Commit 7228918b authored by Ross Philipson's avatar Ross Philipson Committed by Borislav Petkov

x86/boot: Fix memremap of setup_indirect structures

As documented, the setup_indirect structure is nested inside
the setup_data structures in the setup_data list. The code currently
accesses the fields inside the setup_indirect structure but only
the sizeof(struct setup_data) is being memremapped. No crash
occurred but this is just due to how the area is remapped under the
covers.

Properly memremap both the setup_data and setup_indirect structures
in these cases before accessing them.

Fixes: b3c72fc9 ("x86/boot: Introduce setup_indirect")
Signed-off-by: default avatarRoss Philipson <ross.philipson@oracle.com>
Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
Reviewed-by: default avatarDaniel Kiper <daniel.kiper@oracle.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/1645668456-22036-2-git-send-email-ross.philipson@oracle.com
parent 5adf3494
...@@ -995,8 +995,10 @@ early_param("memmap", parse_memmap_opt); ...@@ -995,8 +995,10 @@ early_param("memmap", parse_memmap_opt);
*/ */
void __init e820__reserve_setup_data(void) void __init e820__reserve_setup_data(void)
{ {
struct setup_indirect *indirect;
struct setup_data *data; struct setup_data *data;
u64 pa_data; u64 pa_data, pa_next;
u32 len;
pa_data = boot_params.hdr.setup_data; pa_data = boot_params.hdr.setup_data;
if (!pa_data) if (!pa_data)
...@@ -1004,6 +1006,14 @@ void __init e820__reserve_setup_data(void) ...@@ -1004,6 +1006,14 @@ void __init e820__reserve_setup_data(void)
while (pa_data) { while (pa_data) {
data = early_memremap(pa_data, sizeof(*data)); data = early_memremap(pa_data, sizeof(*data));
if (!data) {
pr_warn("e820: failed to memremap setup_data entry\n");
return;
}
len = sizeof(*data);
pa_next = data->next;
e820__range_update(pa_data, sizeof(*data)+data->len, E820_TYPE_RAM, E820_TYPE_RESERVED_KERN); e820__range_update(pa_data, sizeof(*data)+data->len, E820_TYPE_RAM, E820_TYPE_RESERVED_KERN);
/* /*
...@@ -1015,18 +1025,27 @@ void __init e820__reserve_setup_data(void) ...@@ -1015,18 +1025,27 @@ void __init e820__reserve_setup_data(void)
sizeof(*data) + data->len, sizeof(*data) + data->len,
E820_TYPE_RAM, E820_TYPE_RESERVED_KERN); E820_TYPE_RAM, E820_TYPE_RESERVED_KERN);
if (data->type == SETUP_INDIRECT && if (data->type == SETUP_INDIRECT) {
((struct setup_indirect *)data->data)->type != SETUP_INDIRECT) { len += data->len;
e820__range_update(((struct setup_indirect *)data->data)->addr, early_memunmap(data, sizeof(*data));
((struct setup_indirect *)data->data)->len, data = early_memremap(pa_data, len);
E820_TYPE_RAM, E820_TYPE_RESERVED_KERN); if (!data) {
e820__range_update_kexec(((struct setup_indirect *)data->data)->addr, pr_warn("e820: failed to memremap indirect setup_data\n");
((struct setup_indirect *)data->data)->len, return;
E820_TYPE_RAM, E820_TYPE_RESERVED_KERN); }
indirect = (struct setup_indirect *)data->data;
if (indirect->type != SETUP_INDIRECT) {
e820__range_update(indirect->addr, indirect->len,
E820_TYPE_RAM, E820_TYPE_RESERVED_KERN);
e820__range_update_kexec(indirect->addr, indirect->len,
E820_TYPE_RAM, E820_TYPE_RESERVED_KERN);
}
} }
pa_data = data->next; pa_data = pa_next;
early_memunmap(data, sizeof(*data)); early_memunmap(data, len);
} }
e820__update_table(e820_table); e820__update_table(e820_table);
......
...@@ -88,11 +88,13 @@ create_setup_data_node(struct dentry *parent, int no, ...@@ -88,11 +88,13 @@ create_setup_data_node(struct dentry *parent, int no,
static int __init create_setup_data_nodes(struct dentry *parent) static int __init create_setup_data_nodes(struct dentry *parent)
{ {
struct setup_indirect *indirect;
struct setup_data_node *node; struct setup_data_node *node;
struct setup_data *data; struct setup_data *data;
int error; u64 pa_data, pa_next;
struct dentry *d; struct dentry *d;
u64 pa_data; int error;
u32 len;
int no = 0; int no = 0;
d = debugfs_create_dir("setup_data", parent); d = debugfs_create_dir("setup_data", parent);
...@@ -112,12 +114,29 @@ static int __init create_setup_data_nodes(struct dentry *parent) ...@@ -112,12 +114,29 @@ static int __init create_setup_data_nodes(struct dentry *parent)
error = -ENOMEM; error = -ENOMEM;
goto err_dir; goto err_dir;
} }
pa_next = data->next;
if (data->type == SETUP_INDIRECT &&
((struct setup_indirect *)data->data)->type != SETUP_INDIRECT) { if (data->type == SETUP_INDIRECT) {
node->paddr = ((struct setup_indirect *)data->data)->addr; len = sizeof(*data) + data->len;
node->type = ((struct setup_indirect *)data->data)->type; memunmap(data);
node->len = ((struct setup_indirect *)data->data)->len; data = memremap(pa_data, len, MEMREMAP_WB);
if (!data) {
kfree(node);
error = -ENOMEM;
goto err_dir;
}
indirect = (struct setup_indirect *)data->data;
if (indirect->type != SETUP_INDIRECT) {
node->paddr = indirect->addr;
node->type = indirect->type;
node->len = indirect->len;
} else {
node->paddr = pa_data;
node->type = data->type;
node->len = data->len;
}
} else { } else {
node->paddr = pa_data; node->paddr = pa_data;
node->type = data->type; node->type = data->type;
...@@ -125,7 +144,7 @@ static int __init create_setup_data_nodes(struct dentry *parent) ...@@ -125,7 +144,7 @@ static int __init create_setup_data_nodes(struct dentry *parent)
} }
create_setup_data_node(d, no, node); create_setup_data_node(d, no, node);
pa_data = data->next; pa_data = pa_next;
memunmap(data); memunmap(data);
no++; no++;
......
...@@ -91,26 +91,41 @@ static int get_setup_data_paddr(int nr, u64 *paddr) ...@@ -91,26 +91,41 @@ static int get_setup_data_paddr(int nr, u64 *paddr)
static int __init get_setup_data_size(int nr, size_t *size) static int __init get_setup_data_size(int nr, size_t *size)
{ {
int i = 0; u64 pa_data = boot_params.hdr.setup_data, pa_next;
struct setup_indirect *indirect;
struct setup_data *data; struct setup_data *data;
u64 pa_data = boot_params.hdr.setup_data; int i = 0;
u32 len;
while (pa_data) { while (pa_data) {
data = memremap(pa_data, sizeof(*data), MEMREMAP_WB); data = memremap(pa_data, sizeof(*data), MEMREMAP_WB);
if (!data) if (!data)
return -ENOMEM; return -ENOMEM;
pa_next = data->next;
if (nr == i) { if (nr == i) {
if (data->type == SETUP_INDIRECT && if (data->type == SETUP_INDIRECT) {
((struct setup_indirect *)data->data)->type != SETUP_INDIRECT) len = sizeof(*data) + data->len;
*size = ((struct setup_indirect *)data->data)->len; memunmap(data);
else data = memremap(pa_data, len, MEMREMAP_WB);
if (!data)
return -ENOMEM;
indirect = (struct setup_indirect *)data->data;
if (indirect->type != SETUP_INDIRECT)
*size = indirect->len;
else
*size = data->len;
} else {
*size = data->len; *size = data->len;
}
memunmap(data); memunmap(data);
return 0; return 0;
} }
pa_data = data->next; pa_data = pa_next;
memunmap(data); memunmap(data);
i++; i++;
} }
...@@ -120,9 +135,11 @@ static int __init get_setup_data_size(int nr, size_t *size) ...@@ -120,9 +135,11 @@ static int __init get_setup_data_size(int nr, size_t *size)
static ssize_t type_show(struct kobject *kobj, static ssize_t type_show(struct kobject *kobj,
struct kobj_attribute *attr, char *buf) struct kobj_attribute *attr, char *buf)
{ {
struct setup_indirect *indirect;
struct setup_data *data;
int nr, ret; int nr, ret;
u64 paddr; u64 paddr;
struct setup_data *data; u32 len;
ret = kobj_to_setup_data_nr(kobj, &nr); ret = kobj_to_setup_data_nr(kobj, &nr);
if (ret) if (ret)
...@@ -135,10 +152,20 @@ static ssize_t type_show(struct kobject *kobj, ...@@ -135,10 +152,20 @@ static ssize_t type_show(struct kobject *kobj,
if (!data) if (!data)
return -ENOMEM; return -ENOMEM;
if (data->type == SETUP_INDIRECT) if (data->type == SETUP_INDIRECT) {
ret = sprintf(buf, "0x%x\n", ((struct setup_indirect *)data->data)->type); len = sizeof(*data) + data->len;
else memunmap(data);
data = memremap(paddr, len, MEMREMAP_WB);
if (!data)
return -ENOMEM;
indirect = (struct setup_indirect *)data->data;
ret = sprintf(buf, "0x%x\n", indirect->type);
} else {
ret = sprintf(buf, "0x%x\n", data->type); ret = sprintf(buf, "0x%x\n", data->type);
}
memunmap(data); memunmap(data);
return ret; return ret;
} }
...@@ -149,9 +176,10 @@ static ssize_t setup_data_data_read(struct file *fp, ...@@ -149,9 +176,10 @@ static ssize_t setup_data_data_read(struct file *fp,
char *buf, char *buf,
loff_t off, size_t count) loff_t off, size_t count)
{ {
struct setup_indirect *indirect;
struct setup_data *data;
int nr, ret = 0; int nr, ret = 0;
u64 paddr, len; u64 paddr, len;
struct setup_data *data;
void *p; void *p;
ret = kobj_to_setup_data_nr(kobj, &nr); ret = kobj_to_setup_data_nr(kobj, &nr);
...@@ -165,10 +193,27 @@ static ssize_t setup_data_data_read(struct file *fp, ...@@ -165,10 +193,27 @@ static ssize_t setup_data_data_read(struct file *fp,
if (!data) if (!data)
return -ENOMEM; return -ENOMEM;
if (data->type == SETUP_INDIRECT && if (data->type == SETUP_INDIRECT) {
((struct setup_indirect *)data->data)->type != SETUP_INDIRECT) { len = sizeof(*data) + data->len;
paddr = ((struct setup_indirect *)data->data)->addr; memunmap(data);
len = ((struct setup_indirect *)data->data)->len; data = memremap(paddr, len, MEMREMAP_WB);
if (!data)
return -ENOMEM;
indirect = (struct setup_indirect *)data->data;
if (indirect->type != SETUP_INDIRECT) {
paddr = indirect->addr;
len = indirect->len;
} else {
/*
* Even though this is technically undefined, return
* the data as though it is a normal setup_data struct.
* This will at least allow it to be inspected.
*/
paddr += sizeof(*data);
len = data->len;
}
} else { } else {
paddr += sizeof(*data); paddr += sizeof(*data);
len = data->len; len = data->len;
......
...@@ -369,21 +369,41 @@ static void __init parse_setup_data(void) ...@@ -369,21 +369,41 @@ static void __init parse_setup_data(void)
static void __init memblock_x86_reserve_range_setup_data(void) static void __init memblock_x86_reserve_range_setup_data(void)
{ {
struct setup_indirect *indirect;
struct setup_data *data; struct setup_data *data;
u64 pa_data; u64 pa_data, pa_next;
u32 len;
pa_data = boot_params.hdr.setup_data; pa_data = boot_params.hdr.setup_data;
while (pa_data) { while (pa_data) {
data = early_memremap(pa_data, sizeof(*data)); data = early_memremap(pa_data, sizeof(*data));
if (!data) {
pr_warn("setup: failed to memremap setup_data entry\n");
return;
}
len = sizeof(*data);
pa_next = data->next;
memblock_reserve(pa_data, sizeof(*data) + data->len); memblock_reserve(pa_data, sizeof(*data) + data->len);
if (data->type == SETUP_INDIRECT && if (data->type == SETUP_INDIRECT) {
((struct setup_indirect *)data->data)->type != SETUP_INDIRECT) len += data->len;
memblock_reserve(((struct setup_indirect *)data->data)->addr, early_memunmap(data, sizeof(*data));
((struct setup_indirect *)data->data)->len); data = early_memremap(pa_data, len);
if (!data) {
pr_warn("setup: failed to memremap indirect setup_data\n");
return;
}
pa_data = data->next; indirect = (struct setup_indirect *)data->data;
early_memunmap(data, sizeof(*data));
if (indirect->type != SETUP_INDIRECT)
memblock_reserve(indirect->addr, indirect->len);
}
pa_data = pa_next;
early_memunmap(data, len);
} }
} }
......
...@@ -615,6 +615,7 @@ static bool memremap_is_efi_data(resource_size_t phys_addr, ...@@ -615,6 +615,7 @@ static bool memremap_is_efi_data(resource_size_t phys_addr,
static bool memremap_is_setup_data(resource_size_t phys_addr, static bool memremap_is_setup_data(resource_size_t phys_addr,
unsigned long size) unsigned long size)
{ {
struct setup_indirect *indirect;
struct setup_data *data; struct setup_data *data;
u64 paddr, paddr_next; u64 paddr, paddr_next;
...@@ -627,6 +628,10 @@ static bool memremap_is_setup_data(resource_size_t phys_addr, ...@@ -627,6 +628,10 @@ static bool memremap_is_setup_data(resource_size_t phys_addr,
data = memremap(paddr, sizeof(*data), data = memremap(paddr, sizeof(*data),
MEMREMAP_WB | MEMREMAP_DEC); MEMREMAP_WB | MEMREMAP_DEC);
if (!data) {
pr_warn("failed to memremap setup_data entry\n");
return false;
}
paddr_next = data->next; paddr_next = data->next;
len = data->len; len = data->len;
...@@ -636,10 +641,21 @@ static bool memremap_is_setup_data(resource_size_t phys_addr, ...@@ -636,10 +641,21 @@ static bool memremap_is_setup_data(resource_size_t phys_addr,
return true; return true;
} }
if (data->type == SETUP_INDIRECT && if (data->type == SETUP_INDIRECT) {
((struct setup_indirect *)data->data)->type != SETUP_INDIRECT) { memunmap(data);
paddr = ((struct setup_indirect *)data->data)->addr; data = memremap(paddr, sizeof(*data) + len,
len = ((struct setup_indirect *)data->data)->len; MEMREMAP_WB | MEMREMAP_DEC);
if (!data) {
pr_warn("failed to memremap indirect setup_data\n");
return false;
}
indirect = (struct setup_indirect *)data->data;
if (indirect->type != SETUP_INDIRECT) {
paddr = indirect->addr;
len = indirect->len;
}
} }
memunmap(data); memunmap(data);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment