diff options
| author | Ard Biesheuvel <ardb@kernel.org> | 2024-03-15 16:26:16 +0100 |
|---|---|---|
| committer | Sasha Levin <sashal@kernel.org> | 2024-03-26 18:19:00 -0400 |
| commit | 0f0c8fc5ec197207f4d8ca9e04fb29a00067c34c (patch) | |
| tree | 9de5e000773d104a1ea12e4231df1b2d14004cdc | |
| parent | 637475826a65136f598cf6bd629325d25775af3a (diff) | |
| download | linux-stable-0f0c8fc5ec197207f4d8ca9e04fb29a00067c34c.tar.gz linux-stable-0f0c8fc5ec197207f4d8ca9e04fb29a00067c34c.tar.bz2 linux-stable-0f0c8fc5ec197207f4d8ca9e04fb29a00067c34c.zip | |
x86/efistub: Clear decompressor BSS in native EFI entrypoint
[ Upstream commit b3810c5a2cc4a6665f7a65bed5393c75ce3f3aa2 ]
The EFI stub on x86 no longer invokes the decompressor as a subsequent
boot stage, but calls into the decompression code directly while running
in the context of the EFI boot services.
This means that when using the native EFI entrypoint (as opposed to the
EFI handover protocol, which clears BSS explicitly), the firmware PE
image loader is being relied upon to ensure that BSS is zeroed before
the EFI stub is entered from the firmware.
As Radek's report proves, this is a bad idea. Not all loaders do this
correctly, which means some global variables that should be statically
initialized to 0x0 may have junk in them.
So clear BSS explicitly when entering via efi_pe_entry(). Note that
zeroing BSS from C code is not generally safe, but in this case, the
following assignment and dereference of a global pointer variable
ensures that the memset() cannot be deferred or reordered.
Cc: <stable@kernel.org> # v6.1+
Reported-by: Radek Podgorny <radek@podgorny.cz>
Closes: https://lore.kernel.org/all/a99a831a-8ad5-4cb0-bff9-be637311f771@podgorny.cz
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
| -rw-r--r-- | drivers/firmware/efi/libstub/x86-stub.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index 99429bc4b0c7..681f576ec02a 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -21,6 +21,8 @@ #include "efistub.h" #include "x86-stub.h" +extern char _bss[], _ebss[]; + const efi_system_table_t *efi_system_table; const efi_dxe_services_table_t *efi_dxe_table; static efi_loaded_image_t *image = NULL; @@ -465,6 +467,8 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle, efi_status_t status; char *cmdline_ptr; + memset(_bss, 0, _ebss - _bss); + efi_system_table = sys_table_arg; /* Check if we were booted by the EFI firmware */ @@ -958,8 +962,6 @@ fail: void efi_handover_entry(efi_handle_t handle, efi_system_table_t *sys_table_arg, struct boot_params *boot_params) { - extern char _bss[], _ebss[]; - memset(_bss, 0, _ebss - _bss); efi_stub_entry(handle, sys_table_arg, boot_params); } |