From 1c983aa3b43d14ec97502ccb4f0eb0892459df3e Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 17 Aug 2020 14:56:34 +0200
Subject: [PATCH] 5.8-stable patches

added patches:
	firmware_loader-efi-firmware-loader-must-handle-pre-allocated-buffer.patch
---
 ...der-must-handle-pre-allocated-buffer.patch | 38 +++++++++++++++++++
 queue-5.8/series                              |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 queue-5.8/firmware_loader-efi-firmware-loader-must-handle-pre-allocated-buffer.patch

diff --git a/queue-5.8/firmware_loader-efi-firmware-loader-must-handle-pre-allocated-buffer.patch b/queue-5.8/firmware_loader-efi-firmware-loader-must-handle-pre-allocated-buffer.patch
new file mode 100644
index 00000000000..7d55d6bedcb
--- /dev/null
+++ b/queue-5.8/firmware_loader-efi-firmware-loader-must-handle-pre-allocated-buffer.patch
@@ -0,0 +1,38 @@
+From 4fb60b158afd3ac9e0fe9975aa476213f5cc0a4d Mon Sep 17 00:00:00 2001
+From: Kees Cook <keescook@chromium.org>
+Date: Fri, 24 Jul 2020 14:36:24 -0700
+Subject: firmware_loader: EFI firmware loader must handle pre-allocated buffer
+
+From: Kees Cook <keescook@chromium.org>
+
+commit 4fb60b158afd3ac9e0fe9975aa476213f5cc0a4d upstream.
+
+The EFI platform firmware fallback would clobber any pre-allocated
+buffers. Instead, correctly refuse to reallocate when too small (as
+already done in the sysfs fallback), or perform allocation normally
+when needed.
+
+Fixes: e4c2c0ff00ec ("firmware: Add new platform fallback mechanism and firmware_request_platform()")
+Cc: stable@vger.kernel.org
+Acked-by: Scott Branden <scott.branden@broadcom.com>
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Link: https://lore.kernel.org/r/20200724213640.389191-4-keescook@chromium.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/base/firmware_loader/fallback_platform.c |    5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/drivers/base/firmware_loader/fallback_platform.c
++++ b/drivers/base/firmware_loader/fallback_platform.c
+@@ -25,7 +25,10 @@ int firmware_fallback_platform(struct fw
+ 	if (rc)
+ 		return rc; /* rc == -ENOENT when the fw was not found */
+ 
+-	fw_priv->data = vmalloc(size);
++	if (fw_priv->data && size > fw_priv->allocated_size)
++		return -ENOMEM;
++	if (!fw_priv->data)
++		fw_priv->data = vmalloc(size);
+ 	if (!fw_priv->data)
+ 		return -ENOMEM;
+ 
diff --git a/queue-5.8/series b/queue-5.8/series
index 0a68de9ec59..1d9681c7e8e 100644
--- a/queue-5.8/series
+++ b/queue-5.8/series
@@ -449,3 +449,4 @@ arm-dts-exynos-extend-all-exynos5800-a15-s-opps-with-max-voltage-data.patch
 arm-8992-1-fix-unwind_frame-for-clang-built-kernels.patch
 firmware-qcom_scm-fix-legacy-convention-scm-accessors.patch
 irqdomain-treewide-free-firmware-node-after-domain-removal.patch
+firmware_loader-efi-firmware-loader-must-handle-pre-allocated-buffer.patch
-- 
2.47.3