efi: Fix error handling in add_sysfs_runtime_map_entry()

commit d67e1996 upstream. I spotted two (difficult to hit) bugs while reviewing this. 1) There is a double free bug because we unregister "map_kset" in add_sysfs_runtime_map_entry() and also efi_runtime_map_init(). 2) If we fail to allocate "entry" then we should return ERR_PTR(-ENOMEM) instead of NULL. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Cc: Dave Young <dyoung@redhat.com> Cc: Guangyu Sun <guangyu.sun@oracle.com> Signed-off-by: Matt Fleming <matt.fleming@intel.com> Signed-off-by: Luis Henriques <luis.henriques@canonical.com>

efi: Fix error handling in add_sysfs_runtime_map_entry()
commit d67e1996 upstream. I spotted two (difficult to hit) bugs while reviewing this. 1) There is a double free bug because we unregister "map_kset" in add_sysfs_runtime_map_entry() and also efi_runtime_map_init(). 2) If we fail to allocate "entry" then we should return ERR_PTR(-ENOMEM) instead of NULL. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Cc: Dave Young <dyoung@redhat.com> Cc: Guangyu Sun <guangyu.sun@oracle.com> Signed-off-by: Matt Fleming <matt.fleming@intel.com> Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
adba19f3 · Dan Carpenter · Luis Henriques · a6acb9ff · adba19f3
Commit adba19f3 authored Apr 21, 2015 by Dan Carpenter Committed by Luis Henriques May 20, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

drivers/firmware/efi/runtime-map.c drivers/firmware/efi/runtime-map.c +3 -3

No files found.
--- a/drivers/firmware/efi/runtime-map.c
+++ b/drivers/firmware/efi/runtime-map.c
@@ -120,7 +120,8 @@ add_sysfs_runtime_map_entry(struct kobject *kobj, int nr)
 	entry = kzalloc(sizeof(*entry), GFP_KERNEL);
 	if (!entry) {
 		kset_unregister(map_kset);
-		return entry;
+		map_kset = NULL;
+		return ERR_PTR(-ENOMEM);
 	}

 	memcpy(&entry->md, efi_runtime_map + nr * efi_memdesc_size,
@@ -132,6 +133,7 @@ add_sysfs_runtime_map_entry(struct kobject *kobj, int nr)
 	if (ret) {
 		kobject_put(&entry->kobj);
 		kset_unregister(map_kset);
+		map_kset = NULL;
 		return ERR_PTR(ret);
 	}

@@ -174,8 +176,6 @@ int __init efi_runtime_map_init(struct kobject *efi_kobj)
 		entry = *(map_entries + j);
 		kobject_put(&entry->kobj);
 	}
-	if (map_kset)
-		kset_unregister(map_kset);
 out:
 	return ret;
 }