efivarfs: Defer PM notifier registration until .fill_super

syzbot reports an issue that turns out to be caused by the fact that the
efivarfs PM notifier may be invoked before the efivarfs_fs_info::sb
field is populated, resulting in a NULL deference.

So defer the registration until efivarfs_fill_super() is invoked.

Reported-by: syzbot+00d13e505ef530a45100@syzkaller.appspotmail.com
Tested-by: syzbot+00d13e505ef530a45100@syzkaller.appspotmail.com
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>

diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c
index 09fcf731e65d6c37a181eebc16a1ad1bd1603c75..6eae8cf655c120eeb58f166e3cc373197e9e58bc 100644 (file)
--- a/fs/efivarfs/super.c
+++ b/fs/efivarfs/super.c
@@ -367,6 +367,8 @@ static int efivarfs_fill_super(struct super_block *sb, struct fs_context *fc)
        if (err)
                return err;
 
+       register_pm_notifier(&sfi->pm_nb);
+
        return efivar_init(efivarfs_callback, sb, true);
 }
 
@@ -552,7 +554,6 @@ static int efivarfs_init_fs_context(struct fs_context *fc)
 
        sfi->pm_nb.notifier_call = efivarfs_pm_notify;
        sfi->pm_nb.priority = 0;
-       register_pm_notifier(&sfi->pm_nb);
 
        return 0;
 }