Re: [PATCH 00/14] EFI capsule update support for IOT2000 devices
On 30 August 2017 at 20:27, Jan Kiszkawrote: > On 2017-08-30 21:24, Ard Biesheuvel wrote: >> Hello Jan, >> >> On 30 August 2017 at 20:13, Jan Kiszka wrote: >>> Last chunk: This backports EFI capsule updates, primarily for the use >>> with the IOT2020 and IOT2040, the latter with Quark-proprietary security >>> header format. The feature should also work for the Galileo Gen 2 and, >>> at least conceptually, for any EFI capsule update compatible firmware. >>> >> >> What is the purpose of this series? I hope you are not expecting this >> to be considered for -stable? >> Please check Documentation/process/stable-kernel-rules.rst for >> guidelines on what is appropriate for -stable. > > Argh, sorry. Missed that I didn't activate the CC filter for this one. > > Everyone except for Ben and cip-dev, please ignore - this is just a > backport to the CIP SLTS kernel. > OK no worries -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 00/14] EFI capsule update support for IOT2000 devices
Hello Jan, On 30 August 2017 at 20:13, Jan Kiszkawrote: > Last chunk: This backports EFI capsule updates, primarily for the use > with the IOT2020 and IOT2040, the latter with Quark-proprietary security > header format. The feature should also work for the Galileo Gen 2 and, > at least conceptually, for any EFI capsule update compatible firmware. > What is the purpose of this series? I hope you are not expecting this to be considered for -stable? Please check Documentation/process/stable-kernel-rules.rst for guidelines on what is appropriate for -stable. > Cc: Andy Lutomirski > Cc: Andy Lutomirski > Cc: Ard Biesheuvel > Cc: Borislav Petkov > Cc: Brian Gerst > Cc: Bryan O'Donoghue > Cc: Denys Vlasenko > Cc: H. Peter Anvin > Cc: joeyli > Cc: Josh Poimboeuf > Cc: Kweh Hock Leong > Cc: Linus Torvalds > Cc: linux-efi@vger.kernel.org > Cc: Mark Salter > Cc: Matt Fleming > Cc: Peter Jones > Cc: Peter Zijlstra > Cc: Sam Protsenko > Cc: # v4.7 > Cc: Thomas Gleixner > > Ard Biesheuvel (3): > efi/capsule-loader: Use a cached copy of the capsule header > efi/capsule-loader: Redirect calls to efi_capsule_setup_info() via > weak alias > efi/capsule-loader: Use page addresses rather than struct page > pointers > > Austin Christ (1): > efi/capsule: Allocate whole capsule into virtual memory > > Jan Kiszka (5): > efi/capsule: Fix return code on failing kmap/vmap > efi/capsule: Remove pr_debug() on ENOMEM or EFAULT > efi/capsule: Clean up pr_err/_info() messages > efi/capsule: Adjust return type of efi_capsule_setup_info() > efi/capsule: Add support for Quark security header > > Kweh, Hock Leong (1): > efi: Add misc char driver interface to update EFI firmware > > Matt Fleming (4): > efi: Move efi_status_to_err() to drivers/firmware/efi/ > efi: Add 'capsule' update support > x86/efi: Force EFI reboot to process pending capsules > efi/capsule: Move 'capsule' to the stack in efi_capsule_supported() > > arch/x86/k ernel/reboot.c | 9 + > arch/x86/platform/efi/quirks.c| 137 ++ > drivers/firmware/efi/Kconfig | 19 ++ > drivers/firmware/efi/Makefile | 2 + > drivers/firmware/efi/capsule-loader.c | 330 > ++ > drivers/firmware/efi/capsule.c| 294 ++ > drivers/firmware/efi/efi.c| 33 > drivers/firmware/efi/reboot.c | 12 +- > drivers/firmware/efi/vars.c | 33 > include/linux/efi.h | 34 > 10 files changed, 869 insertions(+), 34 deletions(-) > create mode 100644 drivers/firmware/efi/capsule-loader.c > create mode 100644 drivers/firmware/efi/capsule.c > > -- > 2.12.3 > -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 03/14] x86/efi: Force EFI reboot to process pending capsules
From: Matt Flemingcommit 87615a34d561ef59bd0cffc73256a21220dfdffd upstream. If an EFI capsule has been sent to the firmware we must match the type of EFI reset against that required by the capsule to ensure it is processed correctly. Force an EFI reboot if a capsule is pending for the next reset. Signed-off-by: Matt Fleming Cc: Ard Biesheuvel Cc: Borislav Petkov Cc: Kweh Hock Leong Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: joeyli Cc: linux-efi@vger.kernel.org Link: http://lkml.kernel.org/r/1461614832-17633-29-git-send-email-m...@codeblueprint.co.uk Signed-off-by: Ingo Molnar --- arch/x86/kernel/reboot.c | 9 + include/linux/efi.h | 6 ++ 2 files changed, 15 insertions(+) diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c index f660d63f40fe..01d9e1edda07 100644 --- a/arch/x86/kernel/reboot.c +++ b/arch/x86/kernel/reboot.c @@ -535,6 +535,15 @@ static void native_machine_emergency_restart(void) mode = reboot_mode == REBOOT_WARM ? 0x1234 : 0; *((unsigned short *)__va(0x472)) = mode; + /* +* If an EFI capsule has been registered with the firmware then +* override the reboot= parameter. +*/ + if (efi_capsule_pending(NULL)) { + pr_info("EFI capsule is pending, forcing EFI reboot.\n"); + reboot_type = BOOT_EFI; + } + for (;;) { /* Could also try the reset bit in the Hammer NB */ switch (reboot_type) { diff --git a/include/linux/efi.h b/include/linux/efi.h index 4899c679622d..5a0b8f7a54c8 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -1004,6 +1004,12 @@ static inline bool efi_enabled(int feature) } static inline void efi_reboot(enum reboot_mode reboot_mode, const char *__unused) {} + +static inline bool +efi_capsule_pending(int *reset_type) +{ + return false; +} #endif extern int efi_status_to_err(efi_status_t status); -- 2.12.3 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 01/14] efi: Move efi_status_to_err() to drivers/firmware/efi/
From: Matt Flemingcommit 806b0351c9ff9890c1ef0ba2c46237baef49ac79 upstream. Move efi_status_to_err() to the architecture independent code as it's generally useful in all bits of EFI code where there is a need to convert an efi_status_t to a kernel error value. Signed-off-by: Matt Fleming Acked-by: Ard Biesheuvel Cc: Borislav Petkov Cc: Kweh Hock Leong Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: joeyli Cc: linux-efi@vger.kernel.org Link: http://lkml.kernel.org/r/1461614832-17633-27-git-send-email-m...@codeblueprint.co.uk Signed-off-by: Ingo Molnar --- drivers/firmware/efi/efi.c | 33 + drivers/firmware/efi/vars.c | 33 - include/linux/efi.h | 2 ++ 3 files changed, 35 insertions(+), 33 deletions(-) diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c index 3b52677f459a..33d60992a580 100644 --- a/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c @@ -663,3 +663,36 @@ u64 __weak efi_mem_attributes(unsigned long phys_addr) } return 0; } + +int efi_status_to_err(efi_status_t status) +{ + int err; + + switch (status) { + case EFI_SUCCESS: + err = 0; + break; + case EFI_INVALID_PARAMETER: + err = -EINVAL; + break; + case EFI_OUT_OF_RESOURCES: + err = -ENOSPC; + break; + case EFI_DEVICE_ERROR: + err = -EIO; + break; + case EFI_WRITE_PROTECTED: + err = -EROFS; + break; + case EFI_SECURITY_VIOLATION: + err = -EACCES; + break; + case EFI_NOT_FOUND: + err = -ENOENT; + break; + default: + err = -EINVAL; + } + + return err; +} diff --git a/drivers/firmware/efi/vars.c b/drivers/firmware/efi/vars.c index 6f182fd91a6d..38e36526ba02 100644 --- a/drivers/firmware/efi/vars.c +++ b/drivers/firmware/efi/vars.c @@ -318,39 +318,6 @@ check_var_size(u32 attributes, unsigned long size) return fops->query_variable_store(attributes, size); } -static int efi_status_to_err(efi_status_t status) -{ - int err; - - switch (status) { - case EFI_SUCCESS: - err = 0; - break; - case EFI_INVALID_PARAMETER: - err = -EINVAL; - break; - case EFI_OUT_OF_RESOURCES: - err = -ENOSPC; - break; - case EFI_DEVICE_ERROR: - err = -EIO; - break; - case EFI_WRITE_PROTECTED: - err = -EROFS; - break; - case EFI_SECURITY_VIOLATION: - err = -EACCES; - break; - case EFI_NOT_FOUND: - err = -ENOENT; - break; - default: - err = -EINVAL; - } - - return err; -} - static bool variable_is_present(efi_char16_t *variable_name, efi_guid_t *vendor, struct list_head *head) { diff --git a/include/linux/efi.h b/include/linux/efi.h index 47be3ad7d3e5..774e9a0d49f1 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -999,6 +999,8 @@ static inline void efi_reboot(enum reboot_mode reboot_mode, const char *__unused) {} #endif +extern int efi_status_to_err(efi_status_t status); + /* * Variable Attributes */ -- 2.12.3 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 02/14] efi: Add 'capsule' update support
From: Matt Flemingcommit f0133f3c5b8bb34ec4dec50c27e7a655aeee8935 upstream. The EFI capsule mechanism allows data blobs to be passed to the EFI firmware. A common use case is performing firmware updates. This patch just introduces the main infrastructure for interacting with the firmware, and a driver that allows users to upload capsules will come in a later patch. Once a capsule has been passed to the firmware, the next reboot must be performed using the ResetSystem() EFI runtime service, which may involve overriding the reboot type specified by reboot=. This ensures the reset value returned by QueryCapsuleCapabilities() is used to reset the system, which is required for the capsule to be processed. efi_capsule_pending() is provided for this purpose. At the moment we only allow a single capsule blob to be sent to the firmware despite the fact that UpdateCapsule() takes a 'CapsuleCount' parameter. This simplifies the API and shouldn't result in any downside since it is still possible to send multiple capsules by repeatedly calling UpdateCapsule(). Signed-off-by: Matt Fleming Cc: Ard Biesheuvel Cc: Borislav Petkov Cc: Bryan O'Donoghue Cc: Kweh Hock Leong Cc: Mark Salter Cc: Peter Jones Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: joeyli Cc: linux-efi@vger.kernel.org Link: http://lkml.kernel.org/r/1461614832-17633-28-git-send-email-m...@codeblueprint.co.uk Signed-off-by: Ingo Molnar --- drivers/firmware/efi/Makefile | 1 + drivers/firmware/efi/capsule.c | 300 + drivers/firmware/efi/reboot.c | 12 +- include/linux/efi.h| 14 ++ 4 files changed, 326 insertions(+), 1 deletion(-) create mode 100644 drivers/firmware/efi/capsule.c diff --git a/drivers/firmware/efi/Makefile b/drivers/firmware/efi/Makefile index ec379a4164cc..54b19cdbfcf8 100644 --- a/drivers/firmware/efi/Makefile +++ b/drivers/firmware/efi/Makefile @@ -10,6 +10,7 @@ KASAN_SANITIZE_runtime-wrappers.o := n obj-$(CONFIG_EFI) += efi.o vars.o reboot.o +obj-$(CONFIG_EFI) += capsule.o obj-$(CONFIG_EFI_VARS) += efivars.o obj-$(CONFIG_EFI_ESRT) += esrt.o obj-$(CONFIG_EFI_VARS_PSTORE) += efi-pstore.o diff --git a/drivers/firmware/efi/capsule.c b/drivers/firmware/efi/capsule.c new file mode 100644 index ..0de55944ac0b --- /dev/null +++ b/drivers/firmware/efi/capsule.c @@ -0,0 +1,300 @@ +/* + * EFI capsule support. + * + * Copyright 2013 Intel Corporation; author Matt Fleming + * + * This file is part of the Linux kernel, and is made available under + * the terms of the GNU General Public License version 2. + */ + +#define pr_fmt(fmt) "efi: " fmt + +#include +#include +#include +#include +#include +#include + +typedef struct { + u64 length; + u64 data; +} efi_capsule_block_desc_t; + +static bool capsule_pending; +static int efi_reset_type = -1; + +/* + * capsule_mutex serialises access to both capsule_pending and + * efi_reset_type. + */ +static DEFINE_MUTEX(capsule_mutex); + +/** + * efi_capsule_pending - has a capsule been passed to the firmware? + * @reset_type: store the type of EFI reset if capsule is pending + * + * To ensure that the registered capsule is processed correctly by the + * firmware we need to perform a specific type of reset. If a capsule is + * pending return the reset type in @reset_type. + * + * This function will race with callers of efi_capsule_update(), for + * example, calling this function while somebody else is in + * efi_capsule_update() but hasn't reached efi_capsue_update_locked() + * will miss the updates to capsule_pending and efi_reset_type after + * efi_capsule_update_locked() completes. + * + * A non-racy use is from platform reboot code because we use + * system_state to ensure no capsules can be sent to the firmware once + * we're at SYSTEM_RESTART. See efi_capsule_update_locked(). + */ +bool efi_capsule_pending(int *reset_type) +{ + bool rv = false; + + mutex_lock(_mutex); + if (!capsule_pending) + goto out; + + if (reset_type) + *reset_type = efi_reset_type; + rv = true; +out: + mutex_unlock(_mutex); + return rv; +} + +/* + * Whitelist of EFI capsule flags that we support. + * + * We do not handle EFI_CAPSULE_INITIATE_RESET because that would + * require us to prepare the kernel for reboot. Refuse to load any + * capsules with that flag and any other flags that we do not know how + * to handle. + */ +#define EFI_CAPSULE_SUPPORTED_FLAG_MASK\ + (EFI_CAPSULE_PERSIST_ACROSS_RESET | EFI_CAPSULE_POPULATE_SYSTEM_TABLE) + +/** + * efi_capsule_supported - does the
[PATCH 06/14] efi/capsule: Allocate whole capsule into virtual memory
From: Austin Christcommit 6862e6ad95e984991a6ceec592cf67831658f928 upstream. According to UEFI 2.6 section 7.5.3, the capsule should be in contiguous virtual memory and firmware may consume the capsule immediately. To correctly implement this functionality, the kernel driver needs to vmap the entire capsule at the time it is made available to firmware. The virtual allocation of the capsule update has been changed from kmap, which was only allocating the first page of the update, to vmap, and allocates the entire data payload. Signed-off-by: Austin Christ Signed-off-by: Matt Fleming Reviewed-by: Matt Fleming Reviewed-by: Lee, Chun-Yi Cc: # v4.7 Cc: Andy Lutomirski Cc: Ard Biesheuvel Cc: Borislav Petkov Cc: Brian Gerst Cc: Bryan O'Donoghue Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Josh Poimboeuf Cc: Kweh Hock Leong Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-efi@vger.kernel.org Link: http://lkml.kernel.org/r/1470912120-22831-3-git-send-email-m...@codeblueprint.co.uk Signed-off-by: Ingo Molnar --- drivers/firmware/efi/capsule-loader.c | 8 +--- drivers/firmware/efi/capsule.c| 6 +++--- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/drivers/firmware/efi/capsule-loader.c b/drivers/firmware/efi/capsule-loader.c index c99c24bc79b0..9ae6c116c474 100644 --- a/drivers/firmware/efi/capsule-loader.c +++ b/drivers/firmware/efi/capsule-loader.c @@ -16,6 +16,7 @@ #include #include #include +#include #define NO_FURTHER_WRITE_ACTION -1 @@ -108,14 +109,15 @@ static ssize_t efi_capsule_submit_update(struct capsule_info *cap_info) int ret; void *cap_hdr_temp; - cap_hdr_temp = kmap(cap_info->pages[0]); + cap_hdr_temp = vmap(cap_info->pages, cap_info->index, + VM_MAP, PAGE_KERNEL); if (!cap_hdr_temp) { - pr_debug("%s: kmap() failed\n", __func__); + pr_debug("%s: vmap() failed\n", __func__); return -EFAULT; } ret = efi_capsule_update(cap_hdr_temp, cap_info->pages); - kunmap(cap_info->pages[0]); + vunmap(cap_hdr_temp); if (ret) { pr_err("%s: efi_capsule_update() failed\n", __func__); return ret; diff --git a/drivers/firmware/efi/capsule.c b/drivers/firmware/efi/capsule.c index 61e51249ef40..1106773468b2 100644 --- a/drivers/firmware/efi/capsule.c +++ b/drivers/firmware/efi/capsule.c @@ -194,9 +194,9 @@ efi_capsule_update_locked(efi_capsule_header_t *capsule, * map the capsule described by @capsule with its data in @pages and * send it to the firmware via the UpdateCapsule() runtime service. * - * @capsule must be a virtual mapping of the first page in @pages - * (@pages[0]) in the kernel address space. That is, a - * capsule_header_t that describes the entire contents of the capsule + * @capsule must be a virtual mapping of the complete capsule update in the + * kernel address space, as the capsule can be consumed immediately. + * A capsule_header_t that describes the entire contents of the capsule * must be at the start of the first data page. * * Even though this function will validate that the firmware supports -- 2.12.3 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 04/14] efi: Add misc char driver interface to update EFI firmware
From: Kweh, Hock Leongcommit 65117f1aa1b2d145fd5ca376bde642794d0aae1b upstream. This patch introduces a kernel module to expose a capsule loader interface (misc char device file note) for users to upload capsule binaries. Example: cat firmware.bin > /dev/efi_capsule_loader Any upload error will be returned while doing "cat" through file operation write() function call. Signed-off-by: Kweh, Hock Leong [ Update comments and Kconfig text ] Signed-off-by: Matt Fleming Reviewed-by: Bryan O'Donoghue Acked-by: Greg Kroah-Hartman Cc: Andy Lutomirski Cc: Ard Biesheuvel Cc: Borislav Petkov Cc: Peter Jones Cc: Peter Zijlstra Cc: Sam Protsenko Cc: Thomas Gleixner Cc: joeyli Cc: linux-efi@vger.kernel.org Link: http://lkml.kernel.org/r/1461614832-17633-30-git-send-email-m...@codeblueprint.co.uk Signed-off-by: Ingo Molnar --- drivers/firmware/efi/Kconfig | 10 + drivers/firmware/efi/Makefile | 1 + drivers/firmware/efi/capsule-loader.c | 343 ++ 3 files changed, 354 insertions(+) create mode 100644 drivers/firmware/efi/capsule-loader.c diff --git a/drivers/firmware/efi/Kconfig b/drivers/firmware/efi/Kconfig index e1670d533f97..de221bbde9c9 100644 --- a/drivers/firmware/efi/Kconfig +++ b/drivers/firmware/efi/Kconfig @@ -87,6 +87,16 @@ config EFI_RUNTIME_WRAPPERS config EFI_ARMSTUB bool +config EFI_CAPSULE_LOADER + tristate "EFI capsule loader" + depends on EFI + help + This option exposes a loader interface "/dev/efi_capsule_loader" for + users to load EFI capsules. This driver requires working runtime + capsule support in the firmware, which many OEMs do not provide. + + Most users should say N. + endmenu config UEFI_CPER diff --git a/drivers/firmware/efi/Makefile b/drivers/firmware/efi/Makefile index 54b19cdbfcf8..2c8562de3a5f 100644 --- a/drivers/firmware/efi/Makefile +++ b/drivers/firmware/efi/Makefile @@ -19,3 +19,4 @@ obj-$(CONFIG_EFI_RUNTIME_MAP) += runtime-map.o obj-$(CONFIG_EFI_RUNTIME_WRAPPERS) += runtime-wrappers.o obj-$(CONFIG_EFI_STUB) += libstub/ obj-$(CONFIG_EFI_FAKE_MEMMAP) += fake_mem.o +obj-$(CONFIG_EFI_CAPSULE_LOADER) += capsule-loader.o diff --git a/drivers/firmware/efi/capsule-loader.c b/drivers/firmware/efi/capsule-loader.c new file mode 100644 index ..c99c24bc79b0 --- /dev/null +++ b/drivers/firmware/efi/capsule-loader.c @@ -0,0 +1,343 @@ +/* + * EFI capsule loader driver. + * + * Copyright 2015 Intel Corporation + * + * This file is part of the Linux kernel, and is made available under + * the terms of the GNU General Public License version 2. + */ + +#define pr_fmt(fmt) "efi: " fmt + +#include +#include +#include +#include +#include +#include +#include + +#define NO_FURTHER_WRITE_ACTION -1 + +struct capsule_info { + boolheader_obtained; + int reset_type; + longindex; + size_t count; + size_t total_size; + struct page **pages; + size_t page_bytes_remain; +}; + +/** + * efi_free_all_buff_pages - free all previous allocated buffer pages + * @cap_info: pointer to current instance of capsule_info structure + * + * In addition to freeing buffer pages, it flags NO_FURTHER_WRITE_ACTION + * to cease processing data in subsequent write(2) calls until close(2) + * is called. + **/ +static void efi_free_all_buff_pages(struct capsule_info *cap_info) +{ + while (cap_info->index > 0) + __free_page(cap_info->pages[--cap_info->index]); + + cap_info->index = NO_FURTHER_WRITE_ACTION; +} + +/** + * efi_capsule_setup_info - obtain the efi capsule header in the binary and + * setup capsule_info structure + * @cap_info: pointer to current instance of capsule_info structure + * @kbuff: a mapped first page buffer pointer + * @hdr_bytes: the total received number of bytes for efi header + **/ +static ssize_t efi_capsule_setup_info(struct capsule_info *cap_info, + void *kbuff, size_t hdr_bytes) +{ + efi_capsule_header_t *cap_hdr; + size_t pages_needed; + int ret; + void *temp_page; + + /* Only process data block that is larger than efi header size */ + if (hdr_bytes < sizeof(efi_capsule_header_t)) + return 0; + + /* Reset back to the correct offset of header */ + cap_hdr = kbuff - cap_info->count; + pages_needed = ALIGN(cap_hdr->imagesize, PAGE_SIZE) >> PAGE_SHIFT; + + if (pages_needed == 0) { + pr_err("%s:
[PATCH 00/14] EFI capsule update support for IOT2000 devices
Last chunk: This backports EFI capsule updates, primarily for the use with the IOT2020 and IOT2040, the latter with Quark-proprietary security header format. The feature should also work for the Galileo Gen 2 and, at least conceptually, for any EFI capsule update compatible firmware. Jan Cc: Andy LutomirskiCc: Andy Lutomirski Cc: Ard Biesheuvel Cc: Borislav Petkov Cc: Brian Gerst Cc: Bryan O'Donoghue Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: joeyli Cc: Josh Poimboeuf Cc: Kweh Hock Leong Cc: Linus Torvalds Cc: linux-efi@vger.kernel.org Cc: Mark Salter Cc: Matt Fleming Cc: Peter Jones Cc: Peter Zijlstra Cc: Sam Protsenko Cc: # v4.7 Cc: Thomas Gleixner Ard Biesheuvel (3): efi/capsule-loader: Use a cached copy of the capsule header efi/capsule-loader: Redirect calls to efi_capsule_setup_info() via weak alias efi/capsule-loader: Use page addresses rather than struct page pointers Austin Christ (1): efi/capsule: Allocate whole capsule into virtual memory Jan Kiszka (5): efi/capsule: Fix return code on failing kmap/vmap efi/capsule: Remove pr_debug() on ENOMEM or EFAULT efi/capsule: Clean up pr_err/_info() messages efi/capsule: Adjust return type of efi_capsule_setup_info() efi/capsule: Add support for Quark security header Kweh, Hock Leong (1): efi: Add misc char driver interface to update EFI firmware Matt Fleming (4): efi: Move efi_status_to_err() to drivers/firmware/efi/ efi: Add 'capsule' update support x86/efi: Force EFI reboot to process pending capsules efi/capsule: Move 'capsule' to the stack in efi_capsule_supported() arch/x86/kernel/reboot.c | 9 + arch/x86/platform/efi/quirks.c| 137 ++ drivers/firmware/efi/Kconfig | 19 ++ drivers/firmware/efi/Makefile | 2 + drivers/firmware/efi/capsule-loader.c | 330 ++ drivers/firmware/efi/capsule.c| 294 ++ drivers/firmware/efi/efi.c| 33 drivers/firmware/efi/reboot.c | 12 +- drivers/firmware/efi/vars.c | 33 include/linux/efi.h | 34 10 files changed, 869 insertions(+), 34 deletions(-) create mode 100644 drivers/firmware/efi/capsule-loader.c create mode 100644 drivers/firmware/efi/capsule.c -- 2.12.3 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 05/14] efi/capsule: Move 'capsule' to the stack in efi_capsule_supported()
From: Matt Flemingcommit fb7a84cac03541f4da18dfa25b3f4767d4efc6fc upstream. Dan Carpenter reports that passing the address of the pointer to the kmalloc()'d memory for 'capsule' is dangerous: "drivers/firmware/efi/capsule.c:109 efi_capsule_supported() warn: did you mean to pass the address of 'capsule' 108 109 status = efi.query_capsule_caps(, 1, _size, reset); If we modify capsule inside this function call then at the end of the function we aren't freeing the original pointer that we allocated." Ard Biesheuvel noted that we don't even need to call kmalloc() since the object we allocate isn't very big and doesn't need to persist after the function returns. Place 'capsule' on the stack instead. Suggested-by: Ard Biesheuvel Reported-by: Dan Carpenter Signed-off-by: Matt Fleming Acked-by: Ard Biesheuvel Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Bryan O'Donoghue Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Kweh Hock Leong Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: joeyli Cc: linux-efi@vger.kernel.org Link: http://lkml.kernel.org/r/1462570771-13324-4-git-send-email-m...@codeblueprint.co.uk Signed-off-by: Ingo Molnar --- drivers/firmware/efi/capsule.c | 29 +++-- 1 file changed, 11 insertions(+), 18 deletions(-) diff --git a/drivers/firmware/efi/capsule.c b/drivers/firmware/efi/capsule.c index 0de55944ac0b..61e51249ef40 100644 --- a/drivers/firmware/efi/capsule.c +++ b/drivers/firmware/efi/capsule.c @@ -90,33 +90,26 @@ out: */ int efi_capsule_supported(efi_guid_t guid, u32 flags, size_t size, int *reset) { - efi_capsule_header_t *capsule; + efi_capsule_header_t capsule; + efi_capsule_header_t *cap_list[] = { }; efi_status_t status; u64 max_size; - int rv = 0; if (flags & ~EFI_CAPSULE_SUPPORTED_FLAG_MASK) return -EINVAL; - capsule = kmalloc(sizeof(*capsule), GFP_KERNEL); - if (!capsule) - return -ENOMEM; - - capsule->headersize = capsule->imagesize = sizeof(*capsule); - memcpy(>guid, , sizeof(efi_guid_t)); - capsule->flags = flags; + capsule.headersize = capsule.imagesize = sizeof(capsule); + memcpy(, , sizeof(efi_guid_t)); + capsule.flags = flags; - status = efi.query_capsule_caps(, 1, _size, reset); - if (status != EFI_SUCCESS) { - rv = efi_status_to_err(status); - goto out; - } + status = efi.query_capsule_caps(cap_list, 1, _size, reset); + if (status != EFI_SUCCESS) + return efi_status_to_err(status); if (size > max_size) - rv = -ENOSPC; -out: - kfree(capsule); - return rv; + return -ENOSPC; + + return 0; } EXPORT_SYMBOL_GPL(efi_capsule_supported); -- 2.12.3 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 11/14] efi/capsule-loader: Use a cached copy of the capsule header
From: Ard Biesheuvelcommit 82c3768b8d68c40ecde92338899c838b7c674ffb upstream. Instead of kmapping the capsule data twice, copy the capsule header into the capsule info struct we keep locally. This is an improvement by itself, but will also enable handling of non-standard header formats more easily. Signed-off-by: Ard Biesheuvel Reviewed-by: Matt Fleming Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-efi@vger.kernel.org Link: http://lkml.kernel.org/r/20170602135207.21708-7-ard.biesheu...@linaro.org Signed-off-by: Ingo Molnar --- drivers/firmware/efi/capsule-loader.c | 41 +++ 1 file changed, 17 insertions(+), 24 deletions(-) diff --git a/drivers/firmware/efi/capsule-loader.c b/drivers/firmware/efi/capsule-loader.c index 37d3f6ec2d28..5b012a467d7d 100644 --- a/drivers/firmware/efi/capsule-loader.c +++ b/drivers/firmware/efi/capsule-loader.c @@ -21,13 +21,13 @@ #define NO_FURTHER_WRITE_ACTION -1 struct capsule_info { - boolheader_obtained; - int reset_type; - longindex; - size_t count; - size_t total_size; - struct page **pages; - size_t page_bytes_remain; + efi_capsule_header_theader; + int reset_type; + longindex; + size_t count; + size_t total_size; + struct page **pages; + size_t page_bytes_remain; }; /** @@ -56,7 +56,6 @@ static void efi_free_all_buff_pages(struct capsule_info *cap_info) static int efi_capsule_setup_info(struct capsule_info *cap_info, void *kbuff, size_t hdr_bytes) { - efi_capsule_header_t *cap_hdr; size_t pages_needed; int ret; void *temp_page; @@ -66,8 +65,9 @@ static int efi_capsule_setup_info(struct capsule_info *cap_info, return 0; /* Reset back to the correct offset of header */ - cap_hdr = kbuff - cap_info->count; - pages_needed = ALIGN(cap_hdr->imagesize, PAGE_SIZE) >> PAGE_SHIFT; + kbuff -= cap_info->count; + memcpy(_info->header, kbuff, sizeof(cap_info->header)); + pages_needed = ALIGN(cap_info->header.imagesize, PAGE_SIZE) / PAGE_SIZE; if (pages_needed == 0) { pr_err("invalid capsule size"); @@ -75,15 +75,16 @@ static int efi_capsule_setup_info(struct capsule_info *cap_info, } /* Check if the capsule binary supported */ - ret = efi_capsule_supported(cap_hdr->guid, cap_hdr->flags, - cap_hdr->imagesize, + ret = efi_capsule_supported(cap_info->header.guid, + cap_info->header.flags, + cap_info->header.imagesize, _info->reset_type); if (ret) { pr_err("capsule not supported\n"); return ret; } - cap_info->total_size = cap_hdr->imagesize; + cap_info->total_size = cap_info->header.imagesize; temp_page = krealloc(cap_info->pages, pages_needed * sizeof(void *), GFP_KERNEL | __GFP_ZERO); @@ -91,7 +92,6 @@ static int efi_capsule_setup_info(struct capsule_info *cap_info, return -ENOMEM; cap_info->pages = temp_page; - cap_info->header_obtained = true; return 0; } @@ -104,15 +104,8 @@ static int efi_capsule_setup_info(struct capsule_info *cap_info, static ssize_t efi_capsule_submit_update(struct capsule_info *cap_info) { int ret; - void *cap_hdr_temp; - cap_hdr_temp = vmap(cap_info->pages, cap_info->index, - VM_MAP, PAGE_KERNEL); - if (!cap_hdr_temp) - return -ENOMEM; - - ret = efi_capsule_update(cap_hdr_temp, cap_info->pages); - vunmap(cap_hdr_temp); + ret = efi_capsule_update(_info->header, cap_info->pages); if (ret) { pr_err("capsule update failed\n"); return ret; @@ -192,7 +185,7 @@ static ssize_t efi_capsule_write(struct file *file, const char __user *buff, cap_info->page_bytes_remain -= write_byte; /* Setup capsule binary info structure */ - if (!cap_info->header_obtained) { + if (cap_info->header.headersize == 0) { ret = efi_capsule_setup_info(cap_info, kbuff, cap_info->count + write_byte); if (ret) @@ -203,7 +196,7 @@ static ssize_t efi_capsule_write(struct file *file, const char __user *buff, kunmap(page); /* Submit the full binary to efi_capsule_update() API
[PATCH 09/14] efi/capsule: Clean up pr_err/_info() messages
From: Jan Kiszkacommit 5dce14b9d1a29cf76331f0fe8eb7efd63e0fcb9a upstream. Avoid __func__, improve the information provided by some of the messages. Signed-off-by: Jan Kiszka Signed-off-by: Ard Biesheuvel Reviewed-by: Matt Fleming Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-efi@vger.kernel.org Link: http://lkml.kernel.org/r/20170602135207.21708-5-ard.biesheu...@linaro.org Signed-off-by: Ingo Molnar --- drivers/firmware/efi/capsule-loader.c | 19 --- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/drivers/firmware/efi/capsule-loader.c b/drivers/firmware/efi/capsule-loader.c index 7b57dda2417d..3fb91e1597a9 100644 --- a/drivers/firmware/efi/capsule-loader.c +++ b/drivers/firmware/efi/capsule-loader.c @@ -70,7 +70,7 @@ static ssize_t efi_capsule_setup_info(struct capsule_info *cap_info, pages_needed = ALIGN(cap_hdr->imagesize, PAGE_SIZE) >> PAGE_SHIFT; if (pages_needed == 0) { - pr_err("%s: pages count invalid\n", __func__); + pr_err("invalid capsule size"); return -EINVAL; } @@ -79,8 +79,7 @@ static ssize_t efi_capsule_setup_info(struct capsule_info *cap_info, cap_hdr->imagesize, _info->reset_type); if (ret) { - pr_err("%s: efi_capsule_supported() failed\n", - __func__); + pr_err("capsule not supported\n"); return ret; } @@ -115,14 +114,14 @@ static ssize_t efi_capsule_submit_update(struct capsule_info *cap_info) ret = efi_capsule_update(cap_hdr_temp, cap_info->pages); vunmap(cap_hdr_temp); if (ret) { - pr_err("%s: efi_capsule_update() failed\n", __func__); + pr_err("capsule update failed\n"); return ret; } /* Indicate capsule binary uploading is done */ cap_info->index = NO_FURTHER_WRITE_ACTION; - pr_info("%s: Successfully upload capsule file with reboot type '%s'\n", - __func__, !cap_info->reset_type ? "RESET_COLD" : + pr_info("Successfully upload capsule file with reboot type '%s'\n", + !cap_info->reset_type ? "RESET_COLD" : cap_info->reset_type == 1 ? "RESET_WARM" : "RESET_SHUTDOWN"); return 0; @@ -207,8 +206,7 @@ static ssize_t efi_capsule_write(struct file *file, const char __user *buff, if (cap_info->header_obtained && cap_info->count >= cap_info->total_size) { if (cap_info->count > cap_info->total_size) { - pr_err("%s: upload size exceeded header defined size\n", - __func__); + pr_err("capsule upload size exceeded header defined size\n"); ret = -EINVAL; goto failed; } @@ -242,7 +240,7 @@ static int efi_capsule_flush(struct file *file, fl_owner_t id) struct capsule_info *cap_info = file->private_data; if (cap_info->index > 0) { - pr_err("%s: capsule upload not complete\n", __func__); + pr_err("capsule upload not complete\n"); efi_free_all_buff_pages(cap_info); ret = -ECANCELED; } @@ -321,8 +319,7 @@ static int __init efi_capsule_loader_init(void) ret = misc_register(_capsule_misc); if (ret) - pr_err("%s: Failed to register misc char file note\n", - __func__); + pr_err("Unable to register capsule loader device\n"); return ret; } -- 2.12.3 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 07/14] efi/capsule: Fix return code on failing kmap/vmap
From: Jan Kiszkacommit fb153dc53f0eb8e8ad6a69f773e44c2d12daa5d0 upstream. If kmap or vmap fail, it means we ran out of memory. There are no user-provided addressed involved that would justify EFAULT. Signed-off-by: Jan Kiszka Signed-off-by: Ard Biesheuvel Reviewed-by: Matt Fleming Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-efi@vger.kernel.org Link: http://lkml.kernel.org/r/20170602135207.21708-3-ard.biesheu...@linaro.org Signed-off-by: Ingo Molnar --- drivers/firmware/efi/capsule-loader.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/firmware/efi/capsule-loader.c b/drivers/firmware/efi/capsule-loader.c index 9ae6c116c474..91e91f7a8807 100644 --- a/drivers/firmware/efi/capsule-loader.c +++ b/drivers/firmware/efi/capsule-loader.c @@ -113,7 +113,7 @@ static ssize_t efi_capsule_submit_update(struct capsule_info *cap_info) VM_MAP, PAGE_KERNEL); if (!cap_hdr_temp) { pr_debug("%s: vmap() failed\n", __func__); - return -EFAULT; + return -ENOMEM; } ret = efi_capsule_update(cap_hdr_temp, cap_info->pages); @@ -185,7 +185,7 @@ static ssize_t efi_capsule_write(struct file *file, const char __user *buff, kbuff = kmap(page); if (!kbuff) { pr_debug("%s: kmap() failed\n", __func__); - ret = -EFAULT; + ret = -ENOMEM; goto failed; } kbuff += PAGE_SIZE - cap_info->page_bytes_remain; -- 2.12.3 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 12/14] efi/capsule-loader: Redirect calls to efi_capsule_setup_info() via weak alias
From: Ard Biesheuvelcommit 3fabd628d5ea24b02ddb1230ffca1df0f779f84e upstream. To allow platform specific code to hook into the capsule loading routines, indirect calls to efi_capsule_setup_info() via a weak alias of __efi_capsule_setup_info(), allowing platforms to redefine the former but still use the latter. Tested-by: Bryan O'Donoghue Signed-off-by: Ard Biesheuvel Cc: Linus Torvalds Cc: Matt Fleming Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-efi@vger.kernel.org Link: http://lkml.kernel.org/r/20170602135207.21708-9-ard.biesheu...@linaro.org Signed-off-by: Ingo Molnar --- drivers/firmware/efi/capsule-loader.c | 56 +-- include/linux/efi.h | 12 2 files changed, 39 insertions(+), 29 deletions(-) diff --git a/drivers/firmware/efi/capsule-loader.c b/drivers/firmware/efi/capsule-loader.c index 5b012a467d7d..f7fdeab0bc37 100644 --- a/drivers/firmware/efi/capsule-loader.c +++ b/drivers/firmware/efi/capsule-loader.c @@ -20,16 +20,6 @@ #define NO_FURTHER_WRITE_ACTION -1 -struct capsule_info { - efi_capsule_header_theader; - int reset_type; - longindex; - size_t count; - size_t total_size; - struct page **pages; - size_t page_bytes_remain; -}; - /** * efi_free_all_buff_pages - free all previous allocated buffer pages * @cap_info: pointer to current instance of capsule_info structure @@ -46,28 +36,13 @@ static void efi_free_all_buff_pages(struct capsule_info *cap_info) cap_info->index = NO_FURTHER_WRITE_ACTION; } -/** - * efi_capsule_setup_info - obtain the efi capsule header in the binary and - * setup capsule_info structure - * @cap_info: pointer to current instance of capsule_info structure - * @kbuff: a mapped first page buffer pointer - * @hdr_bytes: the total received number of bytes for efi header - **/ -static int efi_capsule_setup_info(struct capsule_info *cap_info, - void *kbuff, size_t hdr_bytes) +int __efi_capsule_setup_info(struct capsule_info *cap_info) { size_t pages_needed; int ret; void *temp_page; - /* Only process data block that is larger than efi header size */ - if (hdr_bytes < sizeof(efi_capsule_header_t)) - return 0; - - /* Reset back to the correct offset of header */ - kbuff -= cap_info->count; - memcpy(_info->header, kbuff, sizeof(cap_info->header)); - pages_needed = ALIGN(cap_info->header.imagesize, PAGE_SIZE) / PAGE_SIZE; + pages_needed = ALIGN(cap_info->total_size, PAGE_SIZE) / PAGE_SIZE; if (pages_needed == 0) { pr_err("invalid capsule size"); @@ -84,7 +59,6 @@ static int efi_capsule_setup_info(struct capsule_info *cap_info, return ret; } - cap_info->total_size = cap_info->header.imagesize; temp_page = krealloc(cap_info->pages, pages_needed * sizeof(void *), GFP_KERNEL | __GFP_ZERO); @@ -97,6 +71,30 @@ static int efi_capsule_setup_info(struct capsule_info *cap_info, } /** + * efi_capsule_setup_info - obtain the efi capsule header in the binary and + * setup capsule_info structure + * @cap_info: pointer to current instance of capsule_info structure + * @kbuff: a mapped first page buffer pointer + * @hdr_bytes: the total received number of bytes for efi header + * + * Platforms with non-standard capsule update mechanisms can override + * this __weak function so they can perform any required capsule + * image munging. See quark_quirk_function() for an example. + **/ +int __weak efi_capsule_setup_info(struct capsule_info *cap_info, void *kbuff, + size_t hdr_bytes) +{ + /* Only process data block that is larger than efi header size */ + if (hdr_bytes < sizeof(efi_capsule_header_t)) + return 0; + + memcpy(_info->header, kbuff, sizeof(cap_info->header)); + cap_info->total_size = cap_info->header.imagesize; + + return __efi_capsule_setup_info(cap_info); +} + +/** * efi_capsule_submit_update - invoke the efi_capsule_update API once binary *upload done * @cap_info: pointer to current instance of capsule_info structure @@ -186,7 +184,7 @@ static ssize_t efi_capsule_write(struct file *file, const char __user *buff, /* Setup capsule binary info structure */ if (cap_info->header.headersize == 0) { - ret = efi_capsule_setup_info(cap_info, kbuff, + ret = efi_capsule_setup_info(cap_info, kbuff - cap_info->count,
[PATCH 14/14] efi/capsule: Add support for Quark security header
From: Jan Kiszkacommit 2959c95d510cc45b246ba727eb8fdf8b601c6eec upstream. The firmware for Quark X102x prepends a security header to the capsule which is needed to support the mandatory secure boot on this processor. The header can be detected by checking for the "_CSH" signature and - to avoid any GUID conflict - validating its size field to contain the expected value. Then we need to look for the EFI header right after the security header and pass the real header to __efi_capsule_setup_info. To be minimal invasive and maximal safe, the quirk version of efi_capsule_setup_info() is only effective on Quark processors. Tested-by: Bryan O'Donoghue Signed-off-by: Jan Kiszka Signed-off-by: Ard Biesheuvel Reviewed-by: Andy Shevchenko Cc: Linus Torvalds Cc: Matt Fleming Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-efi@vger.kernel.org Link: http://lkml.kernel.org/r/20170602135207.21708-11-ard.biesheu...@linaro.org Signed-off-by: Ingo Molnar --- arch/x86/platform/efi/quirks.c | 137 + drivers/firmware/efi/Kconfig | 9 +++ 2 files changed, 146 insertions(+) diff --git a/arch/x86/platform/efi/quirks.c b/arch/x86/platform/efi/quirks.c index 1c7380da65ff..f0361323a805 100644 --- a/arch/x86/platform/efi/quirks.c +++ b/arch/x86/platform/efi/quirks.c @@ -10,12 +10,66 @@ #include #include #include +#include #define EFI_MIN_RESERVE 5120 #define EFI_DUMMY_GUID \ EFI_GUID(0x4424ac57, 0xbe4b, 0x47dd, 0x9e, 0x97, 0xed, 0x50, 0xf0, 0x9f, 0x92, 0xa9) +#define QUARK_CSH_SIGNATURE0x5f435348 /* _CSH */ +#define QUARK_SECURITY_HEADER_SIZE 0x400 + +/* + * Header prepended to the standard EFI capsule on Quark systems the are based + * on Intel firmware BSP. + * @csh_signature: Unique identifier to sanity check signed module + * presence ("_CSH"). + * @version: Current version of CSH used. Should be one for Quark A0. + * @modulesize:Size of the entire module including the module header + * and payload. + * @security_version_number_index: Index of SVN to use for validation of signed + * module. + * @security_version_number: Used to prevent against roll back of modules. + * @rsvd_module_id:Currently unused for Clanton (Quark). + * @rsvd_module_vendor:Vendor Identifier. For Intel products value is + * 0x8086. + * @rsvd_date: BCD representation of build date as mmdd, where + * =4 digit year, mm=1-12, dd=1-31. + * @headersize:Total length of the header including including any + * padding optionally added by the signing tool. + * @hash_algo: What Hash is used in the module signing. + * @cryp_algo: What Crypto is used in the module signing. + * @keysize: Total length of the key data including including any + * padding optionally added by the signing tool. + * @signaturesize: Total length of the signature including including any + * padding optionally added by the signing tool. + * @rsvd_next_header: 32-bit pointer to the next Secure Boot Module in the + * chain, if there is a next header. + * @rsvd: Reserved, padding structure to required size. + * + * See also QuartSecurityHeader_t in + * Quark_EDKII_v1.2.1.1/QuarkPlatformPkg/Include/QuarkBootRom.h + * from https://downloadcenter.intel.com/download/23197/Intel-Quark-SoC-X1000-Board-Support-Package-BSP + */ +struct quark_security_header { + u32 csh_signature; + u32 version; + u32 modulesize; + u32 security_version_number_index; + u32 security_version_number; + u32 rsvd_module_id; + u32 rsvd_module_vendor; + u32 rsvd_date; + u32 headersize; + u32 hash_algo; + u32 cryp_algo; + u32 keysize; + u32 signaturesize; + u32 rsvd_next_header; + u32 rsvd[2]; +}; + static efi_char16_t efi_dummy_name[6] = { 'D', 'U', 'M', 'M', 'Y', 0 }; static bool efi_no_storage_paranoia; @@ -288,3 +342,86 @@ bool efi_poweroff_required(void) { return !!acpi_gbl_reduced_hardware; } + +#ifdef CONFIG_EFI_CAPSULE_QUIRK_QUARK_CSH + +static int qrk_capsule_setup_info(struct capsule_info *cap_info, void **pkbuff, + size_t hdr_bytes) +{ + struct quark_security_header *csh = *pkbuff; + + /* Only process data block that is larger than the security header */ + if (hdr_bytes < sizeof(struct quark_security_header)) + return 0; + + if (csh->csh_signature != QUARK_CSH_SIGNATURE || + csh->headersize !=
[PATCH 08/14] efi/capsule: Remove pr_debug() on ENOMEM or EFAULT
From: Jan Kiszkacommit 7367633f0bfd783ae5838141f3af88bba6c45eb9 upstream. Both cases are not worth a debug log message - the error code is telling enough. Signed-off-by: Jan Kiszka Signed-off-by: Ard Biesheuvel Reviewed-by: Matt Fleming Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-efi@vger.kernel.org Link: http://lkml.kernel.org/r/20170602135207.21708-4-ard.biesheu...@linaro.org Signed-off-by: Ingo Molnar --- drivers/firmware/efi/capsule-loader.c | 11 ++- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/drivers/firmware/efi/capsule-loader.c b/drivers/firmware/efi/capsule-loader.c index 91e91f7a8807..7b57dda2417d 100644 --- a/drivers/firmware/efi/capsule-loader.c +++ b/drivers/firmware/efi/capsule-loader.c @@ -88,10 +88,8 @@ static ssize_t efi_capsule_setup_info(struct capsule_info *cap_info, temp_page = krealloc(cap_info->pages, pages_needed * sizeof(void *), GFP_KERNEL | __GFP_ZERO); - if (!temp_page) { - pr_debug("%s: krealloc() failed\n", __func__); + if (!temp_page) return -ENOMEM; - } cap_info->pages = temp_page; cap_info->header_obtained = true; @@ -111,10 +109,8 @@ static ssize_t efi_capsule_submit_update(struct capsule_info *cap_info) cap_hdr_temp = vmap(cap_info->pages, cap_info->index, VM_MAP, PAGE_KERNEL); - if (!cap_hdr_temp) { - pr_debug("%s: vmap() failed\n", __func__); + if (!cap_hdr_temp) return -ENOMEM; - } ret = efi_capsule_update(cap_hdr_temp, cap_info->pages); vunmap(cap_hdr_temp); @@ -171,7 +167,6 @@ static ssize_t efi_capsule_write(struct file *file, const char __user *buff, if (!cap_info->page_bytes_remain) { page = alloc_page(GFP_KERNEL); if (!page) { - pr_debug("%s: alloc_page() failed\n", __func__); ret = -ENOMEM; goto failed; } @@ -184,7 +179,6 @@ static ssize_t efi_capsule_write(struct file *file, const char __user *buff, kbuff = kmap(page); if (!kbuff) { - pr_debug("%s: kmap() failed\n", __func__); ret = -ENOMEM; goto failed; } @@ -193,7 +187,6 @@ static ssize_t efi_capsule_write(struct file *file, const char __user *buff, /* Copy capsule binary data from user space to kernel space buffer */ write_byte = min_t(size_t, count, cap_info->page_bytes_remain); if (copy_from_user(kbuff, buff, write_byte)) { - pr_debug("%s: copy_from_user() failed\n", __func__); ret = -EFAULT; goto fail_unmap; } -- 2.12.3 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 10/14] efi/capsule: Adjust return type of efi_capsule_setup_info()
From: Jan Kiszkacommit 41b0c376951417d1b37448957b30f766b10d3090 upstream. We actually expect int at the caller and never return any size information. Signed-off-by: Jan Kiszka Signed-off-by: Ard Biesheuvel Reviewed-by: Matt Fleming Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-efi@vger.kernel.org Link: http://lkml.kernel.org/r/20170602135207.21708-6-ard.biesheu...@linaro.org Signed-off-by: Ingo Molnar --- drivers/firmware/efi/capsule-loader.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/firmware/efi/capsule-loader.c b/drivers/firmware/efi/capsule-loader.c index 3fb91e1597a9..37d3f6ec2d28 100644 --- a/drivers/firmware/efi/capsule-loader.c +++ b/drivers/firmware/efi/capsule-loader.c @@ -53,8 +53,8 @@ static void efi_free_all_buff_pages(struct capsule_info *cap_info) * @kbuff: a mapped first page buffer pointer * @hdr_bytes: the total received number of bytes for efi header **/ -static ssize_t efi_capsule_setup_info(struct capsule_info *cap_info, - void *kbuff, size_t hdr_bytes) +static int efi_capsule_setup_info(struct capsule_info *cap_info, + void *kbuff, size_t hdr_bytes) { efi_capsule_header_t *cap_hdr; size_t pages_needed; -- 2.12.3 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 13/14] efi/capsule-loader: Use page addresses rather than struct page pointers
From: Ard Biesheuvelcommit 2a457fb31df62c6b482f78e4f74aaed99271f44d upstream. To give some leeway to code that handles non-standard capsule headers, let's keep an array of page addresses rather than struct page pointers. This gives special implementations of efi_capsule_setup_info() the opportunity to mangle the payload a bit before it is presented to the firmware, without putting any knowledge of the nature of such quirks into the generic code. Tested-by: Bryan O'Donoghue Signed-off-by: Ard Biesheuvel Cc: Linus Torvalds Cc: Matt Fleming Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-efi@vger.kernel.org Link: http://lkml.kernel.org/r/20170602135207.21708-10-ard.biesheu...@linaro.org Signed-off-by: Ingo Molnar --- drivers/firmware/efi/capsule-loader.c | 12 drivers/firmware/efi/capsule.c| 7 --- include/linux/efi.h | 4 ++-- 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/drivers/firmware/efi/capsule-loader.c b/drivers/firmware/efi/capsule-loader.c index f7fdeab0bc37..feeafb673c07 100644 --- a/drivers/firmware/efi/capsule-loader.c +++ b/drivers/firmware/efi/capsule-loader.c @@ -20,6 +20,10 @@ #define NO_FURTHER_WRITE_ACTION -1 +#ifndef phys_to_page +#define phys_to_page(x)pfn_to_page((x) >> PAGE_SHIFT) +#endif + /** * efi_free_all_buff_pages - free all previous allocated buffer pages * @cap_info: pointer to current instance of capsule_info structure @@ -31,7 +35,7 @@ static void efi_free_all_buff_pages(struct capsule_info *cap_info) { while (cap_info->index > 0) - __free_page(cap_info->pages[--cap_info->index]); + __free_page(phys_to_page(cap_info->pages[--cap_info->index])); cap_info->index = NO_FURTHER_WRITE_ACTION; } @@ -161,12 +165,12 @@ static ssize_t efi_capsule_write(struct file *file, const char __user *buff, goto failed; } - cap_info->pages[cap_info->index++] = page; + cap_info->pages[cap_info->index++] = page_to_phys(page); cap_info->page_bytes_remain = PAGE_SIZE; + } else { + page = phys_to_page(cap_info->pages[cap_info->index - 1]); } - page = cap_info->pages[cap_info->index - 1]; - kbuff = kmap(page); if (!kbuff) { ret = -ENOMEM; diff --git a/drivers/firmware/efi/capsule.c b/drivers/firmware/efi/capsule.c index 1106773468b2..4a867c65d740 100644 --- a/drivers/firmware/efi/capsule.c +++ b/drivers/firmware/efi/capsule.c @@ -218,7 +218,7 @@ efi_capsule_update_locked(efi_capsule_header_t *capsule, * * Return 0 on success, a converted EFI status code on failure. */ -int efi_capsule_update(efi_capsule_header_t *capsule, struct page **pages) +int efi_capsule_update(efi_capsule_header_t *capsule, phys_addr_t *pages) { u32 imagesize = capsule->imagesize; efi_guid_t guid = capsule->guid; @@ -257,10 +257,11 @@ int efi_capsule_update(efi_capsule_header_t *capsule, struct page **pages) } for (j = 0; j < SGLIST_PER_PAGE && count > 0; j++) { - u64 sz = min_t(u64, imagesize, PAGE_SIZE); + u64 sz = min_t(u64, imagesize, + PAGE_SIZE - (u64)*pages % PAGE_SIZE); sglist[j].length = sz; - sglist[j].data = page_to_phys(*pages++); + sglist[j].data = *pages++; imagesize -= sz; count--; diff --git a/include/linux/efi.h b/include/linux/efi.h index b386097e45bc..23a2a274bc6c 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -135,7 +135,7 @@ struct capsule_info { longindex; size_t count; size_t total_size; - struct page **pages; + phys_addr_t *pages; size_t page_bytes_remain; }; @@ -1246,7 +1246,7 @@ extern int efi_capsule_supported(efi_guid_t guid, u32 flags, size_t size, int *reset); extern int efi_capsule_update(efi_capsule_header_t *capsule, - struct page **pages); + phys_addr_t *pages); #ifdef CONFIG_EFI_RUNTIME_MAP int efi_runtime_map_init(struct kobject *); -- 2.12.3 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [RFC Part1 PATCH v3 16/17] X86/KVM: Provide support to create Guest and HV shared per-CPU variables
On Wed, Aug 30, 2017 at 11:18:42AM -0500, Brijesh Singh wrote: > I was trying to avoid mixing early and no-early set_memory_decrypted() but if > feedback is: use early_set_memory_decrypted() only if its required otherwise > use set_memory_decrypted() then I can improve the logic in next rev. thanks Yes, I think you should use the early versions when you're, well, *early* :-) But get rid of that for_each_possible_cpu() and do it only on the current CPU, as this is a per-CPU path anyway. If you need to do it on *every* CPU and very early, then you need a separate function which is called in kvm_smp_prepare_boot_cpu() as there you're pre-SMP. Thx. -- Regards/Gruss, Boris. SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) -- -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [RFC Part1 PATCH v3 16/17] X86/KVM: Provide support to create Guest and HV shared per-CPU variables
Hi Boris, On 08/29/2017 05:22 AM, Borislav Petkov wrote: [...] On Mon, Jul 24, 2017 at 02:07:56PM -0500, Brijesh Singh wrote: Some KVM specific MSR's (steal-time, asyncpf, avic_eio) allocates per-CPU MSRs variable at compile time and share its physical address with hypervisor. That sentence needs changing - the MSRs don't allocate - for them gets allocated. It presents a challege when SEV is active in guest OS, when SEV is active, the guest memory is encrypted with guest key hence hypervisor will not able to modify the guest memory. When SEV is active, we need to clear the encryption attribute (aka C-bit) of shared physical addresses so that both guest and hypervisor can access the data. This whole paragraph needs rewriting. I will improve the commit message in next rev. [...] +/* NOTE: function is marked as __ref because it is used by __init functions */ No need for that comment. What should you look into is why do you need to call the early versions: " * producing a warning (of course, no warning does not mean code is * correct, so optimally document why the __ref is needed and why it's OK)." And we do have the normal set_memory_decrypted() etc helpers so why aren't we using those? Since kvm_guest_init() is called early in the boot process hence we will not able to use set_memory_decrypted() function. IIRC, if we try calling set_memory_decrypted() early then we will hit a BUG_ON [1] -- mainly when it tries to flush the caches. [1] http://elixir.free-electrons.com/linux/latest/source/arch/x86/mm/pageattr.c#L167 If you need to use the early ones too, then you probably need to differentiate this in the callers by passing a "bool early", which calls the proper flavor. Sure I can rearrange code to make it more readable and use "bool early" parameter to differentiate it. +static int __ref kvm_map_hv_shared_decrypted(void) +{ + static int once, ret; + int cpu; + + if (once) + return ret; So this function gets called per-CPU but you need to do this ugly "once" thing - i.e., global function called in a per-CPU context. Why can't you do that mapping only on the current CPU and then when that function is called on the next CPU, it will do the same thing on that next CPU? Yes, it can be done but I remember running into issues during the CPU hot plug. The patch uses early_set_memory_decrypted() -- which calls kernel_physical_mapping_init() to split the large pages into smaller. IIRC, the API did not work after the system is successfully booted. After the system is booted we must use the set_memory_decrypted(). I was trying to avoid mixing early and no-early set_memory_decrypted() but if feedback is: use early_set_memory_decrypted() only if its required otherwise use set_memory_decrypted() then I can improve the logic in next rev. thanks [...] diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index da0be9a..52854cf 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -783,6 +783,9 @@ . = ALIGN(cacheline); \ *(.data..percpu)\ *(.data..percpu..shared_aligned)\ + . = ALIGN(PAGE_SIZE); \ + *(.data..percpu..hv_shared) \ + . = ALIGN(PAGE_SIZE); \ VMLINUX_SYMBOL(__per_cpu_end) = .; Yeah, no, you can't do that. That's adding this section unconditionally on *every* arch. You need to do some ifdeffery like it is done at the beginning of that file and have this only on the arch which supports SEV. Will do . thanks -Brijesh -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v1 6/6] device property: Switch to use new generic UUID API
On Wed, Aug 30, 2017 at 03:46:34PM +0200, Rafael J. Wysocki wrote: > 3689d3d69072 ACPI: device property: Switch to use new generic UUID API > > in my linux-next branch. Isn't it this one? Yes, that should be it. Somehow my linux-next tree seems to be a mess through or my git log skills aren't what they used to be anymore. -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v1 6/6] device property: Switch to use new generic UUID API
On Wednesday, August 30, 2017 2:41:41 PM CEST Christoph Hellwig wrote: > On Wed, Jul 26, 2017 at 02:27:44AM +0200, Rafael J. Wysocki wrote: > > > >> > Cc: "Rafael J. Wysocki"> > > >> > Cc: Mika Westerberg > > > >> > > > >> Acked-by: Mika Westerberg > > > > > > > > OK > > > > > > > > Andy, do you want me to apply this? > > > > > > If you would like to. > > > > > > The patch is now pretty independent since necessary stuff made v4.13-rc1. > > > > OK > > This didn't seem to make it into linux-next so far, though. I have 3689d3d69072 ACPI: device property: Switch to use new generic UUID API in my linux-next branch. Isn't it this one? -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v1 3/6] staging: unisys: Switch to use new generic UUID API
On Wed, Aug 30, 2017 at 02:38:45PM +0200, Christoph Hellwig wrote: > On Mon, Jul 31, 2017 at 08:20:25PM +0300, Andy Shevchenko wrote: > > Yep! There are so many conflicts that would be better just to push > > through your tree. > > > > I have just sent a v2 of this patch separately. > > Greg, did you pick that patch up? Yes, it's already in my tree and in linux-next. thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v1 3/6] staging: unisys: Switch to use new generic UUID API
On Wed, 2017-08-30 at 14:38 +0200, Christoph Hellwig wrote: > On Mon, Jul 31, 2017 at 08:20:25PM +0300, Andy Shevchenko wrote: > > Yep! There are so many conflicts that would be better just to push > > through your tree. > > > > I have just sent a v2 of this patch separately. > > Greg, did you pick that patch up? That patch in his tree. -- Andy ShevchenkoIntel Finland Oy -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v1 6/6] device property: Switch to use new generic UUID API
On Wed, Jul 26, 2017 at 02:27:44AM +0200, Rafael J. Wysocki wrote: > > >> > Cc: "Rafael J. Wysocki"> > >> > Cc: Mika Westerberg > > >> > > >> Acked-by: Mika Westerberg > > > > > > OK > > > > > > Andy, do you want me to apply this? > > > > If you would like to. > > > > The patch is now pretty independent since necessary stuff made v4.13-rc1. > > OK This didn't seem to make it into linux-next so far, though. -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v1 3/6] staging: unisys: Switch to use new generic UUID API
On Mon, Jul 31, 2017 at 08:20:25PM +0300, Andy Shevchenko wrote: > Yep! There are so many conflicts that would be better just to push > through your tree. > > I have just sent a v2 of this patch separately. Greg, did you pick that patch up? -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html