Merge tag 'efi-urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi into x86/urgent

Ingo Molnar · Ingo Molnar · commit c102cb097d93 · 2015-05-06T08:30:24.000+02:00
Pull EFI fixes from Matt Fleming:

 * Avoid garbage names in efivarfs due to buggy firmware by zeroing
   EFI variable name. (Ross Lagerwall)

 * Stop erroneously dropping upper 32 bits of boot command line pointer
   in EFI boot stub and stash them in ext_cmd_line_ptr. (Roy Franz)

 * Fix double-free bug in error handling code path of EFI runtime map
   code. (Dan Carpenter)

Signed-off-by: Ingo Molnar &lt;mingo@kernel.org&gt;
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
@@ -1109,6 +1109,8 @@ struct boot_params *make_boot_params(struct efi_config *c)
 	if (!cmdline_ptr)
 		goto fail;
 	hdr->cmd_line_ptr = (unsigned long)cmdline_ptr;
+	/* Fill in upper bits of command line address, NOP on 32 bit  */
+	boot_params->ext_cmd_line_ptr = (u64)(unsigned long)cmdline_ptr >> 32;
 
 	hdr->ramdisk_image = 0;
 	hdr->ramdisk_size = 0;
diff --git a/drivers/firmware/efi/runtime-map.c b/drivers/firmware/efi/runtime-map.c
@@ -120,7 +120,8 @@ add_sysfs_runtime_map_entry(struct kobject *kobj, int nr)
 	entry = kzalloc(sizeof(*entry), GFP_KERNEL);
 	if (!entry) {
 		kset_unregister(map_kset);
-		return entry;
+		map_kset = NULL;
+		return ERR_PTR(-ENOMEM);
 	}
 
 	memcpy(&entry->md, efi_runtime_map + nr * efi_memdesc_size,
@@ -132,6 +133,7 @@ add_sysfs_runtime_map_entry(struct kobject *kobj, int nr)
 	if (ret) {
 		kobject_put(&entry->kobj);
 		kset_unregister(map_kset);
+		map_kset = NULL;
 		return ERR_PTR(ret);
 	}
 
@@ -195,8 +197,6 @@ int __init efi_runtime_map_init(struct kobject *efi_kobj)
 		entry = *(map_entries + j);
 		kobject_put(&entry->kobj);
 	}
-	if (map_kset)
-		kset_unregister(map_kset);
 out:
 	return ret;
 }
diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c
@@ -121,7 +121,7 @@ static int efivarfs_callback(efi_char16_t *name16, efi_guid_t vendor,
 	int len, i;
 	int err = -ENOMEM;
 
-	entry = kmalloc(sizeof(*entry), GFP_KERNEL);
+	entry = kzalloc(sizeof(*entry), GFP_KERNEL);
 	if (!entry)
 		return err;
 

Original file line number	Diff line number	Diff line change
`@@ -120,7 +120,8 @@ add_sysfs_runtime_map_entry(struct kobject *kobj, int nr)`
`120`	`120`	`entry = kzalloc(sizeof(*entry), GFP_KERNEL);`
`121`	`121`	`if (!entry) {`
`122`	`122`	`kset_unregister(map_kset);`
`123`		`- return entry;`
	`123`	`+ map_kset = NULL;`
	`124`	`+ return ERR_PTR(-ENOMEM);`
`124`	`125`	`}`
`125`	`126`
`126`	`127`	`memcpy(&entry->md, efi_runtime_map + nr * efi_memdesc_size,`
`@@ -132,6 +133,7 @@ add_sysfs_runtime_map_entry(struct kobject *kobj, int nr)`
`132`	`133`	`if (ret) {`
`133`	`134`	`kobject_put(&entry->kobj);`
`134`	`135`	`kset_unregister(map_kset);`
	`136`	`+ map_kset = NULL;`
`135`	`137`	`return ERR_PTR(ret);`
`136`	`138`	`}`
`137`	`139`
`@@ -195,8 +197,6 @@ int __init efi_runtime_map_init(struct kobject *efi_kobj)`
`195`	`197`	`entry = *(map_entries + j);`
`196`	`198`	`kobject_put(&entry->kobj);`
`197`	`199`	`}`
`198`		`- if (map_kset)`
`199`		`- kset_unregister(map_kset);`
`200`	`200`	`out:`
`201`	`201`	`return ret;`
`202`	`202`	`}`