From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Hans de Goede <hdegoede@redhat.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Matt Fleming <matt@codeblueprint.co.uk>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
linux-efi@vger.kernel.org, Ingo Molnar <mingo@kernel.org>
Subject: [PATCH 4.16 047/110] efi: Avoid potential crashes, fix the struct efi_pci_io_protocol_32 definition for mixed mode
Date: Mon, 21 May 2018 23:11:44 +0200 [thread overview]
Message-ID: <20180521210508.645245136@linuxfoundation.org> (raw)
In-Reply-To: <20180521210503.823249477@linuxfoundation.org>
4.16-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
commit 0b3225ab9407f557a8e20f23f37aa7236c10a9b1 upstream.
Mixed mode allows a kernel built for x86_64 to interact with 32-bit
EFI firmware, but requires us to define all struct definitions carefully
when it comes to pointer sizes.
'struct efi_pci_io_protocol_32' currently uses a 'void *' for the
'romimage' field, which will be interpreted as a 64-bit field
on such kernels, potentially resulting in bogus memory references
and subsequent crashes.
Tested-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: <stable@vger.kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20180504060003.19618-13-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/boot/compressed/eboot.c | 6 ++++--
include/linux/efi.h | 8 ++++----
2 files changed, 8 insertions(+), 6 deletions(-)
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -163,7 +163,8 @@ __setup_efi_pci32(efi_pci_io_protocol_32
if (status != EFI_SUCCESS)
goto free_struct;
- memcpy(rom->romdata, pci->romimage, pci->romsize);
+ memcpy(rom->romdata, (void *)(unsigned long)pci->romimage,
+ pci->romsize);
return status;
free_struct:
@@ -269,7 +270,8 @@ __setup_efi_pci64(efi_pci_io_protocol_64
if (status != EFI_SUCCESS)
goto free_struct;
- memcpy(rom->romdata, pci->romimage, pci->romsize);
+ memcpy(rom->romdata, (void *)(unsigned long)pci->romimage,
+ pci->romsize);
return status;
free_struct:
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -395,8 +395,8 @@ typedef struct {
u32 attributes;
u32 get_bar_attributes;
u32 set_bar_attributes;
- uint64_t romsize;
- void *romimage;
+ u64 romsize;
+ u32 romimage;
} efi_pci_io_protocol_32;
typedef struct {
@@ -415,8 +415,8 @@ typedef struct {
u64 attributes;
u64 get_bar_attributes;
u64 set_bar_attributes;
- uint64_t romsize;
- void *romimage;
+ u64 romsize;
+ u64 romimage;
} efi_pci_io_protocol_64;
typedef struct {
next prev parent reply other threads:[~2018-05-21 21:11 UTC|newest]
Thread overview: 123+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-21 21:10 [PATCH 4.16 000/110] 4.16.11-stable review Greg Kroah-Hartman
2018-05-21 21:10 ` [PATCH 4.16 001/110] xhci: Fix USB3 NULL pointer dereference at logical disconnect Greg Kroah-Hartman
2018-05-21 21:10 ` [PATCH 4.16 002/110] usbip: usbip_host: refine probe and disconnect debug msgs to be useful Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 003/110] usbip: usbip_host: delete device from busid_table after rebind Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 004/110] usbip: usbip_host: run rebind from exit when module is removed Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 005/110] usbip: usbip_host: fix NULL-ptr deref and use-after-free errors Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 006/110] usbip: usbip_host: fix bad unlock balance during stub_probe() Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 007/110] ALSA: usb: mixer: volume quirk for CM102-A+/102S+ Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 008/110] ALSA: hda/realtek - Clevo P950ER ALC1220 Fixup Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 009/110] ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 010/110] ALSA: control: fix a redundant-copy issue Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 011/110] spi: pxa2xx: Allow 64-bit DMA Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 012/110] spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 013/110] spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 014/110] KVM: vmx: update sec exec controls for UMIP iff emulating UMIP Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 015/110] KVM: arm/arm64: Properly protect VGIC locks from IRQs Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 016/110] KVM: arm/arm64: VGIC/ITS: Promote irq_lock() in update_affinity Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 017/110] KVM: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 018/110] KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 019/110] hwmon: (k10temp) Fix reading critical temperature register Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 020/110] hwmon: (k10temp) Use API function to access System Management Network Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 021/110] vfio: ccw: fix cleanup if cp_prefetch fails Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 022/110] tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 023/110] vsprintf: Replace memory barrier with static_key for random_ptr_key update Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 024/110] x86/amd_nb: Add support for Raven Ridge CPUs Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 025/110] tee: shm: fix use-after-free via temporarily dropped reference Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 026/110] netfilter: nf_tables: free set name in error path Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 027/110] netfilter: nf_tables: cant fail after linking rule into active rule list Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 028/110] netfilter: nf_tables: nf_tables_obj_lookup_byhandle() can be static Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 029/110] ARM64: dts: marvell: armada-cp110: Add clocks for the xmdio node Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 030/110] ARM64: dts: marvell: armada-cp110: Add mg_core_clk for ethernet node Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 031/110] i2c: designware: fix poll-after-enable regression Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 032/110] mtd: rawnand: marvell: Fix read logic for layouts with ->nchunks > 2 Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 033/110] powerpc/powernv: Fix NVRAM sleep in invalid context when crashing Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 034/110] drm: Match sysfs name in link removal to link creation Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 035/110] cpufreq: armada-37xx: driver relies on cpufreq-dt Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 036/110] lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 037/110] radix tree: fix multi-order iteration race Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 038/110] mm: dont allow deferred pages with NEED_PER_CPU_KM Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 039/110] drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk Greg Kroah-Hartman
2018-05-22 8:09 ` [Mesa-dev] " Martin Peres
2018-05-22 9:27 ` Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 040/110] s390/qdio: fix access to uninitialized qdio_q fields Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 041/110] s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 042/110] s390/qdio: dont release memory in qdio_setup_irq() Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 043/110] s390: remove indirect branch from do_softirq_own_stack Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 044/110] bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 045/110] x86/pkeys: Override pkey when moving away from PROT_EXEC Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 046/110] x86/pkeys: Do not special case protection key 0 Greg Kroah-Hartman
2018-05-21 21:11 ` Greg Kroah-Hartman [this message]
2018-05-21 21:11 ` [PATCH 4.16 048/110] ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 049/110] x86/apic/x2apic: Initialize cluster ID properly Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 050/110] x86/mm: Drop TS_COMPAT on 64-bit exec() syscall Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 051/110] tick/broadcast: Use for_each_cpu() specially on UP kernels Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 052/110] ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 053/110] ARM: 8770/1: kprobes: Prohibit probing on optimized_callback Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 054/110] ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 055/110] Btrfs: fix xattr loss after power failure Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 056/110] Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 057/110] btrfs: property: Set incompat flag if lzo/zstd compression is set Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 058/110] btrfs: fix crash when trying to resume balance without the resume flag Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 059/110] btrfs: Split btrfs_del_delalloc_inode into 2 functions Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 060/110] btrfs: Fix delalloc inodes invalidation during transaction abort Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 061/110] btrfs: fix reading stale metadata blocks after degraded raid1 mounts Greg Kroah-Hartman
2018-05-21 21:11 ` [PATCH 4.16 062/110] x86/nospec: Simplify alternative_msr_write() Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 063/110] x86/bugs: Concentrate bug detection into a separate function Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 064/110] x86/bugs: Concentrate bug reporting " Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 065/110] x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 066/110] x86/bugs, KVM: Support the combination of guest and host IBRS Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 067/110] x86/bugs: Expose /sys/../spec_store_bypass Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 068/110] x86/cpufeatures: Add X86_FEATURE_RDS Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 069/110] x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 070/110] x86/bugs/intel: Set proper CPU features and setup RDS Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 071/110] x86/bugs: Whitelist allowed SPEC_CTRL MSR values Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 072/110] x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 073/110] x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 074/110] x86/speculation: Create spec-ctrl.h to avoid include hell Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 075/110] prctl: Add speculation control prctls Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 076/110] x86/process: Allow runtime control of Speculative Store Bypass Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 077/110] x86/speculation: Add prctl for Speculative Store Bypass mitigation Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 078/110] nospec: Allow getting/setting on non-current task Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 079/110] proc: Provide details on speculation flaw mitigations Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 080/110] seccomp: Enable " Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 081/110] x86/bugs: Make boot modes __ro_after_init Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 082/110] prctl: Add force disable speculation Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 083/110] seccomp: Use PR_SPEC_FORCE_DISABLE Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 084/110] seccomp: Add filter flag to opt-out of SSB mitigation Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 085/110] seccomp: Move speculation migitation control to arch code Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 086/110] x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 087/110] x86/bugs: Rename _RDS to _SSBD Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 088/110] proc: Use underscores for SSBD in status Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 089/110] Documentation/spec_ctrl: Do some minor cleanups Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 090/110] x86/bugs: Fix __ssb_select_mitigation() return type Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 091/110] x86/bugs: Make cpu_show_common() static Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 092/110] x86/bugs: Fix the parameters alignment and missing void Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 093/110] x86/cpu: Make alternative_msr_write work for 32-bit code Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 094/110] KVM: SVM: Move spec control call after restore of GS Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 095/110] x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 096/110] x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 097/110] x86/cpufeatures: Disentangle SSBD enumeration Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 098/110] x86/cpufeatures: Add FEATURE_ZEN Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 099/110] x86/speculation: Handle HT correctly on AMD Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 100/110] x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 101/110] x86/speculation: Add virtualized speculative store bypass disable support Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 102/110] x86/speculation: Rework speculative_store_bypass_update() Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 103/110] x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host} Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 104/110] x86/bugs: Expose x86_spec_ctrl_base directly Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 105/110] x86/bugs: Remove x86_spec_ctrl_set() Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 106/110] x86/bugs: Rework spec_ctrl base and mask logic Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 107/110] x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 108/110] KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 109/110] x86/bugs: Rename SSBD_NO to SSB_NO Greg Kroah-Hartman
2018-05-21 21:12 ` [PATCH 4.16 110/110] bpf: Prevent memory disambiguation attack Greg Kroah-Hartman
2018-05-22 4:06 ` [PATCH 4.16 000/110] 4.16.11-stable review kernelci.org bot
2018-05-22 10:48 ` Naresh Kamboju
2018-05-22 12:54 ` Dan Rue
2018-05-22 14:02 ` Greg Kroah-Hartman
2018-05-22 14:22 ` Dan Rue
2018-05-22 14:02 ` Greg Kroah-Hartman
2018-05-22 13:35 ` Guenter Roeck
2018-05-22 17:46 ` Greg Kroah-Hartman
2018-05-22 20:45 ` Shuah Khan
2018-05-23 6:01 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180521210508.645245136@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=ard.biesheuvel@linaro.org \
--cc=hdegoede@redhat.com \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=matt@codeblueprint.co.uk \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).