From: Greg KH <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, "H. Peter Anvin" <hpa@zytor.com>,
Nick Bowler <nbowler@elliptictech.com>,
Stephen Rothwell <sfr@canb.auug.org.au>,
Matt Fleming <matt.fleming@intel.com>
Subject: [ 51/75] x86, efi: Fix endian issues and unaligned accesses
Date: Fri, 04 May 2012 13:43:15 -0700 [thread overview]
Message-ID: <20120504204228.732924419@linuxfoundation.org> (raw)
In-Reply-To: <20120504204258.GA12552@kroah.com>
3.3-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matt Fleming <matt.fleming@intel.com>
commit 92f42c50f227ad228f815a8f4eec872524dae3a5 upstream.
We may need to convert the endianness of the data we read from/write
to 'buf', so let's use {get,put}_unaligned_le32() to do that. Failure
to do so can result in accessing invalid memory, leading to a
segfault. Stephen Rothwell noticed this bug while cross-building an
x86_64 allmodconfig kernel on PowerPC.
We need to read from and write to 'buf' a byte at a time otherwise
it's possible we'll perform an unaligned access, which can lead to bus
errors when cross-building an x86 kernel on risc architectures.
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Nick Bowler <nbowler@elliptictech.com>
Tested-by: Stephen Rothwell <sfr@canb.auug.org.au>
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
Link: http://lkml.kernel.org/r/1330436245-24875-6-git-send-email-matt@console-pimps.org
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/boot/tools/build.c | 31 +++++++++++++++----------------
1 file changed, 15 insertions(+), 16 deletions(-)
--- a/arch/x86/boot/tools/build.c
+++ b/arch/x86/boot/tools/build.c
@@ -34,6 +34,7 @@
#include <fcntl.h>
#include <sys/mman.h>
#include <asm/boot.h>
+#include <tools/le_byteshift.h>
typedef unsigned char u8;
typedef unsigned short u16;
@@ -41,6 +42,7 @@ typedef unsigned long u32;
#define DEFAULT_MAJOR_ROOT 0
#define DEFAULT_MINOR_ROOT 0
+#define DEFAULT_ROOT_DEV (DEFAULT_MAJOR_ROOT << 8 | DEFAULT_MINOR_ROOT)
/* Minimal number of setup sectors */
#define SETUP_SECT_MIN 5
@@ -159,7 +161,7 @@ int main(int argc, char ** argv)
die("read-error on `setup'");
if (c < 1024)
die("The setup must be at least 1024 bytes");
- if (buf[510] != 0x55 || buf[511] != 0xaa)
+ if (get_unaligned_le16(&buf[510]) != 0xAA55)
die("Boot block hasn't got boot flag (0xAA55)");
fclose(file);
@@ -171,8 +173,7 @@ int main(int argc, char ** argv)
memset(buf+c, 0, i-c);
/* Set the default root device */
- buf[508] = DEFAULT_MINOR_ROOT;
- buf[509] = DEFAULT_MAJOR_ROOT;
+ put_unaligned_le16(DEFAULT_ROOT_DEV, &buf[508]);
fprintf(stderr, "Setup is %d bytes (padded to %d bytes).\n", c, i);
@@ -192,44 +193,42 @@ int main(int argc, char ** argv)
/* Patch the setup code with the appropriate size parameters */
buf[0x1f1] = setup_sectors-1;
- buf[0x1f4] = sys_size;
- buf[0x1f5] = sys_size >> 8;
- buf[0x1f6] = sys_size >> 16;
- buf[0x1f7] = sys_size >> 24;
+ put_unaligned_le32(sys_size, &buf[0x1f4]);
#ifdef CONFIG_EFI_STUB
file_sz = sz + i + ((sys_size * 16) - sz);
- pe_header = *(unsigned int *)&buf[0x3c];
+ pe_header = get_unaligned_le32(&buf[0x3c]);
/* Size of code */
- *(unsigned int *)&buf[pe_header + 0x1c] = file_sz;
+ put_unaligned_le32(file_sz, &buf[pe_header + 0x1c]);
/* Size of image */
- *(unsigned int *)&buf[pe_header + 0x50] = file_sz;
+ put_unaligned_le32(file_sz, &buf[pe_header + 0x50]);
#ifdef CONFIG_X86_32
/* Address of entry point */
- *(unsigned int *)&buf[pe_header + 0x28] = i;
+ put_unaligned_le32(i, &buf[pe_header + 0x28]);
/* .text size */
- *(unsigned int *)&buf[pe_header + 0xb0] = file_sz;
+ put_unaligned_le32(file_sz, &buf[pe_header + 0xb0]);
/* .text size of initialised data */
- *(unsigned int *)&buf[pe_header + 0xb8] = file_sz;
+ put_unaligned_le32(file_sz, &buf[pe_header + 0xb8]);
#else
/*
* Address of entry point. startup_32 is at the beginning and
* the 64-bit entry point (startup_64) is always 512 bytes
* after.
*/
- *(unsigned int *)&buf[pe_header + 0x28] = i + 512;
+ put_unaligned_le32(i + 512, &buf[pe_header + 0x28]);
/* .text size */
- *(unsigned int *)&buf[pe_header + 0xc0] = file_sz;
+ put_unaligned_le32(file_sz, &buf[pe_header + 0xc0]);
/* .text size of initialised data */
- *(unsigned int *)&buf[pe_header + 0xc8] = file_sz;
+ put_unaligned_le32(file_sz, &buf[pe_header + 0xc8]);
+
#endif /* CONFIG_X86_32 */
#endif /* CONFIG_EFI_STUB */
next prev parent reply other threads:[~2012-05-04 20:43 UTC|newest]
Thread overview: 88+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-04 20:42 [ 00/75] 3.3.5-stable review Greg KH
2012-05-04 20:42 ` [ 01/75] nfs: Enclose hostname in brackets when needed in nfs_do_root_mount Greg KH
2012-05-04 20:42 ` [ 02/75] NFSv4: Ensure that the LOCK code sets exception->inode Greg KH
2012-05-04 20:42 ` [ 03/75] NFSv4: Ensure that we check lock exclusive/shared type against open modes Greg KH
2012-05-04 20:42 ` [ 04/75] NFS: put open context on error in nfs_pagein_multi Greg KH
2012-05-04 20:42 ` [ 05/75] NFS: put open context on error in nfs_flush_multi Greg KH
2012-05-04 20:42 ` [ 06/75] x86, microcode: Fix sysfs warning during module unload on unsupported CPUs Greg KH
2012-05-04 20:42 ` [ 07/75] x86, microcode: Ensure that module is only loaded on supported AMD CPUs Greg KH
2012-05-04 20:42 ` [ 08/75] x86, apic: APIC code touches invalid MSR on P5 class machines Greg KH
2012-05-04 20:42 ` [ 09/75] x86/platform: Remove incorrect error message in x86_default_fixup_cpu_id() Greg KH
2012-05-04 20:42 ` [ 10/75] Revert "autofs: work around unhappy compat problem on x86-64" Greg KH
2012-05-04 20:42 ` [ 11/75] xen: correctly check for pending events when restoring irq flags Greg KH
2012-05-04 20:42 ` [ 12/75] xen/smp: Fix crash when booting with ACPI hotplug CPUs Greg KH
2012-05-04 20:42 ` [ 13/75] ASoC: dapm: Ensure power gets managed for line widgets Greg KH
2012-05-04 20:42 ` [ 14/75] ASoC: wm8994: Improve sequencing of AIF channel enables Greg KH
2012-05-04 20:42 ` [ 15/75] dmaengine: at_hdmac: remove clear-on-read in atc_dostart() Greg KH
2012-05-04 20:42 ` [ 16/75] sched: Fix OOPS when build_sched_domains() percpu allocation fails Greg KH
2012-05-04 20:42 ` [ 17/75] tracing: Fix stacktrace of latency tracers (irqsoff and friends) Greg KH
2012-05-04 20:42 ` [ 18/75] hwmon: fam15h_power: fix bogus values with current BIOSes Greg KH
2012-05-04 20:42 ` [ 19/75] hwmon: (fam15h_power) Fix pci_device_id array Greg KH
2012-05-04 20:42 ` [ 20/75] dell-laptop: Terminate quirks list properly Greg KH
2012-05-04 20:42 ` [ 21/75] drm/radeon/kms: need to set up ss on DP bridges as well Greg KH
2012-05-04 20:42 ` [ 22/75] drm/i915: handle input/output sdvo timings separately in mode_set Greg KH
2012-05-04 20:42 ` [ 23/75] drm/i915: Set the Stencil Cache eviction policy to non-LRA mode Greg KH
2012-05-04 20:42 ` [ 24/75] drm/i915: fix integer overflow in i915_gem_execbuffer2() Greg KH
2012-05-04 20:42 ` [ 25/75] drm/i915: fix integer overflow in i915_gem_do_execbuffer() Greg KH
2012-05-04 20:42 ` [ 26/75] i387: ptrace breaks the lazy-fpu-restore logic Greg KH
2012-05-04 20:42 ` [ 27/75] nl80211: ensure interface is up in various APIs Greg KH
2012-05-04 20:42 ` [ 28/75] ALSA: HDA: Add external mic quirk for Asus Zenbook UX31E Greg KH
2012-05-04 20:42 ` [ 29/75] USB: cdc-wdm: fix race leading leading to memory corruption Greg KH
2012-05-04 20:42 ` [ 30/75] USB: EHCI: fix crash during suspend on ASUS computers Greg KH
2012-05-04 20:42 ` [ 31/75] USB: gadget: storage gadgets send wrong error code for unknown commands Greg KH
2012-05-04 20:42 ` [ 32/75] usb: gadget: dummy: do not call pullup() on udc_stop() Greg KH
2012-05-04 20:42 ` [ 33/75] usb gadget: uvc: uvc_request_data::length field must be signed Greg KH
2012-05-04 20:42 ` [ 34/75] pipes: add a "packetized pipe" mode for writing Greg KH
2012-05-04 20:42 ` [ 35/75] autofs: make the autofsv5 packet file descriptor use a packetized pipe Greg KH
2012-05-04 20:43 ` [ 36/75] crypto: talitos - properly lock access to global talitos registers Greg KH
2012-05-04 20:43 ` [ 37/75] Input: synaptics - fix regression with "image sensor" trackpads Greg KH
2012-05-04 20:43 ` [ 38/75] USB: ehci-tegra: remove redundant gpio_set_value Greg KH
2012-05-04 20:43 ` [ 39/75] ARM: 7396/1: errata: only handle ARM erratum #326103 on affected cores Greg KH
2012-05-04 20:43 ` [ 40/75] ARM: 7403/1: tls: remove covert channel via TPIDRURW Greg KH
2012-05-04 20:43 ` [ 41/75] ARM: 7406/1: hotplug: copy the affinity mask when forcefully migrating IRQs Greg KH
2012-05-04 20:43 ` [ 42/75] MIPS: ath79: fix AR933X WMAC reset code Greg KH
2012-05-04 20:43 ` [ 43/75] SCSI: libsas: fix sas_find_bcast_phy() in the presence of vacant phys Greg KH
2012-05-04 20:43 ` [ 44/75] SCSI: libsas: fix false positive device attached conditions Greg KH
2012-05-04 20:43 ` [ 45/75] efi: Add new variable attributes Greg KH
2012-05-04 20:43 ` [ 46/75] efi: Validate UEFI boot variables Greg KH
2012-05-04 20:43 ` [ 47/75] x86, efi: Fix pointer math issue in handle_ramdisks() Greg KH
2012-05-04 20:43 ` [ 48/75] tools/include: Add byteshift headers for endian access Greg KH
2012-05-04 20:43 ` [ 49/75] x86, mkpiggy: Dont open code put_unaligned_le32() Greg KH
2012-05-04 20:43 ` [ 50/75] x86, boot: Restrict CFLAGS for hostprogs Greg KH
2012-05-04 20:43 ` Greg KH [this message]
2012-05-04 20:43 ` [ 52/75] x86, boot: Correct " Greg KH
2012-05-04 20:43 ` [ 53/75] x86, efi: Add dedicated EFI stub entry point Greg KH
2012-05-04 20:43 ` [ 54/75] powerpc/85xx: dont call of_platform_bus_probe() twice Greg KH
2012-05-04 20:43 ` [ 55/75] PM / Hibernate: fix the number of pages used for hibernate/thaw buffering Greg KH
2012-05-04 20:43 ` [ 56/75] sched: Fix nohz load accounting -- again! Greg KH
2012-05-04 22:03 ` Doug Smythies
[not found] ` <002101cd2e38$3adfbc80$b09f3580$@net>
2012-05-22 16:39 ` Doug Smythies
2012-05-04 20:43 ` [ 57/75] exit_signal: simplify the "we have changed execution domain" logic Greg KH
2012-05-07 1:57 ` Ben Hutchings
2012-05-08 0:31 ` Greg KH
2012-05-09 3:07 ` Ben Hutchings
2012-05-04 20:43 ` [ 58/75] exit_signal: fix the "parent has changed security " Greg KH
2012-05-04 20:43 ` [ 59/75] md/raid5: Fix a bug about judging if the operation is syncing or replacing Greg KH
2012-05-04 20:43 ` [ 60/75] efivars: Improve variable validation Greg KH
2012-05-04 20:43 ` [ 61/75] hwmon: (coretemp) Increase CPU core limit Greg KH
2012-05-04 20:43 ` [ 62/75] nouveau: initialise has_optimus variable Greg KH
2012-05-04 20:43 ` [ 63/75] hwmon: (coretemp) fix oops on cpu unplug Greg KH
2012-05-04 20:43 ` [ 64/75] libata: skip old error history when counting probe trials Greg KH
2012-05-04 20:43 ` [ 65/75] b43: only reload config after successful initialization Greg KH
2012-05-04 20:43 ` [ 66/75] i2c: pnx: Disable clk in suspend Greg KH
2012-05-04 20:43 ` [ 67/75] ipw2200: Fix race condition in the command completion acknowledge Greg KH
2012-05-07 14:37 ` Ben Hutchings
2012-05-07 23:45 ` Stanislav Yakovlev
2012-05-08 0:14 ` Ben Hutchings
2012-05-04 20:43 ` [ 68/75] mac80211: fix AP mode EAP tx for VLAN stations Greg KH
2012-05-04 20:43 ` [ 69/75] rtlwifi: Fix oops on unload Greg KH
2012-05-04 20:43 ` [ 70/75] wl1251: fix crash on remove due to premature kfree Greg KH
2012-05-04 20:43 ` [ 71/75] wl1251: fix crash on remove due to leftover work item Greg KH
2012-05-04 20:43 ` [ 72/75] iwlwifi: do not nulify ctx->vif on reset Greg KH
2012-05-04 20:43 ` [ 73/75] iwlwifi: use correct released ucode version Greg KH
2012-05-07 14:41 ` Ben Hutchings
2012-05-07 19:24 ` Venkataraman, Meenakshi
2012-05-09 3:03 ` Ben Hutchings
2012-05-04 20:43 ` [ 74/75] iwlwifi: fix hardware queue programming Greg KH
2012-05-04 20:43 ` [ 75/75] iwlwifi: use 6000G2B for 6030 device series Greg KH
2012-05-05 19:39 ` [ 00/75] 3.3.5-stable review Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120504204228.732924419@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=matt.fleming@intel.com \
--cc=nbowler@elliptictech.com \
--cc=sfr@canb.auug.org.au \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).