Commit:

  78ce248f

 ("efi: Iterate over efi.memmap in for_each_efi_memory_desc()")

introduced a regression for systems booted with the 'noefi' kernel option.

In particular, I observed an early kernel hang in efi_find_mirror()'s
for_each_efi_memory_desc() call. As we don't have efi memmap on this
system we enter this iterator with the following parameters:

  efi.memmap.map = 0, efi.memmap.map_end = 0, efi.memmap.desc_size = 28

... then for_each_efi_memory_desc_in_map() does the following comparison:

  (md) <= (efi_memory_desc_t *)((m)->map_end - (m)->desc_size);

... where md = 0, (m)->map_end = 0 and (m)->desc_size = 28 but when we subtract
something from a NULL pointer wrap around happens and we end up returning
invalid pointer and crash.

Fix it by using the correct pointer arithmetics.

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: K. Y. Srinivasan <kys@microsoft.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mark Salter <msalter@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Fixes: 78ce248f ("efi: Iterate over efi.memmap in for_each_efi_memory_desc()")
Link: http://lkml.kernel.org/r/1464690224-4503-2-git-send-email-matt@codeblueprint.co.uk


[ Made the changelog more readable. ]
Signed-off-by: Ingo Molnar <mingo@kernel.org>