linux-hardened/drivers/firmware
Yinghai Lu 7ed620bb34 efi/libstub: Fix boundary checking in efi_high_alloc()
While adding support loading kernel and initrd above 4G to grub2 in legacy
mode, I was referring to efi_high_alloc().
That will allocate buffer for kernel and then initrd, and initrd will
use kernel buffer start as limit.

During testing found two buffers will be overlapped when initrd size is
very big like 400M.

It turns out efi_high_alloc() boundary checking is not right.
end - size will be the new start, and should not compare new
start with max, we need to make sure end is smaller than max.

[ Basically, with the current efi_high_alloc() code it's possible to
  allocate memory above 'max', because efi_high_alloc() doesn't check
  that the tail of the allocation is below 'max'.

  If you have an EFI memory map with a single entry that looks like so,

   [0xc0000000-0xc0004000]

  And want to allocate 0x3000 bytes below 0xc0003000 the current code
  will allocate [0xc0001000-0xc0004000], not [0xc0000000-0xc0003000]
  like you would expect. - Matt ]

Signed-off-by: Yinghai Lu <yinghai@kernel.org>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Tested-by: Mark Rutland <mark.rutland@arm.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
2015-02-24 18:46:03 +00:00
..
efi efi/libstub: Fix boundary checking in efi_high_alloc() 2015-02-24 18:46:03 +00:00
google firmware: google memconsole driver fixes 2014-02-15 11:30:28 -08:00
dcdbas.c firmware: drop owner assignment from platform_drivers 2014-10-20 16:20:31 +02:00
dcdbas.h
dell_rbu.c sysfs: add struct file* to bin_attr callbacks 2010-05-21 09:37:31 -07:00
dmi-id.c dmi-id: fix a memory leak in dmi_id_init error path 2010-08-05 13:53:34 -07:00
dmi-sysfs.c firmware: dmi-sysfs: Remove "dmi" directory on module exit 2013-12-08 18:23:42 -08:00
dmi_scan.c firmware: dmi_scan: Fix dmi scan to handle "End of Table" structure 2015-02-18 14:47:30 +00:00
edd.c [SCSI] edd: Treat "XPRS" host bus type the same as "PCI" 2011-10-31 13:26:19 +04:00
iscsi_ibft.c iscsi_ibft: Fix finding Broadcom specific ibft sign 2014-05-13 14:54:14 -04:00
iscsi_ibft_find.c efi: Make 'efi_enabled' a function to query EFI facilities 2013-01-30 11:51:59 -08:00
Kconfig ACPI and power management updates for 3.14-rc1 2014-01-24 15:51:02 -08:00
Makefile x86/efi: Don't select EFI from certain special ACPI drivers 2013-12-19 21:32:46 +01:00
memmap.c drivers/firmware/memmap.c: don't create memmap sysfs of same firmware_map_entry 2014-10-09 22:26:00 -04:00
pcdp.c pcdp: use early_ioremap/early_iounmap to access pcdp table 2012-07-30 17:25:11 -07:00
pcdp.h Update broken web addresses in the kernel. 2010-10-18 11:03:14 +02:00