From 661d2238688c25f676aa18a7f866ff1cd285ff3d Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Thu, 19 Nov 2020 12:24:44 +0100 Subject: [PATCH 1/6] fs: fat: avoid NULL dereference when root dir is full When trying to create a file in the full root directory of a FAT32 filesystem a NULL dereference can be observed. When the root directory of a FAT16 filesystem is full fill_dir_slot() must return -1 to signal that a new directory entry could not be allocated. Fixes: cd2d727fff7e ("fs: fat: allocate a new cluster for root directory of fat32") Signed-off-by: Heinrich Schuchardt --- fs/fat/fat_write.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/fs/fat/fat_write.c b/fs/fat/fat_write.c index a2682b5f46..fc932df953 100644 --- a/fs/fat/fat_write.c +++ b/fs/fat/fat_write.c @@ -260,9 +260,8 @@ fill_dir_slot(fat_itr *itr, const char *l_name) flush_dir(itr); /* allocate a cluster for more entries */ - if (!fat_itr_next(itr)) - if (!itr->dent && - (!itr->is_root || itr->fsdata->fatsize == 32) && + if (!fat_itr_next(itr) && !itr->dent) + if ((itr->is_root && itr->fsdata->fatsize != 32) || new_dir_table(itr)) return -1; } From a2c5a92d4865cea53de8a9297a4f4d115e6ac3b6 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sat, 21 Nov 2020 12:34:20 +0100 Subject: [PATCH 2/6] fs: fat: directory entries starting with 0x05 0x05 is used as replacement letter for 0xe5 at the first position of short file names. We must not skip over directory entries starting with 0x05. Cf. Microsoft FAT Specification, August 30 2005 Fixes: 39606d462c97 ("fs: fat: handle deleted directory entries correctly") Signed-off-by: Heinrich Schuchardt Reviewed-by: Christian Gmeiner Reviewed-by: Simon Glass --- fs/fat/fat.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fs/fat/fat.c b/fs/fat/fat.c index 28aa5aaa9f..fb6ba89466 100644 --- a/fs/fat/fat.c +++ b/fs/fat/fat.c @@ -926,8 +926,7 @@ static int fat_itr_next(fat_itr *itr) if (!dent) return 0; - if (dent->name[0] == DELETED_FLAG || - dent->name[0] == aRING) + if (dent->name[0] == DELETED_FLAG) continue; if (dent->attr & ATTR_VOLUME) { From 1ec29aa30623fc8cc8f4b014497aa0d72af96720 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sun, 22 Nov 2020 11:13:33 +0100 Subject: [PATCH 3/6] fs: fat: use ATTR_ARCH instead of anonymous 0x20 Using constants instead of anonymous numbers increases code readability. Fixes: 704df6aa0a28 ("fs: fat: refactor write interface for a file offset") Signed-off-by: Heinrich Schuchardt --- fs/fat/fat_write.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/fat/fat_write.c b/fs/fat/fat_write.c index fc932df953..7afc8388b2 100644 --- a/fs/fat/fat_write.c +++ b/fs/fat/fat_write.c @@ -1191,7 +1191,8 @@ int file_fat_write_at(const char *filename, loff_t pos, void *buffer, } /* Set short name entry */ - fill_dentry(itr->fsdata, itr->dent, filename, 0, size, 0x20); + fill_dentry(itr->fsdata, itr->dent, filename, 0, size, + ATTR_ARCH); retdent = itr->dent; } From 31cadc3635500a94d6893db70e85acc39827c62c Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sat, 21 Nov 2020 20:52:18 +0100 Subject: [PATCH 4/6] efi_loader: enable EFI_SET_TIME on sandbox and QEMU ARM Enable EFI_SET_TIME on the sandbox and QEMU ARM to ensure that we compile and test the relevant code. Signed-off-by: Heinrich Schuchardt --- lib/efi_loader/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index 29ea14b2ee..7fd3a3c90c 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -88,6 +88,7 @@ config EFI_GET_TIME config EFI_SET_TIME bool "SetTime() runtime service" depends on EFI_GET_TIME + default y if ARCH_QEMU || SANDBOX default n help Provide the SetTime() runtime service at boottime. This service From 03699bc75621934f7fb5d5a023007b39fb21ad6b Mon Sep 17 00:00:00 2001 From: Etienne Carriere Date: Sat, 21 Nov 2020 11:59:33 +0100 Subject: [PATCH 5/6] lib/efi_loader: fix ABI in efi_mm_communicate_header Pack struct efi_mm_communicate_header as done in EDK2 as seen in release 201808 [1]. If not packed sizeof() for the structure adds 4 additional bytes on 32bit targets which breaks the ABI. Link: [1] https://github.com/tianocore/edk2/blob/edk2-stable201808/MdePkg/Include/Protocol/MmCommunication.h#L21 Fixes: 23a397d2e2fb ("efi_loader: Add headers for EDK2 StandAloneMM communication") Signed-off-by: Etienne Carriere Reviewed-by: Ilias Apalodimas --- include/mm_communication.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mm_communication.h b/include/mm_communication.h index e464cbb48e..e65fbde60d 100644 --- a/include/mm_communication.h +++ b/include/mm_communication.h @@ -43,7 +43,7 @@ * To avoid confusion in interpreting frames, the communication buffer should * always begin with efi_mm_communicate_header. */ -struct efi_mm_communicate_header { +struct __packed efi_mm_communicate_header { efi_guid_t header_guid; size_t message_len; u8 data[]; From 6974a4a37348ba272e53dd33effcc0db9e144c59 Mon Sep 17 00:00:00 2001 From: Ilias Apalodimas Date: Sun, 22 Nov 2020 15:10:26 +0200 Subject: [PATCH 6/6] charset: make u16_strnlen accessible at runtime commit 1fabfeef506c ("efi_loader: parameter check in GetNextVariableName()") introduces a check using u16_strnlen(). This code is used on EFI runtime variables as well, so unless we mark it as runtime, the kernel will crash trying to access it. Fixes: 1fabfeef506c ("efi_loader: parameter check in GetNextVariableName()") Signed-off-by: Ilias Apalodimas Reviewed-by: Heinrich Schuchardt --- lib/charset.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/charset.c b/lib/charset.c index 5686d6fb59..2177014ee1 100644 --- a/lib/charset.c +++ b/lib/charset.c @@ -8,6 +8,7 @@ #include #include #include +#include #include static struct capitalization_table capitalization_table[] = @@ -372,7 +373,7 @@ size_t u16_strlen(const void *in) return ret; } -size_t u16_strnlen(const u16 *in, size_t count) +size_t __efi_runtime u16_strnlen(const u16 *in, size_t count) { size_t i; for (i = 0; count-- && in[i]; i++);