On Thu, Oct 31, 2024 at 06:58:23PM +0100, Ard Biesheuvel wrote: > From: Ard Biesheuvel <ardb@xxxxxxxxxx> > > There are reports [0] of cases where a corrupt EFI Memory Attributes > Table leads to out of memory issues at boot because the descriptor size > and entry count in the table header are still used to reserve the entire > table in memory, even though the resulting region is gigabytes in size. > > Given that the EFI Memory Attributes Table is supposed to carry up to 3 > entries for each EfiRuntimeServicesCode region in the EFI memory map, > and given that there is no reason for the descriptor size used in the > table to exceed the one used in the EFI memory map, 3x the size of the > entire EFI memory map is a reasonable upper bound for the size of this > table. This means that sizes exceeding that are highly likely to be > based on corrupted data, and the table should just be ignored instead. > > [0] https://bugzilla.suse.com/show_bug.cgi?id=1231465 > > Cc: Gregory Price <gourry@xxxxxxxxxx> > Cc: Usama Arif <usamaarif642@xxxxxxxxx> > Cc: Jiri Slaby <jirislaby@xxxxxxxxxx> > Cc: Breno Leitao <leitao@xxxxxxxxxx> > Link: https://lore.kernel.org/all/20240912155159.1951792-2-ardb+git@xxxxxxxxxx/ > Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx> Acked-by: Breno Leitao <leitao@xxxxxxxxxx>
