10669 – ACPI: kmemcheck: Caught 16-bit read from freed memory (f7c12ec6)

Bug 10669 - ACPI: kmemcheck: Caught 16-bit read from freed memory (f7c12ec6)

Summary: ACPI: kmemcheck: Caught 16-bit read from freed memory (f7c12ec6)

Status:	CLOSED PATCH_ALREADY_AVAILABLE

Alias:	None

Product:	ACPI
Classification:	Unclassified
Component:	ACPICA-Core (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	Lin Ming

URL:
Keywords:

Depends on:
Blocks:	10492
	Show dependency tree

Reported:	2008-05-11 12:41 UTC by Rafael J. Wysocki
Modified:	2008-06-12 01:23 UTC (History)
CC List:	5 users (show)

See Also:
Kernel Version:	2.6.26-rc1
Subsystem:
Regression:	Yes
Bisected commit-id:

Attachments
proposed patch (935 bytes, patch) 2008-05-19 07:13 UTC, Lin Ming	Details \| Diff
proposed patch (935 bytes, patch) 2008-05-19 07:13 UTC, Lin Ming	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Description Rafael J. Wysocki 2008-05-11 12:41:48 UTC

Subject    : ACPI: kmemcheck: Caught 16-bit read from freed memory (f7c12ec6)
Submitter  : "Vegard Nossum" <vegard.nossum@gmail.com>
Date       : 2008-05-06 16:09
References : http://marc.info/?l=linux-acpi&m=121009034825514&w=4
Handled-By : Lin Ming <ming.m.lin@intel.com>

This entry is being used for tracking a regression from 2.6.25.  Please don't
close it until the problem is fixed in the mainline.

Comment 1 Len Brown 2008-05-13 21:39:33 UTC

note that bc7a36ab74e09da7bb63e2477b0740ac992b290e
"ACPICA: Fixes for Unload and DDBHandles"
is reverted from the acpi-test tree until this is root-caused
and resolved.

Comment 2 Lin Ming 2008-05-19 07:13:18 UTC

Created attachment 16198 [details]
proposed patch

Comment 3 Lin Ming 2008-05-19 07:13:19 UTC

Created attachment 16199 [details]
proposed patch

Comment 4 Lin Ming 2008-05-19 07:21:52 UTC

Hi, Vegard

Would you please help to test the patch at comment #3?
Thanks

Comment 5 Lin Ming 2008-05-19 19:58:07 UTC

add comments for the patch:
----
It's not safe to access walk_state->op in acpi_ps_get_next_namepath and acpi_ps_get_next_arg since it may have been deleted.

It's safe to refer to current op by walk_state->opcode.

Comment 6 Rafael J. Wysocki 2008-05-20 15:13:38 UTC

Regressions list annotation:
Handled-By : Ming Lin <ming.m.lin@intel.com>

Comment 7 Rafael J. Wysocki 2008-05-20 15:14:09 UTC

Regressions list annotation:
Patch : http://bugzilla.kernel.org/attachment.cgi?id=16199&action=view

Comment 8 Vegard Nossum 2008-05-25 07:42:33 UTC

Hi,

The patch in comment #3 fixes it for me!

Thanks :-)

Vegard

Comment 9 Adrian Bunk 2008-06-12 01:23:54 UTC

now as commit 8410565f540db87ca938f56f92780d251e4f157d in Linus' tree

Note You need to log in before you can comment on or make changes to this bug.