From: Matt Fleming <matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
To: Roy Franz <roy.franz-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
matt.fleming-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org,
hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org,
mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org
Subject: Re: [PATCH] x86_64/efi: enforce 32 bit address for command line buffer
Date: Wed, 15 Apr 2015 14:18:26 +0100 [thread overview]
Message-ID: <20150415131826.GE4804@codeblueprint.co.uk> (raw)
In-Reply-To: <1429058752-13478-1-git-send-email-roy.franz-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
On Tue, 14 Apr, at 05:45:52PM, Roy Franz wrote:
> The boot_params structure has a 32 bit field for storing the address of
> the kernel command line. When the EFI stub allocates memory for the command
> line, it allocates at as low and address as possible, but does not ensure
> that the address of memory allocated is below 4G.
> This patch enforces this limit, and the stub now returns an error if the
> command line buffer is allocated at too high of an address.
> For 32 bit systems, the EFI mandated 1-1 memory mapping ensures
> that all memory is 32 bit addressable, so we don't have a problem.
> Also, mixed-mode booting on EFI platforms does not use the stub
> code, so we don't need to handle the case of booting a 32 bit
> kernel on a 64 bit EFI platform.
>
> Signed-off-by: Roy Franz <roy.franz-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
> ---
> arch/x86/boot/compressed/eboot.c | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
> index ef17683..82dbe27 100644
> --- a/arch/x86/boot/compressed/eboot.c
> +++ b/arch/x86/boot/compressed/eboot.c
> @@ -1108,6 +1108,19 @@ struct boot_params *make_boot_params(struct efi_config *c)
> cmdline_ptr = efi_convert_cmdline(sys_table, image, &options_size);
> if (!cmdline_ptr)
> goto fail;
> +
> +#ifdef CONFIG_X86_64
> + /*
> + * hdr->cmd_line_ptr is a 32 bit field, so on 64 bit systems we need
> + * to ensure that the allocated buffer for the commandline is 32 bit
> + * addressable.
> + */
> + if ((u64)(cmdline_ptr) + options_size > (u64)U32_MAX) {
> + efi_printk(sys_table, "Failed to alloc lowmem for command line\n");
> + efi_free(sys_table, options_size, (unsigned long)cmdline_ptr);
> + goto fail;
> + }
> +#endif /* CONFIG_X86_64 */
> hdr->cmd_line_ptr = (unsigned long)cmdline_ptr;
>
> hdr->ramdisk_image = 0;
Good catch. But actually, we have boot_params->ext_cmd_line_ptr for
exactly this problem.
So yes, that's a valid bug, but I don't think this is how we should fix
it.
--
Matt Fleming, Intel Open Source Technology Center
WARNING: multiple messages have this Message-ID (diff)
From: Matt Fleming <matt@codeblueprint.co.uk>
To: Roy Franz <roy.franz@linaro.org>
Cc: linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org,
matt.fleming@intel.com, hpa@zytor.com, mingo@redhat.com,
x86@kernel.org
Subject: Re: [PATCH] x86_64/efi: enforce 32 bit address for command line buffer
Date: Wed, 15 Apr 2015 14:18:26 +0100 [thread overview]
Message-ID: <20150415131826.GE4804@codeblueprint.co.uk> (raw)
In-Reply-To: <1429058752-13478-1-git-send-email-roy.franz@linaro.org>
On Tue, 14 Apr, at 05:45:52PM, Roy Franz wrote:
> The boot_params structure has a 32 bit field for storing the address of
> the kernel command line. When the EFI stub allocates memory for the command
> line, it allocates at as low and address as possible, but does not ensure
> that the address of memory allocated is below 4G.
> This patch enforces this limit, and the stub now returns an error if the
> command line buffer is allocated at too high of an address.
> For 32 bit systems, the EFI mandated 1-1 memory mapping ensures
> that all memory is 32 bit addressable, so we don't have a problem.
> Also, mixed-mode booting on EFI platforms does not use the stub
> code, so we don't need to handle the case of booting a 32 bit
> kernel on a 64 bit EFI platform.
>
> Signed-off-by: Roy Franz <roy.franz@linaro.org>
> ---
> arch/x86/boot/compressed/eboot.c | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
> index ef17683..82dbe27 100644
> --- a/arch/x86/boot/compressed/eboot.c
> +++ b/arch/x86/boot/compressed/eboot.c
> @@ -1108,6 +1108,19 @@ struct boot_params *make_boot_params(struct efi_config *c)
> cmdline_ptr = efi_convert_cmdline(sys_table, image, &options_size);
> if (!cmdline_ptr)
> goto fail;
> +
> +#ifdef CONFIG_X86_64
> + /*
> + * hdr->cmd_line_ptr is a 32 bit field, so on 64 bit systems we need
> + * to ensure that the allocated buffer for the commandline is 32 bit
> + * addressable.
> + */
> + if ((u64)(cmdline_ptr) + options_size > (u64)U32_MAX) {
> + efi_printk(sys_table, "Failed to alloc lowmem for command line\n");
> + efi_free(sys_table, options_size, (unsigned long)cmdline_ptr);
> + goto fail;
> + }
> +#endif /* CONFIG_X86_64 */
> hdr->cmd_line_ptr = (unsigned long)cmdline_ptr;
>
> hdr->ramdisk_image = 0;
Good catch. But actually, we have boot_params->ext_cmd_line_ptr for
exactly this problem.
So yes, that's a valid bug, but I don't think this is how we should fix
it.
--
Matt Fleming, Intel Open Source Technology Center
next prev parent reply other threads:[~2015-04-15 13:18 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-15 0:45 [PATCH] x86_64/efi: enforce 32 bit address for command line buffer Roy Franz
2015-04-15 0:45 ` Roy Franz
[not found] ` <1429058752-13478-1-git-send-email-roy.franz-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
2015-04-15 13:18 ` Matt Fleming [this message]
2015-04-15 13:18 ` Matt Fleming
[not found] ` <20150415131826.GE4804-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
2015-04-15 18:56 ` Roy Franz
2015-04-15 18:56 ` Roy Franz
[not found] ` <CAFECyb9oF45aLHPqu91yQ0w-KzkL-2io3SLD8gjtO4q2z+=XyA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-04-15 20:06 ` Matt Fleming
2015-04-15 20:06 ` Matt Fleming
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150415131826.GE4804@codeblueprint.co.uk \
--to=matt-mf/unelci9gs6ibeejttw/xrex20p6io@public.gmane.org \
--cc=hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org \
--cc=linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=matt.fleming-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=roy.franz-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org \
--cc=x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.