linux_dsm_epyc7002/drivers/pci/hotplug
Rafael J. Wysocki 1aaac07112 ACPI / hotplug / PCI: Fix NULL pointer dereference in cleanup_bridge()
After commit bbd34fc (ACPI / hotplug / PCI: Register all devices
under the given bridge) register_slot() is called for all PCI
devices under a given bridge that have corresponding objects in
the ACPI namespace, but it calls acpiphp_register_hotplug_slot()
only for devices satisfying specific criteria.  Still,
cleanup_bridge() calls acpiphp_unregister_hotplug_slot() for all
objects created by register_slot(), although it should only call it
for the ones that acpiphp_register_hotplug_slot() has been called
for (successfully).  This causes a NULL pointer to be dereferenced
by the acpiphp_unregister_hotplug_slot() executed by cleanup_bridge()
if the object it is called for has not been passed to
acpiphp_register_hotplug_slot().

To fix this problem, check if the 'slot' field of the object passed
to acpiphp_unregister_hotplug_slot() in cleanup_bridge() is not NULL,
which only is the case if acpiphp_register_hotplug_slot() has been
executed for that object.  In addition to that, make register_slot()
reset the 'slot' field to NULL if acpiphp_register_hotplug_slot() has
failed for the given object to prevent stale pointers from being
used by acpiphp_unregister_hotplug_slot().

Reported-and-tested-by: Yinghai Lu <yinghai@kernel.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2013-08-17 22:16:33 +02:00
..
acpi_pcihp.c module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
acpiphp_core.c ACPI / hotplug / PCI: Consolidate slot disabling and ejecting 2013-07-23 04:00:25 +02:00
acpiphp_glue.c ACPI / hotplug / PCI: Fix NULL pointer dereference in cleanup_bridge() 2013-08-17 22:16:33 +02:00
acpiphp_ibm.c ACPI / hotplug / PCI: Drop sun field from struct acpiphp_slot 2013-07-23 04:00:22 +02:00
acpiphp.h ACPI / hotplug / PCI: Get rid of unused constants in acpiphp.h 2013-07-23 04:00:27 +02:00
cpci_hotplug_core.c PCI: hotplug: ensure a consistent return value in error case 2012-07-16 09:25:56 -06:00
cpci_hotplug_pci.c PCI: cpcihp: Iterate over all devices in slot, not functions 0-7 2013-01-25 09:23:08 -07:00
cpci_hotplug.h PCI: Remove "extern" from function declarations 2013-04-17 10:21:17 -06:00
cpcihp_generic.c PCI/cpcihp: Use hotplug-safe pci_get_domain_bus_and_slot() 2012-09-12 14:13:59 -06:00
cpcihp_zt5550.c PCI: Remove __dev* markings 2012-11-28 13:16:47 -08:00
cpcihp_zt5550.h
cpqphp_core.c PCI: hotplug: ensure a consistent return value in error case 2012-07-16 09:25:56 -06:00
cpqphp_ctrl.c PCI: cpqphp: Cleanup and remove unreachable paths 2013-01-07 11:34:04 -07:00
cpqphp_nvram.c PCI Hotplug: cpqphp: fix comment style 2009-06-11 12:04:08 -07:00
cpqphp_nvram.h PCI: Remove "extern" from function declarations 2013-04-17 10:21:17 -06:00
cpqphp_pci.c PCI: cpqhp: use generic pci_hp_add_bridge() 2012-06-13 15:42:26 -06:00
cpqphp_sysfs.c cpqphp_sysfs: switch to fixed_size_llseek() 2013-06-29 12:57:52 +04:00
cpqphp.h PCI: Remove "extern" from function declarations 2013-04-17 10:21:17 -06:00
ibmphp_core.c PCI changes for the 3.6 merge window: 2012-07-24 16:17:07 -07:00
ibmphp_ebda.c pci: hotplug: Fix typo in pci 2012-07-24 12:59:30 +02:00
ibmphp_hpc.c PCI hotplug: ibmphp-hpc: semaphore cleanup 2010-10-15 13:09:48 -07:00
ibmphp_pci.c pci: hotplug: Fix typo in pci 2012-07-24 12:59:30 +02:00
ibmphp_res.c ibmphp: Rename add_range() to add_bus_range() to avoid conflict 2010-02-10 17:45:09 -08:00
ibmphp.h PCI: Remove "extern" from function declarations 2013-04-17 10:21:17 -06:00
Kconfig Finally eradicate CONFIG_HOTPLUG 2013-06-03 14:20:18 -07:00
Makefile s390/pci: PCI hotplug support via SCLP 2012-11-30 17:47:25 +01:00
pci_hotplug_core.c PCI: Remove __must_check from definitions 2013-04-17 10:20:58 -06:00
pciehp_acpi.c PCI: Use PCI_EXP_SLTCAP_PSN mask when extracting slot number 2013-04-15 14:30:44 -06:00
pciehp_core.c PCI changes for the v3.9 merge window: 2013-02-25 21:18:18 -08:00
pciehp_ctrl.c PCI: pciehp: Use per-slot workqueues to avoid deadlock 2013-01-12 13:56:33 -07:00
pciehp_hpc.c drivers: avoid format strings in names passed to alloc_workqueue() 2013-07-03 16:07:41 -07:00
pciehp_pci.c PCI: pciehp: Iterate over all devices in slot, not functions 0-7 2013-01-25 09:21:10 -07:00
pciehp.h PCI: Remove "extern" from function declarations 2013-04-17 10:21:17 -06:00
pcihp_skeleton.c PCI: hotplug: ensure a consistent return value in error case 2012-07-16 09:25:56 -06:00
pcihp_slot.c PCI/hotplug: Use PCI Express Capability accessors 2012-08-23 10:11:11 -06:00
rpadlpar_core.c powerpc/eeh: Remove EEH PE for normal PCI hotplug 2012-09-18 15:32:23 +10:00
rpadlpar_sysfs.c PCI: introduce pci_slot 2008-06-10 14:37:03 -07:00
rpadlpar.h PCI: Remove "extern" from function declarations 2013-04-17 10:21:17 -06:00
rpaphp_core.c module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
rpaphp_pci.c PCI hotplug: rpaphp: make debug var unique 2008-10-20 10:54:27 -07:00
rpaphp_slot.c headers: kobject.h redux 2011-01-10 08:51:44 -08:00
rpaphp.h PCI: Remove "extern" from function declarations 2013-04-17 10:21:17 -06:00
s390_pci_hpc.c s390/pci: remove pdev during unplug 2013-06-26 21:10:08 +02:00
sgi_hotplug.c PCI changes for the v3.9 merge window: 2013-02-25 21:18:18 -08:00
shpchp_core.c drivers: avoid format strings in names passed to alloc_workqueue() 2013-07-03 16:07:41 -07:00
shpchp_ctrl.c PCI: shpchp: Use per-slot workqueues to avoid deadlock 2013-01-14 10:23:22 -07:00
shpchp_hpc.c PCI hotplug: shpchp: don't blindly claim non-AMD 0x7450 device IDs 2011-11-14 09:43:14 -08:00
shpchp_pci.c PCI: shpchp: Iterate over all devices in slot, not functions 0-7 2013-01-25 09:23:08 -07:00
shpchp_sysfs.c PCI: Remove __must_check from definitions 2013-04-17 10:20:58 -06:00
shpchp.h PCI: Remove "extern" from function declarations 2013-04-17 10:21:17 -06:00