ACK: [PATCH 3/4] efi_runtime: fix memory leak of capsulecaps function

Alex Hung alex.hung at canonical.com
Wed Aug 10 03:05:50 UTC 2016 

On 2016-08-08 05:40 PM, Ivan Hu wrote:
> Signed-off-by: Ivan Hu <ivan.hu at canonical.com>
> ---
>  efi_runtime/efi_runtime.c | 42 ++++++++++++++++++++++++++++++------------
>  1 file changed, 30 insertions(+), 12 deletions(-)
>
> diff --git a/efi_runtime/efi_runtime.c b/efi_runtime/efi_runtime.c
> index 8c77c77..57d4350 100644
> --- a/efi_runtime/efi_runtime.c
> +++ b/efi_runtime/efi_runtime.c
> @@ -579,6 +579,7 @@ static long efi_runtime_query_capsulecaps(unsigned long arg)
>  	efi_status_t status;
>  	uint64_t max_size;
>  	int i, reset_type;
> +	int rv;
>
>  	u_caps = (struct efi_querycapsulecapabilities __user *)arg;
>
> @@ -597,11 +598,15 @@ static long efi_runtime_query_capsulecaps(unsigned long arg)
>  		 * obtain the address of the capsule as it resides in the
>  		 * user space
>  		 */
> -		if (get_user(c, caps.capsule_header_array + i))
> -			return -EFAULT;
> +		if (get_user(c, caps.capsule_header_array + i)) {
> +			rv = -EFAULT;
> +			goto err_exit;
> +		}
>  		if (copy_from_user(&capsules[i], c,
> -				sizeof(efi_capsule_header_t)))
> -			return -EFAULT;
> +				sizeof(efi_capsule_header_t))) {
> +			rv = -EFAULT;
> +			goto err_exit;
> +		}
>  	}
>
>  	caps.capsule_header_array = &capsules;
> @@ -611,19 +616,32 @@ static long efi_runtime_query_capsulecaps(unsigned long arg)
>  					caps.capsule_count,
>  					&max_size, &reset_type);
>
> -	if (put_user(status, caps.status))
> -		return -EFAULT;
> +	if (put_user(status, caps.status)) {
> +		rv = -EFAULT;
> +		goto err_exit;
> +	}
>
> -	if (put_user(max_size, caps.maximum_capsule_size))
> -		return -EFAULT;
> +	if (put_user(max_size, caps.maximum_capsule_size)) {
> +		rv = -EFAULT;
> +		goto err_exit;
> +	}
>
> -	if (put_user(reset_type, caps.reset_type))
> -		return -EFAULT;
> +	if (put_user(reset_type, caps.reset_type)) {
> +		rv = -EFAULT;
> +		goto err_exit;
> +	}
>
> -	if (status != EFI_SUCCESS)
> -		return -EINVAL;
> +	if (status != EFI_SUCCESS) {
> +		rv = -EINVAL;
> +		goto err_exit;
> +	}
>
> +	kfree(capsules);
>  	return 0;
> +
> +err_exit:
> +	kfree(capsules);
> +	return rv;
>  }
>  #endif
>
>


Acked-by: Alex Hung <alex.hung at canonical.com>

More information about the fwts-devel mailing list