summaryrefslogtreecommitdiff
path: root/drivers/acpi
diff options
context:
space:
mode:
authorNikita Kiryushin <kiryushin@ancud.ru>2024-03-22 21:07:53 +0300
committerRafael J. Wysocki <rafael.j.wysocki@intel.com>2024-03-26 13:06:47 +0100
commit40e2710860e57411ab57a1529c5a2748abbe8a19 (patch)
tree6141aaa7883a6147dde4438a03b3f40c1855ff90 /drivers/acpi
parent4cece764965020c22cff7665b18a012006359095 (diff)
downloadlwn-40e2710860e57411ab57a1529c5a2748abbe8a19.tar.gz
lwn-40e2710860e57411ab57a1529c5a2748abbe8a19.zip
ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields()
ACPICA commit 9061cd9aa131205657c811a52a9f8325a040c6c9 Errors in acpi_evaluate_object() can lead to incorrect state of buffer. This can lead to access to data in previously ACPI_FREEd buffer and secondary ACPI_FREE to the same buffer later. Handle errors in acpi_evaluate_object the same way it is done earlier with acpi_ns_handle_to_pathname. Found by Linux Verification Center (linuxtesting.org) with SVACE. Link: https://github.com/acpica/acpica/commit/9061cd9a Fixes: 5fd033288a86 ("ACPICA: debugger: add command to dump all fields of particular subtype") Signed-off-by: Nikita Kiryushin <kiryushin@ancud.ru> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Diffstat (limited to 'drivers/acpi')
-rw-r--r--drivers/acpi/acpica/dbnames.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/drivers/acpi/acpica/dbnames.c b/drivers/acpi/acpica/dbnames.c
index b91155ea9c34..c9131259f717 100644
--- a/drivers/acpi/acpica/dbnames.c
+++ b/drivers/acpi/acpica/dbnames.c
@@ -550,8 +550,12 @@ acpi_db_walk_for_fields(acpi_handle obj_handle,
ACPI_FREE(buffer.pointer);
buffer.length = ACPI_ALLOCATE_LOCAL_BUFFER;
- acpi_evaluate_object(obj_handle, NULL, NULL, &buffer);
-
+ status = acpi_evaluate_object(obj_handle, NULL, NULL, &buffer);
+ if (ACPI_FAILURE(status)) {
+ acpi_os_printf("Could Not evaluate object %p\n",
+ obj_handle);
+ return (AE_OK);
+ }
/*
* Since this is a field unit, surround the output in braces
*/