From: Jiri Slaby <jirislaby@kernel.org>
To: Ard Biesheuvel <ardb@kernel.org>, Breno Leitao <leitao@debian.org>
Cc: Ard Biesheuvel <ardb+git@google.com>,
linux-efi@vger.kernel.org, Gregory Price <gourry@gourry.net>,
Usama Arif <usamaarif642@gmail.com>
Subject: Re: [PATCH v2] efi/memattr: Ignore table if the size is clearly bogus
Date: Fri, 15 Nov 2024 11:51:05 +0100 [thread overview]
Message-ID: <0ee375db-c720-4af3-a74b-d95777212f6e@kernel.org> (raw)
In-Reply-To: <CAMj1kXFjjMcHkbFAsSWJuqtzi2raJgLikx37ipxAB9f0ymXNQA@mail.gmail.com>
On 15. 11. 24, 11:21, Ard Biesheuvel wrote:
> On Fri, 15 Nov 2024 at 11:10, Breno Leitao <leitao@debian.org> wrote:
>>
>> Hello Ard,
>>
>> On Thu, Oct 31, 2024 at 06:58:23PM +0100, Ard Biesheuvel wrote:
>>> From: Ard Biesheuvel <ardb@kernel.org>
>>>
>>> There are reports [0] of cases where a corrupt EFI Memory Attributes
>>> Table leads to out of memory issues at boot because the descriptor size
>>> and entry count in the table header are still used to reserve the entire
>>> table in memory, even though the resulting region is gigabytes in size.
>>>
>>> Given that the EFI Memory Attributes Table is supposed to carry up to 3
>>> entries for each EfiRuntimeServicesCode region in the EFI memory map,
>>> and given that there is no reason for the descriptor size used in the
>>> table to exceed the one used in the EFI memory map, 3x the size of the
>>> entire EFI memory map is a reasonable upper bound for the size of this
>>> table. This means that sizes exceeding that are highly likely to be
>>> based on corrupted data, and the table should just be ignored instead.
>>
>> I haven't seen this patch landing in net-next tree yet.
>> Do you have plan to have this merged into 6.13?
>>
>
> Nobody replied to it, so I wasn't going to.
>
> Would you like this patch to be taken for v6.13? Does it fix the
> issues you have been observing?
For the reporter at:
https://bugzilla.suse.com/show_bug.cgi?id=1231465#c50
definitely!
I was expected this to land in the tree too... (Without any further
notifications to you.)
thanks,
--
js
suse labs
next prev parent reply other threads:[~2024-11-15 10:51 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-31 17:58 [PATCH v2] efi/memattr: Ignore table if the size is clearly bogus Ard Biesheuvel
2024-11-15 10:10 ` Breno Leitao
2024-11-15 10:21 ` Ard Biesheuvel
2024-11-15 10:51 ` Jiri Slaby [this message]
2024-11-15 11:01 ` Ard Biesheuvel
2024-11-15 11:47 ` Breno Leitao
2024-11-15 11:46 ` Breno Leitao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0ee375db-c720-4af3-a74b-d95777212f6e@kernel.org \
--to=jirislaby@kernel.org \
--cc=ardb+git@google.com \
--cc=ardb@kernel.org \
--cc=gourry@gourry.net \
--cc=leitao@debian.org \
--cc=linux-efi@vger.kernel.org \
--cc=usamaarif642@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox