summaryrefslogtreecommitdiffstats
path: root/debian/patches/bugfix/x86
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-08 16:58:15 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-08 16:58:15 +0000
commit2d139def3645feb04fd5a703be97b7f3eae8b556 (patch)
tree11c56a757cab0bdb6226826737d30a48ee9c13d3 /debian/patches/bugfix/x86
parentMerging upstream version 6.1.82. (diff)
downloadlinux-2d139def3645feb04fd5a703be97b7f3eae8b556.tar.xz
linux-2d139def3645feb04fd5a703be97b7f3eae8b556.zip
Adding debian version 6.1.82-1.debian/6.1.82-1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/bugfix/x86')
-rw-r--r--debian/patches/bugfix/x86/x86-efistub-Clear-decompressor-BSS-in-native-EFI-ent.patch68
-rw-r--r--debian/patches/bugfix/x86/x86-efistub-Don-t-clear-BSS-twice-in-mixed-mode.patch41
2 files changed, 109 insertions, 0 deletions
diff --git a/debian/patches/bugfix/x86/x86-efistub-Clear-decompressor-BSS-in-native-EFI-ent.patch b/debian/patches/bugfix/x86/x86-efistub-Clear-decompressor-BSS-in-native-EFI-ent.patch
new file mode 100644
index 000000000..63c4cafae
--- /dev/null
+++ b/debian/patches/bugfix/x86/x86-efistub-Clear-decompressor-BSS-in-native-EFI-ent.patch
@@ -0,0 +1,68 @@
+From: Ard Biesheuvel <ardb@kernel.org>
+Date: Fri, 15 Mar 2024 16:26:16 +0100
+Subject: x86/efistub: Clear decompressor BSS in native EFI entrypoint
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/commit?id=9274ec2003042bf0ed847cb80ffcfab543a0a33a
+
+[ Upstream commit b3810c5a2cc4a6665f7a65bed5393c75ce3f3aa2 ]
+
+The EFI stub on x86 no longer invokes the decompressor as a subsequent
+boot stage, but calls into the decompression code directly while running
+in the context of the EFI boot services.
+
+This means that when using the native EFI entrypoint (as opposed to the
+EFI handover protocol, which clears BSS explicitly), the firmware PE
+image loader is being relied upon to ensure that BSS is zeroed before
+the EFI stub is entered from the firmware.
+
+As Radek's report proves, this is a bad idea. Not all loaders do this
+correctly, which means some global variables that should be statically
+initialized to 0x0 may have junk in them.
+
+So clear BSS explicitly when entering via efi_pe_entry(). Note that
+zeroing BSS from C code is not generally safe, but in this case, the
+following assignment and dereference of a global pointer variable
+ensures that the memset() cannot be deferred or reordered.
+
+Cc: <stable@kernel.org> # v6.1+
+Reported-by: Radek Podgorny <radek@podgorny.cz>
+Closes: https://lore.kernel.org/all/a99a831a-8ad5-4cb0-bff9-be637311f771@podgorny.cz
+Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/firmware/efi/libstub/x86-stub.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c
+index 784e1b2ae5cc..aa07051459f5 100644
+--- a/drivers/firmware/efi/libstub/x86-stub.c
++++ b/drivers/firmware/efi/libstub/x86-stub.c
+@@ -21,6 +21,8 @@
+ #include "efistub.h"
+ #include "x86-stub.h"
+
++extern char _bss[], _ebss[];
++
+ const efi_system_table_t *efi_system_table;
+ const efi_dxe_services_table_t *efi_dxe_table;
+ static efi_loaded_image_t *image = NULL;
+@@ -432,6 +434,8 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle,
+ efi_status_t status;
+ char *cmdline_ptr;
+
++ memset(_bss, 0, _ebss - _bss);
++
+ efi_system_table = sys_table_arg;
+
+ /* Check if we were booted by the EFI firmware */
+@@ -950,8 +954,6 @@ void __noreturn efi_stub_entry(efi_handle_t handle,
+ void efi_handover_entry(efi_handle_t handle, efi_system_table_t *sys_table_arg,
+ struct boot_params *boot_params)
+ {
+- extern char _bss[], _ebss[];
+-
+ memset(_bss, 0, _ebss - _bss);
+ efi_stub_entry(handle, sys_table_arg, boot_params);
+ }
+--
+2.43.0
+
diff --git a/debian/patches/bugfix/x86/x86-efistub-Don-t-clear-BSS-twice-in-mixed-mode.patch b/debian/patches/bugfix/x86/x86-efistub-Don-t-clear-BSS-twice-in-mixed-mode.patch
new file mode 100644
index 000000000..2624812c5
--- /dev/null
+++ b/debian/patches/bugfix/x86/x86-efistub-Don-t-clear-BSS-twice-in-mixed-mode.patch
@@ -0,0 +1,41 @@
+From: Ard Biesheuvel <ardb@kernel.org>
+Date: Fri, 22 Mar 2024 17:01:45 +0100
+Subject: x86/efistub: Don't clear BSS twice in mixed mode
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/commit?id=3a2a828d252f4280e15e61e0666644f1fadcf6c4
+
+[ Upstream commit df7ecce842b846a04d087ba85fdb79a90e26a1b0 ]
+
+Clearing BSS should only be done once, at the very beginning.
+efi_pe_entry() is the entrypoint from the firmware, which may not clear
+BSS and so it is done explicitly. However, efi_pe_entry() is also used
+as an entrypoint by the mixed mode startup code, in which case BSS will
+already have been cleared, and doing it again at this point will corrupt
+global variables holding the firmware's GDT/IDT and segment selectors.
+
+So make the memset() conditional on whether the EFI stub is running in
+native mode.
+
+Fixes: b3810c5a2cc4a666 ("x86/efistub: Clear decompressor BSS in native EFI entrypoint")
+Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/firmware/efi/libstub/x86-stub.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c
+index aa07051459f5..dc50dda40239 100644
+--- a/drivers/firmware/efi/libstub/x86-stub.c
++++ b/drivers/firmware/efi/libstub/x86-stub.c
+@@ -434,7 +434,8 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle,
+ efi_status_t status;
+ char *cmdline_ptr;
+
+- memset(_bss, 0, _ebss - _bss);
++ if (efi_is_native())
++ memset(_bss, 0, _ebss - _bss);
+
+ efi_system_table = sys_table_arg;
+
+--
+2.43.0
+