efi: x86: Wipe setup_data on pure EFI boot
stable inclusion from stable-v5.10.146 commit 3490ebe43505fb7b91e88a14019753a6c3f12d88 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I6D0VX Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=3490ebe43505fb7b91e88a14019753a6c3f12d88 -------------------------------- commit 63bf28ce upstream. When booting the x86 kernel via EFI using the LoadImage/StartImage boot services [as opposed to the deprecated EFI handover protocol], the setup header is taken from the image directly, and given that EFI's LoadImage has no Linux/x86 specific knowledge regarding struct bootparams or struct setup_header, any absolute addresses in the setup header must originate from the file and not from a prior loading stage. Since we cannot generally predict where LoadImage() decides to load an image (*), such absolute addresses must be treated as suspect: even if a prior boot stage intended to make them point somewhere inside the [signed] image, there is no way to validate that, and if they point at an arbitrary location in memory, the setup_data nodes will not be covered by any signatures or TPM measurements either, and could be made to contain an arbitrary sequence of SETUP_xxx nodes, which could interfere quite badly with the early x86 boot sequence. (*) Note that, while LoadImage() does take a buffer/size tuple in addition to a device path, which can be used to provide the image contents directly, it will re-allocate such images, as the memory footprint of an image is generally larger than the PE/COFF file representation. Cc: <stable@vger.kernel.org> # v5.10+ Link: https://lore.kernel.org/all/20220904165321.1140894-1-Jason@zx2c4.com/Signed-off-by: NArd Biesheuvel <ardb@kernel.org> Acked-by: NJason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NJialin Zhang <zhangjialin11@huawei.com> Reviewed-by: NZheng Zengkai <zhengzengkai@huawei.com>
Showing
想要评论请 注册 或 登录