[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen staging-4.20] EFI: adjust cfg file buffer freeing

commit 4563f9c1476bfc9d8a4e618797499a696e82bf20
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Tue May 19 13:39:09 2026 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue May 19 13:39:09 2026 +0200

    EFI: adjust cfg file buffer freeing
    
    The boot services FreePages() needs passing the size. Since we allocated
    one more byte to put a trailing nul there, we also need to bump the size
    passed there. Make a small helper function to centralize this.
    
    Note that there's no permanent memory leak because of the oversight: The
    allocation is done using EfiLoaderData, and all memory of that type is
    later reclaimed anyway.
    
    Fixes: df75f77092c1 ("EFI: avoid OOB config file reads")
    Reported-by: Bernhard Kaindl <bernhard.kaindl@xxxxxxxxxx>
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Bernhard Kaindl <bernhard.kaindl@xxxxxxxxxx>
    Acked-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
    master commit: 4ff927133ebc32498fd4af49a8025a846cfe1dc6
    master date: 2026-05-06 15:11:11 +0200
---
 xen/common/efi/boot.c | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c
index c2db9afd63..5082a23a7f 100644
--- a/xen/common/efi/boot.c
+++ b/xen/common/efi/boot.c
@@ -702,6 +702,16 @@ static void __init efi_relocate_esrt(EFI_SYSTEM_TABLE 
*SystemTable)
  */
 #include "efi-boot.h"
 
+static void __init free_cfg(void)
+{
+    if ( !cfg.need_to_free )
+        return;
+
+    /* One extra byte was allocated to put a nul character there. */
+    efi_bs->FreePages(cfg.addr, PFN_UP(cfg.size + 1));
+    cfg.need_to_free = false;
+}
+
 void __init noreturn blexit(const CHAR16 *str)
 {
     if ( str )
@@ -711,8 +721,7 @@ void __init noreturn blexit(const CHAR16 *str)
     if ( !efi_bs )
         efi_arch_halt();
 
-    if ( cfg.need_to_free )
-        efi_bs->FreePages(cfg.addr, PFN_UP(cfg.size));
+    free_cfg();
     if ( kernel.need_to_free )
         efi_bs->FreePages(kernel.addr, PFN_UP(kernel.size));
     if ( ramdisk.need_to_free )
@@ -1435,11 +1444,7 @@ void EFIAPI __init noreturn efi_start(EFI_HANDLE 
ImageHandle,
             name.s = get_value(&cfg, "global", "chain");
             if ( !name.s )
                 break;
-            if ( cfg.need_to_free )
-            {
-                efi_bs->FreePages(cfg.addr, PFN_UP(cfg.size));
-                cfg.need_to_free = false;
-            }
+            free_cfg();
             if ( !read_file(dir_handle, s2w(&name), &cfg, NULL) )
             {
                 PrintStr(L"Chained configuration file '");
@@ -1504,11 +1509,7 @@ void EFIAPI __init noreturn efi_start(EFI_HANDLE 
ImageHandle,
 
         efi_arch_cfg_file_late(loaded_image, dir_handle, section.s);
 
-        if ( cfg.need_to_free )
-        {
-            efi_bs->FreePages(cfg.addr, PFN_UP(cfg.size));
-            cfg.need_to_free = false;
-        }
+        free_cfg();
 
         dir_handle->Close(dir_handle);
 
--
generated by git-patchbot for /home/xen/git/xen.git#staging-4.20

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.