On Tue, 4 Jul 2017, Baoquan He wrote:
> +/* Marks if efi mirror regions have been found and handled. */
> +static bool efi_mirror_found;
> +
> +static void process_efi_entry(unsigned long minimum, unsigned long
> image_size)
> +{
> + struct efi_info *e = &boot_params->efi_info;
> + struct mem_vector region;
> + efi_memory_desc_t *md;
> + unsigned long pmap;
> + char *signature;
> + u32 nr_desc;
> + int i;
> +
> +
> +#ifdef CONFIG_EFI
> + signature = (char *)&boot_params->efi_info.efi_loader_signature;
> +#endif
So if CONFIG_EFI=n you happily dereference the uninitialized signature
pointer ...
Why is process_efi_entry() invoked at all if EFI is not enabled?
> + if (strncmp(signature, EFI32_LOADER_SIGNATURE, 4) &&
> + strncmp(signature, EFI64_LOADER_SIGNATURE, 4))
> + return;
> +
Thanks,
tglx
