-off-by: Toshi Kani <toshi.kani@hp.com>
> > > > > > ---
> > > > > 
> > > > > Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
> > > > 
> > > > Thanks Yasuaki!
> > > 
> > > Queued up as a fix for 3.11.
> > 
> > Thanks!
> > 
> > > Do we need that in -stable as well?
> > 
> > Good point.  Yes, we need that in -stable as well.
> 
> What's the oldest mainline major release that fix is applicable to?

The fix is applicable all ways up to 2.6.32.

Thanks,
-Toshi


> 
> Rafael
> 
> 
> > > > > >   drivers/acpi/acpi_memhotplug.c |    1 +
> > > > > >   1 file changed, 1 insertion(+)
> > > > > > 
> > > > > > diff --git a/drivers/acpi/acpi_memhotplug.c b/drivers/acpi/acpi_memhotplug.c
> > > > > > index c711d11..999adb5 100644
> > > > > > --- a/drivers/acpi/acpi_memhotplug.c
> > > > > > +++ b/drivers/acpi/acpi_memhotplug.c
> > > > > > @@ -323,6 +323,7 @@ static int acpi_memory_device_add(struct acpi_device *device,
> > > > > >   	/* Get the range from the _CRS */
> > > > > >   	result = acpi_memory_get_device_resources(mem_device);
> > > > > >   	if (result) {
> > > > > > +		device->driver_data = NULL;
> > > > > >   		kfree(mem_device);
> > > > > >   		return result;
> > > > > >   	}
> > > > > > --
> > > > > > To unsubscribe from this list: send the line "unsubscribe linux-acpi" in
> > > > > > the body of a message to majordomo@vger.kernel.org
> > > > > > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> > > > > > 
> > > > > 
> > > > > 
> > > > 
> > > > 
> > 
> > 

Re: [PATCH] ACPI / memhotplug: Fix a stale pointer in error path

[Rafael J. Wysocki]

On Friday, July 12, 2013 03:01:15 PM Toshi Kani wrote:
> On Fri, 2013-07-12 at 22:42 +0200, Rafael J. Wysocki wrote:
> > On Friday, July 12, 2013 08:51:29 AM Toshi Kani wrote:
> > > On Fri, 2013-07-12 at 09:24 +0900, Yasuaki Ishimatsu wrote:
> > > > (2013/07/11 1:47), Toshi Kani wrote:
> > > > > device->driver_data needs to be cleared when releasing its data,
> > > > > mem_device, in an error path of acpi_memory_device_add().
> > > > > 
> > > > > Signed-off-by: Toshi Kani <toshi.kani@hp.com>
> > > > > ---
> > > > 
> > > > Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
> > > 
> > > Thanks Yasuaki!
> > 
> > Queued up as a fix for 3.11.
> 
> Thanks!
> 
> > Do we need that in -stable as well?
> 
> Good point.  Yes, we need that in -stable as well.

What's the oldest mainline major release that fix is applicable to?

Rafael


> > > > >   drivers/acpi/acpi_memhotplug.c |    1 +
> > > > >   1 file changed, 1 insertion(+)
> > > > > 
> > > > > diff --git a/drivers/acpi/acpi_memhotplug.c b/drivers/acpi/acpi_memhotplug.c
> > > > > index c711d11..999adb5 100644
> > > > > --- a/drivers/acpi/acpi_memhotplug.c
> > > > > +++ b/drivers/acpi/acpi_memhotplug.c
> > > > > @@ -323,6 +323,7 @@ static int acpi_memory_device_add(struct acpi_device *device,
> > > > >   	/* Get the range from the _CRS */
> > > > >   	result = acpi_memory_get_device_resources(mem_device);
> > > > >   	if (result) {
> > > > > +		device->driver_data = NULL;
> > > > >   		kfree(mem_device);
> > > > >   		return result;
> > > > >   	}
> > > > > --
> > > > > To unsubscribe from this list: send the line "unsubscribe linux-acpi" in
> > > > > the body of a message to majordomo@vger.kernel.org
> > > > > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> > > > > 
> > > > 
> > > > 
> > > 
> > > 
> 
> 
-- 
I speak only for myself.
Rafael J. Wysocki, Intel Open Source Technology Center.

Re: [PATCH] ACPI / memhotplug: Fix a stale pointer in error path

[Rafael J. Wysocki]

On Friday, July 12, 2013 03:12:24 PM Toshi Kani wrote:
> On Fri, 2013-07-12 at 23:13 +0200, Rafael J. Wysocki wrote:
> > On Friday, July 12, 2013 03:01:15 PM Toshi Kani wrote:
> > > On Fri, 2013-07-12 at 22:42 +0200, Rafael J. Wysocki wrote:
> > > > On Friday, July 12, 2013 08:51:29 AM Toshi Kani wrote:
> > > > > On Fri, 2013-07-12 at 09:24 +0900, Yasuaki Ishimatsu wrote:
> > > > > > (2013/07/11 1:47), Toshi Kani wrote:
> > > > > > > device->driver_data needs to be cleared when releasing its data,
> > > > > > > mem_device, in an error path of acpi_memory_device_add().
> > > > > > > 
> > > > > > > Signed-off-by: Toshi Kani <toshi.kani@hp.com>
> > > > > > > ---
> > > > > > 
> > > > > > Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
> > > > > 
> > > > > Thanks Yasuaki!
> > > > 
> > > > Queued up as a fix for 3.11.
> > > 
> > > Thanks!
> > > 
> > > > Do we need that in -stable as well?
> > > 
> > > Good point.  Yes, we need that in -stable as well.
> > 
> > What's the oldest mainline major release that fix is applicable to?
> 
> The fix is applicable all ways up to 2.6.32.

For -stable I'll need to say some more about what practical consequences of
the bug are.  Is it difficult to trigger?

Rafael


> > > > > > >   drivers/acpi/acpi_memhotplug.c |    1 +
> > > > > > >   1 file changed, 1 insertion(+)
> > > > > > > 
> > > > > > > diff --git a/drivers/acpi/acpi_memhotplug.c b/drivers/acpi/acpi_memhotplug.c
> > > > > > > index c711d11..999adb5 100644
> > > > > > > --- a/drivers/acpi/acpi_memhotplug.c
> > > > > > > +++ b/drivers/acpi/acpi_memhotplug.c
> > > > > > > @@ -323,6 +323,7 @@ static int acpi_memory_device_add(struct acpi_device *device,
> > > > > > >   	/* Get the range from the _CRS */
> > > > > > >   	result = acpi_memory_get_device_resources(mem_device);
> > > > > > >   	if (result) {
> > > > > > > +		device->driver_data = NULL;
> > > > > > >   		kfree(mem_device);
> > > > > > >   		return result;
> > > > > > >   	}
> > > > > > > --
> > > > > > > To unsubscribe from this list: send the line "unsubscribe linux-acpi" in
> > > > > > > the body of a message to majordomo@vger.kernel.org
> > > > > > > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> > > > > > > 
> > > > > > 
> > > > > > 
> > > > > 
> > > > > 
> > > 
> > > 
> 
> 
-- 
I speak only for myself.
Rafael J. Wysocki, Intel Open Source Technology Center.

Re: [PATCH] ACPI / memhotplug: Fix a stale pointer in error path

[Toshi Kani]

On Fri, 2013-07-12 at 23:40 +0200, Rafael J. Wysocki wrote:
> On Friday, July 12, 2013 03:12:24 PM Toshi Kani wrote:
> > On Fri, 2013-07-12 at 23:13 +0200, Rafael J. Wysocki wrote:
> > > On Friday, July 12, 2013 03:01:15 PM Toshi Kani wrote:
> > > > On Fri, 2013-07-12 at 22:42 +0200, Rafael J. Wysocki wrote:
> > > > > On Friday, July 12, 2013 08:51:29 AM Toshi Kani wrote:
> > > > > > On Fri, 2013-07-12 at 09:24 +0900, Yasuaki Ishimatsu wrote:
> > > > > > > (2013/07/11 1:47), Toshi Kani wrote:
> > > > > > > > device->driver_data needs to be cleared when releasing its data,
> > > > > > > > mem_device, in an error path of acpi_memory_device_add().
> > > > > > > > 
> > > > > > > > Signed-off-by: Toshi Kani <toshi.kani@hp.com>
> > > > > > > > ---
> > > > > > > 
> > > > > > > Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
> > > > > > 
> > > > > > Thanks Yasuaki!
> > > > > 
> > > > > Queued up as a fix for 3.11.
> > > > 
> > > > Thanks!
> > > > 
> > > > > Do we need that in -stable as well?
> > > > 
> > > > Good point.  Yes, we need that in -stable as well.
> > > 
> > > What's the oldest mainline major release that fix is applicable to?
> > 
> > The fix is applicable all ways up to 2.6.32.
> 
> For -stable I'll need to say some more about what practical consequences of
> the bug are.  Is it difficult to trigger?

The function evaluates _CRS of memory device objects, and fails when it
gets an unexpected resource or cannot allocate a memory.  A kernel crash
or data corruption may occur when the kernel accessed a stale pointer.
That said, I am not sure how critical this issue is for old kernels
since I do not think there are many platforms that support memory
hotplug today.  After reading the recent -stable discussion on LKML, now
I am not sure if this fix should be applied for -stable.  I instrumented
the kernel to generate an error for testing this change.
 
Thanks,
-Toshi


> 
> Rafael
> 
> 
> > > > > > > >   drivers/acpi/acpi_memhotplug.c |    1 +
> > > > > > > >   1 file changed, 1 insertion(+)
> > > > > > > > 
> > > > > > > > diff --git a/drivers/acpi/acpi_memhotplug.c b/drivers/acpi/acpi_memhotplug.c
> > > > > > > > index c711d11..999adb5 100644
> > > > > > > > --- a/drivers/acpi/acpi_memhotplug.c
> > > > > > > > +++ b/drivers/acpi/acpi_memhotplug.c
> > > > > > > > @@ -323,6 +323,7 @@ static int acpi_memory_device_add(struct acpi_device *device,
> > > > > > > >   	/* Get the range from the _CRS */
> > > > > > > >   	result = acpi_memory_get_device_resources(mem_device);
> > > > > > > >   	if (result) {
> > > > > > > > +		device->driver_data = NULL;
> > > > > > > >   		kfree(mem_device);
> > > > > > > >   		return result;
> > > > > > > >   	}
> > > > > > > > --
> > > > > > > > To unsubscribe from this list: send the line "unsubscribe linux-acpi" in
> > > > > > > > the body of a message to majordomo@vger.kernel.org
> > > > > > > > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> > > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > 
> > > > > > 
> > > > 
> > > > 
> > 
> > 

Re: [PATCH] ACPI / memhotplug: Fix a stale pointer in error path

[Rafael J. Wysocki]

On Friday, July 12, 2013 04:28:36 PM Toshi Kani wrote:
> On Fri, 2013-07-12 at 23:40 +0200, Rafael J. Wysocki wrote:
> > On Friday, July 12, 2013 03:12:24 PM Toshi Kani wrote:
> > > On Fri, 2013-07-12 at 23:13 +0200, Rafael J. Wysocki wrote:
> > > > On Friday, July 12, 2013 03:01:15 PM Toshi Kani wrote:
> > > > > On Fri, 2013-07-12 at 22:42 +0200, Rafael J. Wysocki wrote:
> > > > > > On Friday, July 12, 2013 08:51:29 AM Toshi Kani wrote:
> > > > > > > On Fri, 2013-07-12 at 09:24 +0900, Yasuaki Ishimatsu wrote:
> > > > > > > > (2013/07/11 1:47), Toshi Kani wrote:
> > > > > > > > > device->driver_data needs to be cleared when releasing its data,
> > > > > > > > > mem_device, in an error path of acpi_memory_device_add().
> > > > > > > > > 
> > > > > > > > > Signed-off-by: Toshi Kani <toshi.kani@hp.com>
> > > > > > > > > ---
> > > > > > > > 
> > > > > > > > Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
> > > > > > > 
> > > > > > > Thanks Yasuaki!
> > > > > > 
> > > > > > Queued up as a fix for 3.11.
> > > > > 
> > > > > Thanks!
> > > > > 
> > > > > > Do we need that in -stable as well?
> > > > > 
> > > > > Good point.  Yes, we need that in -stable as well.
> > > > 
> > > > What's the oldest mainline major release that fix is applicable to?
> > > 
> > > The fix is applicable all ways up to 2.6.32.
> > 
> > For -stable I'll need to say some more about what practical consequences of
> > the bug are.  Is it difficult to trigger?
> 
> The function evaluates _CRS of memory device objects, and fails when it
> gets an unexpected resource or cannot allocate a memory.

OK, so this is essentially about surviving unexpected external input, which
I suppose is serious enough.

> A kernel crash
> or data corruption may occur when the kernel accessed a stale pointer.
> That said, I am not sure how critical this issue is for old kernels
> since I do not think there are many platforms that support memory
> hotplug today.

Which doesn't matter.  People may want to run 3.10.y on future hardware too.

> After reading the recent -stable discussion on LKML, now
> I am not sure if this fix should be applied for -stable.

Well, I don't necessarily agree with some things being said there.  I guess
I'll need to say something in that thread. :-)

> I instrumented the kernel to generate an error for testing this change.

OK

Thanks,
Rafael


> > > > > > > > >   drivers/acpi/acpi_memhotplug.c |    1 +
> > > > > > > > >   1 file changed, 1 insertion(+)
> > > > > > > > > 
> > > > > > > > > diff --git a/drivers/acpi/acpi_memhotplug.c b/drivers/acpi/acpi_memhotplug.c
> > > > > > > > > index c711d11..999adb5 100644
> > > > > > > > > --- a/drivers/acpi/acpi_memhotplug.c
> > > > > > > > > +++ b/drivers/acpi/acpi_memhotplug.c
> > > > > > > > > @@ -323,6 +323,7 @@ static int acpi_memory_device_add(struct acpi_device *device,
> > > > > > > > >   	/* Get the range from the _CRS */
> > > > > > > > >   	result = acpi_memory_get_device_resources(mem_device);
> > > > > > > > >   	if (result) {
> > > > > > > > > +		device->driver_data = NULL;
> > > > > > > > >   		kfree(mem_device);
> > > > > > > > >   		return result;
> > > > > > > > >   	}
> > > > > > > > > --
> > > > > > > > > To unsubscribe from this list: send the line "unsubscribe linux-acpi" in
> > > > > > > > > the body of a message to majordomo@vger.kernel.org
> > > > > > > > > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> > > > > > > > > 
> > > > > > > > 
> > > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > 
> > > > > 
> > > 
> > > 
> 
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-acpi" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
-- 
I speak only for myself.
Rafael J. Wysocki, Intel Open Source Technology Center.

Re: [PATCH] ACPI / memhotplug: Fix a stale pointer in error path

[Toshi Kani]

On Sat, 2013-07-13 at 01:53 +0200, Rafael J. Wysocki wrote:
> On Friday, July 12, 2013 04:28:36 PM Toshi Kani wrote:
> > On Fri, 2013-07-12 at 23:40 +0200, Rafael J. Wysocki wrote:
> > > On Friday, July 12, 2013 03:12:24 PM Toshi Kani wrote:
> > > > On Fri, 2013-07-12 at 23:13 +0200, Rafael J. Wysocki wrote:
> > > > > On Friday, July 12, 2013 03:01:15 PM Toshi Kani wrote:
> > > > > > On Fri, 2013-07-12 at 22:42 +0200, Rafael J. Wysocki wrote:
> > > > > > > On Friday, July 12, 2013 08:51:29 AM Toshi Kani wrote:
> > > > > > > > On Fri, 2013-07-12 at 09:24 +0900, Yasuaki Ishimatsu wrote:
> > > > > > > > > (2013/07/11 1:47), Toshi Kani wrote:
> > > > > > > > > > device->driver_data needs to be cleared when releasing its data,
> > > > > > > > > > mem_device, in an error path of acpi_memory_device_add().
> > > > > > > > > > 
> > > > > > > > > > Signed-off-by: Toshi Kani <toshi.kani@hp.com>
> > > > > > > > > > ---
> > > > > > > > > 
> > > > > > > > > Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
> > > > > > > > 
> > > > > > > > Thanks Yasuaki!
> > > > > > > 
> > > > > > > Queued up as a fix for 3.11.
> > > > > > 
> > > > > > Thanks!
> > > > > > 
> > > > > > > Do we need that in -stable as well?
> > > > > > 
> > > > > > Good point.  Yes, we need that in -stable as well.
> > > > > 
> > > > > What's the oldest mainline major release that fix is applicable to?
> > > > 
> > > > The fix is applicable all ways up to 2.6.32.
> > > 
> > > For -stable I'll need to say some more about what practical consequences of
> > > the bug are.  Is it difficult to trigger?
> > 
> > The function evaluates _CRS of memory device objects, and fails when it
> > gets an unexpected resource or cannot allocate a memory.
> 
> OK, so this is essentially about surviving unexpected external input, which
> I suppose is serious enough.
>
> > A kernel crash
> > or data corruption may occur when the kernel accessed a stale pointer.
> > That said, I am not sure how critical this issue is for old kernels
> > since I do not think there are many platforms that support memory
> > hotplug today.
> 
> Which doesn't matter.  People may want to run 3.10.y on future hardware too.

Good point.  Thanks for the clarification!
-Toshi