Re: acpi ->video_device_list corruption

William Lee Irwin III writes:
On Wed, Dec 12, 2007 at 12:48:09PM +0100, Mikael Pettersson wrote:
IMO the memset(ptr, 0, sizeof(*ptr)) idiom is both safer
and avoids having to write an uninteresting type name.

How about this, then?

Looks good.

Acked-by: Mikael Pettersson <mikpe@xxxxxxxx>


The ->cap fields of struct acpi_video_device and struct acpi_video_bus
are 1B each, not 4B. The oversized memset()'s corrupted the subsequent
list_head fields. This resulted in silent corruption without
CONFIG_DEBUG_LIST and BUG's with it. This patch uses sizeof() to pass
the proper bounds to the memset() calls and thereby correct the bugs.

The patch was seen to resolve the issue on the affected system.

vs. 2.6.24-rc5

Signed-off-by: William Irwin <wli@xxxxxxxxxxxxxx>

diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
index 44a0d9b..bd77e81 100644
--- a/drivers/acpi/video.c
+++ b/drivers/acpi/video.c
@@ -577,7 +577,7 @@ static void acpi_video_device_find_cap(struct acpi_video_device *device)
struct acpi_video_device_brightness *br = NULL;


- memset(&device->cap, 0, 4);
+ memset(&device->cap, 0, sizeof(device->cap));

if (ACPI_SUCCESS(acpi_get_handle(device->dev->handle, "_ADR", &h_dummy1))) {
device->cap._ADR = 1;
@@ -697,7 +697,7 @@ static void acpi_video_bus_find_cap(struct acpi_video_bus *video)
{
acpi_handle h_dummy1;

- memset(&video->cap, 0, 4);
+ memset(&video->cap, 0, sizeof(video->cap));
if (ACPI_SUCCESS(acpi_get_handle(video->device->handle, "_DOS", &h_dummy1))) {
video->cap._DOS = 1;
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Relevant Pages

  • Re: [PATCH] ide-cd: fix endianity for the error message in cdrom_read_capacity
    ... Bart owns this patch now. ... switch { ... More majordomo info at http://vger.kernel.org/majordomo-info.html ... Please read the FAQ at http://www.tux.org/lkml/ ...
    (Linux-Kernel)
  • Re: [BUG] e100: eth0 appers many times in /proc/interrupts after resume
    ... Could you try the following patch? ... I just fixed suspend/shutdown for e100 in 2.6.19, not sure why the problem still shows up. ... More majordomo info at http://vger.kernel.org/majordomo-info.html ... Please read the FAQ at http://www.tux.org/lkml/ ...
    (Linux-Kernel)
  • Re: [PATCH] smbfs chroot issue (CVE-2006-1864)
    ... This patch also applies to 2.4, did you receive it on your side or do you ... want me to queue it in -upstream? ... More majordomo info at http://vger.kernel.org/majordomo-info.html ... Please read the FAQ at http://www.tux.org/lkml/ ...
    (Linux-Kernel)
  • Re: [PATCH 30/61] knfsd: Fix race that can disable NFS server.
    ... response. ... this patch is definitely appropriate for 2.4. ... More majordomo info at http://vger.kernel.org/majordomo-info.html ... Please read the FAQ at http://www.tux.org/lkml/ ...
    (Linux-Kernel)
  • [SUMMARY] RE: Patches
    ... Actually most of the responses were kinda insulting, ... copied the one from the patch to the proper directory, ... I tripple checked the FAQ, and the words showrev or pkginfo ... idiot insisted on sending it to me multiple times are 1.2.3 and the last ...
    (SunManagers)