From: Sasha Levin Date: Sun, 24 Mar 2024 20:48:04 +0000 (-0400) Subject: Fixes for 6.8 X-Git-Tag: v6.8.2~43 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1e3dc6b96d39a7df357e379fb4a818a6cdc21a7f;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 6.8 Signed-off-by: Sasha Levin --- diff --git a/queue-6.8/series b/queue-6.8/series index e7f6e55450c..aa930afb548 100644 --- a/queue-6.8/series +++ b/queue-6.8/series @@ -710,3 +710,4 @@ spi-spi-mt65xx-fix-null-pointer-access-in-interrupt-.patch selftests-forwarding-fix-ping-failure-due-to-short-t.patch dm-io-support-io-priority.patch dm-integrity-align-the-outgoing-bio-in-integrity_rec.patch +x86-efistub-clear-decompressor-bss-in-native-efi-ent.patch diff --git a/queue-6.8/x86-efistub-clear-decompressor-bss-in-native-efi-ent.patch b/queue-6.8/x86-efistub-clear-decompressor-bss-in-native-efi-ent.patch new file mode 100644 index 00000000000..f06d9e67a0c --- /dev/null +++ b/queue-6.8/x86-efistub-clear-decompressor-bss-in-native-efi-ent.patch @@ -0,0 +1,70 @@ +From ea18347cb8519af39ec4d12963a1986a2c0ef1a8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 15 Mar 2024 16:26:16 +0100 +Subject: x86/efistub: Clear decompressor BSS in native EFI entrypoint + +From: Ard Biesheuvel + +[ Upstream commit b3810c5a2cc4a6665f7a65bed5393c75ce3f3aa2 ] + +The EFI stub on x86 no longer invokes the decompressor as a subsequent +boot stage, but calls into the decompression code directly while running +in the context of the EFI boot services. + +This means that when using the native EFI entrypoint (as opposed to the +EFI handover protocol, which clears BSS explicitly), the firmware PE +image loader is being relied upon to ensure that BSS is zeroed before +the EFI stub is entered from the firmware. + +As Radek's report proves, this is a bad idea. Not all loaders do this +correctly, which means some global variables that should be statically +initialized to 0x0 may have junk in them. + +So clear BSS explicitly when entering via efi_pe_entry(). Note that +zeroing BSS from C code is not generally safe, but in this case, the +following assignment and dereference of a global pointer variable +ensures that the memset() cannot be deferred or reordered. + +Cc: # v6.1+ +Reported-by: Radek Podgorny +Closes: https://lore.kernel.org/all/a99a831a-8ad5-4cb0-bff9-be637311f771@podgorny.cz +Signed-off-by: Ard Biesheuvel +Signed-off-by: Sasha Levin +--- + drivers/firmware/efi/libstub/x86-stub.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c +index 99429bc4b0c7e..681f576ec02a0 100644 +--- a/drivers/firmware/efi/libstub/x86-stub.c ++++ b/drivers/firmware/efi/libstub/x86-stub.c +@@ -21,6 +21,8 @@ + #include "efistub.h" + #include "x86-stub.h" + ++extern char _bss[], _ebss[]; ++ + const efi_system_table_t *efi_system_table; + const efi_dxe_services_table_t *efi_dxe_table; + static efi_loaded_image_t *image = NULL; +@@ -465,6 +467,8 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle, + efi_status_t status; + char *cmdline_ptr; + ++ memset(_bss, 0, _ebss - _bss); ++ + efi_system_table = sys_table_arg; + + /* Check if we were booted by the EFI firmware */ +@@ -958,8 +962,6 @@ void __noreturn efi_stub_entry(efi_handle_t handle, + void efi_handover_entry(efi_handle_t handle, efi_system_table_t *sys_table_arg, + struct boot_params *boot_params) + { +- extern char _bss[], _ebss[]; +- + memset(_bss, 0, _ebss - _bss); + efi_stub_entry(handle, sys_table_arg, boot_params); + } +-- +2.43.0 +