fs/efivarfs: Fix double kfree() in error path

Julia reported that we may double free 'name' in efivarfs_callback(), and that this bug was introduced by commit 0d22f33bc37c ("efi: Don't use spinlocks for efi vars"). Move one of the kfree()s until after the point at which we know we are definitely on the success path. Reported-by: N Julia Lawall <julia.lawall@lip6.fr> Acked-by: N Julia Lawall <julia.lawall@lip6.fr> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Sylvain Chouleur <sylvain.chouleur@gmail.com> Signed-off-by: N Matt Fleming <matt@codeblueprint.co.uk>

fs/efivarfs: Fix double kfree() in error path
Julia reported that we may double free 'name' in efivarfs_callback(), and that this bug was introduced by commit 0d22f33bc37c ("efi: Don't use spinlocks for efi vars"). Move one of the kfree()s until after the point at which we know we are definitely on the success path. Reported-by: N Julia Lawall <julia.lawall@lip6.fr> Acked-by: N Julia Lawall <julia.lawall@lip6.fr> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Sylvain Chouleur <sylvain.chouleur@gmail.com> Signed-off-by: N Matt Fleming <matt@codeblueprint.co.uk>
22c2b77f · Matt Fleming · 0513fe1d · 22c2b77f
隐藏空白更改
内联并排

Showing with 3 addition and 3 deletion

fs/efivarfs/super.c fs/efivarfs/super.c +3 -3

未找到文件。
--- a/fs/efivarfs/super.c
+++ b/fs/efivarfs/super.c
@@ -157,14 +157,14 @@ static int efivarfs_callback(efi_char16_t *name16, efi_guid_t vendor,
 		goto fail_inode;
 	}

-	/* copied by the above to local storage in the dentry. */
-	kfree(name);
-
 	efivar_entry_size(entry, &size);
 	err = efivar_entry_add(entry, &efivarfs_list);
 	if (err)
 		goto fail_inode;

+	/* copied by the above to local storage in the dentry. */
+	kfree(name);
+
 	inode_lock(inode);
 	inode->i_private = entry;
 	i_size_write(inode, size + sizeof(entry->var.Attributes));