Re: [PATCH 00/14] EFI capsule update support for IOT2000 devices

[Ard Biesheuvel]

On 30 August 2017 at 20:27, Jan Kiszka  wrote:
> On 2017-08-30 21:24, Ard Biesheuvel wrote:
>> Hello Jan,
>>
>> On 30 August 2017 at 20:13, Jan Kiszka  wrote:
>>> Last chunk: This backports EFI capsule updates, primarily for the use
>>> with the IOT2020 and IOT2040, the latter with Quark-proprietary security
>>> header format. The feature should also work for the Galileo Gen 2 and,
>>> at least conceptually, for any EFI capsule update compatible firmware.
>>>
>>
>> What is the purpose of this series? I hope you are not expecting this
>> to be considered for -stable?
>> Please check Documentation/process/stable-kernel-rules.rst for
>> guidelines on what is appropriate for -stable.
>
> Argh, sorry. Missed that I didn't activate the CC filter for this one.
>
> Everyone except for Ben and cip-dev, please ignore - this is just a
> backport to the CIP SLTS kernel.
>

OK no worries
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 00/14] EFI capsule update support for IOT2000 devices

[Ard Biesheuvel]

Hello Jan,

On 30 August 2017 at 20:13, Jan Kiszka  wrote:
> Last chunk: This backports EFI capsule updates, primarily for the use
> with the IOT2020 and IOT2040, the latter with Quark-proprietary security
> header format. The feature should also work for the Galileo Gen 2 and,
> at least conceptually, for any EFI capsule update compatible firmware.
>

What is the purpose of this series? I hope you are not expecting this
to be considered for -stable?
Please check Documentation/process/stable-kernel-rules.rst for
guidelines on what is appropriate for -stable.


> Cc: Andy Lutomirski 
> Cc: Andy Lutomirski 
> Cc: Ard Biesheuvel 
> Cc: Borislav Petkov 
> Cc: Brian Gerst 
> Cc: Bryan O'Donoghue 
> Cc: Denys Vlasenko 
> Cc: H. Peter Anvin 
> Cc: joeyli 
> Cc: Josh Poimboeuf 
> Cc: Kweh Hock Leong 
> Cc: Linus Torvalds 
> Cc: linux-efi@vger.kernel.org
> Cc: Mark Salter 
> Cc: Matt Fleming 
> Cc: Peter Jones 
> Cc: Peter Zijlstra 
> Cc: Sam Protsenko 
> Cc:  # v4.7
> Cc: Thomas Gleixner 
>
> Ard Biesheuvel (3):
>   efi/capsule-loader: Use a cached copy of the capsule header
>   efi/capsule-loader: Redirect calls to efi_capsule_setup_info() via
> weak alias
>   efi/capsule-loader: Use page addresses rather than struct page
> pointers
>
> Austin Christ (1):
>   efi/capsule: Allocate whole capsule into virtual memory
>
> Jan Kiszka (5):
>   efi/capsule: Fix return code on failing kmap/vmap
>   efi/capsule: Remove pr_debug() on ENOMEM or EFAULT
>   efi/capsule: Clean up pr_err/_info() messages
>   efi/capsule: Adjust return type of efi_capsule_setup_info()
>   efi/capsule: Add support for Quark security header
>
> Kweh, Hock Leong (1):
>   efi: Add misc char driver interface to update EFI firmware
>
> Matt Fleming (4):
>   efi: Move efi_status_to_err() to drivers/firmware/efi/
>   efi: Add 'capsule' update support
>   x86/efi: Force EFI reboot to process pending capsules
>   efi/capsule: Move 'capsule' to the stack in efi_capsule_supported()
>
>  arch/x86/k
ernel/reboot.c  |   9 +
>  arch/x86/platform/efi/quirks.c| 137 ++
>  drivers/firmware/efi/Kconfig  |  19 ++
>  drivers/firmware/efi/Makefile |   2 +
>  drivers/firmware/efi/capsule-loader.c | 330 
> ++
>  drivers/firmware/efi/capsule.c| 294 ++
>  drivers/firmware/efi/efi.c|  33 
>  drivers/firmware/efi/reboot.c |  12 +-
>  drivers/firmware/efi/vars.c   |  33 
>  include/linux/efi.h   |  34 
>  10 files changed, 869 insertions(+), 34 deletions(-)
>  create mode 100644 drivers/firmware/efi/capsule-loader.c
>  create mode 100644 drivers/firmware/efi/capsule.c
>
> --
> 2.12.3
>
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 03/14] x86/efi: Force EFI reboot to process pending capsules

[Jan Kiszka]

From: Matt Fleming 

commit 87615a34d561ef59bd0cffc73256a21220dfdffd upstream.

If an EFI capsule has been sent to the firmware we must match the type
of EFI reset against that required by the capsule to ensure it is
processed correctly.

Force an EFI reboot if a capsule is pending for the next reset.

Signed-off-by: Matt Fleming 
Cc: Ard Biesheuvel 
Cc: Borislav Petkov 
Cc: Kweh Hock Leong 
Cc: Peter Zijlstra 
Cc: Thomas Gleixner 
Cc: joeyli 
Cc: linux-efi@vger.kernel.org
Link: 
http://lkml.kernel.org/r/1461614832-17633-29-git-send-email-m...@codeblueprint.co.uk
Signed-off-by: Ingo Molnar 
---
 arch/x86/kernel/reboot.c | 9 +
 include/linux/efi.h  | 6 ++
 2 files changed, 15 insertions(+)

diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c
index f660d63f40fe..01d9e1edda07 100644
--- a/arch/x86/kernel/reboot.c
+++ b/arch/x86/kernel/reboot.c
@@ -535,6 +535,15 @@ static void native_machine_emergency_restart(void)
mode = reboot_mode == REBOOT_WARM ? 0x1234 : 0;
*((unsigned short *)__va(0x472)) = mode;
 
+   /*
+* If an EFI capsule has been registered with the firmware then
+* override the reboot= parameter.
+*/
+   if (efi_capsule_pending(NULL)) {
+   pr_info("EFI capsule is pending, forcing EFI reboot.\n");
+   reboot_type = BOOT_EFI;
+   }
+
for (;;) {
/* Could also try the reset bit in the Hammer NB */
switch (reboot_type) {
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 4899c679622d..5a0b8f7a54c8 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -1004,6 +1004,12 @@ static inline bool efi_enabled(int feature)
 }
 static inline void
 efi_reboot(enum reboot_mode reboot_mode, const char *__unused) {}
+
+static inline bool
+efi_capsule_pending(int *reset_type)
+{
+   return false;
+}
 #endif
 
 extern int efi_status_to_err(efi_status_t status);
-- 
2.12.3

--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 01/14] efi: Move efi_status_to_err() to drivers/firmware/efi/

[Jan Kiszka]

From: Matt Fleming 

commit 806b0351c9ff9890c1ef0ba2c46237baef49ac79 upstream.

Move efi_status_to_err() to the architecture independent code as it's
generally useful in all bits of EFI code where there is a need to
convert an efi_status_t to a kernel error value.

Signed-off-by: Matt Fleming 
Acked-by: Ard Biesheuvel 
Cc: Borislav Petkov 
Cc: Kweh Hock Leong 
Cc: Peter Zijlstra 
Cc: Thomas Gleixner 
Cc: joeyli 
Cc: linux-efi@vger.kernel.org
Link: 
http://lkml.kernel.org/r/1461614832-17633-27-git-send-email-m...@codeblueprint.co.uk
Signed-off-by: Ingo Molnar 
---
 drivers/firmware/efi/efi.c  | 33 +
 drivers/firmware/efi/vars.c | 33 -
 include/linux/efi.h |  2 ++
 3 files changed, 35 insertions(+), 33 deletions(-)

diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index 3b52677f459a..33d60992a580 100644
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -663,3 +663,36 @@ u64 __weak efi_mem_attributes(unsigned long phys_addr)
}
return 0;
 }
+
+int efi_status_to_err(efi_status_t status)
+{
+   int err;
+
+   switch (status) {
+   case EFI_SUCCESS:
+   err = 0;
+   break;
+   case EFI_INVALID_PARAMETER:
+   err = -EINVAL;
+   break;
+   case EFI_OUT_OF_RESOURCES:
+   err = -ENOSPC;
+   break;
+   case EFI_DEVICE_ERROR:
+   err = -EIO;
+   break;
+   case EFI_WRITE_PROTECTED:
+   err = -EROFS;
+   break;
+   case EFI_SECURITY_VIOLATION:
+   err = -EACCES;
+   break;
+   case EFI_NOT_FOUND:
+   err = -ENOENT;
+   break;
+   default:
+   err = -EINVAL;
+   }
+
+   return err;
+}
diff --git a/drivers/firmware/efi/vars.c b/drivers/firmware/efi/vars.c
index 6f182fd91a6d..38e36526ba02 100644
--- a/drivers/firmware/efi/vars.c
+++ b/drivers/firmware/efi/vars.c
@@ -318,39 +318,6 @@ check_var_size(u32 attributes, unsigned long size)
return fops->query_variable_store(attributes, size);
 }
 
-static int efi_status_to_err(efi_status_t status)
-{
-   int err;
-
-   switch (status) {
-   case EFI_SUCCESS:
-   err = 0;
-   break;
-   case EFI_INVALID_PARAMETER:
-   err = -EINVAL;
-   break;
-   case EFI_OUT_OF_RESOURCES:
-   err = -ENOSPC;
-   break;
-   case EFI_DEVICE_ERROR:
-   err = -EIO;
-   break;
-   case EFI_WRITE_PROTECTED:
-   err = -EROFS;
-   break;
-   case EFI_SECURITY_VIOLATION:
-   err = -EACCES;
-   break;
-   case EFI_NOT_FOUND:
-   err = -ENOENT;
-   break;
-   default:
-   err = -EINVAL;
-   }
-
-   return err;
-}
-
 static bool variable_is_present(efi_char16_t *variable_name, efi_guid_t 
*vendor,
struct list_head *head)
 {
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 47be3ad7d3e5..774e9a0d49f1 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -999,6 +999,8 @@ static inline void
 efi_reboot(enum reboot_mode reboot_mode, const char *__unused) {}
 #endif
 
+extern int efi_status_to_err(efi_status_t status);
+
 /*
  * Variable Attributes
  */
-- 
2.12.3

--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 02/14] efi: Add 'capsule' update support

[Jan Kiszka]

From: Matt Fleming 

commit f0133f3c5b8bb34ec4dec50c27e7a655aeee8935 upstream.

The EFI capsule mechanism allows data blobs to be passed to the EFI
firmware. A common use case is performing firmware updates. This patch
just introduces the main infrastructure for interacting with the
firmware, and a driver that allows users to upload capsules will come
in a later patch.

Once a capsule has been passed to the firmware, the next reboot must
be performed using the ResetSystem() EFI runtime service, which may
involve overriding the reboot type specified by reboot=. This ensures
the reset value returned by QueryCapsuleCapabilities() is used to
reset the system, which is required for the capsule to be processed.
efi_capsule_pending() is provided for this purpose.

At the moment we only allow a single capsule blob to be sent to the
firmware despite the fact that UpdateCapsule() takes a 'CapsuleCount'
parameter. This simplifies the API and shouldn't result in any
downside since it is still possible to send multiple capsules by
repeatedly calling UpdateCapsule().

Signed-off-by: Matt Fleming 
Cc: Ard Biesheuvel 
Cc: Borislav Petkov 
Cc: Bryan O'Donoghue 
Cc: Kweh Hock Leong 
Cc: Mark Salter 
Cc: Peter Jones 
Cc: Peter Zijlstra 
Cc: Thomas Gleixner 
Cc: joeyli 
Cc: linux-efi@vger.kernel.org
Link: 
http://lkml.kernel.org/r/1461614832-17633-28-git-send-email-m...@codeblueprint.co.uk
Signed-off-by: Ingo Molnar 
---
 drivers/firmware/efi/Makefile  |   1 +
 drivers/firmware/efi/capsule.c | 300 +
 drivers/firmware/efi/reboot.c  |  12 +-
 include/linux/efi.h|  14 ++
 4 files changed, 326 insertions(+), 1 deletion(-)
 create mode 100644 drivers/firmware/efi/capsule.c

diff --git a/drivers/firmware/efi/Makefile b/drivers/firmware/efi/Makefile
index ec379a4164cc..54b19cdbfcf8 100644
--- a/drivers/firmware/efi/Makefile
+++ b/drivers/firmware/efi/Makefile
@@ -10,6 +10,7 @@
 KASAN_SANITIZE_runtime-wrappers.o  := n
 
 obj-$(CONFIG_EFI)  += efi.o vars.o reboot.o
+obj-$(CONFIG_EFI)  += capsule.o
 obj-$(CONFIG_EFI_VARS) += efivars.o
 obj-$(CONFIG_EFI_ESRT) += esrt.o
 obj-$(CONFIG_EFI_VARS_PSTORE)  += efi-pstore.o
diff --git a/drivers/firmware/efi/capsule.c b/drivers/firmware/efi/capsule.c
new file mode 100644
index ..0de55944ac0b
--- /dev/null
+++ b/drivers/firmware/efi/capsule.c
@@ -0,0 +1,300 @@
+/*
+ * EFI capsule support.
+ *
+ * Copyright 2013 Intel Corporation; author Matt Fleming
+ *
+ * This file is part of the Linux kernel, and is made available under
+ * the terms of the GNU General Public License version 2.
+ */
+
+#define pr_fmt(fmt) "efi: " fmt
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+typedef struct {
+   u64 length;
+   u64 data;
+} efi_capsule_block_desc_t;
+
+static bool capsule_pending;
+static int efi_reset_type = -1;
+
+/*
+ * capsule_mutex serialises access to both capsule_pending and
+ * efi_reset_type.
+ */
+static DEFINE_MUTEX(capsule_mutex);
+
+/**
+ * efi_capsule_pending - has a capsule been passed to the firmware?
+ * @reset_type: store the type of EFI reset if capsule is pending
+ *
+ * To ensure that the registered capsule is processed correctly by the
+ * firmware we need to perform a specific type of reset. If a capsule is
+ * pending return the reset type in @reset_type.
+ *
+ * This function will race with callers of efi_capsule_update(), for
+ * example, calling this function while somebody else is in
+ * efi_capsule_update() but hasn't reached efi_capsue_update_locked()
+ * will miss the updates to capsule_pending and efi_reset_type after
+ * efi_capsule_update_locked() completes.
+ *
+ * A non-racy use is from platform reboot code because we use
+ * system_state to ensure no capsules can be sent to the firmware once
+ * we're at SYSTEM_RESTART. See efi_capsule_update_locked().
+ */
+bool efi_capsule_pending(int *reset_type)
+{
+   bool rv = false;
+
+   mutex_lock(_mutex);
+   if (!capsule_pending)
+   goto out;
+
+   if (reset_type)
+   *reset_type = efi_reset_type;
+   rv = true;
+out:
+   mutex_unlock(_mutex);
+   return rv;
+}
+
+/*
+ * Whitelist of EFI capsule flags that we support.
+ *
+ * We do not handle EFI_CAPSULE_INITIATE_RESET because that would
+ * require us to prepare the kernel for reboot. Refuse to load any
+ * capsules with that flag and any other flags that we do not know how
+ * to handle.
+ */
+#define EFI_CAPSULE_SUPPORTED_FLAG_MASK\
+   (EFI_CAPSULE_PERSIST_ACROSS_RESET | EFI_CAPSULE_POPULATE_SYSTEM_TABLE)
+
+/**
+ * efi_capsule_supported - does the 

[PATCH 06/14] efi/capsule: Allocate whole capsule into virtual memory

[Jan Kiszka]

From: Austin Christ 

commit 6862e6ad95e984991a6ceec592cf67831658f928 upstream.

According to UEFI 2.6 section 7.5.3, the capsule should be in contiguous
virtual memory and firmware may consume the capsule immediately. To
correctly implement this functionality, the kernel driver needs to vmap
the entire capsule at the time it is made available to firmware.

The virtual allocation of the capsule update has been changed from kmap,
which was only allocating the first page of the update, to vmap, and
allocates the entire data payload.

Signed-off-by: Austin Christ 
Signed-off-by: Matt Fleming 
Reviewed-by: Matt Fleming 
Reviewed-by: Lee, Chun-Yi 
Cc:  # v4.7
Cc: Andy Lutomirski 
Cc: Ard Biesheuvel 
Cc: Borislav Petkov 
Cc: Brian Gerst 
Cc: Bryan O'Donoghue 
Cc: Denys Vlasenko 
Cc: H. Peter Anvin 
Cc: Josh Poimboeuf 
Cc: Kweh Hock Leong 
Cc: Linus Torvalds 
Cc: Peter Zijlstra 
Cc: Thomas Gleixner 
Cc: linux-efi@vger.kernel.org
Link: 
http://lkml.kernel.org/r/1470912120-22831-3-git-send-email-m...@codeblueprint.co.uk
Signed-off-by: Ingo Molnar 
---
 drivers/firmware/efi/capsule-loader.c | 8 +---
 drivers/firmware/efi/capsule.c| 6 +++---
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/drivers/firmware/efi/capsule-loader.c 
b/drivers/firmware/efi/capsule-loader.c
index c99c24bc79b0..9ae6c116c474 100644
--- a/drivers/firmware/efi/capsule-loader.c
+++ b/drivers/firmware/efi/capsule-loader.c
@@ -16,6 +16,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #define NO_FURTHER_WRITE_ACTION -1
 
@@ -108,14 +109,15 @@ static ssize_t efi_capsule_submit_update(struct 
capsule_info *cap_info)
int ret;
void *cap_hdr_temp;
 
-   cap_hdr_temp = kmap(cap_info->pages[0]);
+   cap_hdr_temp = vmap(cap_info->pages, cap_info->index,
+   VM_MAP, PAGE_KERNEL);
if (!cap_hdr_temp) {
-   pr_debug("%s: kmap() failed\n", __func__);
+   pr_debug("%s: vmap() failed\n", __func__);
return -EFAULT;
}
 
ret = efi_capsule_update(cap_hdr_temp, cap_info->pages);
-   kunmap(cap_info->pages[0]);
+   vunmap(cap_hdr_temp);
if (ret) {
pr_err("%s: efi_capsule_update() failed\n", __func__);
return ret;
diff --git a/drivers/firmware/efi/capsule.c b/drivers/firmware/efi/capsule.c
index 61e51249ef40..1106773468b2 100644
--- a/drivers/firmware/efi/capsule.c
+++ b/drivers/firmware/efi/capsule.c
@@ -194,9 +194,9 @@ efi_capsule_update_locked(efi_capsule_header_t *capsule,
  * map the capsule described by @capsule with its data in @pages and
  * send it to the firmware via the UpdateCapsule() runtime service.
  *
- * @capsule must be a virtual mapping of the first page in @pages
- * (@pages[0]) in the kernel address space. That is, a
- * capsule_header_t that describes the entire contents of the capsule
+ * @capsule must be a virtual mapping of the complete capsule update in the
+ * kernel address space, as the capsule can be consumed immediately.
+ * A capsule_header_t that describes the entire contents of the capsule
  * must be at the start of the first data page.
  *
  * Even though this function will validate that the firmware supports
-- 
2.12.3

--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 04/14] efi: Add misc char driver interface to update EFI firmware

[Jan Kiszka]

From: Kweh, Hock Leong 

commit 65117f1aa1b2d145fd5ca376bde642794d0aae1b upstream.

This patch introduces a kernel module to expose a capsule loader
interface (misc char device file note) for users to upload capsule
binaries.

Example:

  cat firmware.bin > /dev/efi_capsule_loader

Any upload error will be returned while doing "cat" through file
operation write() function call.

Signed-off-by: Kweh, Hock Leong 
[ Update comments and Kconfig text ]
Signed-off-by: Matt Fleming 
Reviewed-by: Bryan O'Donoghue 
Acked-by: Greg Kroah-Hartman 
Cc: Andy Lutomirski 
Cc: Ard Biesheuvel 
Cc: Borislav Petkov 
Cc: Peter Jones 
Cc: Peter Zijlstra 
Cc: Sam Protsenko 
Cc: Thomas Gleixner 
Cc: joeyli 
Cc: linux-efi@vger.kernel.org
Link: 
http://lkml.kernel.org/r/1461614832-17633-30-git-send-email-m...@codeblueprint.co.uk
Signed-off-by: Ingo Molnar 
---
 drivers/firmware/efi/Kconfig  |  10 +
 drivers/firmware/efi/Makefile |   1 +
 drivers/firmware/efi/capsule-loader.c | 343 ++
 3 files changed, 354 insertions(+)
 create mode 100644 drivers/firmware/efi/capsule-loader.c

diff --git a/drivers/firmware/efi/Kconfig b/drivers/firmware/efi/Kconfig
index e1670d533f97..de221bbde9c9 100644
--- a/drivers/firmware/efi/Kconfig
+++ b/drivers/firmware/efi/Kconfig
@@ -87,6 +87,16 @@ config EFI_RUNTIME_WRAPPERS
 config EFI_ARMSTUB
bool
 
+config EFI_CAPSULE_LOADER
+   tristate "EFI capsule loader"
+   depends on EFI
+   help
+ This option exposes a loader interface "/dev/efi_capsule_loader" for
+ users to load EFI capsules. This driver requires working runtime
+ capsule support in the firmware, which many OEMs do not provide.
+
+ Most users should say N.
+
 endmenu
 
 config UEFI_CPER
diff --git a/drivers/firmware/efi/Makefile b/drivers/firmware/efi/Makefile
index 54b19cdbfcf8..2c8562de3a5f 100644
--- a/drivers/firmware/efi/Makefile
+++ b/drivers/firmware/efi/Makefile
@@ -19,3 +19,4 @@ obj-$(CONFIG_EFI_RUNTIME_MAP) += runtime-map.o
 obj-$(CONFIG_EFI_RUNTIME_WRAPPERS) += runtime-wrappers.o
 obj-$(CONFIG_EFI_STUB) += libstub/
 obj-$(CONFIG_EFI_FAKE_MEMMAP)  += fake_mem.o
+obj-$(CONFIG_EFI_CAPSULE_LOADER)   += capsule-loader.o
diff --git a/drivers/firmware/efi/capsule-loader.c 
b/drivers/firmware/efi/capsule-loader.c
new file mode 100644
index ..c99c24bc79b0
--- /dev/null
+++ b/drivers/firmware/efi/capsule-loader.c
@@ -0,0 +1,343 @@
+/*
+ * EFI capsule loader driver.
+ *
+ * Copyright 2015 Intel Corporation
+ *
+ * This file is part of the Linux kernel, and is made available under
+ * the terms of the GNU General Public License version 2.
+ */
+
+#define pr_fmt(fmt) "efi: " fmt
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#define NO_FURTHER_WRITE_ACTION -1
+
+struct capsule_info {
+   boolheader_obtained;
+   int reset_type;
+   longindex;
+   size_t  count;
+   size_t  total_size;
+   struct page **pages;
+   size_t  page_bytes_remain;
+};
+
+/**
+ * efi_free_all_buff_pages - free all previous allocated buffer pages
+ * @cap_info: pointer to current instance of capsule_info structure
+ *
+ * In addition to freeing buffer pages, it flags NO_FURTHER_WRITE_ACTION
+ * to cease processing data in subsequent write(2) calls until close(2)
+ * is called.
+ **/
+static void efi_free_all_buff_pages(struct capsule_info *cap_info)
+{
+   while (cap_info->index > 0)
+   __free_page(cap_info->pages[--cap_info->index]);
+
+   cap_info->index = NO_FURTHER_WRITE_ACTION;
+}
+
+/**
+ * efi_capsule_setup_info - obtain the efi capsule header in the binary and
+ * setup capsule_info structure
+ * @cap_info: pointer to current instance of capsule_info structure
+ * @kbuff: a mapped first page buffer pointer
+ * @hdr_bytes: the total received number of bytes for efi header
+ **/
+static ssize_t efi_capsule_setup_info(struct capsule_info *cap_info,
+ void *kbuff, size_t hdr_bytes)
+{
+   efi_capsule_header_t *cap_hdr;
+   size_t pages_needed;
+   int ret;
+   void *temp_page;
+
+   /* Only process data block that is larger than efi header size */
+   if (hdr_bytes < sizeof(efi_capsule_header_t))
+   return 0;
+
+   /* Reset back to the correct offset of header */
+   cap_hdr = kbuff - cap_info->count;
+   pages_needed = ALIGN(cap_hdr->imagesize, PAGE_SIZE) >> PAGE_SHIFT;
+
+   if (pages_needed == 0) {
+   pr_err("%s: 

[PATCH 00/14] EFI capsule update support for IOT2000 devices

[Jan Kiszka]

Last chunk: This backports EFI capsule updates, primarily for the use
with the IOT2020 and IOT2040, the latter with Quark-proprietary security
header format. The feature should also work for the Galileo Gen 2 and,
at least conceptually, for any EFI capsule update compatible firmware.

Jan

Cc: Andy Lutomirski 
Cc: Andy Lutomirski 
Cc: Ard Biesheuvel 
Cc: Borislav Petkov 
Cc: Brian Gerst 
Cc: Bryan O'Donoghue 
Cc: Denys Vlasenko 
Cc: H. Peter Anvin 
Cc: joeyli 
Cc: Josh Poimboeuf 
Cc: Kweh Hock Leong 
Cc: Linus Torvalds 
Cc: linux-efi@vger.kernel.org
Cc: Mark Salter 
Cc: Matt Fleming 
Cc: Peter Jones 
Cc: Peter Zijlstra 
Cc: Sam Protsenko 
Cc:  # v4.7
Cc: Thomas Gleixner 

Ard Biesheuvel (3):
  efi/capsule-loader: Use a cached copy of the capsule header
  efi/capsule-loader: Redirect calls to efi_capsule_setup_info() via
weak alias
  efi/capsule-loader: Use page addresses rather than struct page
pointers

Austin Christ (1):
  efi/capsule: Allocate whole capsule into virtual memory

Jan Kiszka (5):
  efi/capsule: Fix return code on failing kmap/vmap
  efi/capsule: Remove pr_debug() on ENOMEM or EFAULT
  efi/capsule: Clean up pr_err/_info() messages
  efi/capsule: Adjust return type of efi_capsule_setup_info()
  efi/capsule: Add support for Quark security header

Kweh, Hock Leong (1):
  efi: Add misc char driver interface to update EFI firmware

Matt Fleming (4):
  efi: Move efi_status_to_err() to drivers/firmware/efi/
  efi: Add 'capsule' update support
  x86/efi: Force EFI reboot to process pending capsules
  efi/capsule: Move 'capsule' to the stack in efi_capsule_supported()

 arch/x86/kernel/reboot.c  |   9 +
 arch/x86/platform/efi/quirks.c| 137 ++
 drivers/firmware/efi/Kconfig  |  19 ++
 drivers/firmware/efi/Makefile |   2 +
 drivers/firmware/efi/capsule-loader.c | 330 ++
 drivers/firmware/efi/capsule.c| 294 ++
 drivers/firmware/efi/efi.c|  33 
 drivers/firmware/efi/reboot.c |  12 +-
 drivers/firmware/efi/vars.c   |  33 
 include/linux/efi.h   |  34 
 10 files changed, 869 insertions(+), 34 deletions(-)
 create mode 100644 drivers/firmware/efi/capsule-loader.c
 create mode 100644 drivers/firmware/efi/capsule.c

-- 
2.12.3

--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 05/14] efi/capsule: Move 'capsule' to the stack in efi_capsule_supported()

[Jan Kiszka]

From: Matt Fleming 

commit fb7a84cac03541f4da18dfa25b3f4767d4efc6fc upstream.

Dan Carpenter reports that passing the address of the pointer to the
kmalloc()'d memory for 'capsule' is dangerous:

 "drivers/firmware/efi/capsule.c:109 efi_capsule_supported()
  warn: did you mean to pass the address of 'capsule'

   108
   109  status = efi.query_capsule_caps(, 1, _size, reset);

  If we modify capsule inside this function call then at the end of the
  function we aren't freeing the original pointer that we allocated."

Ard Biesheuvel noted that we don't even need to call kmalloc() since the
object we allocate isn't very big and doesn't need to persist after the
function returns.

Place 'capsule' on the stack instead.

Suggested-by: Ard Biesheuvel 
Reported-by: Dan Carpenter 
Signed-off-by: Matt Fleming 
Acked-by: Ard Biesheuvel 
Cc: Andy Lutomirski 
Cc: Borislav Petkov 
Cc: Brian Gerst 
Cc: Bryan O'Donoghue 
Cc: Denys Vlasenko 
Cc: H. Peter Anvin 
Cc: Kweh Hock Leong 
Cc: Linus Torvalds 
Cc: Peter Zijlstra 
Cc: Thomas Gleixner 
Cc: joeyli 
Cc: linux-efi@vger.kernel.org
Link: 
http://lkml.kernel.org/r/1462570771-13324-4-git-send-email-m...@codeblueprint.co.uk
Signed-off-by: Ingo Molnar 
---
 drivers/firmware/efi/capsule.c | 29 +++--
 1 file changed, 11 insertions(+), 18 deletions(-)

diff --git a/drivers/firmware/efi/capsule.c b/drivers/firmware/efi/capsule.c
index 0de55944ac0b..61e51249ef40 100644
--- a/drivers/firmware/efi/capsule.c
+++ b/drivers/firmware/efi/capsule.c
@@ -90,33 +90,26 @@ out:
  */
 int efi_capsule_supported(efi_guid_t guid, u32 flags, size_t size, int *reset)
 {
-   efi_capsule_header_t *capsule;
+   efi_capsule_header_t capsule;
+   efi_capsule_header_t *cap_list[] = {  };
efi_status_t status;
u64 max_size;
-   int rv = 0;
 
if (flags & ~EFI_CAPSULE_SUPPORTED_FLAG_MASK)
return -EINVAL;
 
-   capsule = kmalloc(sizeof(*capsule), GFP_KERNEL);
-   if (!capsule)
-   return -ENOMEM;
-
-   capsule->headersize = capsule->imagesize = sizeof(*capsule);
-   memcpy(>guid, , sizeof(efi_guid_t));
-   capsule->flags = flags;
+   capsule.headersize = capsule.imagesize = sizeof(capsule);
+   memcpy(, , sizeof(efi_guid_t));
+   capsule.flags = flags;
 
-   status = efi.query_capsule_caps(, 1, _size, reset);
-   if (status != EFI_SUCCESS) {
-   rv = efi_status_to_err(status);
-   goto out;
-   }
+   status = efi.query_capsule_caps(cap_list, 1, _size, reset);
+   if (status != EFI_SUCCESS)
+   return efi_status_to_err(status);
 
if (size > max_size)
-   rv = -ENOSPC;
-out:
-   kfree(capsule);
-   return rv;
+   return -ENOSPC;
+
+   return 0;
 }
 EXPORT_SYMBOL_GPL(efi_capsule_supported);
 
-- 
2.12.3

--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 11/14] efi/capsule-loader: Use a cached copy of the capsule header

[Jan Kiszka]

From: Ard Biesheuvel 

commit 82c3768b8d68c40ecde92338899c838b7c674ffb upstream.

Instead of kmapping the capsule data twice, copy the capsule header
into the capsule info struct we keep locally. This is an improvement
by itself, but will also enable handling of non-standard header formats
more easily.

Signed-off-by: Ard Biesheuvel 
Reviewed-by: Matt Fleming 
Cc: Linus Torvalds 
Cc: Peter Zijlstra 
Cc: Thomas Gleixner 
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20170602135207.21708-7-ard.biesheu...@linaro.org
Signed-off-by: Ingo Molnar 
---
 drivers/firmware/efi/capsule-loader.c | 41 +++
 1 file changed, 17 insertions(+), 24 deletions(-)

diff --git a/drivers/firmware/efi/capsule-loader.c 
b/drivers/firmware/efi/capsule-loader.c
index 37d3f6ec2d28..5b012a467d7d 100644
--- a/drivers/firmware/efi/capsule-loader.c
+++ b/drivers/firmware/efi/capsule-loader.c
@@ -21,13 +21,13 @@
 #define NO_FURTHER_WRITE_ACTION -1
 
 struct capsule_info {
-   boolheader_obtained;
-   int reset_type;
-   longindex;
-   size_t  count;
-   size_t  total_size;
-   struct page **pages;
-   size_t  page_bytes_remain;
+   efi_capsule_header_theader;
+   int reset_type;
+   longindex;
+   size_t  count;
+   size_t  total_size;
+   struct page **pages;
+   size_t  page_bytes_remain;
 };
 
 /**
@@ -56,7 +56,6 @@ static void efi_free_all_buff_pages(struct capsule_info 
*cap_info)
 static int efi_capsule_setup_info(struct capsule_info *cap_info,
  void *kbuff, size_t hdr_bytes)
 {
-   efi_capsule_header_t *cap_hdr;
size_t pages_needed;
int ret;
void *temp_page;
@@ -66,8 +65,9 @@ static int efi_capsule_setup_info(struct capsule_info 
*cap_info,
return 0;
 
/* Reset back to the correct offset of header */
-   cap_hdr = kbuff - cap_info->count;
-   pages_needed = ALIGN(cap_hdr->imagesize, PAGE_SIZE) >> PAGE_SHIFT;
+   kbuff -= cap_info->count;
+   memcpy(_info->header, kbuff, sizeof(cap_info->header));
+   pages_needed = ALIGN(cap_info->header.imagesize, PAGE_SIZE) / PAGE_SIZE;
 
if (pages_needed == 0) {
pr_err("invalid capsule size");
@@ -75,15 +75,16 @@ static int efi_capsule_setup_info(struct capsule_info 
*cap_info,
}
 
/* Check if the capsule binary supported */
-   ret = efi_capsule_supported(cap_hdr->guid, cap_hdr->flags,
-   cap_hdr->imagesize,
+   ret = efi_capsule_supported(cap_info->header.guid,
+   cap_info->header.flags,
+   cap_info->header.imagesize,
_info->reset_type);
if (ret) {
pr_err("capsule not supported\n");
return ret;
}
 
-   cap_info->total_size = cap_hdr->imagesize;
+   cap_info->total_size = cap_info->header.imagesize;
temp_page = krealloc(cap_info->pages,
 pages_needed * sizeof(void *),
 GFP_KERNEL | __GFP_ZERO);
@@ -91,7 +92,6 @@ static int efi_capsule_setup_info(struct capsule_info 
*cap_info,
return -ENOMEM;
 
cap_info->pages = temp_page;
-   cap_info->header_obtained = true;
 
return 0;
 }
@@ -104,15 +104,8 @@ static int efi_capsule_setup_info(struct capsule_info 
*cap_info,
 static ssize_t efi_capsule_submit_update(struct capsule_info *cap_info)
 {
int ret;
-   void *cap_hdr_temp;
 
-   cap_hdr_temp = vmap(cap_info->pages, cap_info->index,
-   VM_MAP, PAGE_KERNEL);
-   if (!cap_hdr_temp)
-   return -ENOMEM;
-
-   ret = efi_capsule_update(cap_hdr_temp, cap_info->pages);
-   vunmap(cap_hdr_temp);
+   ret = efi_capsule_update(_info->header, cap_info->pages);
if (ret) {
pr_err("capsule update failed\n");
return ret;
@@ -192,7 +185,7 @@ static ssize_t efi_capsule_write(struct file *file, const 
char __user *buff,
cap_info->page_bytes_remain -= write_byte;
 
/* Setup capsule binary info structure */
-   if (!cap_info->header_obtained) {
+   if (cap_info->header.headersize == 0) {
ret = efi_capsule_setup_info(cap_info, kbuff,
 cap_info->count + write_byte);
if (ret)
@@ -203,7 +196,7 @@ static ssize_t efi_capsule_write(struct file *file, const 
char __user *buff,
kunmap(page);
 
/* Submit the full binary to efi_capsule_update() API 

[PATCH 09/14] efi/capsule: Clean up pr_err/_info() messages

[Jan Kiszka]

From: Jan Kiszka 

commit 5dce14b9d1a29cf76331f0fe8eb7efd63e0fcb9a upstream.

Avoid __func__, improve the information provided by some of the
messages.

Signed-off-by: Jan Kiszka 
Signed-off-by: Ard Biesheuvel 
Reviewed-by: Matt Fleming 
Cc: Linus Torvalds 
Cc: Peter Zijlstra 
Cc: Thomas Gleixner 
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20170602135207.21708-5-ard.biesheu...@linaro.org
Signed-off-by: Ingo Molnar 
---
 drivers/firmware/efi/capsule-loader.c | 19 ---
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/drivers/firmware/efi/capsule-loader.c 
b/drivers/firmware/efi/capsule-loader.c
index 7b57dda2417d..3fb91e1597a9 100644
--- a/drivers/firmware/efi/capsule-loader.c
+++ b/drivers/firmware/efi/capsule-loader.c
@@ -70,7 +70,7 @@ static ssize_t efi_capsule_setup_info(struct capsule_info 
*cap_info,
pages_needed = ALIGN(cap_hdr->imagesize, PAGE_SIZE) >> PAGE_SHIFT;
 
if (pages_needed == 0) {
-   pr_err("%s: pages count invalid\n", __func__);
+   pr_err("invalid capsule size");
return -EINVAL;
}
 
@@ -79,8 +79,7 @@ static ssize_t efi_capsule_setup_info(struct capsule_info 
*cap_info,
cap_hdr->imagesize,
_info->reset_type);
if (ret) {
-   pr_err("%s: efi_capsule_supported() failed\n",
-  __func__);
+   pr_err("capsule not supported\n");
return ret;
}
 
@@ -115,14 +114,14 @@ static ssize_t efi_capsule_submit_update(struct 
capsule_info *cap_info)
ret = efi_capsule_update(cap_hdr_temp, cap_info->pages);
vunmap(cap_hdr_temp);
if (ret) {
-   pr_err("%s: efi_capsule_update() failed\n", __func__);
+   pr_err("capsule update failed\n");
return ret;
}
 
/* Indicate capsule binary uploading is done */
cap_info->index = NO_FURTHER_WRITE_ACTION;
-   pr_info("%s: Successfully upload capsule file with reboot type '%s'\n",
-   __func__, !cap_info->reset_type ? "RESET_COLD" :
+   pr_info("Successfully upload capsule file with reboot type '%s'\n",
+   !cap_info->reset_type ? "RESET_COLD" :
cap_info->reset_type == 1 ? "RESET_WARM" :
"RESET_SHUTDOWN");
return 0;
@@ -207,8 +206,7 @@ static ssize_t efi_capsule_write(struct file *file, const 
char __user *buff,
if (cap_info->header_obtained &&
cap_info->count >= cap_info->total_size) {
if (cap_info->count > cap_info->total_size) {
-   pr_err("%s: upload size exceeded header defined size\n",
-  __func__);
+   pr_err("capsule upload size exceeded header defined 
size\n");
ret = -EINVAL;
goto failed;
}
@@ -242,7 +240,7 @@ static int efi_capsule_flush(struct file *file, fl_owner_t 
id)
struct capsule_info *cap_info = file->private_data;
 
if (cap_info->index > 0) {
-   pr_err("%s: capsule upload not complete\n", __func__);
+   pr_err("capsule upload not complete\n");
efi_free_all_buff_pages(cap_info);
ret = -ECANCELED;
}
@@ -321,8 +319,7 @@ static int __init efi_capsule_loader_init(void)
 
ret = misc_register(_capsule_misc);
if (ret)
-   pr_err("%s: Failed to register misc char file note\n",
-  __func__);
+   pr_err("Unable to register capsule loader device\n");
 
return ret;
 }
-- 
2.12.3

--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 07/14] efi/capsule: Fix return code on failing kmap/vmap

[Jan Kiszka]

From: Jan Kiszka 

commit fb153dc53f0eb8e8ad6a69f773e44c2d12daa5d0 upstream.

If kmap or vmap fail, it means we ran out of memory. There are no
user-provided addressed involved that would justify EFAULT.

Signed-off-by: Jan Kiszka 
Signed-off-by: Ard Biesheuvel 
Reviewed-by: Matt Fleming 
Cc: Linus Torvalds 
Cc: Peter Zijlstra 
Cc: Thomas Gleixner 
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20170602135207.21708-3-ard.biesheu...@linaro.org
Signed-off-by: Ingo Molnar 
---
 drivers/firmware/efi/capsule-loader.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/firmware/efi/capsule-loader.c 
b/drivers/firmware/efi/capsule-loader.c
index 9ae6c116c474..91e91f7a8807 100644
--- a/drivers/firmware/efi/capsule-loader.c
+++ b/drivers/firmware/efi/capsule-loader.c
@@ -113,7 +113,7 @@ static ssize_t efi_capsule_submit_update(struct 
capsule_info *cap_info)
VM_MAP, PAGE_KERNEL);
if (!cap_hdr_temp) {
pr_debug("%s: vmap() failed\n", __func__);
-   return -EFAULT;
+   return -ENOMEM;
}
 
ret = efi_capsule_update(cap_hdr_temp, cap_info->pages);
@@ -185,7 +185,7 @@ static ssize_t efi_capsule_write(struct file *file, const 
char __user *buff,
kbuff = kmap(page);
if (!kbuff) {
pr_debug("%s: kmap() failed\n", __func__);
-   ret = -EFAULT;
+   ret = -ENOMEM;
goto failed;
}
kbuff += PAGE_SIZE - cap_info->page_bytes_remain;
-- 
2.12.3

--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 12/14] efi/capsule-loader: Redirect calls to efi_capsule_setup_info() via weak alias

[Jan Kiszka]

From: Ard Biesheuvel 

commit 3fabd628d5ea24b02ddb1230ffca1df0f779f84e upstream.

To allow platform specific code to hook into the capsule loading
routines, indirect calls to efi_capsule_setup_info() via a weak alias
of __efi_capsule_setup_info(), allowing platforms to redefine the former
but still use the latter.

Tested-by: Bryan O'Donoghue 
Signed-off-by: Ard Biesheuvel 
Cc: Linus Torvalds 
Cc: Matt Fleming 
Cc: Peter Zijlstra 
Cc: Thomas Gleixner 
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20170602135207.21708-9-ard.biesheu...@linaro.org
Signed-off-by: Ingo Molnar 
---
 drivers/firmware/efi/capsule-loader.c | 56 +--
 include/linux/efi.h   | 12 
 2 files changed, 39 insertions(+), 29 deletions(-)

diff --git a/drivers/firmware/efi/capsule-loader.c 
b/drivers/firmware/efi/capsule-loader.c
index 5b012a467d7d..f7fdeab0bc37 100644
--- a/drivers/firmware/efi/capsule-loader.c
+++ b/drivers/firmware/efi/capsule-loader.c
@@ -20,16 +20,6 @@
 
 #define NO_FURTHER_WRITE_ACTION -1
 
-struct capsule_info {
-   efi_capsule_header_theader;
-   int reset_type;
-   longindex;
-   size_t  count;
-   size_t  total_size;
-   struct page **pages;
-   size_t  page_bytes_remain;
-};
-
 /**
  * efi_free_all_buff_pages - free all previous allocated buffer pages
  * @cap_info: pointer to current instance of capsule_info structure
@@ -46,28 +36,13 @@ static void efi_free_all_buff_pages(struct capsule_info 
*cap_info)
cap_info->index = NO_FURTHER_WRITE_ACTION;
 }
 
-/**
- * efi_capsule_setup_info - obtain the efi capsule header in the binary and
- * setup capsule_info structure
- * @cap_info: pointer to current instance of capsule_info structure
- * @kbuff: a mapped first page buffer pointer
- * @hdr_bytes: the total received number of bytes for efi header
- **/
-static int efi_capsule_setup_info(struct capsule_info *cap_info,
- void *kbuff, size_t hdr_bytes)
+int __efi_capsule_setup_info(struct capsule_info *cap_info)
 {
size_t pages_needed;
int ret;
void *temp_page;
 
-   /* Only process data block that is larger than efi header size */
-   if (hdr_bytes < sizeof(efi_capsule_header_t))
-   return 0;
-
-   /* Reset back to the correct offset of header */
-   kbuff -= cap_info->count;
-   memcpy(_info->header, kbuff, sizeof(cap_info->header));
-   pages_needed = ALIGN(cap_info->header.imagesize, PAGE_SIZE) / PAGE_SIZE;
+   pages_needed = ALIGN(cap_info->total_size, PAGE_SIZE) / PAGE_SIZE;
 
if (pages_needed == 0) {
pr_err("invalid capsule size");
@@ -84,7 +59,6 @@ static int efi_capsule_setup_info(struct capsule_info 
*cap_info,
return ret;
}
 
-   cap_info->total_size = cap_info->header.imagesize;
temp_page = krealloc(cap_info->pages,
 pages_needed * sizeof(void *),
 GFP_KERNEL | __GFP_ZERO);
@@ -97,6 +71,30 @@ static int efi_capsule_setup_info(struct capsule_info 
*cap_info,
 }
 
 /**
+ * efi_capsule_setup_info - obtain the efi capsule header in the binary and
+ * setup capsule_info structure
+ * @cap_info: pointer to current instance of capsule_info structure
+ * @kbuff: a mapped first page buffer pointer
+ * @hdr_bytes: the total received number of bytes for efi header
+ *
+ * Platforms with non-standard capsule update mechanisms can override
+ * this __weak function so they can perform any required capsule
+ * image munging. See quark_quirk_function() for an example.
+ **/
+int __weak efi_capsule_setup_info(struct capsule_info *cap_info, void *kbuff,
+ size_t hdr_bytes)
+{
+   /* Only process data block that is larger than efi header size */
+   if (hdr_bytes < sizeof(efi_capsule_header_t))
+   return 0;
+
+   memcpy(_info->header, kbuff, sizeof(cap_info->header));
+   cap_info->total_size = cap_info->header.imagesize;
+
+   return __efi_capsule_setup_info(cap_info);
+}
+
+/**
  * efi_capsule_submit_update - invoke the efi_capsule_update API once binary
  *upload done
  * @cap_info: pointer to current instance of capsule_info structure
@@ -186,7 +184,7 @@ static ssize_t efi_capsule_write(struct file *file, const 
char __user *buff,
 
/* Setup capsule binary info structure */
if (cap_info->header.headersize == 0) {
-   ret = efi_capsule_setup_info(cap_info, kbuff,
+   ret = efi_capsule_setup_info(cap_info, kbuff - cap_info->count,

[PATCH 14/14] efi/capsule: Add support for Quark security header

[Jan Kiszka]

From: Jan Kiszka 

commit 2959c95d510cc45b246ba727eb8fdf8b601c6eec upstream.

The firmware for Quark X102x prepends a security header to the capsule
which is needed to support the mandatory secure boot on this processor.
The header can be detected by checking for the "_CSH" signature and -
to avoid any GUID conflict - validating its size field to contain the
expected value. Then we need to look for the EFI header right after the
security header and pass the real header to __efi_capsule_setup_info.

To be minimal invasive and maximal safe, the quirk version of
efi_capsule_setup_info() is only effective on Quark processors.

Tested-by: Bryan O'Donoghue 
Signed-off-by: Jan Kiszka 
Signed-off-by: Ard Biesheuvel 
Reviewed-by: Andy Shevchenko 
Cc: Linus Torvalds 
Cc: Matt Fleming 
Cc: Peter Zijlstra 
Cc: Thomas Gleixner 
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20170602135207.21708-11-ard.biesheu...@linaro.org
Signed-off-by: Ingo Molnar 
---
 arch/x86/platform/efi/quirks.c | 137 +
 drivers/firmware/efi/Kconfig   |   9 +++
 2 files changed, 146 insertions(+)

diff --git a/arch/x86/platform/efi/quirks.c b/arch/x86/platform/efi/quirks.c
index 1c7380da65ff..f0361323a805 100644
--- a/arch/x86/platform/efi/quirks.c
+++ b/arch/x86/platform/efi/quirks.c
@@ -10,12 +10,66 @@
 #include 
 #include 
 #include 
+#include 
 
 #define EFI_MIN_RESERVE 5120
 
 #define EFI_DUMMY_GUID \
EFI_GUID(0x4424ac57, 0xbe4b, 0x47dd, 0x9e, 0x97, 0xed, 0x50, 0xf0, 
0x9f, 0x92, 0xa9)
 
+#define QUARK_CSH_SIGNATURE0x5f435348  /* _CSH */
+#define QUARK_SECURITY_HEADER_SIZE 0x400
+
+/*
+ * Header prepended to the standard EFI capsule on Quark systems the are based
+ * on Intel firmware BSP.
+ * @csh_signature: Unique identifier to sanity check signed module
+ * presence ("_CSH").
+ * @version:   Current version of CSH used. Should be one for Quark A0.
+ * @modulesize:Size of the entire module including the module 
header
+ * and payload.
+ * @security_version_number_index: Index of SVN to use for validation of signed
+ * module.
+ * @security_version_number: Used to prevent against roll back of modules.
+ * @rsvd_module_id:Currently unused for Clanton (Quark).
+ * @rsvd_module_vendor:Vendor Identifier. For Intel products value is
+ * 0x8086.
+ * @rsvd_date: BCD representation of build date as mmdd, where
+ * =4 digit year, mm=1-12, dd=1-31.
+ * @headersize:Total length of the header including including 
any
+ * padding optionally added by the signing tool.
+ * @hash_algo: What Hash is used in the module signing.
+ * @cryp_algo: What Crypto is used in the module signing.
+ * @keysize:   Total length of the key data including including any
+ * padding optionally added by the signing tool.
+ * @signaturesize: Total length of the signature including including any
+ * padding optionally added by the signing tool.
+ * @rsvd_next_header:  32-bit pointer to the next Secure Boot Module in the
+ * chain, if there is a next header.
+ * @rsvd:  Reserved, padding structure to required size.
+ *
+ * See also QuartSecurityHeader_t in
+ * Quark_EDKII_v1.2.1.1/QuarkPlatformPkg/Include/QuarkBootRom.h
+ * from 
https://downloadcenter.intel.com/download/23197/Intel-Quark-SoC-X1000-Board-Support-Package-BSP
+ */
+struct quark_security_header {
+   u32 csh_signature;
+   u32 version;
+   u32 modulesize;
+   u32 security_version_number_index;
+   u32 security_version_number;
+   u32 rsvd_module_id;
+   u32 rsvd_module_vendor;
+   u32 rsvd_date;
+   u32 headersize;
+   u32 hash_algo;
+   u32 cryp_algo;
+   u32 keysize;
+   u32 signaturesize;
+   u32 rsvd_next_header;
+   u32 rsvd[2];
+};
+
 static efi_char16_t efi_dummy_name[6] = { 'D', 'U', 'M', 'M', 'Y', 0 };
 
 static bool efi_no_storage_paranoia;
@@ -288,3 +342,86 @@ bool efi_poweroff_required(void)
 {
return !!acpi_gbl_reduced_hardware;
 }
+
+#ifdef CONFIG_EFI_CAPSULE_QUIRK_QUARK_CSH
+
+static int qrk_capsule_setup_info(struct capsule_info *cap_info, void **pkbuff,
+ size_t hdr_bytes)
+{
+   struct quark_security_header *csh = *pkbuff;
+
+   /* Only process data block that is larger than the security header */
+   if (hdr_bytes < sizeof(struct quark_security_header))
+   return 0;
+
+   if (csh->csh_signature != QUARK_CSH_SIGNATURE ||
+   csh->headersize != 

[PATCH 08/14] efi/capsule: Remove pr_debug() on ENOMEM or EFAULT

[Jan Kiszka]

From: Jan Kiszka 

commit 7367633f0bfd783ae5838141f3af88bba6c45eb9 upstream.

Both cases are not worth a debug log message - the error code is telling
enough.

Signed-off-by: Jan Kiszka 
Signed-off-by: Ard Biesheuvel 
Reviewed-by: Matt Fleming 
Cc: Linus Torvalds 
Cc: Peter Zijlstra 
Cc: Thomas Gleixner 
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20170602135207.21708-4-ard.biesheu...@linaro.org
Signed-off-by: Ingo Molnar 
---
 drivers/firmware/efi/capsule-loader.c | 11 ++-
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/drivers/firmware/efi/capsule-loader.c 
b/drivers/firmware/efi/capsule-loader.c
index 91e91f7a8807..7b57dda2417d 100644
--- a/drivers/firmware/efi/capsule-loader.c
+++ b/drivers/firmware/efi/capsule-loader.c
@@ -88,10 +88,8 @@ static ssize_t efi_capsule_setup_info(struct capsule_info 
*cap_info,
temp_page = krealloc(cap_info->pages,
 pages_needed * sizeof(void *),
 GFP_KERNEL | __GFP_ZERO);
-   if (!temp_page) {
-   pr_debug("%s: krealloc() failed\n", __func__);
+   if (!temp_page)
return -ENOMEM;
-   }
 
cap_info->pages = temp_page;
cap_info->header_obtained = true;
@@ -111,10 +109,8 @@ static ssize_t efi_capsule_submit_update(struct 
capsule_info *cap_info)
 
cap_hdr_temp = vmap(cap_info->pages, cap_info->index,
VM_MAP, PAGE_KERNEL);
-   if (!cap_hdr_temp) {
-   pr_debug("%s: vmap() failed\n", __func__);
+   if (!cap_hdr_temp)
return -ENOMEM;
-   }
 
ret = efi_capsule_update(cap_hdr_temp, cap_info->pages);
vunmap(cap_hdr_temp);
@@ -171,7 +167,6 @@ static ssize_t efi_capsule_write(struct file *file, const 
char __user *buff,
if (!cap_info->page_bytes_remain) {
page = alloc_page(GFP_KERNEL);
if (!page) {
-   pr_debug("%s: alloc_page() failed\n", __func__);
ret = -ENOMEM;
goto failed;
}
@@ -184,7 +179,6 @@ static ssize_t efi_capsule_write(struct file *file, const 
char __user *buff,
 
kbuff = kmap(page);
if (!kbuff) {
-   pr_debug("%s: kmap() failed\n", __func__);
ret = -ENOMEM;
goto failed;
}
@@ -193,7 +187,6 @@ static ssize_t efi_capsule_write(struct file *file, const 
char __user *buff,
/* Copy capsule binary data from user space to kernel space buffer */
write_byte = min_t(size_t, count, cap_info->page_bytes_remain);
if (copy_from_user(kbuff, buff, write_byte)) {
-   pr_debug("%s: copy_from_user() failed\n", __func__);
ret = -EFAULT;
goto fail_unmap;
}
-- 
2.12.3

--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 10/14] efi/capsule: Adjust return type of efi_capsule_setup_info()

[Jan Kiszka]

From: Jan Kiszka 

commit 41b0c376951417d1b37448957b30f766b10d3090 upstream.

We actually expect int at the caller and never return any size
information.

Signed-off-by: Jan Kiszka 
Signed-off-by: Ard Biesheuvel 
Reviewed-by: Matt Fleming 
Cc: Linus Torvalds 
Cc: Peter Zijlstra 
Cc: Thomas Gleixner 
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20170602135207.21708-6-ard.biesheu...@linaro.org
Signed-off-by: Ingo Molnar 
---
 drivers/firmware/efi/capsule-loader.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/firmware/efi/capsule-loader.c 
b/drivers/firmware/efi/capsule-loader.c
index 3fb91e1597a9..37d3f6ec2d28 100644
--- a/drivers/firmware/efi/capsule-loader.c
+++ b/drivers/firmware/efi/capsule-loader.c
@@ -53,8 +53,8 @@ static void efi_free_all_buff_pages(struct capsule_info 
*cap_info)
  * @kbuff: a mapped first page buffer pointer
  * @hdr_bytes: the total received number of bytes for efi header
  **/
-static ssize_t efi_capsule_setup_info(struct capsule_info *cap_info,
- void *kbuff, size_t hdr_bytes)
+static int efi_capsule_setup_info(struct capsule_info *cap_info,
+ void *kbuff, size_t hdr_bytes)
 {
efi_capsule_header_t *cap_hdr;
size_t pages_needed;
-- 
2.12.3

--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 13/14] efi/capsule-loader: Use page addresses rather than struct page pointers

[Jan Kiszka]

From: Ard Biesheuvel 

commit 2a457fb31df62c6b482f78e4f74aaed99271f44d upstream.

To give some leeway to code that handles non-standard capsule headers,
let's keep an array of page addresses rather than struct page pointers.

This gives special implementations of efi_capsule_setup_info() the
opportunity to mangle the payload a bit before it is presented to the
firmware, without putting any knowledge of the nature of such quirks
into the generic code.

Tested-by: Bryan O'Donoghue 
Signed-off-by: Ard Biesheuvel 
Cc: Linus Torvalds 
Cc: Matt Fleming 
Cc: Peter Zijlstra 
Cc: Thomas Gleixner 
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20170602135207.21708-10-ard.biesheu...@linaro.org
Signed-off-by: Ingo Molnar 
---
 drivers/firmware/efi/capsule-loader.c | 12 
 drivers/firmware/efi/capsule.c|  7 ---
 include/linux/efi.h   |  4 ++--
 3 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/drivers/firmware/efi/capsule-loader.c 
b/drivers/firmware/efi/capsule-loader.c
index f7fdeab0bc37..feeafb673c07 100644
--- a/drivers/firmware/efi/capsule-loader.c
+++ b/drivers/firmware/efi/capsule-loader.c
@@ -20,6 +20,10 @@
 
 #define NO_FURTHER_WRITE_ACTION -1
 
+#ifndef phys_to_page
+#define phys_to_page(x)pfn_to_page((x) >> PAGE_SHIFT)
+#endif
+
 /**
  * efi_free_all_buff_pages - free all previous allocated buffer pages
  * @cap_info: pointer to current instance of capsule_info structure
@@ -31,7 +35,7 @@
 static void efi_free_all_buff_pages(struct capsule_info *cap_info)
 {
while (cap_info->index > 0)
-   __free_page(cap_info->pages[--cap_info->index]);
+   __free_page(phys_to_page(cap_info->pages[--cap_info->index]));
 
cap_info->index = NO_FURTHER_WRITE_ACTION;
 }
@@ -161,12 +165,12 @@ static ssize_t efi_capsule_write(struct file *file, const 
char __user *buff,
goto failed;
}
 
-   cap_info->pages[cap_info->index++] = page;
+   cap_info->pages[cap_info->index++] = page_to_phys(page);
cap_info->page_bytes_remain = PAGE_SIZE;
+   } else {
+   page = phys_to_page(cap_info->pages[cap_info->index - 1]);
}
 
-   page = cap_info->pages[cap_info->index - 1];
-
kbuff = kmap(page);
if (!kbuff) {
ret = -ENOMEM;
diff --git a/drivers/firmware/efi/capsule.c b/drivers/firmware/efi/capsule.c
index 1106773468b2..4a867c65d740 100644
--- a/drivers/firmware/efi/capsule.c
+++ b/drivers/firmware/efi/capsule.c
@@ -218,7 +218,7 @@ efi_capsule_update_locked(efi_capsule_header_t *capsule,
  *
  * Return 0 on success, a converted EFI status code on failure.
  */
-int efi_capsule_update(efi_capsule_header_t *capsule, struct page **pages)
+int efi_capsule_update(efi_capsule_header_t *capsule, phys_addr_t *pages)
 {
u32 imagesize = capsule->imagesize;
efi_guid_t guid = capsule->guid;
@@ -257,10 +257,11 @@ int efi_capsule_update(efi_capsule_header_t *capsule, 
struct page **pages)
}
 
for (j = 0; j < SGLIST_PER_PAGE && count > 0; j++) {
-   u64 sz = min_t(u64, imagesize, PAGE_SIZE);
+   u64 sz = min_t(u64, imagesize,
+  PAGE_SIZE - (u64)*pages % PAGE_SIZE);
 
sglist[j].length = sz;
-   sglist[j].data = page_to_phys(*pages++);
+   sglist[j].data = *pages++;
 
imagesize -= sz;
count--;
diff --git a/include/linux/efi.h b/include/linux/efi.h
index b386097e45bc..23a2a274bc6c 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -135,7 +135,7 @@ struct capsule_info {
longindex;
size_t  count;
size_t  total_size;
-   struct page **pages;
+   phys_addr_t *pages;
size_t  page_bytes_remain;
 };
 
@@ -1246,7 +1246,7 @@ extern int efi_capsule_supported(efi_guid_t guid, u32 
flags,
 size_t size, int *reset);
 
 extern int efi_capsule_update(efi_capsule_header_t *capsule,
- struct page **pages);
+ phys_addr_t *pages);
 
 #ifdef CONFIG_EFI_RUNTIME_MAP
 int efi_runtime_map_init(struct kobject *);
-- 
2.12.3

--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [RFC Part1 PATCH v3 16/17] X86/KVM: Provide support to create Guest and HV shared per-CPU variables

[Borislav Petkov]

On Wed, Aug 30, 2017 at 11:18:42AM -0500, Brijesh Singh wrote:
> I was trying to avoid mixing early and no-early set_memory_decrypted() but if
> feedback is: use early_set_memory_decrypted() only if its required otherwise
> use set_memory_decrypted() then I can improve the logic in next rev. thanks

Yes, I think you should use the early versions when you're, well,
*early* :-) But get rid of that for_each_possible_cpu() and do it only
on the current CPU, as this is a per-CPU path anyway. If you need to
do it on *every* CPU and very early, then you need a separate function
which is called in kvm_smp_prepare_boot_cpu() as there you're pre-SMP.

Thx.

-- 
Regards/Gruss,
Boris.

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 
(AG Nürnberg)
-- 
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [RFC Part1 PATCH v3 16/17] X86/KVM: Provide support to create Guest and HV shared per-CPU variables

[Brijesh Singh]

Hi Boris,

On 08/29/2017 05:22 AM, Borislav Petkov wrote:

[...]


On Mon, Jul 24, 2017 at 02:07:56PM -0500, Brijesh Singh wrote:

Some KVM specific MSR's (steal-time, asyncpf, avic_eio) allocates per-CPU


   MSRs


variable at compile time and share its physical address with hypervisor.


That sentence needs changing - the MSRs don't allocate - for them gets
allocated.


It presents a challege when SEV is active in guest OS, when SEV is active,
the guest memory is encrypted with guest key hence hypervisor will not
able to modify the guest memory. When SEV is active, we need to clear the
encryption attribute (aka C-bit) of shared physical addresses so that both
guest and hypervisor can access the data.


This whole paragraph needs rewriting.



I will improve the commit message in next rev.

[...]


+/* NOTE: function is marked as __ref because it is used by __init functions */


No need for that comment.

What should you look into is why do you need to call the early versions:

" * producing a warning (of course, no warning does not mean code is
  * correct, so optimally document why the __ref is needed and why it's OK)."

And we do have the normal set_memory_decrypted() etc helpers so why
aren't we using those?



Since kvm_guest_init() is called early in the boot process hence we will not
able to use set_memory_decrypted() function. IIRC, if we try calling
set_memory_decrypted() early then we will hit a BUG_ON [1] -- mainly when it
tries to flush the caches.

[1] 
http://elixir.free-electrons.com/linux/latest/source/arch/x86/mm/pageattr.c#L167




If you need to use the early ones too, then you probably need to
differentiate this in the callers by passing a "bool early", which calls
the proper flavor.



Sure I can rearrange code to make it more readable and use "bool early"
parameter to differentiate it.



+static int __ref kvm_map_hv_shared_decrypted(void)
+{
+   static int once, ret;
+   int cpu;
+
+   if (once)
+   return ret;


So this function gets called per-CPU but you need to do this ugly "once"
thing - i.e., global function called in a per-CPU context.

Why can't you do that mapping only on the current CPU and then
when that function is called on the next CPU, it will do the same thing
on that next CPU?




Yes, it can be done but I remember running into issues during the CPU hot plug.
The patch uses early_set_memory_decrypted() -- which calls
kernel_physical_mapping_init() to split the large pages into smaller. IIRC, the
API did not work after the system is successfully booted. After the system is
booted we must use the set_memory_decrypted().

I was trying to avoid mixing early and no-early set_memory_decrypted() but if
feedback is: use early_set_memory_decrypted() only if its required otherwise
use set_memory_decrypted() then I can improve the logic in next rev. thanks


[...]


diff --git a/include/asm-generic/vmlinux.lds.h 
b/include/asm-generic/vmlinux.lds.h
index da0be9a..52854cf 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -783,6 +783,9 @@
. = ALIGN(cacheline);   \
*(.data..percpu)\
*(.data..percpu..shared_aligned)\
+   . = ALIGN(PAGE_SIZE);   \
+   *(.data..percpu..hv_shared) \
+   . = ALIGN(PAGE_SIZE);   \
VMLINUX_SYMBOL(__per_cpu_end) = .;


Yeah, no, you can't do that. That's adding this section unconditionally
on *every* arch. You need to do some ifdeffery like it is done at the
beginning of that file and have this only on the arch which supports SEV.




Will do . thanks

-Brijesh
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v1 6/6] device property: Switch to use new generic UUID API

[Christoph Hellwig]

On Wed, Aug 30, 2017 at 03:46:34PM +0200, Rafael J. Wysocki wrote:
> 3689d3d69072 ACPI: device property: Switch to use new generic UUID API
> 
> in my linux-next branch.  Isn't it this one?

Yes, that should be it.  Somehow my linux-next tree seems to be
a mess through or my git log skills aren't what they used to be
anymore.
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v1 6/6] device property: Switch to use new generic UUID API

[Rafael J. Wysocki]

On Wednesday, August 30, 2017 2:41:41 PM CEST Christoph Hellwig wrote:
> On Wed, Jul 26, 2017 at 02:27:44AM +0200, Rafael J. Wysocki wrote:
> > > >> > Cc: "Rafael J. Wysocki" 
> > > >> > Cc: Mika Westerberg 
> > > >>
> > > >> Acked-by: Mika Westerberg 
> > > >
> > > > OK
> > > >
> > > > Andy, do you want me to apply this?
> > > 
> > > If you would like to.
> > > 
> > > The patch is now pretty independent since necessary stuff made v4.13-rc1.
> > 
> > OK
> 
> This didn't seem to make it into linux-next so far, though.

I have

3689d3d69072 ACPI: device property: Switch to use new generic UUID API

in my linux-next branch.  Isn't it this one?

--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v1 3/6] staging: unisys: Switch to use new generic UUID API

[Greg Kroah-Hartman]

On Wed, Aug 30, 2017 at 02:38:45PM +0200, Christoph Hellwig wrote:
> On Mon, Jul 31, 2017 at 08:20:25PM +0300, Andy Shevchenko wrote:
> > Yep! There are so many conflicts that would be better just to push
> > through your tree.
> > 
> > I have just sent a v2 of this patch separately.
> 
> Greg, did you pick that patch up?

Yes, it's already in my tree and in linux-next.

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v1 3/6] staging: unisys: Switch to use new generic UUID API

[Andy Shevchenko]

On Wed, 2017-08-30 at 14:38 +0200, Christoph Hellwig wrote:
> On Mon, Jul 31, 2017 at 08:20:25PM +0300, Andy Shevchenko wrote:
> > Yep! There are so many conflicts that would be better just to push
> > through your tree.
> > 
> > I have just sent a v2 of this patch separately.
> 
> Greg, did you pick that patch up?

That patch in his tree.

-- 
Andy Shevchenko 
Intel Finland Oy
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v1 6/6] device property: Switch to use new generic UUID API

[Christoph Hellwig]

On Wed, Jul 26, 2017 at 02:27:44AM +0200, Rafael J. Wysocki wrote:
> > >> > Cc: "Rafael J. Wysocki" 
> > >> > Cc: Mika Westerberg 
> > >>
> > >> Acked-by: Mika Westerberg 
> > >
> > > OK
> > >
> > > Andy, do you want me to apply this?
> > 
> > If you would like to.
> > 
> > The patch is now pretty independent since necessary stuff made v4.13-rc1.
> 
> OK

This didn't seem to make it into linux-next so far, though.
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v1 3/6] staging: unisys: Switch to use new generic UUID API

[Christoph Hellwig]

On Mon, Jul 31, 2017 at 08:20:25PM +0300, Andy Shevchenko wrote:
> Yep! There are so many conflicts that would be better just to push
> through your tree.
> 
> I have just sent a v2 of this patch separately.

Greg, did you pick that patch up?
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html