fs/efivarfs: Fix double kfree() in error path

Julia reported that we may double free 'name' in efivarfs_callback(), and that this bug was introduced by commit 0d22f33bc37c ("efi: Don't use spinlocks for efi vars"). Move one of the kfree()s until after the point at which we know we are definitely on the success path. Reported-by: Julia Lawall <julia.lawall@lip6.fr> Acked-by: Julia Lawall <julia.lawall@lip6.fr> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Sylvain Chouleur <sylvain.chouleur@gmail.com> Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
author: Matt Fleming <matt@codeblueprint.co.uk> 2016-08-15 10:29:20 -0400
committer: Matt Fleming <matt@codeblueprint.co.uk> 2016-09-09 11:08:48 -0400
commit: 22c2b77f419bdc9317f00b395283abd33157368e (patch)
tree: 379db94c904ad0916c7cbc9d11c0f0d2fc77f6e1 /fs/efivarfs
parent: 0513fe1d28e45deb39159dbeedf0660c3f0effd2 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c
index 01e3d6e53944..d7a7c53803c1 100644
--- a/fs/efivarfs/super.c
+++ b/fs/efivarfs/super.c
@@ -157,14 +157,14 @@ static int efivarfs_callback(efi_char16_t *name16, efi_guid_t vendor,
                goto fail_inode;
        }
-        /* copied by the above to local storage in the dentry. */
-        kfree(name);
        efivar_entry_size(entry, &size);
        err = efivar_entry_add(entry, &efivarfs_list);
        if (err)
                goto fail_inode;
+        /* copied by the above to local storage in the dentry. */
+        kfree(name);
        inode_lock(inode);
        inode->i_private = entry;
        i_size_write(inode, size + sizeof(entry->var.Attributes));
author	Matt Fleming <matt@codeblueprint.co.uk>	2016-08-15 10:29:20 -0400
committer	Matt Fleming <matt@codeblueprint.co.uk>	2016-09-09 11:08:48 -0400
commit	22c2b77f419bdc9317f00b395283abd33157368e (patch)
tree	379db94c904ad0916c7cbc9d11c0f0d2fc77f6e1 /fs/efivarfs
parent	0513fe1d28e45deb39159dbeedf0660c3f0effd2 (diff)