Received: by 2002:ab2:1689:0:b0:1f7:5705:b850 with SMTP id d9csp1450919lqa;
        Mon, 29 Apr 2024 08:48:28 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCWipI2afYrohublmN5CUwy3QgKWsvsYxdpghbSwTX8P6cwYcWBwdCjoURrbs4wA+xL6vADDvN91FgKMFnFgmdhsOB80b79wNKQS211zMw==
X-Google-Smtp-Source: AGHT+IEr/hjbVtBwVccD0L9nVf1tsgL8Nt8+BnZ/1dxx+YK8tRpXc2jumyfkO30siiWuQp+BwQnA
X-Received: by 2002:a17:906:1c8b:b0:a58:c09d:1484 with SMTP id g11-20020a1709061c8b00b00a58c09d1484mr10481544ejh.7.1714405708529;
        Mon, 29 Apr 2024 08:48:28 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1714405708; cv=pass;
        d=google.com; s=arc-20160816;
        b=gx8x4hAo0J+yI0S6JkjD1BHlfG82rUYmm3fleFWISBP0ORbGTTi1sM/of6Q8xePajJ
         9Ey3xbPKzpS154PjxP17O3Us4AI+fzPpgbsLkdZWleI2+cQA74kKp8b1LjgM/4c9MJt9
         YIrMsbT7qqu1Qp7vKohqYBxXoWPeIYK3OvZzyAiP9sRx5D0zTZrSI+LNzuGsyOLG+y1h
         Au7yodIbZU7gFMjFrDT6tQqEgQPouM0qUVKoSm+zVskc0uxqxX92gSQ5LYTcwlwWsQOc
         JT4zQ0i7m7s6ReRm56I7lH4KhjbMEItllGKM2JTNqb/sPNjksAMVtY0BMoiaFi2/6Sl3
         /XkQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:list-unsubscribe:list-subscribe:list-id:precedence
         :dkim-signature;
        bh=VPOJUSGK14KkKAmuLAolnVl7BN2gh2KST7kFiBZH/xw=;
        fh=AVGSCScSbS64s/4962BMT9Xvdv+FYW8u6fKUZVQyZdQ=;
        b=uXJveCZy6slapYs6q4RqS7pG+x8imS0CZD/e7P3tHxMC/Jn2cStWhAldmE5QjWl4/g
         rP/rnXodGQJSWZwvNtZ8Uppbh2biiZ11xEj9MlwwBqgcM9mQ9j8NT2xmIZ2K3thLfN32
         rvHTi1iPXEZqDV5RA5llnY8RjyorrlPWS3/zf6XHP4CxsNcAxj0QusV/lzJQZdLjwJ2v
         GFWdDPRnGZHj9iWB6n5JDgTZyOUm5jBPEHABMJ//cRsg6m8PLaAfD2TD9tfdKi0gMZI1
         ZofwxwUFewKkN4dHdLl//nbnnmQmAZpbywgh0r1HTEo9JnnGmtWHWGxxwZyHEcuU5wV0
         i9mQ==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=lMc9yYED;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-162610-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-162610-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel+bounces-162610-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3])
        by mx.google.com with ESMTPS id js10-20020a17090797ca00b00a55b1959c7fsi10985239ejc.573.2024.04.29.08.48.28
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 29 Apr 2024 08:48:28 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-162610-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=lMc9yYED;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-162610-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-162610-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id 44DD21F21DC7
	for <linux.lists.archive@gmail.com>; Mon, 29 Apr 2024 15:48:28 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 63A7F82D9C;
	Mon, 29 Apr 2024 15:48:19 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="lMc9yYED"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 86C0282881;
	Mon, 29 Apr 2024 15:48:18 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1714405698; cv=none; b=gCshtltMs7aQygQ8UBthwvgXvEm+o/Gt5k4AHszLa+uRMB0ydwixdoNbVvfKAwvNu0oegvNMHujqH/r8RIRpwwpaR6j90KePtxlq3xoDLSRIf5/RuyrWmRWxe4Rf95p2MY+FSeb+K10bVt0a1JTdn95n1ff7njCF9J8MBv7TuBQ=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1714405698; c=relaxed/simple;
	bh=q0TrEuqJ399P2tU46vjogSsElHWc/nM7/9Z+Al4Ihls=;
	h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:
	 To:Cc:Content-Type; b=OBI0cy5evpflUZidOkyAmvjxuksL4qTgu+1nC5mycEJrnwxhaqnP50Yk4pBD8KIHGbn2qeHYFsdcbfP+kSV05gS4nrvPko2fwskoXXOb6WtLG/hGngcnAfT5dwEexLjp/7HhANd3hI3F/ZVZx7v0AuT4hZmx2Ar+pFXNg7qSfbU=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=lMc9yYED; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 13401C113CD;
	Mon, 29 Apr 2024 15:48:18 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1714405698;
	bh=q0TrEuqJ399P2tU46vjogSsElHWc/nM7/9Z+Al4Ihls=;
	h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
	b=lMc9yYEDyzeRZOJ1DRUT7SFpqY0LFuNwm2GRW2x2+4sUM7hTHv2OuNtKaNnQRJKHJ
	 ZQxj5mkTm8xhpjAE+gbLHw4eaTyF58ajvnGBOcHEY+04zix7O+IFSlWCa7RG2grPXU
	 bASVDmSzzNxqEKnUWhe66Lv/D8jUNNmhOiHs810CbbJYDiLAXDh0NQuPKM3gIUiJjE
	 NWqBY/ffZIk/VT1uhSMNEOSDWi3Ke7G+hILanka25TL5nSmc5g4JI4GJNeoNpnRn5c
	 qfDacGm6CMtmvyOq8M0a3yxpeZVKBongaytfhWthBPy24zkIx15HjVN+Ir57f7dppL
	 Kbpvz+lYzGXRA==
Received: by mail-lf1-f46.google.com with SMTP id 2adb3069b0e04-51ca95db667so4074055e87.0;
        Mon, 29 Apr 2024 08:48:17 -0700 (PDT)
X-Forwarded-Encrypted: i=1; AJvYcCUP5nZVHWN9lHtDCg/dvclg1HKyxFE0UaWtTRUgDd2NBhycQsO5z62Ihmv5CI2f2TtheRsWcmuuuBVGddMY56gaPZ0c+OSyItqo6bk5OXKy+9kEHV/JwCjWnzNJ1jyJoSRLRVkE5IqHOKJiqZs6/qwq+TeSWPHGFgadePtRIwfq
X-Gm-Message-State: AOJu0YyOvLxrGORjvkqf2N7jeQpWYMOmbqEA5ygfnVW+jZAFptY2hV/p
	Sfb3pLX+jRn8H2GD7O04kp0DS8/p4KNwiWUl5XGVPX0jKBDi42iyYhUklN4KEJ3R/Vtjw9160UT
	aRrMYFY7/B07g2vZBoxx42xAGv0k=
X-Received: by 2002:a05:6512:781:b0:51a:f31f:fc6e with SMTP id
 x1-20020a056512078100b0051af31ffc6emr7462063lfr.14.1714405696431; Mon, 29 Apr
 2024 08:48:16 -0700 (PDT)
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
References: <20240423135928.1200-1-hagarhem@amazon.com>
In-Reply-To: <20240423135928.1200-1-hagarhem@amazon.com>
From: Ard Biesheuvel <ardb@kernel.org>
Date: Mon, 29 Apr 2024 17:48:05 +0200
X-Gmail-Original-Message-ID: <CAMj1kXHiPcgC7-kXToivcbfyHe9g3Cg6__TFWhHYRUcOJ8hy1g@mail.gmail.com>
Message-ID: <CAMj1kXHiPcgC7-kXToivcbfyHe9g3Cg6__TFWhHYRUcOJ8hy1g@mail.gmail.com>
Subject: Re: [PATCH v2] efi: libstub: only free priv.runtime_map when allocated
To: Hagar Hemdan <hagarhem@amazon.com>
Cc: Maximilian Heyne <mheyne@amazon.de>, Pratyush Yadav <ptyadav@amazon.de>, 
	Norbert Manthey <nmanthey@amazon.de>, stable@vger.kernel.org, linux-efi@vger.kernel.org, 
	linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"

On Tue, 23 Apr 2024 at 16:00, Hagar Hemdan <hagarhem@amazon.com> wrote:
>
> priv.runtime_map is only allocated when efi_novamap is not set.
> Otherwise, it is an uninitialized value.
> In the error path, it is freed unconditionally.
> Avoid passing an uninitialized value to free_pool.
> Free priv.runtime_map only when it was allocated.
>
> This bug was discovered and resolved using Coverity Static Analysis
> Security Testing (SAST) by Synopsys, Inc.
>
> Fixes: f80d26043af9 ("efi: libstub: avoid efi_get_memory_map() for allocating the virt map")
> Cc: stable@vger.kernel.org
> Signed-off-by: Hagar Hemdan <hagarhem@amazon.com>
> ---
> v2: added Cc stable tag to the commit message as requested by kernel
> test robot.
> ---
>  drivers/firmware/efi/libstub/fdt.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>

Queued up in efi/next, thanks.

> diff --git a/drivers/firmware/efi/libstub/fdt.c b/drivers/firmware/efi/libstub/fdt.c
> index 70e9789ff9de..6a337f1f8787 100644
> --- a/drivers/firmware/efi/libstub/fdt.c
> +++ b/drivers/firmware/efi/libstub/fdt.c
> @@ -335,8 +335,8 @@ efi_status_t allocate_new_fdt_and_exit_boot(void *handle,
>
>  fail:
>         efi_free(fdt_size, fdt_addr);
> -
> -       efi_bs_call(free_pool, priv.runtime_map);
> +       if (!efi_novamap)
> +               efi_bs_call(free_pool, priv.runtime_map);
>
>         return EFI_LOAD_ERROR;
>  }
> --
> 2.40.1
>