Hello Lv Zheng,
The patch 2a5708409e4e: "ACPI / EC: Fix a gap that ECDT EC cannot
handle EC events" from Sep 7, 2016, leads to the following static
checker warning:
drivers/acpi/ec.c:1578 acpi_config_boot_ec()
error: dereferencing freed memory 'boot_ec'
drivers/acpi/ec.c
1542 static int acpi_config_boot_ec(struct acpi_ec *ec, acpi_handle handle,
1543 bool handle_events, bool is_ecdt)
1544 {
1545 int ret;
1546
1547 /*
1548 * Changing the ACPI handle results in a re-configuration of the
1549 * boot EC. And if it happens after the namespace initialization,
1550 * it causes _REG evaluations.
1551 */
1552 if (boot_ec && boot_ec->handle != handle)
1553 ec_remove_handlers(boot_ec);
1554
1555 /* Unset old boot EC */
1556 if (boot_ec != ec)
1557 acpi_ec_free(boot_ec);
^^^^^^^
Freed. Maybe we should set it to NULL here?
1558
1559 /*
1560 * ECDT device creation is split into acpi_ec_ecdt_probe() and
1561 * acpi_ec_ecdt_start(). This function takes care of completing the
1562 * ECDT parsing logic as the handle update should be performed
1563 * between the installation/uninstallation of the handlers.
1564 */
1565 if (ec->handle != handle)
1566 ec->handle = handle;
1567
1568 ret = acpi_ec_setup(ec, handle_events);
1569 if (ret)
1570 return ret;
1571
1572 /* Set new boot EC */
1573 if (!boot_ec) {
1574 boot_ec = ec;
If we did that it would get reset here.
1575 boot_ec_is_ecdt = is_ecdt;
1576 }
1577
--> 1578 acpi_handle_info(boot_ec->handle,
^^^^^^^^^^^^^^^
Use after free.
1579 "Used as boot %s EC to handle transactions%s\n",
1580 is_ecdt ? "ECDT" : "DSDT",
1581 handle_events ? " and events" : "");
1582 return ret;
1583 }
regards,
dan carpenter
