u-boot.git/lib/efi_loader, branch v2023.10-rc2 Unnamed repository; edit this file 'description' to name the repository. efi_loader: check uuid_str_to_bin return value 2023-08-03T07:21:03+00:00 Masahisa Kojima masahisa.kojima@linaro.org 2023-07-31T08:53:02+00:00 cd87d2c61ce8e8e963de514f2c8ab0f959d6b586 Check the uuid_str_to_bin return value, skip the node if the image-type-id property is wrong format. Addresses-Coverity-ID: 463145 ("Error handling issues") Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
Check the uuid_str_to_bin return value, skip the node
if the image-type-id property is wrong format.

Addresses-Coverity-ID: 463145 ("Error handling issues")
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: catch out of memory in file_open 2023-08-03T07:21:03+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2023-07-30T12:06:06+00:00 405b736e817bbca360b2fd3329953d3980585df2 If calloc() return NULL, don't dereference it. Fixes: 2a92080d8c44 ("efi_loader: add file/filesys support") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
If calloc() return NULL, don't dereference it.

Fixes: 2a92080d8c44 ("efi_loader: add file/filesys support")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: error handling in efi_disk_add_dev 2023-08-03T07:21:03+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2023-07-30T12:03:53+00:00 cff7700170c2eb9d8059acbc2a5664ee9c8a8a9b * If an error occurs in efi_disk_add_dev(), don't leak resources. * If calloc() fails while creating the file system protocol interface, signal an error. * Rename efi_simple_file_system() to efi_create_simple_file_system(). * Drop a little helpful debug message. Fixes: 2a92080d8c44 ("efi_loader: add file/filesys support") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
* If an error occurs in efi_disk_add_dev(), don't leak resources.
* If calloc() fails while creating the file system protocol interface,
  signal an error.
* Rename efi_simple_file_system() to efi_create_simple_file_system().
* Drop a little helpful debug message.

Fixes: 2a92080d8c44 ("efi_loader: add file/filesys support")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: memory leak efi_add_memory_map_pg 2023-08-03T07:21:02+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2023-07-30T10:59:32+00:00 ecae4bbf35fac3cde0c41c012a05c8e5b4ade90f Don't leak newlist if we error out. Fixes: 74c16acce30b ("efi_loader: Don't allocate from memory holes") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Don't leak newlist if we error out.

Fixes: 74c16acce30b ("efi_loader: Don't allocate from memory holes")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: out of memory in efi_mem_carve_out 2023-08-03T07:21:02+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2023-07-30T10:27:03+00:00 257a498fbb146f866d729176a6fce5875323d4b9 Handle out of memory situation in efi_mem_carve_out(). Fixes: 5d00995c361c ("efi_loader: Implement memory allocation and map") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Handle out of memory situation in efi_mem_carve_out().

Fixes: 5d00995c361c ("efi_loader: Implement memory allocation and map")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: overflow in efi_allocate_pages 2023-08-03T07:21:02+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2023-07-30T09:31:08+00:00 48d183f2acb0157856254f52d2d856a07463acd4 On 32bit systems (pages << EFI_PAGE_SHIFT) may lead to an overflow which does not occur in 64bit arithmetics. An overflow of (pages << EFI_PAGE_SHIFT) on 64bit systems should be treated as an error. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
On 32bit systems (pages << EFI_PAGE_SHIFT) may lead to an overflow which
does not occur in 64bit arithmetics.

An overflow of (pages << EFI_PAGE_SHIFT) on 64bit systems should be treated
as an error.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: error handling in tcg2_hash_pe_image() 2023-08-03T07:21:02+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2023-07-31T12:11:34+00:00 d12c3efe53107e4ce4f22e146594437e1ae89cfc If the hard coded array hash_algo_list[] contains an entry for an unsupported algorithm, we should not leak resources new_efi and regs. We should still extend the log with the digests for the supported algorithms and not write any message. The same holds true of tcg2_create_digest(): just continue in case hash_algo_list[] contains an unsupported entry. Fixes: 163a0d7e2cbd ("efi_loader: add PE/COFF image measurement") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
If the hard coded array hash_algo_list[] contains an entry for an
unsupported algorithm, we should not leak resources new_efi and regs.

We should still extend the log with the digests for the supported
algorithms and not write any message.

The same holds true of tcg2_create_digest(): just continue in case
hash_algo_list[] contains an unsupported entry.

Fixes: 163a0d7e2cbd ("efi_loader: add PE/COFF image measurement")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: out of memory in efi_add_memory_map_pg 2023-08-03T07:21:02+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2023-07-30T10:36:17+00:00 ba27563093f4398ebf38e1e505fe50a00a5e17e7 Handle out of memory situation in efi_add_memory_map_pg(). Fixes: 5d00995c361c ("efi_loader: Implement memory allocation and map") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Handle out of memory situation in efi_add_memory_map_pg().

Fixes: 5d00995c361c ("efi_loader: Implement memory allocation and map")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: fix an IS_ERR() vs NULL check 2023-08-03T07:21:02+00:00 Dan Carpenter dan.carpenter@linaro.org 2023-07-27T07:16:20+00:00 dae236924ca070fc5ab2aa035f13972191330b4f The efi_parse_pkcs7_header() function returns NULL on error so the check for IS_ERR() should be changed to a NULL check. Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
The efi_parse_pkcs7_header() function returns NULL on error so the check
for IS_ERR() should be changed to a NULL check.

Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: capsule: enforce guid check in api and capsule_on_disk 2023-08-03T07:21:02+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2023-07-27T00:38:00+00:00 1b7e469a66521d90b6f51fe0a27abada664471ba While UPDATE_CAPSULE api is not fully implemented, this interface and capsule-on-disk feature should behave in the same way, especially in handling an empty capsule for fwu multibank, for future enhancement. So move the guid check into efi_capsule_update_firmware(). Fixed: commit a6aafce494ab ("efi_loader: use efi_update_capsule_firmware() for capsule on disk") Reported-by: Michal Simek <michal.simek@amd.com> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reported-by: Michal Simek <michal.simek@amd.com> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Tested-by: Michal Simek <michal.simek@amd.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
While UPDATE_CAPSULE api is not fully implemented, this interface and
capsule-on-disk feature should behave in the same way, especially in
handling an empty capsule for fwu multibank, for future enhancement.

So move the guid check into efi_capsule_update_firmware().

Fixed: commit a6aafce494ab ("efi_loader: use efi_update_capsule_firmware() for capsule on disk")
Reported-by: Michal Simek <michal.simek@amd.com>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reported-by: Michal Simek <michal.simek@amd.com>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>