efi, pstore: Initialise 'entry' before iterating

Seiji reports hitting the following crash when erasing pstore dump variables, BUG: unable to handle kernel NULL pointer dereference at 0000000000000fa4 IP: [<ffffffff8142dadf>] __efivar_entry_iter+0x2f/0x120 PGD 18482a067 PUD 190724067 PMD 0 Oops: 0000 [#1] SMP [...] Call Trace: [<ffffffff8143001f>] efi_pstore_erase+0xdf/0x130 [<ffffffff81200038>] ? cap_socket_create+0x8/0x10 [<ffffffff811ea491>] pstore_unlink+0x41/0x60 [<ffffffff811741ff>] vfs_unlink+0x9f/0x110 [<ffffffff8117813b>] do_unlinkat+0x18b/0x280 [<ffffffff81178472>] sys_unlinkat+0x22/0x40 [<ffffffff81542402>] system_call_fastpath+0x16/0x1b 'entry' needs to be initialised in efi_pstore_erase() when iterating with __efivar_entry_iter(), otherwise the garbage pointer will be dereferenced, leading to crashes like the above. Reported-by: Seiji Aguchi <seiji.aguchi@hds.com> Tested-by: Seiji Aguchi <seiji.aguchi@hds.com> Cc: Tony Luck <tony.luck@intel.com> Cc: Matthew Garrett <matthew.garrett@nebula.com> Signed-off-by: Matt Fleming <matt.fleming@intel.com>
2013-04-29 19:31:45 +01:00 · 2013-04-29 19:31:45 +01:00 · 4ee39e979c
--- a/drivers/firmware/efi/efi-pstore.c
+++ b/drivers/firmware/efi/efi-pstore.c
@ -174,7 +174,7 @@ static int efi_pstore_erase(enum pstore_type_id type, u64 id, int count,
 			    struct timespec time, struct pstore_info *psi)
 {
 	struct pstore_erase_data edata;
-	struct efivar_entry *entry;
+	struct efivar_entry *entry = NULL;
 	char name[DUMP_NAME_LEN];
 	efi_char16_t efi_name[DUMP_NAME_LEN];
 	int found, i;