On Thu, 12 Dec 2019 at 13:45, Hans de Goede <hdegoede@xxxxxxxxxx> wrote:
>
> Hi,
>
> On 12-12-2019 12:29, Ard Biesheuvel wrote:
> > On Thu, 12 Dec 2019 at 11:32, Hans de Goede <hdegoede@xxxxxxxxxx> wrote:
> >>
> >> When running in EFI mixed mode (running a 64 bit kernel on 32 bit EFI
> >> firmware), we _must_ initialize any pointers which are returned by
> >> reference by an EFI call to NULL before making the EFI call.
> >>
> >> In mixed mode pointers are 64 bit, but when running on a 32 bit firmware,
> >> EFI calls which return a pointer value by reference only fill the lower
> >> 32 bits of the passed pointer, leaving the upper 32 bits uninitialized
> >> unless we explicitly set them to 0 before the call.
> >>
> >> We have had this bug in the efi-stub-helper.c file reading code for
> >> a while now, but this has likely not been noticed sofar because
> >> this code only gets triggered when LILO style file=... arguments are
> >> present on the kernel cmdline.
> >>
> >> Cc: stable@xxxxxxxxxxxxxxx
> >> Signed-off-by: Hans de Goede <hdegoede@xxxxxxxxxx>
> >> ---
> >> drivers/firmware/efi/libstub/efi-stub-helper.c | 4 ++--
> >> 1 file changed, 2 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c
> >> index e02579907f2e..6ca7d86743af 100644
> >> --- a/drivers/firmware/efi/libstub/efi-stub-helper.c
> >> +++ b/drivers/firmware/efi/libstub/efi-stub-helper.c
> >> @@ -365,7 +365,7 @@ static efi_status_t efi_file_size(efi_system_table_t *sys_table_arg, void *__fh,
> >> u64 *file_sz)
> >> {
> >> efi_file_handle_t *h, *fh = __fh;
> >
> > What about h? Doesn't it suffer from the same problem?
> >
> >> - efi_file_info_t *info;
> >> + efi_file_info_t *info = NULL;
> >> efi_status_t status;
> >> efi_guid_t info_guid = EFI_FILE_INFO_ID;
> >> unsigned long info_sz;
> >
> > And info_sz?
>
> And "efi_file_io_interface_t *io" and "efi_file_handle_t *fh"
> in efi_open_volume().
>
> I think that is all of them.
>
OK.
I'll fix it up locally.
