Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 2 Jun 2021 13:35:34 GMT
From:      Mark Johnston <markj@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 78b147467ea5 - stable/13 - acpi: Add missing error handling to acpi_pci_link_route_irqs()
Message-ID:  <202106021335.152DZYZk011967@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/13 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=78b147467ea55886071b099d364757e827afbcd7

commit 78b147467ea55886071b099d364757e827afbcd7
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2021-05-26 14:34:39 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2021-06-02 13:32:37 +0000

    acpi: Add missing error handling to acpi_pci_link_route_irqs()
    
    Otherwise the resouce buffer may have been freed when
    AcpiSetCurrentResources() is called, leading to a use-after-free.
    
    PR:             255862
    Submitted by:   Lv Yunlong <lylgood@foxmail.com> (original version)
    MFC after:      1 week
    
    (cherry picked from commit 4cf33275289088e3b0a913a44b5cd549e348094d)
---
 sys/dev/acpica/acpi_pci_link.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/sys/dev/acpica/acpi_pci_link.c b/sys/dev/acpica/acpi_pci_link.c
index ecc4f26d3fb4..3dab2807bd92 100644
--- a/sys/dev/acpica/acpi_pci_link.c
+++ b/sys/dev/acpica/acpi_pci_link.c
@@ -843,8 +843,10 @@ acpi_pci_link_srs_from_links(struct acpi_pci_link_softc *sc,
 			device_printf(sc->pl_dev,
 			    "Unable to build resources: %s\n",
 			    AcpiFormatException(status));
-			if (srsbuf->Pointer != NULL)
+			if (srsbuf->Pointer != NULL) {
 				AcpiOsFree(srsbuf->Pointer);
+				srsbuf->Pointer = NULL;
+			}
 			return (status);
 		}
 	}
@@ -867,6 +869,8 @@ acpi_pci_link_route_irqs(device_t dev)
 		status = acpi_pci_link_srs_from_links(sc, &srsbuf);
 	else
 		status = acpi_pci_link_srs_from_crs(sc, &srsbuf);
+	if (ACPI_FAILURE(status))
+		return (status);
 
 	/* Write out new resources via _SRS. */
 	status = AcpiSetCurrentResources(acpi_get_handle(dev), &srsbuf);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202106021335.152DZYZk011967>