From 3c7db22a194d3b53584047425af82b4e1e03d9f7 Mon Sep 17 00:00:00 2001
From: Bob Moore <robert.moore@intel.com>
Date: Mon, 4 Aug 2008 11:13:01 +0800
Subject: ACPICA: Additional error checking for pathname utilities

Add error check after all calls to acpi_ns_get_pathname_length.
Add status return from acpi_ns_build_external_path and check after
all calls.  Add parameter validation to acpi_ut_initialize_buffer.

Reported by and initial patch by Ingo Molnar.
http://lkml.org/lkml/2008/7/21/176

Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lin Ming <ming.m.lin@intel.com>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
 drivers/acpi/namespace/nsnames.c  | 34 ++++++++++++++++++++++------------
 drivers/acpi/resources/rscalc.c   |  3 +++
 drivers/acpi/utilities/utalloc.c  |  8 +++++---
 drivers/acpi/utilities/utobject.c | 13 +++++++++----
 4 files changed, 39 insertions(+), 19 deletions(-)

(limited to 'drivers/acpi')

diff --git a/drivers/acpi/namespace/nsnames.c b/drivers/acpi/namespace/nsnames.c
index 549db42f16cf..bd5773878009 100644
--- a/drivers/acpi/namespace/nsnames.c
+++ b/drivers/acpi/namespace/nsnames.c
@@ -56,13 +56,14 @@ ACPI_MODULE_NAME("nsnames")
  *              Size            - Size of the pathname
  *              *name_buffer    - Where to return the pathname
  *
- * RETURN:      Places the pathname into the name_buffer, in external format
+ * RETURN:      Status
+ *              Places the pathname into the name_buffer, in external format
  *              (name segments separated by path separators)
  *
  * DESCRIPTION: Generate a full pathaname
  *
  ******************************************************************************/
-void
+acpi_status
 acpi_ns_build_external_path(struct acpi_namespace_node *node,
 			    acpi_size size, char *name_buffer)
 {
@@ -77,7 +78,7 @@ acpi_ns_build_external_path(struct acpi_namespace_node *node,
 	if (index < ACPI_NAME_SIZE) {
 		name_buffer[0] = AML_ROOT_PREFIX;
 		name_buffer[1] = 0;
-		return;
+		return (AE_OK);
 	}
 
 	/* Store terminator byte, then build name backwards */
@@ -105,11 +106,13 @@ acpi_ns_build_external_path(struct acpi_namespace_node *node,
 
 	if (index != 0) {
 		ACPI_ERROR((AE_INFO,
-			    "Could not construct pathname; index=%X, size=%X, Path=%s",
+			    "Could not construct external pathname; index=%X, size=%X, Path=%s",
 			    (u32) index, (u32) size, &name_buffer[size]));
+
+		return (AE_BAD_PARAMETER);
 	}
 
-	return;
+	return (AE_OK);
 }
 
 #ifdef ACPI_DEBUG_OUTPUT
@@ -129,6 +132,7 @@ acpi_ns_build_external_path(struct acpi_namespace_node *node,
 
 char *acpi_ns_get_external_pathname(struct acpi_namespace_node *node)
 {
+	acpi_status status;
 	char *name_buffer;
 	acpi_size size;
 
@@ -138,8 +142,7 @@ char *acpi_ns_get_external_pathname(struct acpi_namespace_node *node)
 
 	size = acpi_ns_get_pathname_length(node);
 	if (!size) {
-		ACPI_ERROR((AE_INFO, "Invalid node failure"));
-		return_PTR(NULL);
+		return (NULL);
 	}
 
 	/* Allocate a buffer to be returned to caller */
@@ -152,7 +155,11 @@ char *acpi_ns_get_external_pathname(struct acpi_namespace_node *node)
 
 	/* Build the path in the allocated buffer */
 
-	acpi_ns_build_external_path(node, size, name_buffer);
+	status = acpi_ns_build_external_path(node, size, name_buffer);
+	if (ACPI_FAILURE(status)) {
+		return (NULL);
+	}
+
 	return_PTR(name_buffer);
 }
 #endif
@@ -186,7 +193,7 @@ acpi_size acpi_ns_get_pathname_length(struct acpi_namespace_node *node)
 	while (next_node && (next_node != acpi_gbl_root_node)) {
 		if (ACPI_GET_DESCRIPTOR_TYPE(next_node) != ACPI_DESC_TYPE_NAMED) {
 			ACPI_ERROR((AE_INFO,
-				    "Invalid NS Node (%p) while traversing path",
+				    "Invalid Namespace Node (%p) while traversing namespace",
 				    next_node));
 			return 0;
 		}
@@ -234,8 +241,7 @@ acpi_ns_handle_to_pathname(acpi_handle target_handle,
 
 	required_size = acpi_ns_get_pathname_length(node);
 	if (!required_size) {
-		ACPI_ERROR((AE_INFO, "Invalid node failure"));
-		return_ACPI_STATUS(AE_ERROR);
+		return_ACPI_STATUS(AE_BAD_PARAMETER);
 	}
 
 	/* Validate/Allocate/Clear caller buffer */
@@ -247,7 +253,11 @@ acpi_ns_handle_to_pathname(acpi_handle target_handle,
 
 	/* Build the path in the caller buffer */
 
-	acpi_ns_build_external_path(node, required_size, buffer->pointer);
+	status =
+	    acpi_ns_build_external_path(node, required_size, buffer->pointer);
+	if (ACPI_FAILURE(status)) {
+		return_ACPI_STATUS(status);
+	}
 
 	ACPI_DEBUG_PRINT((ACPI_DB_EXEC, "%s [%X]\n",
 			  (char *)buffer->pointer, (u32) required_size));
diff --git a/drivers/acpi/resources/rscalc.c b/drivers/acpi/resources/rscalc.c
index f61ebc679e66..d9063ea414e3 100644
--- a/drivers/acpi/resources/rscalc.c
+++ b/drivers/acpi/resources/rscalc.c
@@ -587,6 +587,9 @@ acpi_rs_get_pci_routing_table_length(union acpi_operand_object *package_object,
 			} else {
 				temp_size_needed +=
 				    acpi_ns_get_pathname_length((*sub_object_list)->reference.node);
+				if (!temp_size_needed) {
+					return_ACPI_STATUS(AE_BAD_PARAMETER);
+				}
 			}
 		} else {
 			/*
diff --git a/drivers/acpi/utilities/utalloc.c b/drivers/acpi/utilities/utalloc.c
index e7bf34a7b1d2..7dcb67e0b215 100644
--- a/drivers/acpi/utilities/utalloc.c
+++ b/drivers/acpi/utilities/utalloc.c
@@ -242,10 +242,12 @@ acpi_ut_initialize_buffer(struct acpi_buffer * buffer,
 {
 	acpi_status status = AE_OK;
 
-	if (!required_length) {
-		WARN_ON(1);
-		return AE_ERROR;
+	/* Parameter validation */
+
+	if (!buffer || !required_length) {
+		return (AE_BAD_PARAMETER);
 	}
+
 	switch (buffer->length) {
 	case ACPI_NO_BUFFER:
 
diff --git a/drivers/acpi/utilities/utobject.c b/drivers/acpi/utilities/utobject.c
index e25484495e65..916eff399eb3 100644
--- a/drivers/acpi/utilities/utobject.c
+++ b/drivers/acpi/utilities/utobject.c
@@ -425,6 +425,7 @@ acpi_ut_get_simple_object_size(union acpi_operand_object *internal_object,
 			       acpi_size * obj_length)
 {
 	acpi_size length;
+	acpi_size size;
 	acpi_status status = AE_OK;
 
 	ACPI_FUNCTION_TRACE_PTR(ut_get_simple_object_size, internal_object);
@@ -484,10 +485,14 @@ acpi_ut_get_simple_object_size(union acpi_operand_object *internal_object,
 			 * Get the actual length of the full pathname to this object.
 			 * The reference will be converted to the pathname to the object
 			 */
-			length +=
-			    ACPI_ROUND_UP_TO_NATIVE_WORD
-			    (acpi_ns_get_pathname_length
-			     (internal_object->reference.node));
+			size =
+			    acpi_ns_get_pathname_length(internal_object->
+							reference.node);
+			if (!size) {
+				return_ACPI_STATUS(AE_BAD_PARAMETER);
+			}
+
+			length += ACPI_ROUND_UP_TO_NATIVE_WORD(size);
 			break;
 
 		default:
-- 
cgit v1.2.3-58-ga151