diff options
| author |   Dan Williams <dan.j.williams@intel.com> | 2017-11-12 14:57:09 -0800 |
|---|---|---|
| committer | Dan Williams <dan.j.williams@intel.com> | 2017-11-12 15:18:57 -0800 |
| commit | 0e7f0741450b1b800b3acfc2319e7f24e8a20fcf (patch) | |
| tree | 52064fbdc545a13ffe808ee2c128bd8b3cade733 /tools | |
| parent | tools/testing/nvdimm: stricter bounds checking for error injection commands (diff) | |
| download | linux-dev-0e7f0741450b1b800b3acfc2319e7f24e8a20fcf.tar.xz linux-dev-0e7f0741450b1b800b3acfc2319e7f24e8a20fcf.zip | |
acpi, nfit: validate commands against the device type
Fix occasions in acpi_nfit_ctl where we check the command type without
validating whether we are parsing dimm vs bus level commands. Where the
command numbers alias between dimms and bus we can make the wrong
assumption just checking the raw command number. For example, with a
simple nfit_test mock up of the clear-error command we trigger the
following:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000094
IP: acpi_nfit_ctl+0x29b/0x930 [nfit]
[..]
Call Trace:
nfit_test_probe+0xb85/0xc09 [nfit_test]
platform_drv_probe+0x3b/0xa0
? platform_drv_probe+0x3b/0xa0
driver_probe_device+0x29c/0x450
? test_alloc+0x180/0x180 [nfit_test]
__driver_attach+0xe3/0xf0
? driver_probe_device+0x450/0x450
bus_for_each_dev+0x73/0xc0
driver_attach+0x1e/0x20
bus_add_driver+0x173/0x270
driver_register+0x60/0xe0
__platform_driver_register+0x36/0x40
nfit_test_init+0x2a1/0x1000 [nfit_test]
Fixes: 4b27db7e26cd ("acpi, nfit: add support for the _LSI, _LSR, and...")
Reported-by: Vishal Verma <vishal.l.verma@intel.com>
Tested-by: Vishal Verma <vishal.l.verma@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Diffstat (limited to 'tools')
0 files changed, 0 insertions, 0 deletions