From patchwork Wed Apr 15 00:45:52 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Roy Franz <roy.franz@linaro.org>
X-Patchwork-Id: 47160
Return-Path: <patchwork-forward+bncBDUMZS5BTEOBBZHJW2UQKGQES3MQX6Y@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-la0-f72.google.com (mail-la0-f72.google.com
 [209.85.215.72])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 9143120553
 for <linaro@patches.linaro.org>; Wed, 15 Apr 2015 00:46:29 +0000 (UTC)
Received: by layy10 with SMTP id y10sf6205055lay.0
 for <linaro@patches.linaro.org>; Tue, 14 Apr 2015 17:46:28 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject
 :date:message-id:sender:precedence:list-id:x-original-sender
 :x-original-authentication-results:mailing-list:list-post:list-help
 :list-archive:list-unsubscribe;
 bh=6z0Tut4q2YWDWQz2Q8iqjzY84yhBJerUDSyNvWdiuQs=;
 b=QthKbAeARbLJW6xJkRk/nRU0ZCKEz7v/ZfqbwUrQ3PM7IxNdpGeAAl7CPlIaPvQBYZ
 ZSfW9gQHeODWN+HChs+1d/+1Zuf7wPeKpakYidAVgBrPzoJNTLzr2NfZrOcT9XJCmpu+
 79neYF1ihlHqqQS2ClDXh2u7FVRGxDXS8vOg86Yj6KJAZuXNHT20LcOzcW5ZpzbQF32V
 kcJq7+PFkcQVmipMuOtdqREM75dahnbgRXawMIW+KCHnHW8DBc5rHzdwGx52/spszxtI
 pOc9Hcof44jl8R9i9Pk8zdU2akg/68XncGHQ/OKb0tkav/Fvou5MgTzBABCYBJp3aBRr
 TzzQ==
X-Gm-Message-State: ALoCoQnIhYZrF+7E0BLGeyS/HMkv9CmceLiscsP4woJUAGT0nYrK7LGhGnio+NOBQo53mUZFyBz9
X-Received: by 10.180.101.39 with SMTP id fd7mr3499578wib.0.1429058788483;
 Tue, 14 Apr 2015 17:46:28 -0700 (PDT)
MIME-Version: 1.0
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.152.19.65 with SMTP id c1ls113920lae.46.gmail; Tue, 14 Apr
 2015 17:46:28 -0700 (PDT)
X-Received: by 10.112.126.136 with SMTP id my8mr1266909lbb.18.1429058787966; 
 Tue, 14 Apr 2015 17:46:27 -0700 (PDT)
Received: from mail-la0-f49.google.com (mail-la0-f49.google.com.
 [209.85.215.49]) by mx.google.com with ESMTPS id
 tq9si1402885lbb.126.2015.04.14.17.46.27
 for <patchwork-forward@linaro.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 14 Apr 2015 17:46:27 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.215.49 as permitted sender) client-ip=209.85.215.49; 
Received: by layy10 with SMTP id y10so21153536lay.0
 for <patchwork-forward@linaro.org>;
 Tue, 14 Apr 2015 17:46:27 -0700 (PDT)
X-Received: by 10.112.204.72 with SMTP id kw8mr1451608lbc.88.1429058787835; 
 Tue, 14 Apr 2015 17:46:27 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.112.67.65 with SMTP id l1csp2199392lbt;
 Tue, 14 Apr 2015 17:46:27 -0700 (PDT)
X-Received: by 10.66.65.228 with SMTP id a4mr41822677pat.47.1429058786105;
 Tue, 14 Apr 2015 17:46:26 -0700 (PDT)
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id f3si4206816pas.96.2015.04.14.17.46.25; 
 Tue, 14 Apr 2015 17:46:26 -0700 (PDT)
Received-SPF: none (google.com: linux-kernel-owner@vger.kernel.org does not
 designate permitted sender hosts) client-ip=209.132.180.67; 
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1755489AbbDOAqS (ORCPT <rfc822;ivan.khoronzhuk@linaro.org>
 + 27 others); Tue, 14 Apr 2015 20:46:18 -0400
Received: from mail-ie0-f179.google.com ([209.85.223.179]:33609 "EHLO
 mail-ie0-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1753663AbbDOAqJ (ORCPT
 <rfc822;linux-kernel@vger.kernel.org>);
 Tue, 14 Apr 2015 20:46:09 -0400
Received: by iecrt8 with SMTP id rt8so16690133iec.0
 for <linux-kernel@vger.kernel.org>;
 Tue, 14 Apr 2015 17:46:08 -0700 (PDT)
X-Received: by 10.50.103.97 with SMTP id fv1mr20329370igb.27.1429058768443; 
 Tue, 14 Apr 2015 17:46:08 -0700 (PDT)
Received: from rfranz-v430.caveonetworks.com (64.2.3.194.ptr.us.xo.net.
 [64.2.3.194]) by mx.google.com with ESMTPSA id
 ot6sm8390137igb.11.2015.04.14.17.46.06
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 14 Apr 2015 17:46:07 -0700 (PDT)
From: Roy Franz <roy.franz@linaro.org>
To: linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org,
 matt.fleming@intel.com, hpa@zytor.com, mingo@redhat.com, x86@kernel.org
Cc: Roy Franz <roy.franz@linaro.org>
Subject: [PATCH] x86_64/efi: enforce 32 bit address for command line buffer
Date: Tue, 14 Apr 2015 17:45:52 -0700
Message-Id: <1429058752-13478-1-git-send-email-roy.franz@linaro.org>
X-Mailer: git-send-email 1.9.1
Sender: linux-kernel-owner@vger.kernel.org
Precedence: list
List-ID: <patchwork-forward.linaro.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: roy.franz@linaro.org
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.215.49 as permitted sender)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Unsubscribe: <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>, 
 <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>

The boot_params structure has a 32 bit field for storing the address of
the kernel command line.  When the EFI stub allocates memory for the command
line, it allocates at as low and address as possible, but does not ensure
that the address of memory allocated is below 4G.
This patch enforces this limit, and the stub now returns an error if the
command line buffer is allocated at too high of an address.
For 32 bit systems, the EFI mandated 1-1 memory mapping ensures
that all memory is 32 bit addressable, so we don't have a problem.
Also, mixed-mode booting on EFI platforms does not use the stub
code, so we don't need to handle the case of booting a 32 bit
kernel on a 64 bit EFI platform.

Signed-off-by: Roy Franz <roy.franz@linaro.org>
---
 arch/x86/boot/compressed/eboot.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index ef17683..82dbe27 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -1108,6 +1108,19 @@ struct boot_params *make_boot_params(struct efi_config *c)
 	cmdline_ptr = efi_convert_cmdline(sys_table, image, &options_size);
 	if (!cmdline_ptr)
 		goto fail;
+
+#ifdef CONFIG_X86_64
+	/*
+	 * hdr->cmd_line_ptr is a 32 bit field, so on 64 bit systems we need
+	 * to ensure that the allocated buffer for the commandline is 32 bit
+	 * addressable.
+	  */
+	if ((u64)(cmdline_ptr) + options_size > (u64)U32_MAX) {
+		efi_printk(sys_table, "Failed to alloc lowmem for command line\n");
+		efi_free(sys_table, options_size, (unsigned long)cmdline_ptr);
+		goto fail;
+	}
+#endif /* CONFIG_X86_64 */
 	hdr->cmd_line_ptr = (unsigned long)cmdline_ptr;
 
 	hdr->ramdisk_image = 0;