[PATCH 0/1] Fix NULL pointer dereference in ACPI tables parsing code

[PATCH 0/1] Fix NULL pointer dereference in ACPI tables parsing code

[João Paulo Rechi Vita]

Hello ACPI gurus,

I'm experiencing a NULL pointer dereference on acpi_ds_load1_begin_op() from
drivers/acpi/acpica/dswload.c, when running on a Acer Aspire E14 ES1-432-P06A
laptop. Before the kernel panic stack trace, I see the following warnings and
error (sorry for any typos, as I had to manually type this):

ACPI Core revision 20160422
ACPI Warning: Unsupported module-level executable opcode 0x80 at table offset 0x0190 (20160422/psloop-222)
ACPI Warning: Unsupported module-level executable opcode 0x80 at table offset 0x0196 (20160422/psloop-222)
ACPI Error: Unknown opcode 0x03 at table offset 0x0171, ignoring (20160422/psobject-108)

I'm not exactly sure how to map these addresses to the DSDT ASL code, so any
suggestions in that direction or to better understand the whole picture are
appreciated. The disassembled DSDT can be found here:
https://gist.github.com/jprvita/c6373856f6672a06b9031c67e2980bdd, and I can
provide the binary tables if necessary.

The following patch fixes the NULL pointer dereference, and things seem to be
working normally.

João Paulo Rechi Vita (1):
  acpi: Check walk_state->scope_info before dereferencing

 drivers/acpi/acpica/dswload.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

-- 
2.8.1

[PATCH 1/1] acpi: Check walk_state->scope_info before dereferencing

[João Paulo Rechi Vita]

This fixes a NULL pointer derefence on an Acer Aspire E14 ES1-432-P06A.
The IP in the kernel panic trace points to
acpi_ds_load1_begin_op+0xde/0x283, which translates to the dereference
of walk_state->scope_info in that function.
---
 drivers/acpi/acpica/dswload.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/acpi/acpica/dswload.c b/drivers/acpi/acpica/dswload.c
index fd34040..17406ab 100644
--- a/drivers/acpi/acpica/dswload.c
+++ b/drivers/acpi/acpica/dswload.c
@@ -246,7 +246,8 @@ acpi_ds_load1_begin_op(struct acpi_walk_state *walk_state,
 					  acpi_ut_get_type_name(node->type)));
 
 			node->type = ACPI_TYPE_ANY;
-			walk_state->scope_info->common.value = ACPI_TYPE_ANY;
+			if (walk_state->scope_info)
+				walk_state->scope_info->common.value = ACPI_TYPE_ANY;
 			break;
 
 		case ACPI_TYPE_METHOD:
-- 
2.8.1

[PATCH] acpi: Check walk_state->scope_info before dereferencing

[João Paulo Rechi Vita]

This fixes a NULL pointer derefence on an Acer Aspire E14 ES1-432-P06A.
The IP in the kernel panic trace points to
acpi_ds_load1_begin_op+0xde/0x283, which translates to the dereference
of walk_state->scope_info in that function.

Signed-off-by: João Paulo Rechi Vita <jprvita@endlessm.com>
---
 drivers/acpi/acpica/dswload.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/acpi/acpica/dswload.c b/drivers/acpi/acpica/dswload.c
index fd34040..17406ab 100644
--- a/drivers/acpi/acpica/dswload.c
+++ b/drivers/acpi/acpica/dswload.c
@@ -246,7 +246,8 @@ acpi_ds_load1_begin_op(struct acpi_walk_state *walk_state,
 					  acpi_ut_get_type_name(node->type)));
 
 			node->type = ACPI_TYPE_ANY;
-			walk_state->scope_info->common.value = ACPI_TYPE_ANY;
+			if (walk_state->scope_info)
+				walk_state->scope_info->common.value = ACPI_TYPE_ANY;
 			break;
 
 		case ACPI_TYPE_METHOD:
-- 
2.8.1