Commit 67fe63b0 authored by Bjorn Helgaas's avatar Bjorn Helgaas Committed by Dave Airlie

agp/hp: fixup hp agp after ACPI changes

Commit 15b8dd53 changed the string in info->hardware_id from a static
array to a pointer and added a length field.  But instead of changing
"sizeof(array)" to "length", we changed it to "sizeof(length)" (== 4),
which corrupts the string we're trying to null-terminate.

We no longer even need to null-terminate the string, but we *do* need to
check whether we found a HID.  If there's no HID, we used to have an empty
array, but now we have a null pointer.

The combination of these defects causes this oops:

  Unable to handle kernel NULL pointer dereference (address 0000000000000003)
  modprobe[895]: Oops 8804682956800 [1]
  ip is at zx1_gart_probe+0xd0/0xcc0 [hp_agp]

  http://marc.info/?l=linux-ia64&m=126264484923647&w=2Signed-off-by: default avatarBjorn Helgaas <bjorn.helgaas@hp.com>
Reported-by: default avatarÉmeric Maschino <emeric.maschino@gmail.com>
Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
parent 3f50b022
...@@ -488,9 +488,8 @@ zx1_gart_probe (acpi_handle obj, u32 depth, void *context, void **ret) ...@@ -488,9 +488,8 @@ zx1_gart_probe (acpi_handle obj, u32 depth, void *context, void **ret)
handle = obj; handle = obj;
do { do {
status = acpi_get_object_info(handle, &info); status = acpi_get_object_info(handle, &info);
if (ACPI_SUCCESS(status)) { if (ACPI_SUCCESS(status) && (info->valid & ACPI_VALID_HID)) {
/* TBD check _CID also */ /* TBD check _CID also */
info->hardware_id.string[sizeof(info->hardware_id.length)-1] = '\0';
match = (strcmp(info->hardware_id.string, "HWP0001") == 0); match = (strcmp(info->hardware_id.string, "HWP0001") == 0);
kfree(info); kfree(info);
if (match) { if (match) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment