CVS commit: src/sys/dev

Sun, 10 Oct 2021 07:52:40 -0700 

Module Name:    src
Committed By:   jmcneill
Date:           Sun Oct 10 14:52:30 UTC 2021

Modified Files:
        src/sys/dev: efi.c

Log Message:
UEFI calls can modify size inputs, so stash them for use with kmem_free


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/sys/dev/efi.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/dev/efi.c
diff -u src/sys/dev/efi.c:1.1 src/sys/dev/efi.c:1.2
--- src/sys/dev/efi.c:1.1	Sun Oct 10 13:03:09 2021
+++ src/sys/dev/efi.c	Sun Oct 10 14:52:30 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: efi.c,v 1.1 2021/10/10 13:03:09 jmcneill Exp $ */
+/* $NetBSD: efi.c,v 1.2 2021/10/10 14:52:30 jmcneill Exp $ */
 
 /*-
  * Copyright (c) 2021 Jared McNeill <jmcne...@invisible.ca>
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: efi.c,v 1.1 2021/10/10 13:03:09 jmcneill Exp $");
+__KERNEL_RCSID(0, "$NetBSD: efi.c,v 1.2 2021/10/10 14:52:30 jmcneill Exp $");
 
 #include <sys/param.h>
 #include <sys/conf.h>
@@ -151,6 +151,7 @@ efi_ioctl_var_get(struct efi_var_ioc *va
 {
 	uint16_t *namebuf;
 	void *databuf = NULL;
+	size_t datasize;
 	efi_status status;
 	int error;
 
@@ -171,9 +172,10 @@ efi_ioctl_var_get(struct efi_var_ioc *va
 		error = EINVAL;
 		goto done;
 	}
-	if (var->datasize != 0) {
-		databuf = kmem_alloc(var->datasize, KM_SLEEP);
-		error = copyin(var->data, databuf, var->datasize);
+	datasize = var->datasize;
+	if (datasize != 0) {
+		databuf = kmem_alloc(datasize, KM_SLEEP);
+		error = copyin(var->data, databuf, datasize);
 		if (error != 0) {
 			goto done;
 		}
@@ -194,7 +196,7 @@ efi_ioctl_var_get(struct efi_var_ioc *va
 done:
 	kmem_free(namebuf, var->namesize);
 	if (databuf != NULL) {
-		kmem_free(databuf, var->datasize);
+		kmem_free(databuf, datasize);
 	}
 	return error;
 }
@@ -204,6 +206,7 @@ efi_ioctl_var_next(struct efi_var_ioc *v
 {
 	efi_status status;
 	uint16_t *namebuf;
+	size_t namesize;
 	int error;
 
 	if (var->name == NULL || var->namesize == 0) {
@@ -213,8 +216,9 @@ efi_ioctl_var_next(struct efi_var_ioc *v
 		return ENOMEM;
 	}
 
-	namebuf = kmem_alloc(var->namesize, KM_SLEEP);
-	error = copyin(var->name, namebuf, var->namesize);
+	namesize = var->namesize;
+	namebuf = kmem_alloc(namesize, KM_SLEEP);
+	error = copyin(var->name, namebuf, namesize);
 	if (error != 0) {
 		goto done;
 	}
@@ -231,7 +235,7 @@ efi_ioctl_var_next(struct efi_var_ioc *v
 	}
 
 done:
-	kmem_free(namebuf, var->namesize);
+	kmem_free(namebuf, namesize);
 	return error;
 }

Reply via email to