Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2574666pxb; Sat, 6 Feb 2021 00:53:00 -0800 (PST) X-Google-Smtp-Source: ABdhPJzjewIDGbU++iYlfRA6KiZ0F+CLAH4lDJL+1r0ozagujA+m6f8IjFTeCqkpA4l51ht3V/xk X-Received: by 2002:a17:906:35d9:: with SMTP id p25mr7996328ejb.398.1612601579965; Sat, 06 Feb 2021 00:52:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612601579; cv=none; d=google.com; s=arc-20160816; b=Rm8lNDA7umSG8CfZXJpOdMtn+WUt/IKpeitAHe7ARPZWQYJeKTMmgg0swE3lJLSt6v y9UH2TaNCdnBtnX0qFK2+41d/YRBdwMV3Mxouyaq5lAC35iOmM9z+nxy4AcFRKQU/OR9 VOhKGWXK3qKkB6o2Mm3+xvQCp4jqkvVMBnjNOv2CjyUD/MvimODRV8TCkoZI7rmBvoC/ rwyOqSbN+FVsirKpaToGDE/bJFJ/fDvVVezuixz0nb2+ROIS42Rbw9JfiGammVoGc6km TgdQAdDeuyNitCcbA3VLjEmbeb9FyK3WQPPyHHiZAHEAx7Xrs+++2tiAnVHdKt6mM4xt eBXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=DBZve99QOl7I3QjOlhooPTOYOsMZgx7V4GTXQUrae18=; b=y48PgyjJBKddVFOkyEQmgkAu4G/gt+byXrF94n6Hh5cB8aiH5UJc16uN+lOLuS3t2v FWxAPHVFJoPKK+WIxnCXsqoprsbYrq0HFWPk++AMEu67fts8uBtY1tnUYsCt4eM+DXTd N1MMNrJ+GmrNOX3q9X6DD60cnO1vBwnUCJIRuLc0EGE3JHx6JbtkOlm0if1gNhXcL5vi w4PTFCzakLdv1EFl2a9gmi2IpjTBXLPP6Wn1gKt+aSakaFfVoCLslYt8fJv9Yoo0oCJg z0r+MnkSVIkIzfCsEmiriFV2SYiD80JqngW1HUWBSgVzeNQGDbFnwQYcNoTdueIjqdfa DTMQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=dvdzuukF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f8si6858120edq.140.2021.02.06.00.52.31; Sat, 06 Feb 2021 00:52:59 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=dvdzuukF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229596AbhBFIvH (ORCPT + 99 others); Sat, 6 Feb 2021 03:51:07 -0500 Received: from mail.kernel.org ([198.145.29.99]:58180 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229537AbhBFIvF (ORCPT ); Sat, 6 Feb 2021 03:51:05 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id B738064E75; Sat, 6 Feb 2021 08:50:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1612601424; bh=zU2xiBSt8hLV2J5I2PJQXajZLHybe0rfMUOYGL+cv3Y=; h=From:To:Cc:Subject:Date:From; b=dvdzuukFUcLRj1GMnFY4O5Xh2jIo4XtQ1oDb+ATVbP208A5+x0KbFzoGYW14gVHwc J0+VnTkkaL7Isr0upnQ/EEryKYyGp93J5VwX4o/KCFwVV49ib4ODdUYllyYdQjHqN9 BZQOppEU74uZv/LFSNki4ghwzo6ixq8a6T4xGCH7JMz+s6VCKfHH7HYFdmZmL8IGS8 xZil5S9XAUMUO98HdQhi1ILzALSRQSVg18q9jq0boNEq6hcWk9kVZ9ZxVg0vlLtDVp Wpm2cCOLN0CmGKb9+G3iZvc3h4RJi84nv35fV8x0wZxj0RjkMMPhZWZxnJhw1muvkv zlRzJw6T1ZU2w== From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: linux-acpi@vger.kernel.org, linux-kernel@vger.kernel.org, devel@acpica.org, Ard Biesheuvel , Robert Moore , Erik Kaneda , "Rafael J. Wysocki" , Len Brown , Shawn Guo Subject: [PATCH] Revert "ACPICA: Interpreter: fix memory leak by using existing buffer" Date: Sat, 6 Feb 2021 09:49:37 +0100 Message-Id: <20210206084937.20853-1-ardb@kernel.org> X-Mailer: git-send-email 2.30.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This reverts commit 32cf1a12cad43358e47dac8014379c2f33dfbed4. The 'exisitng buffer' in this case is the firmware provided table, and we should not modify that in place. This fixes a crash on arm64 with initrd table overrides, in which case the DSDT is not mapped with read/write permissions. Cc: Robert Moore Cc: Erik Kaneda Cc: "Rafael J. Wysocki" Cc: Len Brown Reported-by: Shawn Guo Signed-off-by: Ard Biesheuvel --- drivers/acpi/acpica/nsrepair2.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/drivers/acpi/acpica/nsrepair2.c b/drivers/acpi/acpica/nsrepair2.c index d2c8d8279e7a..24c197d91f29 100644 --- a/drivers/acpi/acpica/nsrepair2.c +++ b/drivers/acpi/acpica/nsrepair2.c @@ -495,8 +495,9 @@ acpi_ns_repair_HID(struct acpi_evaluate_info *info, union acpi_operand_object **return_object_ptr) { union acpi_operand_object *return_object = *return_object_ptr; - char *dest; + union acpi_operand_object *new_string; char *source; + char *dest; ACPI_FUNCTION_NAME(ns_repair_HID); @@ -517,6 +518,13 @@ acpi_ns_repair_HID(struct acpi_evaluate_info *info, return_ACPI_STATUS(AE_OK); } + /* It is simplest to always create a new string object */ + + new_string = acpi_ut_create_string_object(return_object->string.length); + if (!new_string) { + return_ACPI_STATUS(AE_NO_MEMORY); + } + /* * Remove a leading asterisk if present. For some unknown reason, there * are many machines in the field that contains IDs like this. @@ -526,7 +534,7 @@ acpi_ns_repair_HID(struct acpi_evaluate_info *info, source = return_object->string.pointer; if (*source == '*') { source++; - return_object->string.length--; + new_string->string.length--; ACPI_DEBUG_PRINT((ACPI_DB_REPAIR, "%s: Removed invalid leading asterisk\n", @@ -541,11 +549,12 @@ acpi_ns_repair_HID(struct acpi_evaluate_info *info, * "NNNN####" where N is an uppercase letter or decimal digit, and * # is a hex digit. */ - for (dest = return_object->string.pointer; *source; dest++, source++) { + for (dest = new_string->string.pointer; *source; dest++, source++) { *dest = (char)toupper((int)*source); } - return_object->string.pointer[return_object->string.length] = 0; + acpi_ut_remove_reference(return_object); + *return_object_ptr = new_string; return_ACPI_STATUS(AE_OK); } -- 2.30.0