aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRafael J. Wysocki <rjw@sisk.pl>2009-10-12 19:01:57 -0400
committerLen Brown <len.brown@intel.com>2009-10-13 01:14:53 -0400
commit497fb54f578efd2b479727bc88d5ef942c0a1e2d (patch)
tree02531a0c69b41fa37ffa6f374d7ba81a7c90aedb
parent374576a8b6f865022c0fd1ca62396889b23d66dd (diff)
ACPI / PCI: Fix NULL pointer dereference in acpi_get_pci_dev() (rev. 2)
acpi_get_pci_dev() may be called for a non-PCI device, in which case it should return NULL. However, it assumes that every handle it finds in the ACPI CA name space, between given device handle and the PCI root bridge handle, corresponds to a PCI-to-PCI bridge with an existing secondary bus. For this reason, when it finds a struct pci_dev object corresponding to one of them, it doesn't check if its 'subordinate' field is a valid pointer. This obviously leads to a NULL pointer dereference if acpi_get_pci_dev() is called for a non-PCI device with a PCI parent which is not a bridge. To fix this issue make acpi_get_pci_dev() check if pdev->subordinate is not NULL for every device it finds on the path between the root bridge and the device it's supposed to get to and return NULL if the "target" device cannot be found. http://bugzilla.kernel.org/show_bug.cgi?id=14129 (worked in 2.6.30, regression in 2.6.31) Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Reported-by: Danny Feng <dfeng@redhat.com> Reviewed-by: Alex Chiang <achiang@hp.com> Tested-by: chepioq <chepioq@gmail.com> Signed-off-by: Len Brown <len.brown@intel.com>
-rw-r--r--drivers/acpi/pci_root.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/drivers/acpi/pci_root.c b/drivers/acpi/pci_root.c
index 31122214e0ec..1af808171d46 100644
--- a/drivers/acpi/pci_root.c
+++ b/drivers/acpi/pci_root.c
@@ -389,6 +389,17 @@ struct pci_dev *acpi_get_pci_dev(acpi_handle handle)
389 389
390 pbus = pdev->subordinate; 390 pbus = pdev->subordinate;
391 pci_dev_put(pdev); 391 pci_dev_put(pdev);
392
393 /*
394 * This function may be called for a non-PCI device that has a
395 * PCI parent (eg. a disk under a PCI SATA controller). In that
396 * case pdev->subordinate will be NULL for the parent.
397 */
398 if (!pbus) {
399 dev_dbg(&pdev->dev, "Not a PCI-to-PCI bridge\n");
400 pdev = NULL;
401 break;
402 }
392 } 403 }
393out: 404out:
394 list_for_each_entry_safe(node, tmp, &device_list, node) 405 list_for_each_entry_safe(node, tmp, &device_list, node)