git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Ard Biesheuvel <ardb@kernel.org>
	Fri, 15 Mar 2024 15:26:16 +0000 (16:26 +0100)
committer	Sasha Levin <sashal@kernel.org>
	Tue, 26 Mar 2024 22:20:13 +0000 (18:20 -0400)
commit	ae863aa18493d287c96de239d7b4ee3e5e977ce2
tree	bc8f1f773080d54c61ae4da608904e83df56a29a	tree
parent	31423f464fdd2778e0116df9c6fc1ca8dc89ec5f	commit \| diff

x86/efistub: Clear decompressor BSS in native EFI entrypoint

[ Upstream commit b3810c5a2cc4a6665f7a65bed5393c75ce3f3aa2 ]

The EFI stub on x86 no longer invokes the decompressor as a subsequent
boot stage, but calls into the decompression code directly while running
in the context of the EFI boot services.

This means that when using the native EFI entrypoint (as opposed to the
EFI handover protocol, which clears BSS explicitly), the firmware PE
image loader is being relied upon to ensure that BSS is zeroed before
the EFI stub is entered from the firmware.

As Radek's report proves, this is a bad idea. Not all loaders do this
correctly, which means some global variables that should be statically
initialized to 0x0 may have junk in them.

So clear BSS explicitly when entering via efi_pe_entry(). Note that
zeroing BSS from C code is not generally safe, but in this case, the
following assignment and dereference of a global pointer variable
ensures that the memset() cannot be deferred or reordered.

Cc: <stable@kernel.org> # v6.1+
Reported-by: Radek Podgorny <radek@podgorny.cz>
Closes: https://lore.kernel.org/all/a99a831a-8ad5-4cb0-bff9-be637311f771@podgorny.cz
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>