• Vamshi K Sthambamkadi's avatar
    ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data() · 627ead72
    Vamshi K Sthambamkadi authored
    kmemleak reported backtrace:
        [<bbee0454>] kmem_cache_alloc_trace+0x128/0x260
        [<6677f215>] i2c_acpi_install_space_handler+0x4b/0xe0
        [<1180f4fc>] i2c_register_adapter+0x186/0x400
        [<6083baf7>] i2c_add_adapter+0x4e/0x70
        [<a3ddf966>] intel_gmbus_setup+0x1a2/0x2c0 [i915]
        [<84cb69ae>] i915_driver_probe+0x8d8/0x13a0 [i915]
        [<81911d4b>] i915_pci_probe+0x48/0x160 [i915]
        [<4b159af1>] pci_device_probe+0xdc/0x160
        [<b3c64704>] really_probe+0x1ee/0x450
        [<bc029f5a>] driver_probe_device+0x142/0x1b0
        [<d8829d20>] device_driver_attach+0x49/0x50
        [<de71f045>] __driver_attach+0xc9/0x150
        [<df33ac83>] bus_for_each_dev+0x56/0xa0
        [<80089bba>] driver_attach+0x19/0x20
        [<cc73f583>] bus_add_driver+0x177/0x220
        [<7b29d8c7>] driver_register+0x56/0xf0
    
    In i2c_acpi_remove_space_handler(), a leak occurs whenever the
    "data" parameter is initialized to 0 before being passed to
    acpi_bus_get_private_data().
    
    This is because the NULL pointer check in acpi_bus_get_private_data()
    (condition->if(!*data)) returns EINVAL and, in consequence, memory is
    never freed in i2c_acpi_remove_space_handler().
    
    Fix the NULL pointer check in acpi_bus_get_private_data() to follow
    the analogous check in acpi_get_data_full().
    Signed-off-by: default avatarVamshi K Sthambamkadi <vamshi.k.sthambamkadi@gmail.com>
    [ rjw: Subject & changelog ]
    Cc: All applicable <stable@vger.kernel.org>
    Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
    627ead72
bus.c 33.1 KB