releases/5.5.9/efi-read_once-rng-seed-size-before-munmap.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From be36f9e7517e17810ec369626a128d7948942259 Mon Sep 17 00:00:00 2001
 From: "Jason A. Donenfeld" <Jason@zx2c4.com>
 Date: Fri, 21 Feb 2020 09:48:49 +0100
 Subject: efi: READ_ONCE rng seed size before munmap

 From: Jason A. Donenfeld <Jason@zx2c4.com>

 commit be36f9e7517e17810ec369626a128d7948942259 upstream.

 This function is consistent with using size instead of seed->size
 (except for one place that this patch fixes), but it reads seed->size
 without using READ_ONCE, which means the compiler might still do
 something unwanted. So, this commit simply adds the READ_ONCE
 wrapper.

 Fixes: 636259880a7e ("efi: Add support for seeding the RNG from a UEFI ...")
 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
 Signed-off-by: Ingo Molnar <mingo@kernel.org>
 Cc: linux-efi@vger.kernel.org
 Cc: Ingo Molnar <mingo@kernel.org>
 Cc: Thomas Gleixner <tglx@linutronix.de>
 Link: https://lore.kernel.org/r/20200217123354.21140-1-Jason@zx2c4.com
 Link: https://lore.kernel.org/r/20200221084849.26878-5-ardb@kernel.org
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 ---
  drivers/firmware/efi/efi.c |    4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)

 --- a/drivers/firmware/efi/efi.c
 +++ b/drivers/firmware/efi/efi.c
 @@ -552,7 +552,7 @@ int __init efi_config_parse_tables(void

  		seed = early_memremap(efi.rng_seed, sizeof(*seed));
  		if (seed != NULL) {
 -			size = seed->size;
 +			size = READ_ONCE(seed->size);
  			early_memunmap(seed, sizeof(*seed));
  		} else {
  			pr_err("Could not map UEFI random seed!\n");
 @@ -562,7 +562,7 @@ int __init efi_config_parse_tables(void
  					      sizeof(*seed) + size);
  			if (seed != NULL) {
  				pr_notice("seeding entropy pool\n");
 -				add_bootloader_randomness(seed->bits, seed->size);
 +				add_bootloader_randomness(seed->bits, size);
  				early_memunmap(seed, sizeof(*seed) + size);
  			} else {
  				pr_err("Could not map UEFI random seed!\n");
	From be36f9e7517e17810ec369626a128d7948942259 Mon Sep 17 00:00:00 2001
	From: "Jason A. Donenfeld" <Jason@zx2c4.com>
	Date: Fri, 21 Feb 2020 09:48:49 +0100
	Subject: efi: READ_ONCE rng seed size before munmap

	From: Jason A. Donenfeld <Jason@zx2c4.com>

	commit be36f9e7517e17810ec369626a128d7948942259 upstream.

	This function is consistent with using size instead of seed->size
	(except for one place that this patch fixes), but it reads seed->size
	without using READ_ONCE, which means the compiler might still do
	something unwanted. So, this commit simply adds the READ_ONCE
	wrapper.

	Fixes: 636259880a7e ("efi: Add support for seeding the RNG from a UEFI ...")
	Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
	Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
	Signed-off-by: Ingo Molnar <mingo@kernel.org>
	Cc: linux-efi@vger.kernel.org
	Cc: Ingo Molnar <mingo@kernel.org>
	Cc: Thomas Gleixner <tglx@linutronix.de>
	Link: https://lore.kernel.org/r/20200217123354.21140-1-Jason@zx2c4.com
	Link: https://lore.kernel.org/r/20200221084849.26878-5-ardb@kernel.org
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

	---
	drivers/firmware/efi/efi.c \| 4 ++--
	1 file changed, 2 insertions(+), 2 deletions(-)

	--- a/drivers/firmware/efi/efi.c
	+++ b/drivers/firmware/efi/efi.c
	@@ -552,7 +552,7 @@ int __init efi_config_parse_tables(void

	seed = early_memremap(efi.rng_seed, sizeof(*seed));
	if (seed != NULL) {
	- size = seed->size;
	+ size = READ_ONCE(seed->size);
	early_memunmap(seed, sizeof(*seed));
	} else {
	pr_err("Could not map UEFI random seed!\n");
	@@ -562,7 +562,7 @@ int __init efi_config_parse_tables(void
	sizeof(*seed) + size);
	if (seed != NULL) {
	pr_notice("seeding entropy pool\n");
	- add_bootloader_randomness(seed->bits, seed->size);
	+ add_bootloader_randomness(seed->bits, size);
	early_memunmap(seed, sizeof(*seed) + size);
	} else {
	pr_err("Could not map UEFI random seed!\n");