mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-07 14:32:23 +00:00
fs/efivarfs: Fix double kfree() in error path
Julia reported that we may double free 'name' in efivarfs_callback(), and that this bug was introduced by commit 0d22f33bc37c ("efi: Don't use spinlocks for efi vars"). Move one of the kfree()s until after the point at which we know we are definitely on the success path. Reported-by: Julia Lawall <julia.lawall@lip6.fr> Acked-by: Julia Lawall <julia.lawall@lip6.fr> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Sylvain Chouleur <sylvain.chouleur@gmail.com> Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
This commit is contained in:
parent
0513fe1d28
commit
22c2b77f41
@ -157,14 +157,14 @@ static int efivarfs_callback(efi_char16_t *name16, efi_guid_t vendor,
|
||||
goto fail_inode;
|
||||
}
|
||||
|
||||
/* copied by the above to local storage in the dentry. */
|
||||
kfree(name);
|
||||
|
||||
efivar_entry_size(entry, &size);
|
||||
err = efivar_entry_add(entry, &efivarfs_list);
|
||||
if (err)
|
||||
goto fail_inode;
|
||||
|
||||
/* copied by the above to local storage in the dentry. */
|
||||
kfree(name);
|
||||
|
||||
inode_lock(inode);
|
||||
inode->i_private = entry;
|
||||
i_size_write(inode, size + sizeof(entry->var.Attributes));
|
||||
|
Loading…
Reference in New Issue
Block a user