[tip:x86/efi] efi, pstore: Initialise 'entry' before iterating

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Commit-ID:  4ee39e979c80543095601b4bd812565a0928b56d
Gitweb:     http://git.kernel.org/tip/4ee39e979c80543095601b4bd812565a0928b56d
Author:     Matt Fleming <matt.fleming@xxxxxxxxx>
AuthorDate: Mon, 29 Apr 2013 19:31:45 +0100
Committer:  Matt Fleming <matt.fleming@xxxxxxxxx>
CommitDate: Tue, 30 Apr 2013 12:07:57 +0100

efi, pstore: Initialise 'entry' before iterating

Seiji reports hitting the following crash when erasing pstore dump
variables,

  BUG: unable to handle kernel NULL pointer dereference at 0000000000000fa4
  IP: [<ffffffff8142dadf>] __efivar_entry_iter+0x2f/0x120
  PGD 18482a067 PUD 190724067 PMD 0
  Oops: 0000 [#1] SMP
  [...]
  Call Trace:
   [<ffffffff8143001f>] efi_pstore_erase+0xdf/0x130
   [<ffffffff81200038>] ? cap_socket_create+0x8/0x10
   [<ffffffff811ea491>] pstore_unlink+0x41/0x60
   [<ffffffff811741ff>] vfs_unlink+0x9f/0x110
   [<ffffffff8117813b>] do_unlinkat+0x18b/0x280
   [<ffffffff81178472>] sys_unlinkat+0x22/0x40
   [<ffffffff81542402>] system_call_fastpath+0x16/0x1b

'entry' needs to be initialised in efi_pstore_erase() when iterating
with __efivar_entry_iter(), otherwise the garbage pointer will be
dereferenced, leading to crashes like the above.

Reported-by: Seiji Aguchi <seiji.aguchi@xxxxxxx>
Tested-by: Seiji Aguchi <seiji.aguchi@xxxxxxx>
Cc: Tony Luck <tony.luck@xxxxxxxxx>
Cc: Matthew Garrett <matthew.garrett@xxxxxxxxxx>
Signed-off-by: Matt Fleming <matt.fleming@xxxxxxxxx>
---
 drivers/firmware/efi/efi-pstore.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/firmware/efi/efi-pstore.c b/drivers/firmware/efi/efi-pstore.c
index 221ad1b..583ee80 100644
--- a/drivers/firmware/efi/efi-pstore.c
+++ b/drivers/firmware/efi/efi-pstore.c
@@ -174,7 +174,7 @@ static int efi_pstore_erase(enum pstore_type_id type, u64 id, int count,
 			    struct timespec time, struct pstore_info *psi)
 {
 	struct pstore_erase_data edata;
-	struct efivar_entry *entry;
+	struct efivar_entry *entry = NULL;
 	char name[DUMP_NAME_LEN];
 	efi_char16_t efi_name[DUMP_NAME_LEN];
 	int found, i;
--
To unsubscribe from this list: send the line "unsubscribe linux-tip-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Stable Commits]     [Linux Stable Kernel]     [Linux Kernel]     [Linux USB Devel]     [Linux Video &Media]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux