Received: by 2002:ab2:6203:0:b0:1f5:f2ab:c469 with SMTP id o3csp2950287lqt;
        Tue, 23 Apr 2024 06:40:59 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCV5u7GndWsgbqzAqX7I+VXz5qHlh5/QZ3oT4C3w0FCe9nDJqMZ2Nlv+1QYcs2LgiCdsUuywosRsSzfjlVGbSx+Dd0Z7+p0/AcWEafZyBg==
X-Google-Smtp-Source: AGHT+IEI3ZlU2o7agi1hqDUD9IWDIGV7jpVe1i0Iz14ij21HJQZ42+UoxiGtwW4jqF+gy3q7XUcY
X-Received: by 2002:a6b:750d:0:b0:7da:7e67:678 with SMTP id l13-20020a6b750d000000b007da7e670678mr11249451ioh.6.1713879658927;
        Tue, 23 Apr 2024 06:40:58 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1713879658; cv=pass;
        d=google.com; s=arc-20160816;
        b=tWVkMaakIsCUlVFJn9k3Q9iSyosVysM8CKkgu1w0n6NHKLRsDn7PuuSRQkeE1xVj45
         HgVdJkksuU374YEF9fML0S94ECnf5uahuIwFknGuwf3gaDgXlQxGbEKdgIzDMBqjjQv4
         unxuBKkZ99WbdFBT9CmCMsrs5dl6A3MaYakiEdGSdzr/OSdu2nHOqdWz9FWL4WlPHKdI
         97wAvbaEBdo4eIBRPKaxsp+qRBV6gCzRxxoEGMLH1L2Qoprq4bVPwbxB57u+AwCCjw9Q
         swGYSFHowc9sSuj3InylLpB5ykhHGBUDM6Jcqfsot+FRZ7rMD6fg7Q0snEHXGVfqK0iy
         JPtQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=QNgZ08cu6G7jRe5L0bfia3hVc4v0QPDb5H9DVfDn474=;
        fh=wsJNG2zWeCxXVO49gHB/XqtQTV07oWS5JJwlsbxe2jA=;
        b=Gd55M/gV/Utmg28LdUXRUe81Wl8iogU9OUnBQnmko9D1NTBDuQXJqTCcro/umG/q3r
         cAcmrUn9TKcQiPqPqqJsRnFog/CBBB+L9NDBrRnZhhQl8uMVF/YYciJhh1nfDfDFqxFs
         PMms+pdpKQ4sB+n3UzFGCiGYFzZl+wpnod4tBs6oscznhK0qBU3Ko0AuQrajv7qYOLS5
         bJmZ3YCzLre5CvHuenCmW+HoBSudaZmj8VO2Hnx+CryWO4JYdLM2e10b8qAgVBK0zXcP
         FEe2jZuvMMMr7cb0uXttdfNDVK7CuX+2o96pG4jc73xrk7IqfOCCt4+vJred/nysKi1t
         yCkQ==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=OB7MF+1r;
       arc=pass (i=1 spf=pass spfdomain=amazon.com dkim=pass dkdomain=amazon.com dmarc=pass fromdomain=amazon.com);
       spf=pass (google.com: domain of linux-kernel+bounces-155292-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-155292-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com
Return-Path: <linux-kernel+bounces-155292-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99])
        by mx.google.com with ESMTPS id c30-20020a631c5e000000b005cfbd190e58si9234138pgm.115.2024.04.23.06.40.58
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 23 Apr 2024 06:40:58 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-155292-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=OB7MF+1r;
       arc=pass (i=1 spf=pass spfdomain=amazon.com dkim=pass dkdomain=amazon.com dmarc=pass fromdomain=amazon.com);
       spf=pass (google.com: domain of linux-kernel+bounces-155292-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-155292-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id B6DE0282E01
	for <linux.lists.archive@gmail.com>; Tue, 23 Apr 2024 13:37:33 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 83CCD136983;
	Tue, 23 Apr 2024 13:37:26 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="OB7MF+1r"
Received: from smtp-fw-6001.amazon.com (smtp-fw-6001.amazon.com [52.95.48.154])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 12CDF18E28;
	Tue, 23 Apr 2024 13:37:23 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=52.95.48.154
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1713879445; cv=none; b=Nk/+eIZj65NO31IqTiMbLb/pWQVZcmD0w/gEE6tFl9axJGnoyaKftHYs/Q3GliJojMD/LX2kMp+IAqxin8ubcmpCiHZJajDcYOsHVwVeYLHFFezcXm0MGSBav/7cJvTucyr6rdEj2lZ2NmU3UCWMjkQoahRvGso0dDxj5t94i0c=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1713879445; c=relaxed/simple;
	bh=dsVKS75rk/XJ1PdxuK8KFQuKjzQDb/YS3gKI282VATA=;
	h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type; b=fIcPlJaTuecphgYN33QcYIgn8yLTZ7z22gKdg6IhqcAuH8q12FvZ5bpbB483uWUG8j3SyORb5AQvevpvSYB3YLIsDPdVbMc7coZ6wnegUk9DwAuOHD6e3xkJ2XOpJxaJJf0vgNBau2RsuHtWOmdvQJF5LbAX4LGuqMYAAGpCLJI=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.com; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b=OB7MF+1r; arc=none smtp.client-ip=52.95.48.154
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
  d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209;
  t=1713879444; x=1745415444;
  h=from:to:cc:subject:date:message-id:mime-version:
   content-transfer-encoding;
  bh=QNgZ08cu6G7jRe5L0bfia3hVc4v0QPDb5H9DVfDn474=;
  b=OB7MF+1rpTQrSRAlt1oqA8CN5W/fG10eNUQSGUKmC6zJSs8MMcaafpdu
   iwvUMLE38w3SfmlXSBXTttfvQaGwmxj460GFnzoW5K5GIkkokQo2G66yj
   IGu0h099DXeHcncMlF6M7lth5Q1Yl21vRF1iSqyctbp7VqfNFcuN/qRTx
   Y=;
X-IronPort-AV: E=Sophos;i="6.07,222,1708387200"; 
   d="scan'208";a="391891265"
Received: from iad12-co-svc-p1-lb1-vlan2.amazon.com (HELO smtpout.prod.us-east-1.prod.farcaster.email.amazon.dev) ([10.43.8.2])
  by smtp-border-fw-6001.iad6.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Apr 2024 13:37:21 +0000
Received: from EX19MTAEUA002.ant.amazon.com [10.0.10.100:14814]
 by smtpin.naws.eu-west-1.prod.farcaster.email.amazon.dev [10.0.1.110:2525] with esmtp (Farcaster)
 id 99e54c7e-3d8e-4df9-a177-c498b08e7836; Tue, 23 Apr 2024 13:37:20 +0000 (UTC)
X-Farcaster-Flow-ID: 99e54c7e-3d8e-4df9-a177-c498b08e7836
Received: from EX19D002EUC001.ant.amazon.com (10.252.51.219) by
 EX19MTAEUA002.ant.amazon.com (10.252.50.126) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.1258.28; Tue, 23 Apr 2024 13:37:20 +0000
Received: from EX19MTAUWA001.ant.amazon.com (10.250.64.204) by
 EX19D002EUC001.ant.amazon.com (10.252.51.219) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.1258.28; Tue, 23 Apr 2024 13:37:19 +0000
Received: from dev-dsk-hagarhem-1b-b868d8d5.eu-west-1.amazon.com
 (10.253.65.58) by mail-relay.amazon.com (10.250.64.204) with Microsoft SMTP
 Server id 15.2.1258.28 via Frontend Transport; Tue, 23 Apr 2024 13:37:19
 +0000
Received: by dev-dsk-hagarhem-1b-b868d8d5.eu-west-1.amazon.com (Postfix, from userid 23002382)
	id BCAB820D4A; Tue, 23 Apr 2024 13:37:18 +0000 (UTC)
From: Hagar Hemdan <hagarhem@amazon.com>
To:
CC: Maximilian Heyne <mheyne@amazon.de>, Pratyush Yadav <ptyadav@amazon.de>,
	Norbert Manthey <nmanthey@amazon.de>, <stable@vger.kernel.org>, Hagar Hemdan
	<hagarhem@amazon.com>, Ard Biesheuvel <ardb@kernel.org>,
	<linux-efi@vger.kernel.org>, <linux-kernel@vger.kernel.org>
Subject: [PATCH] efi: libstub: only free priv.runtime_map when allocated
Date: Tue, 23 Apr 2024 13:36:33 +0000
Message-ID: <20240423133635.19679-1-hagarhem@amazon.com>
X-Mailer: git-send-email 2.40.1
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain

priv.runtime_map is only allocated when efi_novamap is not set.
Otherwise, it is an uninitialized value.
In the error path, it is freed unconditionally.
Avoid passing an uninitialized value to free_pool.
Free priv.runtime_map only when it was allocated.

This bug was discovered and resolved using Coverity Static Analysis
Security Testing (SAST) by Synopsys, Inc.

Fixes: f80d26043af9 ("efi: libstub: avoid efi_get_memory_map() for allocating the virt map")
Signed-off-by: Hagar Hemdan <hagarhem@amazon.com>
---
 drivers/firmware/efi/libstub/fdt.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/firmware/efi/libstub/fdt.c b/drivers/firmware/efi/libstub/fdt.c
index 70e9789ff9de..6a337f1f8787 100644
--- a/drivers/firmware/efi/libstub/fdt.c
+++ b/drivers/firmware/efi/libstub/fdt.c
@@ -335,8 +335,8 @@ efi_status_t allocate_new_fdt_and_exit_boot(void *handle,
 
 fail:
 	efi_free(fdt_size, fdt_addr);
-
-	efi_bs_call(free_pool, priv.runtime_map);
+	if (!efi_novamap)
+		efi_bs_call(free_pool, priv.runtime_map);
 
 	return EFI_LOAD_ERROR;
 }
-- 
2.40.1