Skip to content

K
Kernel

openeuler / Kernel
1 年多 前同步成功

通知 8
Star 0
Fork 0
K
Kernel
提交 505f1957 编写于 作者: M Ma Wupeng 提交者: openeuler-sync-bot
浏览文件
操作

efi: Fix UAF for arm64 when enable efi_fake_mem 

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I7F3NP
CVE: NA

--------------------------------

Efi fake mem support for arm64 is introduced for debug propose
only. However efi_memmap_init_late in arm_enable_runtime_services
will free this memory which will lead to UAF on efi.memmap.map.

In order to slove this, clear efi.memmap.flags to skip free.
Since efi map is never freed in arm64, this will not lead to
memroy leak.
Signed-off-by: NMa Wupeng <mawupeng1@huawei.com>
(cherry picked from commit 6b455c10)
上级 673b97e8
隐藏空白更改
内联 并排
Showing with 13 addition and 0 deletion
drivers/firmware/efi/fake_mem.c
浏览文件 @ 505f1957
......@@ -61,6 +61,19 @@ static void __init efi_fake_range(struct efi_mem_range *efi_range)
/* swap into new EFI memmap */
early_memunmap(new_memmap, data.size);
#ifdef CONFIG_ARM64
/*
* Efi fake mem support for arm64 is introduced for debug propose
* only. However efi_memmap_init_late in arm_enable_runtime_services
* will free this memory which will lead to UAF on efi.memmap.map.
*
* In order to slove this, clear efi.memmap.flags to skip free.
* Since efi map is never freed in arm64, this will not lead to
* memroy leak.
*/
data.flags &= ~(EFI_MEMMAP_SLAB | EFI_MEMMAP_MEMBLOCK);
#endif
efi_memmap_install(&data);
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册