Patch "x86/efistub: Clear decompressor BSS in native EFI entrypoint" has been added to the 6.6-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    x86/efistub: Clear decompressor BSS in native EFI entrypoint

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     x86-efistub-clear-decompressor-bss-in-native-efi-ent.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 9c7b6c4fd5b9c82eb8f5243c1d3e469160e458b0
Author: Ard Biesheuvel <ardb@xxxxxxxxxx>
Date:   Fri Mar 15 16:26:16 2024 +0100

    x86/efistub: Clear decompressor BSS in native EFI entrypoint
    
    [ Upstream commit b3810c5a2cc4a6665f7a65bed5393c75ce3f3aa2 ]
    
    The EFI stub on x86 no longer invokes the decompressor as a subsequent
    boot stage, but calls into the decompression code directly while running
    in the context of the EFI boot services.
    
    This means that when using the native EFI entrypoint (as opposed to the
    EFI handover protocol, which clears BSS explicitly), the firmware PE
    image loader is being relied upon to ensure that BSS is zeroed before
    the EFI stub is entered from the firmware.
    
    As Radek's report proves, this is a bad idea. Not all loaders do this
    correctly, which means some global variables that should be statically
    initialized to 0x0 may have junk in them.
    
    So clear BSS explicitly when entering via efi_pe_entry(). Note that
    zeroing BSS from C code is not generally safe, but in this case, the
    following assignment and dereference of a global pointer variable
    ensures that the memset() cannot be deferred or reordered.
    
    Cc: <stable@xxxxxxxxxx> # v6.1+
    Reported-by: Radek Podgorny <radek@xxxxxxxxxxx>
    Closes: https://lore.kernel.org/all/a99a831a-8ad5-4cb0-bff9-be637311f771@xxxxxxxxxxx
    Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c
index 7bcc5170043fc..90f18315e0247 100644
--- a/drivers/firmware/efi/libstub/x86-stub.c
+++ b/drivers/firmware/efi/libstub/x86-stub.c
@@ -21,6 +21,8 @@
 #include "efistub.h"
 #include "x86-stub.h"
 
+extern char _bss[], _ebss[];
+
 const efi_system_table_t *efi_system_table;
 const efi_dxe_services_table_t *efi_dxe_table;
 static efi_loaded_image_t *image = NULL;
@@ -465,6 +467,8 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle,
 	efi_status_t status;
 	char *cmdline_ptr;
 
+	memset(_bss, 0, _ebss - _bss);
+
 	efi_system_table = sys_table_arg;
 
 	/* Check if we were booted by the EFI firmware */
@@ -956,8 +960,6 @@ void __noreturn efi_stub_entry(efi_handle_t handle,
 void efi_handover_entry(efi_handle_t handle, efi_system_table_t *sys_table_arg,
 			struct boot_params *boot_params)
 {
-	extern char _bss[], _ebss[];
-
 	memset(_bss, 0, _ebss - _bss);
 	efi_stub_entry(handle, sys_table_arg, boot_params);
 }




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux