Re: [PATCH] ACPI: fix vendor resource length computation

Tue, 14 Feb 2006 15:35:41 -0800 

On Tuesday 14 February 2006 16:25, Moore, Robert wrote:
> Does this fix all of the slab corruptions issues we have been hearing
> about?

It fixes the one I saw with 2.6.16-rc3 on HP rx7620.  I'm pretty sure
that's the same as the one Thomas observed in pci_acpi_scan_root() and
acpi_sba_ioc_add().

But I haven't been paying attention to any other slab corruption issues,
so I can't speculate about them.

> > -----Original Message-----
> > From: Bjorn Helgaas [mailto:[EMAIL PROTECTED]
> > Sent: Tuesday, February 14, 2006 3:13 PM
> > To: Andreas Schwab
> > Cc: Thomas Renninger; Moore, Robert; Luck, Tony; Brown, Len; linux-
> > [EMAIL PROTECTED]; [email protected]; Andrew Morton;
> > [EMAIL PROTECTED]
> > Subject: [PATCH] ACPI: fix vendor resource length computation
> > 
> > acpi_rs_get_list_length() needs to account for all the vendor-defined
> > data bytes.  Failing to include these causes buffers to be sized too
> > small, which causes slab corruption when we later convert AML to
> > resources and run off the end of the buffer.
> > 
> > I'm no expert on this code, so please scrutinize this carefully.
> > 
> > This causes slab corruption on machines that use ACPI vendor-defined
> > resources.  All HP ia64 machines do, and I'm told that some NEC
> > machines may as well.  So if the fix is correct, it would be good
> > to have it in 2.6.16.
> > 
> > Signed-off-by: Bjorn Helgaas <[EMAIL PROTECTED]>
> > 
> > Index: work-mm4/drivers/acpi/resources/rscalc.c
> > ===================================================================
> > --- work-mm4.orig/drivers/acpi/resources/rscalc.c   2006-02-14
> > 13:32:50.000000000 -0700
> > +++ work-mm4/drivers/acpi/resources/rscalc.c        2006-02-14
> > 13:33:25.000000000 -0700
> > @@ -391,8 +391,7 @@
> >                      * Ensure a 32-bit boundary for the structure
> >                      */
> >                     extra_struct_bytes =
> > -                       ACPI_ROUND_UP_to_32_bITS(resource_length) -
> > -                       resource_length;
> > +                       ACPI_ROUND_UP_to_32_bITS(resource_length);
> >                     break;
> > 
> >             case ACPI_RESOURCE_NAME_END_TAG:
> > @@ -408,8 +407,7 @@
> >                      * Add vendor data and ensure a 32-bit boundary
> for the
> > structure
> >                      */
> >                     extra_struct_bytes =
> > -                       ACPI_ROUND_UP_to_32_bITS(resource_length) -
> > -                       resource_length;
> > +                       ACPI_ROUND_UP_to_32_bITS(resource_length);
> >                     break;
> > 
> >             case ACPI_RESOURCE_NAME_ADDRESS32:
> 
-
To unsubscribe from this list: send the line "unsubscribe linux-acpi" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to