From: tip-bot for Ard Biesheuvel <tipbot@zytor.com>
To: linux-tip-commits@vger.kernel.org
Cc: hpa@zytor.com, matt@codeblueprint.co.uk,
linux-kernel@vger.kernel.org, hdegoede@redhat.com,
tglx@linutronix.de, ard.biesheuvel@linaro.org,
peterz@infradead.org, stable@vger.kernel.org,
torvalds@linux-foundation.org, mingo@kernel.org
Subject: [tip:efi/core] efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode
Date: Mon, 14 May 2018 00:42:55 -0700 [thread overview]
Message-ID: <tip-0b3225ab9407f557a8e20f23f37aa7236c10a9b1@git.kernel.org> (raw)
In-Reply-To: <20180504060003.19618-13-ard.biesheuvel@linaro.org>
Commit-ID: 0b3225ab9407f557a8e20f23f37aa7236c10a9b1
Gitweb: https://git.kernel.org/tip/0b3225ab9407f557a8e20f23f37aa7236c10a9b1
Author: Ard Biesheuvel <ard.biesheuvel@linaro.org>
AuthorDate: Fri, 4 May 2018 07:59:58 +0200
Committer: Ingo Molnar <mingo@kernel.org>
CommitDate: Mon, 14 May 2018 08:56:29 +0200
efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode
Mixed mode allows a kernel built for x86_64 to interact with 32-bit
EFI firmware, but requires us to define all struct definitions carefully
when it comes to pointer sizes.
'struct efi_pci_io_protocol_32' currently uses a 'void *' for the
'romimage' field, which will be interpreted as a 64-bit field
on such kernels, potentially resulting in bogus memory references
and subsequent crashes.
Tested-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: <stable@vger.kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20180504060003.19618-13-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
arch/x86/boot/compressed/eboot.c | 6 ++++--
include/linux/efi.h | 8 ++++----
2 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index 47d3efff6805..09f36c0d9d4f 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -163,7 +163,8 @@ __setup_efi_pci32(efi_pci_io_protocol_32 *pci, struct pci_setup_rom **__rom)
if (status != EFI_SUCCESS)
goto free_struct;
- memcpy(rom->romdata, pci->romimage, pci->romsize);
+ memcpy(rom->romdata, (void *)(unsigned long)pci->romimage,
+ pci->romsize);
return status;
free_struct:
@@ -269,7 +270,8 @@ __setup_efi_pci64(efi_pci_io_protocol_64 *pci, struct pci_setup_rom **__rom)
if (status != EFI_SUCCESS)
goto free_struct;
- memcpy(rom->romdata, pci->romimage, pci->romsize);
+ memcpy(rom->romdata, (void *)(unsigned long)pci->romimage,
+ pci->romsize);
return status;
free_struct:
diff --git a/include/linux/efi.h b/include/linux/efi.h
index f1b7d68ac460..3016d8c456bc 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -395,8 +395,8 @@ typedef struct {
u32 attributes;
u32 get_bar_attributes;
u32 set_bar_attributes;
- uint64_t romsize;
- void *romimage;
+ u64 romsize;
+ u32 romimage;
} efi_pci_io_protocol_32;
typedef struct {
@@ -415,8 +415,8 @@ typedef struct {
u64 attributes;
u64 get_bar_attributes;
u64 set_bar_attributes;
- uint64_t romsize;
- void *romimage;
+ u64 romsize;
+ u64 romimage;
} efi_pci_io_protocol_64;
typedef struct {
next prev parent reply other threads:[~2018-05-14 7:43 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-04 5:59 [GIT PULL 00/17] EFI updates for v4.18 Ard Biesheuvel
2018-05-04 5:59 ` [PATCH 01/17] x86/xen/efi: Initialize UEFI secure boot state during dom0 boot Ard Biesheuvel
2018-05-14 7:43 ` [tip:efi/core] " tip-bot for Daniel Kiper
2018-05-04 5:59 ` [PATCH 02/17] efi/cper: Remove the INDENT_SP silliness Ard Biesheuvel
2018-05-14 7:44 ` [tip:efi/core] " tip-bot for Borislav Petkov
2018-05-04 5:59 ` [PATCH 03/17] efi: Fix IA32/X64 Processor Error Record definition Ard Biesheuvel
2018-05-14 7:44 ` [tip:efi/core] " tip-bot for Yazen Ghannam
2018-05-04 5:59 ` [PATCH 04/17] efi: Decode IA32/X64 Processor Error Section Ard Biesheuvel
2018-05-14 7:45 ` [tip:efi/core] " tip-bot for Yazen Ghannam
2018-05-04 5:59 ` [PATCH 05/17] efi: Decode IA32/X64 Processor Error Info Structure Ard Biesheuvel
2018-05-14 7:45 ` [tip:efi/core] " tip-bot for Yazen Ghannam
2018-05-04 5:59 ` [PATCH 06/17] efi: Decode UEFI-defined IA32/X64 Error Structure GUIDs Ard Biesheuvel
2018-05-14 7:46 ` [tip:efi/core] " tip-bot for Yazen Ghannam
2018-05-04 5:59 ` [PATCH 07/17] efi: Decode IA32/X64 Cache, TLB, and Bus Check structures Ard Biesheuvel
2018-05-14 7:46 ` [tip:efi/core] " tip-bot for Yazen Ghannam
2018-05-04 5:59 ` [PATCH 08/17] efi: Decode additional IA32/X64 Bus Check fields Ard Biesheuvel
2018-05-14 7:47 ` [tip:efi/core] " tip-bot for Yazen Ghannam
2018-05-04 5:59 ` [PATCH 09/17] efi: Decode IA32/X64 MS Check structure Ard Biesheuvel
2018-05-14 7:47 ` [tip:efi/core] " tip-bot for Yazen Ghannam
2018-05-04 5:59 ` [PATCH 10/17] efi: Decode IA32/X64 Context Info structure Ard Biesheuvel
2018-05-14 7:48 ` [tip:efi/core] " tip-bot for Yazen Ghannam
2018-05-04 5:59 ` [PATCH 11/17] efi/libstub/tpm: Make function efi_retrieve_tpm2_eventlog_1_2() static Ard Biesheuvel
2018-05-14 7:48 ` [tip:efi/core] " tip-bot for Wei Yongjun
2018-05-04 5:59 ` [PATCH 12/17] efi: fix efi_pci_io_protocol32 prototype for mixed mode Ard Biesheuvel
2018-05-14 6:57 ` Ingo Molnar
2018-05-14 7:02 ` Ard Biesheuvel
2018-05-14 7:42 ` tip-bot for Ard Biesheuvel [this message]
2018-05-04 5:59 ` [PATCH 13/17] efi: align efi_pci_io_protocol typedefs to type naming convention Ard Biesheuvel
2018-05-14 7:49 ` [tip:efi/core] efi: Align " tip-bot for Ard Biesheuvel
2018-05-04 6:00 ` [PATCH 14/17] efi/x86: fold __setup_efi_pci32 and __setup_efi_pci64 into one Ard Biesheuvel
2018-05-14 7:49 ` [tip:efi/core] efi/x86: Fold __setup_efi_pci32() and __setup_efi_pci64() into one function tip-bot for Ard Biesheuvel
2018-05-04 6:00 ` [PATCH 15/17] efi/x86: Ignore unrealistically large option roms Ard Biesheuvel
2018-05-14 6:40 ` Ingo Molnar
2018-05-14 6:43 ` [PATCH] efi/x86: Clean up the eboot code a bit Ingo Molnar
2018-05-14 6:47 ` Ard Biesheuvel
2018-05-14 6:58 ` Ingo Molnar
2018-05-14 6:59 ` Ard Biesheuvel
2018-05-14 7:50 ` [tip:efi/core] efi/x86: Ignore unrealistically large option ROMs tip-bot for Hans de Goede
2018-05-15 9:18 ` Ard Biesheuvel
2018-06-21 15:13 ` Ingo Molnar
2018-05-04 6:00 ` [PATCH 16/17] efi/capsule-loader: Don't output reset log when reset flags are not set Ard Biesheuvel
2018-05-14 7:50 ` [tip:efi/core] " tip-bot for Shunyong Yang
2018-05-04 6:00 ` [PATCH 17/17] efi/libstub/arm64: handle randomized TEXT_OFFSET Ard Biesheuvel
2018-05-14 6:47 ` Ingo Molnar
2018-05-14 6:48 ` Ard Biesheuvel
2018-05-14 7:00 ` Ingo Molnar
2018-05-14 7:01 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=tip-0b3225ab9407f557a8e20f23f37aa7236c10a9b1@git.kernel.org \
--to=tipbot@zytor.com \
--cc=ard.biesheuvel@linaro.org \
--cc=hdegoede@redhat.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=matt@codeblueprint.co.uk \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).