[PATCH] efi: random: fix NULL-deref when refreshing seed

[PATCH] efi: random: fix NULL-deref when refreshing seed

[Johan Hovold]

Do not try to refresh the RNG seed in case the firmware does not support
setting variables.

This is specifically needed to prevent a NULL-pointer dereference on the
Lenovo X13s with some firmware revisions.

Fixes: e7b813b32a42 ("efi: random: refresh non-volatile random seed when RNG is initialized")
Reported-by: Steev Klimaszewski <steev@kali.org>
Reported-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
---
 drivers/firmware/efi/efi.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index 2e168e5b97de..1a9e2f70c550 100644
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -432,7 +432,9 @@ static int __init efisubsys_init(void)
 		platform_device_register_simple("efi_secret", 0, NULL, 0);
 #endif
 
-	execute_with_initialized_rng(&refresh_nv_rng_seed_nb);
+	if (efi_rt_services_supported(EFI_RT_SUPPORTED_SET_VARIABLE))
+		execute_with_initialized_rng(&refresh_nv_rng_seed_nb);
+
 	return 0;
 
 err_remove_group:
-- 
2.37.4

Re: [PATCH] efi: random: fix NULL-deref when refreshing seed

[Andrew Halaney]

On Fri, Dec 16, 2022 at 10:15:14AM +0100, Johan Hovold wrote:
> Do not try to refresh the RNG seed in case the firmware does not support
> setting variables.
> 
> This is specifically needed to prevent a NULL-pointer dereference on the
> Lenovo X13s with some firmware revisions.
> 
> Fixes: e7b813b32a42 ("efi: random: refresh non-volatile random seed when RNG is initialized")
> Reported-by: Steev Klimaszewski <steev@kali.org>
> Reported-by: Bjorn Andersson <andersson@kernel.org>
> Signed-off-by: Johan Hovold <johan+linaro@kernel.org>

Tested-by: Andrew Halaney <ahalaney@redhat.com> # sc8280xp-lenovo-thinkpad-x13s

Thanks Johan, this fixes the boot issue I was blindly fighting
yesterday.

> ---
>  drivers/firmware/efi/efi.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
> index 2e168e5b97de..1a9e2f70c550 100644
> --- a/drivers/firmware/efi/efi.c
> +++ b/drivers/firmware/efi/efi.c
> @@ -432,7 +432,9 @@ static int __init efisubsys_init(void)
>  		platform_device_register_simple("efi_secret", 0, NULL, 0);
>  #endif
>  
> -	execute_with_initialized_rng(&refresh_nv_rng_seed_nb);
> +	if (efi_rt_services_supported(EFI_RT_SUPPORTED_SET_VARIABLE))
> +		execute_with_initialized_rng(&refresh_nv_rng_seed_nb);
> +
>  	return 0;
>  
>  err_remove_group:
> -- 
> 2.37.4
> 

Re: [PATCH] efi: random: fix NULL-deref when refreshing seed

[Jason A. Donenfeld]

On Fri, Dec 16, 2022 at 10:15:14AM +0100, Johan Hovold wrote:
> Do not try to refresh the RNG seed in case the firmware does not support
> setting variables.
> 
> This is specifically needed to prevent a NULL-pointer dereference on the
> Lenovo X13s with some firmware revisions.
> 
> Fixes: e7b813b32a42 ("efi: random: refresh non-volatile random seed when RNG is initialized")
> Reported-by: Steev Klimaszewski <steev@kali.org>
> Reported-by: Bjorn Andersson <andersson@kernel.org>
> Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
> ---

Thanks very much for this, and sorry for the breakage. I'll try to get
this in before rc1 is cut, as I've got some other changes scheduled for
late in the merge window to send anyway.

Jason

Re: [PATCH] efi: random: fix NULL-deref when refreshing seed

[Johan Hovold]

On Fri, Dec 16, 2022 at 12:39:56PM -0700, Jason A. Donenfeld wrote:
> On Fri, Dec 16, 2022 at 10:15:14AM +0100, Johan Hovold wrote:
> > Do not try to refresh the RNG seed in case the firmware does not support
> > setting variables.
> > 
> > This is specifically needed to prevent a NULL-pointer dereference on the
> > Lenovo X13s with some firmware revisions.
> > 
> > Fixes: e7b813b32a42 ("efi: random: refresh non-volatile random seed when RNG is initialized")
> > Reported-by: Steev Klimaszewski <steev@kali.org>
> > Reported-by: Bjorn Andersson <andersson@kernel.org>
> > Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
> > ---
> 
> Thanks very much for this, and sorry for the breakage. I'll try to get
> this in before rc1 is cut, as I've got some other changes scheduled for
> late in the merge window to send anyway.

In case this one hasn't been picked up yet (it's not in linux-next), I
just sent a v2 with an amended commit message with an explicit mention
that as this is needed whenever the runtime services have been disabled
(e.g. with PREEMPT_RT):

	https://lore.kernel.org/lkml/20221219101237.9872-1-johan+linaro@kernel.org/

Johan