[lvc-project] Fwd: Patch "efi: fix potential NULL deref in efi_mem_reserve_persistent" has been added to the 5.10-stable tree

Anton Gusev aagusev at ispras.ru
Mon Feb 6 18:18:44 MSK 2023 



-------- Forwarded Message --------
Subject: Patch "efi: fix potential NULL deref in efi_mem_reserve_persistent" has been added to the 5.10-stable tree
Date: Mon,  6 Feb 2023 08:46:46 -0500
From: Sasha Levin <sashal at kernel.org>
To: stable-commits at vger.kernel.org, aagusev at ispras.ru
CC: Ard Biesheuvel <ardb at kernel.org>

This is a note to let you know that I've just added the patch titled

    efi: fix potential NULL deref in efi_mem_reserve_persistent

to the 5.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     efi-fix-potential-null-deref-in-efi_mem_reserve_pers.patch
and it can be found in the queue-5.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable at vger.kernel.org> know about it.



commit 4f98fa3b85a2debdd8cb2f3bc17a03311abdaef9
Author: Anton Gusev <aagusev at ispras.ru>
Date:   Fri Feb 3 16:22:13 2023 +0300

    efi: fix potential NULL deref in efi_mem_reserve_persistent
    
    [ Upstream commit 966d47e1f27c45507c5df82b2a2157e5a4fd3909 ]
    
    When iterating on a linked list, a result of memremap is dereferenced
    without checking it for NULL.
    
    This patch adds a check that falls back on allocating a new page in
    case memremap doesn't succeed.
    
    Found by Linux Verification Center (linuxtesting.org) with SVACE.
    
    Fixes: 18df7577adae ("efi/memreserve: deal with memreserve entries in unmapped memory")
    Signed-off-by: Anton Gusev <aagusev at ispras.ru>
    [ardb: return -ENOMEM instead of breaking out of the loop]
    Signed-off-by: Ard Biesheuvel <ardb at kernel.org>
    Signed-off-by: Sasha Levin <sashal at kernel.org>

diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index a2765d668856..332739f3eded 100644
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -950,6 +950,8 @@ int __ref efi_mem_reserve_persistent(phys_addr_t addr, u64 size)
 	/* first try to find a slot in an existing linked list entry */
 	for (prsv = efi_memreserve_root->next; prsv; ) {
 		rsv = memremap(prsv, sizeof(*rsv), MEMREMAP_WB);
+		if (!rsv)
+			return -ENOMEM;
 		index = atomic_fetch_add_unless(&rsv->count, 1, rsv->size);
 		if (index < rsv->size) {
 			rsv->entry[index].base = addr;

More information about the lvc-project mailing list