diff options
| author | Ard Biesheuvel <ardb@kernel.org> | 2024-10-31 18:58:23 +0100 |
|---|---|---|
| committer | Ard Biesheuvel <ardb@kernel.org> | 2024-11-15 12:03:29 +0100 |
| commit | 8fbe4c49c0ccac9a6a3cff35a45fa55d4ae35d6e (patch) | |
| tree | f5b92314c18413f05d8db81f0df972350d6631cb /drivers/firmware/efi/vars.c | |
| parent | 6fce6e9791685e95b70144a414eb90132e497489 (diff) | |
efi/memattr: Ignore table if the size is clearly bogus
There are reports [0] of cases where a corrupt EFI Memory Attributes
Table leads to out of memory issues at boot because the descriptor size
and entry count in the table header are still used to reserve the entire
table in memory, even though the resulting region is gigabytes in size.
Given that the EFI Memory Attributes Table is supposed to carry up to 3
entries for each EfiRuntimeServicesCode region in the EFI memory map,
and given that there is no reason for the descriptor size used in the
table to exceed the one used in the EFI memory map, 3x the size of the
entire EFI memory map is a reasonable upper bound for the size of this
table. This means that sizes exceeding that are highly likely to be
based on corrupted data, and the table should just be ignored instead.
[0] https://bugzilla.suse.com/show_bug.cgi?id=1231465
Cc: Gregory Price <gourry@gourry.net>
Cc: Usama Arif <usamaarif642@gmail.com>
Acked-by: Jiri Slaby <jirislaby@kernel.org>
Acked-by: Breno Leitao <leitao@debian.org>
Link: https://lore.kernel.org/all/20240912155159.1951792-2-ardb+git@google.com/
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Diffstat (limited to 'drivers/firmware/efi/vars.c')
0 files changed, 0 insertions, 0 deletions