Linux-EFI Archive on lore.kernel.org
 help / color / Atom feed
From: Ingo Molnar <mingo@kernel.org>
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: linux-efi@vger.kernel.org, Thomas Gleixner <tglx@linutronix.de>,
	linux-kernel@vger.kernel.org, Andy Lutomirski <luto@kernel.org>,
	Arend van Spriel <arend.vanspriel@broadcom.com>,
	Bhupesh Sharma <bhsharma@redhat.com>,
	Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@intel.com>,
	Eric Snowberg <eric.snowberg@oracle.com>,
	Hans de Goede <hdegoede@redhat.com>,
	Joe Perches <joe@perches.com>, Jon Hunter <jonathanh@nvidia.com>,
	Julien Thierry <julien.thierry@arm.com>,
	Marc Zyngier <marc.zyngier@arm.com>,
	Nathan Chancellor <natechancellor@gmail.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>,
	Sedat Dilek <sedat.dilek@gmail.com>,
	YiFei Zhu <zhuyifei1999@gmail.com>
Subject: Re: [PATCH 08/11] firmware: efi: add NULL pointer checks in efivars api functions
Date: Fri, 30 Nov 2018 09:11:59 +0100
Message-ID: <20181130081159.GD16084@gmail.com> (raw)
In-Reply-To: <20181129171230.18699-9-ard.biesheuvel@linaro.org>


* Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:

> From: Arend van Spriel <arend.vanspriel@broadcom.com>
> 
> Since commit:
> 
>    ce2e6db554fa ("brcmfmac: Add support for getting nvram contents from
>                  EFI variables")

This commit ID is not upstream AFAICS. Which tree is it from? Mentioning 
non-upstream sha1's is discouraged in changelogs, as there's no guarantee 
that the sha1 will make it upstream.

> we have a device driver accessing the efivars API. Several functions in
> the efivars API assume __efivars is set, i.e., that they will be accessed
> only after efivars_register() has been called. However, the following NULL
> pointer access was reported calling efivar_entry_size() from the brcmfmac
> device driver.
> 
>   Unable to handle kernel NULL pointer dereference at virtual address 00000008
>   pgd = 60bfa5f1
>   [00000008] *pgd=00000000
>   Internal error: Oops: 5 [#1] SMP ARM
>   ...
>   Hardware name: NVIDIA Tegra SoC (Flattened Device Tree)
>   Workqueue: events request_firmware_work_func
>   PC is at efivar_entry_size+0x28/0x90
>   LR is at brcmf_fw_complete_request+0x3f8/0x8d4 [brcmfmac]
>   pc : [<c0c40718>]    lr : [<bf2a3ef4>]    psr: a00d0113
>   sp : ede7fe28  ip : ee983410  fp : c1787f30
>   r10: 00000000  r9 : 00000000  r8 : bf2b2258
>   r7 : ee983000  r6 : c1604c48  r5 : ede7fe88  r4 : edf337c0
>   r3 : 00000000  r2 : 00000000  r1 : ede7fe88  r0 : c17712c8
>   Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
>   Control: 10c5387d  Table: ad16804a  DAC: 00000051
> 
> Disassembly showed that the local static variable __efivars is NULL,
> which is not entirely unexpected given that it is a non-EFI platform.
> So add a NULL pointer check to efivar_entry_size(), and to related
> functions while at it. In efivars_register() a couple of sanity checks
> are added as well.
> 
> Cc: Hans de Goede <hdegoede@redhat.com>
> Reported-by: Jon Hunter <jonathanh@nvidia.com>
> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

Will that new commit be backported? If yes I suppose we could mark this 
fix -stable too? If not then it's fine for a v4.21 merge.

Thanks,

	Ingo

  reply index

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-11-29 17:12 [GIT PULL 00/11] EFI updates Ard Biesheuvel
2018-11-29 17:12 ` [PATCH 01/11] x86/efi: Allocate e820 buffer before calling efi_exit_boot_service Ard Biesheuvel
2018-11-30  7:29   ` Ingo Molnar
2018-11-30  8:26     ` Ard Biesheuvel
2018-11-30  8:36       ` Ingo Molnar
2018-11-29 17:12 ` [PATCH 02/11] efi/fdt: Indentation fix Ard Biesheuvel
2018-11-30  7:56   ` [PATCH] efi/fdt: More cleanups Ingo Molnar
2018-11-30  8:31     ` Ard Biesheuvel
2018-11-30  9:48       ` Ingo Molnar
2018-11-29 17:12 ` [PATCH 03/11] efi/fdt: Simplify get_fdt flow Ard Biesheuvel
2018-11-29 17:12 ` [PATCH 04/11] x86/mm/pageattr: Introduce helper function to unmap EFI boot services Ard Biesheuvel
2018-11-29 17:12 ` [PATCH 05/11] x86/efi: Unmap EFI boot services code/data regions from efi_pgd Ard Biesheuvel
2018-11-29 17:12 ` [PATCH 06/11] x86/efi: Move efi_<reserve/free>_boot_services() to arch/x86 Ard Biesheuvel
2018-11-29 17:12 ` [PATCH 07/11] efi/libstub: Disable some warnings for x86{,_64} Ard Biesheuvel
2018-11-29 17:12 ` [PATCH 08/11] firmware: efi: add NULL pointer checks in efivars api functions Ard Biesheuvel
2018-11-30  8:11   ` Ingo Molnar [this message]
2018-11-30  8:37     ` Ard Biesheuvel
2018-11-29 17:12 ` [PATCH 09/11] efi: permit multiple entries in persistent memreserve data structure Ard Biesheuvel
2018-11-29 17:12 ` [PATCH 10/11] efi: reduce the amount of memblock reservations for persistent allocations Ard Biesheuvel
2018-11-30  8:38   ` Ingo Molnar
2018-11-30  8:39     ` Ard Biesheuvel
2018-11-29 17:12 ` [PATCH 11/11] efi/x86: earlyprintk - Fix infinite loop on some screen widths Ard Biesheuvel
2018-11-30  8:05   ` Ingo Molnar
2018-11-30  8:32     ` Ard Biesheuvel
2018-11-29 18:27 ` [GIT PULL 00/11] EFI updates Prakhya, Sai Praneeth
2018-11-30 12:01   ` Ard Biesheuvel
2018-11-30 18:01     ` Prakhya, Sai Praneeth

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20181130081159.GD16084@gmail.com \
    --to=mingo@kernel.org \
    --cc=ard.biesheuvel@linaro.org \
    --cc=arend.vanspriel@broadcom.com \
    --cc=bhsharma@redhat.com \
    --cc=bp@alien8.de \
    --cc=dave.hansen@intel.com \
    --cc=eric.snowberg@oracle.com \
    --cc=hdegoede@redhat.com \
    --cc=joe@perches.com \
    --cc=jonathanh@nvidia.com \
    --cc=julien.thierry@arm.com \
    --cc=linux-efi@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=marc.zyngier@arm.com \
    --cc=natechancellor@gmail.com \
    --cc=peterz@infradead.org \
    --cc=sai.praneeth.prakhya@intel.com \
    --cc=sedat.dilek@gmail.com \
    --cc=tglx@linutronix.de \
    --cc=zhuyifei1999@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-EFI Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-efi/0 linux-efi/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-efi linux-efi/ https://lore.kernel.org/linux-efi \
		linux-efi@vger.kernel.org
	public-inbox-index linux-efi

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-efi


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git