nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone
f725e3
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
f725e3
From: Andrei Borzenkov <arvidjaar@gmail.com>
f725e3
Date: Wed, 16 May 2018 13:06:04 -0400
f725e3
Subject: [PATCH] efi/uga: use 64 bit for fb_base
f725e3
f725e3
We get 64 bit from PCI BAR but then truncate by assigning to 32 bit.
f725e3
Make sure to check that pointer does not overflow on 32 bit platform.
f725e3
f725e3
Closes: 50931
f725e3
---
f725e3
 grub-core/video/efi_uga.c | 31 ++++++++++++++++---------------
f725e3
 1 file changed, 16 insertions(+), 15 deletions(-)
f725e3
f725e3
diff --git a/grub-core/video/efi_uga.c b/grub-core/video/efi_uga.c
f725e3
index 464ede874da..1d4091c5631 100644
f725e3
--- a/grub-core/video/efi_uga.c
f725e3
+++ b/grub-core/video/efi_uga.c
f725e3
@@ -34,7 +34,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
f725e3
 
f725e3
 static grub_efi_guid_t uga_draw_guid = GRUB_EFI_UGA_DRAW_GUID;
f725e3
 static struct grub_efi_uga_draw_protocol *uga;
f725e3
-static grub_uint32_t uga_fb;
f725e3
+static grub_uint64_t uga_fb;
f725e3
 static grub_uint32_t uga_pitch;
f725e3
 
f725e3
 static struct
f725e3
@@ -52,7 +52,7 @@ static struct
f725e3
 #define FBTEST_COUNT	8
f725e3
 
f725e3
 static int
f725e3
-find_line_len (grub_uint32_t *fb_base, grub_uint32_t *line_len)
f725e3
+find_line_len (grub_uint64_t *fb_base, grub_uint32_t *line_len)
f725e3
 {
f725e3
   grub_uint32_t *base = (grub_uint32_t *) (grub_addr_t) *fb_base;
f725e3
   int i;
f725e3
@@ -67,7 +67,7 @@ find_line_len (grub_uint32_t *fb_base, grub_uint32_t *line_len)
f725e3
 	    {
f725e3
 	      if ((base[j] & RGB_MASK) == RGB_MAGIC)
f725e3
 		{
f725e3
-		  *fb_base = (grub_uint32_t) (grub_addr_t) base;
f725e3
+		  *fb_base = (grub_uint64_t) (grub_addr_t) base;
f725e3
 		  *line_len = j << 2;
f725e3
 
f725e3
 		  return 1;
f725e3
@@ -84,7 +84,7 @@ find_line_len (grub_uint32_t *fb_base, grub_uint32_t *line_len)
f725e3
 /* Context for find_framebuf.  */
f725e3
 struct find_framebuf_ctx
f725e3
 {
f725e3
-  grub_uint32_t *fb_base;
f725e3
+  grub_uint64_t *fb_base;
f725e3
   grub_uint32_t *line_len;
f725e3
   int found;
f725e3
 };
f725e3
@@ -120,7 +120,9 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
f725e3
 	      if (i == 5)
f725e3
 		break;
f725e3
 
f725e3
-	      old_bar2 = grub_pci_read (addr + 4);
f725e3
+	      i++;
f725e3
+	      addr += 4;
f725e3
+	      old_bar2 = grub_pci_read (addr);
f725e3
 	    }
f725e3
 	  else
f725e3
 	    old_bar2 = 0;
f725e3
@@ -129,10 +131,15 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
f725e3
 	  base64 <<= 32;
f725e3
 	  base64 |= (old_bar1 & GRUB_PCI_ADDR_MEM_MASK);
f725e3
 
f725e3
-	  grub_dprintf ("fb", "%s(%d): 0x%llx\n",
f725e3
+	  grub_dprintf ("fb", "%s(%d): 0x%" PRIxGRUB_UINT64_T "\n",
f725e3
 			((old_bar1 & GRUB_PCI_ADDR_MEM_PREFETCH) ?
f725e3
-			"VMEM" : "MMIO"), i,
f725e3
-		       (unsigned long long) base64);
f725e3
+			"VMEM" : "MMIO"), type == GRUB_PCI_ADDR_MEM_TYPE_64 ? i - 1 : i,
f725e3
+			base64);
f725e3
+
f725e3
+#if GRUB_CPU_SIZEOF_VOID_P == 4
f725e3
+	  if (old_bar2)
f725e3
+	    continue;
f725e3
+#endif
f725e3
 
f725e3
 	  if ((old_bar1 & GRUB_PCI_ADDR_MEM_PREFETCH) && (! ctx->found))
f725e3
 	    {
f725e3
@@ -140,12 +147,6 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
f725e3
 	      if (find_line_len (ctx->fb_base, ctx->line_len))
f725e3
 		ctx->found++;
f725e3
 	    }
f725e3
-
f725e3
-	  if (type == GRUB_PCI_ADDR_MEM_TYPE_64)
f725e3
-	    {
f725e3
-	      i++;
f725e3
-	      addr += 4;
f725e3
-	    }
f725e3
 	}
f725e3
     }
f725e3
 
f725e3
@@ -153,7 +154,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
f725e3
 }
f725e3
 
f725e3
 static int
f725e3
-find_framebuf (grub_uint32_t *fb_base, grub_uint32_t *line_len)
f725e3
+find_framebuf (grub_uint64_t *fb_base, grub_uint32_t *line_len)
f725e3
 {
f725e3
   struct find_framebuf_ctx ctx = {
f725e3
     .fb_base = fb_base,