Unverified Commit ea3ee0df authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!1194 fix memleak with efi_fake_mem 

Merge Pull Request from: @ci-robot 
 
PR sync from: Wupeng Ma <mawupeng1@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/JDE2LDXAOHQR2RGYUMOGCZOLNJGVO7EW/ 
From: Ma Wupeng <mawupeng1@huawei.com>

1. fix memleak with efi_fake_mem
2. disable efi_fake_mem support by default for arm64

Ma Wupeng (2):
  efi: Fix UAF for arm64 when enable efi_fake_mem
  config: Disable EFI_FAKE_MEMMAP support for arm64 by default


-- 
2.25.1
 
 
Link:https://gitee.com/openeuler/kernel/pulls/1194

 

Reviewed-by: default avatarKefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: default avatarJialin Zhang <zhangjialin11@huawei.com>
parents 7602779e 13ecd6fc

arch/arm64/configs/openeuler_defconfig

+1 −2
Original line number Diff line number Diff line
@@ -657,8 +657,7 @@ CONFIG_FW_CFG_SYSFS=y 
CONFIG_EFI_ESRT=y

CONFIG_EFI_VARS_PSTORE=y

CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE=y

CONFIG_EFI_FAKE_MEMMAP=y

CONFIG_EFI_MAX_FAKE_MEM=8

# CONFIG_EFI_FAKE_MEMMAP is not set

CONFIG_EFI_SOFT_RESERVE=y

CONFIG_EFI_PARAMS_FROM_FDT=y

CONFIG_EFI_RUNTIME_WRAPPERS=y

drivers/firmware/efi/fake_mem.c

+13 −0
Original line number Diff line number Diff line
@@ -61,6 +61,19 @@ static void __init efi_fake_range(struct efi_mem_range *efi_range) 
	/* swap into new EFI memmap */

	early_memunmap(new_memmap, data.size);



#ifdef CONFIG_ARM64

	/*

	 * Efi fake mem support for arm64 is introduced for debug propose

	 * only. However efi_memmap_init_late in arm_enable_runtime_services

	 * will free this memory which will lead to UAF on efi.memmap.map.

	 *

	 * In order to slove this, clear efi.memmap.flags to skip free.

	 * Since efi map is never freed in arm64, this will not lead to

	 * memroy leak.

	 */

	data.flags &= ~(EFI_MEMMAP_SLAB | EFI_MEMMAP_MEMBLOCK);

#endif



	efi_memmap_install(&data);

}