From 5eff88dd6b4badd664d7d3b648103d540b390248 Mon Sep 17 00:00:00 2001 From: Rasmus Villemoes Date: Wed, 21 Apr 2021 21:31:46 +0200 Subject: [PATCH 1/3] efi: cper: fix scnprintf() use in cper_mem_err_location() The last two if-clauses fail to update n, so whatever they might have written at &msg[n] would be cut off by the final nul-termination. That nul-termination is redundant; scnprintf(), just like snprintf(), guarantees a nul-terminated output buffer, provided the buffer size is positive. And there's no need to discount one byte from the initial buffer; vsnprintf() expects to be given the full buffer size - it's not going to write the nul-terminator one beyond the given (buffer, size) pair. Signed-off-by: Rasmus Villemoes Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/cper.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/drivers/firmware/efi/cper.c b/drivers/firmware/efi/cper.c index ea7ca74fc173..1cb70976dbe7 100644 --- a/drivers/firmware/efi/cper.c +++ b/drivers/firmware/efi/cper.c @@ -221,7 +221,7 @@ static int cper_mem_err_location(struct cper_mem_err_compact *mem, char *msg) return 0; n = 0; - len = CPER_REC_LEN - 1; + len = CPER_REC_LEN; if (mem->validation_bits & CPER_MEM_VALID_NODE) n += scnprintf(msg + n, len - n, "node: %d ", mem->node); if (mem->validation_bits & CPER_MEM_VALID_CARD) @@ -258,13 +258,12 @@ static int cper_mem_err_location(struct cper_mem_err_compact *mem, char *msg) n += scnprintf(msg + n, len - n, "responder_id: 0x%016llx ", mem->responder_id); if (mem->validation_bits & CPER_MEM_VALID_TARGET_ID) - scnprintf(msg + n, len - n, "target_id: 0x%016llx ", - mem->target_id); + n += scnprintf(msg + n, len - n, "target_id: 0x%016llx ", + mem->target_id); if (mem->validation_bits & CPER_MEM_VALID_CHIP_ID) - scnprintf(msg + n, len - n, "chip_id: %d ", - mem->extended >> CPER_MEM_CHIP_ID_SHIFT); + n += scnprintf(msg + n, len - n, "chip_id: %d ", + mem->extended >> CPER_MEM_CHIP_ID_SHIFT); - msg[n] = '\0'; return n; } From b31eea2e04c1002e5cb864eefdc718b70d2cb08c Mon Sep 17 00:00:00 2001 From: Andy Shevchenko Date: Tue, 9 Feb 2021 18:45:06 +0200 Subject: [PATCH 2/3] efi: Don't use knowledge about efi_guid_t internals When print GUIDs supply pointer to the efi_guid_t (guid_t) type rather its internal members. Signed-off-by: Andy Shevchenko Reviewed-by: Serge Hallyn Signed-off-by: Ard Biesheuvel --- security/integrity/platform_certs/efi_parser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/integrity/platform_certs/efi_parser.c b/security/integrity/platform_certs/efi_parser.c index 18f01f36fe6a..d98260f8402a 100644 --- a/security/integrity/platform_certs/efi_parser.c +++ b/security/integrity/platform_certs/efi_parser.c @@ -55,7 +55,7 @@ int __init parse_efi_signature_list( memcpy(&list, data, sizeof(list)); pr_devel("LIST[%04x] guid=%pUl ls=%x hs=%x ss=%x\n", offs, - list.signature_type.b, list.signature_list_size, + &list.signature_type, list.signature_list_size, list.signature_header_size, list.signature_size); lsize = list.signature_list_size; From 1be72c8e0786727df375f11c8178ce7e65eea20e Mon Sep 17 00:00:00 2001 From: Shuai Xue Date: Mon, 23 Aug 2021 19:56:54 +0800 Subject: [PATCH 3/3] efi: cper: check section header more appropriately When checking a generic status block, we iterate over all the generic data blocks. The loop condition checks that the generic data block is valid. Because the size of data blocks (excluding error data) may vary depending on the revision and the revision is contained within the data block, we should ensure that enough of the current data block is valid appropriately for different revision. Signed-off-by: Shuai Xue Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/cper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/firmware/efi/cper.c b/drivers/firmware/efi/cper.c index 1cb70976dbe7..73bdbd207e7a 100644 --- a/drivers/firmware/efi/cper.c +++ b/drivers/firmware/efi/cper.c @@ -632,7 +632,7 @@ int cper_estatus_check(const struct acpi_hest_generic_status *estatus) data_len = estatus->data_length; apei_estatus_for_each_section(estatus, gdata) { - if (sizeof(struct acpi_hest_generic_data) > data_len) + if (acpi_hest_get_size(gdata) > data_len) return -EINVAL; record_size = acpi_hest_get_record_size(gdata);