[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH for-4.5 V6 13/14] Fix freeing of uninitialized pointer

To: "Roy Franz" <roy.franz@xxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Wed, 24 Sep 2014 10:07:50 +0100
Cc: keir@xxxxxxx, ian.campbell@xxxxxxxxxx, tim@xxxxxxx, xen-devel@xxxxxxxxxxxxx, stefano.stabellini@xxxxxxxxxx, fu.wei@xxxxxxxxxx
Delivery-date: Wed, 24 Sep 2014 09:07:55 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 24.09.14 at 07:03, <roy.franz@xxxxxxxxxx> wrote:
> The only valid response from the LocateHandle() call is EFI_BUFFER_TOO_SMALL,
> so exit if we get anything else.  We pass a 0 size/NULL pointer buffer, so the
> only other returns we will get is an error.  Return right away as there is
> nothing to do.  Also return if there is an error allocating the buffer, as the
> previous code path also allowed for an undefined pointer to be freed.
> 
> Signed-off-by: Roy Franz <roy.franz@xxxxxxxxxx>

Thanks, but I restructured the patch (see below). Additionally such
bug fixes would better be placed at the start of a series to ease
backporting.

Jan

x86/EFI: fix freeing of uninitialized pointer

The only valid response from the LocateHandle() call is EFI_BUFFER_TOO_SMALL,
so exit if we get anything else.  We pass a 0 size/NULL pointer buffer, so the
only other returns we will get is an error.  Return right away as there is
nothing to do.  Also return if there is an error allocating the buffer, as the
previous code path also allowed for an undefined pointer to be freed.

Signed-off-by: Roy Franz <roy.franz@xxxxxxxxxx>

Re-structure the change.

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

--- a/xen/arch/x86/efi/boot.c
+++ b/xen/arch/x86/efi/boot.c
@@ -595,11 +595,12 @@ static void __init setup_efi_pci(void)
     struct efi_pci_rom *last = NULL;
 
     status = efi_bs->LocateHandle(ByProtocol, &pci_guid, NULL, &size, NULL);
-    if ( status == EFI_BUFFER_TOO_SMALL )
-        status = efi_bs->AllocatePool(EfiLoaderData, size, (void **)&handles);
-    if ( !EFI_ERROR(status) )
-        status = efi_bs->LocateHandle(ByProtocol, &pci_guid, NULL, &size,
-                                      handles);
+    if ( status != EFI_BUFFER_TOO_SMALL )
+        return;
+    status = efi_bs->AllocatePool(EfiLoaderData, size, (void **)&handles);
+    if ( EFI_ERROR(status) )
+        return;
+    status = efi_bs->LocateHandle(ByProtocol, &pci_guid, NULL, &size, handles);
     if ( EFI_ERROR(status) )
         size = 0;
 




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH for-4.5 V6 13/14] Fix freeing of uninitialized pointer
  - From: Roy Franz

References:
- [Xen-devel] [PATCH for-4.5 V6 00/14] arm64 EFI stub
  - From: Roy Franz
- [Xen-devel] [PATCH for-4.5 V6 13/14] Fix freeing of uninitialized pointer
  - From: Roy Franz

Prev by Date: Re: [Xen-devel] [PATCH v4] xenstore: extend the xenstore ring with a 'closing' signal
Next by Date: [Xen-devel] [PATCH for-4.5 v9 04/19] xen: Relocate p2m_mem_access_resume to mem_access common
Previous by thread: [Xen-devel] [PATCH for-4.5 V6 13/14] Fix freeing of uninitialized pointer
Next by thread: Re: [Xen-devel] [PATCH for-4.5 V6 13/14] Fix freeing of uninitialized pointer
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.