Commit 4f88e61b authored May 31, 2024 by Arnd Bergmann Committed by Kaixiong Yu May 31, 2024

efi/capsule-loader: fix incorrect allocation size

stable inclusion
from stable-v5.10.212
commit 537e3f49dbe88881a6f0752beaa596942d9efd64
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9Q8LN
CVE: CVE-2024-27413

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=537e3f49dbe88881a6f0752beaa596942d9efd64



--------------------------------

[ Upstream commit fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e ]

gcc-14 notices that the allocation with sizeof(void) on 32-bit architectures
is not enough for a 64-bit phys_addr_t:

drivers/firmware/efi/capsule-loader.c: In function 'efi_capsule_open':
drivers/firmware/efi/capsule-loader.c:295:24: error: allocation of insufficient size '4' for type 'phys_addr_t' {aka 'long long unsigned int'} with size '8' [-Werror=alloc-size]
  295 |         cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL);
      |                        ^

Use the correct type instead here.

Fixes: f24c4d47 ("efi/capsule-loader: Reinstate virtual capsule mapping")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kaixiong Yu <yukaixiong@huawei.com>

parent 3b9084bc

drivers/firmware/efi/capsule-loader.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -292,7 +292,7 @@ static int efi_capsule_open(struct inode inode, struct file file)
		return -ENOMEM;
		}

		cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL);
		cap_info->phys = kzalloc(sizeof(phys_addr_t), GFP_KERNEL);
		if (!cap_info->phys) {
		kfree(cap_info->pages);
		kfree(cap_info);