[PATCH master 02/39] efi: trace: fix EFI_EXIT2 to not evaluate output value on error
Ahmad Fatoum
a.fatoum at pengutronix.de
Mon Feb 16 00:44:02 PST 2026
EFI_EXIT2(ret, val) unconditionally evaluates 'val' for debug output,
even when ret indicates an error. This leads to NULL pointer
dereferences at 13 call sites in boot.c where the output pointer is
only valid on success (e.g., *memory after failed allocate_pages,
*event after failed create_event).
Fix by reusing EFI_EXIT() on the error path, which skips evaluation
of the second argument entirely. The extended output with the value
is only printed on the success path.
Reported-by: Claude Opus 4.6 <noreply at anthropic.com>
Signed-off-by: Ahmad Fatoum <a.fatoum at pengutronix.de>
---
include/efi/loader/trace.h | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/include/efi/loader/trace.h b/include/efi/loader/trace.h
index 93bba7bb88c7..4acf7c1634cc 100644
--- a/include/efi/loader/trace.h
+++ b/include/efi/loader/trace.h
@@ -44,9 +44,13 @@ const char *__efi_nesting_dec(void);
#ifndef EFI_EXIT2
#define EFI_EXIT2(ret, val) ({ \
typeof(ret) _r = ret; \
- __EFI_PRINT("%sEFI: Exit: %s: %s (%u) = 0x%llx\n", __efi_nesting_dec(), \
- __func__, efi_strerror((uintptr_t)_r), (u32)((uintptr_t) _r & ~EFI_ERROR_MASK), \
- (u64)(uintptr_t)(val)); \
+ if (EFI_ERROR(_r)) \
+ EFI_EXIT(_r); \
+ else \
+ __EFI_PRINT("%sEFI: Exit: %s: %s (%u) = 0x%llx\n", __efi_nesting_dec(), \
+ __func__, efi_strerror((uintptr_t)_r), \
+ (u32)((uintptr_t) _r & ~EFI_ERROR_MASK), \
+ (u64)(uintptr_t)(val)); \
_r; \
})
#endif
--
2.47.3
More information about the barebox
mailing list