Re: [bug report] ACPI: PRM: implement OperationRegion handler for the PlatformRtMechanism subtype

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Jun 18, 2021 at 11:39:51AM +0300, Dan Carpenter wrote:
> Hello Erik Kaneda,
> 
> The patch cefc7ca46235: "ACPI: PRM: implement OperationRegion handler
> for the PlatformRtMechanism subtype" from Jun 9, 2021, leads to the
> following static checker warning:
> 
> 	drivers/acpi/prmt.c:113 acpi_parse_prmt()
> 	error: potential null dereference 'tm'.  (kmalloc returns null)
> 
> drivers/acpi/prmt.c
>     95  static int __init
>     96  acpi_parse_prmt(union acpi_subtable_headers *header, const unsigned long end)
>     97  {
>     98          struct acpi_prmt_module_info *module_info;
>     99          struct acpi_prmt_handler_info *handler_info;
>    100          struct prm_handler_info *th;
>    101          struct prm_module_info *tm;
>    102          u64 mmio_count = 0;
>    103          u64 cur_handler = 0;
>    104          u32 module_info_size = 0;
>    105          u64 mmio_range_size = 0;
>    106          void *temp_mmio;
>    107  
>    108          module_info = (struct acpi_prmt_module_info *) header;
>    109          module_info_size = struct_size(tm, handlers, module_info->handler_info_count);
>    110          tm = kmalloc(module_info_size, GFP_KERNEL);
>                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Check for NULL?
> 
>    111  
>    112          guid_copy(&tm->guid, (guid_t *) module_info->module_guid);
>    113          tm->major_rev = module_info->major_rev;
>    114          tm->minor_rev = module_info->minor_rev;
>    115          tm->handler_count = module_info->handler_info_count;
>    116          tm->updatable = true;
>    117  
>    118          if (module_info->mmio_list_pointer) {
>    119                  /*
>    120                   * Each module is associated with a list of addr
>    121                   * ranges that it can use during the service
>    122                   */
>    123                  mmio_count = *(u64 *) memremap(module_info->mmio_list_pointer, 8, MEMREMAP_WB);
>    124                  mmio_range_size = struct_size(tm->mmio_info, addr_ranges, mmio_count);
>    125                  tm->mmio_info = kmalloc(mmio_range_size, GFP_KERNEL);

Also here:

drivers/acpi/prmt.c:131 acpi_parse_prmt() error: potential null dereference 'tm->mmio_info'.  (kmalloc returns null)

regards,
dan carpenter

>    126                  temp_mmio = memremap(module_info->mmio_list_pointer, mmio_range_size, MEMREMAP_WB);
>    127                  memmove(tm->mmio_info, temp_mmio, mmio_range_size);
>    128          } else {
>    129                  mmio_range_size = struct_size(tm->mmio_info, addr_ranges, mmio_count);
>    130                  tm->mmio_info = kmalloc(mmio_range_size, GFP_KERNEL);
>    131                  tm->mmio_info->mmio_count = 0;
>    132          }
>    133  
>    134          INIT_LIST_HEAD(&tm->module_list);
>    135          list_add(&tm->module_list, &prm_module_list);
> 
> regards,
> dan carpenter
[Index of Archives]     [Linux IBM ACPI]     [Linux Power Management]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux