From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-lj1-f178.google.com (mail-lj1-f178.google.com [209.85.208.178]) by mx.groups.io with SMTP id smtpd.web12.1881.1616103861199288212 for ; Thu, 18 Mar 2021 14:44:21 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20161025 header.b=lRcvG4pJ; spf=pass (domain: gmail.com, ip: 209.85.208.178, mailfrom: martin.b.radev@gmail.com) Received: by mail-lj1-f178.google.com with SMTP id a1so9424964ljp.2 for ; Thu, 18 Mar 2021 14:44:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:mime-version:content-disposition; bh=q+qQmJuUm5AwLX8heI/SpzA5M51HkCYsA+9dZq1K8Hs=; b=lRcvG4pJHDyhGQ+lIfr90THQfs6TYaRpL7wcERETRaVuv3jkrYp3nz27xQOv9PLTAU PT9nO2oKwsnc6Hn+3I+DzW8t2PxfkfeuiLABDiXE2arU3mjAj2P9pv+s3uw3ty/lzhd+ ipwZs1QabvMjOtfw75EF9GhZSwlZixA/zXT05du5xJaEwvJ3UMahT8yyltD4Oao8k+ci RDh6YnpUWB+y8DJXSNsht74ENxGt8ZNJOo6CTWzHWz6bjq+ZuQ5HRQs86rLkqrEs5bDp aqesbpOvz8ogPsHYp8tGGFwx6uGM8Xd77p7T2d/P4Awk8nuLWbTP1FqyuWwllLR9olGw klZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition; bh=q+qQmJuUm5AwLX8heI/SpzA5M51HkCYsA+9dZq1K8Hs=; b=j5/3WGvD2s1a+FBoAo7y0POn71392coMFjADNZQ31wdvfeAe/OWieWbv14UxPCfJbm YMsGG+AsB9CWAh+iAnrxCQm3IP+bABREFwxUJVhmQ20uqMwJ1p6kYeyOvtDBb0EvRzb+ uR+5DlNLngDTPOt4QnQpyo/St0Lkyk2e5RMbEsz+a9uXF29ddiL56lGGgMKOWq9bloiJ pW7Bbtn7Wz2naewOz5Z1Wb3rvE9WvSOJXa98G8t6DikRIW4egwYwhsvIXuU99XxUk7im Oljr2QDj5hbSN+bOn+TuPOq1OR+LiwgBWamCy3TBRGcCabeXreMKKhk9woaICX46RixK Akxg== X-Gm-Message-State: AOAM533UXAPMWir4CQyHoqDImM7yG35EvzxmS+/WkRgvfPrb9TPq/8N/ 7Clz2uWQIwxem3lDvdyIpsCo816000ZUpSzd X-Google-Smtp-Source: ABdhPJzq2bVh4rgCm4BPOd8AWWHLtRMPCdQVAJgL8T7OqQjS3p4PtdFFFSDT7NrueG8fNFTlMZfh7g== X-Received: by 2002:a05:651c:110a:: with SMTP id d10mr6841487ljo.307.1616103859208; Thu, 18 Mar 2021 14:44:19 -0700 (PDT) Return-Path: Received: from martin-ThinkPad-T440p (88-115-234-9.elisa-laajakaista.fi. [88.115.234.9]) by smtp.gmail.com with ESMTPSA id l21sm377234lfg.300.2021.03.18.14.44.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Mar 2021 14:44:18 -0700 (PDT) Date: Thu, 18 Mar 2021 22:44:17 +0100 From: Martin Radev To: devel@edk2.groups.io Cc: lersek@redhat.com, ardb+tianocore@kernel.org, jordan.l.justen@intel.com, thomas.lendacky@amd.com Subject: [PATCH v1] OvmfPkg/X86QemuLoadImageLib: Handle allocation failure for CommandLine Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline The CommandLine and InitrdData may be set to NULL if the provided size is too large. Because the zero page is mapped, this would not cause an immediate crash but can lead to memory corruption instead. This patch just adds validation and returns error if either allocation has failed. Ref: https://github.com/martinradev/edk2/commit/6c0ce748b97393240c006e24b73652f30e597a05 Signed-off-by: Martin Radev --- OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c b/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c index 931553c0c1..b983c4d7d0 100644 --- a/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c +++ b/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c @@ -161,6 +161,12 @@ QemuLoadLegacyImage ( LoadedImage->CommandLine = LoadLinuxAllocateCommandLinePages ( EFI_SIZE_TO_PAGES ( LoadedImage->CommandLineSize)); + + if (LoadedImage->CommandLine == NULL) { + DEBUG ((DEBUG_ERROR, "Unable to allocate memory for kernel command line!\n")); + Status = EFI_OUT_OF_RESOURCES; + goto FreeImage; + } QemuFwCfgSelectItem (QemuFwCfgItemCommandLineData); QemuFwCfgReadBytes (LoadedImage->CommandLineSize, LoadedImage->CommandLine); } @@ -178,6 +184,11 @@ QemuLoadLegacyImage ( LoadedImage->InitrdData = LoadLinuxAllocateInitrdPages ( LoadedImage->SetupBuf, EFI_SIZE_TO_PAGES (LoadedImage->InitrdSize)); + if (LoadedImage->InitrdData == NULL) { + DEBUG ((DEBUG_ERROR, "Unable to allocate memory for initrd!\n")); + Status = EFI_OUT_OF_RESOURCES; + goto FreeImage; + } DEBUG ((DEBUG_INFO, "Initrd size: 0x%x\n", (UINT32)LoadedImage->InitrdSize)); DEBUG ((DEBUG_INFO, "Reading initrd image ...")); -- 2.17.1