Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp1856443rdb;
        Thu, 7 Dec 2023 10:28:34 -0800 (PST)
X-Google-Smtp-Source: AGHT+IHPx/ZWvYcQ6QRTxqi8v3NJsvGj36HkjgacaPvIF12B5ueVBLnoHfFAq8lOjBKaU82oH3x2
X-Received: by 2002:a05:6a20:2584:b0:187:5fe9:3046 with SMTP id k4-20020a056a20258400b001875fe93046mr3780282pzd.0.1701973714468;
        Thu, 07 Dec 2023 10:28:34 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1701973714; cv=none;
        d=google.com; s=arc-20160816;
        b=Ifb4SuTgaihHRO5rPoLMAMCFIyYGVYrJGKYs6AfPF5vxUFPLQmm1hK8WDuyiaPTZHh
         /K/GpQjUpF+iSApnf1ziKAATFpSEibEurBVQHURHrGWjYi8uPS+j9f6s9pTk9F3e+oAA
         L8NpLEpvgQNbnHgGiuRN1Ni30LutbhgCpl2UH+97jKOxxefPhDo4N9g66roUnmt94eNs
         aNO53GGDNG4IVJz91Ba8hhchMjgP411qGBL7zmj4JvP2sMChquG83Fhed8rwXOZz1oo7
         0j3rndptxyPSyd5MzKR5CN3qFFXhGLOCP+rjRVWAKn3kSR0HkHR3i0QGeEoEFmykz4vs
         pA1A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=nUO4WXWcIpbicAVHGq7Z8VVSv9Ud3wbvTG3IjSx+oOI=;
        fh=hS+P+YFOckzOML8YhTJFKt8Or1PnzMYrgmfNPQID56k=;
        b=qlcgZwFzaNssKPEYa+c5odr5poRd+lPoBBgb1fGLxNEAI5CVW7arxUdaW7XI3mJ3/q
         D00UekmfCfWDMunx0KlkdFcPnXP3v1d+XWsI7T1fshAN8S4GW3u/jdSvhhuhJcdCkfWj
         Q+a2luZb/ovaiTyzzkldLUcze0iJr7MqDPXxPoOs3oPGAKADQUlVsEwAYwgec1Og7M4E
         eUk9M03YftWnzSfgY6X+yr55GOni8oQ3oJKAQWXvvmM9uljxxK3gxkwTa9X1ullKDT3u
         YICon32KQ3KQJqEqCCX2bIyQEp3BoGT6tHYfMujhBJpiWHYmTSLTUTA673mtyCGFIhYP
         t/PQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3])
        by mx.google.com with ESMTPS id ka17-20020a056a00939100b006c0e02cdadcsi114553pfb.208.2023.12.07.10.28.32
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 07 Dec 2023 10:28:34 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by lipwig.vger.email (Postfix) with ESMTP id 108A3801C8AF;
	Thu,  7 Dec 2023 10:28:31 -0800 (PST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230071AbjLGS2J (ORCPT <rfc822;abhi.c.pawar@gmail.com>
        + 99 others); Thu, 7 Dec 2023 13:28:09 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33892 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229806AbjLGS2J (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 7 Dec 2023 13:28:09 -0500
Received: from cloudserver094114.home.pl (cloudserver094114.home.pl [79.96.170.134])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7178710E7;
        Thu,  7 Dec 2023 10:28:13 -0800 (PST)
Received: from localhost (127.0.0.1) (HELO v370.home.net.pl)
 by /usr/run/smtp (/usr/run/postfix/private/idea_relay_lmtp) via UNIX with SMTP (IdeaSmtpServer 5.4.0)
 id 9423d6e40649fc89; Thu, 7 Dec 2023 19:28:11 +0100
Received: from kreacher.localnet (unknown [195.136.19.94])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
        (No client certificate requested)
        by cloudserver094114.home.pl (Postfix) with ESMTPSA id F08A86686C8;
        Thu,  7 Dec 2023 19:28:10 +0100 (CET)
From:   "Rafael J. Wysocki" <rjw@rjwysocki.net>
To:     Linux ACPI <linux-acpi@vger.kernel.org>
Cc:     LKML <linux-kernel@vger.kernel.org>,
        Hans de Goede <hdegoede@redhat.com>,
        Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
        Mika Westerberg <mika.westerberg@linux.intel.com>,
        Vicki Pfau <vi@endrift.com>
Subject: [PATCH v1] ACPI: utils: Fix error path in acpi_evaluate_reference()
Date:   Thu, 07 Dec 2023 19:28:10 +0100
Message-ID: <12343148.O9o76ZdvQC@kreacher>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="UTF-8"
X-CLIENT-IP: 195.136.19.94
X-CLIENT-HOSTNAME: 195.136.19.94
X-VADE-SPAMSTATE: clean
X-VADE-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedvkedrudekfedghedvucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecujffqoffgrffnpdggtffipffknecuuegrihhlohhuthemucduhedtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpefhvfevufffkfgggfgtsehtufertddttdejnecuhfhrohhmpedftfgrfhgrvghlucflrdcuhgihshhotghkihdfuceorhhjfiesrhhjfiihshhotghkihdrnhgvtheqnecuggftrfgrthhtvghrnhepffffffekgfehheffleetieevfeefvefhleetjedvvdeijeejledvieehueevueffnecukfhppeduleehrddufeeirdduledrleegnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepudelhedrudefiedrudelrdelgedphhgvlhhopehkrhgvrggthhgvrhdrlhhotggrlhhnvghtpdhmrghilhhfrhhomhepfdftrghfrggvlhculfdrucghhihsohgtkhhifdcuoehrjhifsehrjhifhihsohgtkhhirdhnvghtqedpnhgspghrtghpthhtohepiedprhgtphhtthhopehlihhnuhigqdgrtghpihesvhhgvghrrdhkvghrnhgvlhdrohhrghdprhgtphhtthhopehlihhnuhigqdhkvghrnhgvlhesvhhgvghrrdhkvghrnhgvlhdrohhrghdprhgtphhtthhopehhuggvghhovgguvgesrhgvughhrghtrdgtohhmpdhrtghpthhtoheprghnughrihihrdhshhgvvhgthhgvnhhkoheslhhinhhugidrihhnthgvlhdrtghomhdprhgt
 phhtthhopehmihhkrgdrfigvshhtvghrsggvrhhgsehlihhnuhigrdhinhhtvghlrdgtohhmpdhrtghpthhtohepvhhisegvnhgurhhifhhtrdgtohhm
X-DCC--Metrics: v370.home.net.pl 1024; Body=6 Fuz1=6 Fuz2=6
X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
	autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Thu, 07 Dec 2023 10:28:31 -0800 (PST)

From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>

If a pointer to an uninitialized struct acpi_handle_list is passed to
acpi_evaluate_reference() and it decides to bail out early, either
because acpi_evaluate_object() fails, or because it produces invalid
data, the handles pointer from the struct acpi_handle_list will be
passed to kfree() and if it is not NULL, the kernel will crash.

Address this by moving the "end" label in acpi_evaluate_reference() to
the end of the function, which is sufficient, because no cleanup is
needed in that case.

Fixes: 2e57d10a6591 ("ACPI: utils: Dynamically determine acpi_handle_list size")
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
---
 drivers/acpi/utils.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: linux-pm/drivers/acpi/utils.c
===================================================================
--- linux-pm.orig/drivers/acpi/utils.c
+++ linux-pm/drivers/acpi/utils.c
@@ -399,13 +399,13 @@ acpi_evaluate_reference(acpi_handle hand
 		acpi_handle_debug(list->handles[i], "Found in reference list\n");
 	}
 
-end:
 	if (ACPI_FAILURE(status)) {
 		list->count = 0;
 		kfree(list->handles);
 		list->handles = NULL;
 	}
 
+end:
 	kfree(buffer.pointer);
 
 	return status;