Re: [PATCH] ACPI: tables: Fix NULL dereference by acpi_os_map_memory()

"Rafael J. Wysocki" <rafael@xxxxxxxxxx> · Wed, 26 Jul 2023 16:35:35 +0200

On Wed, Jul 26, 2023 at 6:53 AM Kiwamu Okabe <okabe@xxxxxxxxxxxxx> wrote:
>
> The Infer static analyzer https://fbinfer.com/ reports following
> NULL poinster dereference by the acpi_os_map_memory() function.
> I believe this patch does fix the issue without any panic.

Please demonstrate to me that the NULL pointer dereference can
actually happen in this code.

Thanks!

> Signed-off-by: Kiwamu Okabe <okabe@xxxxxxxxxxxxx>
> ---
>  drivers/acpi/tables.c | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/drivers/acpi/tables.c b/drivers/acpi/tables.c
> index 8ab0a82b4da4..ae7b7343bacf 100644
> --- a/drivers/acpi/tables.c
> +++ b/drivers/acpi/tables.c
> @@ -717,6 +717,9 @@ acpi_table_initrd_override(struct acpi_table_header *existing_table,
>         while (table_offset + ACPI_HEADER_SIZE <= all_tables_size) {
>                 table = acpi_os_map_memory(acpi_tables_addr + table_offset,
>                                            ACPI_HEADER_SIZE);
> +               if (WARN_ON(!table)) {
> +                       return AE_OK;
> +               }
>                 if (table_offset + table->length > all_tables_size) {
>                         acpi_os_unmap_memory(table, ACPI_HEADER_SIZE);
>                         WARN_ON(1);
> @@ -772,6 +775,9 @@ static void __init acpi_table_initrd_scan(void)
>         while (table_offset + ACPI_HEADER_SIZE <= all_tables_size) {
>                 table = acpi_os_map_memory(acpi_tables_addr + table_offset,
>                                            ACPI_HEADER_SIZE);
> +               if (WARN_ON(!table)) {
> +                       return;
> +               }
>                 if (table_offset + table->length > all_tables_size) {
>                         acpi_os_unmap_memory(table, ACPI_HEADER_SIZE);
>                         WARN_ON(1);
> --
> 2.39.2
>