[PATCH v2] efi: random: fix NULL-deref when refreshing seed

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH v2] efi: random: fix NULL-deref when refreshing seed
@ 2022-12-19 10:12 Johan Hovold
  2022-12-19 14:00 ` Jason A. Donenfeld
  2022-12-19 14:40 ` Steev Klimaszewski
  0 siblings, 2 replies; 4+ messages in thread
From: Johan Hovold @ 2022-12-19 10:12 UTC (permalink / raw)
  To: Ard Biesheuvel
  Cc: Jason A. Donenfeld, linux-efi, linux-kernel, Johan Hovold,
	Steev Klimaszewski, Bjorn Andersson, Andrew Halaney

Do not try to refresh the RNG seed in case the firmware does not support
setting variables.

This is specifically needed to prevent a NULL-pointer dereference on the
Lenovo X13s with some firmware revisions, or more generally, whenever
the runtime services have been disabled (e.g. efi=noruntime or with
PREEMPT_RT).

Fixes: e7b813b32a42 ("efi: random: refresh non-volatile random seed when RNG is initialized")
Reported-by: Steev Klimaszewski <steev@kali.org>
Reported-by: Bjorn Andersson <andersson@kernel.org>
Tested-by: Andrew Halaney <ahalaney@redhat.com> # sc8280xp-lenovo-thinkpad-x13s
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
---

Changes in v2
 - amend commit message with a comment on this being needed whenever the
   runtime services have been disabled


 drivers/firmware/efi/efi.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index 31a4090c66b3..09716eebe8ac 100644
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -429,7 +429,9 @@ static int __init efisubsys_init(void)
 		platform_device_register_simple("efi_secret", 0, NULL, 0);
 #endif
 
-	execute_with_initialized_rng(&refresh_nv_rng_seed_nb);
+	if (efi_rt_services_supported(EFI_RT_SUPPORTED_SET_VARIABLE))
+		execute_with_initialized_rng(&refresh_nv_rng_seed_nb);
+
 	return 0;
 
 err_remove_group:
-- 
2.37.4


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH v2] efi: random: fix NULL-deref when refreshing seed
  2022-12-19 10:12 [PATCH v2] efi: random: fix NULL-deref when refreshing seed Johan Hovold
@ 2022-12-19 14:00 ` Jason A. Donenfeld
  2022-12-19 14:08   ` Johan Hovold
  2022-12-19 14:40 ` Steev Klimaszewski
  1 sibling, 1 reply; 4+ messages in thread
From: Jason A. Donenfeld @ 2022-12-19 14:00 UTC (permalink / raw)
  To: Johan Hovold
  Cc: Ard Biesheuvel, linux-efi, linux-kernel, Steev Klimaszewski,
	Bjorn Andersson, Andrew Halaney

On Mon, Dec 19, 2022 at 11:12:37AM +0100, Johan Hovold wrote:
> Do not try to refresh the RNG seed in case the firmware does not support
> setting variables.
> 
> This is specifically needed to prevent a NULL-pointer dereference on the
> Lenovo X13s with some firmware revisions, or more generally, whenever
> the runtime services have been disabled (e.g. efi=noruntime or with
> PREEMPT_RT).
> 
> Fixes: e7b813b32a42 ("efi: random: refresh non-volatile random seed when RNG is initialized")
> Reported-by: Steev Klimaszewski <steev@kali.org>
> Reported-by: Bjorn Andersson <andersson@kernel.org>
> Tested-by: Andrew Halaney <ahalaney@redhat.com> # sc8280xp-lenovo-thinkpad-x13s
> Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
> ---
> 
> Changes in v2
>  - amend commit message with a comment on this being needed whenever the
>    runtime services have been disabled

I'll queue up the one with the amended commit message.

Jason

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH v2] efi: random: fix NULL-deref when refreshing seed
  2022-12-19 14:00 ` Jason A. Donenfeld
@ 2022-12-19 14:08   ` Johan Hovold
  0 siblings, 0 replies; 4+ messages in thread
From: Johan Hovold @ 2022-12-19 14:08 UTC (permalink / raw)
  To: Jason A. Donenfeld
  Cc: Johan Hovold, Ard Biesheuvel, linux-efi, linux-kernel,
	Steev Klimaszewski, Bjorn Andersson, Andrew Halaney

On Mon, Dec 19, 2022 at 03:00:17PM +0100, Jason A. Donenfeld wrote:
> On Mon, Dec 19, 2022 at 11:12:37AM +0100, Johan Hovold wrote:
> > Do not try to refresh the RNG seed in case the firmware does not support
> > setting variables.
> > 
> > This is specifically needed to prevent a NULL-pointer dereference on the
> > Lenovo X13s with some firmware revisions, or more generally, whenever
> > the runtime services have been disabled (e.g. efi=noruntime or with
> > PREEMPT_RT).
> > 
> > Fixes: e7b813b32a42 ("efi: random: refresh non-volatile random seed when RNG is initialized")
> > Reported-by: Steev Klimaszewski <steev@kali.org>
> > Reported-by: Bjorn Andersson <andersson@kernel.org>
> > Tested-by: Andrew Halaney <ahalaney@redhat.com> # sc8280xp-lenovo-thinkpad-x13s
> > Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
> > ---
> > 
> > Changes in v2
> >  - amend commit message with a comment on this being needed whenever the
> >    runtime services have been disabled
> 
> I'll queue up the one with the amended commit message.

Perfect, thanks!

Johan

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH v2] efi: random: fix NULL-deref when refreshing seed
  2022-12-19 10:12 [PATCH v2] efi: random: fix NULL-deref when refreshing seed Johan Hovold
  2022-12-19 14:00 ` Jason A. Donenfeld
@ 2022-12-19 14:40 ` Steev Klimaszewski
  1 sibling, 0 replies; 4+ messages in thread
From: Steev Klimaszewski @ 2022-12-19 14:40 UTC (permalink / raw)
  To: Johan Hovold
  Cc: Ard Biesheuvel, Jason A. Donenfeld, linux-efi, linux-kernel,
	Bjorn Andersson, Andrew Halaney

On Mon, Dec 19, 2022 at 4:13 AM Johan Hovold <johan+linaro@kernel.org> wrote:
>
> Do not try to refresh the RNG seed in case the firmware does not support
> setting variables.
>
> This is specifically needed to prevent a NULL-pointer dereference on the
> Lenovo X13s with some firmware revisions, or more generally, whenever
> the runtime services have been disabled (e.g. efi=noruntime or with
> PREEMPT_RT).
>
> Fixes: e7b813b32a42 ("efi: random: refresh non-volatile random seed when RNG is initialized")
> Reported-by: Steev Klimaszewski <steev@kali.org>
> Reported-by: Bjorn Andersson <andersson@kernel.org>
> Tested-by: Andrew Halaney <ahalaney@redhat.com> # sc8280xp-lenovo-thinkpad-x13s
> Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
> ---
>
> Changes in v2
>  - amend commit message with a comment on this being needed whenever the
>    runtime services have been disabled
>
>
>  drivers/firmware/efi/efi.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
> index 31a4090c66b3..09716eebe8ac 100644
> --- a/drivers/firmware/efi/efi.c
> +++ b/drivers/firmware/efi/efi.c
> @@ -429,7 +429,9 @@ static int __init efisubsys_init(void)
>                 platform_device_register_simple("efi_secret", 0, NULL, 0);
>  #endif
>
> -       execute_with_initialized_rng(&refresh_nv_rng_seed_nb);
> +       if (efi_rt_services_supported(EFI_RT_SUPPORTED_SET_VARIABLE))
> +               execute_with_initialized_rng(&refresh_nv_rng_seed_nb);
> +
>         return 0;
>
>  err_remove_group:
> --
> 2.37.4
>
Andrew already sent one, but also confirming since I reported it, this
fixes the issue for me as well.
Tested-by: Steev Klimaszewski <steev@kali.org>

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2022-12-19 14:40 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-12-19 10:12 [PATCH v2] efi: random: fix NULL-deref when refreshing seed Johan Hovold
2022-12-19 14:00 ` Jason A. Donenfeld
2022-12-19 14:08   ` Johan Hovold
2022-12-19 14:40 ` Steev Klimaszewski

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox