From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM02-CY1-obe.outbound.protection.outlook.com (NAM02-CY1-obe.outbound.protection.outlook.com [40.107.76.74]) by mx.groups.io with SMTP id smtpd.web11.8208.1616168444603452499 for ; Fri, 19 Mar 2021 08:40:44 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=K5DI+Ioj; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.76.74, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CI/Cu+zZwHlFFmNyCHZ52apjdM8ueVqDHELLpPC+XxBCXvKF2597flc+Aohwk1xgWFRGfgPYdKoLT6vG90q3z3wWehJ4FE29EFVUpNNEVS4vTpMt3hcoru8P/Q58ygGAN1Jp91stCGGZm+Q6QIWYhd3UAVlTXFAUnBlbSA0/JAUdtppQetnot3q+nbmVSxycn7xSnbK4PS13uGsgwLuirJSsgzCtyU6jTdOS1n5fthRfgSLKb79W1MvO1OZuehBQSiev5RsVN+IfYhRZxemfdOAYl64dOdFlaOr/TxC4bPj8jxR2tRsMWTnIYHSMNB0mnti7rue6h2zPou+Ar5TdHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tvszg65uVMD15IWdC9QrcAWcvx2I6L+Mt5d1fkywzoQ=; b=iz1FNvZBz1oID30p/frMjmFbR4WWukEOgzIAsSuHq5TukH1aj9d5p9xvKhKlSDE77CysuIZJDYJcPDgQuzBF0jlhfPkmUSztAH+UhjejHj9skuGdk35Q35ZwcARszcKUOm7DK7MtVasSN7ku0t7pH1mTBqXjNvjBaVGoZqQrNL+N8vMXms9dXKKaq8ZOepDNWONeNQ+ZcsOGGY+ugsBTlQc25tERBna+ny0Lql/BMEwtvqfp/tHIFuYY9ARZT7t10MPd5CFJk2yhg5NvQR2Aqjr4Wk7Rd5BxnjRIeL8JeXtLjjava17Glljbgtos53fx5OVAJgjw0VnKD9qFUt/HGw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tvszg65uVMD15IWdC9QrcAWcvx2I6L+Mt5d1fkywzoQ=; b=K5DI+Ioj36CF4BYqczd7gxZvBoBU1txSv9Q5U42T/50s5t3xLTd2cO1fpjgGLYeSzhanOsEyiu6paQqYLu+zLjTHdwBJm41v5pupAUDpp+ZXDnaw4D4zQpUSKZBtWZ2bua25KLrjApGFfQh/NDZjdnmtcKY5kkQO65B2KPtt6CA= Authentication-Results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR1201MB0219.namprd12.prod.outlook.com (2603:10b6:4:56::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.31; Fri, 19 Mar 2021 15:40:42 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::c9b6:a9ce:b253:db70]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::c9b6:a9ce:b253:db70%6]) with mapi id 15.20.3955.018; Fri, 19 Mar 2021 15:40:42 +0000 Subject: Re: [PATCH v1] OvmfPkg/X86QemuLoadImageLib: Handle allocation failure for CommandLine To: Martin Radev , devel@edk2.groups.io Cc: lersek@redhat.com, ardb+tianocore@kernel.org, jordan.l.justen@intel.com References: From: "Lendacky, Thomas" Message-ID: <8c0344c4-254c-7840-6456-46d871451132@amd.com> Date: Fri, 19 Mar 2021 10:40:40 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 In-Reply-To: X-Originating-IP: [67.79.209.213] X-ClientProxiedBy: SN7PR04CA0033.namprd04.prod.outlook.com (2603:10b6:806:120::8) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from office-linux.texastahm.com (67.79.209.213) by SN7PR04CA0033.namprd04.prod.outlook.com (2603:10b6:806:120::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.18 via Frontend Transport; Fri, 19 Mar 2021 15:40:42 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: fded9992-20c7-4300-4a8a-08d8eaed5ae1 X-MS-TrafficTypeDiagnostic: DM5PR1201MB0219: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: DPOUhB/hJx+1GWkqicqOnV3BFC0v/WhgBiIg2WZSpTBPXeVKqcFdTJoPNqFFtIIFmUmcDt6RB4TJF3Ca8viLy2l/07aCeu2phQDmCctz4o6M/U3TD0H81vnHgPF6tf1K6Cn5UpUmokh2ZJEQIIBTOWGZ01DyJlsVpU/4AHTzOR6by1CMuubyotNIfFLoP32NDc6WMLXAE/8Fodk7jb8DTjWryGIGxFXGyobCOHYjoMKqBBBHhDvmLz41aRPVtmqIFfDzRd1D1+sQpr+lotn2WV5VIJAgPVSx8mm4Ny8RrAYrhyb798i1xDCjS+91LdU6CuMa0SvcDkSaXoD9pg2gI7WxWfbBVJBDzXYOV0MgPEgBcbAwcmJG9xtJVGBfGCt+FGxOE+54Zb5jVlCFNnv8/n2GzSbgc0lwRwiTe2EQ45pEemRAHeYqLgUQuCW1xJGwRr9FEOK/i9HB6v3coZj6+a1ki+Z9CLsXmNmw0OMkAbjD6BafqLkrAc2kNxkjV/aVLPE/E19CPTwjpJIQGIzhvwcZZ27J7d93jGRk9j/dLaQ+npDiDEZQC0Nn1rUHyyCB6Q85wyps41pUryTVkya+LHDZpDfeUMESKAPZDOlKao6eHT0zu+Ko0vFjILIRbhMui3NRz+8SMuAaOrLhyWelXu35n2eOvagIlGgOWrkS5TVS/RR4/qnZ8gNVyi024foIHMiyYEtEt0zG04y9KKTyWq3NwHiafzHEZ/i7wq2HropyMQX7sOzhYC7FuTfdu0b0G/x8jqey0+RO3SH+uzb41Jtc76j4ui9Ok81g5r+ZZ2oJIlg5sHtzjnUVlXWFGDek X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(376002)(346002)(136003)(39860400002)(31686004)(2616005)(478600001)(316002)(6512007)(5660300002)(956004)(31696002)(4326008)(186003)(8936002)(36756003)(16526019)(86362001)(26005)(6506007)(53546011)(38100700001)(6486002)(966005)(2906002)(66476007)(66556008)(66946007)(8676002)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?eGRvU2FmNkliYVAycDJtbGJWUGV0Nld3bTVhUXNxbkxnSVM0Zk9yRHgyekkz?= =?utf-8?B?VmdzYkpTOEY3cXdnb29jVERFdVlWajZ3bXBNQkZLc3p5c2hldDM5aGR3NTZ5?= =?utf-8?B?Z000SGl5VVlTN2crZlJsOUE5VmFYVU5VNUJkMldvTk1BQXJlOFVUNGh1cTBk?= =?utf-8?B?eWVHdUhUQnpXZEJ5cncxTEM5emlIWVppRTBQS2x3WWFqN1QwN0dpeGpDaG1G?= =?utf-8?B?WmQ2dVV2MFl0cEJYUWJUL3ZRODQvRi85MVN1UnNXWS9pRGwzaDJBQ20vWmh6?= =?utf-8?B?SWFDRExTVG9wVzlxVU83SlhUOFptUzkzRE50YW45M3QvdHdud2VyVWNTcEoy?= =?utf-8?B?bk0vbTdMRkhwdWlzam1MbExlOWlHYXRuMVRkdGJHOWhCZVRaOUM1a2N3OUE1?= =?utf-8?B?L2xJelVuWkFJRExDMkd5WE92UVZQS2xnVDBvS3FURXRjSHU5TUhhcjQ1MHU0?= =?utf-8?B?RFFQdFFyME5nT2dGQmFiR1pwNmZndkI5UkdYV1lLRnI2Q3NRSnc1empFN2hx?= =?utf-8?B?MmpwQU8veW9KbEprU0w4Szh0b2oxVzA4NTFyNkNpMC9WV2xGVXY3NzBOWjFm?= =?utf-8?B?aE0zNytZQVVndmo2TEIwbmxJTFdrb2N2R0I1ZFdsQ2o4SFN1N2dONW1obGtE?= =?utf-8?B?QVJQS2lYeE1qUGw2cW9wZUtaeU5zMUJqSEhVS2xMWXpqRnlkakxjMDdpWlNa?= =?utf-8?B?YUU0Z21hMDNYRlJyNHlMaVRNb0JCWVJLd0srS2tzakU4R2xXVzc1SU9EN2NC?= =?utf-8?B?aDB6MlBIRFZKaVhmdFNMQWRNVGNmOFlpQ3FtU2JDTUorREhLdndRa3p5eHNn?= =?utf-8?B?cStlOHVkcTJ1b3BlUTlGYTdrN05MY1NKUVVUbXlPQVBxT0N1ZFRNNUdhVjBX?= =?utf-8?B?czJ4d0xnUStzMmZxMy9OUmFYVzN4YXlaSlFFS3piREdXY3ZHcEpmRHhTU3hx?= =?utf-8?B?SkVnUjJmdVhTMzVNUWhzNG5BNmxQV0NyQnk0ME1RUWVObGdpRHJLUDBHRlNU?= =?utf-8?B?dUMvRWxiK0tKT1NERG8yWU9NYmN3UDBaZFJ3M1N6MVJQYUFhZUJ4SmUxcVNV?= =?utf-8?B?M2k5QktUS20raWFNYzVUcUdrQnlYSC9hRzF5VU82MDJvYjU0dGZ4UU9oUW5i?= =?utf-8?B?Zjg1clh1b2pudTVuMXlHZklxaHhwT3dha1VhWG9HOUhWMi9FY3U2M2lvdHA0?= =?utf-8?B?aFhzRnMyeTY4WXpCL0xGY1RGOE40cHluaWVXZ25lZVdVbE10cXMyRDU0SW9Z?= =?utf-8?B?eEdjbVlqZVhWQ05wU0NRdXhHM254RTdtMkI4a0VTY0J2YUZKdnF0VnJlZGpY?= =?utf-8?B?V3RSS1NVekxGUGp4VWhFTEtZeTRWMnMzbFZtY283L0lWU0hkL1NNWFZWNDU5?= =?utf-8?B?YmZjVzNPcGlaanBMQ3I2aytvemNZMFB3ZEhGRFQ4NWtTSUMrY3VmRFRCdEQ5?= =?utf-8?B?ajY3NjM0dkc1RVdLelN6ZjE2VGswbFpOUTZvOGpvOGplVERkM3F2aHFRRW9J?= =?utf-8?B?cnlaVmlHS25pS1dRLzBCajFXNGxzWkZ1YzZYRHF1OGY4L2JqVUwxZ2tSSlRV?= =?utf-8?B?cDB4V3lEdUVxb01jd0ZEelBlZGZ5Q3NscHlHa1J0ZjRxZzVrcmZaQzlNekha?= =?utf-8?B?NW5LY2dreFNpaG90d3ZxeGp2V05rbHovdzNkeWxUL29ONGRZdFN6dkx3ejEx?= =?utf-8?B?dUlqbXRhaUNKM1Zwa1lwdmRYdHcrY20xWDFXd1NWZEVFUnkxd1FsM0xJTnF4?= =?utf-8?Q?J54+B8a5nLjLJWos6xU+dv7+M0c1cTXW85itsu0?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: fded9992-20c7-4300-4a8a-08d8eaed5ae1 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Mar 2021 15:40:42.7627 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 28SCy+AoewnsLOqYUkRwrQI55PB7HevyDqTki810WYm37ClQRymzsxLeVvc5V5Hlc0rpb1PW1xQP9SjqRAi86A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1201MB0219 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 3/18/21 4:44 PM, Martin Radev wrote: > The CommandLine and InitrdData may be set to NULL if the provided > size is too large. Because the zero page is mapped, this would not > cause an immediate crash but can lead to memory corruption instead. > This patch just adds validation and returns error if either allocation > has failed. > > Ref: https://github.com/martinradev/edk2/commit/6c0ce748b97393240c006e24b73652f30e597a05 > > Signed-off-by: Martin Radev Looks good to me. The two other LoadLinuxAllocate...() calls check for NULL, so it's reasonable that these should as well. Acked-by: Tom Lendacky > --- > OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c | 11 +++++++++++ > 1 file changed, 11 insertions(+) > > diff --git a/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c b/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c > index 931553c0c1..b983c4d7d0 100644 > --- a/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c > +++ b/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c > @@ -161,6 +161,12 @@ QemuLoadLegacyImage ( > LoadedImage->CommandLine = LoadLinuxAllocateCommandLinePages ( > EFI_SIZE_TO_PAGES ( > LoadedImage->CommandLineSize)); > + > + if (LoadedImage->CommandLine == NULL) { > + DEBUG ((DEBUG_ERROR, "Unable to allocate memory for kernel command line!\n")); > + Status = EFI_OUT_OF_RESOURCES; > + goto FreeImage; > + } > QemuFwCfgSelectItem (QemuFwCfgItemCommandLineData); > QemuFwCfgReadBytes (LoadedImage->CommandLineSize, LoadedImage->CommandLine); > } > @@ -178,6 +184,11 @@ QemuLoadLegacyImage ( > LoadedImage->InitrdData = LoadLinuxAllocateInitrdPages ( > LoadedImage->SetupBuf, > EFI_SIZE_TO_PAGES (LoadedImage->InitrdSize)); > + if (LoadedImage->InitrdData == NULL) { > + DEBUG ((DEBUG_ERROR, "Unable to allocate memory for initrd!\n")); > + Status = EFI_OUT_OF_RESOURCES; > + goto FreeImage; > + } > DEBUG ((DEBUG_INFO, "Initrd size: 0x%x\n", > (UINT32)LoadedImage->InitrdSize)); > DEBUG ((DEBUG_INFO, "Reading initrd image ...")); >