lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20191210090945.11501-2-ardb@kernel.org>
Date:   Tue, 10 Dec 2019 10:09:45 +0100
From:   Ard Biesheuvel <ardb@...nel.org>
To:     linux-efi@...r.kernel.org, Ingo Molnar <mingo@...nel.org>,
        Thomas Gleixner <tglx@...utronix.de>
Cc:     Ard Biesheuvel <ardb@...nel.org>, linux-kernel@...r.kernel.org,
        Richard Narron <comet.berkeley@...il.com>
Subject: [PATCH 1/1] efi: don't attempt to map RCI2 config table if it doesn't exist

Commit 1c5fecb61255aa12

  "efi: Export Runtime Configuration Interface table to sysfs"

added support for a Dell specific UEFI configuration table, but
failed to take into account that mapping the table should not be
attempted unless the table actually exists. If it doesn't exist,
the code usually fails silently unless pr_debug() prints are
enabled. However, on 32-bit PAE x86, the splat below is produced due
to the attempt to map the placeholder value EFI_INVALID_TABLE_ADDR
which we use for non-existing UEFI configuration tables, and which
equals ULONG_MAX.

  [    2.852491] memremap attempted on mixed range 0x00000000ffffffff size: 0x1e
  [    2.852501] WARNING: CPU: 1 PID: 1 at kernel/iomem.c:81 memremap+0x1a3/0x1c0
  [    2.852501] Modules linked in:
  [    2.852503] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.4.2-smp-mine #1
  [    2.852504] Hardware name: Hewlett-Packard HP Z400 Workstation/0B4Ch, BIOS 786G3 v03.61 03/05/2018
  [    2.852505] EIP: memremap+0x1a3/0x1c0
  ...
  [    2.852507] EAX: 0000003f EBX: 0000001e ECX: c5225bc0 EDX: 00000001
  [    2.852507] ESI: 01000200 EDI: 00000000 EBP: ee551f0c ESP: ee551eec
  [    2.852508] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010296
  [    2.852509] CR0: 80050033 CR2: 00000000 CR3: 0520c000 CR4: 000006f0
  [    2.852509] Call Trace:
  [    2.852513]  ? map_properties+0x473/0x473
  [    2.852515]  ? efi_rci2_sysfs_init+0x2c/0x154
  [    2.852516]  ? map_properties+0x473/0x473
  [    2.852517]  ? do_one_initcall+0x49/0x1d4
  [    2.852519]  ? parse_args+0x1e8/0x2a0
  [    2.852521]  ? do_early_param+0x7a/0x7a
  [    2.852522]  ? kernel_init_freeable+0x139/0x1c2
  [    2.852525]  ? rest_init+0x8e/0x8e
  [    2.852526]  ? kernel_init+0xd/0xf2
  [    2.852529]  ? ret_from_fork+0x2e/0x38
  [    2.852530] ---[ end trace 5c4c3f26439c3728 ]---

Fix this by checking whether the table exists before attempting to map it.

Fixes: 1c5fecb61255aa12 ("efi: Export Runtime Configuration Interface table to sysfs")
Reported-by: Richard Narron <comet.berkeley@...il.com>
Tested-by: Richard Narron <comet.berkeley@...il.com>
Signed-off-by: Ard Biesheuvel <ardb@...nel.org>
---
 drivers/firmware/efi/rci2-table.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/firmware/efi/rci2-table.c b/drivers/firmware/efi/rci2-table.c
index 76b0c354a027..de1a9a1f9f14 100644
--- a/drivers/firmware/efi/rci2-table.c
+++ b/drivers/firmware/efi/rci2-table.c
@@ -81,6 +81,9 @@ static int __init efi_rci2_sysfs_init(void)
 	struct kobject *tables_kobj;
 	int ret = -ENOMEM;
 
+	if (rci2_table_phys == EFI_INVALID_TABLE_ADDR)
+		return 0;
+
 	rci2_base = memremap(rci2_table_phys,
 			     sizeof(struct rci2_table_global_hdr),
 			     MEMREMAP_WB);
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ