Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp3253152pxk; Mon, 21 Sep 2020 08:57:49 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwkkcYRK1G0DAvzDUKwk4FJIY05Z25lnRRonXJJdIL/S38eDHf//UeYmqOW1r5KpDFmslWU X-Received: by 2002:a17:906:4dc7:: with SMTP id f7mr77816ejw.261.1600703869569; Mon, 21 Sep 2020 08:57:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600703869; cv=none; d=google.com; s=arc-20160816; b=tPelVynBFPIEmnOk3XaeiTpY577U2LRC4DHGESEXCVE8hRlQZeU01V62JJ+KnWTWNP ModbztOLGxxIBJGcwekLb9JBozwg1NXfgnNGwh/kcrm5U3dOdTZRB1c+V22RwTbVq3Iu J1H88vsf8ZgmAdk2qKkHMjyw+WyE2lDGV4IF+ucv9Kbfij2E+3kI2LdzqwETz4UaVLje agirrZGarLZDdhH0o1cgoUXye8NTBQAzYgrtFEY/q+EWvCemVkVcTZMNGiCa+q8G5w3N AYkxPQH4ujh2x1bTftQGvEZWBNeFCCAgAmOnEihkfNZ1p5aZ1lqaFc5EaspM588CDnyD 1xvw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=+mYlp3QXOc9MHktEVG8kmImHxYUpQiLAHdcsfxrlWjQ=; b=vXIOSxSb7tM0GSPtSFKm3uEHEil1DjrnSnLi1fGyEJb4sPJabrSwvhO7JdhlfXtBmc 1VqbCjfnF3gxQu3Y13YMqmrkFzwkqMM7UHdfxkQHxQu1KWaBcAmi2tdajrHY1vJFQUbV AZ2mT9PpCaAKWX8/4fmvnrAXM0oqFX9HtIJm0+cPfF5vUCPbR9oNz3n/zf4NAiiTecfK z9SowB083kO9fB6pIT8oUdQ6vX9taDcrTvVv7+7tIAt1HqKKp486FqQxAreiNxRW/qvD UPgCoIbUU4KZjrQjEKRpZlBHhD+X+3SN7Ta3YYjwRjuhtRD3qFhEUybN2sxJMnl+QKbx wxsA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b="nI/Xtt6p"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id gj23si9784235ejb.419.2020.09.21.08.57.25; Mon, 21 Sep 2020 08:57:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b="nI/Xtt6p"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727305AbgIUP4B (ORCPT + 99 others); Mon, 21 Sep 2020 11:56:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54862 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726749AbgIUP4B (ORCPT ); Mon, 21 Sep 2020 11:56:01 -0400 Received: from mail.skyhub.de (mail.skyhub.de [IPv6:2a01:4f8:190:11c2::b:1457]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 04B5DC061755; Mon, 21 Sep 2020 08:56:01 -0700 (PDT) Received: from zn.tnic (p200300ec2f07e300d04ad4772eb9dd3d.dip0.t-ipconnect.de [IPv6:2003:ec:2f07:e300:d04a:d477:2eb9:dd3d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 64C2B1EC03CE; Mon, 21 Sep 2020 17:55:59 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1600703759; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+mYlp3QXOc9MHktEVG8kmImHxYUpQiLAHdcsfxrlWjQ=; b=nI/Xtt6pXswMgkG+QfbeaKEpzOhcW9L7ZuGwtgan3jJ69k6uknNrxKrGYC05iziyFfKroE HM08a1lb+++bf0UNAAaph7wRJXfxLZqaTkt01+LuMu5qwbsO2mwtbVQkxI+lYsusUycwgN J2D1/FPcXfyXuIMX1eso8ZhC23+HlmM= Date: Mon, 21 Sep 2020 17:55:51 +0200 From: Borislav Petkov To: Lenny Szubowicz Cc: linux-tip-commits@vger.kernel.org, Lenny Szubowicz , Ard Biesheuvel , x86 , LKML Subject: Re: [tip: efi/core] efi: Support for MOK variable config table Message-ID: <20200921155551.GA1470@zn.tnic> References: <20200905013107.10457-2-lszubowi@redhat.com> <160041785494.15536.5659054027150173595.tip-bot2@tip-bot2> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <160041785494.15536.5659054027150173595.tip-bot2@tip-bot2> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Sep 18, 2020 at 08:30:54AM -0000, tip-bot2 for Lenny Szubowicz wrote: > +void __init efi_mokvar_table_init(void) > +{ > + efi_memory_desc_t md; > + u64 end_pa; > + void *va = NULL; > + size_t cur_offset = 0; > + size_t offset_limit; > + size_t map_size = 0; > + size_t map_size_needed = 0; > + size_t size; > + struct efi_mokvar_table_entry *mokvar_entry; > + int err = -EINVAL; > + > + if (!efi_enabled(EFI_MEMMAP)) > + return; > + > + if (efi.mokvar_table == EFI_INVALID_TABLE_ADDR) > + return; > + /* > + * The EFI MOK config table must fit within a single EFI memory > + * descriptor range. > + */ > + err = efi_mem_desc_lookup(efi.mokvar_table, &md); > + if (err) { > + pr_warn("EFI MOKvar config table is not within the EFI memory map\n"); > + return; > + } > + end_pa = efi_mem_desc_end(&md); > + if (efi.mokvar_table >= end_pa) { > + pr_err("EFI memory descriptor containing MOKvar config table is invalid\n"); > + return; > + } > + offset_limit = end_pa - efi.mokvar_table; > + /* > + * Validate the MOK config table. Since there is no table header > + * from which we could get the total size of the MOK config table, > + * we compute the total size as we validate each variably sized > + * entry, remapping as necessary. > + */ > + while (cur_offset + sizeof(*mokvar_entry) <= offset_limit) { > + mokvar_entry = va + cur_offset; > + map_size_needed = cur_offset + sizeof(*mokvar_entry); > + if (map_size_needed > map_size) { > + if (va) > + early_memunmap(va, map_size); > + /* > + * Map a little more than the fixed size entry > + * header, anticipating some data. It's safe to > + * do so as long as we stay within current memory > + * descriptor. > + */ > + map_size = min(map_size_needed + 2*EFI_PAGE_SIZE, > + offset_limit); i386 allmodconfig build gives here: In file included from ./arch/x86/include/asm/percpu.h:27:0, from ./arch/x86/include/asm/current.h:6, from ./arch/x86/include/asm/processor.h:17, from ./arch/x86/include/asm/timex.h:5, from ./include/linux/timex.h:65, from ./include/linux/time32.h:13, from ./include/linux/time.h:73, from ./include/linux/efi.h:17, from drivers/firmware/efi/mokvar-table.c:35: drivers/firmware/efi/mokvar-table.c: In function ‘efi_mokvar_table_init’: ./include/linux/kernel.h:850:29: warning: comparison of distinct pointer types lacks a cast (!!(sizeof((typeof(x) *)1 == (typeof(y) *)1))) ^ ./include/linux/kernel.h:864:4: note: in expansion of macro ‘__typecheck’ (__typecheck(x, y) && __no_side_effects(x, y)) ^~~~~~~~~~~ ./include/linux/kernel.h:874:24: note: in expansion of macro ‘__safe_cmp’ __builtin_choose_expr(__safe_cmp(x, y), \ ^~~~~~~~~~ ./include/linux/kernel.h:883:19: note: in expansion of macro ‘__careful_cmp’ #define min(x, y) __careful_cmp(x, y, <) ^~~~~~~~~~~~~ drivers/firmware/efi/mokvar-table.c:149:15: note: in expansion of macro ‘min’ map_size = min(map_size_needed + 2*EFI_PAGE_SIZE, ^~~ -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette