efi_selftest: fix use-after-free

When the `memory' efi selftest verifies the Devicetree memory reservation,
it accesses the memory_map buffer after it has been freed with free_pool().
Move the verification earlier to fix this.

Fixes: 34c96659ed57 ("efi_selftest: check fdt is marked as runtime data")
Signed-off-by: Vincent Stehlé <[email protected]>
Cc: Heinrich Schuchardt <[email protected]>
Cc: Ilias Apalodimas <[email protected]>
Cc: Tom Rini <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>

1 files changed, 9 insertions, 8 deletions

diff --git a/lib/efi_selftest/efi_selftest_memory.c b/lib/efi_selftest/efi_selftest_memory.c
index 7320964c129..450470ceedd 100644
--- a/lib/efi_selftest/efi_selftest_memory.c
+++ b/lib/efi_selftest/efi_selftest_memory.c
@@ -155,6 +155,15 @@ static int execute(void)
 			       EFI_RUNTIME_SERVICES_DATA) != EFI_ST_SUCCESS)
 		return EFI_ST_FAILURE;
 
+	/* Check memory reservation for the device tree */
+	if (fdt_addr &&
+	    find_in_memory_map(map_size, memory_map, desc_size, fdt_addr,
+			       EFI_ACPI_RECLAIM_MEMORY) != EFI_ST_SUCCESS) {
+		efi_st_error
+			("Device tree not marked as ACPI reclaim memory\n");
+		return EFI_ST_FAILURE;
+	}
+
 	/* Free memory */
 	ret = boottime->free_pages(p1, EFI_ST_NUM_PAGES);
 	if (ret != EFI_SUCCESS) {
@@ -172,14 +181,6 @@ static int execute(void)
 		return EFI_ST_FAILURE;
 	}
 
-	/* Check memory reservation for the device tree */
-	if (fdt_addr &&
-	    find_in_memory_map(map_size, memory_map, desc_size, fdt_addr,
-			       EFI_ACPI_RECLAIM_MEMORY) != EFI_ST_SUCCESS) {
-		efi_st_error
-			("Device tree not marked as ACPI reclaim memory\n");
-		return EFI_ST_FAILURE;
-	}
 	return EFI_ST_SUCCESS;
 }