[ 02/83] libata-acpi: Fix NULL ptr derference in ata_acpi_dev_handle
From: Greg Kroah-Hartman
Date: Thu Nov 22 2012 - 16:16:18 EST
3.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Aaron Lu <aaron.lu@xxxxxxxxx>
commit 60817a680b1bd3341b6909fab7d8a1fcc3a78369 upstream.
commit 6b66d95895c149cbc04d4fac5a2f5477c543a8ae didn't handle SATA PMP
case in ata_acpi_bind_device and will cause a NULL ptr dereference when
user attached a SATA drive to the PMP port. Fix this by checking PMP
support.
This bug is reported by Dan van der Ster in the following bugzilla page:
https://bugzilla.kernel.org/show_bug.cgi?id=48211
Reported-by: Dan van der Ster <dan@xxxxxxxxxxxxxx>
Tested-by: Dan van der Ster <dan@xxxxxxxxxxxxxx>
Signed-off-by: Aaron Lu <aaron.lu@xxxxxxxxx>
Signed-off-by: Jeff Garzik <jgarzik@xxxxxxxxxx>
Tested-by: Simon <tangouniform@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/ata/libata-acpi.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
--- a/drivers/ata/libata-acpi.c
+++ b/drivers/ata/libata-acpi.c
@@ -1105,10 +1105,15 @@ static int ata_acpi_bind_device(struct a
struct acpi_device *acpi_dev;
struct acpi_device_power_state *states;
- if (ap->flags & ATA_FLAG_ACPI_SATA)
- ata_dev = &ap->link.device[sdev->channel];
- else
+ if (ap->flags & ATA_FLAG_ACPI_SATA) {
+ if (!sata_pmp_attached(ap))
+ ata_dev = &ap->link.device[sdev->id];
+ else
+ ata_dev = &ap->pmp_link[sdev->channel].device[sdev->id];
+ }
+ else {
ata_dev = &ap->link.device[sdev->id];
+ }
*handle = ata_dev_acpi_handle(ata_dev);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/