lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20201214170122.4569-1-ilias.apalodimas@linaro.org>
Date:   Mon, 14 Dec 2020 19:01:21 +0200
From:   Ilias Apalodimas <ilias.apalodimas@...aro.org>
To:     ard.biesheuvel@....com
Cc:     Ilias Apalodimas <ilias.apalodimas@...aro.org>,
        Ard Biesheuvel <ardb@...nel.org>,
        Arvind Sankar <nivedita@...m.mit.edu>,
        Ingo Molnar <mingo@...nel.org>,
        Heinrich Schuchardt <xypron.glpk@....de>,
        linux-efi@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] efi/libstub: Allow EFI_NOT_FOUND on LOAD_FILE2_PROTOCOL calls for initrd

At the moment the EFI stub tries to load an initrd from the
cmdline provided option only if the LoadFile2 protocol does not exist
on the initrd device path.

This might prove problematic for EFI installers that need their own
version of initrd to start the installation process and the firmware
installs the protocol but doesn't have a file to back it up (yet).
Although some firmware implementations return EFI_NOT_FOUND, we
currently return EFI_LOAD_ERROR in efi_load_initrd_dev_path() which
stops the cmdline provided initrd to load.

So let's change the behavior slightly here and explicitly respect the
firmware in case it returns EFI_NOT_FOUND. This way we can load the
cmdline provided initrd.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@...aro.org>
---
 drivers/firmware/efi/libstub/efi-stub-helper.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c
index aa8da0a49829..391aae2f0cde 100644
--- a/drivers/firmware/efi/libstub/efi-stub-helper.c
+++ b/drivers/firmware/efi/libstub/efi-stub-helper.c
@@ -560,6 +560,7 @@ static const struct {
  * * %EFI_SUCCESS if the initrd was loaded successfully, in which
  *   case @load_addr and @load_size are assigned accordingly
  * * %EFI_NOT_FOUND if no LoadFile2 protocol exists on the initrd device path
+ *   or if the firmware provides LoadFile2 but can't find a file to load
  * * %EFI_INVALID_PARAMETER if load_addr == NULL or load_size == NULL
  * * %EFI_OUT_OF_RESOURCES if memory allocation failed
  * * %EFI_LOAD_ERROR in all other cases
@@ -599,7 +600,14 @@ efi_status_t efi_load_initrd_dev_path(unsigned long *load_addr,
 				(void *)initrd_addr);
 	if (status != EFI_SUCCESS) {
 		efi_free(initrd_size, initrd_addr);
-		return EFI_LOAD_ERROR;
+		/*
+		 * Some firmware implementations might install the EFI
+		 * protocol without checking the file is present and return
+		 * EFI_NOT_FOUND when trying to load the file.
+		 * If that's the case, allow the cmdline defined initrd to
+		 * load.
+		 */
+		return status == EFI_NOT_FOUND ? status : EFI_LOAD_ERROR;
 	}
 
 	*load_addr = initrd_addr;
-- 
2.29.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ