Re: [PATCH v4 0/2] Add EFI capsule pstore backend support

[Ard Biesheuvel]

On 23 June 2017 at 20:42, Kees Cook  wrote:
> On Thu, Jun 22, 2017 at 9:34 AM, Qiuxu Zhuo  wrote:
>> Change Log v3->v4:
>>  - Add comment 'the number of config tables' for 'nr_config_table' in efi 
>> structure
>>  - Initialize 'efi.nr_config_table' to 0 in default
>>  - Set 'efi.nr_config_table' to 'efi.systab->nr_tables' in 
>> drivers/firmware/efi/arm-init.c -> uefi_init()
>>  - Mark 'efi_capsule_pstore_disable' as __ro_after_init
>>  - Use timestamp value passed from pstore API rather than using get_seconds()
>>  - Pass page physcial addresses rather than struct page pointers to 
>> efi_capsule_update()
>
> Thanks for the updates!
>
> Reviewed-by: Kees Cook 
>


Thanks Qiuxu, Kees.

I will queue these on the EFI -next branch.

-- 
Ard.
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v4 0/2] Add EFI capsule pstore backend support

[Kees Cook]

On Thu, Jun 22, 2017 at 9:34 AM, Qiuxu Zhuo  wrote:
> Change Log v3->v4:
>  - Add comment 'the number of config tables' for 'nr_config_table' in efi 
> structure
>  - Initialize 'efi.nr_config_table' to 0 in default
>  - Set 'efi.nr_config_table' to 'efi.systab->nr_tables' in 
> drivers/firmware/efi/arm-init.c -> uefi_init()
>  - Mark 'efi_capsule_pstore_disable' as __ro_after_init
>  - Use timestamp value passed from pstore API rather than using get_seconds()
>  - Pass page physcial addresses rather than struct page pointers to 
> efi_capsule_update()

Thanks for the updates!

Reviewed-by: Kees Cook 

>
> Qiuxu Zhuo (2):
>   efi: Add 'nr_config_table' variable in efi structure
>   eif/capsule-pstore: Add capsule pstore backend
>
>  arch/x86/platform/efi/efi.c   |   1 +
>  drivers/firmware/efi/Kconfig  |  21 ++
>  drivers/firmware/efi/Makefile |   1 +
>  drivers/firmware/efi/arm-init.c   |   4 +-
>  drivers/firmware/efi/capsule-pstore.c | 679 
> ++
>  drivers/firmware/efi/efi.c|   1 +
>  include/linux/efi.h   |   1 +
>  7 files changed, 707 insertions(+), 1 deletion(-)
>  create mode 100644 drivers/firmware/efi/capsule-pstore.c
>
> --
> 2.9.0.GIT
>



-- 
Kees Cook
Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v7 34/36] x86/mm: Add support to encrypt the kernel in-place

[Tom Lendacky]

On 6/23/2017 5:00 AM, Borislav Petkov wrote:

On Fri, Jun 16, 2017 at 01:56:19PM -0500, Tom Lendacky wrote:

Add the support to encrypt the kernel in-place. This is done by creating
new page mappings for the kernel - a decrypted write-protected mapping
and an encrypted mapping. The kernel is encrypted by copying it through
a temporary buffer.

Signed-off-by: Tom Lendacky 
---
  arch/x86/include/asm/mem_encrypt.h |6 +
  arch/x86/mm/Makefile   |2
  arch/x86/mm/mem_encrypt.c  |  314 
  arch/x86/mm/mem_encrypt_boot.S |  150 +
  4 files changed, 472 insertions(+)
  create mode 100644 arch/x86/mm/mem_encrypt_boot.S

diff --git a/arch/x86/include/asm/mem_encrypt.h 
b/arch/x86/include/asm/mem_encrypt.h
index af835cf..7da6de3 100644
--- a/arch/x86/include/asm/mem_encrypt.h
+++ b/arch/x86/include/asm/mem_encrypt.h
@@ -21,6 +21,12 @@
  
  extern unsigned long sme_me_mask;
  
+void sme_encrypt_execute(unsigned long encrypted_kernel_vaddr,

+unsigned long decrypted_kernel_vaddr,
+unsigned long kernel_len,
+unsigned long encryption_wa,
+unsigned long encryption_pgd);
+
  void __init sme_early_encrypt(resource_size_t paddr,
  unsigned long size);
  void __init sme_early_decrypt(resource_size_t paddr,
diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile
index 9e13841..0633142 100644
--- a/arch/x86/mm/Makefile
+++ b/arch/x86/mm/Makefile
@@ -38,3 +38,5 @@ obj-$(CONFIG_NUMA_EMU)+= numa_emulation.o
  obj-$(CONFIG_X86_INTEL_MPX)   += mpx.o
  obj-$(CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS) += pkeys.o
  obj-$(CONFIG_RANDOMIZE_MEMORY) += kaslr.o
+
+obj-$(CONFIG_AMD_MEM_ENCRYPT)  += mem_encrypt_boot.o
diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index 842c8a6..6e87662 100644
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -24,6 +24,8 @@
  #include 
  #include 
  #include 
+#include 
+#include 
  
  /*

   * Since SME related variables are set early in the boot process they must
@@ -209,8 +211,320 @@ void swiotlb_set_mem_attributes(void *vaddr, unsigned 
long size)
set_memory_decrypted((unsigned long)vaddr, size >> PAGE_SHIFT);
  }
  
+static void __init sme_clear_pgd(pgd_t *pgd_base, unsigned long start,

+unsigned long end)
+{
+   unsigned long pgd_start, pgd_end, pgd_size;
+   pgd_t *pgd_p;
+
+   pgd_start = start & PGDIR_MASK;
+   pgd_end = end & PGDIR_MASK;
+
+   pgd_size = (((pgd_end - pgd_start) / PGDIR_SIZE) + 1);
+   pgd_size *= sizeof(pgd_t);
+
+   pgd_p = pgd_base + pgd_index(start);
+
+   memset(pgd_p, 0, pgd_size);
+}
+
+#ifndef CONFIG_X86_5LEVEL
+#define native_make_p4d(_x)(p4d_t) { .pgd = native_make_pgd(_x) }
+#endif


Huh, why isn't this in arch/x86/include/asm/pgtable_types.h in the #else
branch of #if CONFIG_PGTABLE_LEVELS > 4 ?


Normally the __p4d() macro would be used and that would be ok whether
CONFIG_X86_5LEVEL is defined or not. But since __p4d() is part of the
paravirt ops path I have to use native_make_p4d(). I'd be the only user
of the function and thought it would be best to localize it this way.



Also

ERROR: Macros with complex values should be enclosed in parentheses
#105: FILE: arch/x86/mm/mem_encrypt.c:232:
+#define native_make_p4d(_x)(p4d_t) { .pgd = native_make_pgd(_x) }

so why isn't it a function?


I can define it as an inline function.




+
+#define PGD_FLAGS  _KERNPG_TABLE_NOENC
+#define P4D_FLAGS  _KERNPG_TABLE_NOENC
+#define PUD_FLAGS  _KERNPG_TABLE_NOENC
+#define PMD_FLAGS  (__PAGE_KERNEL_LARGE_EXEC & ~_PAGE_GLOBAL)
+
+static void __init *sme_populate_pgd(pgd_t *pgd_base, void *pgtable_area,
+unsigned long vaddr, pmdval_t pmd_val)
+{
+   pgd_t *pgd_p;
+   p4d_t *p4d_p;
+   pud_t *pud_p;
+   pmd_t *pmd_p;
+
+   pgd_p = pgd_base + pgd_index(vaddr);
+   if (native_pgd_val(*pgd_p)) {
+   if (IS_ENABLED(CONFIG_X86_5LEVEL))


Err, I don't understand: so this is a Kconfig symbol and when it is
enabled at build time, you do a 5level pagetable.

But you can't stick a 5level pagetable to a hardware which doesn't know
about it.


True, 5-level will only be turned on for specific hardware which is why
I originally had this as only 4-level pagetables. But in a comment from
you back on the v5 version you said it needed to support 5-level. I
guess we should have discussed this more, but I also thought that should
our hardware ever support 5-level paging in the future then this would
be good to go.



Or do you mean that p4d layer folding at runtime to happen? (I admit, I
haven't looked at that in detail.) But then I'd hope that the generic
macros/functions would give you the ability to not care whether we have
a p4d or not and not add a whole 

Re: [PATCH v7 36/36] x86/mm: Add support to make use of Secure Memory Encryption

[Borislav Petkov]

On Fri, Jun 16, 2017 at 01:56:39PM -0500, Tom Lendacky wrote:
> Add support to check if SME has been enabled and if memory encryption
> should be activated (checking of command line option based on the
> configuration of the default state).  If memory encryption is to be
> activated, then the encryption mask is set and the kernel is encrypted
> "in place."
> 
> Signed-off-by: Tom Lendacky 
> ---
>  arch/x86/include/asm/mem_encrypt.h |6 ++-
>  arch/x86/kernel/head64.c   |4 +-
>  arch/x86/mm/mem_encrypt.c  |   86 
> +++-
>  3 files changed, 90 insertions(+), 6 deletions(-)

...

> +/*
> + * Some SME functions run very early causing issues with the stack-protector
> + * support. Provide a way to turn off this support on a per-function basis.
> + */
> +#define SME_NOSTACKP __attribute__((__optimize__("no-stack-protector")))

__nostackp

just like the others in include/linux/compiler-gcc.h.

> +
> +static char sme_cmdline_arg[] __initdata = "mem_encrypt";
> +static char sme_cmdline_on[]  __initdata = "on";
> +static char sme_cmdline_off[] __initdata = "off";
>  
>  /*
>   * Since SME related variables are set early in the boot process they must
> @@ -200,6 +215,8 @@ void __init mem_encrypt_init(void)
>  
>   /* Call into SWIOTLB to update the SWIOTLB DMA buffers */
>   swiotlb_update_mem_attributes();
> +
> + pr_info("AMD Secure Memory Encryption (SME) active\n");
>  }
>  
>  void swiotlb_set_mem_attributes(void *vaddr, unsigned long size)
> @@ -527,8 +544,73 @@ void __init sme_encrypt_kernel(void)
>   native_write_cr3(__native_read_cr3());
>  }
>  
> -void __init sme_enable(void)
> +void __init SME_NOSTACKP sme_enable(struct boot_params *bp)
>  {
> + const char *cmdline_ptr, *cmdline_arg, *cmdline_on, *cmdline_off;
> + unsigned int eax, ebx, ecx, edx;
> + bool active_by_default;
> + unsigned long me_mask;
> + char buffer[16];
> + u64 msr;
> +
> + /* Check for the SME support leaf */
> + eax = 0x8000;
> + ecx = 0;
> + native_cpuid(, , , );
> + if (eax < 0x801f)
> + return;
> +
> + /*
> +  * Check for the SME feature:
> +  *   CPUID Fn8000_001F[EAX] - Bit 0
> +  * Secure Memory Encryption support
> +  *   CPUID Fn8000_001F[EBX] - Bits 5:0
> +  * Pagetable bit position used to indicate encryption
> +  */
> + eax = 0x801f;
> + ecx = 0;
> + native_cpuid(, , , );
> + if (!(eax & 1))
> + return;
> +
> + me_mask = 1UL << (ebx & 0x3f);
> +
> + /* Check if SME is enabled */
> + msr = __rdmsr(MSR_K8_SYSCFG);
> + if (!(msr & MSR_K8_SYSCFG_MEM_ENCRYPT))
> + return;
> +
> + /*
> +  * Fixups have not been applied to phys_base yet and we're running
> +  * identity mapped, so we must obtain the address to the SME command
> +  * line argument data using rip-relative addressing.
> +  */
> + asm ("lea sme_cmdline_arg(%%rip), %0"
> +  : "=r" (cmdline_arg)
> +  : "p" (sme_cmdline_arg));
> + asm ("lea sme_cmdline_on(%%rip), %0"
> +  : "=r" (cmdline_on)
> +  : "p" (sme_cmdline_on));
> + asm ("lea sme_cmdline_off(%%rip), %0"
> +  : "=r" (cmdline_off)
> +  : "p" (sme_cmdline_off));
> +
> + if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT))
> + active_by_default = true;
> + else
> + active_by_default = false;
> +
> + cmdline_ptr = (const char *)((u64)bp->hdr.cmd_line_ptr |
> +  ((u64)bp->ext_cmd_line_ptr << 32));
> +
> + cmdline_find_option(cmdline_ptr, cmdline_arg, buffer, sizeof(buffer));
> +
> + if (strncmp(buffer, cmdline_on, sizeof(buffer)) == 0)

if (!strncmp(...

> + sme_me_mask = me_mask;
> + else if (strncmp(buffer, cmdline_off, sizeof(buffer)) == 0)

else if (!strncmp(...

-- 
Regards/Gruss,
Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v7 33/36] x86/mm: Use proper encryption attributes with /dev/mem

[Borislav Petkov]

On Fri, Jun 16, 2017 at 01:56:07PM -0500, Tom Lendacky wrote:
> When accessing memory using /dev/mem (or /dev/kmem) use the proper
> encryption attributes when mapping the memory.
> 
> To insure the proper attributes are applied when reading or writing
> /dev/mem, update the xlate_dev_mem_ptr() function to use memremap()
> which will essentially perform the same steps of applying __va for
> RAM or using ioremap() for if not RAM.
> 
> To insure the proper attributes are applied when mmapping /dev/mem,
> update the phys_mem_access_prot() to call phys_mem_access_encrypted(),
> a new function which will check if the memory should be mapped encrypted
> or not. If it is not to be mapped encrypted then the VMA protection
> value is updated to remove the encryption bit.
> 
> Signed-off-by: Tom Lendacky 
> ---
>  arch/x86/include/asm/io.h |3 +++
>  arch/x86/mm/ioremap.c |   18 +-
>  arch/x86/mm/pat.c |3 +++
>  3 files changed, 15 insertions(+), 9 deletions(-)

Reviewed-by: Borislav Petkov 

-- 
Regards/Gruss,
Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v7 32/36] xen/x86: Remove SME feature in PV guests

[Borislav Petkov]

On Fri, Jun 16, 2017 at 01:55:54PM -0500, Tom Lendacky wrote:
> Xen does not currently support SME for PV guests. Clear the SME cpu

nitpick: s/cpu/CPU/

> capability in order to avoid any ambiguity.
> 
> Signed-off-by: Tom Lendacky 
> ---
>  arch/x86/xen/enlighten_pv.c |1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c
> index f33eef4..e6ecf42 100644
> --- a/arch/x86/xen/enlighten_pv.c
> +++ b/arch/x86/xen/enlighten_pv.c
> @@ -294,6 +294,7 @@ static void __init xen_init_capabilities(void)
>   setup_clear_cpu_cap(X86_FEATURE_MTRR);
>   setup_clear_cpu_cap(X86_FEATURE_ACC);
>   setup_clear_cpu_cap(X86_FEATURE_X2APIC);
> + setup_clear_cpu_cap(X86_FEATURE_SME);
>  
>   if (!xen_initial_domain())
>   setup_clear_cpu_cap(X86_FEATURE_ACPI);

Reviewed-by: Borislav Petkov 

-- 
Regards/Gruss,
Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v7 31/36] x86/mm, kexec: Allow kexec to be used with SME

[Borislav Petkov]

On Fri, Jun 16, 2017 at 01:55:45PM -0500, Tom Lendacky wrote:
> Provide support so that kexec can be used to boot a kernel when SME is
> enabled.
> 
> Support is needed to allocate pages for kexec without encryption.  This
> is needed in order to be able to reboot in the kernel in the same manner
> as originally booted.
> 
> Additionally, when shutting down all of the CPUs we need to be sure to
> flush the caches and then halt. This is needed when booting from a state
> where SME was not active into a state where SME is active (or vice-versa).
> Without these steps, it is possible for cache lines to exist for the same
> physical location but tagged both with and without the encryption bit. This
> can cause random memory corruption when caches are flushed depending on
> which cacheline is written last.
> 
> Signed-off-by: Tom Lendacky 
> ---
>  arch/x86/include/asm/init.h  |1 +
>  arch/x86/include/asm/kexec.h |8 
>  arch/x86/include/asm/pgtable_types.h |1 +
>  arch/x86/kernel/machine_kexec_64.c   |   22 +-
>  arch/x86/kernel/process.c|   17 +++--
>  arch/x86/mm/ident_map.c  |   12 
>  include/linux/kexec.h|   14 ++
>  kernel/kexec_core.c  |   12 +++-
>  8 files changed, 79 insertions(+), 8 deletions(-)

...

> diff --git a/include/linux/kexec.h b/include/linux/kexec.h
> index c9481eb..5d17fd6 100644
> --- a/include/linux/kexec.h
> +++ b/include/linux/kexec.h
> @@ -334,6 +334,20 @@ static inline void *boot_phys_to_virt(unsigned long 
> entry)
>   return phys_to_virt(boot_phys_to_phys(entry));
>  }
>  
> +#ifndef arch_kexec_post_alloc_pages
> +static inline int arch_kexec_post_alloc_pages(void *vaddr, unsigned int 
> pages,
> +   gfp_t gfp)
> +{
> + return 0;
> +}
> +#endif

Just a nitpick:

static inline int arch_kexec_post_alloc_pages(void *vaddr, unsigned int pages, 
gfp_t gfp) { return 0; }
static inline void arch_kexec_pre_free_pages(void *vaddr, unsigned int pages) { 
}

Other than that:

Reviewed-by: Borislav Petkov 

-- 
Regards/Gruss,
Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v4 2/2] eif/capsule-pstore: Add capsule pstore backend

[Qiuxu Zhuo]

The EFI capsule mechanism allows data blobs to be passed to the EFI
firmware. By setting the EFI_CAPSULE_POPULATE_SYSTEM_TABLE and the
EFI_CAPSULE_PERSIST_ACROSS_REBOOT flags, the firmware will place a
pointer to our data blob in the EFI System Table on the next boot.
We can utilise this facility to save crash dumps, call traces, etc
and pick them up to aid in debugging after reboot.

Initial cut at this driver by Matt Fleming as below links
https://git.kernel.org/cgit/linux/kernel/git/mfleming/efi.git/commit/?h=capsule-pstore=99c5f047133555aa0442f64064e85b7da2d4a45f
https://git.kernel.org/cgit/linux/kernel/git/mfleming/efi.git/commit/?h=capsule-pstore=8625c776c9b8bbed7fa4aa023e36542615165240
Extensive cleanup, refactoring, bug fix, and verification by Qiuxu Zhuo

Patch verified on Intel Kabylake client platform + Intel KBL BIOS:(10/24/2016):
- modprobe capsule-pstore
- echo "Test pmsg on capsule-pstore" > /dev/pmsg0
- echo 1 > /sys/module/kernel/parameters/panic
- echo c > /proc/sysrq-trigger
- system reboot...
- ls -l /sys/fs/pstore/
  -r--r--r-- 1 root root 4946 6月  19 14:05 console-capsule-pstore-0
  -r--r--r-- 1 root root 8976 6月  19 14:03 
dmesg-capsule-pstore-6433226157407076353
  -r--r--r-- 1 root root 9043 6月  19 14:03 
dmesg-capsule-pstore-6433226157407076354
  -r--r--r-- 1 root root 9069 6月  19 14:03 
dmesg-capsule-pstore-6433226157407076355
  -r--r--r-- 1 root root 9092 6月  19 14:03 
dmesg-capsule-pstore-6433226157407076356
  -r--r--r-- 1 root root 8976 6月  19 14:03 
dmesg-capsule-pstore-6433226157407076357
  -r--r--r-- 1 root root 9028 6月  19 14:03 
dmesg-capsule-pstore-6433226157407076358
  -r--r--r-- 1 root root   28 6月  19 14:05 pmsg-capsule-pstore-0

The above files contain pmsg log and the last console/dmesg logs.

Signed-off-by: Qiuxu Zhuo 
---
 drivers/firmware/efi/Kconfig  |  21 ++
 drivers/firmware/efi/Makefile |   1 +
 drivers/firmware/efi/capsule-pstore.c | 679 ++
 3 files changed, 701 insertions(+)
 create mode 100644 drivers/firmware/efi/capsule-pstore.c

diff --git a/drivers/firmware/efi/Kconfig b/drivers/firmware/efi/Kconfig
index 394db40..f8c6564 100644
--- a/drivers/firmware/efi/Kconfig
+++ b/drivers/firmware/efi/Kconfig
@@ -151,6 +151,27 @@ config APPLE_PROPERTIES
 
  If unsure, say Y if you have a Mac.  Otherwise N.
 
+config EFI_CAPSULE_PSTORE
+   tristate "EFI capsule pstore backend"
+   depends on EFI && PSTORE
+   help
+ Saying Y here enable the EFI capsule mechanism to store crash dumps,
+ console log, and function tracing data.
+
+ To compile this driver as a module, choose M here.
+
+ Not many firmware implementations fully support EFI capsules.
+ If you plan to rely on this you should test whether yours works by
+ forcing a crash. Most people should not enable this.
+
+config EFI_CAPSULE_PSTORE_DEFAULT_DISABLE
+   bool "Disable using efi capsule as a pstore backend by default"
+   depends on EFI_CAPSULE_PSTORE
+   help
+ Saying Y here will disable the use of efi capsule as a storage
+ backend for pstore by default. This setting can be overridden
+ using the capsule-pstore module's pstore_disable parameter.
+
 endmenu
 
 config UEFI_CPER
diff --git a/drivers/firmware/efi/Makefile b/drivers/firmware/efi/Makefile
index 0329d31..c06e52f 100644
--- a/drivers/firmware/efi/Makefile
+++ b/drivers/firmware/efi/Makefile
@@ -15,6 +15,7 @@ obj-$(CONFIG_EFI) += capsule.o memmap.o
 obj-$(CONFIG_EFI_VARS) += efivars.o
 obj-$(CONFIG_EFI_ESRT) += esrt.o
 obj-$(CONFIG_EFI_VARS_PSTORE)  += efi-pstore.o
+obj-$(CONFIG_EFI_CAPSULE_PSTORE)   += capsule-pstore.o
 obj-$(CONFIG_UEFI_CPER)+= cper.o
 obj-$(CONFIG_EFI_RUNTIME_MAP)  += runtime-map.o
 obj-$(CONFIG_EFI_RUNTIME_WRAPPERS) += runtime-wrappers.o
diff --git a/drivers/firmware/efi/capsule-pstore.c 
b/drivers/firmware/efi/capsule-pstore.c
new file mode 100644
index 000..10cc22e
--- /dev/null
+++ b/drivers/firmware/efi/capsule-pstore.c
@@ -0,0 +1,679 @@
+/*
+ * EFI capsule pstore backend support.
+ * Copyright (c) 2017, Intel Corporation.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ */
+
+#define pr_fmt(fmt) "capsule-pstore: " fmt
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#define CAPSULE_SIZE (16 * 1024)
+#define CRASH_SIZE 4096
+#define CAPSULE_MAGIC 0x63617073 /* 'caps' */
+
+static bool efi_capsule_pstore_disable 

[PATCH v4 1/2] efi: Add 'nr_config_table' variable in efi structure

[Qiuxu Zhuo]

The 'nr_config_table' and 'config_table' (alreay in efi structure)
in efi structure provide a way for some driver(e.g. capsule-pstore
goes through the configuration table to extract crash capsules to
aid in debugging) to iterate over the EFI configuration table array.

Signed-off-by: Qiuxu Zhuo 
---
 arch/x86/platform/efi/efi.c | 1 +
 drivers/firmware/efi/arm-init.c | 4 +++-
 drivers/firmware/efi/efi.c  | 1 +
 include/linux/efi.h | 1 +
 4 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
index e14d557..94a9d762 100644
--- a/arch/x86/platform/efi/efi.c
+++ b/arch/x86/platform/efi/efi.c
@@ -498,6 +498,7 @@ void __init efi_init(void)
return;
 
efi.config_table = (unsigned long)efi.systab->tables;
+   efi.nr_config_table = (unsigned long)efi.systab->nr_tables;
efi.fw_vendor= (unsigned long)efi.systab->fw_vendor;
efi.runtime  = (unsigned long)efi.systab->runtime;
 
diff --git a/drivers/firmware/efi/arm-init.c b/drivers/firmware/efi/arm-init.c
index 80d1a88..9aa748f 100644
--- a/drivers/firmware/efi/arm-init.c
+++ b/drivers/firmware/efi/arm-init.c
@@ -145,8 +145,10 @@ static int __init uefi_init(void)
 sizeof(efi_config_table_t),
 arch_tables);
 
-   if (!retval)
+   if (!retval) {
efi.config_table = (unsigned long)efi.systab->tables;
+   efi.nr_config_table = (unsigned long)efi.systab->nr_tables;
+   }
 
early_memunmap(config_tables, table_size);
 out:
diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index b372aad..2afd76d 100644
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -48,6 +48,7 @@ struct efi __read_mostly efi = {
.fw_vendor  = EFI_INVALID_TABLE_ADDR,
.runtime= EFI_INVALID_TABLE_ADDR,
.config_table   = EFI_INVALID_TABLE_ADDR,
+   .nr_config_table= 0,
.esrt   = EFI_INVALID_TABLE_ADDR,
.properties_table   = EFI_INVALID_TABLE_ADDR,
.mem_attr_table = EFI_INVALID_TABLE_ADDR,
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 8269bcb..5c7bc4d 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -904,6 +904,7 @@ extern struct efi {
unsigned long fw_vendor;/* fw_vendor */
unsigned long runtime;  /* runtime table */
unsigned long config_table; /* config tables */
+   unsigned long nr_config_table; /* the number of config tables */
unsigned long esrt; /* ESRT table */
unsigned long properties_table; /* properties table */
unsigned long mem_attr_table;   /* memory attributes table */
-- 
2.9.0.GIT

--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v4 0/2] Add EFI capsule pstore backend support

[Qiuxu Zhuo]

Change Log v3->v4:
 - Add comment 'the number of config tables' for 'nr_config_table' in efi 
structure
 - Initialize 'efi.nr_config_table' to 0 in default
 - Set 'efi.nr_config_table' to 'efi.systab->nr_tables' in 
drivers/firmware/efi/arm-init.c -> uefi_init()
 - Mark 'efi_capsule_pstore_disable' as __ro_after_init
 - Use timestamp value passed from pstore API rather than using get_seconds() 
 - Pass page physcial addresses rather than struct page pointers to 
efi_capsule_update()

Qiuxu Zhuo (2):
  efi: Add 'nr_config_table' variable in efi structure
  eif/capsule-pstore: Add capsule pstore backend

 arch/x86/platform/efi/efi.c   |   1 +
 drivers/firmware/efi/Kconfig  |  21 ++
 drivers/firmware/efi/Makefile |   1 +
 drivers/firmware/efi/arm-init.c   |   4 +-
 drivers/firmware/efi/capsule-pstore.c | 679 ++
 drivers/firmware/efi/efi.c|   1 +
 include/linux/efi.h   |   1 +
 7 files changed, 707 insertions(+), 1 deletion(-)
 create mode 100644 drivers/firmware/efi/capsule-pstore.c

-- 
2.9.0.GIT

--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html