| Message ID | 20230106235308.99999-1-d-tatianin@yandex-team.ru |
|---|---|
| State | Accepted |
| Commit | ca843a4c79486e99a19b859ef0b9887854afe146 |
| Headers | show |
| Series | [v0] ACPICA: nsrepair: handle cases without a return value correctly | expand |
On Sat, Jan 7, 2023 at 12:54 AM Daniil Tatianin <d-tatianin@yandex-team.ru> wrote: > > Previously acpi_ns_simple_repair() would crash if expected_btypes > contained any combination of ACPI_RTYPE_NONE with a different type, > e.g | ACPI_RTYPE_INTEGER because of slightly incorrect logic in the > !return_object branch, which wouldn't return AE_AML_NO_RETURN_VALUE > for such cases. > > Found by Linux Verification Center (linuxtesting.org) with the SVACE > static analysis tool. > > Link: https://github.com/acpica/acpica/pull/811 > Fixes: 61db45ca2163 ("ACPICA: Restore code that repairs NULL package elements in return values.") > Signed-off-by: Daniil Tatianin <d-tatianin@yandex-team.ru> > --- > drivers/acpi/acpica/nsrepair.c | 12 +++++++----- > 1 file changed, 7 insertions(+), 5 deletions(-) > > diff --git a/drivers/acpi/acpica/nsrepair.c b/drivers/acpi/acpica/nsrepair.c > index 367fcd201f96..ec512e06a48e 100644 > --- a/drivers/acpi/acpica/nsrepair.c > +++ b/drivers/acpi/acpica/nsrepair.c > @@ -181,8 +181,9 @@ acpi_ns_simple_repair(struct acpi_evaluate_info *info, > * Try to fix if there was no return object. Warning if failed to fix. > */ > if (!return_object) { > - if (expected_btypes && (!(expected_btypes & ACPI_RTYPE_NONE))) { > - if (package_index != ACPI_NOT_PACKAGE_ELEMENT) { > + if (expected_btypes) { > + if (!(expected_btypes & ACPI_RTYPE_NONE) && > + package_index != ACPI_NOT_PACKAGE_ELEMENT) { > ACPI_WARN_PREDEFINED((AE_INFO, > info->full_pathname, > ACPI_WARN_ALWAYS, > @@ -196,14 +197,15 @@ acpi_ns_simple_repair(struct acpi_evaluate_info *info, > if (ACPI_SUCCESS(status)) { > return (AE_OK); /* Repair was successful */ > } > - } else { > + } > + > + if (expected_btypes != ACPI_RTYPE_NONE) { > ACPI_WARN_PREDEFINED((AE_INFO, > info->full_pathname, > ACPI_WARN_ALWAYS, > "Missing expected return value")); > + return (AE_AML_NO_RETURN_VALUE); > } > - > - return (AE_AML_NO_RETURN_VALUE); > } > } > > -- Applied as 6.3 material, thanks!
diff --git a/drivers/acpi/acpica/nsrepair.c b/drivers/acpi/acpica/nsrepair.c index 367fcd201f96..ec512e06a48e 100644 --- a/drivers/acpi/acpica/nsrepair.c +++ b/drivers/acpi/acpica/nsrepair.c @@ -181,8 +181,9 @@ acpi_ns_simple_repair(struct acpi_evaluate_info *info, * Try to fix if there was no return object. Warning if failed to fix. */ if (!return_object) { - if (expected_btypes && (!(expected_btypes & ACPI_RTYPE_NONE))) { - if (package_index != ACPI_NOT_PACKAGE_ELEMENT) { + if (expected_btypes) { + if (!(expected_btypes & ACPI_RTYPE_NONE) && + package_index != ACPI_NOT_PACKAGE_ELEMENT) { ACPI_WARN_PREDEFINED((AE_INFO, info->full_pathname, ACPI_WARN_ALWAYS, @@ -196,14 +197,15 @@ acpi_ns_simple_repair(struct acpi_evaluate_info *info, if (ACPI_SUCCESS(status)) { return (AE_OK); /* Repair was successful */ } - } else { + } + + if (expected_btypes != ACPI_RTYPE_NONE) { ACPI_WARN_PREDEFINED((AE_INFO, info->full_pathname, ACPI_WARN_ALWAYS, "Missing expected return value")); + return (AE_AML_NO_RETURN_VALUE); } - - return (AE_AML_NO_RETURN_VALUE); } }
Previously acpi_ns_simple_repair() would crash if expected_btypes contained any combination of ACPI_RTYPE_NONE with a different type, e.g | ACPI_RTYPE_INTEGER because of slightly incorrect logic in the !return_object branch, which wouldn't return AE_AML_NO_RETURN_VALUE for such cases. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. Link: https://github.com/acpica/acpica/pull/811 Fixes: 61db45ca2163 ("ACPICA: Restore code that repairs NULL package elements in return values.") Signed-off-by: Daniil Tatianin <d-tatianin@yandex-team.ru> --- drivers/acpi/acpica/nsrepair.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-)