From 630f972d76d6460235e84e1aa034ee06f9c8c3a9 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sat, 28 May 2022 03:41:32 +0200 Subject: [PATCH 1/4] riscv: read-only pages should not be writable If EFI pages are marked as read-only, we should remove the _PAGE_WRITE flag. The current code overwrites an unused value. Fixes: b91540d52a08b ("RISC-V: Add EFI runtime services") Signed-off-by: Heinrich Schuchardt Link: https://lore.kernel.org/r/20220528014132.91052-1-heinrich.schuchardt@canonical.com Signed-off-by: Ard Biesheuvel --- arch/riscv/kernel/efi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/riscv/kernel/efi.c b/arch/riscv/kernel/efi.c index 024159298231..1aa540350abd 100644 --- a/arch/riscv/kernel/efi.c +++ b/arch/riscv/kernel/efi.c @@ -65,7 +65,7 @@ static int __init set_permissions(pte_t *ptep, unsigned long addr, void *data) if (md->attribute & EFI_MEMORY_RO) { val = pte_val(pte) & ~_PAGE_WRITE; - val = pte_val(pte) | _PAGE_READ; + val |= _PAGE_READ; pte = __pte(val); } if (md->attribute & EFI_MEMORY_XP) { From ca209f8b5f61b74782dd4275ebc7173d92cb4905 Mon Sep 17 00:00:00 2001 From: Lukas Bulwahn Date: Wed, 1 Jun 2022 13:50:43 +0200 Subject: [PATCH 2/4] efi: x86: Fix config name for setting the NX-compatibility flag in the PE header Commit 21b68da7bf4a ("efi: x86: Set the NX-compatibility flag in the PE header") intends to set the compatibility flag, i.e., IMAGE_DLL_CHARACTERISTICS_NX_COMPAT, but this ifdef is actually dead as the CONFIG_DXE_MEM_ATTRIBUTES Kconfig option does not exist. The config is actually called EFI_DXE_MEM_ATTRIBUTES. Adjust the ifdef to use the intended config name. The issue was identified with ./scripts/checkkconfigsymbols.py. Fixes: 21b68da7bf4a ("efi: x86: Set the NX-compatibility flag in the PE header") Signed-off-by: Lukas Bulwahn Link: https://lore.kernel.org/r/20220601115043.7678-1-lukas.bulwahn@gmail.com Signed-off-by: Ard Biesheuvel --- arch/x86/boot/header.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S index 0352e4589efa..f912d7770130 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S @@ -163,7 +163,7 @@ extra_header_fields: .long 0x200 # SizeOfHeaders .long 0 # CheckSum .word IMAGE_SUBSYSTEM_EFI_APPLICATION # Subsystem (EFI application) -#ifdef CONFIG_DXE_MEM_ATTRIBUTES +#ifdef CONFIG_EFI_DXE_MEM_ATTRIBUTES .word IMAGE_DLL_CHARACTERISTICS_NX_COMPAT # DllCharacteristics #else .word 0 # DllCharacteristics From 31f1a0edff78c43e8a3bd3692af0db1b25c21b17 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 20 May 2022 12:07:58 +0200 Subject: [PATCH 3/4] efi/x86: libstub: Make DXE calls mixed mode safe The newly added DXE calls use 64-bit quantities, which means we need to marshall them explicitly when running in mixed mode. Currently, we get away without it because we just bail when GetMemorySpaceDescriptor() fails, which is guaranteed to happen due to the function argument mixup. Let's fix this properly, though, by defining the macros that describe how to marshall the arguments. While at it, drop an incorrect cast on a status variable. Signed-off-by: Ard Biesheuvel --- arch/x86/include/asm/efi.h | 9 +++++++++ drivers/firmware/efi/libstub/x86-stub.c | 4 ++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h index bed74a0f2932..71943dce691e 100644 --- a/arch/x86/include/asm/efi.h +++ b/arch/x86/include/asm/efi.h @@ -270,6 +270,8 @@ static inline u32 efi64_convert_status(efi_status_t status) return (u32)(status | (u64)status >> 32); } +#define __efi64_split(val) (val) & U32_MAX, (u64)(val) >> 32 + #define __efi64_argmap_free_pages(addr, size) \ ((addr), 0, (size)) @@ -317,6 +319,13 @@ static inline u32 efi64_convert_status(efi_status_t status) #define __efi64_argmap_hash_log_extend_event(prot, fl, addr, size, ev) \ ((prot), (fl), 0ULL, (u64)(addr), 0ULL, (u64)(size), 0ULL, ev) +/* DXE services */ +#define __efi64_argmap_get_memory_space_descriptor(phys, desc) \ + (__efi64_split(phys), (desc)) + +#define __efi64_argmap_set_memory_space_descriptor(phys, size, flags) \ + (__efi64_split(phys), __efi64_split(size), __efi64_split(flags)) + /* * The macros below handle the plumbing for the argument mapping. To add a * mapping for a specific EFI method, simply define a macro diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index b14e88ccefca..05ae8bcc9d67 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -260,10 +260,10 @@ adjust_memory_range_protection(unsigned long start, unsigned long size) EFI_MEMORY_WB); if (status != EFI_SUCCESS) { - efi_warn("Unable to unprotect memory range [%08lx,%08lx]: %d\n", + efi_warn("Unable to unprotect memory range [%08lx,%08lx]: %lx\n", unprotect_start, unprotect_start + unprotect_size, - (int)status); + status); } } } From 75ed63d919400b803691a0c757ee23c6f767a625 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Sat, 28 May 2022 11:49:54 +0200 Subject: [PATCH 4/4] efi: clean up Kconfig dependencies on CONFIG_EFI Geert reports that the new option CONFIG_EFI_DISABLE_RUNTIME is user visible even when EFI support is disabled, which is unnecessary and clutters the Kconfig interface. So let's move this option into the existing Kconfig submenu that already depends on CONFIG_EFI, and while at it, give some other options the same treatment. Also clean up a small wart where the efi/ subdirectory is listed twice. Let's just list it unconditionally so that both EFI and UEFI_CPER based pieces will be built independently (the latter only depends on the former on !X86) Signed-off-by: Ard Biesheuvel --- drivers/firmware/Makefile | 3 +-- drivers/firmware/efi/Kconfig | 52 +++++++++++++++++------------------- 2 files changed, 25 insertions(+), 30 deletions(-) diff --git a/drivers/firmware/Makefile b/drivers/firmware/Makefile index 4e58cb474a68..dca73826e09a 100644 --- a/drivers/firmware/Makefile +++ b/drivers/firmware/Makefile @@ -31,8 +31,7 @@ obj-y += broadcom/ obj-y += cirrus/ obj-y += meson/ obj-$(CONFIG_GOOGLE_FIRMWARE) += google/ -obj-$(CONFIG_EFI) += efi/ -obj-$(CONFIG_UEFI_CPER) += efi/ +obj-y += efi/ obj-y += imx/ obj-y += psci/ obj-y += smccc/ diff --git a/drivers/firmware/efi/Kconfig b/drivers/firmware/efi/Kconfig index 4720ba98cec3..7aa4717cdcac 100644 --- a/drivers/firmware/efi/Kconfig +++ b/drivers/firmware/efi/Kconfig @@ -193,6 +193,9 @@ config EFI_TEST Say Y here to enable the runtime services support via /dev/efi_test. If unsure, say N. +config EFI_DEV_PATH_PARSER + bool + config APPLE_PROPERTIES bool "Apple Device Properties" depends on EFI_STUB && X86 @@ -255,40 +258,15 @@ config EFI_DISABLE_PCI_DMA options "efi=disable_early_pci_dma" or "efi=no_disable_early_pci_dma" may be used to override this option. -endmenu - -config EFI_EMBEDDED_FIRMWARE - bool - depends on EFI - select CRYPTO_LIB_SHA256 - -config UEFI_CPER - bool - -config UEFI_CPER_ARM - bool - depends on UEFI_CPER && ( ARM || ARM64 ) - default y - -config UEFI_CPER_X86 - bool - depends on UEFI_CPER && X86 - default y - -config EFI_DEV_PATH_PARSER - bool - depends on ACPI - default n - config EFI_EARLYCON def_bool y - depends on EFI && SERIAL_EARLYCON && !ARM && !IA64 + depends on SERIAL_EARLYCON && !ARM && !IA64 select FONT_SUPPORT select ARCH_USE_MEMREMAP_PROT config EFI_CUSTOM_SSDT_OVERLAYS bool "Load custom ACPI SSDT overlay from an EFI variable" - depends on EFI && ACPI + depends on ACPI default ACPI_TABLE_UPGRADE help Allow loading of an ACPI SSDT overlay from an EFI variable specified @@ -314,7 +292,6 @@ config EFI_DISABLE_RUNTIME config EFI_COCO_SECRET bool "EFI Confidential Computing Secret Area Support" - depends on EFI help Confidential Computing platforms (such as AMD SEV) allow the Guest Owner to securely inject secrets during guest VM launch. @@ -327,3 +304,22 @@ config EFI_COCO_SECRET for usage inside the kernel. This will allow the virt/coco/efi_secret module to access the secrets, which in turn allows userspace programs to access the injected secrets. + +config EFI_EMBEDDED_FIRMWARE + bool + select CRYPTO_LIB_SHA256 + +endmenu + +config UEFI_CPER + bool + +config UEFI_CPER_ARM + bool + depends on UEFI_CPER && ( ARM || ARM64 ) + default y + +config UEFI_CPER_X86 + bool + depends on UEFI_CPER && X86 + default y