From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mga02.intel.com ([134.134.136.20]:22782 "EHLO mga02.intel.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751709AbcGOFv1 (ORCPT <rfc822;stable@vger.kernel.org>);
	Fri, 15 Jul 2016 01:51:27 -0400
Subject: Re: [PATCH 1/2] nfit: fix _FIT evaluation memory leak
To: Dan Williams <dan.j.williams@intel.com>, linux-nvdimm@lists.01.org
References: <146855333714.573.13934675433503265133.stgit@dwillia2-desk3.amr.corp.intel.com>
Cc: Vishal Verma <vishal.l.verma@intel.com>,
	linux-acpi@vger.kernel.org, stable@vger.kernel.org,
	Haozhong Zhang <haozhong.zhang@intel.com>
From: Xiao Guangrong <guangrong.xiao@intel.com>
Message-ID: <578878E7.9060504@intel.com>
Date: Fri, 15 Jul 2016 13:47:19 +0800
MIME-Version: 1.0
In-Reply-To: <146855333714.573.13934675433503265133.stgit@dwillia2-desk3.amr.corp.intel.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>



On 07/15/2016 11:28 AM, Dan Williams wrote:
> acpi_evaluate_object() allocates memory. Free the buffer allocated
> during acpi_nfit_add().
>

Dan, thanks for your fix.

Another one is the use-after-free issue in acpi_nfit_notify():

	/* Evaluate _FIT */
	status = acpi_evaluate_object(adev->handle, "_FIT", NULL, &buf);
         ...
  		acpi_desc->nfit =
			(struct acpi_nfit_header *)obj->buffer.pointer;
         ...
         kfree(buf.pointer);