|
|
b1bcb2 |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
c4e390 |
From: Alexey Makhalov <amakhalov@vmware.com>
|
|
|
c4e390 |
Date: Fri, 17 Jul 2020 05:17:26 +0000
|
|
|
b1bcb2 |
Subject: [PATCH] relocator: Fix grub_relocator_alloc_chunk_align() top memory
|
|
|
b1bcb2 |
allocation
|
|
|
c4e390 |
|
|
|
c4e390 |
Current implementation of grub_relocator_alloc_chunk_align()
|
|
|
c4e390 |
does not allow allocation of the top byte.
|
|
|
c4e390 |
|
|
|
c4e390 |
Assuming input args are:
|
|
|
c4e390 |
max_addr = 0xfffff000;
|
|
|
c4e390 |
size = 0x1000;
|
|
|
c4e390 |
|
|
|
c4e390 |
And this is valid. But following overflow protection will
|
|
|
c4e390 |
unnecessarily move max_addr one byte down (to 0xffffefff):
|
|
|
c4e390 |
if (max_addr > ~size)
|
|
|
c4e390 |
max_addr = ~size;
|
|
|
c4e390 |
|
|
|
c4e390 |
~size + 1 will fix the situation. In addition, check size
|
|
|
c4e390 |
for non zero to do not zero max_addr.
|
|
|
c4e390 |
|
|
|
c4e390 |
Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
|
|
|
c4e390 |
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
|
c4e390 |
Upstream-commit-id: ab80a97eb1f
|
|
|
c4e390 |
---
|
|
|
c4e390 |
grub-core/lib/relocator.c | 4 ++--
|
|
|
c4e390 |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
c4e390 |
|
|
|
c4e390 |
diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c
|
|
|
c4e390 |
index 7ea72069a45..833ace70eb3 100644
|
|
|
c4e390 |
--- a/grub-core/lib/relocator.c
|
|
|
c4e390 |
+++ b/grub-core/lib/relocator.c
|
|
|
c4e390 |
@@ -1376,8 +1376,8 @@ grub_relocator_alloc_chunk_align (struct grub_relocator *rel,
|
|
|
c4e390 |
};
|
|
|
c4e390 |
grub_addr_t min_addr2 = 0, max_addr2;
|
|
|
c4e390 |
|
|
|
c4e390 |
- if (max_addr > ~size)
|
|
|
c4e390 |
- max_addr = ~size;
|
|
|
c4e390 |
+ if (size && (max_addr > ~size))
|
|
|
c4e390 |
+ max_addr = ~size + 1;
|
|
|
c4e390 |
|
|
|
c4e390 |
#ifdef GRUB_MACHINE_PCBIOS
|
|
|
c4e390 |
if (min_addr < 0x1000)
|