iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
40fbb23881
linux/drivers
History
Julius Werner 40fbb23881 firmware: google: memconsole: Prevent overrun attack on coreboot console 
The recent coreboot memory console update (firmware: google: memconsole:
Adapt to new coreboot ring buffer format) introduced a small security
issue in the driver: The new driver implementation parses the memory
console structure again on every access. This is intentional so that
additional lines added concurrently by runtime firmware can be read out.

However, if an attacker can write to the structure, they could increase
the size value to a point where the driver would read potentially
sensitive memory areas from outside the original console buffer during
the next access. This can be done through /dev/mem, since the console
buffer usually resides in firmware-reserved memory that is not covered
by STRICT_DEVMEM.

This patch resolves that problem by reading the buffer's size value only
once during boot (where we can still trust the structure). Other parts
of the structure can still be modified at runtime, but the driver's
bounds checks make sure that it will never read outside the buffer.

Fixes: a5061d028 ("firmware: google: memconsole: Adapt to new coreboot ring buffer format")
Signed-off-by: Julius Werner <jwerner@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-25 15:35:19 +02:00
..
accessibility
acpi More ACPI updates for v4.12-rc1 2017-05-10 09:35:42 -07:00
amba
android
ata ARM: SoC driver updates 2017-05-09 10:01:15 -07:00
atm
auxdisplay
base More power management updates for v4.12-rc1 2017-05-10 09:12:30 -07:00
bcma
block Merge branch 'for-linus' of git://git.kernel.dk/linux-block 2017-05-20 16:12:30 -07:00
bluetooth Bluetooth: hci_ldisc: Add protocol check to hci_uart_tx_wakeup() 2017-04-30 12:22:14 +02:00
bus
cdrom
char drivers: char: mem: Check for address space wraparound with mmap() 2017-05-18 16:53:55 +02:00
clk Sort of on the quieter side this time, which is probably due more 2017-05-10 13:38:18 -07:00
clocksource Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-05-12 10:43:25 -07:00
connector
cpufreq Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2017-05-12 09:56:30 -07:00
cpuidle Merge branches 'pm-domains', 'pm-cpuidle', 'pm-sleep' and 'powercap' 2017-05-09 23:21:46 +02:00
crypto virtio: fixes, cleanups, performance 2017-05-10 11:33:08 -07:00
dax dax: fix false CONFIG_BLOCK dependency 2017-05-13 16:18:21 -07:00
dca
devfreq
dio
dma dmaengine updates for 4.12-rc1 2017-05-09 15:40:28 -07:00
dma-buf
edac EDAC, amd64: Fix reporting of Chip Select sizes on Fam17h 2017-05-03 16:27:36 +02:00
eisa
extcon
firewire
firmware firmware: google: memconsole: Prevent overrun attack on coreboot console 2017-05-25 15:35:19 +02:00
fmc
fpga fpga fr br: update supported version numbers 2017-04-26 11:38:56 +02:00
fsi
gpio Annotation of module parameters that specify device settings 2017-05-10 19:13:03 -07:00
gpu Merge branch 'for-upstream/hdlcd' of git://linux-arm.org/linux-ld into drm-fixes 2017-05-20 06:00:49 +10:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2017-05-02 19:09:35 -07:00
hsi
hv HV: properly delay KVP packets when negotiation is in progress 2017-05-18 16:55:28 +02:00
hwmon hwmon: (coretemp) Handle frozen hotplug state correctly 2017-05-14 07:49:32 -07:00
hwspinlock
hwtracing drivers/hwtracing/intel_th/msu.c: use set_memory.h header 2017-05-08 17:15:14 -07:00
i2c i2c: designware: don't infer timings described by ACPI from clock rate 2017-05-19 14:36:24 +02:00
ide ide: don't call memcpy with the same source and destination 2017-05-08 17:36:39 -04:00
idle x86/intel_idle: add Gemini Lake support 2017-05-01 23:17:37 +02:00
iio Annotation of module parameters that specify device settings 2017-05-10 19:13:03 -07:00
infiniband Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2017-05-12 11:44:13 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2017-05-13 10:25:05 -07:00
iommu iommu/mediatek: Include linux/dma-mapping.h 2017-05-17 14:51:54 +02:00
ipack ipack: Improve a size determination in ipack_bus_register() 2017-05-18 16:59:06 +02:00
irqchip Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-05-21 11:45:26 -07:00
isdn Annotation of module parameters that specify device settings 2017-05-10 19:13:03 -07:00
leds scripts/spelling.txt: add "memory" pattern and fix typos 2017-05-08 17:15:13 -07:00
lguest
lightnvm lightnvm: fix bad back free on error path 2017-05-04 07:53:04 -06:00
macintosh DeviceTree for 4.12: 2017-05-05 19:33:07 -07:00
mailbox mailbox: handle empty message in tx_tick 2017-04-27 16:20:04 +05:30
mcb
md Merge tag 'md/4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md 2017-05-18 12:04:41 -07:00
media Annotation of module parameters that specify device settings 2017-05-10 19:13:03 -07:00
memory memory: omap-gpmc: Fix debug output for access width 2017-05-16 08:12:47 -07:00
memstick
message
mfd mfd: axp20x: Support AXP803 variant 2017-04-27 11:54:49 +01:00
misc Merge 4.12-rc2 into char-misc-next 2017-05-22 08:56:55 +02:00
mmc Annotation of module parameters that specify device settings 2017-05-10 19:13:03 -07:00
mtd This pull request contains updates for both UBI and UBIFS: 2017-05-13 10:23:12 -07:00
net mlxsw: spectrum: Avoid possible NULL pointer dereference 2017-05-18 11:27:21 -04:00
nfc
ntb
nubus
nvdimm Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm 2017-05-12 15:43:10 -07:00
nvme Merge branch 'for-linus' of git://git.kernel.dk/linux-block 2017-05-20 16:12:30 -07:00
nvmem ARM: SoC driver updates 2017-05-09 10:01:15 -07:00
of DeviceTree fixes for 4.12-rc: 2017-05-19 15:03:24 -07:00
oprofile
parisc
parport
pci Annotation of module parameters that specify device settings 2017-05-10 19:13:03 -07:00
pcmcia Annotation of module parameters that specify device settings 2017-05-10 19:13:03 -07:00
perf
phy
pinctrl Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2017-05-02 19:09:35 -07:00
platform char/misc patches for 4.12-rc1 2017-05-04 19:15:35 -07:00
pnp
power power supply and reset changes for the v4.12 series (part 2) 2017-05-12 12:02:21 -07:00
powercap powercap: intel_rapl: Add support for Gemini Lake 2017-04-28 23:56:16 +02:00
pps drivers: pps: Make PPS into a menuconfig to ease disabling 2017-05-18 16:59:06 +02:00
ps3
ptp Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-05-01 16:15:18 -07:00
pwm
rapidio char/misc patches for 4.12-rc1 2017-05-04 19:15:35 -07:00
ras
regulator Merge remote-tracking branch 'regulator/topic/vctrl' into regulator-next 2017-04-30 22:17:44 +09:00
remoteproc virtio: fixes, cleanups, performance 2017-05-10 11:33:08 -07:00
reset ARM: SoC driver updates 2017-05-09 10:01:15 -07:00
rpmsg virtio: fixes, cleanups, performance 2017-05-10 11:33:08 -07:00
rtc RTC for 4.12 2017-05-10 19:37:14 -07:00
s390 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2017-05-16 09:24:44 -07:00
sbus
scsi Merge branch 'for-linus' of git://git.kernel.dk/linux-block 2017-05-20 16:12:30 -07:00
sfi
sh
sn
soc ARM: SoC fixes (and a cross-arch dt-include fix) 2017-05-19 13:36:56 -07:00
spi Merge remote-tracking branches 'spi/topic/ti-qspi' and 'spi/topic/xlp' into spi-next 2017-04-26 15:58:22 +01:00
spmi
ssb
staging staging: fsl-dpaa2/eth: add ETHERNET dependency 2017-05-16 14:23:31 +02:00
target Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2017-05-12 11:44:13 -07:00
tc
tee Linux 4.12-rc1 2017-05-18 23:54:47 -07:00
thermal Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2017-05-12 11:58:45 -07:00
thunderbolt
tty Annotation of module parameters that specify device settings 2017-05-10 19:13:03 -07:00
uio Merge 4.12-rc2 into char-misc-next 2017-05-22 08:56:55 +02:00
usb USB-serial fixes for v4.12-rc2 2017-05-19 10:10:07 +02:00
uwb uwb: fix device quirk on big-endian hosts 2017-05-17 11:27:41 +02:00
vfio powerpc updates for 4.12 part 1. 2017-05-05 11:36:44 -07:00
vhost vhost/vsock: use static minor number 2017-05-18 16:59:06 +02:00
video fbdev changes for v4.12: 2017-05-11 11:12:26 -07:00
virt drivers/virt/fsl_hypervisor.c: use get_user_pages_unlocked() 2017-05-08 17:15:10 -07:00
virtio virtio: allow extra context per descriptor 2017-05-02 23:41:43 +03:00
vlynq
vme
w1
watchdog watchdog: bcm281xx: Fix use of uninitialized spinlock. 2017-05-19 10:42:25 +02:00
xen Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-05-09 09:12:53 -07:00
zorro
Kconfig
Makefile Merge branch 'tee/initial-merge' into fixes 2017-05-10 21:03:31 +02:00