Commit 7459e87a authored Aug 15, 2025 by Charles Han Committed by Rafael J. Wysocki Aug 18, 2025

ACPI: APEI: EINJ: fix potential NULL dereference in __einj_error_inject()



The __einj_error_inject() function allocates memory via kmalloc()
without checking for allocation failure, which could lead to a
NULL pointer dereference.

Return -ENOMEM in case allocation fails.

Fixes: b4761029 ("ACPI: APEI: EINJ: Enable EINJv2 error injections")
Signed-off-by: Charles Han <hanchunchao@inspur.com>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Reviewed-by: Hanjun Guo <guohanjun@huawei.com>
Link: https://patch.msgid.link/20250815024207.3038-1-hanchunchao@inspur.com


Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>

parent 6c705851

drivers/acpi/apei/einj-core.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -540,6 +540,9 @@ static int __einj_error_inject(u32 type, u32 flags, u64 param1, u64 param2,
		struct set_error_type_with_address *v5param;

		v5param = kmalloc(v5param_size, GFP_KERNEL);
		if (!v5param)
		return -ENOMEM;

		memcpy_fromio(v5param, einj_param, v5param_size);
		v5param->type = type;
		if (type & ACPI5_VENDOR_BIT) {