releases/5.7.16/firmware_loader-efi-firmware-loader-must-handle-pre-allocated-buffer.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 4fb60b158afd3ac9e0fe9975aa476213f5cc0a4d Mon Sep 17 00:00:00 2001
 From: Kees Cook <keescook@chromium.org>
 Date: Fri, 24 Jul 2020 14:36:24 -0700
 Subject: firmware_loader: EFI firmware loader must handle pre-allocated buffer

 From: Kees Cook <keescook@chromium.org>

 commit 4fb60b158afd3ac9e0fe9975aa476213f5cc0a4d upstream.

 The EFI platform firmware fallback would clobber any pre-allocated
 buffers. Instead, correctly refuse to reallocate when too small (as
 already done in the sysfs fallback), or perform allocation normally
 when needed.

 Fixes: e4c2c0ff00ec ("firmware: Add new platform fallback mechanism and firmware_request_platform()")
 Cc: stable@vger.kernel.org
 Acked-by: Scott Branden <scott.branden@broadcom.com>
 Signed-off-by: Kees Cook <keescook@chromium.org>
 Link: https://lore.kernel.org/r/20200724213640.389191-4-keescook@chromium.org
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 ---
  drivers/base/firmware_loader/fallback_platform.c |    5 ++++-
  1 file changed, 4 insertions(+), 1 deletion(-)

 --- a/drivers/base/firmware_loader/fallback_platform.c
 +++ b/drivers/base/firmware_loader/fallback_platform.c
 @@ -25,7 +25,10 @@ int firmware_fallback_platform(struct fw
  	if (rc)
  		return rc; /* rc == -ENOENT when the fw was not found */

 -	fw_priv->data = vmalloc(size);
 +	if (fw_priv->data && size > fw_priv->allocated_size)
 +		return -ENOMEM;
 +	if (!fw_priv->data)
 +		fw_priv->data = vmalloc(size);
  	if (!fw_priv->data)
  		return -ENOMEM;
	From 4fb60b158afd3ac9e0fe9975aa476213f5cc0a4d Mon Sep 17 00:00:00 2001
	From: Kees Cook <keescook@chromium.org>
	Date: Fri, 24 Jul 2020 14:36:24 -0700
	Subject: firmware_loader: EFI firmware loader must handle pre-allocated buffer

	From: Kees Cook <keescook@chromium.org>

	commit 4fb60b158afd3ac9e0fe9975aa476213f5cc0a4d upstream.

	The EFI platform firmware fallback would clobber any pre-allocated
	buffers. Instead, correctly refuse to reallocate when too small (as
	already done in the sysfs fallback), or perform allocation normally
	when needed.

	Fixes: e4c2c0ff00ec ("firmware: Add new platform fallback mechanism and firmware_request_platform()")
	Cc: stable@vger.kernel.org
	Acked-by: Scott Branden <scott.branden@broadcom.com>
	Signed-off-by: Kees Cook <keescook@chromium.org>
	Link: https://lore.kernel.org/r/20200724213640.389191-4-keescook@chromium.org
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	---
	drivers/base/firmware_loader/fallback_platform.c \| 5 ++++-
	1 file changed, 4 insertions(+), 1 deletion(-)

	--- a/drivers/base/firmware_loader/fallback_platform.c
	+++ b/drivers/base/firmware_loader/fallback_platform.c
	@@ -25,7 +25,10 @@ int firmware_fallback_platform(struct fw
	if (rc)
	return rc; /* rc == -ENOENT when the fw was not found */

	- fw_priv->data = vmalloc(size);
	+ if (fw_priv->data && size > fw_priv->allocated_size)
	+ return -ENOMEM;
	+ if (!fw_priv->data)
	+ fw_priv->data = vmalloc(size);
	if (!fw_priv->data)
	return -ENOMEM;