Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1031817AbdDZWhw (ORCPT <rfc822;w@1wt.eu>);
        Wed, 26 Apr 2017 18:37:52 -0400
Received: from mail-oi0-f47.google.com ([209.85.218.47]:35262 "EHLO
        mail-oi0-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1031707AbdDZWho (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 26 Apr 2017 18:37:44 -0400
MIME-Version: 1.0
In-Reply-To: <CAJZ5v0h4hOeRfBgK=ARbw8dmML56v0xnvPjsY9wZ0fv7EXCeQw@mail.gmail.com>
References: <149315024459.9151.4555045488194999231.stgit@dwillia2-desk3.amr.corp.intel.com>
 <CAJZ5v0h4hOeRfBgK=ARbw8dmML56v0xnvPjsY9wZ0fv7EXCeQw@mail.gmail.com>
From: Dan Williams <dan.j.williams@intel.com>
Date: Wed, 26 Apr 2017 15:37:42 -0700
Message-ID: <CAPcyv4i_mRLSxm7YAnk_p8PhP=kyhT1aZZcrG-zZxXXWhGQuew@mail.gmail.com>
Subject: Re: [PATCH v2] acpi: fix acpi_get_table() leak / acpi-sysfs denial of service
To: "Rafael J. Wysocki" <rafael@kernel.org>
Cc: Rafael Wysocki <rafael.j.wysocki@intel.com>,
        Anush Seetharaman <anush.seetharaman@intel.com>,
        Tiffany Kasanicky <tiffany.j.kasanicky@intel.com>,
        Ryon Jensen <ryon.jensen@intel.com>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Stable <stable@vger.kernel.org>,
        ACPI Devel Maling List <linux-acpi@vger.kernel.org>,
        Kristin Jacque <kristin.jacque@intel.com>,
        Zhang Rui <rui.zhang@intel.com>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1710
Lines: 43

On Wed, Apr 26, 2017 at 3:25 PM, Rafael J. Wysocki <rafael@kernel.org> wrote:
> On Tue, Apr 25, 2017 at 9:58 PM, Dan Williams <dan.j.williams@intel.com> wrote:
>> Reading an ACPI table through the /sys/firmware/acpi/tables interface
>> more than 65,536 times leads to the following log message:
>>
>>  ACPI Error: Table ffff88033595eaa8, Validation count is zero after increment
>>   (20170119/tbutils-423)
>>
>> ...and the table being unavailable until the next reboot. Add the
>> missing acpi_put_table() so the table ->validation_count is decremented
>> after each read.
>>
>> Cc: <stable@vger.kernel.org>
>> Cc: Zhang Rui <rui.zhang@intel.com>
>> Cc: Rafael Wysocki <rafael.j.wysocki@intel.com>
>> Cc: Kristin Jacque <kristin.jacque@intel.com>
>> Cc: Tiffany Kasanicky <tiffany.j.kasanicky@intel.com>
>> Cc: Ryon Jensen <ryon.jensen@intel.com>
>> Reported-by: Anush Seetharaman <anush.seetharaman@intel.com>
>> Fixes: 1c8fce27e275 ("ACPI: introduce drivers/acpi/sysfs.c")
>> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
>
> I'm going to apply this, but your Fixes tag is not correct.
>
> validation_count was added to struct acpi_table_desc by commit
>
> commit 174cc7187e6f088942c8e74daa7baff7b44b33c9
> Author: Lv Zheng <lv.zheng@intel.com>
> Date:   Wed Dec 14 15:04:25 2016 +0800
>
>     ACPICA: Tables: Back port acpi_get_table_with_size() and
> early_acpi_os_unmap_memory()
> from Linux kernel
>
> from the 4.10 time frame, so IMO it should be
>
> Fixes: 174cc7187e6f (ACPICA: Tables: Back port
> acpi_get_table_with_size() and early_acpi_os_unmap_memory() from Linux
> kernel)
>

Ah, thanks for the catch, I missed that detail and was wrong to argue
it was a 7 year old bug. Apologies Lv!