Further improve load_certs() for non-compliant drivers/firmwares

Following the discovery of more problematic firmwares and drivers affected by the issue f23883c is designed to address (e.g. #558), this patch further improves the code so that, instead of simply bailing out, we progressively increase the buffer sizes, until either success or a maximum size limit is reached. In most cases, this workaround should be enough to ensure completion of the directory read and thus provide full shim functionality (while still warning the user about the non-compliance of their environment). Signed-off-by: Pete Batard <[email protected]>
rhboot · May 2, 2023 · cf59f34 · cf59f34
1 parent cca3933
commit cf59f34
Showing 1 changed file with 19 additions and 10 deletions.
diff --git a/shim.c b/shim.c
@@ -1472,18 +1472,27 @@ load_certs(EFI_HANDLE image_handle)
 		UINTN old = buffersize;
 		efi_status = dir->Read(dir, &buffersize, buffer);
 		if (efi_status == EFI_BUFFER_TOO_SMALL) {
-			if (buffersize != old) {
-				buffer = ReallocatePool(buffer, old, buffersize);
-				if (buffer == NULL) {
-					perror(L"Failed to read directory %s - %r\n",
-					       PathName, EFI_OUT_OF_RESOURCES);
+			if (buffersize == old) {
+				/*
+				 * Some UEFI drivers or firmwares are not compliant with
+				 * the EFI_FILE_PROTOCOL.Read() specs and do not return the
+				 * required buffer size along with EFI_BUFFER_TOO_SMALL.
+				 * Work around this by progressively increasing the buffer
+				 * size, up to a certain point, until the call succeeds.
+				 */
+				perror(L"Error reading directory %s - non-compliant UEFI driver or firmware!\n",
+				       PathName);
+				buffersize = (buffersize < 4) ? 4 : buffersize * 2;
+				if (buffersize > 1024)
 					goto done;
-				}
-				continue;
 			}
-			perror(L"Failed to read directory %s - buggy firmware\n",
-			       PathName);
-			goto done;
+			buffer = ReallocatePool(buffer, old, buffersize);
+			if (buffer == NULL) {
+				perror(L"Failed to read directory %s - %r\n",
+				       PathName, EFI_OUT_OF_RESOURCES);
+				goto done;
+			}
+			continue;
 		} else if (EFI_ERROR(efi_status)) {
 			perror(L"Failed to read directory %s - %r\n", PathName,
 			       efi_status);