From patchwork Sun Apr 29 11:06:23 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 134665 Delivered-To: patch@linaro.org Received: by 10.46.151.6 with SMTP id r6csp2663771lji; Sun, 29 Apr 2018 04:06:53 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpd3StrXX37mVuFh5SRgEfSua3kPXgJpf/CAjQ4hFE/5zfvRXslR13ZXCKPAQFOT3Xy+VYp X-Received: by 2002:a17:902:5a46:: with SMTP id f6-v6mr8792517plm.85.1525000013157; Sun, 29 Apr 2018 04:06:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525000013; cv=none; d=google.com; s=arc-20160816; b=Uvyff6SBIes6hn8blCY+dpYXWeUUtGRKWcQ1e3LyWpXNs/cEkjw7j7/44uG1ryHS+d btgXfPDpVjW8gfxB7gXdauhhuusPKg/RUO2HNajgiH/qPbjAKST5KKtren2Lmve6LcHk nBroFPucxdc7obqLOTOa12ckdmU1zL9IkLGEt4gzPZG32IQpgOsLASzsTWmuCQBizdNq AL5S9DJOsNd5Z0sC5wVrVQ68QWRzofOmqCZr/LW627WGWt+fdeQYACqukJ1itfU2xU5e Nnh323Akw8v0+4evG/Hj3p0UaxOVJ43BReKuZ7wFE+yZuiML9tz2ZOUwdIrgJCJHYmzw 2Owg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=wHkdyRYNz1NT+sUJADVkn0TjvQXSx2dkhpECDaahmhg=; b=SHN4h8FFROAn1Rv5xxL1P9sYdfwoB57Kbm7iCRXV+sNqifAimrY0p6ksmqBK7w4/Cj EEzYZYRWU75+mJ9WdP7fOHKUDX0zmOdGcjtRsJJO0Ilgbf3U986U7gCDBax3dG5zaFBD lZhbLES6i1bmLh9wLasZtFMmbparab1bXVraY3zBv2f/MHaycz201yE1LBO7cxkTKm5d 6W/dYvfayazdmPvY9a2aSr4fgelbFPwyKU7Fv21zNISjWfw4A0K0E9Nl0I/wlsR2E46c d7oXJxPBWt9a65fnLfEqzumiOPnZuI4aczgwpSKz3HkKBBKe/UsCHqEXflYck/0NX7vb Mnvw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=D/6AXis2; spf=pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z1-v6si5369654plo.263.2018.04.29.04.06.52; Sun, 29 Apr 2018 04:06:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=D/6AXis2; spf=pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753087AbeD2LGw (ORCPT + 2 others); Sun, 29 Apr 2018 07:06:52 -0400 Received: from mail-wm0-f65.google.com ([74.125.82.65]:50868 "EHLO mail-wm0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753041AbeD2LGv (ORCPT ); Sun, 29 Apr 2018 07:06:51 -0400 Received: by mail-wm0-f65.google.com with SMTP id t11so8902498wmt.0 for ; Sun, 29 Apr 2018 04:06:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ietiElKC1oTDjB9bKITo+nGAeqSiEt17+YjWEyOGGSM=; b=D/6AXis2pwv0G2k1UKij2MnzPTyQ+iM7NOcAuvcAUxWgeOFffJZnr7Eibqpgl5FkkK Wcznq3oWyj7ugmISlFU9GmpOqdZiSjYEh7wMwuV5MveNnR/ZbPeTZInhDO3xK4UVWh6t vit0cxj0twNXczCZ8tYruso+MUplS+XSJDtyo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ietiElKC1oTDjB9bKITo+nGAeqSiEt17+YjWEyOGGSM=; b=Nd+zoKJOylBXBIvmCqCFxdHXihg8Db5febELkOzYJI6AFZfU9ksTkiPp+z/X9Itu4a t8/A2ABfp3FwbsIeWKwOpN+0dtYoh+8BFtSoUsNKXuviFhLa0Holt2R9MNDo4DE+jY3q 7OvvxY7xSgGOelBkXmPN4Frgna0GXfI2IvCY7ejC+6C3C/zFPvjiz1XAqkZicd/uMR/5 pEJYU2dwX12LMZzR926frtvh5qAuJBa2Zd5E2bhZ+DtPlywjSX2+RAQJ2bDdY7TSYx9A JrCsnWkQm/u/WOrBmKn8/ppaPTMhSliKTlkSrxsVwiHOLLsLuB4uZ2N/0msZJJcxfZCO RU3A== X-Gm-Message-State: ALQs6tDejIBXLMUlqocd+ZTK2xvGz7ssj+Umh2K39dC5lFv9iOfOFmSR JhRywdu+pWswUebQnmiQH+hZp28GxUM= X-Received: by 10.28.190.15 with SMTP id o15mr5471824wmf.104.1525000010690; Sun, 29 Apr 2018 04:06:50 -0700 (PDT) Received: from localhost.localdomain ([2a01:e35:3995:5470:200:1aff:fe1b:b328]) by smtp.gmail.com with ESMTPSA id a13-v6sm4783275wrc.19.2018.04.29.04.06.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 29 Apr 2018 04:06:49 -0700 (PDT) From: Ard Biesheuvel To: mingo@kernel.org, hdegoede@redhat.com, linux-efi@vger.kernel.org Cc: lukas@wunner.de, Ard Biesheuvel Subject: [PATCH v4 4/4] efi/x86: Ignore unrealistically large option roms Date: Sun, 29 Apr 2018 13:06:23 +0200 Message-Id: <20180429110623.13949-5-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180429110623.13949-1-ard.biesheuvel@linaro.org> References: <20180429110623.13949-1-ard.biesheuvel@linaro.org> Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org From: Hans de Goede setup_efi_pci() tries to save a copy of each PCI option ROM as this may be necessary for the device driver for the PCI device to have access too. On some systems the efi_pci_io_protocol's romimage and romsize fields contain invalid data, which looks a bit like pointers pointing back into other EFI code or data. Interpreting these pointers as romsize leads to a very large value and if we then try to alloc this amount of memory to save a copy the alloc call fails. This leads to a "Failed to alloc mem for rom" error being printed on the EFI console for each PCI device. This commit avoids the printing of these errors, by checking romsize before doing the alloc and if it is larger then the EFI spec limit of 16 MiB silently ignore the ROM fields instead of trying to alloc mem and fail. Signed-off-by: Hans de Goede [ardb: deduplicate 32/64 bit changes, use SZ_16M symbolic constant] Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/eboot.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) -- 2.17.0 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c index dadf32312082..720b06e86698 100644 --- a/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c @@ -123,10 +123,17 @@ __setup_efi_pci(efi_pci_io_protocol_t *pci, struct pci_setup_rom **__rom) if (status != EFI_SUCCESS) return status; + /* + * Some firmwares contain EFI function pointers at the place where the + * romimage and romsize fields are supposed to be. Typically the EFI + * code is mapped at high addresses, translating to an unrealistically + * large romsize. The UEFI spec limits the size of option ROMs to 16 + * MiB so we reject any roms over 16 MiB in size to catch this. + */ romimage = (void *)(unsigned long)efi_table_attr(efi_pci_io_protocol, romimage, pci); romsize = efi_table_attr(efi_pci_io_protocol, romsize, pci); - if (!romimage || !romsize) + if (!romimage || !romsize || romsize > SZ_16M) return EFI_INVALID_PARAMETER; size = romsize + sizeof(*rom);