[PATCH v3 OLK-6.6] PCI/ROM: Fix PCI ROM header check bug - Kernel

19 Jul 2024

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/IAEAGS
--------------------------------
In UEFI Specification Version 2.8, describes that the PCIR data structure
 must start on a 4-byte boundary. Add checks to prevent vulnerabilities.
Signed-off-by: liwei liwei728@huawei.com
---
 drivers/pci/rom.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/pci/rom.c b/drivers/pci/rom.c
index 8fc9a4e911e3..c9b416e62a87 100644
--- a/drivers/pci/rom.c
+++ b/drivers/pci/rom.c
@@ -98,6 +98,12 @@ static size_t pci_get_rom_size(struct pci_dev *pdev, void __iomem *rom,
    	}
    	/* get the PCI data structure and check its "PCIR" signature */
    	pds = image + readw(image + 24);
+		/* The PCIR data structure must begin on a 4-byte boundary */
+		if (pds & 0x3) {
+			pci_info(pdev, "Invalid PCI ROM header signature: \
+				Pointer to Configuration Utility Code Header %#06x\n", readw(image + 24));
+			break;
+		}
    	if (readl(pds) != 0x52494350) {
    		pci_info(pdev, "Invalid PCI ROM data signature: expecting 0x52494350, got %#010x\n",
    			 readl(pds));
-- 
2.25.1


    