@@ -129,9 +129,11 @@ static inline size_t __strsize(uint16_t *str)
*
* We take an explicit number of bytes to copy, and therefore do not
* make any assumptions about 'src' (such as it being a valid string).
+ *
+ * After caller is done with *dst, it should do put_ucs2(dst);
*/
static inline int
-get_ucs2_len(uint16_t **dst, uint16_t __user *src, size_t len)
+copy_ucs2_from_user_len(uint16_t **dst, uint16_t __user *src, size_t len)
{
if (!src) {
*dst = NULL;
@@ -159,7 +161,7 @@ get_ucs2_len(uint16_t **dst, uint16_t __user *src, size_t len)
*
* If a non-zero value is returned, the caller MUST NOT access 'dst'.
*/
-static inline int get_ucs2(uint16_t **dst, uint16_t __user *src)
+static inline int copy_ucs2_from_user(uint16_t **dst, uint16_t __user *src)
{
size_t len;
@@ -167,7 +169,7 @@ static inline int get_ucs2(uint16_t **dst, uint16_t __user *src)
return -EFAULT;
len = __strsize(src);
- return get_ucs2_len(dst, src, len);
+ return copy_ucs2_from_user_len(dst, src, len);
}
/*
@@ -176,7 +178,7 @@ static inline int get_ucs2(uint16_t **dst, uint16_t __user *src)
* 'len' specifies the number of bytes to copy.
*/
static inline int
-put_ucs2_len(uint16_t *src, uint16_t __user *dst, size_t len)
+copy_ucs2_to_user_len(uint16_t *src, uint16_t __user *dst, size_t len)
{
if (!src)
return 0;
@@ -193,7 +195,7 @@ put_ucs2_len(uint16_t *src, uint16_t __user *dst, size_t len)
* We calculate the number of bytes to write from the ucs2 string 'src',
* including the terminating NUL.
*/
-static inline int put_ucs2(uint16_t *src, uint16_t __user *dst)
+static inline int copy_ucs2_to_user(uint16_t *src, uint16_t __user *dst)
{
size_t len;
@@ -201,7 +203,12 @@ static inline int put_ucs2(uint16_t *src, uint16_t __user *dst)
return -EFAULT;
len = __strsize(src);
- return put_ucs2_len(src, dst, len);
+ return copy_ucs2_to_user_len(src, dst, len);
+}
+
+static inline void put_ucs2(uint16_t *name)
+{
+ kfree(name);
}
static long efi_runtime_get_variable(unsigned long arg)
@@ -225,19 +232,19 @@ static long efi_runtime_get_variable(unsigned long arg)
convert_from_guid(&vendor, &vendor_guid);
- rv = get_ucs2(&name, pgetvariable->VariableName);
+ rv = copy_ucs2_from_user(&name, pgetvariable->VariableName);
if (rv)
return rv;
data = kmalloc(datasize, GFP_KERNEL);
if (!data) {
- kfree(name);
+ put_ucs2(name);
return -ENOMEM;
}
status = efi.get_variable(name, &vendor, &attr, &datasize, data);
- kfree(name);
+ put_ucs2(name);
rv = copy_to_user(pgetvariable->Data, data, datasize);
kfree(data);
@@ -281,20 +288,20 @@ static long efi_runtime_set_variable(unsigned long arg)
convert_from_guid(&vendor, &vendor_guid);
- rv = get_ucs2(&name, psetvariable->VariableName);
+ rv = copy_ucs2_from_user(&name, psetvariable->VariableName);
if (rv)
return rv;
data = kmalloc(datasize, GFP_KERNEL);
if (copy_from_user(data, psetvariable->Data, datasize)) {
- kfree(name);
+ put_ucs2(name);
return -EFAULT;
}
status = efi.set_variable(name, &vendor, attr, datasize, data);
kfree(data);
- kfree(name);
+ put_ucs2(name);
if (put_user(status, psetvariable->status))
return -EFAULT;
@@ -424,14 +431,16 @@ static long efi_runtime_get_nextvariablename(unsigned long arg)
convert_from_guid(&vendor, &vendor_guid);
- rv = get_ucs2_len(&name, pgetnextvariablename->VariableName, 1024);
+ rv = copy_ucs2_from_user_len(&name, pgetnextvariablename->VariableName,
+ 1024);
if (rv)
return rv;
status = efi.get_next_variable(&name_size, name, &vendor);
- rv = put_ucs2_len(name, pgetnextvariablename->VariableName, name_size);
- kfree(name);
+ rv = copy_ucs2_to_user_len(name, pgetnextvariablename->VariableName,
+ name_size);
+ put_ucs2(name);
if (rv)
return -EFAULT;