[PATCH OLK-6.6] PCI/ROM: Fix PCI ROM header check bug - Kernel

20 Jul 2024

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/IAEAGS
--------------------------------
In UEFI Specification Version 2.8, describes that the PCIR data structure
 must start on a 4-byte boundary. Add checks to prevent vulnerabilities.
Fixes: d7ad2254fa7c ("[IA64] SN: Correct ROM resource length for BIOS copy")
Signed-off-by: liwei liwei728@huawei.com
---
 drivers/pci/rom.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/pci/rom.c b/drivers/pci/rom.c
index e18d3a4383ba..0fa6b3da63cc 100644
--- a/drivers/pci/rom.c
+++ b/drivers/pci/rom.c
@@ -98,6 +98,12 @@ static size_t pci_get_rom_size(struct pci_dev *pdev, void __iomem *rom,
    	}
    	/* get the PCI data structure and check its "PCIR" signature */
    	pds = image + readw(image + 24);
+		/* The PCIR data structure must begin on a 4-byte boundary */
+		if (!IS_ALIGNED((unsigned long)pds, 4)) {
+			pci_info(pdev, "Invalid PCI ROM header signature: PCIR %#06x\n",
+				 readw(image + 24));
+			break;
+		}
    	if (readl(pds) != 0x52494350) {
    		pci_info(pdev, "Invalid PCI ROM data signature: expecting 0x52494350, got %#010x\n",
    			 readl(pds));
-- 
2.25.1


    