[PATCH] efi: mokvar-table: fix some issues in new code

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ard Biesheuvel <ardb@kernel.org>
To: linux-efi@vger.kernel.org
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Lenny Szubowicz <lszubowi@redhat.com>,
	Borislav Petkov <bp@alien8.de>,
	Arvind Sankar <nivedita@alum.mit.edu>
Subject: [PATCH] efi: mokvar-table: fix some issues in new code
Date: Thu, 24 Sep 2020 18:05:46 +0200	[thread overview]
Message-ID: <20200924160546.8967-1-ardb@kernel.org> (raw)

Fix a couple of issues in the new mokvar-table handling code, as
pointed out by Arvind and Boris:
- don't bother checking the end of the physical region against the start
  address of the mokvar table,
- ensure that we enter the loop with err = -EINVAL,
- replace size_t with unsigned long to appease pedantic type equality
  checks.

Cc: Lenny Szubowicz <lszubowi@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Arvind Sankar <nivedita@alum.mit.edu>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 drivers/firmware/efi/mokvar-table.c | 25 +++++++++++--------------
 1 file changed, 11 insertions(+), 14 deletions(-)

diff --git a/drivers/firmware/efi/mokvar-table.c b/drivers/firmware/efi/mokvar-table.c
index b1cd49893d4d..72a9e1736fef 100644
--- a/drivers/firmware/efi/mokvar-table.c
+++ b/drivers/firmware/efi/mokvar-table.c
@@ -98,15 +98,14 @@ static struct kobject *mokvar_kobj;
 void __init efi_mokvar_table_init(void)
 {
 	efi_memory_desc_t md;
-	u64 end_pa;
 	void *va = NULL;
-	size_t cur_offset = 0;
-	size_t offset_limit;
-	size_t map_size = 0;
-	size_t map_size_needed = 0;
-	size_t size;
+	unsigned long cur_offset = 0;
+	unsigned long offset_limit;
+	unsigned long map_size = 0;
+	unsigned long map_size_needed = 0;
+	unsigned long size;
 	struct efi_mokvar_table_entry *mokvar_entry;
-	int err = -EINVAL;
+	int err;
 
 	if (!efi_enabled(EFI_MEMMAP))
 		return;
@@ -122,18 +121,16 @@ void __init efi_mokvar_table_init(void)
 		pr_warn("EFI MOKvar config table is not within the EFI memory map\n");
 		return;
 	}
-	end_pa = efi_mem_desc_end(&md);
-	if (efi.mokvar_table >= end_pa) {
-		pr_err("EFI memory descriptor containing MOKvar config table is invalid\n");
-		return;
-	}
-	offset_limit = end_pa - efi.mokvar_table;
+
+	offset_limit = efi_mem_desc_end(&md) - efi.mokvar_table;
+
 	/*
 	 * Validate the MOK config table. Since there is no table header
 	 * from which we could get the total size of the MOK config table,
 	 * we compute the total size as we validate each variably sized
 	 * entry, remapping as necessary.
 	 */
+	err = -EINVAL;
 	while (cur_offset + sizeof(*mokvar_entry) <= offset_limit) {
 		mokvar_entry = va + cur_offset;
 		map_size_needed = cur_offset + sizeof(*mokvar_entry);
@@ -150,7 +147,7 @@ void __init efi_mokvar_table_init(void)
 				       offset_limit);
 			va = early_memremap(efi.mokvar_table, map_size);
 			if (!va) {
-				pr_err("Failed to map EFI MOKvar config table pa=0x%lx, size=%zu.\n",
+				pr_err("Failed to map EFI MOKvar config table pa=0x%lx, size=%lu.\n",
 				       efi.mokvar_table, map_size);
 				return;
 			}
-- 
2.17.1

next             reply	other threads:[~2020-09-24 16:05 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-09-24 16:05 Ard Biesheuvel [this message]
2020-09-24 19:12 ` [PATCH] efi: mokvar-table: fix some issues in new code Arvind Sankar
2020-09-24 19:21   ` Lenny Szubowicz
2020-09-29 16:58 ` Borislav Petkov
2020-09-29 17:36   ` Ard Biesheuvel

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:b1cd49893d4 dfblob:72a9e1736fe )
 OR (
bs:"[PATCH] efi: mokvar-table: fix some issues in new code" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200924160546.8967-1-ardb@kernel.org \
    --to=ardb@kernel.org \
    --cc=bp@alien8.de \
    --cc=linux-efi@vger.kernel.org \
    --cc=lszubowi@redhat.com \
    --cc=nivedita@alum.mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.