Commit ab03e91e authored by Demi Marie Obenour's avatar Demi Marie Obenour Committed by Ard Biesheuvel

efi: memmap: Disregard bogus entries instead of returning them

The ESRT code currently contains two consistency checks on the memory
descriptor it obtains, but one of them is both incomplete and can only
trigger on invalid descriptors.

So let's drop these checks, and instead disregard descriptors entirely
if the start address is misaligned, or if the number of pages reaches
to or beyond the end of the address space.  Note that the memory map as
a whole could still be inconsistent: multiple entries might cover the
same area, or the address could be outside of the addressable PA space,
but validating that goes beyond the scope of these helpers.  Also note
that since the physical address space is never 64-bits wide, a
descriptor that includes the last page of memory is not valid.  This is
fortunate, since it means that a valid physical address will never be an
error pointer and that the length of a memory descriptor in bytes will
fit in a 64-bit unsigned integer.
Co-developed-by: default avatarArd Biesheuvel <ardb@kernel.org>
Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
Signed-off-by: default avatarDemi Marie Obenour <demi@invisiblethingslab.com>
Tested-by: default avatarMarek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
parent 2cf9e278
...@@ -496,6 +496,12 @@ int efi_mem_desc_lookup(u64 phys_addr, efi_memory_desc_t *out_md) ...@@ -496,6 +496,12 @@ int efi_mem_desc_lookup(u64 phys_addr, efi_memory_desc_t *out_md)
u64 size; u64 size;
u64 end; u64 end;
/* skip bogus entries (including empty ones) */
if ((md->phys_addr & (EFI_PAGE_SIZE - 1)) ||
(md->num_pages <= 0) ||
(md->num_pages > (U64_MAX - md->phys_addr) >> EFI_PAGE_SHIFT))
continue;
size = md->num_pages << EFI_PAGE_SHIFT; size = md->num_pages << EFI_PAGE_SHIFT;
end = md->phys_addr + size; end = md->phys_addr + size;
if (phys_addr >= md->phys_addr && phys_addr < end) { if (phys_addr >= md->phys_addr && phys_addr < end) {
......
...@@ -263,15 +263,8 @@ void __init efi_esrt_init(void) ...@@ -263,15 +263,8 @@ void __init efi_esrt_init(void)
return; return;
} }
max = efi_mem_desc_end(&md); max = efi_mem_desc_end(&md) - efi.esrt;
if (max < efi.esrt) {
pr_err("EFI memory descriptor is invalid. (esrt: %p max: %p)\n",
(void *)efi.esrt, (void *)max);
return;
}
size = sizeof(*esrt); size = sizeof(*esrt);
max -= efi.esrt;
if (max < size) { if (max < size) {
pr_err("ESRT header doesn't fit on single memory map entry. (size: %zu max: %zu)\n", pr_err("ESRT header doesn't fit on single memory map entry. (size: %zu max: %zu)\n",
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment