On Thu, Jul 14, 2016 at 10:47 PM, Xiao Guangrong <[email protected]> wrote: > > > On 07/15/2016 11:28 AM, Dan Williams wrote: >> >> acpi_evaluate_object() allocates memory. Free the buffer allocated >> during acpi_nfit_add(). >> > > Dan, thanks for your fix. > > Another one is the use-after-free issue in acpi_nfit_notify(): > > /* Evaluate _FIT */ > status = acpi_evaluate_object(adev->handle, "_FIT", NULL, &buf); > ... > acpi_desc->nfit = > (struct acpi_nfit_header *)obj->buffer.pointer; > ... > kfree(buf.pointer);
grep for acpi_desc->nfit usages, there are no usages after acpi_nfit_init(). We go through the hassle of setting up nfit_saved for no reason. _______________________________________________ Linux-nvdimm mailing list [email protected] https://lists.01.org/mailman/listinfo/linux-nvdimm
