From 1ea133acd64eb0099865b0649b1d039ef63787ee Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sun, 29 Aug 2021 11:52:44 +0200 Subject: efi_loader: sections with zero VirtualSize In a section header VirtualSize may be zero. This is for instance seen in the .sbat section of shim. In this case use SizeOfRawData as section size. Fixes: 9d30a941cce5 ("efi_loader: don't load beyond VirtualSize") Signed-off-by: Heinrich Schuchardt Reviewed-by: Asherah Connor --- lib/efi_loader/efi_image_loader.c | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) (limited to 'lib/efi_loader/efi_image_loader.c') diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c index a0eb63fcebe..838e3a7f021 100644 --- a/lib/efi_loader/efi_image_loader.c +++ b/lib/efi_loader/efi_image_loader.c @@ -800,6 +800,23 @@ efi_status_t efi_check_pe(void *buffer, size_t size, void **nt_header) return EFI_SUCCESS; } +/** + * section_size() - determine size of section + * + * The size of a section in memory if normally given by VirtualSize. + * If VirtualSize is not provided, use SizeOfRawData. + * + * @sec: section header + * Return: size of section in memory + */ +static u32 section_size(IMAGE_SECTION_HEADER *sec) +{ + if (sec->Misc.VirtualSize) + return sec->Misc.VirtualSize; + else + return sec->SizeOfRawData; +} + /** * efi_load_pe() - relocate EFI binary * @@ -869,8 +886,9 @@ efi_status_t efi_load_pe(struct efi_loaded_image_obj *handle, /* Calculate upper virtual address boundary */ for (i = num_sections - 1; i >= 0; i--) { IMAGE_SECTION_HEADER *sec = §ions[i]; + virt_size = max_t(unsigned long, virt_size, - sec->VirtualAddress + sec->Misc.VirtualSize); + sec->VirtualAddress + section_size(sec)); } /* Read 32/64bit specific header bits */ @@ -931,11 +949,16 @@ efi_status_t efi_load_pe(struct efi_loaded_image_obj *handle, /* Load sections into RAM */ for (i = num_sections - 1; i >= 0; i--) { IMAGE_SECTION_HEADER *sec = §ions[i]; - memset(efi_reloc + sec->VirtualAddress, 0, - sec->Misc.VirtualSize); + u32 copy_size = section_size(sec); + + if (copy_size > sec->SizeOfRawData) { + copy_size = sec->SizeOfRawData; + memset(efi_reloc + sec->VirtualAddress, 0, + sec->Misc.VirtualSize); + } memcpy(efi_reloc + sec->VirtualAddress, efi + sec->PointerToRawData, - min(sec->Misc.VirtualSize, sec->SizeOfRawData)); + copy_size); } /* Run through relocations */ -- cgit v1.2.3 From f3a343d7339acf1d531e438e15fef3c7975cfdcf Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sun, 29 Aug 2021 11:52:44 +0200 Subject: efi_loader: rounding of image size We should not first allocate memory and then report a rounded up value as image size. Instead first round up according to section allocation and then allocate the memory. Fixes: 82786754b9d2 ("efi_loader: ImageSize must be multiple of SectionAlignment") Signed-off-by: Heinrich Schuchardt --- lib/efi_loader/efi_image_loader.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/efi_loader/efi_image_loader.c') diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c index 838e3a7f021..e9572d4d5db 100644 --- a/lib/efi_loader/efi_image_loader.c +++ b/lib/efi_loader/efi_image_loader.c @@ -898,6 +898,7 @@ efi_status_t efi_load_pe(struct efi_loaded_image_obj *handle, image_base = opt->ImageBase; efi_set_code_and_data_type(loaded_image_info, opt->Subsystem); handle->image_type = opt->Subsystem; + virt_size = ALIGN(virt_size, opt->SectionAlignment); efi_reloc = efi_alloc(virt_size, loaded_image_info->image_code_type); if (!efi_reloc) { @@ -908,12 +909,12 @@ efi_status_t efi_load_pe(struct efi_loaded_image_obj *handle, handle->entry = efi_reloc + opt->AddressOfEntryPoint; rel_size = opt->DataDirectory[rel_idx].Size; rel = efi_reloc + opt->DataDirectory[rel_idx].VirtualAddress; - virt_size = ALIGN(virt_size, opt->SectionAlignment); } else if (nt->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) { IMAGE_OPTIONAL_HEADER32 *opt = &nt->OptionalHeader; image_base = opt->ImageBase; efi_set_code_and_data_type(loaded_image_info, opt->Subsystem); handle->image_type = opt->Subsystem; + virt_size = ALIGN(virt_size, opt->SectionAlignment); efi_reloc = efi_alloc(virt_size, loaded_image_info->image_code_type); if (!efi_reloc) { @@ -924,7 +925,6 @@ efi_status_t efi_load_pe(struct efi_loaded_image_obj *handle, handle->entry = efi_reloc + opt->AddressOfEntryPoint; rel_size = opt->DataDirectory[rel_idx].Size; rel = efi_reloc + opt->DataDirectory[rel_idx].VirtualAddress; - virt_size = ALIGN(virt_size, opt->SectionAlignment); } else { log_err("Invalid optional header magic %x\n", nt->OptionalHeader.Magic); -- cgit v1.2.3