Hi Jarkko,
Thank you for your time and feedback on my previous patch.
1. Drop the hyphens.
- I have removed them from the commit message in the v2 patch below.
2. Wouldn't it be memory corruption, and not a leak?
- The validation_count field not returning to 0 causes
acpi_tb_release_table() not being called, which means memory is not
being unmapped. Therefore, I assume it is a memory leak.
3. Why would ACPICA return corrupted data in this case?
- It is mostly unlikely that it returns corrupted data, but it would
happen when the ACPI table is misconfigured by the firmware. Although
this event is rare, I thought it would still be nice to take care of
the error path.
Please find the updated patch v2 attached to this email.
Best,
Joe Hattori
---
In crb_acpi_add(), we call acpi_get_table() to retrieve the ACPI table
entry. acpi_put_table() is called on the error path to avoid a memory
leak, but the current implementation does not call acpi_put_table() when
the length field of struct acpi_table_header is not valid, which leads
to a memory leak. Although this memory leak only occurrs when the
firmware misconfigured the ACPI table, it would still be nice to have
this fix.
Signed-off-by: Joe Hattori <dev@xxxxxxxxxxxx>
---
drivers/char/tpm/tpm_crb.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c
index ea085b14ab7c..68fe28208331 100644
--- a/drivers/char/tpm/tpm_crb.c
+++ b/drivers/char/tpm/tpm_crb.c
@@ -738,10 +738,14 @@ static int crb_acpi_add(struct acpi_device *device)
status = acpi_get_table(ACPI_SIG_TPM2, 1,
(struct acpi_table_header **) &buf);
- if (ACPI_FAILURE(status) || buf->header.length < sizeof(*buf)) {
+ if (ACPI_FAILURE(status)) {
dev_err(dev, FW_BUG "failed to get TPM2 ACPI table\n");
return -EINVAL;
}
+ if (buf->header.length < sizeof(*buf)) {
+ rc = -EINVAL;
+ goto out;
+ }
/* Should the FIFO driver handle this? */
sm = buf->start_method;
--
2.34.1
