Bug 212277 - Access to ACPI FACS table after release
Summary: Access to ACPI FACS table after release
Status: CLOSED CODE_FIX
Alias: None
Product: ACPI
Classification: Unclassified
Component: ACPICA-Core (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: acpi_acpica-core@kernel-bugs.osdl.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-03-14 17:56 UTC by Stephan Hohe
Modified: 2021-06-07 13:41 UTC (History)
2 users (show)

See Also:
Kernel Version: 5.12-rc2
Subsystem:
Regression: No
Bisected commit-id:


Attachments
Revert patch (1.37 KB, patch)
2021-06-01 05:32 UTC, Zhang Rui
Details | Diff

Description Stephan Hohe 2021-03-14 17:56:37 UTC
In drivers/acpi/sleep.c, a table pointer form acpi_get_table() seems to be used after it has been released with acpi_put_table(). AFAIK this shouldn't be done.

acpi_sleep_hibernate_setup() stores an ACPI table from acpi_get_table() in the global variable facs and then releases the table with acpi_put_table():

        acpi_get_table(ACPI_SIG_FACS, 1, (struct acpi_table_header **)&facs);
        if (facs) {                                                                                             
                s4_hardware_signature = facs->hardware_signature;
                acpi_put_table((struct acpi_table_header *)facs);
        }


acpi_hibernation_leave() later accesses *facs:

        /* Check the hardware signature */
        if (facs && s4_hardware_signature != facs->hardware_signature)
                pr_crit("ACPI: Hardware changed while hibernated, success doubtful!\n");


This doesn't seem correct. I would guess acpi_hibernation_leave() should probably do its own acpi_get_table()/acpi_put_table().
Comment 1 Ming Wang 2021-03-18 06:25:50 UTC
-
Comment 2 Zhang Rui 2021-06-01 05:32:20 UTC
Created attachment 297097 [details]
Revert patch

Sounds reasonable to me, I will propose this revert patch for upstream.
Comment 3 Zhang Rui 2021-06-07 13:41:27 UTC
Hi, Stephan,

Sorry that I forgot to CC you when submitting the patch.
Now the patch has been submitted for upstream, and applied by Rafael.
It should be merged in 5.13 final release.

Thanks for catching the issue. Bug closed.

Note You need to log in before you can comment on or make changes to this bug.