Fixes for 6.7

Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/queue-6.7/series b/queue-6.7/series
index e3bad62f8dedb3609f13a98af3d2a20481bb55c0..9f6c95c11bba43e65c5595c7719b1536bc80ec91 100644 (file)
--- a/queue-6.7/series
+++ b/queue-6.7/series
@@ -708,3 +708,4 @@ spi-spi-mt65xx-fix-null-pointer-access-in-interrupt-.patch
 selftests-forwarding-fix-ping-failure-due-to-short-t.patch
 dm-io-support-io-priority.patch
 dm-integrity-align-the-outgoing-bio-in-integrity_rec.patch
+x86-efistub-clear-decompressor-bss-in-native-efi-ent.patch

diff --git a/queue-6.7/x86-efistub-clear-decompressor-bss-in-native-efi-ent.patch b/queue-6.7/x86-efistub-clear-decompressor-bss-in-native-efi-ent.patch
new file mode 100644 (file)
index 0000000..c24c3c6
--- /dev/null
+++ b/queue-6.7/x86-efistub-clear-decompressor-bss-in-native-efi-ent.patch
@@ -0,0 +1,70 @@
+From 09fbaa8f10af73c02d13c53cd39dae162b36cecc Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 15 Mar 2024 16:26:16 +0100
+Subject: x86/efistub: Clear decompressor BSS in native EFI entrypoint
+
+From: Ard Biesheuvel <ardb@kernel.org>
+
+[ Upstream commit b3810c5a2cc4a6665f7a65bed5393c75ce3f3aa2 ]
+
+The EFI stub on x86 no longer invokes the decompressor as a subsequent
+boot stage, but calls into the decompression code directly while running
+in the context of the EFI boot services.
+
+This means that when using the native EFI entrypoint (as opposed to the
+EFI handover protocol, which clears BSS explicitly), the firmware PE
+image loader is being relied upon to ensure that BSS is zeroed before
+the EFI stub is entered from the firmware.
+
+As Radek's report proves, this is a bad idea. Not all loaders do this
+correctly, which means some global variables that should be statically
+initialized to 0x0 may have junk in them.
+
+So clear BSS explicitly when entering via efi_pe_entry(). Note that
+zeroing BSS from C code is not generally safe, but in this case, the
+following assignment and dereference of a global pointer variable
+ensures that the memset() cannot be deferred or reordered.
+
+Cc: <stable@kernel.org> # v6.1+
+Reported-by: Radek Podgorny <radek@podgorny.cz>
+Closes: https://lore.kernel.org/all/a99a831a-8ad5-4cb0-bff9-be637311f771@podgorny.cz
+Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/firmware/efi/libstub/x86-stub.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c
+index 99429bc4b0c7e..681f576ec02a0 100644
+--- a/drivers/firmware/efi/libstub/x86-stub.c
++++ b/drivers/firmware/efi/libstub/x86-stub.c
+@@ -21,6 +21,8 @@
+ #include "efistub.h"
+ #include "x86-stub.h"
+ 
++extern char _bss[], _ebss[];
++
+ const efi_system_table_t *efi_system_table;
+ const efi_dxe_services_table_t *efi_dxe_table;
+ static efi_loaded_image_t *image = NULL;
+@@ -465,6 +467,8 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle,
+       efi_status_t status;
+       char *cmdline_ptr;
+ 
++      memset(_bss, 0, _ebss - _bss);
++
+       efi_system_table = sys_table_arg;
+ 
+       /* Check if we were booted by the EFI firmware */
+@@ -958,8 +962,6 @@ void __noreturn efi_stub_entry(efi_handle_t handle,
+ void efi_handover_entry(efi_handle_t handle, efi_system_table_t *sys_table_arg,
+                       struct boot_params *boot_params)
+ {
+-      extern char _bss[], _ebss[];
+-
+       memset(_bss, 0, _ebss - _bss);
+       efi_stub_entry(handle, sys_table_arg, boot_params);
+ }
+-- 
+2.43.0
+