efi: fix NULL-deref in init error path

[ Upstream commit 703c13fe3c9af557d312f5895ed6a5fda2711104 ]

In cases where runtime services are not supported or have been disabled,
the runtime services workqueue will never have been allocated.

Do not try to destroy the workqueue unconditionally in the unlikely
event that EFI initialisation fails to avoid dereferencing a NULL
pointer.

Fixes: 98086df8b70c ("efi: add missed destroy_workqueue when efisubsys_init fails")
Cc: stable@vger.kernel.org
Cc: Li Heng <liheng40@huawei.com>
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index ba03f5a4b30ce3ef28d5cd188c4090fc6d08e3b0..a2765d668856e0e8de33fc7334d8038553b900b1 100644 (file)
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -385,8 +385,8 @@ static int __init efisubsys_init(void)
        efi_kobj = kobject_create_and_add("efi", firmware_kobj);
        if (!efi_kobj) {
                pr_err("efi: Firmware registration failed.\n");
-               destroy_workqueue(efi_rts_wq);
-               return -ENOMEM;
+               error = -ENOMEM;
+               goto err_destroy_wq;
        }
 
        if (efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE |
@@ -429,7 +429,10 @@ err_unregister:
                generic_ops_unregister();
 err_put:
        kobject_put(efi_kobj);
-       destroy_workqueue(efi_rts_wq);
+err_destroy_wq:
+       if (efi_rts_wq)
+               destroy_workqueue(efi_rts_wq);
+
        return error;
 }