efivarfs: Defer PM notifier registration until .fill_super

syzbot reports an issue that turns out to be caused by the fact that the efivarfs PM notifier may be invoked before the efivarfs_fs_info::sb field is populated, resulting in a NULL deference. So defer the registration until efivarfs_fill_super() is invoked. Reported-by: [email protected] Tested-by: [email protected] Signed-off-by: Ard Biesheuvel <[email protected]>
torvalds · Feb 23, 2025 · cb6ae45 · cb6ae45
1 parent d6a2d02
commit cb6ae45
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c
@@ -367,6 +367,8 @@ static int efivarfs_fill_super(struct super_block *sb, struct fs_context *fc)
 	if (err)
 		return err;
 
+	register_pm_notifier(&sfi->pm_nb);
+
 	return efivar_init(efivarfs_callback, sb, true);
 }
 
@@ -552,7 +554,6 @@ static int efivarfs_init_fs_context(struct fs_context *fc)
 
 	sfi->pm_nb.notifier_call = efivarfs_pm_notify;
 	sfi->pm_nb.priority = 0;
-	register_pm_notifier(&sfi->pm_nb);
 
 	return 0;
 }