From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Message-Id: <20130911042909.903407926@goodmis.org> Date: Wed, 11 Sep 2013 00:28:53 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Toshi Kani , Yasuaki Ishimatsu , "Rafael J. Wysocki" Subject: [106/251] ACPI / memhotplug: Fix a stale pointer in error path References: <20130911042707.738353451@goodmis.org> Content-Disposition: inline; filename=0106-ACPI-memhotplug-Fix-a-stale-pointer-in-error-path.patch Sender: linux-kernel-owner@vger.kernel.org List-ID: 3.6.11.9-rc1 stable review patch. If anyone has any objections, please let me know. ------------------ From: Toshi Kani [ Upstream commit d19f503e22316a84c39bc19445e0e4fdd49b3532 ] device->driver_data needs to be cleared when releasing its data, mem_device, in an error path of acpi_memory_device_add(). The function evaluates the _CRS of memory device objects, and fails when it gets an unexpected resource or cannot allocate memory. A kernel crash or data corruption may occur when the kernel accesses the stale pointer. Signed-off-by: Toshi Kani Reviewed-by: Yasuaki Ishimatsu Cc: 2.6.32+ Signed-off-by: Rafael J. Wysocki Signed-off-by: Steven Rostedt --- drivers/acpi/acpi_memhotplug.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/acpi/acpi_memhotplug.c b/drivers/acpi/acpi_memhotplug.c index 24c807f..f16ffd4 100644 --- a/drivers/acpi/acpi_memhotplug.c +++ b/drivers/acpi/acpi_memhotplug.c @@ -442,6 +442,7 @@ static int acpi_memory_device_add(struct acpi_device *device) /* Get the range from the _CRS */ result = acpi_memory_get_device_resources(mem_device); if (result) { + device->driver_data = NULL; kfree(mem_device); return result; } -- 1.7.10.4