efi_loader: copy GUID in InstallProtocolInterface()
authorHeinrich Schuchardt <heinrich.schuchardt@canonical.com>
Wed, 9 Mar 2022 18:56:23 +0000 (19:56 +0100)
committerHeinrich Schuchardt <heinrich.schuchardt@canonical.com>
Sat, 12 Mar 2022 11:27:07 +0000 (12:27 +0100)
InstallProtocolInterface() is called with a pointer to the protocol GUID.
There is not guarantee that the memory used by the caller for the protocol
GUID stays allocated. To play it safe the GUID should be copied to U-Boot's
internal structures.

Reported-by: Joerie de Gram <j.de.gram@gmail.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
include/efi_loader.h
lib/efi_loader/efi_boottime.c
lib/efi_loader/efi_image_loader.c

index e390d323a988f52aaaaf6db9806d9ff7ff73d086..110d8ae79ccafa722cec21db3893e8979bac9b9d 100644 (file)
@@ -342,7 +342,7 @@ struct efi_open_protocol_info_item {
  */
 struct efi_handler {
        struct list_head link;
-       const efi_guid_t *guid;
+       const efi_guid_t guid;
        void *protocol_interface;
        struct list_head open_infos;
 };
index 82128ac1d5cc26371aa909855fe680cd80806b3c..d0f3e05e7083fd212fb9b959dea2d820ccb65214 100644 (file)
@@ -552,7 +552,7 @@ efi_status_t efi_search_protocol(const efi_handle_t handle,
                struct efi_handler *protocol;
 
                protocol = list_entry(lhandle, struct efi_handler, link);
-               if (!guidcmp(protocol->guid, protocol_guid)) {
+               if (!guidcmp(&protocol->guid, protocol_guid)) {
                        if (handler)
                                *handler = protocol;
                        return EFI_SUCCESS;
@@ -604,7 +604,7 @@ efi_status_t efi_remove_all_protocols(const efi_handle_t handle)
        list_for_each_entry_safe(protocol, pos, &efiobj->protocols, link) {
                efi_status_t ret;
 
-               ret = efi_remove_protocol(handle, protocol->guid,
+               ret = efi_remove_protocol(handle, &protocol->guid,
                                          protocol->protocol_interface);
                if (ret != EFI_SUCCESS)
                        return ret;
@@ -1131,7 +1131,7 @@ efi_status_t efi_add_protocol(const efi_handle_t handle,
        handler = calloc(1, sizeof(struct efi_handler));
        if (!handler)
                return EFI_OUT_OF_RESOURCES;
-       handler->guid = protocol;
+       memcpy((void *)&handler->guid, protocol, sizeof(efi_guid_t));
        handler->protocol_interface = protocol_interface;
        INIT_LIST_HEAD(&handler->open_infos);
        list_add_tail(&handler->link, &efiobj->protocols);
@@ -1227,7 +1227,7 @@ static efi_status_t efi_get_drivers(efi_handle_t handle,
 
        /* Count all driver associations */
        list_for_each_entry(handler, &handle->protocols, link) {
-               if (protocol && guidcmp(handler->guid, protocol))
+               if (protocol && guidcmp(&handler->guid, protocol))
                        continue;
                list_for_each_entry(item, &handler->open_infos, link) {
                        if (item->info.attributes &
@@ -1249,7 +1249,7 @@ static efi_status_t efi_get_drivers(efi_handle_t handle,
                return EFI_OUT_OF_RESOURCES;
        /* Collect unique driver handles */
        list_for_each_entry(handler, &handle->protocols, link) {
-               if (protocol && guidcmp(handler->guid, protocol))
+               if (protocol && guidcmp(&handler->guid, protocol))
                        continue;
                list_for_each_entry(item, &handler->open_infos, link) {
                        if (item->info.attributes &
@@ -2446,7 +2446,7 @@ static efi_status_t EFIAPI efi_protocols_per_handle(
 
                        protocol = list_entry(protocol_handle,
                                              struct efi_handler, link);
-                       (*protocol_buffer)[j] = (void *)protocol->guid;
+                       (*protocol_buffer)[j] = (void *)&protocol->guid;
                        ++j;
                }
        }
@@ -3094,7 +3094,7 @@ close_next:
                                    (efi_handle_t)image_obj)
                                        continue;
                                r = EFI_CALL(efi_close_protocol
-                                               (efiobj, protocol->guid,
+                                               (efiobj, &protocol->guid,
                                                 info->info.agent_handle,
                                                 info->info.controller_handle
                                                ));
index 5df35939f702c13cd25af572e0b46f916af9d5ef..9611398885045af56dabdb5a477063f06a7bbadf 100644 (file)
@@ -91,7 +91,7 @@ void efi_print_image_infos(void *pc)
 
        list_for_each_entry(efiobj, &efi_obj_list, link) {
                list_for_each_entry(handler, &efiobj->protocols, link) {
-                       if (!guidcmp(handler->guid, &efi_guid_loaded_image)) {
+                       if (!guidcmp(&handler->guid, &efi_guid_loaded_image)) {
                                efi_print_image_info(
                                        (struct efi_loaded_image_obj *)efiobj,
                                        handler->protocol_interface, pc);