diff options
author | Dan Williams <dan.j.williams@intel.com> | 2016-07-14 17:22:48 -0700 |
---|---|---|
committer | Dan Williams <dan.j.williams@intel.com> | 2016-07-21 14:12:18 -0700 |
commit | 3193204149de4d563519d6847aba638bb4d9662b (patch) | |
tree | 19e823333cb5770ce67a4cdf4690c1b6504eebea /MAINTAINERS | |
parent | 5dc68e5574880c1ad4a2591b765c093fee24dcaa (diff) |
nfit: fix _FIT evaluation memory leak + use after free
acpi_evaluate_object() allocates memory. Free the buffer allocated
during acpi_nfit_add(). In order for this memory to be freed
acpi_nfit_init() needs to be converted to duplicate the nfit contents in
its internal allocation. Use zero-length arrays to minimize the thrash
with the rest of the nfit driver implementation.
All of the add_<nfit-sub-table>() routines now validate a minimum table
size and expect hotplugged tables to match the size of the original
table to count as a duplicate. For variable length tables, like 'idt'
and 'flush', we calculate the dynamic size. Note that hotplug by
definition cannot change the interleave as it would cause data
corruption of in-use namespaces.
Cc: Vishal Verma <vishal.l.verma@intel.com>
Reported-by: Xiao Guangrong <guangrong.xiao@intel.com>
Reported-by: Haozhong Zhang <haozhong.zhang@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Diffstat (limited to 'MAINTAINERS')
0 files changed, 0 insertions, 0 deletions