[PATCH] efi_runtime: ensure we don't allocate a zero byte buffer (LP: #1429890)

[Colin King]

From: Colin Ian King <colin.king at canonical.com>

BugLink: https://bugs.linaro.org/show_bug.cgi?id=1319

We are seeing kernel panics when the EFI userspace is exercising
the efi runtime driver with a zero sized variable. The root cause
is a zero byte kmalloc() which does not return zero and returns
a buffer that we can't actually write into. For zero bytes, allocate
1 byte buffer so we at least get a legitimate allocation of something.

Thanks for Naresh Bhat for bisecting the issue and testing.

Signed-off-by: Colin Ian King <colin.king at canonical.com>
Reviewed/Tested By: Naresh Bhat <naresh.bhat at linaro.org>
---
 efi_runtime/efi_runtime.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/efi_runtime/efi_runtime.c b/efi_runtime/efi_runtime.c
index ff31685..f2ccd57 100644
--- a/efi_runtime/efi_runtime.c
+++ b/efi_runtime/efi_runtime.c
@@ -154,7 +154,8 @@ copy_ucs2_from_user_len(uint16_t **dst, uint16_t __user *src, size_t len)
 	if (!access_ok(VERIFY_READ, src, 1))
 		return -EFAULT;
 
-	*dst = kmalloc(len, GFP_KERNEL);
+	/* Ensure we don't kmalloc a zero byte buffer */
+	*dst = kmalloc(len ? len : len + 1, GFP_KERNEL);
 	if (!*dst)
 		return -ENOMEM;
 
-- 
2.1.4