ACPICA: Namespace: Properly null terminate objects detached from a namespace node
authorDavid E. Box <david.e.box@linux.intel.com>
Tue, 8 Jul 2014 02:06:24 +0000 (10:06 +0800)
committerRafael J. Wysocki <rafael.j.wysocki@intel.com>
Tue, 8 Jul 2014 12:22:25 +0000 (14:22 +0200)
Fixes a bug exposed by an ACPICA unit test around the
acpi_attach_data()/acpi_detach_data() APIs where the failure to null
terminate a detached object led to the creation of a circular linked list
(and infinite looping) when the object is reattached.

Reported in acpica bugzilla #1063

Link: https://bugs.acpica.org/show_bug.cgi?id=1063
Signed-off-by: David E. Box <david.e.box@linux.intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Cc: 3.15+ <stable@vger.kernel.org> # 3.15+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
drivers/acpi/acpica/nsobject.c

index fe54a8c73b8c8f1618c12badbe62d07ec73c7ea7..f1ea8e56cd87b130dbde5953d07dd12628c34fab 100644 (file)
@@ -239,6 +239,17 @@ void acpi_ns_detach_object(struct acpi_namespace_node *node)
                }
        }
 
+       /*
+        * Detach the object from any data objects (which are still held by
+        * the namespace node)
+        */
+
+       if (obj_desc->common.next_object &&
+           ((obj_desc->common.next_object)->common.type ==
+            ACPI_TYPE_LOCAL_DATA)) {
+               obj_desc->common.next_object = NULL;
+       }
+
        /* Reset the node type to untyped */
 
        node->type = ACPI_TYPE_ANY;