[RFT] ACPICA: Fix memory leak caused by _CID repair function

Message ID 20210428225247.1701392-1-erik.kaneda@intel.com
State New
Headers show
Series
  • [RFT] ACPICA: Fix memory leak caused by _CID repair function
Related show

Commit Message

Erik Kaneda April 28, 2021, 10:52 p.m.
ACPICA commit 5fc4f4b87d6890d48d050ab279ed01f0132662ca

According to the ACPI spec, _CID returns a package containing
hardware ID's. Each element of an ASL package contains a reference
count from the parent package as well as the element itself.

Name (TEST, Package() {
    "String object" // this package element has a reference count of 2
})

A memory leak was caused in the _CID repair function because it did
not decrement the reference count created by the package. Fix the
memory leak by calling acpi_ut_remove_reference on _CID package elements
that represent a hardware ID (_HID).

Link: https://github.com/acpica/acpica/commit/5fc4f4b8

Signed-off-by: Erik Kaneda <erik.kaneda@intel.com>
---
 drivers/acpi/acpica/nsrepair2.c | 7 +++++++
 1 file changed, 7 insertions(+)

Comments

Erik Kaneda April 29, 2021, 5:29 p.m. | #1
Shawn,

Could you test this patch using the setup that you used to report the crash?
https://github.com/acpica/acpica/commit/d095b337ae1f107ad66bec19a99b4d7affae2fc4

Thanks,
Erik

> -----Original Message-----

> From: Kaneda, Erik <erik.kaneda@intel.com>

> Sent: Wednesday, April 28, 2021 3:53 PM

> To: Rafael J . Wysocki <rafael@kernel.org>; ACPI Devel Maling List <linux-

> acpi@vger.kernel.org>; Shawn Guo <shawn.guo@linaro.org>; Gordon Ross

> <gordon.w.ross@gmail.com>

> Cc: Moore; Moore, Robert <robert.moore@intel.com>; Kaneda, Erik

> <erik.kaneda@intel.com>

> Subject: [RFT PATCH] ACPICA: Fix memory leak caused by _CID repair

> function

> 

> ACPICA commit 5fc4f4b87d6890d48d050ab279ed01f0132662ca

> 

> According to the ACPI spec, _CID returns a package containing

> hardware ID's. Each element of an ASL package contains a reference

> count from the parent package as well as the element itself.

> 

> Name (TEST, Package() {

>     "String object" // this package element has a reference count of 2

> })

> 

> A memory leak was caused in the _CID repair function because it did

> not decrement the reference count created by the package. Fix the

> memory leak by calling acpi_ut_remove_reference on _CID package

> elements

> that represent a hardware ID (_HID).

> 

> Link: https://github.com/acpica/acpica/commit/5fc4f4b8

> 

> Signed-off-by: Erik Kaneda <erik.kaneda@intel.com>

> ---

>  drivers/acpi/acpica/nsrepair2.c | 7 +++++++

>  1 file changed, 7 insertions(+)

> 

> diff --git a/drivers/acpi/acpica/nsrepair2.c b/drivers/acpi/acpica/nsrepair2.c

> index 14b71b41e845..38e10ab976e6 100644

> --- a/drivers/acpi/acpica/nsrepair2.c

> +++ b/drivers/acpi/acpica/nsrepair2.c

> @@ -379,6 +379,13 @@ acpi_ns_repair_CID(struct acpi_evaluate_info *info,

> 

>  			(*element_ptr)->common.reference_count =

>  			    original_ref_count;

> +

> +			/*

> +			 * The original_element holds a reference from the

> package object

> +			 * that represents _HID. Since a new element was

> created by _HID,

> +			 * remove the reference from the _CID package.

> +			 */

> +			acpi_ut_remove_reference(original_element);

>  		}

> 

>  		element_ptr++;

> --

> 2.29.2
Shawn Guo April 30, 2021, 1:22 p.m. | #2
On Wed, Apr 28, 2021 at 03:52:47PM -0700, Erik Kaneda wrote:
> ACPICA commit 5fc4f4b87d6890d48d050ab279ed01f0132662ca

> 

> According to the ACPI spec, _CID returns a package containing

> hardware ID's. Each element of an ASL package contains a reference

> count from the parent package as well as the element itself.

> 

> Name (TEST, Package() {

>     "String object" // this package element has a reference count of 2

> })

> 

> A memory leak was caused in the _CID repair function because it did

> not decrement the reference count created by the package. Fix the

> memory leak by calling acpi_ut_remove_reference on _CID package elements

> that represent a hardware ID (_HID).

> 

> Link: https://github.com/acpica/acpica/commit/5fc4f4b8

> 

> Signed-off-by: Erik Kaneda <erik.kaneda@intel.com>


Tested on Snapdragon laptops, and nothing seems broken.

Tested-by: Shawn Guo <shawn.guo@linaro.org>

Patch

diff --git a/drivers/acpi/acpica/nsrepair2.c b/drivers/acpi/acpica/nsrepair2.c
index 14b71b41e845..38e10ab976e6 100644
--- a/drivers/acpi/acpica/nsrepair2.c
+++ b/drivers/acpi/acpica/nsrepair2.c
@@ -379,6 +379,13 @@  acpi_ns_repair_CID(struct acpi_evaluate_info *info,
 
 			(*element_ptr)->common.reference_count =
 			    original_ref_count;
+
+			/*
+			 * The original_element holds a reference from the package object
+			 * that represents _HID. Since a new element was created by _HID,
+			 * remove the reference from the _CID package.
+			 */
+			acpi_ut_remove_reference(original_element);
 		}
 
 		element_ptr++;