From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Arvind Sankar <nivedita@alum.mit.edu>,
Ard Biesheuvel <ardb@kernel.org>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
Bhupesh Sharma <bhsharma@redhat.com>,
Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>,
linux-efi@vger.kernel.org, Ingo Molnar <mingo@kernel.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.9 61/91] efi/gop: Fix memory leak in __gop_query32/64()
Date: Sat, 11 Jan 2020 10:49:54 +0100 [thread overview]
Message-ID: <20200111094907.683095742@linuxfoundation.org> (raw)
In-Reply-To: <20200111094844.748507863@linuxfoundation.org>
From: Arvind Sankar <nivedita@alum.mit.edu>
[ Upstream commit ff397be685e410a59c34b21ce0c55d4daa466bb7 ]
efi_graphics_output_protocol::query_mode() returns info in
callee-allocated memory which must be freed by the caller, which
we aren't doing.
We don't actually need to call query_mode() in order to obtain the
info for the current graphics mode, which is already there in
gop->mode->info, so just access it directly in the setup_gop32/64()
functions.
Also nothing uses the size of the info structure, so don't update the
passed-in size (which is the size of the gop_handle table in bytes)
unnecessarily.
Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Bhupesh Sharma <bhsharma@redhat.com>
Cc: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
Cc: linux-efi@vger.kernel.org
Link: https://lkml.kernel.org/r/20191206165542.31469-5-ardb@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/efi/libstub/gop.c | 66 ++++++------------------------
1 file changed, 12 insertions(+), 54 deletions(-)
diff --git a/drivers/firmware/efi/libstub/gop.c b/drivers/firmware/efi/libstub/gop.c
index 81ffda5d1e48..fd8053f9556e 100644
--- a/drivers/firmware/efi/libstub/gop.c
+++ b/drivers/firmware/efi/libstub/gop.c
@@ -85,30 +85,6 @@ setup_pixel_info(struct screen_info *si, u32 pixels_per_scan_line,
}
}
-static efi_status_t
-__gop_query32(efi_system_table_t *sys_table_arg,
- struct efi_graphics_output_protocol_32 *gop32,
- struct efi_graphics_output_mode_info **info,
- unsigned long *size, u64 *fb_base)
-{
- struct efi_graphics_output_protocol_mode_32 *mode;
- efi_graphics_output_protocol_query_mode query_mode;
- efi_status_t status;
- unsigned long m;
-
- m = gop32->mode;
- mode = (struct efi_graphics_output_protocol_mode_32 *)m;
- query_mode = (void *)(unsigned long)gop32->query_mode;
-
- status = __efi_call_early(query_mode, (void *)gop32, mode->mode, size,
- info);
- if (status != EFI_SUCCESS)
- return status;
-
- *fb_base = mode->frame_buffer_base;
- return status;
-}
-
static efi_status_t
setup_gop32(efi_system_table_t *sys_table_arg, struct screen_info *si,
efi_guid_t *proto, unsigned long size, void **gop_handle)
@@ -130,6 +106,7 @@ setup_gop32(efi_system_table_t *sys_table_arg, struct screen_info *si,
nr_gops = size / sizeof(u32);
for (i = 0; i < nr_gops; i++) {
+ struct efi_graphics_output_protocol_mode_32 *mode;
struct efi_graphics_output_mode_info *info = NULL;
efi_guid_t conout_proto = EFI_CONSOLE_OUT_DEVICE_GUID;
bool conout_found = false;
@@ -147,9 +124,11 @@ setup_gop32(efi_system_table_t *sys_table_arg, struct screen_info *si,
if (status == EFI_SUCCESS)
conout_found = true;
- status = __gop_query32(sys_table_arg, gop32, &info, &size,
- ¤t_fb_base);
- if (status == EFI_SUCCESS && (!first_gop || conout_found) &&
+ mode = (void *)(unsigned long)gop32->mode;
+ info = (void *)(unsigned long)mode->info;
+ current_fb_base = mode->frame_buffer_base;
+
+ if ((!first_gop || conout_found) &&
info->pixel_format != PIXEL_BLT_ONLY) {
/*
* Systems that use the UEFI Console Splitter may
@@ -203,30 +182,6 @@ setup_gop32(efi_system_table_t *sys_table_arg, struct screen_info *si,
return EFI_SUCCESS;
}
-static efi_status_t
-__gop_query64(efi_system_table_t *sys_table_arg,
- struct efi_graphics_output_protocol_64 *gop64,
- struct efi_graphics_output_mode_info **info,
- unsigned long *size, u64 *fb_base)
-{
- struct efi_graphics_output_protocol_mode_64 *mode;
- efi_graphics_output_protocol_query_mode query_mode;
- efi_status_t status;
- unsigned long m;
-
- m = gop64->mode;
- mode = (struct efi_graphics_output_protocol_mode_64 *)m;
- query_mode = (void *)(unsigned long)gop64->query_mode;
-
- status = __efi_call_early(query_mode, (void *)gop64, mode->mode, size,
- info);
- if (status != EFI_SUCCESS)
- return status;
-
- *fb_base = mode->frame_buffer_base;
- return status;
-}
-
static efi_status_t
setup_gop64(efi_system_table_t *sys_table_arg, struct screen_info *si,
efi_guid_t *proto, unsigned long size, void **gop_handle)
@@ -248,6 +203,7 @@ setup_gop64(efi_system_table_t *sys_table_arg, struct screen_info *si,
nr_gops = size / sizeof(u64);
for (i = 0; i < nr_gops; i++) {
+ struct efi_graphics_output_protocol_mode_64 *mode;
struct efi_graphics_output_mode_info *info = NULL;
efi_guid_t conout_proto = EFI_CONSOLE_OUT_DEVICE_GUID;
bool conout_found = false;
@@ -265,9 +221,11 @@ setup_gop64(efi_system_table_t *sys_table_arg, struct screen_info *si,
if (status == EFI_SUCCESS)
conout_found = true;
- status = __gop_query64(sys_table_arg, gop64, &info, &size,
- ¤t_fb_base);
- if (status == EFI_SUCCESS && (!first_gop || conout_found) &&
+ mode = (void *)(unsigned long)gop64->mode;
+ info = (void *)(unsigned long)mode->info;
+ current_fb_base = mode->frame_buffer_base;
+
+ if ((!first_gop || conout_found) &&
info->pixel_format != PIXEL_BLT_ONLY) {
/*
* Systems that use the UEFI Console Splitter may
--
2.20.1
next prev parent reply other threads:[~2020-01-11 10:03 UTC|newest]
Thread overview: 98+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-11 9:48 [PATCH 4.9 00/91] 4.9.209-stable review Greg Kroah-Hartman
2020-01-11 9:48 ` [PATCH 4.9 01/91] PM / devfreq: Dont fail devfreq_dev_release if not in list Greg Kroah-Hartman
2020-01-11 9:48 ` [PATCH 4.9 02/91] RDMA/cma: add missed unregister_pernet_subsys in init failure Greg Kroah-Hartman
2020-01-11 9:48 ` [PATCH 4.9 03/91] scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func Greg Kroah-Hartman
2020-01-11 9:48 ` [PATCH 4.9 04/91] scsi: qla2xxx: Dont call qlt_async_event twice Greg Kroah-Hartman
2020-01-11 9:48 ` [PATCH 4.9 05/91] scsi: iscsi: qla4xxx: fix double free in probe Greg Kroah-Hartman
2020-01-11 9:48 ` [PATCH 4.9 06/91] scsi: libsas: stop discovering if oob mode is disconnected Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 07/91] usb: gadget: fix wrong endpoint desc Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 08/91] md: raid1: check rdev before reference in raid1_sync_request func Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 09/91] s390/cpum_sf: Adjust sampling interval to avoid hitting sample limits Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 10/91] s390/cpum_sf: Avoid SBD overflow condition in irq handler Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 11/91] IB/mlx4: Follow mirror sequence of device add during device removal Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 12/91] xen-blkback: prevent premature module unload Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 13/91] xen/balloon: fix ballooned page accounting without hotplug enabled Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 14/91] PM / hibernate: memory_bm_find_bit(): Tighten node optimisation Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 15/91] xfs: fix mount failure crash on invalid iclog memory access Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 16/91] taskstats: fix data-race Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 17/91] drm: limit to INT_MAX in create_blob ioctl Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 18/91] Revert "perf report: Add warning when libunwind not compiled in" Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 19/91] ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 20/91] MIPS: Avoid VDSO ABI breakage due to global register variable Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 21/91] mm/zsmalloc.c: fix the migrated zspage statistics Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 22/91] memcg: account security cred as well to kmemcg Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 23/91] locks: print unsigned ino in /proc/locks Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 24/91] dmaengine: Fix access to uninitialized dma_slave_caps Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 25/91] compat_ioctl: block: handle Persistent Reservations Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 26/91] ata: libahci_platform: Export again ahci_platform_<en/dis>able_phys() Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 27/91] ata: ahci_brcm: Allow optional reset controller to be used Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 28/91] ata: ahci_brcm: Fix AHCI resources management Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 29/91] gpiolib: fix up emulated open drain outputs Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 30/91] tracing: Have the histogram compare functions convert to u64 first Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 31/91] ALSA: cs4236: fix error return comparison of an unsigned integer Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 32/91] ftrace: Avoid potential division by zero in function profiler Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 33/91] arm64: Revert support for execute-only user mappings Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 34/91] PM / devfreq: Check NULL governor in available_governors_show Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 35/91] nfsd4: fix up replay_matches_cache() Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 36/91] xfs: dont check for AG deadlock for realtime files in bunmapi Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 37/91] Bluetooth: btusb: fix PM leak in error case of setup Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 38/91] Bluetooth: delete a stray unlock Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 39/91] Bluetooth: Fix memory leak in hci_connect_le_scan Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 40/91] media: flexcop-usb: ensure -EIO is returned on error condition Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 41/91] regulator: ab8500: Remove AB8505 USB regulator Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 42/91] media: usb: fix memory leak in af9005_identify_state Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 43/91] tty: serial: msm_serial: Fix lockup for sysrq and oops Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 44/91] fix compat handling of FICLONERANGE, FIDEDUPERANGE and FS_IOC_FIEMAP Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 45/91] drm/mst: Fix MST sideband up-reply failure handling Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 46/91] powerpc/pseries/hvconsole: Fix stack overread via udbg Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 47/91] coresight: tmc-etf: Do not call smp_processor_id from preemptible Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 48/91] coresight: etb10: " Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 49/91] rxrpc: Fix possible NULL pointer access in ICMP handling Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 50/91] ath9k_htc: Modify byte order for an error message Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 51/91] ath9k_htc: Discard undersized packets Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 52/91] net: add annotations on hh->hh_len lockless accesses Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 53/91] s390/smp: fix physical to logical CPU map for SMT Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 54/91] xen/blkback: Avoid unmapping unmapped grant pages Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 55/91] locking/x86: Remove the unused atomic_inc_short() methd Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 56/91] pstore/ram: Write new dumps to start of recycled zones Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 57/91] locking/spinlock/debug: Fix various data races Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 58/91] netfilter: ctnetlink: netns exit must wait for callbacks Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 59/91] efi/gop: Return EFI_NOT_FOUND if there are no usable GOPs Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 60/91] efi/gop: Return EFI_SUCCESS if a usable GOP was found Greg Kroah-Hartman
2020-01-11 9:49 ` Greg Kroah-Hartman [this message]
2020-01-11 9:49 ` [PATCH 4.9 62/91] ARM: vexpress: Set-up shared OPP table instead of individual for each CPU Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 63/91] netfilter: uapi: Avoid undefined left-shift in xt_sctp.h Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 64/91] spi: spi-cavium-thunderx: Add missing pci_release_regions() Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 65/91] ARM: dts: am437x-gp/epos-evm: fix panel compatible Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.9 66/91] samples: bpf: Replace symbol compare of trace_event Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.9 67/91] powerpc: Ensure that swiotlb buffer is allocated from low memory Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.9 68/91] bnx2x: Do not handle requests from VFs after parity Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.9 69/91] bnx2x: Fix logic to get total no. of PFs per engine Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.9 70/91] net: usb: lan78xx: Fix error message format specifier Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.9 71/91] rfkill: Fix incorrect check to avoid NULL pointer dereference Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.9 72/91] ASoC: wm8962: fix lambda value Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.9 73/91] regulator: rn5t618: fix module aliases Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.9 74/91] kconfig: dont crash on NULL expressions in expr_eq() Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.9 75/91] perf/x86/intel: Fix PT PMI handling Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.9 76/91] net: stmmac: RX buffer size must be 16 byte aligned Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.9 77/91] block: fix memleak when __blk_rq_map_user_iov() is failed Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.9 78/91] parisc: Fix compiler warnings in debug_core.c Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.9 79/91] llc2: Fix return statement of llc_stat_ev_rx_null_dsap_xid_c (and _test_c) Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.9 80/91] macvlan: do not assume mac_header is set in macvlan_broadcast() Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.9 81/91] net: stmmac: dwmac-sunxi: Allow all RGMII modes Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.9 82/91] net: usb: lan78xx: fix possible skb leak Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.9 83/91] pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.9 84/91] sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.9 85/91] tcp: fix "old stuff" D-SACK causing SACK to be treated as D-SACK Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.9 86/91] vxlan: fix tos value before xmit Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.9 87/91] vlan: vlan_changelink() should propagate errors Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.9 88/91] net: sch_prio: When ungrafting, replace with FIFO Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.9 89/91] vlan: fix memory leak in vlan_dev_set_egress_priority Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.9 90/91] USB: core: fix check for duplicate endpoints Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.9 91/91] USB: serial: option: add Telit ME910G1 0x110a composition Greg Kroah-Hartman
2020-01-11 15:44 ` [PATCH 4.9 00/91] 4.9.209-stable review Guenter Roeck
2020-01-11 17:51 ` Greg Kroah-Hartman
2020-01-11 20:09 ` Guenter Roeck
2020-01-12 4:55 ` Naresh Kamboju
[not found] ` <20200111094844.748507863-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>
2020-01-13 15:47 ` Jon Hunter
2020-01-13 15:47 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200111094907.683095742@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=ardb@kernel.org \
--cc=bhsharma@redhat.com \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=m.mizuma@jp.fujitsu.com \
--cc=mingo@kernel.org \
--cc=nivedita@alum.mit.edu \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.