Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp780415pxf; Thu, 18 Mar 2021 11:20:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwnQDyzhihdsOb39wfIjnI8VWPATVGMcyvCZC+TPelqWrZZNGf9lRg8jnIKPr8xtB/t69kl X-Received: by 2002:aa7:d917:: with SMTP id a23mr5306473edr.122.1616091619545; Thu, 18 Mar 2021 11:20:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1616091619; cv=none; d=google.com; s=arc-20160816; b=cIrWRk3cDad2htwBYijbg/9H/uBFr0N2A4CFnBC1ShqTZuk2NFyKeGY3cRLoAMoeSn IOHCNmu06mG22RG4k7PFzXuXhTBt97KrsVr2OmWKVRgzUpLA/BnLEy3dHTb4zJUOlJYP i0eAaPaCRrBSPIc78KN0VXc7Oehl6EdtFVCXwkfcqZ5TxzlXs4hcHxFLYMlbv2FSaQqB /n1cbeX8EmGz5C/oRiBoPcD6gOVEtHfVPy9PB/hjiAQym/YkxGsMnABIAs5ebz54ahrm HXQgTfja5Tf16B00poBa5FnMTPOzx0MhdrQK6g8qT8P02Ie/lfzmd8sMFcUNybjlbopD k7Pg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=2j+ykyA8hSnggFCtzpfSjAUV5kmDH8aU54tVQ/ADhsc=; b=MC3GGPs6t9k06gMKGuRPpVKhfke1K2SJxCbDQY53Ru6O6qlF8QuC0HCuoy6n/4PQgd sDraHGrrNWe6ezSdYp9nPXv/vXd8p861touXeJOhaxnX2mJ8+HUFTJhZ5LvCm958dZBk ua7RAtDT+dKzPtYcp96SHWKDKdJmcb9UpIEBrzV7eDcFPQwe5BZhQ4Tnkk9HGBlx1s35 JI+O1btFtONMRim38LDhvX2LdrQjJDkGRQQYlidejzrLUd8J8OvLK24Rc7nbqelIQu4g jF1W0kRNUKDJ+jCunZ91GfJ66w9QOzII8pxP2ekR3X/p14XIf6kiBe1rTz5n3a2lHgnN xcnQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=QMXzloZr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n2si2396866ejl.444.2021.03.18.11.19.56; Thu, 18 Mar 2021 11:20:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=QMXzloZr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232502AbhCRSSV (ORCPT + 99 others); Thu, 18 Mar 2021 14:18:21 -0400 Received: from mail.kernel.org ([198.145.29.99]:39582 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232520AbhCRSRx (ORCPT ); Thu, 18 Mar 2021 14:17:53 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 498E764F1D; Thu, 18 Mar 2021 18:17:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1616091472; bh=Gq0Q8gKOwpVXyByKGAa5jJL40jar/QLwtYEcv1B0tjI=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=QMXzloZrVamfrEr8TEfQdm3uN+usp/2mzrcJlIcJIwG2GOwjy/Tgt7NPtGNwsb2k7 sXjFByz7b6J6oDeroafri51ojv9tkhg8vRcQxSQWByd3pFlfQtyqKq+bUSIBETOpUZ XpBIu5tc6gxFLES7gEDHr1W3/qbHVKKIIB+aAA4tUFfVndU7S8ZOWcwtxhgs3YaNn7 +QtNJOvIyidNPZnODf75YoPBQ98z2ELZ3LkXRPJKeno/6TfvePgKtS2f38Ti/qE5zd zgR7fwzKiqZLDl8015bd8VtB7/NtQWq6mwJJTwMksfz4D/bjIgqqZjmtpjue08hk5F QWvgJbptQCD9Q== Received: by mail-oo1-f47.google.com with SMTP id n12-20020a4ad12c0000b02901b63e7bc1b4so1661023oor.5; Thu, 18 Mar 2021 11:17:52 -0700 (PDT) X-Gm-Message-State: AOAM533CAoHlcn19TOzFQ3uYLulftd9nn5b+UqJij5RLG7KtWediBl8V lCaCmJqPf6XSoYxlybSIxB8X5A/tlSn4E4BcN1s= X-Received: by 2002:a4a:bd1a:: with SMTP id n26mr8501906oop.45.1616091471572; Thu, 18 Mar 2021 11:17:51 -0700 (PDT) MIME-Version: 1.0 References: <20210310083127.5784-1-lyl2019@mail.ustc.edu.cn> In-Reply-To: <20210310083127.5784-1-lyl2019@mail.ustc.edu.cn> From: Ard Biesheuvel Date: Thu, 18 Mar 2021 19:17:40 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] firmware/efi: Fix a use after bug in efi_mem_reserve_persistent To: Lv Yunlong Cc: jonathan.richardson@broadcom.com, linux-efi , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 10 Mar 2021 at 09:37, Lv Yunlong wrote: > > In the for loop in efi_mem_reserve_persistent(), prsv = rsv->next > use the unmapped rsv. Use the unmapped pages will cause segment > fault. > > Fixes: 18df7577adae6 ("efi/memreserve: deal with memreserve entries in unmapped memory") > Signed-off-by: Lv Yunlong Queued as a fix, thanks. > --- > drivers/firmware/efi/efi.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c > index df3f9bcab581..4b7ee3fa9224 100644 > --- a/drivers/firmware/efi/efi.c > +++ b/drivers/firmware/efi/efi.c > @@ -927,7 +927,7 @@ int __ref efi_mem_reserve_persistent(phys_addr_t addr, u64 size) > } > > /* first try to find a slot in an existing linked list entry */ > - for (prsv = efi_memreserve_root->next; prsv; prsv = rsv->next) { > + for (prsv = efi_memreserve_root->next; prsv; ) { > rsv = memremap(prsv, sizeof(*rsv), MEMREMAP_WB); > index = atomic_fetch_add_unless(&rsv->count, 1, rsv->size); > if (index < rsv->size) { > @@ -937,6 +937,7 @@ int __ref efi_mem_reserve_persistent(phys_addr_t addr, u64 size) > memunmap(rsv); > return efi_mem_reserve_iomem(addr, size); > } > + prsv = rsv->next; > memunmap(rsv); > } > > -- > 2.25.1 > >