summaryrefslogtreecommitdiff
path: root/drivers/acpi/scan.c
diff options
context:
space:
mode:
authorToshi Kani <toshi.kani@hp.com>2012-10-26 13:38:57 +0200
committerRafael J. Wysocki <rafael.j.wysocki@intel.com>2012-11-15 00:16:01 +0100
commitb3c450c38075f414077e58439cff6bdce9e47df8 (patch)
treeef1144223a556a10ad5f2ee06f2cfca456d2e156 /drivers/acpi/scan.c
parent594df89a59cf2a2afc22fe27f508dd864d1edb5f (diff)
downloadlwn-b3c450c38075f414077e58439cff6bdce9e47df8.tar.gz
lwn-b3c450c38075f414077e58439cff6bdce9e47df8.zip
ACPI: Fix stale pointer access to flags.lockable
During hot-remove, acpi_bus_hot_remove_device() calls ACPI _LCK method when device->flags.lockable is set. However, this device pointer is stale since the target acpi_device object has been already kfree'd by acpi_bus_trim(). The flags.lockable indicates whether or not this ACPI object implements _LCK method. Fix the stable pointer access by replacing it with acpi_get_handle() to check if _LCK is implemented. Signed-off-by: Toshi Kani <toshi.kani@hp.com> Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Diffstat (limited to 'drivers/acpi/scan.c')
-rw-r--r--drivers/acpi/scan.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c
index 1fcb8678665c..ed87f433cec2 100644
--- a/drivers/acpi/scan.c
+++ b/drivers/acpi/scan.c
@@ -97,6 +97,7 @@ void acpi_bus_hot_remove_device(void *context)
struct acpi_eject_event *ej_event = (struct acpi_eject_event *) context;
struct acpi_device *device;
acpi_handle handle = ej_event->handle;
+ acpi_handle temp;
struct acpi_object_list arg_list;
union acpi_object arg;
acpi_status status = AE_OK;
@@ -117,13 +118,16 @@ void acpi_bus_hot_remove_device(void *context)
goto err_out;
}
+ /* device has been freed */
+ device = NULL;
+
/* power off device */
status = acpi_evaluate_object(handle, "_PS3", NULL, NULL);
if (ACPI_FAILURE(status) && status != AE_NOT_FOUND)
printk(KERN_WARNING PREFIX
"Power-off device failed\n");
- if (device->flags.lockable) {
+ if (ACPI_SUCCESS(acpi_get_handle(handle, "_LCK", &temp))) {
arg_list.count = 1;
arg_list.pointer = &arg;
arg.type = ACPI_TYPE_INTEGER;