grub/grub-core/lib
Alexey Makhalov f7bd9986f6 efi: Fix use-after-free in halt/reboot path
commit 92bfc33db9 ("efi: Free malloc regions on exit")
introduced memory freeing in grub_efi_fini(), which is
used not only by exit path but by halt/reboot one as well.
As result of memory freeing, code and data regions used by
modules, such as halt, reboot, acpi (used by halt) also got
freed. After return to module code, CPU executes, filled
by UEFI firmware (tested with edk2), 0xAFAFAFAF pattern as
a code. Which leads to #UD exception later.

grub> halt
!!!! X64 Exception Type - 06(#UD - Invalid Opcode)  CPU Apic ID - 00000000 !!!!
RIP  - 0000000003F4EC28, CS  - 0000000000000038, RFLAGS - 0000000000200246
RAX  - 0000000000000000, RCX - 00000000061DA188, RDX - 0A74C0854DC35D41
RBX  - 0000000003E10E08, RSP - 0000000007F0F860, RBP - 0000000000000000
RSI  - 00000000064DB768, RDI - 000000000832C5C3
R8   - 0000000000000002, R9  - 0000000000000000, R10 - 00000000061E2E52
R11  - 0000000000000020, R12 - 0000000003EE5C1F, R13 - 00000000061E0FF4
R14  - 0000000003E10D80, R15 - 00000000061E2F60
DS   - 0000000000000030, ES  - 0000000000000030, FS  - 0000000000000030
GS   - 0000000000000030, SS  - 0000000000000030
CR0  - 0000000080010033, CR2 - 0000000000000000, CR3 - 0000000007C01000
CR4  - 0000000000000668, CR8 - 0000000000000000
DR0  - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000
DR3  - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400
GDTR - 00000000079EEA98 0000000000000047, LDTR - 0000000000000000
IDTR - 0000000007598018 0000000000000FFF,   TR - 0000000000000000
FXSAVE_STATE - 0000000007F0F4C0

Proposal here is to continue to free allocated memory for
exit boot services path but keep it for halt/reboot path
as it won't be much security concern here.
Introduced GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY
loader flag to be used by efi halt/reboot path.

Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:48 +02:00
..
arc sgi support 2011-05-13 16:36:05 +02:00
arm * grub-core/kern/arm/cache.S: Don't switch back to ARM mode when 2013-11-16 17:37:06 +01:00
arm64 arm64/setjmp: Add missing move for arg1 == 0 case. 2016-01-07 21:10:05 +01:00
dummy arm-coreboot: Start new port. 2017-05-08 20:53:28 +02:00
efi efi: Fix use-after-free in halt/reboot path 2020-07-29 16:55:48 +02:00
emu Add missing emu/halt.c 2010-08-30 00:54:15 +02:00
gnulib-patches gnulib: Fix build of base64 when compiling with memory debugging 2020-03-10 21:58:36 +01:00
i386 relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow 2020-07-29 16:55:48 +02:00
ia64 * grub-core/lib/ia64/longjmp.S: Fix the name of longjmp function. 2013-03-02 15:31:17 +01:00
ieee1275 iee1275/datetime: Fix off-by-1 error. 2016-01-07 15:53:42 +01:00
json json: Avoid a double-free when parsing fails. 2020-07-29 16:55:48 +02:00
libgcrypt calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
libgcrypt_wrap calloc: Make sure we always have an overflow-checking calloc() available 2020-07-29 16:55:47 +02:00
minilzo minilzo: Update to minilzo-2.08 2020-02-11 21:30:30 +01:00
mips relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow 2020-07-29 16:55:48 +02:00
posix_wrap calloc: Make sure we always have an overflow-checking calloc() available 2020-07-29 16:55:47 +02:00
powerpc relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow 2020-07-29 16:55:48 +02:00
riscv RISC-V: Add setjmp implementation 2019-02-25 11:28:44 +01:00
sparc64 * grub-core/lib/sparc64/setjmp.S: Force spilling of current window. 2013-11-18 10:01:36 +01:00
uboot Rename uboot/datetime to dummy/datetime. 2017-05-08 19:40:14 +02:00
x86_64 relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow 2020-07-29 16:55:48 +02:00
xen xen: modify page table construction 2016-10-27 16:22:06 +02:00
xzembed Change fs functions to add fs_ prefix 2019-04-09 10:03:29 +10:00
zstd calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
adler32.c * grub-core/lib/adler32.c: Recode due to license unclearness. 2012-04-07 19:58:39 +02:00
arg.c malloc: Use overflow checking primitives where we do complex allocations 2020-07-29 16:55:47 +02:00
backtrace.c * grub-core/disk/ahci.c: Add needed explicit cast. 2013-08-21 21:02:14 +02:00
cmdline.c verifiers: Add possibility to verify kernel and modules command lines 2018-11-09 13:25:31 +01:00
cmos_datetime.c CMOS support on sparc. 2011-07-05 20:24:20 +02:00
crc.c Remove several trivially-unnecessary uses of nested functions. 2012-12-31 17:31:38 +00:00
crc64.c Remove several trivially-unnecessary uses of nested functions. 2012-12-31 17:31:38 +00:00
crypto.c core: use GRUB_TERM_ definitions when handling term characters 2017-08-07 19:28:22 +02:00
datetime.c normal: Move common datetime functions out of the normal module 2020-02-18 15:12:06 +01:00
disk.c Rename grub_disk members 2019-03-25 15:14:52 +01:00
division.c core: avoid NULL derefrence in grub_divmod64s 2015-04-06 19:30:51 +03:00
envblk.c envblk: Fix buffer overrun when attempting to shrink a variable value 2020-05-15 15:24:59 +02:00
fake_module.c Add new all_video module. 2012-02-26 18:09:07 +01:00
fdt.c fdt: Move prop_entry_size to fdt.h 2018-06-23 21:40:55 +02:00
getline.c Implement syslinux parser. 2013-12-18 05:28:05 +01:00
hexdump.c automake commit without merge history 2010-05-06 11:34:04 +05:30
legacy_parse.c misc: Make grub_strtol() "end" pointers have safer const qualifiers 2020-02-28 12:41:29 +01:00
LzFind.c * grub-core/lib/LzFind.c (MatchFinder_GetIndexByte): Rename index to 2012-02-10 12:21:28 +01:00
LzmaDec.c * include/grub/lib/LzmaDec.h: Fix to include LzmaTypes.h and 2013-11-10 20:37:01 +01:00
LzmaEnc.c lzma: Make sure we don't dereference past array 2020-07-29 16:55:48 +02:00
pbkdf2.c Remove pragmas related to -Wunreachable-code 2016-01-20 15:56:55 +00:00
priority_queue.c calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
progress.c Disable progress indicator in grub-shell. 2016-01-05 21:10:10 +01:00
random.c Add RNG module. 2016-02-12 12:39:38 +01:00
reed_solomon.c calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
relocator.c relocator: Fix grub_relocator_alloc_chunk_align() top memory allocation 2020-07-29 16:55:48 +02:00
setjmp.S RISC-V: Add to build system 2019-02-25 14:02:05 +01:00
syslinux_parse.c misc: Make grub_strtol() "end" pointers have safer const qualifiers 2020-02-28 12:41:29 +01:00