* [PATCH] efi: fix NULL-deref in init error path
@ 2022-12-19 9:10 Johan Hovold
2022-12-23 14:37 ` Ard Biesheuvel
0 siblings, 1 reply; 2+ messages in thread
From: Johan Hovold @ 2022-12-19 9:10 UTC (permalink / raw)
To: Ard Biesheuvel; +Cc: linux-efi, linux-kernel, Johan Hovold, stable, Li Heng
In case runtime services are not supported or have been disabled the
runtime services workqueue will never have been allocated.
Do not try to destroy the workqueue unconditionally in the unlikely
event that EFI initialisation fails to avoid dereferencing a NULL
pointer.
Fixes: 98086df8b70c ("efi: add missed destroy_workqueue when efisubsys_init fails")
Cc: stable@vger.kernel.org
Cc: Li Heng <liheng40@huawei.com>
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
---
drivers/firmware/efi/efi.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index 09716eebe8ac..a2b0cbc8741c 100644
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -394,8 +394,8 @@ static int __init efisubsys_init(void)
efi_kobj = kobject_create_and_add("efi", firmware_kobj);
if (!efi_kobj) {
pr_err("efi: Firmware registration failed.\n");
- destroy_workqueue(efi_rts_wq);
- return -ENOMEM;
+ error = -ENOMEM;
+ goto err_destroy_wq;
}
if (efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE |
@@ -443,7 +443,10 @@ static int __init efisubsys_init(void)
err_put:
kobject_put(efi_kobj);
efi_kobj = NULL;
- destroy_workqueue(efi_rts_wq);
+err_destroy_wq:
+ if (efi_rts_wq)
+ destroy_workqueue(efi_rts_wq);
+
return error;
}
--
2.37.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] efi: fix NULL-deref in init error path
2022-12-19 9:10 [PATCH] efi: fix NULL-deref in init error path Johan Hovold
@ 2022-12-23 14:37 ` Ard Biesheuvel
0 siblings, 0 replies; 2+ messages in thread
From: Ard Biesheuvel @ 2022-12-23 14:37 UTC (permalink / raw)
To: Johan Hovold; +Cc: linux-efi, linux-kernel, stable, Li Heng
On Mon, 19 Dec 2022 at 10:10, Johan Hovold <johan+linaro@kernel.org> wrote:
>
> In case runtime services are not supported or have been disabled the
> runtime services workqueue will never have been allocated.
>
> Do not try to destroy the workqueue unconditionally in the unlikely
> event that EFI initialisation fails to avoid dereferencing a NULL
> pointer.
>
> Fixes: 98086df8b70c ("efi: add missed destroy_workqueue when efisubsys_init fails")
> Cc: stable@vger.kernel.org
> Cc: Li Heng <liheng40@huawei.com>
> Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Thanks for the fix - I will queue it up after -rc1
> ---
> drivers/firmware/efi/efi.c | 9 ++++++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
> index 09716eebe8ac..a2b0cbc8741c 100644
> --- a/drivers/firmware/efi/efi.c
> +++ b/drivers/firmware/efi/efi.c
> @@ -394,8 +394,8 @@ static int __init efisubsys_init(void)
> efi_kobj = kobject_create_and_add("efi", firmware_kobj);
> if (!efi_kobj) {
> pr_err("efi: Firmware registration failed.\n");
> - destroy_workqueue(efi_rts_wq);
> - return -ENOMEM;
> + error = -ENOMEM;
> + goto err_destroy_wq;
> }
>
> if (efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE |
> @@ -443,7 +443,10 @@ static int __init efisubsys_init(void)
> err_put:
> kobject_put(efi_kobj);
> efi_kobj = NULL;
> - destroy_workqueue(efi_rts_wq);
> +err_destroy_wq:
> + if (efi_rts_wq)
> + destroy_workqueue(efi_rts_wq);
> +
> return error;
> }
>
> --
> 2.37.4
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-12-23 14:37 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-12-19 9:10 [PATCH] efi: fix NULL-deref in init error path Johan Hovold
2022-12-23 14:37 ` Ard Biesheuvel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).