lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <200907251801.19482.bzolnier@gmail.com>
Date:	Sat, 25 Jul 2009 18:01:18 +0200
From:	Bartlomiej Zolnierkiewicz <bzolnier@...il.com>
To:	Len Brown <lenb@...nel.org>
Cc:	linux-kernel@...r.kernel.org, linux-acpi@...r.kernel.org,
	Dan Carpenter <error27@...il.com>, corbet@....net,
	eteo@...hat.com
Subject: [PATCH] acpi: fix NULL pointer dereference in acpi_ex_release_mutex()

From: Bartlomiej Zolnierkiewicz <bzolnier@...il.com>
Subject: [PATCH] acpi: fix NULL pointer dereference in acpi_ex_release_mutex()

>From Dan's list:

drivers/acpi/acpica/exmutex.c +397 acpi_ex_release_mutex(40) warning: variable derefenced before check 'walk_state->thread'

Reorder the code to make it check for walk_state->thread existence before
accessing walk_state->thread->thread_id and fix the comment while at it.

Reported-by: Dan Carpenter <error27@...il.com>
Cc: corbet@....net
Cc: eteo@...hat.com
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@...il.com>
---
2.6.31 material

 drivers/acpi/acpica/exmutex.c |   17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

Index: b/drivers/acpi/acpica/exmutex.c
===================================================================
--- a/drivers/acpi/acpica/exmutex.c
+++ b/drivers/acpi/acpica/exmutex.c
@@ -375,6 +375,14 @@ acpi_ex_release_mutex(union acpi_operand
 		return_ACPI_STATUS(AE_AML_MUTEX_NOT_ACQUIRED);
 	}
 
+	/* must have a valid thread */
+	if (!walk_state->thread) {
+		ACPI_ERROR((AE_INFO,
+			    "Cannot release Mutex [%4.4s], null thread info",
+			    acpi_ut_get_node_name(obj_desc->mutex.node)));
+		return_ACPI_STATUS(AE_AML_INTERNAL);
+	}
+
 	/*
 	 * The Mutex is owned, but this thread must be the owner.
 	 * Special case for Global Lock, any thread can release
@@ -392,15 +400,6 @@ acpi_ex_release_mutex(union acpi_operand
 		return_ACPI_STATUS(AE_AML_NOT_OWNER);
 	}
 
-	/* Must have a valid thread ID */
-
-	if (!walk_state->thread) {
-		ACPI_ERROR((AE_INFO,
-			    "Cannot release Mutex [%4.4s], null thread info",
-			    acpi_ut_get_node_name(obj_desc->mutex.node)));
-		return_ACPI_STATUS(AE_AML_INTERNAL);
-	}
-
 	/*
 	 * The sync level of the mutex must be equal to the current sync level. In
 	 * other words, the current level means that at least one mutex at that
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ