linux/drivers
Ricardo Neri 9115c7589b efi: Check for NULL efi kernel parameters
Even though it is documented how to specifiy efi parameters, it is
possible to cause a kernel panic due to a dereference of a NULL pointer when
parsing such parameters if "efi" alone is given:

PANIC: early exception 0e rip 10:ffffffff812fb361 error 0 cr2 0
[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.2.0-rc1+ #450
[ 0.000000]  ffffffff81fe20a9 ffffffff81e03d50 ffffffff8184bb0f 00000000000003f8
[ 0.000000]  0000000000000000 ffffffff81e03e08 ffffffff81f371a1 64656c62616e6520
[ 0.000000]  0000000000000069 000000000000005f 0000000000000000 0000000000000000
[ 0.000000] Call Trace:
[ 0.000000]  [<ffffffff8184bb0f>] dump_stack+0x45/0x57
[ 0.000000]  [<ffffffff81f371a1>] early_idt_handler_common+0x81/0xae
[ 0.000000]  [<ffffffff812fb361>] ? parse_option_str+0x11/0x90
[ 0.000000]  [<ffffffff81f4dd69>] arch_parse_efi_cmdline+0x15/0x42
[ 0.000000]  [<ffffffff81f376e1>] do_early_param+0x50/0x8a
[ 0.000000]  [<ffffffff8106b1b3>] parse_args+0x1e3/0x400
[ 0.000000]  [<ffffffff81f37a43>] parse_early_options+0x24/0x28
[ 0.000000]  [<ffffffff81f37691>] ? loglevel+0x31/0x31
[ 0.000000]  [<ffffffff81f37a78>] parse_early_param+0x31/0x3d
[ 0.000000]  [<ffffffff81f3ae98>] setup_arch+0x2de/0xc08
[ 0.000000]  [<ffffffff8109629a>] ? vprintk_default+0x1a/0x20
[ 0.000000]  [<ffffffff81f37b20>] start_kernel+0x90/0x423
[ 0.000000]  [<ffffffff81f37495>] x86_64_start_reservations+0x2a/0x2c
[ 0.000000]  [<ffffffff81f37582>] x86_64_start_kernel+0xeb/0xef
[ 0.000000] RIP 0xffffffff81ba2efc

This panic is not reproducible with "efi=" as this will result in a non-NULL
zero-length string.

Thus, verify that the pointer to the parameter string is not NULL. This is
consistent with other parameter-parsing functions which check for NULL pointers.

Signed-off-by: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
2015-07-30 18:07:11 +01:00
..
accessibility
acpi Merge branches 'pm-cpuidle', 'pm-cpufreq' and 'acpi-resources' 2015-07-16 23:47:19 +02:00
amba
android
ata Merge branch 'for-4.2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata 2015-07-24 16:54:59 -07:00
atm
auxdisplay
base Fix firmware loader uevent buffer NULL pointer dereference 2015-07-09 11:20:01 -07:00
bcma
block null_blk: fix use-after-free problem 2015-07-22 13:30:20 -06:00
bluetooth Bluetooth: btbcm: allow btbcm_read_verbose_config to fail on Apple 2015-07-14 22:54:55 +02:00
bus ARM: SoC: driver updates for v4.2 2015-06-26 11:54:29 -07:00
cdrom
char Merge tag 'tpm-fixes-for-4.2-rc2' of https://github.com/PeterHuewe/linux-tpmdd into for-linus 2015-07-15 21:46:59 +10:00
clk Update Viresh Kumar's email address 2015-07-17 16:39:53 -07:00
clocksource clocksource/imx: Define clocksource for mx27 2015-07-07 10:44:45 +02:00
connector
cpufreq Merge branches 'pm-cpuidle', 'pm-cpufreq' and 'acpi-resources' 2015-07-16 23:47:19 +02:00
cpuidle suspend-to-idle: Prevent RCU from complaining about tick_freeze() 2015-07-09 22:59:49 +02:00
crypto crypto: nx - Fix reentrancy bugs 2015-07-08 15:14:13 +08:00
dca
devfreq
dio
dma Update Viresh Kumar's email address 2015-07-17 16:39:53 -07:00
dma-buf
edac A build fix for octeon_edac from Aaro Koskinen. 2015-07-03 12:10:12 -07:00
eisa
extcon extcon: Redefine the unique id of supported external connectors without 'enum extcon' type 2015-06-12 17:01:42 -07:00
firewire
firmware efi: Check for NULL efi kernel parameters 2015-07-30 18:07:11 +01:00
fmc
gpio Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-07-18 10:27:12 -07:00
gpu Merge tag 'drm-atmel-hlcdc/fixes-for-4.2' of https://github.com/bbrezillon/linux-at91 into drm-fixes 2015-07-24 14:27:44 +10:00
hid HID: cp2112: fix to force single data-report reply 2015-07-08 12:40:23 +02:00
hsi Fix up implicit <module.h> users that will break later. 2015-07-02 10:25:22 -07:00
hv Drivers: hv: vmbus: Allocate ring buffer memory in NUMA aware fashion 2015-06-12 16:58:33 -07:00
hwmon hwmon: (w83627ehf) Use swap() in w82627ehf_swap_tempreg() 2015-07-03 14:39:06 +02:00
hwspinlock hwspinlock: qcom: Correct msb in regmap_field 2015-07-01 16:15:05 +03:00
hwtracing/coresight
i2c i2c: Mark instantiated device nodes with OF_POPULATE 2015-07-09 22:25:54 +02:00
ide Minor merge needed, due to function move. 2015-07-01 10:49:25 -07:00
idle
iio iio:light:stk3310: make endianness independent of host 2015-07-19 14:54:45 +01:00
infiniband x86/mm/pat, drivers/infiniband/ipath: Replace WARN() with pr_warn() 2015-07-21 09:42:54 +02:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2015-07-24 16:33:11 -07:00
iommu iommu/vt-d: Fix VM domain ID leak 2015-07-23 14:17:39 +02:00
ipack
irqchip Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-07-18 10:27:12 -07:00
isdn isdn/gigaset: drop unused ldisc methods 2015-07-15 17:24:45 -07:00
leds Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds 2015-07-01 19:09:11 -07:00
lguest Merge branch 'x86-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-06-22 17:59:09 -07:00
macintosh macintosh/nvram: Remove as unused 2015-06-15 16:42:37 +10:00
mailbox Replace module_init with appropriate alternate initcall in non modules. 2015-07-02 10:36:29 -07:00
mcb
md Some md fixes for 4.2 2015-07-25 11:24:58 -07:00
media x86/mm/pat, drivers/media/ivtv: Move the PAT warning and replace WARN() with pr_warn() 2015-07-21 09:42:54 +02:00
memory Merge branch 'fixes-rc1' into omap-for-v4.2/fixes 2015-07-06 05:33:17 -07:00
memstick memstick: remove deprecated use of pci api 2015-06-30 19:44:57 -07:00
message fusion: remove dead MTRR code 2015-06-13 08:44:14 -07:00
mfd Update Viresh Kumar's email address 2015-07-17 16:39:53 -07:00
misc mei: prevent unloading mei hw modules while the device is opened. 2015-07-22 21:31:05 -07:00
mmc mmc: sdhci-pxav3: fix platform_data is not initialized 2015-07-24 10:18:39 +02:00
mtd Minor merge needed, due to function move. 2015-07-01 10:49:25 -07:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-07-22 14:45:25 -07:00
nfc Char/Misc driver patches for 4.2-rc1 2015-06-26 14:51:15 -07:00
ntb NTB: Add split BAR output for debugfs stats 2015-07-04 14:09:32 -04:00
nubus
nvdimm libnvdimm: fix namespace seed creation 2015-07-25 09:57:56 -07:00
of Devicetree changes for v4.2 2015-07-01 19:40:18 -07:00
oprofile
parisc
parport parport: Revert "parport: fix memory leak" 2015-07-25 12:48:05 -07:00
pci Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-07-01 15:19:35 -07:00
pcmcia Fix up implicit <module.h> users that will break later. 2015-07-02 10:25:22 -07:00
phy phy: berlin-usb: fix divider for BG2 2015-07-15 20:02:09 +05:30
pinctrl Pin control fixes for the v4.2 series: 2015-07-21 15:27:27 -07:00
platform intel_scu_ipc: move local memory initialization out of a mutex 2015-07-14 11:02:44 -07:00
pnp ACPI / PNP: Reserve ACPI resources at the fs_initcall_sync stage 2015-07-06 23:52:21 +02:00
power Replace module_platform_driver with builtin_platform driver in non modules. 2015-07-02 10:42:13 -07:00
powercap
pps
ps3
ptp
pwm pwm: Changes for v4.2-rc1 2015-06-23 13:32:38 -07:00
rapidio Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2015-06-23 14:08:54 -07:00
ras
regulator Merge remote-tracking branches 'regulator/fix/88pm800', 'regulator/fix/max8973', 'regulator/fix/s2mps11' and 'regulator/fix/supply' into regulator-linus 2015-07-24 16:19:25 +01:00
remoteproc remoteproc: fix !CONFIG_OF build breakage 2015-06-18 11:44:41 +03:00
reset
rpmsg
rtc rtc: armada38x: Remove unused variable from armada38x_rtc_set_time() 2015-07-18 00:42:31 +02:00
s390 virtio/vhost: fixes for 4.2 2015-07-23 13:07:04 -07:00
sbus
scsi virtio/vhost: fixes for 4.2 2015-07-23 13:07:04 -07:00
sfi
sh Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-07-01 15:19:35 -07:00
sn
soc ARM: SoC: late fixes and dependencies 2015-07-02 14:40:49 -07:00
spi Merge remote-tracking branches 'spi/fix/gqspi', 'spi/fix/imx', 'spi/fix/mg-spfi' and 'spi/fix/spidev' into spi-linus 2015-07-24 16:19:50 +01:00
spmi
ssb
staging staging: vt6656: check ieee80211_bss_conf bssid not NULL 2015-07-19 11:48:19 +01:00
target Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-07-04 14:13:43 -07:00
tc
thermal Minor merge needed, due to function move. 2015-07-01 10:49:25 -07:00
thunderbolt
tty tty: vt: Fix !TASK_RUNNING diagnostic warning from paste_selection() 2015-07-23 18:08:29 -07:00
uio uio: pruss: Drop depends on ARCH_DAVINCI_DA850 from config 2015-06-12 17:01:43 -07:00
usb USB: OHCI: fix bad #define in ohci-tmio.c 2015-07-22 14:49:42 -07:00
uwb
vfio VFIO updates for v4.2 2015-06-28 12:32:13 -07:00
vhost virtio/vhost: fixes for 4.2 2015-07-23 13:07:04 -07:00
video stifb: Implement hardware accelerated copyarea 2015-07-10 21:44:19 +02:00
virt
virtio virtio/vhost: cross endian support 2015-07-03 16:02:25 -07:00
vlynq
vme vme: tsi148: depend on HAS_DMA for Kconfig 2015-06-12 17:31:05 -07:00
w1 w1: use correct lock on error in w1_seq_show() 2015-06-12 16:58:33 -07:00
watchdog Update Viresh Kumar's email address 2015-07-17 16:39:53 -07:00
xen Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-07-04 14:13:43 -07:00
zorro
Kconfig libnvdimm, nfit: initial libnvdimm infrastructure and NFIT support 2015-06-24 21:24:10 -04:00
Makefile The libnvdimm sub-system introduces, in addition to the libnvdimm-core, 2015-06-29 10:34:42 -07:00