4.4-stable patches

added patches:
	platform-x86-alienware-wmi-fix-kfree-on-potentially-uninitialized-pointer.patch

diff --git a/queue-4.4/platform-x86-alienware-wmi-fix-kfree-on-potentially-uninitialized-pointer.patch b/queue-4.4/platform-x86-alienware-wmi-fix-kfree-on-potentially-uninitialized-pointer.patch
new file mode 100644 (file)
index 0000000..e3333b4
--- /dev/null
+++ b/queue-4.4/platform-x86-alienware-wmi-fix-kfree-on-potentially-uninitialized-pointer.patch
@@ -0,0 +1,61 @@
+From 98e2630284ab741804bd0713e932e725466f2f84 Mon Sep 17 00:00:00 2001
+From: Colin Ian King <colin.king@canonical.com>
+Date: Sat, 30 Mar 2019 00:17:12 +0000
+Subject: platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer
+
+From: Colin Ian King <colin.king@canonical.com>
+
+commit 98e2630284ab741804bd0713e932e725466f2f84 upstream.
+
+Currently the kfree of output.pointer can be potentially freeing
+an uninitalized pointer in the case where out_data is NULL. Fix this
+by reworking the case where out_data is not-null to perform the
+ACPI status check and also the kfree of outpoint.pointer in one block
+and hence ensuring the pointer is only freed when it has been used.
+
+Also replace the if (ptr != NULL) idiom with just if (ptr).
+
+Fixes: ff0e9f26288d ("platform/x86: alienware-wmi: Correct a memory leak")
+Signed-off-by: Colin Ian King <colin.king@canonical.com>
+Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/platform/x86/alienware-wmi.c |   18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+--- a/drivers/platform/x86/alienware-wmi.c
++++ b/drivers/platform/x86/alienware-wmi.c
+@@ -449,23 +449,23 @@ static acpi_status alienware_hdmi_comman
+ 
+       input.length = (acpi_size) sizeof(*in_args);
+       input.pointer = in_args;
+-      if (out_data != NULL) {
++      if (out_data) {
+               output.length = ACPI_ALLOCATE_BUFFER;
+               output.pointer = NULL;
+               status = wmi_evaluate_method(WMAX_CONTROL_GUID, 1,
+                                            command, &input, &output);
+-      } else
++              if (ACPI_SUCCESS(status)) {
++                      obj = (union acpi_object *)output.pointer;
++                      if (obj && obj->type == ACPI_TYPE_INTEGER)
++                              *out_data = (u32)obj->integer.value;
++              }
++              kfree(output.pointer);
++      } else {
+               status = wmi_evaluate_method(WMAX_CONTROL_GUID, 1,
+                                            command, &input, NULL);
+-
+-      if (ACPI_SUCCESS(status) && out_data != NULL) {
+-              obj = (union acpi_object *)output.pointer;
+-              if (obj && obj->type == ACPI_TYPE_INTEGER)
+-                      *out_data = (u32) obj->integer.value;
+       }
+-      kfree(output.pointer);
+-      return status;
+ 
++      return status;
+ }
+ 
+ static ssize_t show_hdmi_cable(struct device *dev,

diff --git a/queue-4.4/series b/queue-4.4/series
index b3f53099bc3dddd747f009c6fe476676ef63bc35..c9102cde0d8ef20f9fe56af904af74510b726acb 100644 (file)
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -29,3 +29,4 @@ padata-initialize-pd-cpu-with-effective-cpumask.patch
 padata-purge-get_cpu-and-reorder_via_wq-from-padata_.patch
 alsa-pcm-fix-incorrect-hw_base-increase.patch
 ext4-lock-the-xattr-block-before-checksuming-it.patch
+platform-x86-alienware-wmi-fix-kfree-on-potentially-uninitialized-pointer.patch