From: Ard Biesheuvel <ardb@kernel.org>
Date: Sun, 23 Feb 2025 15:48:54 +0000 (+0100)
Subject: efivarfs: Defer PM notifier registration until .fill_super
X-Git-Tag: v6.14-rc5~21^2~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cb6ae457bc6af58c84a7854df5e7e32ba1c6a715;p=thirdparty%2Flinux.git

efivarfs: Defer PM notifier registration until .fill_super

syzbot reports an issue that turns out to be caused by the fact that the
efivarfs PM notifier may be invoked before the efivarfs_fs_info::sb
field is populated, resulting in a NULL deference.

So defer the registration until efivarfs_fill_super() is invoked.

Reported-by: syzbot+00d13e505ef530a45100@syzkaller.appspotmail.com
Tested-by: syzbot+00d13e505ef530a45100@syzkaller.appspotmail.com
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---

diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c
index 09fcf731e65d6..6eae8cf655c12 100644
--- a/fs/efivarfs/super.c
+++ b/fs/efivarfs/super.c
@@ -367,6 +367,8 @@ static int efivarfs_fill_super(struct super_block *sb, struct fs_context *fc)
 	if (err)
 		return err;
 
+	register_pm_notifier(&sfi->pm_nb);
+
 	return efivar_init(efivarfs_callback, sb, true);
 }
 
@@ -552,7 +554,6 @@ static int efivarfs_init_fs_context(struct fs_context *fc)
 
 	sfi->pm_nb.notifier_call = efivarfs_pm_notify;
 	sfi->pm_nb.priority = 0;
-	register_pm_notifier(&sfi->pm_nb);
 
 	return 0;
 }