[PATCH 1/2] ACPI: Fix stale pointer access to flags.lockable

[PATCH 1/2] ACPI: Fix stale pointer access to flags.lockable

[Toshi Kani]

During hot-remove, acpi_bus_hot_remove_device() calls ACPI _LCK
method when device->flags.lockable is set. However, this device
pointer is stale since the target acpi_device object has been
already kfree'd by acpi_bus_trim().

The flags.lockable indicates whether or not this ACPI object
implements _LCK method. Fix the stable pointer access by replacing
it with acpi_get_handle() to check if _LCK is implemented.

Signed-off-by: Toshi Kani <toshi.kani@hp.com>
---
 drivers/acpi/scan.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c
index 1fcb867..ed87f43 100644
--- a/drivers/acpi/scan.c
+++ b/drivers/acpi/scan.c
@@ -97,6 +97,7 @@ void acpi_bus_hot_remove_device(void *context)
 	struct acpi_eject_event *ej_event = (struct acpi_eject_event *) context;
 	struct acpi_device *device;
 	acpi_handle handle = ej_event->handle;
+	acpi_handle temp;
 	struct acpi_object_list arg_list;
 	union acpi_object arg;
 	acpi_status status = AE_OK;
@@ -117,13 +118,16 @@ void acpi_bus_hot_remove_device(void *context)
 		goto err_out;
 	}
 
+	/* device has been freed */
+	device = NULL;
+
 	/* power off device */
 	status = acpi_evaluate_object(handle, "_PS3", NULL, NULL);
 	if (ACPI_FAILURE(status) && status != AE_NOT_FOUND)
 		printk(KERN_WARNING PREFIX
 				"Power-off device failed\n");
 
-	if (device->flags.lockable) {
+	if (ACPI_SUCCESS(acpi_get_handle(handle, "_LCK", &temp))) {
 		arg_list.count = 1;
 		arg_list.pointer = &arg;
 		arg.type = ACPI_TYPE_INTEGER;
-- 
1.7.11.7

[PATCH 2/2] ACPI: Remove unused lockable in acpi_device_flags

[Toshi Kani]

Removed lockable in struct acpi_device_flags since it is no
longer used by any code. acpi_bus_hot_remove_device() cannot
use this flag because acpi_bus_trim() frees up its acpi_device
object. Furthermore, the dock driver calls _LCK method without
using this lockable flag.

Signed-off-by: Toshi Kani <toshi.kani@hp.com>
---
 drivers/acpi/scan.c     | 5 -----
 include/acpi/acpi_bus.h | 3 +--
 2 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c
index ed87f43..19d3d4a 100644
--- a/drivers/acpi/scan.c
+++ b/drivers/acpi/scan.c
@@ -1017,11 +1017,6 @@ static int acpi_bus_get_flags(struct acpi_device *device)
 			device->flags.ejectable = 1;
 	}
 
-	/* Presence of _LCK indicates 'lockable' */
-	status = acpi_get_handle(device->handle, "_LCK", &temp);
-	if (ACPI_SUCCESS(status))
-		device->flags.lockable = 1;
-
 	/* Power resources cannot be power manageable. */
 	if (device->device_type == ACPI_BUS_TYPE_POWER)
 		return 0;
diff --git a/include/acpi/acpi_bus.h b/include/acpi/acpi_bus.h
index 0daa0fb..e8b2877 100644
--- a/include/acpi/acpi_bus.h
+++ b/include/acpi/acpi_bus.h
@@ -144,12 +144,11 @@ struct acpi_device_flags {
 	u32 bus_address:1;
 	u32 removable:1;
 	u32 ejectable:1;
-	u32 lockable:1;
 	u32 suprise_removal_ok:1;
 	u32 power_manageable:1;
 	u32 performance_manageable:1;
 	u32 eject_pending:1;
-	u32 reserved:23;
+	u32 reserved:24;
 };
 
 /* File System */
-- 
1.7.11.7

Re: [PATCH 2/2] ACPI: Remove unused lockable in acpi_device_flags

[Yasuaki Ishimatsu]

2012/10/16 1:34, Toshi Kani wrote:
> Removed lockable in struct acpi_device_flags since it is no
> longer used by any code. acpi_bus_hot_remove_device() cannot
> use this flag because acpi_bus_trim() frees up its acpi_device
> object. Furthermore, the dock driver calls _LCK method without
> using this lockable flag.
> 
> Signed-off-by: Toshi Kani <toshi.kani@hp.com>

Looks good to me.
Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>

> ---
>   drivers/acpi/scan.c     | 5 -----
>   include/acpi/acpi_bus.h | 3 +--
>   2 files changed, 1 insertion(+), 7 deletions(-)
> 
> diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c
> index ed87f43..19d3d4a 100644
> --- a/drivers/acpi/scan.c
> +++ b/drivers/acpi/scan.c
> @@ -1017,11 +1017,6 @@ static int acpi_bus_get_flags(struct acpi_device *device)
>   			device->flags.ejectable = 1;
>   	}
>   
> -	/* Presence of _LCK indicates 'lockable' */
> -	status = acpi_get_handle(device->handle, "_LCK", &temp);
> -	if (ACPI_SUCCESS(status))
> -		device->flags.lockable = 1;
> -
>   	/* Power resources cannot be power manageable. */
>   	if (device->device_type == ACPI_BUS_TYPE_POWER)
>   		return 0;
> diff --git a/include/acpi/acpi_bus.h b/include/acpi/acpi_bus.h
> index 0daa0fb..e8b2877 100644
> --- a/include/acpi/acpi_bus.h
> +++ b/include/acpi/acpi_bus.h
> @@ -144,12 +144,11 @@ struct acpi_device_flags {
>   	u32 bus_address:1;
>   	u32 removable:1;
>   	u32 ejectable:1;
> -	u32 lockable:1;
>   	u32 suprise_removal_ok:1;
>   	u32 power_manageable:1;
>   	u32 performance_manageable:1;
>   	u32 eject_pending:1;
> -	u32 reserved:23;
> +	u32 reserved:24;
>   };
>   
>   /* File System */
> 

Re: [PATCH 2/2] ACPI: Remove unused lockable in acpi_device_flags

[Toshi Kani]

On Wed, 2012-10-17 at 10:26 +0900, Yasuaki Ishimatsu wrote:
> 2012/10/16 1:34, Toshi Kani wrote:
> > Removed lockable in struct acpi_device_flags since it is no
> > longer used by any code. acpi_bus_hot_remove_device() cannot
> > use this flag because acpi_bus_trim() frees up its acpi_device
> > object. Furthermore, the dock driver calls _LCK method without
> > using this lockable flag.
> > 
> > Signed-off-by: Toshi Kani <toshi.kani@hp.com>
> 
> Looks good to me.
> Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>

Thanks Yasuaki for reviewing!
-Toshi


> > ---
> >   drivers/acpi/scan.c     | 5 -----
> >   include/acpi/acpi_bus.h | 3 +--
> >   2 files changed, 1 insertion(+), 7 deletions(-)
> > 
> > diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c
> > index ed87f43..19d3d4a 100644
> > --- a/drivers/acpi/scan.c
> > +++ b/drivers/acpi/scan.c
> > @@ -1017,11 +1017,6 @@ static int acpi_bus_get_flags(struct acpi_device *device)
> >   			device->flags.ejectable = 1;
> >   	}
> >   
> > -	/* Presence of _LCK indicates 'lockable' */
> > -	status = acpi_get_handle(device->handle, "_LCK", &temp);
> > -	if (ACPI_SUCCESS(status))
> > -		device->flags.lockable = 1;
> > -
> >   	/* Power resources cannot be power manageable. */
> >   	if (device->device_type == ACPI_BUS_TYPE_POWER)
> >   		return 0;
> > diff --git a/include/acpi/acpi_bus.h b/include/acpi/acpi_bus.h
> > index 0daa0fb..e8b2877 100644
> > --- a/include/acpi/acpi_bus.h
> > +++ b/include/acpi/acpi_bus.h
> > @@ -144,12 +144,11 @@ struct acpi_device_flags {
> >   	u32 bus_address:1;
> >   	u32 removable:1;
> >   	u32 ejectable:1;
> > -	u32 lockable:1;
> >   	u32 suprise_removal_ok:1;
> >   	u32 power_manageable:1;
> >   	u32 performance_manageable:1;
> >   	u32 eject_pending:1;
> > -	u32 reserved:23;
> > +	u32 reserved:24;
> >   };
> >   
> >   /* File System */
> > 
> 
> 

Re: [PATCH 2/2] ACPI: Remove unused lockable in acpi_device_flags

[Rafael J. Wysocki]

On Wednesday 17 of October 2012 07:56:49 Toshi Kani wrote:
> On Wed, 2012-10-17 at 10:26 +0900, Yasuaki Ishimatsu wrote:
> > 2012/10/16 1:34, Toshi Kani wrote:
> > > Removed lockable in struct acpi_device_flags since it is no
> > > longer used by any code. acpi_bus_hot_remove_device() cannot
> > > use this flag because acpi_bus_trim() frees up its acpi_device
> > > object. Furthermore, the dock driver calls _LCK method without
> > > using this lockable flag.
> > > 
> > > Signed-off-by: Toshi Kani <toshi.kani@hp.com>
> > 
> > Looks good to me.
> > Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
> 
> Thanks Yasuaki for reviewing!

Applied to linux-pm.git/acpi-next as v3.8 material.

Thanks,
Rafael


> > > ---
> > >   drivers/acpi/scan.c     | 5 -----
> > >   include/acpi/acpi_bus.h | 3 +--
> > >   2 files changed, 1 insertion(+), 7 deletions(-)
> > > 
> > > diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c
> > > index ed87f43..19d3d4a 100644
> > > --- a/drivers/acpi/scan.c
> > > +++ b/drivers/acpi/scan.c
> > > @@ -1017,11 +1017,6 @@ static int acpi_bus_get_flags(struct acpi_device *device)
> > >   			device->flags.ejectable = 1;
> > >   	}
> > >   
> > > -	/* Presence of _LCK indicates 'lockable' */
> > > -	status = acpi_get_handle(device->handle, "_LCK", &temp);
> > > -	if (ACPI_SUCCESS(status))
> > > -		device->flags.lockable = 1;
> > > -
> > >   	/* Power resources cannot be power manageable. */
> > >   	if (device->device_type == ACPI_BUS_TYPE_POWER)
> > >   		return 0;
> > > diff --git a/include/acpi/acpi_bus.h b/include/acpi/acpi_bus.h
> > > index 0daa0fb..e8b2877 100644
> > > --- a/include/acpi/acpi_bus.h
> > > +++ b/include/acpi/acpi_bus.h
> > > @@ -144,12 +144,11 @@ struct acpi_device_flags {
> > >   	u32 bus_address:1;
> > >   	u32 removable:1;
> > >   	u32 ejectable:1;
> > > -	u32 lockable:1;
> > >   	u32 suprise_removal_ok:1;
> > >   	u32 power_manageable:1;
> > >   	u32 performance_manageable:1;
> > >   	u32 eject_pending:1;
> > > -	u32 reserved:23;
> > > +	u32 reserved:24;
> > >   };
> > >   
> > >   /* File System */
> > > 
> > 
> > 
> 
> 
> 
-- 
I speak only for myself.
Rafael J. Wysocki, Intel Open Source Technology Center.

Re: [PATCH 2/2] ACPI: Remove unused lockable in acpi_device_flags

[Toshi Kani]

On Thu, 2012-10-25 at 00:08 +0200, Rafael J. Wysocki wrote:
> On Wednesday 17 of October 2012 07:56:49 Toshi Kani wrote:
> > On Wed, 2012-10-17 at 10:26 +0900, Yasuaki Ishimatsu wrote:
> > > 2012/10/16 1:34, Toshi Kani wrote:
> > > > Removed lockable in struct acpi_device_flags since it is no
> > > > longer used by any code. acpi_bus_hot_remove_device() cannot
> > > > use this flag because acpi_bus_trim() frees up its acpi_device
> > > > object. Furthermore, the dock driver calls _LCK method without
> > > > using this lockable flag.
> > > > 
> > > > Signed-off-by: Toshi Kani <toshi.kani@hp.com>
> > > 
> > > Looks good to me.
> > > Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
> > 
> > Thanks Yasuaki for reviewing!
> 
> Applied to linux-pm.git/acpi-next as v3.8 material.

Cool! Thanks Rafael!
-Toshi


> Thanks,
> Rafael

Re: [PATCH 1/2] ACPI: Fix stale pointer access to flags.lockable

[Yasuaki Ishimatsu]

2012/10/16 1:34, Toshi Kani wrote:
> During hot-remove, acpi_bus_hot_remove_device() calls ACPI _LCK
> method when device->flags.lockable is set. However, this device
> pointer is stale since the target acpi_device object has been
> already kfree'd by acpi_bus_trim().
> 
> The flags.lockable indicates whether or not this ACPI object
> implements _LCK method. Fix the stable pointer access by replacing
> it with acpi_get_handle() to check if _LCK is implemented.
> 
> Signed-off-by: Toshi Kani <toshi.kani@hp.com>

Looks good to me.
Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>

> ---
>   drivers/acpi/scan.c | 6 +++++-
>   1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c
> index 1fcb867..ed87f43 100644
> --- a/drivers/acpi/scan.c
> +++ b/drivers/acpi/scan.c
> @@ -97,6 +97,7 @@ void acpi_bus_hot_remove_device(void *context)
>   	struct acpi_eject_event *ej_event = (struct acpi_eject_event *) context;
>   	struct acpi_device *device;
>   	acpi_handle handle = ej_event->handle;
> +	acpi_handle temp;
>   	struct acpi_object_list arg_list;
>   	union acpi_object arg;
>   	acpi_status status = AE_OK;
> @@ -117,13 +118,16 @@ void acpi_bus_hot_remove_device(void *context)
>   		goto err_out;
>   	}
>   
> +	/* device has been freed */
> +	device = NULL;
> +
>   	/* power off device */
>   	status = acpi_evaluate_object(handle, "_PS3", NULL, NULL);
>   	if (ACPI_FAILURE(status) && status != AE_NOT_FOUND)
>   		printk(KERN_WARNING PREFIX
>   				"Power-off device failed\n");
>   
> -	if (device->flags.lockable) {
> +	if (ACPI_SUCCESS(acpi_get_handle(handle, "_LCK", &temp))) {
>   		arg_list.count = 1;
>   		arg_list.pointer = &arg;
>   		arg.type = ACPI_TYPE_INTEGER;
> 

Re: [PATCH 1/2] ACPI: Fix stale pointer access to flags.lockable

[Toshi Kani]

On Wed, 2012-10-17 at 10:25 +0900, Yasuaki Ishimatsu wrote:
> 2012/10/16 1:34, Toshi Kani wrote:
> > During hot-remove, acpi_bus_hot_remove_device() calls ACPI _LCK
> > method when device->flags.lockable is set. However, this device
> > pointer is stale since the target acpi_device object has been
> > already kfree'd by acpi_bus_trim().
> > 
> > The flags.lockable indicates whether or not this ACPI object
> > implements _LCK method. Fix the stable pointer access by replacing
> > it with acpi_get_handle() to check if _LCK is implemented.
> > 
> > Signed-off-by: Toshi Kani <toshi.kani@hp.com>
> 
> Looks good to me.
> Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>

Thanks Yasuaki for reviewing!
-Toshi


> > ---
> >   drivers/acpi/scan.c | 6 +++++-
> >   1 file changed, 5 insertions(+), 1 deletion(-)
> > 
> > diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c
> > index 1fcb867..ed87f43 100644
> > --- a/drivers/acpi/scan.c
> > +++ b/drivers/acpi/scan.c
> > @@ -97,6 +97,7 @@ void acpi_bus_hot_remove_device(void *context)
> >   	struct acpi_eject_event *ej_event = (struct acpi_eject_event *) context;
> >   	struct acpi_device *device;
> >   	acpi_handle handle = ej_event->handle;
> > +	acpi_handle temp;
> >   	struct acpi_object_list arg_list;
> >   	union acpi_object arg;
> >   	acpi_status status = AE_OK;
> > @@ -117,13 +118,16 @@ void acpi_bus_hot_remove_device(void *context)
> >   		goto err_out;
> >   	}
> >   
> > +	/* device has been freed */
> > +	device = NULL;
> > +
> >   	/* power off device */
> >   	status = acpi_evaluate_object(handle, "_PS3", NULL, NULL);
> >   	if (ACPI_FAILURE(status) && status != AE_NOT_FOUND)
> >   		printk(KERN_WARNING PREFIX
> >   				"Power-off device failed\n");
> >   
> > -	if (device->flags.lockable) {
> > +	if (ACPI_SUCCESS(acpi_get_handle(handle, "_LCK", &temp))) {
> >   		arg_list.count = 1;
> >   		arg_list.pointer = &arg;
> >   		arg.type = ACPI_TYPE_INTEGER;
> > 
> 
> 

Re: [PATCH 1/2] ACPI: Fix stale pointer access to flags.lockable

[Rafael J. Wysocki]

On Wednesday 17 of October 2012 07:55:42 Toshi Kani wrote:
> On Wed, 2012-10-17 at 10:25 +0900, Yasuaki Ishimatsu wrote:
> > 2012/10/16 1:34, Toshi Kani wrote:
> > > During hot-remove, acpi_bus_hot_remove_device() calls ACPI _LCK
> > > method when device->flags.lockable is set. However, this device
> > > pointer is stale since the target acpi_device object has been
> > > already kfree'd by acpi_bus_trim().
> > > 
> > > The flags.lockable indicates whether or not this ACPI object
> > > implements _LCK method. Fix the stable pointer access by replacing
> > > it with acpi_get_handle() to check if _LCK is implemented.
> > > 
> > > Signed-off-by: Toshi Kani <toshi.kani@hp.com>
> > 
> > Looks good to me.
> > Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
> 
> Thanks Yasuaki for reviewing!

Applied to linux-pm.git/linux-next as v3.8 material.

Thanks,
Rafael


> > > ---
> > >   drivers/acpi/scan.c | 6 +++++-
> > >   1 file changed, 5 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c
> > > index 1fcb867..ed87f43 100644
> > > --- a/drivers/acpi/scan.c
> > > +++ b/drivers/acpi/scan.c
> > > @@ -97,6 +97,7 @@ void acpi_bus_hot_remove_device(void *context)
> > >   	struct acpi_eject_event *ej_event = (struct acpi_eject_event *) context;
> > >   	struct acpi_device *device;
> > >   	acpi_handle handle = ej_event->handle;
> > > +	acpi_handle temp;
> > >   	struct acpi_object_list arg_list;
> > >   	union acpi_object arg;
> > >   	acpi_status status = AE_OK;
> > > @@ -117,13 +118,16 @@ void acpi_bus_hot_remove_device(void *context)
> > >   		goto err_out;
> > >   	}
> > >   
> > > +	/* device has been freed */
> > > +	device = NULL;
> > > +
> > >   	/* power off device */
> > >   	status = acpi_evaluate_object(handle, "_PS3", NULL, NULL);
> > >   	if (ACPI_FAILURE(status) && status != AE_NOT_FOUND)
> > >   		printk(KERN_WARNING PREFIX
> > >   				"Power-off device failed\n");
> > >   
> > > -	if (device->flags.lockable) {
> > > +	if (ACPI_SUCCESS(acpi_get_handle(handle, "_LCK", &temp))) {
> > >   		arg_list.count = 1;
> > >   		arg_list.pointer = &arg;
> > >   		arg.type = ACPI_TYPE_INTEGER;
> > > 
> > 
> > 
> 
> 
> 
-- 
I speak only for myself.
Rafael J. Wysocki, Intel Open Source Technology Center.