diff options
author | Matt Fleming <matt@codeblueprint.co.uk> | 2016-08-15 16:29:20 +0200 |
---|---|---|
committer | Matt Fleming <matt@codeblueprint.co.uk> | 2016-09-09 17:08:48 +0200 |
commit | 22c2b77f419bdc9317f00b395283abd33157368e (patch) | |
tree | 379db94c904ad0916c7cbc9d11c0f0d2fc77f6e1 | |
parent | x86/efi: Map in physical addresses in efi_map_region_fixed (diff) | |
download | linux-22c2b77f419bdc9317f00b395283abd33157368e.tar.xz linux-22c2b77f419bdc9317f00b395283abd33157368e.zip |
fs/efivarfs: Fix double kfree() in error path
Julia reported that we may double free 'name' in efivarfs_callback(),
and that this bug was introduced by commit 0d22f33bc37c ("efi: Don't
use spinlocks for efi vars").
Move one of the kfree()s until after the point at which we know we are
definitely on the success path.
Reported-by: Julia Lawall <julia.lawall@lip6.fr>
Acked-by: Julia Lawall <julia.lawall@lip6.fr>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Sylvain Chouleur <sylvain.chouleur@gmail.com>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
-rw-r--r-- | fs/efivarfs/super.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c index 01e3d6e53944..d7a7c53803c1 100644 --- a/fs/efivarfs/super.c +++ b/fs/efivarfs/super.c @@ -157,14 +157,14 @@ static int efivarfs_callback(efi_char16_t *name16, efi_guid_t vendor, goto fail_inode; } - /* copied by the above to local storage in the dentry. */ - kfree(name); - efivar_entry_size(entry, &size); err = efivar_entry_add(entry, &efivarfs_list); if (err) goto fail_inode; + /* copied by the above to local storage in the dentry. */ + kfree(name); + inode_lock(inode); inode->i_private = entry; i_size_write(inode, size + sizeof(entry->var.Attributes)); |