From patchwork Mon Apr  4 23:44:49 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mattia Dongili <malattia@linux.it>
X-Patchwork-Id: 685751
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by demeter1.kernel.org (8.14.4/8.14.3) with ESMTP id p34Nj07w025049
	for <patchwork-acpi@patchwork.kernel.org>;
	Mon, 4 Apr 2011 23:45:00 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755910Ab1DDXo7 (ORCPT
	<rfc822;patchwork-acpi@patchwork.kernel.org>);
	Mon, 4 Apr 2011 19:44:59 -0400
Received: from mail-iw0-f174.google.com ([209.85.214.174]:37659 "EHLO
	mail-iw0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1755869Ab1DDXo6 (ORCPT
	<rfc822; linux-acpi@vger.kernel.org>); Mon, 4 Apr 2011 19:44:58 -0400
Received: by iwn34 with SMTP id 34so6260084iwn.19
	for <multiple recipients>; Mon, 04 Apr 2011 16:44:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:sender:date:from:to:cc:subject:message-id
	:references:mime-version:content-type:content-disposition
	:in-reply-to:x-message-flag:x-operating-system:x-editor:x-disclaimer
	:user-agent; bh=yeLsb2eJ5mTIKpyZ5de+ALGumghWNgQbmsUAaIy+fm8=;
	b=LvyLqc21IRr792O/urCEsCDo3orQMGI6vOip0xbGx+CYecuiTSA/79XzJ/UvSUW5pb
	zlkYhfGuKwHuZbaiovt4NOM99+oLAhd9MexwQ61+11J889GA3wDXIZmgQmHhPQ1IyRXs
	rLgwlKWXPqe0+x0dAhRGqlqxN9ZJgU4I3jYVU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=sender:date:from:to:cc:subject:message-id:references:mime-version
	:content-type:content-disposition:in-reply-to:x-message-flag
	:x-operating-system:x-editor:x-disclaimer:user-agent;
	b=N1YB7LLWduoGtGIcSSnQ0uuQPXBGEuGasFKP5fb9PVEBSl4ecP9Gwq4llzNTvbJ7/b
	CHxtNHVNyOpjIf41/g86qk3aDX/s3RoTcjTNCOaLEBHDCcGsAAyZesFAs42/sZsn5upQ
	r7c4t+TJkVM0ADH62mKos7y0wTn6SC3i7yvh0=
Received: by 10.43.54.146 with SMTP id vu18mr8845082icb.529.1301960697234;
	Mon, 04 Apr 2011 16:44:57 -0700 (PDT)
Received: from caligola.kamineko.org (cm8.kappa1.maxonline.com.sg
	[58.182.1.8])
	by mx.google.com with ESMTPS id 8sm4048340iba.38.2011.04.04.16.44.53
	(version=TLSv1/SSLv3 cipher=OTHER);
	Mon, 04 Apr 2011 16:44:55 -0700 (PDT)
Received: by caligola.kamineko.org (Postfix, from userid 1000)
	id F0D5C15EA4; Tue,  5 Apr 2011 08:44:49 +0900 (JST)
Date: Tue, 5 Apr 2011 08:44:49 +0900
From: Mattia Dongili <malattia@linux.it>
To: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Andrea Gelmini <andrea.gelmini@gmail.com>,
	Matthew Garrett <mjg59@srcf.ucam.org>, anssi.hannula@iki.fi,
	linux-acpi@vger.kernel.org, axel.lin@gmail.com, trenn@suse.de,
	len.brown@intel.com, linux-kernel@vger.kernel.org,
	Dan Carpenter <error27@gmail.com>,
	platform-driver-x86 <platform-driver-x86@vger.kernel.org>
Subject: sony-laptop: fix early NULL pointer dereference
Message-ID: <20110404234448.GA24957@kamineko.org>
References: <AANLkTi=1xtjEZc2C1=W-v2oYbvvcGH9k_DGGXvJ8=swq@mail.gmail.com>
	<20110401172241.GA26851@srcf.ucam.org>
	<BANLkTikPjwowBge82viT+Ma5UnP0fA-pew@mail.gmail.com>
	<20110402100043.GA5890@kamineko.org>
	<BANLkTikVGWM3T1y2XvwkHB+Yub5EhG1RPA@mail.gmail.com>
	<20110402155549.GA6724@kamineko.org>
	<BANLkTimJa3CSWouTMJD5V0ZuMa67YXy88Q@mail.gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <BANLkTimJa3CSWouTMJD5V0ZuMa67YXy88Q@mail.gmail.com>
X-Message-Flag: Cranky? Try Free Software instead!
X-Operating-System: Linux 2.6.39-rc1+ x86_64
X-Editor: Vim http://www.vim.org/
X-Disclaimer: Buh!
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-acpi-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-acpi.vger.kernel.org>
X-Mailing-List: linux-acpi@vger.kernel.org
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by
	milter-greylist-4.2.6 (demeter1.kernel.org [140.211.167.41]);
	Mon, 04 Apr 2011 23:45:00 +0000 (UTC)

Author: Mattia Dongili <malattia@linux.it>
Date:   Fri Apr 1 10:01:41 2011 +0900

    sony-laptop: fix early NULL pointer dereference
    
    The SNC acpi driver could get early notifications before it fully
    initializes and that could lead to dereferencing the sony_nc_handles
    structure pointer that is still NULL at that stage.
    Make sure we return early from the handle lookup function in these
    cases.
    
    Signed-off-by: Mattia Dongili <malattia@linux.it>
---

Hi Matthew,
if it's not too late, can you pick this one up instead of the previous
one (89ec2feafaedd759e53346d641f60863a14cfb9e)?
If it's too late I'll try and do a round of return value fixes later.

diff --git a/drivers/platform/x86/sony-laptop.c b/drivers/platform/x86/sony-laptop.c
index b2ce172..de79c18 100644
--- a/drivers/platform/x86/sony-laptop.c
+++ b/drivers/platform/x86/sony-laptop.c
@@ -810,6 +810,11 @@ static int sony_nc_handles_cleanup(struct platform_device *pd)
 static int sony_find_snc_handle(int handle)
 {
 	int i;
+
+	/* not initialized yet, return early */
+	if (!handles)
+		return -EINVAL;
+
 	for (i = 0; i < 0x10; i++) {
 		if (handles->cap[i] == handle) {
 			dprintk("found handle 0x%.4x (offset: 0x%.2x)\n",