| From 4fb60b158afd3ac9e0fe9975aa476213f5cc0a4d Mon Sep 17 00:00:00 2001 |
| From: Kees Cook <keescook@chromium.org> |
| Date: Fri, 24 Jul 2020 14:36:24 -0700 |
| Subject: firmware_loader: EFI firmware loader must handle pre-allocated buffer |
| |
| From: Kees Cook <keescook@chromium.org> |
| |
| commit 4fb60b158afd3ac9e0fe9975aa476213f5cc0a4d upstream. |
| |
| The EFI platform firmware fallback would clobber any pre-allocated |
| buffers. Instead, correctly refuse to reallocate when too small (as |
| already done in the sysfs fallback), or perform allocation normally |
| when needed. |
| |
| Fixes: e4c2c0ff00ec ("firmware: Add new platform fallback mechanism and firmware_request_platform()") |
| Cc: stable@vger.kernel.org |
| Acked-by: Scott Branden <scott.branden@broadcom.com> |
| Signed-off-by: Kees Cook <keescook@chromium.org> |
| Link: https://lore.kernel.org/r/20200724213640.389191-4-keescook@chromium.org |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| drivers/base/firmware_loader/fallback_platform.c | 5 ++++- |
| 1 file changed, 4 insertions(+), 1 deletion(-) |
| |
| --- a/drivers/base/firmware_loader/fallback_platform.c |
| +++ b/drivers/base/firmware_loader/fallback_platform.c |
| @@ -25,7 +25,10 @@ int firmware_fallback_platform(struct fw |
| if (rc) |
| return rc; /* rc == -ENOENT when the fw was not found */ |
| |
| - fw_priv->data = vmalloc(size); |
| + if (fw_priv->data && size > fw_priv->allocated_size) |
| + return -ENOMEM; |
| + if (!fw_priv->data) |
| + fw_priv->data = vmalloc(size); |
| if (!fw_priv->data) |
| return -ENOMEM; |
| |