We have to check the pointer before dereferencing it. The patch fixes such issues in the efivars module.
Signed-off-by: Andy Shevchenko <[email protected]> --- drivers/firmware/efi/efivars.c | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/drivers/firmware/efi/efivars.c b/drivers/firmware/efi/efivars.c index f256ecd..e62ef79 100644 --- a/drivers/firmware/efi/efivars.c +++ b/drivers/firmware/efi/efivars.c @@ -122,12 +122,14 @@ efivar_create_sysfs_entry(struct efivar_entry *new_var); static ssize_t efivar_guid_read(struct efivar_entry *entry, char *buf) { - struct efi_variable *var = &entry->var; + struct efi_variable *var; char *str = buf; if (!entry || !buf) return 0; + var = &entry->var; + efi_guid_unparse(&var->VendorGuid, str); str += strlen(str); str += sprintf(str, "\n"); @@ -138,12 +140,14 @@ efivar_guid_read(struct efivar_entry *entry, char *buf) static ssize_t efivar_attr_read(struct efivar_entry *entry, char *buf) { - struct efi_variable *var = &entry->var; + struct efi_variable *var; char *str = buf; if (!entry || !buf) return -EINVAL; + var = &entry->var; + var->DataSize = 1024; if (efivar_entry_get(entry, &var->Attributes, &var->DataSize, var->Data)) return -EIO; @@ -171,12 +175,14 @@ efivar_attr_read(struct efivar_entry *entry, char *buf) static ssize_t efivar_size_read(struct efivar_entry *entry, char *buf) { - struct efi_variable *var = &entry->var; + struct efi_variable *var; char *str = buf; if (!entry || !buf) return -EINVAL; + var = &entry->var; + var->DataSize = 1024; if (efivar_entry_get(entry, &var->Attributes, &var->DataSize, var->Data)) return -EIO; @@ -188,11 +194,13 @@ efivar_size_read(struct efivar_entry *entry, char *buf) static ssize_t efivar_data_read(struct efivar_entry *entry, char *buf) { - struct efi_variable *var = &entry->var; + struct efi_variable *var; if (!entry || !buf) return -EINVAL; + var = &entry->var; + var->DataSize = 1024; if (efivar_entry_get(entry, &var->Attributes, &var->DataSize, var->Data)) return -EIO; @@ -280,7 +288,7 @@ efivar_store_raw(struct efivar_entry *entry, const char *buf, size_t count) if (err) return err; - copy_out_compat(&entry->var, compat); + copy_out_compat(var, compat); } else { if (count != sizeof(struct efi_variable)) return -EINVAL; @@ -297,7 +305,7 @@ efivar_store_raw(struct efivar_entry *entry, const char *buf, size_t count) if (err) return err; - memcpy(&entry->var, new_var, count); + memcpy(var, new_var, count); } err = efivar_entry_set(entry, attributes, size, data, NULL); @@ -312,13 +320,15 @@ efivar_store_raw(struct efivar_entry *entry, const char *buf, size_t count) static ssize_t efivar_show_raw(struct efivar_entry *entry, char *buf) { - struct efi_variable *var = &entry->var; + struct efi_variable *var; struct compat_efi_variable *compat; size_t size; if (!entry || !buf) return 0; + var = &entry->var; + var->DataSize = 1024; if (efivar_entry_get(entry, &entry->var.Attributes, &entry->var.DataSize, entry->var.Data)) -- 1.8.3.101.g727a46b -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
