Received: by 2002:a25:ef43:0:0:0:0:0 with SMTP id w3csp131986ybm; Tue, 26 May 2020 12:34:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzIA6fBhnjk7Fj+X1LktX6HlDLNdB3BOUaD2PtLKx1iPihw4cjSwOyygDJsHpp2gVF4HUh/ X-Received: by 2002:aa7:d9d3:: with SMTP id v19mr433471eds.364.1590521650726; Tue, 26 May 2020 12:34:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590521650; cv=none; d=google.com; s=arc-20160816; b=xQr9PUgXnFwWj3iyTInRyKSfTU1Is+OIbEW7A8qDNywKTmPA8gGCNgVCBeTOzk5us5 rxGDFyJhN5YU4VRv+mQsntTP//1a9BssFSFlJwgzOKaFBFMXxXGcIG56nhN8hjlfZk09 Cb27oxrew4WumqdfoKItzVj7ZJ+cv26Vj/F5EEnNzjxLhmNDjDHAM345O3gxLoXGt4Gb xA4+uB6OXEP+nJECyP5GsAKiM4wsazolj0ZL7D7h+AALjNk3/wne5v+8MNrDu4as7NkJ 97T/r2sOD4IYLse4UYqplUkHOsyHbCT0q7I4WciamRDTk1Pfu9D8lN2hpufPVOgXh9gk aP8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=dGFbLZbXK1RIU0OLfhDFjzvrKGI5KSqEmRm5qvXWQOc=; b=hJGVyztjU8r4HnrA9YRlBBDDSu4dd/CoA1d2GmDWesLIGZo3FnBaW/UdfrHn2tfIl/ JGp9g9sJvZF0TfoPAV+SbfUoymgl0LvoVEtzjfkkuoItYHKOt6FFJkw9voM8x3f/EKJG wHpzPPZH4LomgGjaibbra9xnuSKUaiLjuYmyyGH6latu6HL6FWCJgIT4zAhz+Prs7JtR JMIGCqFSFup8fB/n6PjaxKZEzfnMV2sSikhILQB566dNU47K6Rs5bWXHmVrfoclB1VRr NfZf9qkSVlKYsNaNJgs9MblrH6OgLKHEidgMP0WMjKnOhux/5K43+STEdUH9anlJbHyI hdWg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=NyOPpGSP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h24si409957ejb.719.2020.05.26.12.33.47; Tue, 26 May 2020 12:34:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=NyOPpGSP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404352AbgEZTbF (ORCPT + 99 others); Tue, 26 May 2020 15:31:05 -0400 Received: from mail.kernel.org ([198.145.29.99]:53308 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389936AbgEZS72 (ORCPT ); Tue, 26 May 2020 14:59:28 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 8427F2086A; Tue, 26 May 2020 18:59:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1590519568; bh=h26EgQmdrkMUUFsfCMuzV6KRqdC7/qLA91Jzl5Vrlt0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NyOPpGSP56OMFct1SHC6fTIHcyKFyWv2hfyouWKomURFqGqLKtCmZjQvH7uLBxvoG Rgw949iE0ldGMBaKFmHsNQTU81vz8/cvtyjYJ0unUtL7QCszk1oHZOBBJ1AHGbyC1H aMcq/PFn2f80zb2sNnTAdpRt8UJduM+LwwhdwWQg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Colin Ian King , "Darren Hart (VMware)" Subject: [PATCH 4.9 54/64] platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer Date: Tue, 26 May 2020 20:53:23 +0200 Message-Id: <20200526183930.850716036@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200526183913.064413230@linuxfoundation.org> References: <20200526183913.064413230@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Colin Ian King commit 98e2630284ab741804bd0713e932e725466f2f84 upstream. Currently the kfree of output.pointer can be potentially freeing an uninitalized pointer in the case where out_data is NULL. Fix this by reworking the case where out_data is not-null to perform the ACPI status check and also the kfree of outpoint.pointer in one block and hence ensuring the pointer is only freed when it has been used. Also replace the if (ptr != NULL) idiom with just if (ptr). Fixes: ff0e9f26288d ("platform/x86: alienware-wmi: Correct a memory leak") Signed-off-by: Colin Ian King Signed-off-by: Darren Hart (VMware) Signed-off-by: Greg Kroah-Hartman --- drivers/platform/x86/alienware-wmi.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) --- a/drivers/platform/x86/alienware-wmi.c +++ b/drivers/platform/x86/alienware-wmi.c @@ -504,23 +504,22 @@ static acpi_status alienware_wmax_comman input.length = (acpi_size) sizeof(*in_args); input.pointer = in_args; - if (out_data != NULL) { + if (out_data) { output.length = ACPI_ALLOCATE_BUFFER; output.pointer = NULL; status = wmi_evaluate_method(WMAX_CONTROL_GUID, 1, command, &input, &output); - } else + if (ACPI_SUCCESS(status)) { + obj = (union acpi_object *)output.pointer; + if (obj && obj->type == ACPI_TYPE_INTEGER) + *out_data = (u32)obj->integer.value; + } + kfree(output.pointer); + } else { status = wmi_evaluate_method(WMAX_CONTROL_GUID, 1, command, &input, NULL); - - if (ACPI_SUCCESS(status) && out_data != NULL) { - obj = (union acpi_object *)output.pointer; - if (obj && obj->type == ACPI_TYPE_INTEGER) - *out_data = (u32) obj->integer.value; } - kfree(output.pointer); return status; - } /*