Merge tag 'efi-urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi into x86/urgent

Pull EFI fixes from Matt Fleming: " - Fix regression in DMI sysfs code for handling "End of Table" entry and a type bug that could lead to integer overflow. (Ivan Khoronzhuk) - Fix boundary checking in efi_high_alloc() which can lead to memory corruption in the EFI boot stubs. (Yinghai Lu)" Signed-off-by: Ingo Molnar <mingo@kernel.org>
author: Ingo Molnar <mingo@kernel.org> 2015-03-02 08:18:57 -0500
committer: Ingo Molnar <mingo@kernel.org> 2015-03-02 08:18:57 -0500
commit: be482d624c3112c761d429f314582850b62214b5 (patch)
tree: 7f90fd31eee17de9f71b398fa5a073ff401afffd /drivers/firmware
parent: a38ecbbd0be025a6ecbbfd22d2575a5b46317117 (diff)
parent: 6d9ff473317245e3e5cd9922b4520411c2296388 (diff)
2 files changed, 13 insertions, 12 deletions
diff --git a/drivers/firmware/dmi_scan.c b/drivers/firmware/dmi_scan.c
index c5f7b4e9eb6c..69fac068669f 100644
--- a/drivers/firmware/dmi_scan.c
+++ b/drivers/firmware/dmi_scan.c
@@ -78,7 +78,7 @@ static const char * __init dmi_string(const struct dmi_header *dm, u8 s)
 *      We have to be cautious here. We have seen BIOSes with DMI pointers
 *      pointing to completely the wrong place for example
 */
-static void dmi_table(u8 *buf, int len, int num,
+static void dmi_table(u8 *buf, u32 len, int num,
                      void (*decode)(const struct dmi_header *, void *),
                      void *private_data)
 {
@@ -93,12 +93,6 @@ static void dmi_table(u8 *buf, int len, int num,
                const struct dmi_header *dm = (const struct dmi_header *)data;
                /*
-                 * 7.45 End-of-Table (Type 127) [SMBIOS reference spec v3.0.0]
-                 */
-                if (dm->type == DMI_ENTRY_END_OF_TABLE)
-                        break;
-                /*
                 *  We want to know the total length (formatted area and
                 *  strings) before decoding to make sure we won't run off the
                 *  table in dmi_decode or dmi_string
@@ -108,13 +102,20 @@ static void dmi_table(u8 *buf, int len, int num,
                        data++;
                if (data - buf < len - 1)
                        decode(dm, private_data);
+                /*
+                 * 7.45 End-of-Table (Type 127) [SMBIOS reference spec v3.0.0]
+                 */
+                if (dm->type == DMI_ENTRY_END_OF_TABLE)
+                        break;
                data += 2;
                i++;
        }
 }
 static phys_addr_t dmi_base;
-static u16 dmi_len;
+static u32 dmi_len;
 static u16 dmi_num;
 static int __init dmi_walk_early(void (*decode)(const struct dmi_header *,
diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c
index 2fe195002021..f07d4a67fa76 100644
--- a/drivers/firmware/efi/libstub/efi-stub-helper.c
+++ b/drivers/firmware/efi/libstub/efi-stub-helper.c
@@ -179,12 +179,12 @@ again:
                start = desc->phys_addr;
                end = start + desc->num_pages * (1UL << EFI_PAGE_SHIFT);
-                if ((start + size) > end || (start + size) > max)
+                if (end > max)
-                        continue;
-                if (end - size > max)
                        end = max;
+                if ((start + size) > end)
+                        continue;
                if (round_down(end - size, align) < start)
                        continue;
author	Ingo Molnar <mingo@kernel.org>	2015-03-02 08:18:57 -0500
committer	Ingo Molnar <mingo@kernel.org>	2015-03-02 08:18:57 -0500
commit	be482d624c3112c761d429f314582850b62214b5 (patch)
tree	7f90fd31eee17de9f71b398fa5a073ff401afffd /drivers/firmware
parent	a38ecbbd0be025a6ecbbfd22d2575a5b46317117 (diff)
parent	6d9ff473317245e3e5cd9922b4520411c2296388 (diff)