Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp15748047ybl; Tue, 31 Dec 2019 14:23:06 -0800 (PST) X-Google-Smtp-Source: APXvYqy7KFUcFvKev7R5ysIA5i1Es3dAkl5URj6xupCdejVPFfu1t2CPi/fkeUugLQggGlO4wPFI X-Received: by 2002:a05:6402:2052:: with SMTP id bc18mr78994847edb.161.1577830986638; Tue, 31 Dec 2019 14:23:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1577830986; cv=none; d=google.com; s=arc-20160816; b=GM8+D2gsnob/35oeD7AYac4/3KvXztdux0PD+NSABdYbubRljAWEVnz93A9aKQAQf4 QUru1Phn5o2Sn56n8MAPBwkg5ZoQMeVFhiomEgLtT/nKUWBpwQHl/n/MiLtqcRzL88Ja yEBTWepiAMBj5AuNhXIYSNsKHax0529/ZOr0wdU9r7sf3f+vMMIerN0db1Kes1Ha3W0W 889JHGPtqboZSSWMykNyQDq0lVrUDKWiXFOVv+DBIMGJD6WiJ9BEq/1RhlCnMafXqT+A eq37J5YTMY6M6N3JxehfNjVCef1+SKnzzJnbwfXfMwGSgyF81QPmyA+7b/2xLZP2jkEE 9j4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:cc:to:from :subject; bh=6a6MfDqNPQPNuJs3pUquKbHLAH0VPpZXBzL+MhsQe9k=; b=RJ2V64w/PAk06eMeCilm6P7MJHnPExrkNIYrtTYs0Sxkh/lHrjU1tuXKw13dcK5NTI 1cq0xQDQ6SaiHI1tfifPd7zoKN3WCaiFZ8dr6DYCws/IV0xI3yTrQIZ4fp4We6ujsZ4R 3U5FNSY3ASITQmobjnGm47Jd91ZnNPOzUlRnirDV5xrStTFppybcLvraVYyMx2oOiU9n efpJ0bO6LJeA2XJz5oWiEK+sDrUxDsSZsjoz52fBeEgfGfc3eLzrWeg/MkOXTiZ/yLAN QlMVO8qLONg+c1vyvbafUrr5JrCq2nIOeBXqAxyf4UAexx/rKst3GBtpHsLSh6Xup9kG eZfg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f19si32306402edb.108.2019.12.31.14.22.42; Tue, 31 Dec 2019 14:23:06 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727170AbfLaWUg (ORCPT + 99 others); Tue, 31 Dec 2019 17:20:36 -0500 Received: from mga03.intel.com ([134.134.136.65]:4037 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727054AbfLaWUg (ORCPT ); Tue, 31 Dec 2019 17:20:36 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 31 Dec 2019 14:20:35 -0800 X-IronPort-AV: E=Sophos;i="5.69,380,1571727600"; d="scan'208";a="231415513" Received: from dwillia2-desk3.jf.intel.com (HELO dwillia2-desk3.amr.corp.intel.com) ([10.54.39.16]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 31 Dec 2019 14:20:35 -0800 Subject: [PATCH v2 3/4] efi: Fix efi_memmap_alloc() leaks From: Dan Williams To: mingo@redhat.com Cc: Taku Izumi , Ard Biesheuvel , linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, kexec@lists.infradead.org, x86@kernel.org Date: Tue, 31 Dec 2019 14:04:33 -0800 Message-ID: <157782987346.367056.16932641815225610530.stgit@dwillia2-desk3.amr.corp.intel.com> In-Reply-To: <157782985777.367056.14741265874314204783.stgit@dwillia2-desk3.amr.corp.intel.com> References: <157782985777.367056.14741265874314204783.stgit@dwillia2-desk3.amr.corp.intel.com> User-Agent: StGit/0.18-3-g996c MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org With efi_fake_memmap() and efi_arch_mem_reserve() the efi table may be updated and replaced multiple times. When that happens a previous dynamically allocated efi memory map can be garbage collected. Use the new EFI_MEMMAP_{SLAB,MEMBLOCK} flags to detect when a dynamically allocated memory map is being replaced. Cc: Taku Izumi Cc: Ard Biesheuvel Signed-off-by: Dan Williams --- drivers/firmware/efi/memmap.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/drivers/firmware/efi/memmap.c b/drivers/firmware/efi/memmap.c index 2b81ee6858a9..188ab3cd5c52 100644 --- a/drivers/firmware/efi/memmap.c +++ b/drivers/firmware/efi/memmap.c @@ -29,6 +29,28 @@ static phys_addr_t __init __efi_memmap_alloc_late(unsigned long size) return PFN_PHYS(page_to_pfn(p)); } +static void __init __efi_memmap_free(u64 phys, unsigned long size, unsigned long flags) +{ + if (WARN_ON(slab_is_available() && (flags & EFI_MEMMAP_MEMBLOCK))) + return; + + if (flags & EFI_MEMMAP_MEMBLOCK) { + memblock_free(phys, size); + } else if (flags & EFI_MEMMAP_SLAB) { + struct page *p = pfn_to_page(PHYS_PFN(phys)); + unsigned int order = get_order(size); + + free_pages((unsigned long) page_address(p), order); + } +} + +static void __init efi_memmap_free(void) +{ + __efi_memmap_free(efi.memmap.phys_map, + efi.memmap.desc_size * efi.memmap.nr_map, + efi.memmap.flags); +} + /** * efi_memmap_alloc - Allocate memory for the EFI memory map * @num_entries: Number of entries in the allocated map. @@ -209,6 +231,8 @@ int __init efi_memmap_install(phys_addr_t addr, unsigned int nr_map, data.desc_size = efi.memmap.desc_size; flags |= efi.memmap.flags & EFI_MEMMAP_LATE; + efi_memmap_free(); + return __efi_memmap_init(&data, flags); }