From 19cfdb5646e28f0648eb2e0e953b26991eb757c4 Mon Sep 17 00:00:00 2001 From: Johan Hovold Date: Mon, 2 Sep 2024 10:48:02 +0800 Subject: [PATCH] efi: fix NULL-deref in init error path stable inclusion from stable-v5.10.164 commit 4ca71bc0e1995d15486cd7b60845602a28399cb5 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAKPW7 CVE: CVE-2022-48879 Reference:https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=4ca71bc0e1995d15486cd7b60845602a28399cb5 -------------------------------- [ Upstream commit 703c13fe3c9af557d312f5895ed6a5fda2711104 ] In cases where runtime services are not supported or have been disabled, the runtime services workqueue will never have been allocated. Do not try to destroy the workqueue unconditionally in the unlikely event that EFI initialisation fails to avoid dereferencing a NULL pointer. Fixes: 98086df8b70c ("efi: add missed destroy_workqueue when efisubsys_init fails") Cc: stable@vger.kernel.org Cc: Li Heng Signed-off-by: Johan Hovold Signed-off-by: Ard Biesheuvel Signed-off-by: Sasha Levin Signed-off-by: Gu Bowen --- drivers/firmware/efi/efi.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c index 97a0916d6502..534688df3655 100644 --- a/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c @@ -386,8 +386,8 @@ static int __init efisubsys_init(void) efi_kobj = kobject_create_and_add("efi", firmware_kobj); if (!efi_kobj) { pr_err("efi: Firmware registration failed.\n"); - destroy_workqueue(efi_rts_wq); - return -ENOMEM; + error = -ENOMEM; + goto err_destroy_wq; } if (efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE | @@ -430,7 +430,10 @@ static int __init efisubsys_init(void) generic_ops_unregister(); err_put: kobject_put(efi_kobj); - destroy_workqueue(efi_rts_wq); +err_destroy_wq: + if (efi_rts_wq) + destroy_workqueue(efi_rts_wq); + return error; } -- Gitee