RE: [PATCH] ACPI: fix vendor resource length computation

Tue, 14 Feb 2006 15:28:33 -0800 

I'll look at this. 

Does this fix all of the slab corruptions issues we have been hearing
about?

Bob


> -----Original Message-----
> From: Bjorn Helgaas [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, February 14, 2006 3:13 PM
> To: Andreas Schwab
> Cc: Thomas Renninger; Moore, Robert; Luck, Tony; Brown, Len; linux-
> [EMAIL PROTECTED]; [email protected]; Andrew Morton;
> [EMAIL PROTECTED]
> Subject: [PATCH] ACPI: fix vendor resource length computation
> 
> acpi_rs_get_list_length() needs to account for all the vendor-defined
> data bytes.  Failing to include these causes buffers to be sized too
> small, which causes slab corruption when we later convert AML to
> resources and run off the end of the buffer.
> 
> I'm no expert on this code, so please scrutinize this carefully.
> 
> This causes slab corruption on machines that use ACPI vendor-defined
> resources.  All HP ia64 machines do, and I'm told that some NEC
> machines may as well.  So if the fix is correct, it would be good
> to have it in 2.6.16.
> 
> Signed-off-by: Bjorn Helgaas <[EMAIL PROTECTED]>
> 
> Index: work-mm4/drivers/acpi/resources/rscalc.c
> ===================================================================
> --- work-mm4.orig/drivers/acpi/resources/rscalc.c     2006-02-14
> 13:32:50.000000000 -0700
> +++ work-mm4/drivers/acpi/resources/rscalc.c  2006-02-14
> 13:33:25.000000000 -0700
> @@ -391,8 +391,7 @@
>                        * Ensure a 32-bit boundary for the structure
>                        */
>                       extra_struct_bytes =
> -                         ACPI_ROUND_UP_to_32_bITS(resource_length) -
> -                         resource_length;
> +                         ACPI_ROUND_UP_to_32_bITS(resource_length);
>                       break;
> 
>               case ACPI_RESOURCE_NAME_END_TAG:
> @@ -408,8 +407,7 @@
>                        * Add vendor data and ensure a 32-bit boundary
for the
> structure
>                        */
>                       extra_struct_bytes =
> -                         ACPI_ROUND_UP_to_32_bITS(resource_length) -
> -                         resource_length;
> +                         ACPI_ROUND_UP_to_32_bITS(resource_length);
>                       break;
> 
>               case ACPI_RESOURCE_NAME_ADDRESS32:
-
To unsubscribe from this list: send the line "unsubscribe linux-acpi" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to