From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1Zsu0W-0005lQ-0v for mharc-grub-devel@gnu.org; Sun, 01 Nov 2015 09:53:20 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44081) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Zsu0T-0005lC-1j for grub-devel@gnu.org; Sun, 01 Nov 2015 09:53:17 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Zsu0P-0008Bz-Nc for grub-devel@gnu.org; Sun, 01 Nov 2015 09:53:16 -0500 Received: from mail-lb0-x22a.google.com ([2a00:1450:4010:c04::22a]:35082) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Zsu0P-0008Bk-FK for grub-devel@gnu.org; Sun, 01 Nov 2015 09:53:13 -0500 Received: by lbbes7 with SMTP id es7so73440828lbb.2 for ; Sun, 01 Nov 2015 06:53:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=to:from:subject:message-id:date:user-agent:mime-version :content-type:content-transfer-encoding; bh=bCYsKAPfjnciApm/FqIvH4X14q+Nbo5vbgXdSY3JAHg=; b=EKkaxAydErrgONykBQa9pN5sNrQPMsARredybhR3qx9rBk84Yq6llvBi5mT8VOUEa8 cLMMv9lglMB4ka4VZDPlXcHdlSRPzNsugQzrhZhFQK5JxLAoG3zwCwlaeGJghgXFl6kb rnr8xtzus+Dgrp2OCMMSyhk3l011wxpmePl2II7+mZ0FEODazcW0KCu1eajY+FO1FNCK vi5ueI7rkjb/Tx4AwjC/Gh8Et+xW1O7rcuCeQ7KRH80Bjr0GFbhHA5nBlcpezGjDpW4S rhl0UEwaPMSBVM/2kcRQ6AKlMulTKhj9hV4+gsxeKxwZvsXRIOEIhb872rikQM7rH6q/ s4YA== X-Received: by 10.112.72.201 with SMTP id f9mr8247744lbv.62.1446389592485; Sun, 01 Nov 2015 06:53:12 -0800 (PST) Received: from [192.168.1.41] (ppp91-76-25-247.pppoe.mtu-net.ru. [91.76.25.247]) by smtp.gmail.com with ESMTPSA id oy8sm3099059lbb.39.2015.11.01.06.53.11 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 01 Nov 2015 06:53:11 -0800 (PST) To: The development of GNU GRUB , coreboot@coreboot.org From: Andrei Borzenkov Subject: Dell Dimension 8300 reboots when grub2 cbfs module is loaded Message-ID: <56362757.3070801@gmail.com> Date: Sun, 1 Nov 2015 17:53:11 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2a00:1450:4010:c04::22a X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Nov 2015 14:53:18 -0000 I was debugging problem reported by user on Dell Dimension 8300 - it rebooted when doing "ls -l". It turned out, the problem was triggered by loading cbfs which probed for header. System has 2GB memory, and attempt to read from address 0xffffffff caused instant reboot. 0xffffffff was returned by read from non-existing address 0xfffffffc. The proof of concept patch below avoids it, but I wonder what the proper fix is. diff --git a/grub-core/fs/cbfs.c b/grub-core/fs/cbfs.c index a34eb88..a5a2fde 100644 --- a/grub-core/fs/cbfs.c +++ b/grub-core/fs/cbfs.c @@ -344,8 +344,9 @@ init_cbfsdisk (void) ptr = *(grub_uint32_t *) 0xfffffffc; head = (struct cbfs_header *) (grub_addr_t) ptr; + grub_dprintf ("cbfs", "head=%p\n", head); - if (!validate_head (head)) + if (0xffffffff - ptr < sizeof (*head) || !validate_head (head)) return; cbfsdisk_size = ALIGN_UP (grub_be_to_cpu32 (head->romsize),