From: Khalid Aziz <khalid-21RPF02GE+GXwddmVfQv5g@public.gmane.org>
To: Andy Whitcroft <apw-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
Cc: Matthew Garrett <mjg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Jeremy Kerr <jeremy.kerr-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>,
Matt Fleming
<matt.fleming-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH 2/5] efivarfs: efivarfs_create() ensure we drop our reference on inode on error
Date: Fri, 12 Oct 2012 13:03:49 -0600 [thread overview]
Message-ID: <1350068629.7065.58.camel@rhapsody> (raw)
In-Reply-To: <1349951541-20498-3-git-send-email-apw-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
On Thu, 2012-10-11 at 11:32 +0100, Andy Whitcroft wrote:
> Signed-off-by: Andy Whitcroft <apw-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
> ---
> drivers/firmware/efivars.c | 14 +++++++++-----
> 1 file changed, 9 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c
> index ae50d2f..0bbf742 100644
> --- a/drivers/firmware/efivars.c
> +++ b/drivers/firmware/efivars.c
> @@ -866,7 +866,7 @@ static void efivarfs_hex_to_guid(const char *str, efi_guid_t *guid)
> static int efivarfs_create(struct inode *dir, struct dentry *dentry,
> umode_t mode, bool excl)
> {
> - struct inode *inode = efivarfs_get_inode(dir->i_sb, dir, mode, 0);
> + struct inode *inode;
> struct efivars *efivars = &__efivars;
> struct efivar_entry *var;
> int namelen, i = 0, err = 0;
> @@ -874,13 +874,15 @@ static int efivarfs_create(struct inode *dir, struct dentry *dentry,
> if (dentry->d_name.len < 38)
> return -EINVAL;
>
> + inode = efivarfs_get_inode(dir->i_sb, dir, mode, 0);
> if (!inode)
> return -ENOSPC;
>
> var = kzalloc(sizeof(struct efivar_entry), GFP_KERNEL);
> -
> - if (!var)
> - return -ENOMEM;
> + if (!var) {
> + err = -ENOMEM;
> + goto out;
> + }
>
This does not read right. If kzalloc() fails, var will be a NULL
pointer. This code will set err to -ENOMEM and jump to out: where since
err is non-zero, this code will call kfree(Var) but var is a NULL
pointer at this point. Now kfree() does check for NULL pointer and this
will not cause any serious problems but why call kfree for a NULL
pointer?
> namelen = dentry->d_name.len - GUID_LEN;
>
> @@ -908,8 +910,10 @@ static int efivarfs_create(struct inode *dir, struct dentry *dentry,
> d_instantiate(dentry, inode);
> dget(dentry);
> out:
> - if (err)
> + if (err) {
> kfree(var);
> + iput(inode);
> + }
> return err;
> }
>
--
Khalid
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Khalid Aziz <khalid@gonehiking.org>
To: Andy Whitcroft <apw@canonical.com>
Cc: Matthew Garrett <mjg@redhat.com>,
Jeremy Kerr <jeremy.kerr@canonical.com>,
Matt Fleming <matt.fleming@intel.com>,
linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 2/5] efivarfs: efivarfs_create() ensure we drop our reference on inode on error
Date: Fri, 12 Oct 2012 13:03:49 -0600 [thread overview]
Message-ID: <1350068629.7065.58.camel@rhapsody> (raw)
In-Reply-To: <1349951541-20498-3-git-send-email-apw@canonical.com>
On Thu, 2012-10-11 at 11:32 +0100, Andy Whitcroft wrote:
> Signed-off-by: Andy Whitcroft <apw@canonical.com>
> ---
> drivers/firmware/efivars.c | 14 +++++++++-----
> 1 file changed, 9 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c
> index ae50d2f..0bbf742 100644
> --- a/drivers/firmware/efivars.c
> +++ b/drivers/firmware/efivars.c
> @@ -866,7 +866,7 @@ static void efivarfs_hex_to_guid(const char *str, efi_guid_t *guid)
> static int efivarfs_create(struct inode *dir, struct dentry *dentry,
> umode_t mode, bool excl)
> {
> - struct inode *inode = efivarfs_get_inode(dir->i_sb, dir, mode, 0);
> + struct inode *inode;
> struct efivars *efivars = &__efivars;
> struct efivar_entry *var;
> int namelen, i = 0, err = 0;
> @@ -874,13 +874,15 @@ static int efivarfs_create(struct inode *dir, struct dentry *dentry,
> if (dentry->d_name.len < 38)
> return -EINVAL;
>
> + inode = efivarfs_get_inode(dir->i_sb, dir, mode, 0);
> if (!inode)
> return -ENOSPC;
>
> var = kzalloc(sizeof(struct efivar_entry), GFP_KERNEL);
> -
> - if (!var)
> - return -ENOMEM;
> + if (!var) {
> + err = -ENOMEM;
> + goto out;
> + }
>
This does not read right. If kzalloc() fails, var will be a NULL
pointer. This code will set err to -ENOMEM and jump to out: where since
err is non-zero, this code will call kfree(Var) but var is a NULL
pointer at this point. Now kfree() does check for NULL pointer and this
will not cause any serious problems but why call kfree for a NULL
pointer?
> namelen = dentry->d_name.len - GUID_LEN;
>
> @@ -908,8 +910,10 @@ static int efivarfs_create(struct inode *dir, struct dentry *dentry,
> d_instantiate(dentry, inode);
> dget(dentry);
> out:
> - if (err)
> + if (err) {
> kfree(var);
> + iput(inode);
> + }
> return err;
> }
>
--
Khalid
next prev parent reply other threads:[~2012-10-12 19:03 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-05 5:54 [PATCH 1/3] efi: Add support for a UEFI variable filesystem Jeremy Kerr
2012-10-05 5:54 ` [PATCH 2/3] efi: add efivars kobject to efi sysfs folder Jeremy Kerr
2012-10-05 6:51 ` joeyli
2012-10-05 7:44 ` Jeremy Kerr
2012-10-05 5:54 ` [PATCH 3/3] efi: Handle deletions and size changes in efivarfs_write_file Jeremy Kerr
2012-10-06 19:32 ` [PATCH 1/3] efi: Add support for a UEFI variable filesystem Matt Fleming
2012-10-11 10:32 ` [PATCH 0/5] efivarfs: fixes and cleanups Andy Whitcroft
2012-10-11 10:32 ` [PATCH 1/5] efivarfs: efivarfs_file_read ensure we free data in error paths Andy Whitcroft
2012-10-11 13:53 ` Jeremy Kerr
2012-10-11 10:32 ` [PATCH 2/5] efivarfs: efivarfs_create() ensure we drop our reference on inode on error Andy Whitcroft
2012-10-11 14:13 ` Jeremy Kerr
[not found] ` <1349951541-20498-3-git-send-email-apw-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
2012-10-12 19:03 ` Khalid Aziz [this message]
2012-10-12 19:03 ` Khalid Aziz
2012-10-12 19:21 ` Matt Fleming
2012-10-12 19:21 ` Matt Fleming
2012-10-12 20:11 ` Khalid Aziz
2012-10-11 10:32 ` [PATCH 3/5] efivarfs: efivarfs_fill_super() fix inode reference counts Andy Whitcroft
2012-10-11 14:10 ` Jeremy Kerr
2012-10-11 10:32 ` [PATCH 4/5] efivarfs: efivarfs_fill_super() ensure we free our temporary name Andy Whitcroft
2012-10-11 13:59 ` Jeremy Kerr
2012-10-11 10:32 ` [PATCH 5/5] efivarfs: efivarfs_fill_super() ensure we clean up correctly on error Andy Whitcroft
2012-10-11 14:04 ` Jeremy Kerr
2012-10-11 16:06 ` Andy Whitcroft
2012-10-16 9:16 ` Jeremy Kerr
2012-10-16 9:16 ` Jeremy Kerr
2012-10-11 12:40 ` [PATCH 0/5] efivarfs: fixes and cleanups Matthew Garrett
2012-10-11 12:48 ` Matt Fleming
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1350068629.7065.58.camel@rhapsody \
--to=khalid-21rpf02ge+gxwddmvfqv5g@public.gmane.org \
--cc=apw-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org \
--cc=jeremy.kerr-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org \
--cc=linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=matt.fleming-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=mjg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.