Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp3018498ybl; Sun, 8 Dec 2019 05:38:44 -0800 (PST) X-Google-Smtp-Source: APXvYqxs30HmRGuZPY2pY8QUfdPgh3qGgROqCpA+j5PEK9+Tkb3E9Kro/Z3386TmE35CmhGUpa+b X-Received: by 2002:a05:6808:3b3:: with SMTP id n19mr21083496oie.23.1575812324687; Sun, 08 Dec 2019 05:38:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1575812324; cv=none; d=google.com; s=arc-20160816; b=QtGYasKSdNgC55feyxAcUS6eGT+jbDmXMd8FjT+T3rY9oC7uiwMXz1bxrdiGCs18DY UMPq/VsWqgg+8OxOaS36iupO0WUPdRmqCbYJQt8+RA2DjYNCNbEbanvun5TrnXSWA0eL CUatCTyESAFlsmym1GM8r0dJkFBd1FUPE7vTNujyeP/ND9i8JDdoNZM+DfEtMntxWNQp 2zhjfB00L0BhC+rjnVDhafSR0V9stIi5reT+qmhw+7BQ6Dd6QZmx+y6dxDj4XS8fnWYi 2mmnfPKW7aijv6qNKQR2ayOuW/k0PZInHbWyy+H+qjI6OpraU86zY0VGFDQlKqoMg6+n fDiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :robot-unsubscribe:robot-id:message-id:mime-version:references :in-reply-to:cc:subject:to:reply-to:from:date; bh=FB8ST5C/yrgLLvG20hrQszhnlVkUgZyKa8uSHzFe3c8=; b=lSLxrZ6PQ9TrT1xlNIsX8IEvlVF33tDF079jW98YH5Z4ZVoUUKzWfNbqZJEvDZtHFE T0gjCFlztwYXD28r2a2amPINFovW9juRyOcN/Koudjlu2q1GGrept+8Irsp+gQfEHznB lgUJJeGpvQzwQOk6YCcRgF0S3CZkBcmNe2KuwwWyIJBTM3qOAPDvWpGeKsmjm0k+MAEU RHnEQEfs9zijwHC5iE4++F+yo2T6VHzFqYq6SnGjT00G3ECiXwNpgTphF2pnInjhS3Xy CV3WMprmtd9C/F0TpMpMvKef1HrWPHImaqNbdU3RBphu9EHPzCBdg52LTG3xMyJ/vRqC lKZg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 185si10519129oii.256.2019.12.08.05.38.33; Sun, 08 Dec 2019 05:38:44 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726654AbfLHNeJ (ORCPT + 99 others); Sun, 8 Dec 2019 08:34:09 -0500 Received: from Galois.linutronix.de ([193.142.43.55]:36598 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726378AbfLHNdu (ORCPT ); Sun, 8 Dec 2019 08:33:50 -0500 Received: from [5.158.153.53] (helo=tip-bot2.lab.linutronix.de) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1idwgo-0007gO-Fq; Sun, 08 Dec 2019 14:33:34 +0100 Received: from [127.0.1.1] (localhost [IPv6:::1]) by tip-bot2.lab.linutronix.de (Postfix) with ESMTP id C22561C2880; Sun, 8 Dec 2019 14:33:33 +0100 (CET) Date: Sun, 08 Dec 2019 13:33:33 -0000 From: "tip-bot2 for Arvind Sankar" Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: efi/urgent] efi/gop: Fix memory leak in __gop_query32/64() Cc: Arvind Sankar , Ard Biesheuvel , Andy Shevchenko , Bhupesh Sharma , Masayoshi Mizuma , linux-efi@vger.kernel.org, Ingo Molnar , x86 , LKML In-Reply-To: <20191206165542.31469-5-ardb@kernel.org> References: <20191206165542.31469-5-ardb@kernel.org> MIME-Version: 1.0 Message-ID: <157581201369.21853.10246677238795985040.tip-bot2@tip-bot2> X-Mailer: tip-git-log-daemon Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The following commit has been merged into the efi/urgent branch of tip: Commit-ID: ff397be685e410a59c34b21ce0c55d4daa466bb7 Gitweb: https://git.kernel.org/tip/ff397be685e410a59c34b21ce0c55d4daa466bb7 Author: Arvind Sankar AuthorDate: Fri, 06 Dec 2019 16:55:40 Committer: Ingo Molnar CommitterDate: Sun, 08 Dec 2019 12:42:18 +01:00 efi/gop: Fix memory leak in __gop_query32/64() efi_graphics_output_protocol::query_mode() returns info in callee-allocated memory which must be freed by the caller, which we aren't doing. We don't actually need to call query_mode() in order to obtain the info for the current graphics mode, which is already there in gop->mode->info, so just access it directly in the setup_gop32/64() functions. Also nothing uses the size of the info structure, so don't update the passed-in size (which is the size of the gop_handle table in bytes) unnecessarily. Signed-off-by: Arvind Sankar Signed-off-by: Ard Biesheuvel Cc: Andy Shevchenko Cc: Bhupesh Sharma Cc: Masayoshi Mizuma Cc: linux-efi@vger.kernel.org Link: https://lkml.kernel.org/r/20191206165542.31469-5-ardb@kernel.org Signed-off-by: Ingo Molnar --- drivers/firmware/efi/libstub/gop.c | 66 +++++------------------------ 1 file changed, 12 insertions(+), 54 deletions(-) diff --git a/drivers/firmware/efi/libstub/gop.c b/drivers/firmware/efi/libstub/gop.c index 69b2b01..b7bf1e9 100644 --- a/drivers/firmware/efi/libstub/gop.c +++ b/drivers/firmware/efi/libstub/gop.c @@ -84,30 +84,6 @@ setup_pixel_info(struct screen_info *si, u32 pixels_per_scan_line, } static efi_status_t -__gop_query32(efi_system_table_t *sys_table_arg, - struct efi_graphics_output_protocol_32 *gop32, - struct efi_graphics_output_mode_info **info, - unsigned long *size, u64 *fb_base) -{ - struct efi_graphics_output_protocol_mode_32 *mode; - efi_graphics_output_protocol_query_mode query_mode; - efi_status_t status; - unsigned long m; - - m = gop32->mode; - mode = (struct efi_graphics_output_protocol_mode_32 *)m; - query_mode = (void *)(unsigned long)gop32->query_mode; - - status = __efi_call_early(query_mode, (void *)gop32, mode->mode, size, - info); - if (status != EFI_SUCCESS) - return status; - - *fb_base = mode->frame_buffer_base; - return status; -} - -static efi_status_t setup_gop32(efi_system_table_t *sys_table_arg, struct screen_info *si, efi_guid_t *proto, unsigned long size, void **gop_handle) { @@ -128,6 +104,7 @@ setup_gop32(efi_system_table_t *sys_table_arg, struct screen_info *si, nr_gops = size / sizeof(u32); for (i = 0; i < nr_gops; i++) { + struct efi_graphics_output_protocol_mode_32 *mode; struct efi_graphics_output_mode_info *info = NULL; efi_guid_t conout_proto = EFI_CONSOLE_OUT_DEVICE_GUID; bool conout_found = false; @@ -145,9 +122,11 @@ setup_gop32(efi_system_table_t *sys_table_arg, struct screen_info *si, if (status == EFI_SUCCESS) conout_found = true; - status = __gop_query32(sys_table_arg, gop32, &info, &size, - ¤t_fb_base); - if (status == EFI_SUCCESS && (!first_gop || conout_found) && + mode = (void *)(unsigned long)gop32->mode; + info = (void *)(unsigned long)mode->info; + current_fb_base = mode->frame_buffer_base; + + if ((!first_gop || conout_found) && info->pixel_format != PIXEL_BLT_ONLY) { /* * Systems that use the UEFI Console Splitter may @@ -202,30 +181,6 @@ setup_gop32(efi_system_table_t *sys_table_arg, struct screen_info *si, } static efi_status_t -__gop_query64(efi_system_table_t *sys_table_arg, - struct efi_graphics_output_protocol_64 *gop64, - struct efi_graphics_output_mode_info **info, - unsigned long *size, u64 *fb_base) -{ - struct efi_graphics_output_protocol_mode_64 *mode; - efi_graphics_output_protocol_query_mode query_mode; - efi_status_t status; - unsigned long m; - - m = gop64->mode; - mode = (struct efi_graphics_output_protocol_mode_64 *)m; - query_mode = (void *)(unsigned long)gop64->query_mode; - - status = __efi_call_early(query_mode, (void *)gop64, mode->mode, size, - info); - if (status != EFI_SUCCESS) - return status; - - *fb_base = mode->frame_buffer_base; - return status; -} - -static efi_status_t setup_gop64(efi_system_table_t *sys_table_arg, struct screen_info *si, efi_guid_t *proto, unsigned long size, void **gop_handle) { @@ -246,6 +201,7 @@ setup_gop64(efi_system_table_t *sys_table_arg, struct screen_info *si, nr_gops = size / sizeof(u64); for (i = 0; i < nr_gops; i++) { + struct efi_graphics_output_protocol_mode_64 *mode; struct efi_graphics_output_mode_info *info = NULL; efi_guid_t conout_proto = EFI_CONSOLE_OUT_DEVICE_GUID; bool conout_found = false; @@ -263,9 +219,11 @@ setup_gop64(efi_system_table_t *sys_table_arg, struct screen_info *si, if (status == EFI_SUCCESS) conout_found = true; - status = __gop_query64(sys_table_arg, gop64, &info, &size, - ¤t_fb_base); - if (status == EFI_SUCCESS && (!first_gop || conout_found) && + mode = (void *)(unsigned long)gop64->mode; + info = (void *)(unsigned long)mode->info; + current_fb_base = mode->frame_buffer_base; + + if ((!first_gop || conout_found) && info->pixel_format != PIXEL_BLT_ONLY) { /* * Systems that use the UEFI Console Splitter may