mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Ard Biesheuvel 1800c9628e x86/efistub: Reinstate soft limit for initrd loading 
[ Commit decd347c2a upstream ]

Commit

  8117961d98 ("x86/efi: Disregard setup header of loaded image")

dropped the memcopy of the image's setup header into the boot_params
struct provided to the core kernel, on the basis that EFI boot does not
need it and should rely only on a single protocol to interface with the
boot chain. It is also a prerequisite for being able to increase the
section alignment to 4k, which is needed to enable memory protections
when running in the boot services.

So only the setup_header fields that matter to the core kernel are
populated explicitly, and everything else is ignored. One thing was
overlooked, though: the initrd_addr_max field in the setup_header is not
used by the core kernel, but it is used by the EFI stub itself when it
loads the initrd, where its default value of INT_MAX is used as the soft
limit for memory allocation.

This means that, in the old situation, the initrd was virtually always
loaded in the lower 2G of memory, but now, due to initrd_addr_max being
0x0, the initrd may end up anywhere in memory. This should not be an
issue principle, as most systems can deal with this fine. However, it
does appear to tickle some problems in older UEFI implementations, where
the memory ends up being corrupted, resulting in errors when unpacking
the initramfs.

So set the initrd_addr_max field to INT_MAX like it was before.

Fixes: 8117961d98 ("x86/efi: Disregard setup header of loaded image")
Reported-by: Radek Podgorny <radek@podgorny.cz>
Closes: https://lore.kernel.org/all/a99a831a-8ad5-4cb0-bff9-be637311f771@podgorny.cz
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2024-04-27 17:07:05 +02:00
..
accessibility speakup: Fix 8bit characters from direct synth 2024-04-03 15:19:33 +02:00
acpi Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" 2024-04-13 13:05:11 +02:00
amba
android binder: signal epoll threads of self-work 2024-02-23 09:12:39 +01:00
ata ata: libata-scsi: Fix ata_scsi_dev_rescan() error path 2024-04-17 11:18:22 +02:00
atm atm: idt77252: fix a memleak in open_card_ubr0 2024-02-16 19:06:26 +01:00
auxdisplay auxdisplay: hd44780: move cursor home after clear display command 2023-12-08 08:51:16 +01:00
base driver core: Introduce device_link_wait_removal() 2024-04-10 16:28:32 +02:00
bcma
block aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts 2024-03-26 18:20:29 -04:00
bluetooth Bluetooth: btintel: Fixe build regression 2024-04-13 13:05:27 +02:00
bus bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state 2024-04-13 13:05:16 +02:00
cdrom
char random: handle creditable entropy from atomic process context 2024-04-27 17:07:04 +02:00
clk clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays 2024-04-03 15:19:29 +02:00
clocksource clocksource/drivers/arm_global_timer: Fix maximum prescaler value 2024-04-03 15:19:44 +02:00
comedi comedi: comedi_test: Prevent timers rescheduling during deletion 2024-03-26 18:20:57 -04:00
connector
counter
cpufreq cpufreq: Don't unregister cpufreq cooling on CPU hotplug 2024-04-13 13:05:00 +02:00
cpuidle cpuidle: Avoid potential overflow in integer multiplication 2024-04-13 13:04:54 +02:00
crypto crypto: qat - resolve race condition during AER recovery 2024-04-03 15:19:26 +02:00
cxl cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window 2024-03-01 13:26:31 +01:00
dax
dca
devfreq PM / devfreq: Synchronize devfreq_monitor_[start/stop] 2024-02-05 20:12:47 +00:00
dio
dma dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA 2024-03-26 18:20:45 -04:00
dma-buf dma-buf: Fix NULL pointer dereference in sanitycheck() 2024-04-10 16:28:21 +02:00
edac EDAC/thunderx: Fix possible out-of-bounds string access 2024-01-25 15:27:18 -08:00
eisa
extcon
firewire firewire: core: use long bus reset on gap count error 2024-03-26 18:20:27 -04:00
firmware x86/efistub: Reinstate soft limit for initrd loading 2024-04-27 17:07:05 +02:00
fpga
fsi
gnss
gpio gpio: vf610: allow disabling the vf610 driver 2024-03-26 18:20:33 -04:00
gpu drm/i915/vma: Fix UAF on destroy against retire race 2024-04-27 17:07:05 +02:00
greybus
hid HID: amd_sfh: Avoid disabling the interrupt 2024-03-26 18:20:51 -04:00
hsi
hte
hv
hwmon hwmon: (amc6821) add of_match table 2024-04-03 15:19:32 +02:00
hwspinlock
hwtracing hwtracing: hisi_ptt: Move type check to the beginning of hisi_ptt_pmu_event_init() 2024-03-26 18:20:58 -04:00
i2c i2c: i801: Avoid potential double call to gpiod_remove_lookup_table 2024-04-03 15:19:43 +02:00
i3c i3c: master: cdns: Update maximum prescaler value for i2c clock 2024-02-05 20:12:58 +00:00
idle
iio iio: accel: adxl367: fix I2C FIFO data register 2024-04-03 15:19:43 +02:00
infiniband RDMA/cm: add timeout to cm_destroy_id wait 2024-04-13 13:05:13 +02:00
input Input: imagis - use FIELD_GET where applicable 2024-04-13 13:05:13 +02:00
interconnect Revert "interconnect: Teach lockdep about icc_bw_lock order" 2024-03-06 14:45:19 +00:00
iommu iommu/vt-d: Allocate local memory for page request queue 2024-04-17 11:18:26 +02:00
ipack
irqchip irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type 2024-04-03 15:19:45 +02:00
isdn
leds leds: sgm3140: Add missing timer cleanup and flash gpio control 2024-03-26 18:20:52 -04:00
macintosh
mailbox mailbox: arm_mhuv2: Fix a bug for mhuv2_sender_interrupt 2024-02-05 20:12:58 +00:00
mcb mcb: fix error handling for different scenarios when parsing 2023-11-28 17:07:13 +00:00
md dm integrity: fix out-of-range warning 2024-04-10 16:28:23 +02:00
media media: cec: core: remove length check of Timer Status 2024-04-17 11:18:23 +02:00
memory
memstick
message
mfd mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref 2024-03-26 18:20:50 -04:00
misc VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() 2024-04-13 13:05:27 +02:00
mmc mmc: core: Avoid negative index with array access 2024-04-03 15:19:49 +02:00
most
mtd mtd: rawnand: meson: fix scrambling mode value in command macro 2024-04-03 15:19:27 +02:00
mux
net net: usb: ax88179_178a: avoid writing the mac address before first reading 2024-04-27 17:07:04 +02:00
nfc
ntb NTB: fix possible name leak in ntb_register_device() 2024-03-26 18:20:49 -04:00
nubus
nvdimm
nvme drivers/nvme: Add quirks for device 126f:2262 2024-04-13 13:05:20 +02:00
nvmem nvmem: meson-efuse: fix function pointer type mismatch 2024-04-03 15:19:32 +02:00
of of: dynamic: Synchronize of_changeset_destroy() with the devlink removals 2024-04-10 16:28:32 +02:00
opp OPP: debugfs: Fix warning around icc_get_name() 2024-03-26 18:20:42 -04:00
parisc parisc/power: Fix power soft-off button emulation on qemu 2024-01-31 16:16:59 -08:00
parport parport: parport_serial: Add Brainboxes device IDs and geometry 2024-01-20 11:50:11 +01:00
pci PCI: hv: Fix ring buffer size calculation 2024-04-03 15:19:34 +02:00
pcmcia
peci
perf drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported 2024-04-10 16:28:30 +02:00
phy phy: tegra: xusb: Add API to retrieve the port number of phy 2024-04-03 15:19:33 +02:00
pinctrl pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs 2024-04-13 13:05:05 +02:00
platform platform/x86: intel-vbtn: Update tablet mode switch at end of probe 2024-04-13 13:05:26 +02:00
pnp PNP: ACPI: fix fortify warning 2024-02-05 20:12:47 +00:00
power power: supply: bq27xxx-i2c: Do not free non existing IRQ 2024-03-06 14:45:09 +00:00
powercap powercap: dtpm_cpu: Fix error check against freq_qos_add_request() 2024-03-26 18:20:36 -04:00
pps
ps3
ptp
pwm pwm: img: fix pwm clock lookup 2024-04-03 15:19:45 +02:00
rapidio
ras
regulator regulator: pwm-regulator: Add validity checks in continuous .get_voltage 2024-03-01 13:26:26 +01:00
remoteproc remoteproc: virtio: Fix wdg cannot recovery remote processor 2024-04-03 15:19:24 +02:00
reset reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning 2024-01-20 11:50:07 +01:00
rpmsg rpmsg: virtio: Free driver_override when rpmsg_remove() 2024-01-31 16:16:59 -08:00
rtc rtc: mt6397: select IRQ_DOMAIN instead of depending on it 2024-03-26 18:20:58 -04:00
s390 s390/qeth: handle deferred cc1 2024-04-10 16:28:21 +02:00
sbus
scsi scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() 2024-04-17 11:18:23 +02:00
sh
siox
slimbus slimbus: core: Remove usage of the deprecated ida_simple_xx() API 2024-04-03 15:19:33 +02:00
soc soc: fsl: qbman: Use raw spinlock for cgr_lock 2024-04-03 15:19:36 +02:00
soundwire ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops 2024-04-13 13:05:07 +02:00
spi spi: spi-mt65xx: Fix NULL pointer access in interrupt handler 2024-03-26 18:21:02 -04:00
spmi spmi: mediatek: Fix UAF on device remove 2024-02-05 20:12:58 +00:00
ssb
staging staging: vc04_services: fix information leak in create_component() 2024-04-03 15:19:51 +02:00
target scsi: target: pscsi: Fix bio_put() for error case 2024-03-01 13:26:31 +01:00
tc
tee tee: optee: Fix kernel panic caused by incorrect error handling 2024-04-03 15:19:42 +02:00
thermal thermal/of: Assume polling-delay(-passive) 0 when absent 2024-04-13 13:05:19 +02:00
thunderbolt thunderbolt: Keep the domain powered when USB4 port is in redrive mode 2024-04-13 13:05:17 +02:00
tty tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc 2024-04-13 13:05:23 +02:00
ufs scsi: ufs: core: Remove the ufshcd_release() in ufshcd_err_handling_prepare() 2024-03-01 13:26:30 +01:00
uio uio: Fix use-after-free in uio_open 2024-01-20 11:50:10 +01:00
usb scsi: sd: usb_storage: uas: Access media prior to querying device properties 2024-04-13 13:05:24 +02:00
vdpa vdpa/mlx5: Allow CVQ size changes 2024-03-26 18:21:00 -04:00
vfio vfio/fsl-mc: Block calling interrupt handler without trigger 2024-04-03 15:19:47 +02:00
vhost vhost: Add smp_rmb() in vhost_enable_notify() 2024-04-17 11:18:27 +02:00
video fbmon: prevent division by zero in fb_videomode_from_videomode() 2024-04-13 13:05:21 +02:00
virt
virtio virtio: reenable config if freezing device failed 2024-04-13 13:05:25 +02:00
vlynq
w1
watchdog watchdog: stm32_iwdg: initialize default timeout 2024-03-26 18:20:56 -04:00
xen xen/events: close evtchn after mapping cleanup 2024-03-06 14:45:20 +00:00
zorro
Kconfig
Makefile