acpi_rs_get_list_length() needs to account for all the vendor-defined
data bytes. Failing to include these causes buffers to be sized too
small, which causes slab corruption when we later convert AML to
resources and run off the end of the buffer.
I'm no expert on this code, so please scrutinize this carefully.
This causes slab corruption on machines that use ACPI vendor-defined
resources. All HP ia64 machines do, and I'm told that some NEC
machines may as well. So if the fix is correct, it would be good
to have it in 2.6.16.
Signed-off-by: Bjorn Helgaas <[EMAIL PROTECTED]>
Index: work-mm4/drivers/acpi/resources/rscalc.c
===================================================================
--- work-mm4.orig/drivers/acpi/resources/rscalc.c 2006-02-14
13:32:50.000000000 -0700
+++ work-mm4/drivers/acpi/resources/rscalc.c 2006-02-14 13:33:25.000000000
-0700
@@ -391,8 +391,7 @@
* Ensure a 32-bit boundary for the structure
*/
extra_struct_bytes =
- ACPI_ROUND_UP_to_32_bITS(resource_length) -
- resource_length;
+ ACPI_ROUND_UP_to_32_bITS(resource_length);
break;
case ACPI_RESOURCE_NAME_END_TAG:
@@ -408,8 +407,7 @@
* Add vendor data and ensure a 32-bit boundary for the
structure
*/
extra_struct_bytes =
- ACPI_ROUND_UP_to_32_bITS(resource_length) -
- resource_length;
+ ACPI_ROUND_UP_to_32_bITS(resource_length);
break;
case ACPI_RESOURCE_NAME_ADDRESS32:
-
To unsubscribe from this list: send the line "unsubscribe linux-acpi" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
