From patchwork Fri May 4 06:00:01 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 134950 Delivered-To: patch@linaro.org Received: by 10.46.151.6 with SMTP id r6csp437803lji; Thu, 3 May 2018 23:02:16 -0700 (PDT) X-Google-Smtp-Source: AB8JxZotZZmKWFt8hDfaiv7ati60N/mm7PoGIWnapj4nGxPGjgY2R9crB78O05iDknDgSMkDWZWQ X-Received: by 2002:a17:902:9344:: with SMTP id g4-v6mr5462330plp.10.1525413735907; Thu, 03 May 2018 23:02:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525413735; cv=none; d=google.com; s=arc-20160816; b=N+0LAsfs9NRG6v20k+NZ46pAVc5+kEORib6E+BVSrFO3f/EMW7AtuwrpU66QRQiU3r VqsrPc/xjvbAB34ketaOKg9cbI2JvHCZCk9TKBpqwkE08xtczpxZ4A73qLmw5jk5hxhJ dXTJByZqEGxaBbwDS0/DVig+DdSN6+jszIV2aXQkDfVP4H7SwZrLdnwdWpG9V3SEpqpz 7pVU8XFTIPhjpd77D4GbX6X1QgzKCpVksb/5rlaAYuR6FE7vQdFzXdqLSNUt39vMOTUA VgfBwqO2cF3G40GSajzntHnFpe0MmxI8Xm+ZIXNweieNrHAV08+6ZIWLn4odn7RA109+ +e7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=ZneFtIyMB166cKy4GiIBqgNuibXNV+32TEioqc1Ngj8=; b=UndECkU9qDGPH7m4bnzy79zv+aKcnfzKp47n6PdIhNQRE8FYeUu14ub/dBDLbgQ03j FnUR17M3UElFhpe05vfBJiuVzytfkSqiYMfaa2t1EGL3BeKhyd0Gu/tyIjw/Jxhqu7G3 wQck13CIu1IBL1bgLG/8tzaU9MpOObESJHBcws4HCKPp2ic+7tcep/9lfOH+DIsX1FsR cnDRtzxGvXiVRDwikLzV70ThASZbbYOTx87eaHDwe05bhRhnWP+FmveryMZqZgEma4lI jihtU0WWrs1L2JIOi8OehN1oJ6gM/6TrkBkChpkkTvHAESDq0Y3I6I/zPdyyJXhT46Ta xi4A== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=cDUzg2O8; spf=pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w16-v6si15270939plk.79.2018.05.03.23.02.15; Thu, 03 May 2018 23:02:15 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=cDUzg2O8; spf=pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751838AbeEDGCN (ORCPT + 2 others); Fri, 4 May 2018 02:02:13 -0400 Received: from mail-wm0-f68.google.com ([74.125.82.68]:38717 "EHLO mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751753AbeEDGBc (ORCPT ); Fri, 4 May 2018 02:01:32 -0400 Received: by mail-wm0-f68.google.com with SMTP id m198-v6so1808697wmg.3 for ; Thu, 03 May 2018 23:01:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=XE1a7gnnfTllM3Yx/f6JMoC5+8afwXHt17si3UFIAIg=; b=cDUzg2O8UXX5z5GiXTYYcG9WlM33bX3FksX3vHB6bVUODLZovC0Zb3zx8vDqIbuQvh bGkZDtoWpZ80XT2sqoJx39WsaHEsAkv1/epr1tYiAE4ajXZNJbo07b49We8HbvrjBVf2 um1aoZ9bbnmpb8eDIMZmONXvucp7OI03k3+Ow= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=XE1a7gnnfTllM3Yx/f6JMoC5+8afwXHt17si3UFIAIg=; b=Jhh/EvRoVsJPRTD8g6TMhb82t50XG4aMdh3yJJdteaHoFjhqR+fHjT4un4XyiPdbE0 3G/YVdMwlc07Yk5dKPqKChKbOlfWpDxFCZtCNxjEjE7pGVLm+ttBPrTb28Ydzmb5jfJ6 aVyyDZnR2kpYJpNdbQwCh6kXUVC/0VYEF743sJPFhiXihircIVLpIj5cbttvWeYv8Y0x +zzpoPHsArGcTSoIqnDhSDzdRxgYEjsi3Mw9IEArc0ZpEmq/1JYuG0n9qnIu/3E3pKFo PxZoG2jxqMnZ+dK3I3NO/Vf5JWkglo7PoRRzPol7eplC/mcN4IQsX2QU6/9KkRcc+Ywb v0Fg== X-Gm-Message-State: ALQs6tBSkkECb7mzO4REJ9i+5FJ9tODM9dTx7UxL399lWL1GoybXmaZM gtk2KDt/MaBzTP4qebn9/Y4tnqfxspg= X-Received: by 10.28.174.12 with SMTP id x12mr8566969wme.133.1525413690488; Thu, 03 May 2018 23:01:30 -0700 (PDT) Received: from localhost.localdomain ([2a01:e35:3995:5470:200:1aff:fe1b:b328]) by smtp.gmail.com with ESMTPSA id i30-v6sm32411863wra.38.2018.05.03.23.01.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 03 May 2018 23:01:29 -0700 (PDT) From: Ard Biesheuvel To: linux-efi@vger.kernel.org, Ingo Molnar , Thomas Gleixner Cc: Hans de Goede , Ard Biesheuvel , linux-kernel@vger.kernel.org Subject: [PATCH 15/17] efi/x86: Ignore unrealistically large option roms Date: Fri, 4 May 2018 08:00:01 +0200 Message-Id: <20180504060003.19618-16-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180504060003.19618-1-ard.biesheuvel@linaro.org> References: <20180504060003.19618-1-ard.biesheuvel@linaro.org> Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org From: Hans de Goede setup_efi_pci() tries to save a copy of each PCI option ROM as this may be necessary for the device driver for the PCI device to have access too. On some systems the efi_pci_io_protocol's romimage and romsize fields contain invalid data, which looks a bit like pointers pointing back into other EFI code or data. Interpreting these pointers as romsize leads to a very large value and if we then try to alloc this amount of memory to save a copy the alloc call fails. This leads to a "Failed to alloc mem for rom" error being printed on the EFI console for each PCI device. This commit avoids the printing of these errors, by checking romsize before doing the alloc and if it is larger then the EFI spec limit of 16 MiB silently ignore the ROM fields instead of trying to alloc mem and fail. Signed-off-by: Hans de Goede [ardb: deduplicate 32/64 bit changes, use SZ_16M symbolic constant] Tested-by: Hans de Goede Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/eboot.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) -- 2.17.0 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Reviewed-by: Ard Biesheuvel diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c index dadf32312082..720b06e86698 100644 --- a/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c @@ -123,10 +123,17 @@ __setup_efi_pci(efi_pci_io_protocol_t *pci, struct pci_setup_rom **__rom) if (status != EFI_SUCCESS) return status; + /* + * Some firmwares contain EFI function pointers at the place where the + * romimage and romsize fields are supposed to be. Typically the EFI + * code is mapped at high addresses, translating to an unrealistically + * large romsize. The UEFI spec limits the size of option ROMs to 16 + * MiB so we reject any roms over 16 MiB in size to catch this. + */ romimage = (void *)(unsigned long)efi_table_attr(efi_pci_io_protocol, romimage, pci); romsize = efi_table_attr(efi_pci_io_protocol, romsize, pci); - if (!romimage || !romsize) + if (!romimage || !romsize || romsize > SZ_16M) return EFI_INVALID_PARAMETER; size = romsize + sizeof(*rom);