From 3045f4aa1a2b5f524e52297bb9a4fa6a2d4ac9ab Mon Sep 17 00:00:00 2001 From: David Bright Date: Mon, 24 May 2021 12:12:15 -0500 Subject: [PATCH] libsa: Fix infinite loop in bzipfs & gzipfs A bug in the loader's bzipfs & gzipfs filesystems caused compressed kernel and modules not to work on EFI systems with a veriexec-enabled loader. Since the size of files in these filesystems are not known _a priori_ `stat` would initialize the size to -1 and the loader would then hang in an infinite loop while trying to seek (read) to the end of file since the loop termination condition compares the current offset to that negative target position. Sponsored by: Dell EMC Isilon (cherry picked from commit 3df4c387d2e3ca4c2391fb837540b048f60a11c2) --- stand/libsa/bzipfs.c | 3 +++ stand/libsa/gzipfs.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/stand/libsa/bzipfs.c b/stand/libsa/bzipfs.c index 47380ae72e5..bb67bda2aa1 100644 --- a/stand/libsa/bzipfs.c +++ b/stand/libsa/bzipfs.c @@ -340,6 +340,9 @@ bzf_seek(struct open_file *f, off_t offset, int where) target - bzf->bzf_bzstream.total_out_lo32), NULL); if (errno) return(-1); + /* Break out of loop if end of file has been reached. */ + if (bzf->bzf_endseen) + break; } /* This is where we are (be honest if we overshot) */ return(bzf->bzf_bzstream.total_out_lo32); diff --git a/stand/libsa/gzipfs.c b/stand/libsa/gzipfs.c index 39e2f98eb1e..8154b0f95a9 100644 --- a/stand/libsa/gzipfs.c +++ b/stand/libsa/gzipfs.c @@ -315,6 +315,9 @@ zf_seek(struct open_file *f, off_t offset, int where) target - zf->zf_zstream.total_out), NULL); if (errno) return(-1); + /* Break out of loop if end of file has been reached. */ + if (zf->zf_endseen) + break; } /* This is where we are (be honest if we overshot) */ return(zf->zf_zstream.total_out);