x86/boot: Fix memremap of setup_indirect structures
commit 7228918b34615ef6317edcd9a058a057bc54aa32 upstream.
As documented, the setup_indirect structure is nested inside
the setup_data structures in the setup_data list. The code currently
accesses the fields inside the setup_indirect structure but only
the sizeof(struct setup_data) is being memremapped. No crash
occurred but this is just due to how the area is remapped under the
covers.
Properly memremap both the setup_data and setup_indirect structures
in these cases before accessing them.
Fixes: b3c72fc9a7 ("x86/boot: Introduce setup_indirect")
Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/1645668456-22036-2-git-send-email-ross.philipson@oracle.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Ross Philipson
committed by
Greg Kroah-Hartman
Greg Kroah-Hartman
parent
24d268130e
commit
b3444e5b64
@@ -995,8 +995,10 @@ early_param("memmap", parse_memmap_opt);
|
|||||||
*/
|
*/
|
||||||
void __init e820__reserve_setup_data(void)
|
void __init e820__reserve_setup_data(void)
|
||||||
{
|
{
|
||||||
|
struct setup_indirect *indirect;
|
||||||
struct setup_data *data;
|
struct setup_data *data;
|
||||||
u64 pa_data;
|
u64 pa_data, pa_next;
|
||||||
|
u32 len;
|
||||||
|
|
||||||
pa_data = boot_params.hdr.setup_data;
|
pa_data = boot_params.hdr.setup_data;
|
||||||
if (!pa_data)
|
if (!pa_data)
|
||||||
@@ -1004,6 +1006,14 @@ void __init e820__reserve_setup_data(void)
|
|||||||
|
|
||||||
while (pa_data) {
|
while (pa_data) {
|
||||||
data = early_memremap(pa_data, sizeof(*data));
|
data = early_memremap(pa_data, sizeof(*data));
|
||||||
|
if (!data) {
|
||||||
|
pr_warn("e820: failed to memremap setup_data entry\n");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
len = sizeof(*data);
|
||||||
|
pa_next = data->next;
|
||||||
|
|
||||||
e820__range_update(pa_data, sizeof(*data)+data->len, E820_TYPE_RAM, E820_TYPE_RESERVED_KERN);
|
e820__range_update(pa_data, sizeof(*data)+data->len, E820_TYPE_RAM, E820_TYPE_RESERVED_KERN);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -1015,18 +1025,27 @@ void __init e820__reserve_setup_data(void)
|
|||||||
sizeof(*data) + data->len,
|
sizeof(*data) + data->len,
|
||||||
E820_TYPE_RAM, E820_TYPE_RESERVED_KERN);
|
E820_TYPE_RAM, E820_TYPE_RESERVED_KERN);
|
||||||
|
|
||||||
if (data->type == SETUP_INDIRECT &&
|
if (data->type == SETUP_INDIRECT) {
|
||||||
((struct setup_indirect *)data->data)->type != SETUP_INDIRECT) {
|
len += data->len;
|
||||||
e820__range_update(((struct setup_indirect *)data->data)->addr,
|
early_memunmap(data, sizeof(*data));
|
||||||
((struct setup_indirect *)data->data)->len,
|
data = early_memremap(pa_data, len);
|
||||||
E820_TYPE_RAM, E820_TYPE_RESERVED_KERN);
|
if (!data) {
|
||||||
e820__range_update_kexec(((struct setup_indirect *)data->data)->addr,
|
pr_warn("e820: failed to memremap indirect setup_data\n");
|
||||||
((struct setup_indirect *)data->data)->len,
|
return;
|
||||||
E820_TYPE_RAM, E820_TYPE_RESERVED_KERN);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
pa_data = data->next;
|
indirect = (struct setup_indirect *)data->data;
|
||||||
early_memunmap(data, sizeof(*data));
|
|
||||||
|
if (indirect->type != SETUP_INDIRECT) {
|
||||||
|
e820__range_update(indirect->addr, indirect->len,
|
||||||
|
E820_TYPE_RAM, E820_TYPE_RESERVED_KERN);
|
||||||
|
e820__range_update_kexec(indirect->addr, indirect->len,
|
||||||
|
E820_TYPE_RAM, E820_TYPE_RESERVED_KERN);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pa_data = pa_next;
|
||||||
|
early_memunmap(data, len);
|
||||||
}
|
}
|
||||||
|
|
||||||
e820__update_table(e820_table);
|
e820__update_table(e820_table);
|
||||||
|
|||||||
@@ -88,11 +88,13 @@ create_setup_data_node(struct dentry *parent, int no,
|
|||||||
|
|
||||||
static int __init create_setup_data_nodes(struct dentry *parent)
|
static int __init create_setup_data_nodes(struct dentry *parent)
|
||||||
{
|
{
|
||||||
|
struct setup_indirect *indirect;
|
||||||
struct setup_data_node *node;
|
struct setup_data_node *node;
|
||||||
struct setup_data *data;
|
struct setup_data *data;
|
||||||
int error;
|
u64 pa_data, pa_next;
|
||||||
struct dentry *d;
|
struct dentry *d;
|
||||||
u64 pa_data;
|
int error;
|
||||||
|
u32 len;
|
||||||
int no = 0;
|
int no = 0;
|
||||||
|
|
||||||
d = debugfs_create_dir("setup_data", parent);
|
d = debugfs_create_dir("setup_data", parent);
|
||||||
@@ -112,12 +114,29 @@ static int __init create_setup_data_nodes(struct dentry *parent)
|
|||||||
error = -ENOMEM;
|
error = -ENOMEM;
|
||||||
goto err_dir;
|
goto err_dir;
|
||||||
}
|
}
|
||||||
|
pa_next = data->next;
|
||||||
|
|
||||||
if (data->type == SETUP_INDIRECT &&
|
if (data->type == SETUP_INDIRECT) {
|
||||||
((struct setup_indirect *)data->data)->type != SETUP_INDIRECT) {
|
len = sizeof(*data) + data->len;
|
||||||
node->paddr = ((struct setup_indirect *)data->data)->addr;
|
memunmap(data);
|
||||||
node->type = ((struct setup_indirect *)data->data)->type;
|
data = memremap(pa_data, len, MEMREMAP_WB);
|
||||||
node->len = ((struct setup_indirect *)data->data)->len;
|
if (!data) {
|
||||||
|
kfree(node);
|
||||||
|
error = -ENOMEM;
|
||||||
|
goto err_dir;
|
||||||
|
}
|
||||||
|
|
||||||
|
indirect = (struct setup_indirect *)data->data;
|
||||||
|
|
||||||
|
if (indirect->type != SETUP_INDIRECT) {
|
||||||
|
node->paddr = indirect->addr;
|
||||||
|
node->type = indirect->type;
|
||||||
|
node->len = indirect->len;
|
||||||
|
} else {
|
||||||
|
node->paddr = pa_data;
|
||||||
|
node->type = data->type;
|
||||||
|
node->len = data->len;
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
node->paddr = pa_data;
|
node->paddr = pa_data;
|
||||||
node->type = data->type;
|
node->type = data->type;
|
||||||
@@ -125,7 +144,7 @@ static int __init create_setup_data_nodes(struct dentry *parent)
|
|||||||
}
|
}
|
||||||
|
|
||||||
create_setup_data_node(d, no, node);
|
create_setup_data_node(d, no, node);
|
||||||
pa_data = data->next;
|
pa_data = pa_next;
|
||||||
|
|
||||||
memunmap(data);
|
memunmap(data);
|
||||||
no++;
|
no++;
|
||||||
|
|||||||
@@ -91,26 +91,41 @@ static int get_setup_data_paddr(int nr, u64 *paddr)
|
|||||||
|
|
||||||
static int __init get_setup_data_size(int nr, size_t *size)
|
static int __init get_setup_data_size(int nr, size_t *size)
|
||||||
{
|
{
|
||||||
int i = 0;
|
u64 pa_data = boot_params.hdr.setup_data, pa_next;
|
||||||
|
struct setup_indirect *indirect;
|
||||||
struct setup_data *data;
|
struct setup_data *data;
|
||||||
u64 pa_data = boot_params.hdr.setup_data;
|
int i = 0;
|
||||||
|
u32 len;
|
||||||
|
|
||||||
while (pa_data) {
|
while (pa_data) {
|
||||||
data = memremap(pa_data, sizeof(*data), MEMREMAP_WB);
|
data = memremap(pa_data, sizeof(*data), MEMREMAP_WB);
|
||||||
if (!data)
|
if (!data)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
pa_next = data->next;
|
||||||
|
|
||||||
if (nr == i) {
|
if (nr == i) {
|
||||||
if (data->type == SETUP_INDIRECT &&
|
if (data->type == SETUP_INDIRECT) {
|
||||||
((struct setup_indirect *)data->data)->type != SETUP_INDIRECT)
|
len = sizeof(*data) + data->len;
|
||||||
*size = ((struct setup_indirect *)data->data)->len;
|
memunmap(data);
|
||||||
|
data = memremap(pa_data, len, MEMREMAP_WB);
|
||||||
|
if (!data)
|
||||||
|
return -ENOMEM;
|
||||||
|
|
||||||
|
indirect = (struct setup_indirect *)data->data;
|
||||||
|
|
||||||
|
if (indirect->type != SETUP_INDIRECT)
|
||||||
|
*size = indirect->len;
|
||||||
else
|
else
|
||||||
*size = data->len;
|
*size = data->len;
|
||||||
|
} else {
|
||||||
|
*size = data->len;
|
||||||
|
}
|
||||||
|
|
||||||
memunmap(data);
|
memunmap(data);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
pa_data = data->next;
|
pa_data = pa_next;
|
||||||
memunmap(data);
|
memunmap(data);
|
||||||
i++;
|
i++;
|
||||||
}
|
}
|
||||||
@@ -120,9 +135,11 @@ static int __init get_setup_data_size(int nr, size_t *size)
|
|||||||
static ssize_t type_show(struct kobject *kobj,
|
static ssize_t type_show(struct kobject *kobj,
|
||||||
struct kobj_attribute *attr, char *buf)
|
struct kobj_attribute *attr, char *buf)
|
||||||
{
|
{
|
||||||
|
struct setup_indirect *indirect;
|
||||||
|
struct setup_data *data;
|
||||||
int nr, ret;
|
int nr, ret;
|
||||||
u64 paddr;
|
u64 paddr;
|
||||||
struct setup_data *data;
|
u32 len;
|
||||||
|
|
||||||
ret = kobj_to_setup_data_nr(kobj, &nr);
|
ret = kobj_to_setup_data_nr(kobj, &nr);
|
||||||
if (ret)
|
if (ret)
|
||||||
@@ -135,10 +152,20 @@ static ssize_t type_show(struct kobject *kobj,
|
|||||||
if (!data)
|
if (!data)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
if (data->type == SETUP_INDIRECT)
|
if (data->type == SETUP_INDIRECT) {
|
||||||
ret = sprintf(buf, "0x%x\n", ((struct setup_indirect *)data->data)->type);
|
len = sizeof(*data) + data->len;
|
||||||
else
|
memunmap(data);
|
||||||
|
data = memremap(paddr, len, MEMREMAP_WB);
|
||||||
|
if (!data)
|
||||||
|
return -ENOMEM;
|
||||||
|
|
||||||
|
indirect = (struct setup_indirect *)data->data;
|
||||||
|
|
||||||
|
ret = sprintf(buf, "0x%x\n", indirect->type);
|
||||||
|
} else {
|
||||||
ret = sprintf(buf, "0x%x\n", data->type);
|
ret = sprintf(buf, "0x%x\n", data->type);
|
||||||
|
}
|
||||||
|
|
||||||
memunmap(data);
|
memunmap(data);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
@@ -149,9 +176,10 @@ static ssize_t setup_data_data_read(struct file *fp,
|
|||||||
char *buf,
|
char *buf,
|
||||||
loff_t off, size_t count)
|
loff_t off, size_t count)
|
||||||
{
|
{
|
||||||
|
struct setup_indirect *indirect;
|
||||||
|
struct setup_data *data;
|
||||||
int nr, ret = 0;
|
int nr, ret = 0;
|
||||||
u64 paddr, len;
|
u64 paddr, len;
|
||||||
struct setup_data *data;
|
|
||||||
void *p;
|
void *p;
|
||||||
|
|
||||||
ret = kobj_to_setup_data_nr(kobj, &nr);
|
ret = kobj_to_setup_data_nr(kobj, &nr);
|
||||||
@@ -165,10 +193,27 @@ static ssize_t setup_data_data_read(struct file *fp,
|
|||||||
if (!data)
|
if (!data)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
if (data->type == SETUP_INDIRECT &&
|
if (data->type == SETUP_INDIRECT) {
|
||||||
((struct setup_indirect *)data->data)->type != SETUP_INDIRECT) {
|
len = sizeof(*data) + data->len;
|
||||||
paddr = ((struct setup_indirect *)data->data)->addr;
|
memunmap(data);
|
||||||
len = ((struct setup_indirect *)data->data)->len;
|
data = memremap(paddr, len, MEMREMAP_WB);
|
||||||
|
if (!data)
|
||||||
|
return -ENOMEM;
|
||||||
|
|
||||||
|
indirect = (struct setup_indirect *)data->data;
|
||||||
|
|
||||||
|
if (indirect->type != SETUP_INDIRECT) {
|
||||||
|
paddr = indirect->addr;
|
||||||
|
len = indirect->len;
|
||||||
|
} else {
|
||||||
|
/*
|
||||||
|
* Even though this is technically undefined, return
|
||||||
|
* the data as though it is a normal setup_data struct.
|
||||||
|
* This will at least allow it to be inspected.
|
||||||
|
*/
|
||||||
|
paddr += sizeof(*data);
|
||||||
|
len = data->len;
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
paddr += sizeof(*data);
|
paddr += sizeof(*data);
|
||||||
len = data->len;
|
len = data->len;
|
||||||
|
|||||||
@@ -371,21 +371,41 @@ static void __init parse_setup_data(void)
|
|||||||
|
|
||||||
static void __init memblock_x86_reserve_range_setup_data(void)
|
static void __init memblock_x86_reserve_range_setup_data(void)
|
||||||
{
|
{
|
||||||
|
struct setup_indirect *indirect;
|
||||||
struct setup_data *data;
|
struct setup_data *data;
|
||||||
u64 pa_data;
|
u64 pa_data, pa_next;
|
||||||
|
u32 len;
|
||||||
|
|
||||||
pa_data = boot_params.hdr.setup_data;
|
pa_data = boot_params.hdr.setup_data;
|
||||||
while (pa_data) {
|
while (pa_data) {
|
||||||
data = early_memremap(pa_data, sizeof(*data));
|
data = early_memremap(pa_data, sizeof(*data));
|
||||||
|
if (!data) {
|
||||||
|
pr_warn("setup: failed to memremap setup_data entry\n");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
len = sizeof(*data);
|
||||||
|
pa_next = data->next;
|
||||||
|
|
||||||
memblock_reserve(pa_data, sizeof(*data) + data->len);
|
memblock_reserve(pa_data, sizeof(*data) + data->len);
|
||||||
|
|
||||||
if (data->type == SETUP_INDIRECT &&
|
if (data->type == SETUP_INDIRECT) {
|
||||||
((struct setup_indirect *)data->data)->type != SETUP_INDIRECT)
|
len += data->len;
|
||||||
memblock_reserve(((struct setup_indirect *)data->data)->addr,
|
|
||||||
((struct setup_indirect *)data->data)->len);
|
|
||||||
|
|
||||||
pa_data = data->next;
|
|
||||||
early_memunmap(data, sizeof(*data));
|
early_memunmap(data, sizeof(*data));
|
||||||
|
data = early_memremap(pa_data, len);
|
||||||
|
if (!data) {
|
||||||
|
pr_warn("setup: failed to memremap indirect setup_data\n");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
indirect = (struct setup_indirect *)data->data;
|
||||||
|
|
||||||
|
if (indirect->type != SETUP_INDIRECT)
|
||||||
|
memblock_reserve(indirect->addr, indirect->len);
|
||||||
|
}
|
||||||
|
|
||||||
|
pa_data = pa_next;
|
||||||
|
early_memunmap(data, len);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -633,6 +633,7 @@ static bool memremap_is_efi_data(resource_size_t phys_addr,
|
|||||||
static bool memremap_is_setup_data(resource_size_t phys_addr,
|
static bool memremap_is_setup_data(resource_size_t phys_addr,
|
||||||
unsigned long size)
|
unsigned long size)
|
||||||
{
|
{
|
||||||
|
struct setup_indirect *indirect;
|
||||||
struct setup_data *data;
|
struct setup_data *data;
|
||||||
u64 paddr, paddr_next;
|
u64 paddr, paddr_next;
|
||||||
|
|
||||||
@@ -645,6 +646,10 @@ static bool memremap_is_setup_data(resource_size_t phys_addr,
|
|||||||
|
|
||||||
data = memremap(paddr, sizeof(*data),
|
data = memremap(paddr, sizeof(*data),
|
||||||
MEMREMAP_WB | MEMREMAP_DEC);
|
MEMREMAP_WB | MEMREMAP_DEC);
|
||||||
|
if (!data) {
|
||||||
|
pr_warn("failed to memremap setup_data entry\n");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
paddr_next = data->next;
|
paddr_next = data->next;
|
||||||
len = data->len;
|
len = data->len;
|
||||||
@@ -654,10 +659,21 @@ static bool memremap_is_setup_data(resource_size_t phys_addr,
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (data->type == SETUP_INDIRECT &&
|
if (data->type == SETUP_INDIRECT) {
|
||||||
((struct setup_indirect *)data->data)->type != SETUP_INDIRECT) {
|
memunmap(data);
|
||||||
paddr = ((struct setup_indirect *)data->data)->addr;
|
data = memremap(paddr, sizeof(*data) + len,
|
||||||
len = ((struct setup_indirect *)data->data)->len;
|
MEMREMAP_WB | MEMREMAP_DEC);
|
||||||
|
if (!data) {
|
||||||
|
pr_warn("failed to memremap indirect setup_data\n");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
indirect = (struct setup_indirect *)data->data;
|
||||||
|
|
||||||
|
if (indirect->type != SETUP_INDIRECT) {
|
||||||
|
paddr = indirect->addr;
|
||||||
|
len = indirect->len;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
memunmap(data);
|
memunmap(data);
|
||||||
|
|||||||
Reference in New Issue
Block a user