** Tags added: kernel-daily-bug
--
You received this bug notification because you are subscribed to linux
in Ubuntu.
Matching subscriptions: Bgg, Bmail, Nb
https://bugs.launchpad.net/bugs/2141276
Title:
efi: Fix swapped arguments to bsearch() in efi_status_to_*() SAUCE
patch
Status in linux package in Ubuntu:
New
Status in linux source package in Jammy:
New
Status in linux source package in Noble:
New
Bug description:
[Impact]
The swapped bsearch() arguments cause the function to calculate incorrect
element offsets when searching the efi_error_codes array:
- Buggy behavior: bsearch thinks there are 24 elements of 12 bytes each
- Correct behavior: 12 elements of 24 bytes each (on 64-bit systems)
This causes efi_status_to_err() and efi_status_to_str() to read at wrong
memory offsets (every 12 bytes instead of every 24 bytes), potentially:
- Returning incorrect errno values for EFI status codes
- Returning wrong error description strings
- Failing to find valid status codes and returning default error values
These functions are used to translate EFI firmware error codes to Linux
errno values and human-readable strings, affecting error reporting for
EFI-related operations including secure boot and firmware variable access.
[Test Plan]
1. Build kernel with the fix applied
2. Boot system with UEFI firmware
3. Trigger EFI error conditions that exercise efi_status_to_err() and
efi_status_to_str(), such as:
- Secure boot signature verification failures
- EFI variable access errors
- MOK (Machine Owner Key) operations
4. Verify dmesg shows correct EFI error messages
5. Compare error messages before and after the fix to confirm correct
status code translation
Alternatively, a unit test can verify the bsearch returns correct results:
- Call efi_status_to_err() with known EFI status codes (e.g., EFI_SUCCESS,
EFI_INVALID_PARAMETER, EFI_SECURITY_VIOLATION)
- Verify correct errno values are returned (-EINVAL, -EACCES, etc.)
[Where problems could occur]
The fix swaps two adjacent function arguments. Potential issues:
1. The fix changes the search behavior, which could theoretically expose
latent bugs in code that was accidentally working due to the incorrect
search. For example, if code was relying on the -EINVAL fallback when
bsearch failed to find a match, it might now receive a different (correct)
errno value.
2. Since this affects EFI error reporting, any issues would manifest as
incorrect error messages in dmesg or wrong return values from EFI
operations. This could affect debugging but should not cause system
instability.
[Other Info]
- Root cause: The bug was introduced in the SAUCE patch cherry-picked from
kernel-ark commit 2ae9082db0b5:
https://gitlab.com/cki-project/kernel-ark/-/commit/2ae9082db0b5
- Upstream fix: https://gitlab.com/cki-project/kernel-ark/-/commit/49bcc48074ba
- bsearch(3) man page: https://man7.org/linux/man-pages/man3/bsearch.3.html
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2141276/+subscriptions
Комментариев нет:
Отправить комментарий