From nobody Mon Nov 25 08:54:47 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+73028+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+73028+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1616116557; cv=none; d=zohomail.com; s=zohoarc; b=E4h+Pn9GYQ3VcLay+g/b+zpdwSyp2sPdOgH630axXpsIDkZ8xYCcVdTZ0qOc+EP2MGA+FlaBtCK+LXSOBnMxxcbtKfxxDksihft93TtEE0sd3/5SlKxjy4swg1rs03Mt1KP1ZEThNW4i2Sa5oYJSyjE7Px7+nsXKECo4XLNi9ZM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1616116557; h=Content-Type:Cc:Date:From:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To; bh=ribmv16k4DFV8cWUhMnwoYNrfIs3H0XnV6ZuEy2N+uI=; b=HFPQWixtENU1b45vzn6l2HiOM7kmZ4cFQxHW4js9Fel90q7D37g4DjKR5bJwDiXLrMjO25NabPMWm09strWmRvnZsB0OQIu+/lk6sahcargS/WXMzAxzTDOGvsBYHGheMZWlSeiP9y+budZCRvA8MJAjizjqVJ5AFsaXhhQBX5c= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+73028+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1616116557694796.2228263871747; Thu, 18 Mar 2021 18:15:57 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id XkykYY1788612xsKDXF4uE0p; Thu, 18 Mar 2021 18:15:57 -0700 X-Received: from mail-lj1-f178.google.com (mail-lj1-f178.google.com [209.85.208.178]) by mx.groups.io with SMTP id smtpd.web12.1881.1616103861199288212 for ; Thu, 18 Mar 2021 14:44:21 -0700 X-Received: by mail-lj1-f178.google.com with SMTP id a1so9424964ljp.2 for ; Thu, 18 Mar 2021 14:44:20 -0700 (PDT) X-Gm-Message-State: dVsTMVOakHh6Wvb9sk91AHKfx1787277AA= X-Google-Smtp-Source: ABdhPJzq2bVh4rgCm4BPOd8AWWHLtRMPCdQVAJgL8T7OqQjS3p4PtdFFFSDT7NrueG8fNFTlMZfh7g== X-Received: by 2002:a05:651c:110a:: with SMTP id d10mr6841487ljo.307.1616103859208; Thu, 18 Mar 2021 14:44:19 -0700 (PDT) X-Received: from martin-ThinkPad-T440p (88-115-234-9.elisa-laajakaista.fi. [88.115.234.9]) by smtp.gmail.com with ESMTPSA id l21sm377234lfg.300.2021.03.18.14.44.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Mar 2021 14:44:18 -0700 (PDT) Date: Thu, 18 Mar 2021 22:44:17 +0100 From: Martin Radev To: devel@edk2.groups.io Cc: lersek@redhat.com, ardb+tianocore@kernel.org, jordan.l.justen@intel.com, thomas.lendacky@amd.com Subject: [edk2-devel] [PATCH v1] OvmfPkg/X86QemuLoadImageLib: Handle allocation failure for CommandLine Message-ID: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,martin.b.radev@gmail.com Content-Disposition: inline DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1616116557; bh=UY/QUbYZwQllo4iwO+SY7oZA67f9byW8ehDNMvLMWEA=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=Ft1mc5KfgOZh6GkE5ftNR++sJdprP7TdnpJQMbZvlwEh/+JB248JBAGq4Zv9cIqrs7d JeTNMtj1ckkir7jaTF7K8tJQRzcJfKuSA25ddQlMbXDZnPLsp5oybcu0zsKajX6VmCGgb zhrhNNrB513Uzrbxpa1GfJRKK+7qPXbjWjs= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The CommandLine and InitrdData may be set to NULL if the provided size is too large. Because the zero page is mapped, this would not cause an immediate crash but can lead to memory corruption instead. This patch just adds validation and returns error if either allocation has failed. Ref: https://github.com/martinradev/edk2/commit/6c0ce748b97393240c006e24b73= 652f30e597a05 Signed-off-by: Martin Radev Acked-by: Ard Biesheuvel Acked-by: Tom Lendacky Reviewed-by: Laszlo Ersek --- OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c b/Ov= mfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c index 931553c0c1..b983c4d7d0 100644 --- a/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c +++ b/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c @@ -161,6 +161,12 @@ QemuLoadLegacyImage ( LoadedImage->CommandLine =3D LoadLinuxAllocateCommandLinePages ( EFI_SIZE_TO_PAGES ( LoadedImage->CommandLineSize)); + + if (LoadedImage->CommandLine =3D=3D NULL) { + DEBUG ((DEBUG_ERROR, "Unable to allocate memory for kernel command l= ine!\n")); + Status =3D EFI_OUT_OF_RESOURCES; + goto FreeImage; + } QemuFwCfgSelectItem (QemuFwCfgItemCommandLineData); QemuFwCfgReadBytes (LoadedImage->CommandLineSize, LoadedImage->Command= Line); } @@ -178,6 +184,11 @@ QemuLoadLegacyImage ( LoadedImage->InitrdData =3D LoadLinuxAllocateInitrdPages ( LoadedImage->SetupBuf, EFI_SIZE_TO_PAGES (LoadedImage->InitrdSize= )); + if (LoadedImage->InitrdData =3D=3D NULL) { + DEBUG ((DEBUG_ERROR, "Unable to allocate memory for initrd!\n")); + Status =3D EFI_OUT_OF_RESOURCES; + goto FreeImage; + } DEBUG ((DEBUG_INFO, "Initrd size: 0x%x\n", (UINT32)LoadedImage->InitrdSize)); DEBUG ((DEBUG_INFO, "Reading initrd image ...")); --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#73028): https://edk2.groups.io/g/devel/message/73028 Mute This Topic: https://groups.io/mt/81445621/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-