efi, pstore: Initialise 'entry' before iterating

Seiji reports hitting the following crash when erasing pstore dump
variables,

  BUG: unable to handle kernel NULL pointer dereference at 0000000000000fa4
  IP: [<ffffffff8142dadf>] __efivar_entry_iter+0x2f/0x120
  PGD 18482a067 PUD 190724067 PMD 0
  Oops: 0000 [#1] SMP
  [...]
  Call Trace:
   [<ffffffff8143001f>] efi_pstore_erase+0xdf/0x130
   [<ffffffff81200038>] ? cap_socket_create+0x8/0x10
   [<ffffffff811ea491>] pstore_unlink+0x41/0x60
   [<ffffffff811741ff>] vfs_unlink+0x9f/0x110
   [<ffffffff8117813b>] do_unlinkat+0x18b/0x280
   [<ffffffff81178472>] sys_unlinkat+0x22/0x40
   [<ffffffff81542402>] system_call_fastpath+0x16/0x1b

'entry' needs to be initialised in efi_pstore_erase() when iterating
with __efivar_entry_iter(), otherwise the garbage pointer will be
dereferenced, leading to crashes like the above.

Reported-by: Seiji Aguchi <seiji.aguchi@hds.com>
Tested-by: Seiji Aguchi <seiji.aguchi@hds.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Matthew Garrett <matthew.garrett@nebula.com>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>

diff --git a/drivers/firmware/efi/efi-pstore.c b/drivers/firmware/efi/efi-pstore.c
index 221ad1bf94de9f634a29d6f62c5ec1fe2fb0e8a0..583ee8037f4deabe57f0aae6db07d8641517d00a 100644 (file)
--- a/drivers/firmware/efi/efi-pstore.c
+++ b/drivers/firmware/efi/efi-pstore.c
@@ -174,7 +174,7 @@ static int efi_pstore_erase(enum pstore_type_id type, u64 id, int count,
                            struct timespec time, struct pstore_info *psi)
 {
        struct pstore_erase_data edata;
-       struct efivar_entry *entry;
+       struct efivar_entry *entry = NULL;
        char name[DUMP_NAME_LEN];
        efi_char16_t efi_name[DUMP_NAME_LEN];
        int found, i;