From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1759550AbeD1GlC (ORCPT ); Sat, 28 Apr 2018 02:41:02 -0400 Received: from mail-it0-f67.google.com ([209.85.214.67]:37990 "EHLO mail-it0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752556AbeD1GlA (ORCPT ); Sat, 28 Apr 2018 02:41:00 -0400 X-Google-Smtp-Source: AB8JxZpzmODM9TcG+wbw+P3al909UfSwpkdmJKxyGAI/1n6eT3kfFhXDK/QDsqPOSs3OMogixbMOs77sJ2ghaM7U8RE= MIME-Version: 1.0 In-Reply-To: <20180427213509.20385-1-hdegoede@redhat.com> References: <20180427213509.20385-1-hdegoede@redhat.com> From: Ard Biesheuvel Date: Sat, 28 Apr 2018 08:40:59 +0200 Message-ID: Subject: Re: [PATCH v2] efi: Ignore unrealistically large option roms To: Hans de Goede Cc: Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" , "the arch/x86 maintainers" , linux-efi@vger.kernel.org, Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Hans, On 27 April 2018 at 23:35, Hans de Goede wrote: > setup_efi_pci() tries to save a copy of each PCI option ROM as this may > be necessary for the device driver for the PCI device to have access too. > > On some systems the efi_pci_io_protocol_64's romimage and romsize fields > contain invalid data, which looks a bit like pointers pointing back into > other EFI code or data. Interpreting these pointers as romsize leads to > a very large value and if we then try to alloc this amount of memory to > save a copy the alloc call fails. > > This leads to a "Failed to alloc mem for rom" error being printed on the > EFI console for each PCI device. > > This commit avoids the printing of these errors, by checking romsize > before doing the alloc and if it is larger then 256M silently ignore the > ROM fields instead of trying to alloc mem and fail. > The UEFI spec limits the size of option ROMs to 16 MiB, so I'd prefer we use that as the upper bound instead. With that changed, Reviewed-by: Ard Biesheuvel or I can take it via the EFI tree if desired. -- Ard. > Signed-off-by: Hans de Goede > --- > Changes in v2: > -Add the check to both __setup_efi_pci32 and __setup_efi_pci64 instead of > only to __setup_efi_pci64, some CHT devices which need this still use a > 32 bit UEFI > --- > arch/x86/boot/compressed/eboot.c | 16 ++++++++++++++-- > 1 file changed, 14 insertions(+), 2 deletions(-) > > diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c > index 47d3efff6805..6d3257a459c8 100644 > --- a/arch/x86/boot/compressed/eboot.c > +++ b/arch/x86/boot/compressed/eboot.c > @@ -122,7 +122,13 @@ __setup_efi_pci32(efi_pci_io_protocol_32 *pci, struct pci_setup_rom **__rom) > if (status != EFI_SUCCESS) > return status; > > - if (!pci->romimage || !pci->romsize) > + /* > + * Some firmwares contain EFI function pointers at the place where the > + * romimage and romsize fields are supposed to be. Typically the EFI > + * code is mapped at high addresses, translating to an unrealistically > + * large romsize. We reject any roms over 256M in size to catch this. > + */ > + if (!pci->romimage || !pci->romsize || pci->romsize > 0x10000000) > return EFI_INVALID_PARAMETER; > > size = pci->romsize + sizeof(*rom); > @@ -230,7 +236,13 @@ __setup_efi_pci64(efi_pci_io_protocol_64 *pci, struct pci_setup_rom **__rom) > if (status != EFI_SUCCESS) > return status; > > - if (!pci->romimage || !pci->romsize) > + /* > + * Some firmwares contain EFI function pointers at the place where the > + * romimage and romsize fields are supposed to be. Typically the EFI > + * code is mapped at high addresses, translating to an unrealistically > + * large romsize. We reject any roms over 256M in size to catch this. > + */ > + if (!pci->romimage || !pci->romsize || pci->romsize > 0x10000000) > return EFI_INVALID_PARAMETER; > > size = pci->romsize + sizeof(*rom); > -- > 2.16.2 >