hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAEAGS
In UEFI Specification Version 2.8, describes that the PCIR data structure must start on a 4-byte boundary. Add checks to prevent vulnerabilities.
Signed-off-by: liwei liwei728@huawei.com --- drivers/pci/rom.c | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/drivers/pci/rom.c b/drivers/pci/rom.c index 8fc9a4e911e3..e6135d9875de 100644 --- a/drivers/pci/rom.c +++ b/drivers/pci/rom.c @@ -98,6 +98,12 @@ static size_t pci_get_rom_size(struct pci_dev *pdev, void __iomem *rom, } /* get the PCI data structure and check its "PCIR" signature */ pds = image + readw(image + 24); + /* The PCIR data structure must begin on a 4-byte boundary */ + if (pds && 0x3) { + pci_info(pdev, "Invalid PCI ROM header signature: \ + Pointer to Configuration Utility Code Header %#06x\n", readw(image + 24)); + break; + } if (readl(pds) != 0x52494350) { pci_info(pdev, "Invalid PCI ROM data signature: expecting 0x52494350, got %#010x\n", readl(pds));