From 4ee39e979c80543095601b4bd812565a0928b56d Mon Sep 17 00:00:00 2001
From: Matt Fleming <matt.fleming@intel.com>
Date: Mon, 29 Apr 2013 19:31:45 +0100
Subject: efi, pstore: Initialise 'entry' before iterating

Seiji reports hitting the following crash when erasing pstore dump
variables,

  BUG: unable to handle kernel NULL pointer dereference at 0000000000000fa4
  IP: [<ffffffff8142dadf>] __efivar_entry_iter+0x2f/0x120
  PGD 18482a067 PUD 190724067 PMD 0
  Oops: 0000 [#1] SMP
  [...]
  Call Trace:
   [<ffffffff8143001f>] efi_pstore_erase+0xdf/0x130
   [<ffffffff81200038>] ? cap_socket_create+0x8/0x10
   [<ffffffff811ea491>] pstore_unlink+0x41/0x60
   [<ffffffff811741ff>] vfs_unlink+0x9f/0x110
   [<ffffffff8117813b>] do_unlinkat+0x18b/0x280
   [<ffffffff81178472>] sys_unlinkat+0x22/0x40
   [<ffffffff81542402>] system_call_fastpath+0x16/0x1b

'entry' needs to be initialised in efi_pstore_erase() when iterating
with __efivar_entry_iter(), otherwise the garbage pointer will be
dereferenced, leading to crashes like the above.

Reported-by: Seiji Aguchi <seiji.aguchi@hds.com>
Tested-by: Seiji Aguchi <seiji.aguchi@hds.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Matthew Garrett <matthew.garrett@nebula.com>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
---
 drivers/firmware/efi/efi-pstore.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'drivers/firmware')

diff --git a/drivers/firmware/efi/efi-pstore.c b/drivers/firmware/efi/efi-pstore.c
index 221ad1bf94de..583ee8037f4d 100644
--- a/drivers/firmware/efi/efi-pstore.c
+++ b/drivers/firmware/efi/efi-pstore.c
@@ -174,7 +174,7 @@ static int efi_pstore_erase(enum pstore_type_id type, u64 id, int count,
 			    struct timespec time, struct pstore_info *psi)
 {
 	struct pstore_erase_data edata;
-	struct efivar_entry *entry;
+	struct efivar_entry *entry = NULL;
 	char name[DUMP_NAME_LEN];
 	efi_char16_t efi_name[DUMP_NAME_LEN];
 	int found, i;
-- 
cgit v1.2.3