ACPICA: Namespace: remove address node from global list after method termination

debian/changelog

@@ -815,6 +815,8 @@ linux (4.19.34-1) UNRELEASED; urgency=medium
   [ Salvatore Bonaccorso ]
   * xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
     (CVE-2015-8553)
+  * ACPICA: Namespace: remove address node from global list after method
+    termination
 
  -- Ben Hutchings <ben@decadent.org.uk>  Mon, 18 Mar 2019 22:50:08 +0000
 

debian/patches/bugfix/all/ACPICA-Namespace-remove-address-node-from-global-lis.patch

@@ -0,0 +1,63 @@
+From: Erik Schmauss <erik.schmauss@intel.com>
+Date: Mon, 8 Apr 2019 13:42:26 -0700
+Subject: ACPICA: Namespace: remove address node from global list after method
+ termination
+Origin: https://git.kernel.org/linus/c5781ffbbd4f742a58263458145fe7f0ac01d9e0
+Bug: https://bugzilla.kernel.org/show_bug.cgi?id=202475
+
+ACPICA commit b233720031a480abd438f2e9c643080929d144c3
+
+ASL operation_regions declare a range of addresses that it uses. In a
+perfect world, the range of addresses should be used exclusively by
+the AML interpreter. The OS can use this information to decide which
+drivers to load so that the AML interpreter and device drivers use
+different regions of memory.
+
+During table load, the address information is added to a global
+address range list. Each node in this list contains an address range
+as well as a namespace node of the operation_region. This list is
+deleted at ACPI shutdown.
+
+Unfortunately, ASL operation_regions can be declared inside of control
+methods. Although this is not recommended, modern firmware contains
+such code. New module level code changes unintentionally removed the
+functionality of adding and removing nodes to the global address
+range list.
+
+A few months ago, support for adding addresses has been re-
+implemented. However, the removal of the address range list was
+missed and resulted in some systems to crash due to the address list
+containing bogus namespace nodes from operation_regions declared in
+control methods. In order to fix the crash, this change removes
+dynamic operation_regions after control method termination.
+
+Link: https://github.com/acpica/acpica/commit/b2337200
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=202475
+Fixes: 4abb951b73ff ("ACPICA: AML interpreter: add region addresses in global list during initialization")
+Reported-by: Michael J Gruber <mjg@fedoraproject.org>
+Signed-off-by: Erik Schmauss <erik.schmauss@intel.com>
+Signed-off-by: Bob Moore <robert.moore@intel.com>
+Cc: 4.20+ <stable@vger.kernel.org> # 4.20+
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+---
+ drivers/acpi/acpica/nsobject.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/drivers/acpi/acpica/nsobject.c b/drivers/acpi/acpica/nsobject.c
+index 8638f43cfc3d..79d86da1c892 100644
+--- a/drivers/acpi/acpica/nsobject.c
++++ b/drivers/acpi/acpica/nsobject.c
+@@ -186,6 +186,10 @@ void acpi_ns_detach_object(struct acpi_namespace_node *node)
+ 		}
+ 	}
+ 
++	if (obj_desc->common.type == ACPI_TYPE_REGION) {
++		acpi_ut_remove_address_range(obj_desc->region.space_id, node);
++	}
++
+ 	/* Clear the Node entry in all cases */
+ 
+ 	node->object = NULL;
+-- 
+2.11.0
+

debian/patches/series

@@ -103,6 +103,7 @@ bugfix/all/kbuild-include-addtree-remove-quotes-before-matching-path.patch
 debian/revert-objtool-fix-config_stack_validation-y-warning.patch
 bugfix/all/mt76-use-the-correct-hweight8-function.patch
 bugfix/all/revert-net-stmmac-send-tso-packets-always-from-queue.patch
+bugfix/all/ACPICA-Namespace-remove-address-node-from-global-lis.patch
 
 # Miscellaneous features