Bug 212277

Summary: Access to ACPI FACS table after release
Product: ACPI Reporter: Stephan Hohe (sth.dev)
Component: ACPICA-CoreAssignee: acpi_acpica-core (acpi_acpica-core)
Status: CLOSED CODE_FIX    
Severity: normal CC: rui.zhang, wangming01
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 5.12-rc2 Subsystem:
Regression: No Bisected commit-id:
Attachments: Revert patch

Description Stephan Hohe 2021-03-14 17:56:37 UTC 
In drivers/acpi/sleep.c, a table pointer form acpi_get_table() seems to be used after it has been released with acpi_put_table(). AFAIK this shouldn't be done.

acpi_sleep_hibernate_setup() stores an ACPI table from acpi_get_table() in the global variable facs and then releases the table with acpi_put_table():

        acpi_get_table(ACPI_SIG_FACS, 1, (struct acpi_table_header **)&facs);
        if (facs) {                                                                                             
                s4_hardware_signature = facs->hardware_signature;
                acpi_put_table((struct acpi_table_header *)facs);
        }


acpi_hibernation_leave() later accesses *facs:

        /* Check the hardware signature */
        if (facs && s4_hardware_signature != facs->hardware_signature)
                pr_crit("ACPI: Hardware changed while hibernated, success doubtful!\n");


This doesn't seem correct. I would guess acpi_hibernation_leave() should probably do its own acpi_get_table()/acpi_put_table().
Comment 1 Ming Wang 2021-03-18 06:25:50 UTC 
-
Comment 2 Zhang Rui 2021-06-01 05:32:20 UTC 
Created attachment 297097 [details]
Revert patch

Sounds reasonable to me, I will propose this revert patch for upstream.
Comment 3 Zhang Rui 2021-06-07 13:41:27 UTC 
Hi, Stephan,

Sorry that I forgot to CC you when submitting the patch.
Now the patch has been submitted for upstream, and applied by Rafael.
It should be merged in 5.13 final release.

Thanks for catching the issue. Bug closed.