Re: [PATCH 1/2] nfit: fix _FIT evaluation memory leak
On Thu, Jul 14, 2016 at 10:47 PM, Xiao Guangrong
<guangrong.xiao(a)intel.com> wrote:
On 07/15/2016 11:28 AM, Dan Williams wrote:
>
> acpi_evaluate_object() allocates memory. Free the buffer allocated
> during acpi_nfit_add().
>
Dan, thanks for your fix.
Another one is the use-after-free issue in acpi_nfit_notify():
/* Evaluate _FIT */
status = acpi_evaluate_object(adev->handle, "_FIT", NULL,
&buf);
...
acpi_desc->nfit =
(struct acpi_nfit_header *)obj->buffer.pointer;
...
kfree(buf.pointer);
grep for acpi_desc->nfit usages, there are no usages after
acpi_nfit_init(). We go through the hassle of setting up nfit_saved
for no reason.