2010-06-28 01:28:36

by Axel Lin

[permalink] [raw]
Subject: [PATCH] wmi: fix a memory leak in wmi_notify_debug

When acpi_evaluate_object() is passed ACPI_ALLOCATE_BUFFER,
the caller must kfree the returned buffer if AE_OK is returned.

The callers of wmi_get_event_data() pass ACPI_ALLOCATE_BUFFER,
and thus must check its return value before accessing
or kfree() on the buffer.

This patch adds return value checking for wmi_get_event_data()
and adds a missing kfree(obj) in the end of wmi_notify_debug

Signed-off-by: Axel Lin <[email protected]>
---
drivers/platform/x86/wmi.c | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)

diff --git a/drivers/platform/x86/wmi.c b/drivers/platform/x86/wmi.c
index e4eaa14..5bb0ae1 100644
--- a/drivers/platform/x86/wmi.c
+++ b/drivers/platform/x86/wmi.c
@@ -518,8 +518,13 @@ static void wmi_notify_debug(u32 value, void *context)
{
struct acpi_buffer response = { ACPI_ALLOCATE_BUFFER, NULL };
union acpi_object *obj;
+ acpi_status status;

- wmi_get_event_data(value, &response);
+ status = wmi_get_event_data(value, &response);
+ if (status != AE_OK) {
+ printk(KERN_INFO "wmi: bad event status 0x%x\n", status);
+ return;
+ }

obj = (union acpi_object *)response.pointer;

@@ -543,6 +548,7 @@ static void wmi_notify_debug(u32 value, void *context)
default:
printk("object type 0x%X\n", obj->type);
}
+ kfree(obj);
}

/**
--
1.5.4.3



2010-06-28 12:55:34

by Thomas Renninger

[permalink] [raw]
Subject: Re: [PATCH] wmi: fix a memory leak in wmi_notify_debug

On Monday 28 June 2010 03:30:45 Axel Lin wrote:
> When acpi_evaluate_object() is passed ACPI_ALLOCATE_BUFFER,
> the caller must kfree the returned buffer if AE_OK is returned.
Oops, I forgot to free the buffer...
Thanks!

Matthew, can you queue this up, please.
It's a safe memleak fix (if wmi driver is loaded with debug_event=1).

Signed-off-by: Thomas Renninger <[email protected]>

Thomas

2010-07-01 13:51:13

by Matthew Garrett

[permalink] [raw]
Subject: Re: [PATCH] wmi: fix a memory leak in wmi_notify_debug

On Mon, Jun 28, 2010 at 09:30:45AM +0800, Axel Lin wrote:
> When acpi_evaluate_object() is passed ACPI_ALLOCATE_BUFFER,
> the caller must kfree the returned buffer if AE_OK is returned.
>
> The callers of wmi_get_event_data() pass ACPI_ALLOCATE_BUFFER,
> and thus must check its return value before accessing
> or kfree() on the buffer.
>
> This patch adds return value checking for wmi_get_event_data()
> and adds a missing kfree(obj) in the end of wmi_notify_debug

Applied, thanks.

--
Matthew Garrett | [email protected]