Re: [PATCH 5.5 regression fix 2/2] efi/libstub/helper: Initialize pointer variables to zero for mixed mode

From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: Hans de Goede <hdegoede@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
	Dominik Brodowski <linux@dominikbrodowski.net>,
	"the arch/x86 maintainers" <x86@kernel.org>,
	linux-efi <linux-efi@vger.kernel.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	stable <stable@vger.kernel.org>
Subject: Re: [PATCH 5.5 regression fix 2/2] efi/libstub/helper: Initialize pointer variables to zero for mixed mode
Date: Thu, 12 Dec 2019 15:02:15 +0100	[thread overview]
Message-ID: <CAKv+Gu9StgwBs=y6KU2Pb_P499SfH8po978gHoAbXVL8mB722A@mail.gmail.com> (raw)
In-Reply-To: <82c65f05-1140-e10e-ba2f-0c4c5c85bbc8@redhat.com>

On Thu, 12 Dec 2019 at 13:45, Hans de Goede <hdegoede@redhat.com> wrote:
>
> Hi,
>
> On 12-12-2019 12:29, Ard Biesheuvel wrote:
> > On Thu, 12 Dec 2019 at 11:32, Hans de Goede <hdegoede@redhat.com> wrote:
> >>
> >> When running in EFI mixed mode (running a 64 bit kernel on 32 bit EFI
> >> firmware), we _must_ initialize any pointers which are returned by
> >> reference by an EFI call to NULL before making the EFI call.
> >>
> >> In mixed mode pointers are 64 bit, but when running on a 32 bit firmware,
> >> EFI calls which return a pointer value by reference only fill the lower
> >> 32 bits of the passed pointer, leaving the upper 32 bits uninitialized
> >> unless we explicitly set them to 0 before the call.
> >>
> >> We have had this bug in the efi-stub-helper.c file reading code for
> >> a while now, but this has likely not been noticed sofar because
> >> this code only gets triggered when LILO style file=... arguments are
> >> present on the kernel cmdline.
> >>
> >> Cc: stable@vger.kernel.org
> >> Signed-off-by: Hans de Goede <hdegoede@redhat.com>
> >> ---
> >>   drivers/firmware/efi/libstub/efi-stub-helper.c | 4 ++--
> >>   1 file changed, 2 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c
> >> index e02579907f2e..6ca7d86743af 100644
> >> --- a/drivers/firmware/efi/libstub/efi-stub-helper.c
> >> +++ b/drivers/firmware/efi/libstub/efi-stub-helper.c
> >> @@ -365,7 +365,7 @@ static efi_status_t efi_file_size(efi_system_table_t *sys_table_arg, void *__fh,
> >>                                    u64 *file_sz)
> >>   {
> >>          efi_file_handle_t *h, *fh = __fh;
> >
> > What about h? Doesn't it suffer from the same problem?
> >
> >> -       efi_file_info_t *info;
> >> +       efi_file_info_t *info = NULL;
> >>          efi_status_t status;
> >>          efi_guid_t info_guid = EFI_FILE_INFO_ID;
> >>          unsigned long info_sz;
> >
> > And info_sz?
>
> And "efi_file_io_interface_t *io" and "efi_file_handle_t *fh"
> in efi_open_volume().
>
> I think that is all of them.
>

OK.

I'll fix it up locally.