From: David E. Box <david.e.box@linux.intel.com> Date: Tue, 8 Jul 2014 02:06:24 +0000 (+0800) Subject: ACPICA: Namespace: Properly null terminate objects detached from a namespace node X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=e23d9b829754;p=linux.git ACPICA: Namespace: Properly null terminate objects detached from a namespace node Fixes a bug exposed by an ACPICA unit test around the acpi_attach_data()/acpi_detach_data() APIs where the failure to null terminate a detached object led to the creation of a circular linked list (and infinite looping) when the object is reattached. Reported in acpica bugzilla #1063 Link: https://bugs.acpica.org/show_bug.cgi?id=1063 Signed-off-by: David E. Box <david.e.box@linux.intel.com> Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Lv Zheng <lv.zheng@intel.com> Cc: 3.15+ <stable@vger.kernel.org> # 3.15+ Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> --- diff --git a/drivers/acpi/acpica/nsobject.c b/drivers/acpi/acpica/nsobject.c index fe54a8c73b8c8..f1ea8e56cd87b 100644 --- a/drivers/acpi/acpica/nsobject.c +++ b/drivers/acpi/acpica/nsobject.c @@ -239,6 +239,17 @@ void acpi_ns_detach_object(struct acpi_namespace_node *node) } } + /* + * Detach the object from any data objects (which are still held by + * the namespace node) + */ + + if (obj_desc->common.next_object && + ((obj_desc->common.next_object)->common.type == + ACPI_TYPE_LOCAL_DATA)) { + obj_desc->common.next_object = NULL; + } + /* Reset the node type to untyped */ node->type = ACPI_TYPE_ANY;