| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Dec 2019 11:31:58 +0100
From: Hans de Goede <hdegoede@...hat.com>
To: Ard Biesheuvel <ard.biesheuvel@...aro.org>,
Thomas Gleixner <tglx@...utronix.de>
Cc: Hans de Goede <hdegoede@...hat.com>,
Dominik Brodowski <linux@...inikbrodowski.net>, x86@...nel.org,
linux-efi@...r.kernel.org, linux-kernel@...r.kernel.org,
stable@...r.kernel.org
Subject: [PATCH 5.5 regression fix 2/2] efi/libstub/helper: Initialize pointer variables to zero for mixed mode
When running in EFI mixed mode (running a 64 bit kernel on 32 bit EFI
firmware), we _must_ initialize any pointers which are returned by
reference by an EFI call to NULL before making the EFI call.
In mixed mode pointers are 64 bit, but when running on a 32 bit firmware,
EFI calls which return a pointer value by reference only fill the lower
32 bits of the passed pointer, leaving the upper 32 bits uninitialized
unless we explicitly set them to 0 before the call.
We have had this bug in the efi-stub-helper.c file reading code for
a while now, but this has likely not been noticed sofar because
this code only gets triggered when LILO style file=... arguments are
present on the kernel cmdline.
Cc: stable@...r.kernel.org
Signed-off-by: Hans de Goede <hdegoede@...hat.com>
---
drivers/firmware/efi/libstub/efi-stub-helper.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c
index e02579907f2e..6ca7d86743af 100644
--- a/drivers/firmware/efi/libstub/efi-stub-helper.c
+++ b/drivers/firmware/efi/libstub/efi-stub-helper.c
@@ -365,7 +365,7 @@ static efi_status_t efi_file_size(efi_system_table_t *sys_table_arg, void *__fh,
u64 *file_sz)
{
efi_file_handle_t *h, *fh = __fh;
- efi_file_info_t *info;
+ efi_file_info_t *info = NULL;
efi_status_t status;
efi_guid_t info_guid = EFI_FILE_INFO_ID;
unsigned long info_sz;
@@ -527,7 +527,7 @@ efi_status_t handle_cmdline_files(efi_system_table_t *sys_table_arg,
unsigned long *load_addr,
unsigned long *load_size)
{
- struct file_info *files;
+ struct file_info *files = NULL;
unsigned long file_addr;
u64 file_size_total;
efi_file_handle_t *fh = NULL;
--
2.23.0
Powered by blists - more mailing lists