Bug 45991
| Summary: | Loading efivars on non-native EFI architecture triggers NULL deref | ||
|---|---|---|---|
| Product: | Drivers | Reporter: | Maxim Kammerer (mk) |
| Component: | Platform_x86 | Assignee: | drivers_platform_x86 (drivers_platform_x86) |
| Status: | RESOLVED CODE_FIX | ||
| Severity: | normal | CC: | alan, florian, hpa, matt, olof, pageexec |
| Priority: | P1 | ||
| Hardware: | IA-32 | ||
| OS: | Linux | ||
| Kernel Version: | 3.4.7 | Subsystem: | |
| Regression: | No | Bisected commit-id: | |
| Attachments: | NULL deref trace | ||
Created attachment 77741 [details]
NULL deref trace
Hi Olof, thanks for the fix but shouldn't there be a reference to the bug/reporter in the commit message as well? This is now fixed in upstream in Linus' tree and in the 3.4 and 3.6 stable releases. Thanks everyone. Sorry, I should have noted the versions containing this fix are v3.7-rc3 (Linus' tree), and versions v3.4.17 and v3.6.5 of the stable trees. A patch referencing this bug report has been merged in Linux v3.7-rc3: commit 5189c2a7c7769ee9d037d76c1a7b8550ccf3481c Author: Olof Johansson <olof@lixom.net> Date: Wed Oct 24 10:00:44 2012 -0700 x86: efi: Turn off efi_enabled after setup on mixed fw/kernel |
In drivers/firmware/efivars.c, efivars_init() initializes "ops" struct from global "efi" struct, and then, e.g., calls ops->get_next_variable() in register_efivars(). If architecture is non-native (32-bit kernel on 64-bit EFI, or reverse), arch/x86/platform/efi/efi.c skips initialization of "efi" struct: if (!efi_native) goto out; (http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=1adbfa3511ee1c1118e16a9a0246870f12fef4e6) which causes a NULL deref when efivars is loaded. The issue is still resent in current git tree, as far as I can see.