mirror of
https://src.fedoraproject.org/rpms/grub2.git
synced 2024-12-01 08:49:52 +00:00
61745502ab
Resolves: CVE-2020-14372 Resolves: CVE-2020-25632 Resolves: CVE-2020-25647 Resolves: CVE-2020-27749 Resolves: CVE-2020-27779 Resolves: CVE-2021-20225 Resolves: CVE-2021-20233 Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
40 lines
1.6 KiB
Diff
40 lines
1.6 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Javier Martinez Canillas <javierm@redhat.com>
|
|
Date: Tue, 26 May 2020 16:59:28 +0200
|
|
Subject: [PATCH] x86-efi: Reduce maximum bounce buffer size to 16 MiB
|
|
|
|
The EFI linux loader allocates a bounce buffer to copy the initrd since in
|
|
some machines doing DMA on addresses above 4GB is not possible during EFI.
|
|
|
|
But the verifiers framework also allocates a buffer to copy the initrd in
|
|
its grub_file_open() handler. It does this since the data to verify has to
|
|
be passed as a single chunk to modules that use the verifiers framework.
|
|
|
|
If the initrd image size is big there may not be enough memory in the heap
|
|
to allocate two buffers of that size. This causes an allocation failure in
|
|
the verifiers framework and leads to the initrd not being read.
|
|
|
|
To prevent these allocation failures, let's reduce the maximum size of the
|
|
bounce buffer used in the EFI loader. Since the data read can be copied to
|
|
the actual initrd address in multilple chunks.
|
|
|
|
Resolves: rhbz#1838633
|
|
|
|
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
|
|
---
|
|
grub-core/loader/i386/efi/linux.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
|
|
index 6bc18d5aef5..15d40d6e35b 100644
|
|
--- a/grub-core/loader/i386/efi/linux.c
|
|
+++ b/grub-core/loader/i386/efi/linux.c
|
|
@@ -144,7 +144,7 @@ grub_linuxefi_unload (void)
|
|
return GRUB_ERR_NONE;
|
|
}
|
|
|
|
-#define BOUNCE_BUFFER_MAX 0x10000000ull
|
|
+#define BOUNCE_BUFFER_MAX 0x1000000ull
|
|
|
|
static grub_ssize_t
|
|
read(grub_file_t file, grub_uint8_t *bufp, grub_size_t len)
|