vbatts/grub
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

efi/uga: Use 64 bit for fb_base

Browse source 
We get 64 bit from PCI BAR but then truncate by assigning to 32 bit.
Make sure to check that pointer does not overflow on 32 bit platform.

Closes: 50931

Signed-off-by: Andrei Borzenkov <arvidjaar@gmail.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
Andrei Borzenkov 2020-03-04 12:58:46 +01:00 committed by Daniel Kiper
parent e642c95ab6
commit df5d96de42
1 changed files with 16 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
grub-core/video/efi_uga.c
View file

@ -34,7 +34,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
static grub_efi_guid_t uga_draw_guid = GRUB_EFI_UGA_DRAW_GUID;
static struct grub_efi_uga_draw_protocol *uga;
static grub_uint32_t uga_fb;
static grub_uint64_t uga_fb;
static grub_uint32_t uga_pitch;
static struct
@ -52,7 +52,7 @@ static struct
#define FBTEST_COUNT 8
static int
find_line_len (grub_uint32_t *fb_base, grub_uint32_t *line_len)
find_line_len (grub_uint64_t *fb_base, grub_uint32_t *line_len)
{
grub_uint32_t *base = (grub_uint32_t *) (grub_addr_t) *fb_base;
int i;
@ -67,7 +67,7 @@ find_line_len (grub_uint32_t *fb_base, grub_uint32_t *line_len)
{
if ((base[j] & RGB_MASK) == RGB_MAGIC)
{
*fb_base = (grub_uint32_t) (grub_addr_t) base;
*fb_base = (grub_uint64_t) (grub_addr_t) base;
*line_len = j << 2;
return 1;
@ -84,7 +84,7 @@ find_line_len (grub_uint32_t *fb_base, grub_uint32_t *line_len)
/* Context for find_framebuf. */
struct find_framebuf_ctx
{
grub_uint32_t *fb_base;
grub_uint64_t *fb_base;
grub_uint32_t *line_len;
int found;
};
@ -129,7 +129,9 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
if (i == 5)
break;
old_bar2 = grub_pci_read (addr + 4);
i++;
addr += 4;
old_bar2 = grub_pci_read (addr);
}
else
old_bar2 = 0;
@ -138,10 +140,15 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
base64 <<= 32;
base64 |= (old_bar1 & GRUB_PCI_ADDR_MEM_MASK);
grub_dprintf ("fb", "%s(%d): 0x%llx\n",
grub_dprintf ("fb", "%s(%d): 0x%" PRIxGRUB_UINT64_T "\n",
((old_bar1 & GRUB_PCI_ADDR_MEM_PREFETCH) ?
"VMEM" : "MMIO"), i,
(unsigned long long) base64);
"VMEM" : "MMIO"), type == GRUB_PCI_ADDR_MEM_TYPE_64 ? i - 1 : i,
base64);
#if GRUB_CPU_SIZEOF_VOID_P == 4
if (old_bar2)
continue;
#endif
if ((old_bar1 & GRUB_PCI_ADDR_MEM_PREFETCH) && (! ctx->found))
{
@ -149,12 +156,6 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
if (find_line_len (ctx->fb_base, ctx->line_len))
ctx->found++;
}
if (type == GRUB_PCI_ADDR_MEM_TYPE_64)
{
i++;
addr += 4;
}
}
}
@ -162,7 +163,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
}
static int
find_framebuf (grub_uint32_t *fb_base, grub_uint32_t *line_len)
find_framebuf (grub_uint64_t *fb_base, grub_uint32_t *line_len)
{
struct find_framebuf_ctx ctx = {
.fb_base = fb_base,