On Thu, 2012-10-11 at 11:32 +0100, Andy Whitcroft wrote:
> Signed-off-by: Andy Whitcroft <apw@xxxxxxxxxxxxx>
> ---
> drivers/firmware/efivars.c | 14 +++++++++-----
> 1 file changed, 9 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c
> index ae50d2f..0bbf742 100644
> --- a/drivers/firmware/efivars.c
> +++ b/drivers/firmware/efivars.c
> @@ -866,7 +866,7 @@ static void efivarfs_hex_to_guid(const char *str, efi_guid_t *guid)
> static int efivarfs_create(struct inode *dir, struct dentry *dentry,
> umode_t mode, bool excl)
> {
> - struct inode *inode = efivarfs_get_inode(dir->i_sb, dir, mode, 0);
> + struct inode *inode;
> struct efivars *efivars = &__efivars;
> struct efivar_entry *var;
> int namelen, i = 0, err = 0;
> @@ -874,13 +874,15 @@ static int efivarfs_create(struct inode *dir, struct dentry *dentry,
> if (dentry->d_name.len < 38)
> return -EINVAL;
>
> + inode = efivarfs_get_inode(dir->i_sb, dir, mode, 0);
> if (!inode)
> return -ENOSPC;
>
> var = kzalloc(sizeof(struct efivar_entry), GFP_KERNEL);
> -
> - if (!var)
> - return -ENOMEM;
> + if (!var) {
> + err = -ENOMEM;
> + goto out;
> + }
>
This does not read right. If kzalloc() fails, var will be a NULL
pointer. This code will set err to -ENOMEM and jump to out: where since
err is non-zero, this code will call kfree(Var) but var is a NULL
pointer at this point. Now kfree() does check for NULL pointer and this
will not cause any serious problems but why call kfree for a NULL
pointer?
> namelen = dentry->d_name.len - GUID_LEN;
>
> @@ -908,8 +910,10 @@ static int efivarfs_create(struct inode *dir, struct dentry *dentry,
> d_instantiate(dentry, inode);
> dget(dentry);
> out:
> - if (err)
> + if (err) {
> kfree(var);
> + iput(inode);
> + }
> return err;
> }
>
--
Khalid
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
