From: Jesper Juhl Date: Wed, 15 Aug 2012 22:16:33 +0000 (+0200) Subject: tpm: Do not dereference NULL pointer if acpi_os_map_memory() fails. X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=f334ac8da82478b3f8c52e3c01849ad7fe509d5b;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git tpm: Do not dereference NULL pointer if acpi_os_map_memory() fails. In drivers/char/tpm/tpm_acpi.c::read_log() we call acpi_os_map_memory(). That call may fail for a number of reasons (invalid address, out of memory etc). If the call fails it returns NULL and we just pass that to memcpy() unconditionally, which will go bad when it tries to dereference the pointer. Unfortunately we just get NULL back, so we can't really tell the user exactely what went wrong, but we can at least avoid crashing and return an error (-EIO seemed more generic and more suitable here than -ENOMEM or something else, so I picked that). Signed-off-by: Jesper Juhl Signed-off-by: Kent Yoder --- diff --git a/drivers/char/tpm/tpm_acpi.c b/drivers/char/tpm/tpm_acpi.c index a1bb5a182df9..fe3fa9431dc9 100644 --- a/drivers/char/tpm/tpm_acpi.c +++ b/drivers/char/tpm/tpm_acpi.c @@ -96,6 +96,11 @@ int read_log(struct tpm_bios_log *log) log->bios_event_log_end = log->bios_event_log + len; virt = acpi_os_map_memory(start, len); + if (!virt) { + kfree(log->bios_event_log); + printk("%s: ERROR - Unable to map memory\n", __func__); + return -EIO; + } memcpy(log->bios_event_log, virt, len);