From 7d823747c695e8638b637abd0c19434f661e50d9 Mon Sep 17 00:00:00 2001 From: Sughosh Ganu Date: Wed, 14 Apr 2021 12:38:25 +0530 Subject: efi_loader: esrt: Remove incorrect invocations of EFI_CALL macro Remove function invocations using the EFI_CALL macro for those functions that do not have an EFI_ENTRY call in their definition. Such functions can use u-boot api's which rely on u-boot global data(gd) pointer. The Arm and RiscV architectures maintain a separate gd pointer, one for u-boot, and a separate gd for the efi application. Calling a function through the EFI_CALL macro changes the gd pointer to that used for the efi application, with u-boot gd being unavailable. Any function then trying to dereference u-boot's gd will result in an abort. Fix this issue by removing the EFI_CALL macro for all of such functions which do not begin by an EFI_ENTRY function call. Signed-off-by: Sughosh Ganu Reviewed-by: Heinrich Schuchardt --- lib/efi_loader/efi_esrt.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) (limited to 'lib') diff --git a/lib/efi_loader/efi_esrt.c b/lib/efi_loader/efi_esrt.c index 40f53260e4..3ca55ce23a 100644 --- a/lib/efi_loader/efi_esrt.c +++ b/lib/efi_loader/efi_esrt.c @@ -139,7 +139,7 @@ efi_status_t efi_esrt_allocate_install(u32 num_entries) /* If there was a previous ESRT, deallocate its memory now. */ if (esrt) - ret = EFI_CALL(efi_free_pool(esrt)); + ret = efi_free_pool(esrt); esrt = new_esrt; @@ -253,8 +253,8 @@ efi_status_t efi_esrt_add_from_fmp(struct efi_firmware_management_protocol *fmp) return EFI_INVALID_PARAMETER; } - ret = EFI_CALL(efi_allocate_pool(EFI_BOOT_SERVICES_DATA, info_size, - (void **)&img_info)); + ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, info_size, + (void **)&img_info); if (ret != EFI_SUCCESS) { EFI_PRINT("ESRT failed to allocate memory for image info.\n"); return ret; @@ -298,7 +298,7 @@ efi_status_t efi_esrt_add_from_fmp(struct efi_firmware_management_protocol *fmp) } out: - EFI_CALL(efi_free_pool(img_info)); + efi_free_pool(img_info); return EFI_SUCCESS; } @@ -384,8 +384,8 @@ efi_status_t efi_esrt_populate(void) goto out; } - ret = EFI_CALL(efi_allocate_pool(EFI_BOOT_SERVICES_DATA, info_size, - (void **)&img_info)); + ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, info_size, + (void **)&img_info); if (ret != EFI_SUCCESS) { EFI_PRINT("ESRT failed to allocate memory for image info\n"); goto out; @@ -405,13 +405,13 @@ efi_status_t efi_esrt_populate(void) if (ret != EFI_SUCCESS) { EFI_PRINT("ESRT failed to obtain image info from FMP\n"); - EFI_CALL(efi_free_pool(img_info)); + efi_free_pool(img_info); goto out; } num_entries += desc_count; - EFI_CALL(efi_free_pool(img_info)); + efi_free_pool(img_info); } EFI_PRINT("ESRT create table with %u entries\n", num_entries); @@ -430,9 +430,9 @@ efi_status_t efi_esrt_populate(void) */ it_handle = base_handle; for (u32 idx = 0; idx < no_handles; idx++, it_handle++) { - ret = EFI_CALL(efi_search_protocol(*it_handle, - &efi_guid_firmware_management_protocol, - &handler)); + ret = efi_search_protocol(*it_handle, + &efi_guid_firmware_management_protocol, + &handler); if (ret != EFI_SUCCESS) { EFI_PRINT("ESRT unable to find FMP handle (%u)\n", @@ -448,7 +448,7 @@ efi_status_t efi_esrt_populate(void) out: - EFI_CALL(efi_free_pool(base_handle)); + efi_free_pool(base_handle); return ret; } @@ -490,8 +490,8 @@ efi_status_t efi_esrt_register(void) return ret; } - ret = EFI_CALL(efi_create_event(EVT_NOTIFY_SIGNAL, TPL_CALLBACK, - efi_esrt_new_fmp_notify, NULL, NULL, &ev)); + ret = efi_create_event(EVT_NOTIFY_SIGNAL, TPL_CALLBACK, + efi_esrt_new_fmp_notify, NULL, NULL, &ev); if (ret != EFI_SUCCESS) { EFI_PRINT("ESRT failed to create event\n"); return ret; -- cgit From e8287b0fb2be8acf8d0412be3b4174768fef348c Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sun, 11 Apr 2021 06:53:04 +0200 Subject: efi_loader: memory leak in efi_capsule_scan_dir() If realloc() fails, we should free the old buffer. Fixes: c74cd8bd08d1: ("efi_loader: capsule: add capsule_on_disk support") Signed-off-by: Heinrich Schuchardt --- lib/efi_loader/efi_capsule.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lib') diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c index 9df9c35084..691eda5e0d 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c @@ -756,8 +756,11 @@ static efi_status_t efi_capsule_scan_dir(u16 ***files, unsigned int *num) tmp_size = dirent_size; ret = EFI_CALL((*dirh->read)(dirh, &tmp_size, dirent)); if (ret == EFI_BUFFER_TOO_SMALL) { + struct efi_file_info *old_dirent = dirent; + dirent = realloc(dirent, tmp_size); if (!dirent) { + dirent = old_dirent; ret = EFI_OUT_OF_RESOURCES; goto err; } -- cgit From b1a7a5e0b8822a0868ee9318d8d3fa9645efc12d Mon Sep 17 00:00:00 2001 From: Masahisa Kojima Date: Wed, 14 Apr 2021 11:55:49 +0900 Subject: efi_loader: fix possible buffer overflow Variable "final" will have SHA512 digest, but currently the array size is not sufficient. Let's fix it. Signed-off-by: Masahisa Kojima Reviewed-by: Ilias Apalodimas Reviewed-by: Heinrich Schuchardt --- lib/efi_loader/efi_tcg2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index ed86a220fb..d5eca68769 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -515,7 +515,7 @@ static efi_status_t tcg2_create_digest(const u8 *input, u32 length, sha1_context ctx; sha256_context ctx_256; sha512_context ctx_512; - u8 final[TPM2_ALG_SHA512]; + u8 final[TPM2_SHA512_DIGEST_SIZE]; efi_status_t ret; u32 active; int i; -- cgit