linux_dsm_epyc7002/drivers
Matt Fleming ec50bd32f1 efivars: explicitly calculate length of VariableName
It's not wise to assume VariableNameSize represents the length of
VariableName, as not all firmware updates VariableNameSize in the same
way (some don't update it at all if EFI_SUCCESS is returned). There
are even implementations out there that update VariableNameSize with
values that are both larger than the string returned in VariableName
and smaller than the buffer passed to GetNextVariableName(), which
resulted in the following bug report from Michael Schroeder,

  > On HP z220 system (firmware version 1.54), some EFI variables are
  > incorrectly named :
  >
  > ls -d /sys/firmware/efi/vars/*8be4d* | grep -v -- -8be returns
  > /sys/firmware/efi/vars/dbxDefault-pport8be4df61-93ca-11d2-aa0d-00e098032b8c
  > /sys/firmware/efi/vars/KEKDefault-pport8be4df61-93ca-11d2-aa0d-00e098032b8c
  > /sys/firmware/efi/vars/SecureBoot-pport8be4df61-93ca-11d2-aa0d-00e098032b8c
  > /sys/firmware/efi/vars/SetupMode-Information8be4df61-93ca-11d2-aa0d-00e098032b8c

The issue here is that because we blindly use VariableNameSize without
verifying its value, we can potentially read garbage values from the
buffer containing VariableName if VariableNameSize is larger than the
length of VariableName.

Since VariableName is a string, we can calculate its size by searching
for the terminating NULL character.

Reported-by: Frederic Crozat <fcrozat@suse.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Josh Boyer <jwboyer@redhat.com>
Cc: Michael Schroeder <mls@suse.com>
Cc: Lee, Chun-Yi <jlee@suse.com>
Cc: Lingzhu Xiang <lxiang@redhat.com>
Cc: Seiji Aguchi <seiji.aguchi@hds.com>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
2013-03-21 12:43:46 +00:00
..
accessibility
acpi ACPI / glue: Drop .find_bridge() callback from struct acpi_bus_type 2013-03-04 14:23:40 +01:00
amba Merge branch 'for-linus' of git://git.linaro.org/people/rmk/linux-arm 2013-03-03 11:54:39 -08:00
ata ACPI / glue: Drop .find_bridge() callback from struct acpi_bus_type 2013-03-04 14:23:40 +01:00
atm hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
auxdisplay
base ACPI and power management fixes for 3.9-rc2 2013-03-07 14:54:28 -08:00
bcma Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem 2013-03-01 13:52:03 -05:00
block Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2013-02-28 17:43:09 -08:00
bluetooth Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-02-21 17:40:58 -08:00
bus
cdrom
char Fix a circular locking dependency in random's collection of cputime 2013-03-08 14:42:16 -08:00
clk hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
clocksource ImgTec Meta architecture changes for v3.9-rc1 2013-03-03 12:06:09 -08:00
connector proc connector: reject unprivileged listener bumps 2013-02-27 13:08:35 -05:00
cpufreq cpufreq / intel_pstate: Do not load on VM that does not report max P state. 2013-03-06 23:40:11 +01:00
cpuidle
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2013-02-25 15:56:15 -08:00
dca dca: convert to idr_alloc() 2013-02-27 19:10:15 -08:00
devfreq
dio
dma Merge branch 'next' of git://git.infradead.org/users/vkoul/slave-dma 2013-03-03 10:20:22 -08:00
edac Merge branch 'linux_next' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-edac 2013-02-28 20:42:33 -08:00
eisa
extcon
firewire firewire: convert to idr_alloc() 2013-02-27 19:10:15 -08:00
firmware efivars: explicitly calculate length of VariableName 2013-03-21 12:43:46 +00:00
gpio gpio/gpio-ich: fix ichx_gpio_check_available() return what callers expect 2013-03-02 13:20:21 +00:00
gpu drm/tegra: drop "select DRM_HDMI" 2013-03-08 08:36:01 +10:00
hid Merge branch 'for-3.9/upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2013-03-08 14:42:52 -08:00
hsi hsi: fix kernel-doc warnings 2013-03-01 13:39:00 -08:00
hv Drivers: hv: vmbus: Use the new infrastructure for delivering VMBUS interrupts 2013-02-27 10:15:53 -08:00
hwmon hwmon: (sht15) Check return value of regulator_enable() 2013-03-03 21:45:48 -08:00
hwspinlock
i2c idr: remove MAX_IDR_MASK and move left MAX_IDR_* into idr.c 2013-02-27 19:10:20 -08:00
ide Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-02-26 20:16:07 -08:00
idle Merge branch 'core-locking-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-02-22 19:25:09 -08:00
iio
infiniband fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
input Atmel MXT touchscreen: increase reset timeouts 2013-03-09 10:31:01 -08:00
iommu iommu, x86: Add DMA remap fault reason 2013-03-06 09:41:51 +01:00
ipack
irqchip ImgTec Meta architecture changes for v3.9-rc1 2013-03-03 12:06:09 -08:00
isdn Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-03-05 18:42:29 -08:00
leds Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds 2013-02-26 09:29:02 -08:00
lguest All trivial, thanks to the stuff which didn't quite make it time. 2013-02-26 14:49:12 -08:00
macintosh Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2013-02-23 17:09:55 -08:00
mailbox mailbox, pl320-ipc: remove __init from probe function 2013-03-04 14:23:11 +01:00
md md updates for 3.9 2013-03-05 17:22:08 -08:00
media arm-soc: late OMAP changes 2013-02-28 20:00:40 -08:00
memory
memstick memstick: move the dereference below the NULL test 2013-02-27 19:10:23 -08:00
message
mfd mfd: convert to idr_alloc() 2013-02-27 19:10:17 -08:00
misc fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
mmc Merge branches 'devel-stable', 'fixes' and 'mmci' into for-linus 2013-03-03 00:32:50 +00:00
mtd fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-03-05 18:42:29 -08:00
nfc
ntb
nubus
of Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-02-21 17:40:58 -08:00
oprofile fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
parisc Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-02-26 20:16:07 -08:00
parport Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2013-02-21 17:54:03 -08:00
pci ACPI / glue: Add .match() callback to struct acpi_bus_type 2013-03-04 14:23:40 +01:00
pcmcia Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-02-21 17:40:58 -08:00
pinctrl
platform Platform: x86: chromeos_laptop : Add basic platform data for atmel devices 2013-03-08 16:03:29 -08:00
pnp ACPI / glue: Add .match() callback to struct acpi_bus_type 2013-03-04 14:23:40 +01:00
power power: convert to idr_alloc() 2013-02-27 19:10:18 -08:00
pps drivers/pps/clients/pps-gpio.c: use devm_kzalloc 2013-02-27 19:10:23 -08:00
ps3
ptp
pwm pwm: Changes for v3.9-rc1 2013-02-26 09:34:29 -08:00
rapidio
regulator Merge remote-tracking branch 'regulator/fix/twl' into tmp 2013-03-05 10:12:43 +08:00
remoteproc remoteproc: convert to idr_alloc() 2013-02-27 19:10:18 -08:00
rpmsg rpmsg: convert to idr_alloc() 2013-02-27 19:10:18 -08:00
rtc rtc: stmp3xxx: add wdt-accessor function 2013-03-01 12:40:36 +01:00
s390 qdio: remove unused parameters 2013-02-28 09:37:12 +01:00
sbus Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-02-26 20:16:07 -08:00
scsi ACPI / glue: Add .match() callback to struct acpi_bus_type 2013-03-04 14:23:40 +01:00
sfi
sh
sn
spi
ssb Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux into mips-for-linux-next 2013-02-22 10:07:30 +01:00
staging fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
target Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2013-03-02 11:43:27 -08:00
tc
thermal Fix mis-merge of intel_powerclamp.c resulting in compile error 2013-02-28 20:23:09 -08:00
tty drivers/tty/hvc: Use strlcpy instead of strncpy 2013-03-05 16:56:27 +11:00
uio uio: convert to idr_alloc() 2013-02-27 19:10:19 -08:00
usb Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2013-03-09 16:51:13 -08:00
uwb
vfio vfio: convert to idr_alloc() 2013-02-27 19:10:19 -08:00
vhost Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2013-02-26 11:42:23 -08:00
video backlight: add new lp8788 backlight driver 2013-02-27 19:10:09 -08:00
virt
virtio All trivial, thanks to the stuff which didn't quite make it time. 2013-02-26 14:49:12 -08:00
vlynq
vme
w1 arm-soc: i.MX DT changes 2013-02-28 19:59:34 -08:00
watchdog watchdog: sp805_wdt depends on ARM 2013-03-01 12:56:26 +01:00
xen fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
zorro new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
Kconfig
Makefile Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2013-02-23 17:09:55 -08:00