[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <b18879e0329c785d35f2aa2164413bb56419c684.1669264419.git.demi@invisiblethingslab.com>
Date: Thu, 19 Jan 2023 14:03:56 -0500
From: Demi Marie Obenour <demi@...isiblethingslab.com>
To: Ard Biesheuvel <ardb@...nel.org>
Cc: Demi Marie Obenour <demi@...isiblethingslab.com>,
Marek Marczykowski-Górecki
<marmarek@...isiblethingslab.com>, linux-efi@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH v3 1/5] efi: memmap: Disregard bogus entries instead of returning them
The ESRT code currently contains two consistency checks on the memory
descriptor it obtains, but one of them is both incomplete and can only
trigger on invalid descriptors.
So let's drop these checks, and instead disregard descriptors entirely
if the start address is misaligned, or if the number of pages reaches
to or beyond the end of the address space. Note that the memory map as
a whole could still be inconsistent: multiple entries might cover the
same area, or the address could be outside of the addressable PA space,
but validating that goes beyond the scope of these helpers. Also note
that since the physical address space is never 64-bits wide, a
descriptor that includes the last page of memory is not valid. This is
fortunate, since it means that a valid physical address will never be an
error pointer and that the length of a memory descriptor in bytes will
fit in a 64-bit unsigned integer.
Co-developed-by: Ard Biesheuvel <ardb@...nel.org>
Signed-off-by: Ard Biesheuvel <ardb@...nel.org>
Signed-off-by: Demi Marie Obenour <demi@...isiblethingslab.com>
Tested-by: Marek Marczykowski-Górecki <marmarek@...isiblethingslab.com>
---
drivers/firmware/efi/efi.c | 6 ++++++
drivers/firmware/efi/esrt.c | 9 +--------
2 files changed, 7 insertions(+), 8 deletions(-)
diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index a06decee51e064d78a39752436487279d0660609..780caea594e0ffce30abb69bddcccf3bacf25382 100644
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -474,6 +474,12 @@ int efi_mem_desc_lookup(u64 phys_addr, efi_memory_desc_t *out_md)
u64 size;
u64 end;
+ /* skip bogus entries (including empty ones) */
+ if ((md->phys_addr & (EFI_PAGE_SIZE - 1)) ||
+ (md->num_pages <= 0) ||
+ (md->num_pages > (U64_MAX - md->phys_addr) >> EFI_PAGE_SHIFT))
+ continue;
+
size = md->num_pages << EFI_PAGE_SHIFT;
end = md->phys_addr + size;
if (phys_addr >= md->phys_addr && phys_addr < end) {
diff --git a/drivers/firmware/efi/esrt.c b/drivers/firmware/efi/esrt.c
index 2a2f52b017e736dd995c69e8aeb5fbd7761732e5..fb9fb70e1004132eff50c712c6fca05f7aeb1d57 100644
--- a/drivers/firmware/efi/esrt.c
+++ b/drivers/firmware/efi/esrt.c
@@ -263,15 +263,8 @@ void __init efi_esrt_init(void)
return;
}
- max = efi_mem_desc_end(&md);
- if (max < efi.esrt) {
- pr_err("EFI memory descriptor is invalid. (esrt: %p max: %p)\n",
- (void *)efi.esrt, (void *)max);
- return;
- }
-
+ max = efi_mem_desc_end(&md) - efi.esrt;
size = sizeof(*esrt);
- max -= efi.esrt;
if (max < size) {
pr_err("ESRT header doesn't fit on single memory map entry. (size: %zu max: %zu)\n",
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
Powered by blists - more mailing lists