Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2551661lqp; Mon, 25 Mar 2024 02:16:00 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXDN6IF5Mlr+DnZ2KowK0OanX3rcsmiKVd6C/Z06IFDh5T9bUOJFzJy0Hq7aUj275/FA7aOuE2VHTqNbMkw5Dy+9X+5+4wRRyzrXshNVA== X-Google-Smtp-Source: AGHT+IETy/QdT6VxE3VbeGDqklwvHSNuCpTrpsr0GhzLADvmSaA8mOz9lp9InRyVeuz+UKah2rDq X-Received: by 2002:a17:902:8c88:b0:1de:f7cf:471 with SMTP id t8-20020a1709028c8800b001def7cf0471mr7376704plo.69.1711358160692; Mon, 25 Mar 2024 02:16:00 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711358160; cv=pass; d=google.com; s=arc-20160816; b=PFWWlNnnrkjUzw0d9C+Ijpe0EvcYrMgw04sIK/71UWSz3X/0H0T86cz84YBnKI/bI2 e0sMn5GfXXVUyJSQOQ7Ce6AhcriiEpnrg4oQJI62V9Z8Vb038AYWkH/Qe4XY799/UZuv u4C/NaAMcvjcqkLj1GHtGT78s/7Eyc1P5i1w1rXEtm379qkeEIhafaiEdPJKMHm5hVoV sPj4LyPDGNQe2g7MbF7jSWAZYXSka6ueQX19fz47zGMwyT1wwtmh2JoKfDeQLwCDwLB0 +swuHarhjz6axW4El/IOi7pqUxJdqPJlPRUC99FiZ8YCFVuP8SkEj/e2MaEBhEVcITxG RyAA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=MjkiT8UK5Jq9kdH61ZKaG0/nDaVGGWjDKw/l3fv+uQo=; fh=i8hxKiRBehGt4ceU9qnZSbPc3Mr/0PkSlVdlWyTZyZA=; b=aRHlKYKsdHvmCjxFXFFJLYhuUaszpwRTPp6svfe10Gi/8xRrgbN1/sP3djfGg4pT6f s8w/hDtUFy0+x0R1Gy7KRoQWvCZK9/2N3NcnRP1To6Xhpce3OrLIKng/yIsMs4hXDH8E QTh92WFsDwDf5GjFpsWtj+nnE2RGgoNtrNt3Pp2JXz9Rja4I61A4/GDE/4tD6p6Vwg5h 0T+FsurTY2V1uLFUp6V/+et+affBK/eFLjtLJKXKFW3oGw0KnvvmzJFH9U3bXvsqwBus dxNNyq6vIySXYeQh3aci3N+8qjRPcYaIQva7UhxKnTwawcoOXYGbVFabnIQoUbb/2tUm FNZw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=rDU2SSI6; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-115747-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-115747-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id p10-20020a1709028a8a00b001db45912e79si4603592plo.594.2024.03.25.02.16.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Mar 2024 02:16:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-115747-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=rDU2SSI6; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-115747-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-115747-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 0643629AC60 for ; Mon, 25 Mar 2024 09:15:28 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B987216D9A3; Mon, 25 Mar 2024 02:59:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="rDU2SSI6" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 46F18156F41; Sun, 24 Mar 2024 23:11:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711321907; cv=none; b=BicSaRhT8h0j0ta9dXTLJ5kdqqTkRuVFqT8Ef/ff8XDZwCzd6cVcyMkrcWrXGOWL3Dfh+yiPmEl0d2a7XomiOkoFyD+52OAoxf828h5Eb9BlokOGWACYSUzosXodY+haZxuTXlOyBq3OMlUNj7p98LAAL6AKD6xIkYDd7cQ6e9U= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711321907; c=relaxed/simple; bh=mzQypdRQqwHtug1bhUTv6rpPGwe7Il+eUxhskgq8Mck=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=VRuGqhtmxNPyEBiF9eegHHocvVes5xGBGCkLdzwHsuSiyoZsm4bguk6NqFHXz84v8F8ypCVrrV3zDVGwioIfspyXTRD/PzH+6fwFI98dETaaSMvDBOi1akvLpSLbBNzM3Szc5oH/nBj/fHEgFHEerpYCd/YIv21bTNA7q48Jtjc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=rDU2SSI6; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 72EA2C433B1; Sun, 24 Mar 2024 23:11:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711321907; bh=mzQypdRQqwHtug1bhUTv6rpPGwe7Il+eUxhskgq8Mck=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rDU2SSI6scyh2+kyt7pFVfkj53A/XYFoTRvDQsEMEsduWyf5nEzXvvwBmwdTG3hVy btZ2tblo+OiEHgnSQuhg2IgSIO3vH1e1SAglH1AmVXIeIEFLBfBZvMHEr+juYN61mL M/p/JiN1sTVXH05AmeDIy62vjElvQq2KNETVdNOaJwil4up3p4z3WjPi9tOS21pAzY Mift+hAwGsIi81tUHJHXaqqcNw7Xa41f0FVoh0sxLmkECaSP2nFnMmGJ4hnYMpDM2h U+g2XteiHo2t8OrYzojpaQHfiVcFzbTJAe7oZImImqEN5mcxSF5jqDCREYGqcqGVJo UTsMwuJ8zfhHQ== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Ard Biesheuvel , stable@kernel.org, Radek Podgorny , Sasha Levin Subject: [PATCH 6.6 636/638] x86/efistub: Clear decompressor BSS in native EFI entrypoint Date: Sun, 24 Mar 2024 19:01:13 -0400 Message-ID: <20240324230116.1348576-637-sashal@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240324230116.1348576-1-sashal@kernel.org> References: <20240324230116.1348576-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit From: Ard Biesheuvel [ Upstream commit b3810c5a2cc4a6665f7a65bed5393c75ce3f3aa2 ] The EFI stub on x86 no longer invokes the decompressor as a subsequent boot stage, but calls into the decompression code directly while running in the context of the EFI boot services. This means that when using the native EFI entrypoint (as opposed to the EFI handover protocol, which clears BSS explicitly), the firmware PE image loader is being relied upon to ensure that BSS is zeroed before the EFI stub is entered from the firmware. As Radek's report proves, this is a bad idea. Not all loaders do this correctly, which means some global variables that should be statically initialized to 0x0 may have junk in them. So clear BSS explicitly when entering via efi_pe_entry(). Note that zeroing BSS from C code is not generally safe, but in this case, the following assignment and dereference of a global pointer variable ensures that the memset() cannot be deferred or reordered. Cc: # v6.1+ Reported-by: Radek Podgorny Closes: https://lore.kernel.org/all/a99a831a-8ad5-4cb0-bff9-be637311f771@podgorny.cz Signed-off-by: Ard Biesheuvel Signed-off-by: Sasha Levin --- drivers/firmware/efi/libstub/x86-stub.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index 7bcc5170043fc..90f18315e0247 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -21,6 +21,8 @@ #include "efistub.h" #include "x86-stub.h" +extern char _bss[], _ebss[]; + const efi_system_table_t *efi_system_table; const efi_dxe_services_table_t *efi_dxe_table; static efi_loaded_image_t *image = NULL; @@ -465,6 +467,8 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle, efi_status_t status; char *cmdline_ptr; + memset(_bss, 0, _ebss - _bss); + efi_system_table = sys_table_arg; /* Check if we were booted by the EFI firmware */ @@ -956,8 +960,6 @@ void __noreturn efi_stub_entry(efi_handle_t handle, void efi_handover_entry(efi_handle_t handle, efi_system_table_t *sys_table_arg, struct boot_params *boot_params) { - extern char _bss[], _ebss[]; - memset(_bss, 0, _ebss - _bss); efi_stub_entry(handle, sys_table_arg, boot_params); } -- 2.43.0