From 7324bf195d9c1fffc08cae0e2295eb495bb946e6 Mon Sep 17 00:00:00 2001 From: jmcneill Date: Sun, 10 Oct 2021 14:52:30 +0000 Subject: [PATCH] UEFI calls can modify size inputs, so stash them for use with kmem_free --- sys/dev/efi.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/sys/dev/efi.c b/sys/dev/efi.c index 3d5affab0fa2..d3bb8ed3cb58 100644 --- a/sys/dev/efi.c +++ b/sys/dev/efi.c @@ -1,4 +1,4 @@ -/* $NetBSD: efi.c,v 1.1 2021/10/10 13:03:09 jmcneill Exp $ */ +/* $NetBSD: efi.c,v 1.2 2021/10/10 14:52:30 jmcneill Exp $ */ /*- * Copyright (c) 2021 Jared McNeill @@ -32,7 +32,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: efi.c,v 1.1 2021/10/10 13:03:09 jmcneill Exp $"); +__KERNEL_RCSID(0, "$NetBSD: efi.c,v 1.2 2021/10/10 14:52:30 jmcneill Exp $"); #include #include @@ -151,6 +151,7 @@ efi_ioctl_var_get(struct efi_var_ioc *var) { uint16_t *namebuf; void *databuf = NULL; + size_t datasize; efi_status status; int error; @@ -171,9 +172,10 @@ efi_ioctl_var_get(struct efi_var_ioc *var) error = EINVAL; goto done; } - if (var->datasize != 0) { - databuf = kmem_alloc(var->datasize, KM_SLEEP); - error = copyin(var->data, databuf, var->datasize); + datasize = var->datasize; + if (datasize != 0) { + databuf = kmem_alloc(datasize, KM_SLEEP); + error = copyin(var->data, databuf, datasize); if (error != 0) { goto done; } @@ -194,7 +196,7 @@ efi_ioctl_var_get(struct efi_var_ioc *var) done: kmem_free(namebuf, var->namesize); if (databuf != NULL) { - kmem_free(databuf, var->datasize); + kmem_free(databuf, datasize); } return error; } @@ -204,6 +206,7 @@ efi_ioctl_var_next(struct efi_var_ioc *var) { efi_status status; uint16_t *namebuf; + size_t namesize; int error; if (var->name == NULL || var->namesize == 0) { @@ -213,8 +216,9 @@ efi_ioctl_var_next(struct efi_var_ioc *var) return ENOMEM; } - namebuf = kmem_alloc(var->namesize, KM_SLEEP); - error = copyin(var->name, namebuf, var->namesize); + namesize = var->namesize; + namebuf = kmem_alloc(namesize, KM_SLEEP); + error = copyin(var->name, namebuf, namesize); if (error != 0) { goto done; } @@ -231,7 +235,7 @@ efi_ioctl_var_next(struct efi_var_ioc *var) } done: - kmem_free(namebuf, var->namesize); + kmem_free(namebuf, namesize); return error; }