firmware_loader: EFI firmware loader must handle pre-allocated buffer

commit 4fb60b158afd3ac9e0fe9975aa476213f5cc0a4d upstream.

The EFI platform firmware fallback would clobber any pre-allocated
buffers. Instead, correctly refuse to reallocate when too small (as
already done in the sysfs fallback), or perform allocation normally
when needed.

Fixes: e4c2c0ff00ec ("firmware: Add new platform fallback mechanism and firmware_request_platform()")
Cc: stable@vger.kernel.org
Acked-by: Scott Branden <scott.branden@broadcom.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20200724213640.389191-4-keescook@chromium.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/base/firmware_loader/fallback_platform.c b/drivers/base/firmware_loader/fallback_platform.c
index c88c745590feb927a10537ce7e8380f119193077..723ff8bcf3e76e7113b7edec6c9c513b7dbba09b 100644 (file)
--- a/drivers/base/firmware_loader/fallback_platform.c
+++ b/drivers/base/firmware_loader/fallback_platform.c
@@ -25,7 +25,10 @@ int firmware_fallback_platform(struct fw_priv *fw_priv, enum fw_opt opt_flags)
        if (rc)
                return rc; /* rc == -ENOENT when the fw was not found */
 
-       fw_priv->data = vmalloc(size);
+       if (fw_priv->data && size > fw_priv->allocated_size)
+               return -ENOMEM;
+       if (!fw_priv->data)
+               fw_priv->data = vmalloc(size);
        if (!fw_priv->data)
                return -ENOMEM;