tpm: Do not dereference NULL pointer if acpi_os_map_memory() fails.

In drivers/char/tpm/tpm_acpi.c::read_log() we call
acpi_os_map_memory(). That call may fail for a number of reasons
(invalid address, out of memory etc). If the call fails it returns
NULL and we just pass that to memcpy() unconditionally, which will go
bad when it tries to dereference the pointer.

Unfortunately we just get NULL back, so we can't really tell the user
exactely what went wrong, but we can at least avoid crashing and
return an error (-EIO seemed more generic and more suitable here than
-ENOMEM or something else, so I picked that).

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>

diff --git a/drivers/char/tpm/tpm_acpi.c b/drivers/char/tpm/tpm_acpi.c
index a1bb5a182df9fb0130837767333aaf6e874fd05e..fe3fa9431dc9615e5e09024a68e588cb168061ab 100644 (file)
--- a/drivers/char/tpm/tpm_acpi.c
+++ b/drivers/char/tpm/tpm_acpi.c
@@ -96,6 +96,11 @@ int read_log(struct tpm_bios_log *log)
        log->bios_event_log_end = log->bios_event_log + len;
 
        virt = acpi_os_map_memory(start, len);
+       if (!virt) {
+               kfree(log->bios_event_log);
+               printk("%s: ERROR - Unable to map memory\n", __func__);
+               return -EIO;
+       }
 
        memcpy(log->bios_event_log, virt, len);