hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAEAGS
--------------------------------
In UEFI Specification Version 2.8, describes that the PCIR data structure must start on a 4-byte boundary. Add checks to prevent vulnerabilities.
Fixes: d7ad2254fa7c ("[IA64] SN: Correct ROM resource length for BIOS copy") Signed-off-by: liwei liwei728@huawei.com --- drivers/pci/rom.c | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/drivers/pci/rom.c b/drivers/pci/rom.c index e18d3a4383ba..0fa6b3da63cc 100644 --- a/drivers/pci/rom.c +++ b/drivers/pci/rom.c @@ -98,6 +98,12 @@ static size_t pci_get_rom_size(struct pci_dev *pdev, void __iomem *rom, } /* get the PCI data structure and check its "PCIR" signature */ pds = image + readw(image + 24); + /* The PCIR data structure must begin on a 4-byte boundary */ + if (!IS_ALIGNED((unsigned long)pds, 4)) { + pci_info(pdev, "Invalid PCI ROM header signature: PCIR %#06x\n", + readw(image + 24)); + break; + } if (readl(pds) != 0x52494350) { pci_info(pdev, "Invalid PCI ROM data signature: expecting 0x52494350, got %#010x\n", readl(pds));