This patch enhances the acpi_smbus_hc_add and acpi_smbus_hc_remove
functions in drivers/acpi/sbshc.c by adding error handling for the
acpi_driver_data calls. Previously, these functions did not check
the return value of acpi_driver_data, potentially leading to
stability issues if the function failed and returned a null pointer.
Signed-off-by: Haoran Liu <[email protected]>
---
drivers/acpi/sbshc.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/drivers/acpi/sbshc.c b/drivers/acpi/sbshc.c
index 16f2daaa2c45..1394104d3894 100644
--- a/drivers/acpi/sbshc.c
+++ b/drivers/acpi/sbshc.c
@@ -267,6 +267,12 @@ static int acpi_smbus_hc_add(struct acpi_device *device)
init_waitqueue_head(&hc->wait);
hc->ec = acpi_driver_data(acpi_dev_parent(device));
+ if (!hc->ec) {
+ pr_err("Failed to retrieve parent ACPI device data\n");
+ kfree(hc);
+ return -ENODEV;
+ }
+
hc->offset = (val >> 8) & 0xff;
hc->query_bit = val & 0xff;
device->driver_data = hc;
@@ -288,6 +294,11 @@ static void acpi_smbus_hc_remove(struct acpi_device *device)
return;
hc = acpi_driver_data(device);
+ if (!hc) {
+ pr_err("Failed to retrieve ACPI SMBus HC data\n");
+ return;
+ }
+
acpi_ec_remove_query_handler(hc->ec, hc->query_bit);
acpi_os_wait_events_complete();
kfree(hc);
--
2.17.1
On Wed, Nov 29, 2023 at 9:43 AM Haoran Liu <[email protected]> wrote:
>
> This patch enhances the acpi_smbus_hc_add and acpi_smbus_hc_remove
> functions in drivers/acpi/sbshc.c by adding error handling for the
> acpi_driver_data calls. Previously, these functions did not check
> the return value of acpi_driver_data, potentially leading to
> stability issues if the function failed and returned a null pointer.
This needs to describe a real scenario in which acpi_driver_data() can
return NULL for each of the 2 places modified by the patch.
> Signed-off-by: Haoran Liu <[email protected]>
> ---
> drivers/acpi/sbshc.c | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/drivers/acpi/sbshc.c b/drivers/acpi/sbshc.c
> index 16f2daaa2c45..1394104d3894 100644
> --- a/drivers/acpi/sbshc.c
> +++ b/drivers/acpi/sbshc.c
> @@ -267,6 +267,12 @@ static int acpi_smbus_hc_add(struct acpi_device *device)
> init_waitqueue_head(&hc->wait);
>
> hc->ec = acpi_driver_data(acpi_dev_parent(device));
> + if (!hc->ec) {
> + pr_err("Failed to retrieve parent ACPI device data\n");
> + kfree(hc);
> + return -ENODEV;
> + }
> +
> hc->offset = (val >> 8) & 0xff;
> hc->query_bit = val & 0xff;
> device->driver_data = hc;
> @@ -288,6 +294,11 @@ static void acpi_smbus_hc_remove(struct acpi_device *device)
> return;
>
> hc = acpi_driver_data(device);
> + if (!hc) {
> + pr_err("Failed to retrieve ACPI SMBus HC data\n");
> + return;
> + }
> +
> acpi_ec_remove_query_handler(hc->ec, hc->query_bit);
> acpi_os_wait_events_complete();
> kfree(hc);
> --
> 2.17.1
>