5.7-stable patches

author Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Mon, 17 Aug 2020 12:56:20 +0000 (14:56 +0200)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Mon, 17 Aug 2020 12:56:20 +0000 (14:56 +0200)
author Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 17 Aug 2020 12:56:20 +0000 (14:56 +0200)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 17 Aug 2020 12:56:20 +0000 (14:56 +0200)
diff --git a/queue-5.7/firmware_loader-efi-firmware-loader-must-handle-pre-allocated-buffer.patch b/queue-5.7/firmware_loader-efi-firmware-loader-must-handle-pre-allocated-buffer.patch

new file mode 100644 (file)

index 0000000..7d55d6b
--- /dev/null
+++ b/queue-5.7/firmware_loader-efi-firmware-loader-must-handle-pre-allocated-buffer.patch
@@ -0,0 +1,38 @@
+From 4fb60b158afd3ac9e0fe9975aa476213f5cc0a4d Mon Sep 17 00:00:00 2001
+From: Kees Cook <keescook@chromium.org>
+Date: Fri, 24 Jul 2020 14:36:24 -0700
+Subject: firmware_loader: EFI firmware loader must handle pre-allocated buffer
+
+From: Kees Cook <keescook@chromium.org>
+
+commit 4fb60b158afd3ac9e0fe9975aa476213f5cc0a4d upstream.
+
+The EFI platform firmware fallback would clobber any pre-allocated
+buffers. Instead, correctly refuse to reallocate when too small (as
+already done in the sysfs fallback), or perform allocation normally
+when needed.
+
+Fixes: e4c2c0ff00ec ("firmware: Add new platform fallback mechanism and firmware_request_platform()")
+Cc: stable@vger.kernel.org
+Acked-by: Scott Branden <scott.branden@broadcom.com>
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Link: https://lore.kernel.org/r/20200724213640.389191-4-keescook@chromium.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/base/firmware_loader/fallback_platform.c |    5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/drivers/base/firmware_loader/fallback_platform.c
++++ b/drivers/base/firmware_loader/fallback_platform.c
+@@ -25,7 +25,10 @@ int firmware_fallback_platform(struct fw
+       if (rc)
+               return rc; /* rc == -ENOENT when the fw was not found */
+ 
+-      fw_priv->data = vmalloc(size);
++      if (fw_priv->data && size > fw_priv->allocated_size)
++              return -ENOMEM;
++      if (!fw_priv->data)
++              fw_priv->data = vmalloc(size);
+       if (!fw_priv->data)
+               return -ENOMEM;
+ 
diff --git a/queue-5.7/series b/queue-5.7/series

index 2dfbcba2b6eaf04be477f279614fd99d3249e610..aa0ef431daa6ca21cbeab595309b2cf698150017 100644 (file)
--- a/queue-5.7/series
+++ b/queue-5.7/series
@@ -377,3 +377,4 @@ arm-dts-exynos-extend-all-exynos5800-a15-s-opps-with-max-voltage-data.patch
  arm-8992-1-fix-unwind_frame-for-clang-built-kernels.patch
  firmware-qcom_scm-fix-legacy-convention-scm-accessors.patch
  irqdomain-treewide-free-firmware-node-after-domain-removal.patch
+firmware_loader-efi-firmware-loader-must-handle-pre-allocated-buffer.patch
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 17 Aug 2020 12:56:20 +0000 (14:56 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 17 Aug 2020 12:56:20 +0000 (14:56 +0200)
queue-5.7/firmware_loader-efi-firmware-loader-must-handle-pre-allocated-buffer.patch	[new file with mode: 0644]	patch \| blob
queue-5.7/series		patch \| blob \| blame \| history