From 0ef6343439c62eb4e18c6ce0e1a3739d0e7f1e2e Mon Sep 17 00:00:00 2001 From: Paul Barker Date: Fri, 7 Jul 2023 07:51:42 +0100 Subject: [PATCH 1/6] x86: Update docs link in bootparam header After Linux commit ff61f0791ce9, x86 documentation was moved to arch/x86 and the link in bootparam.h was broken. Signed-off-by: Paul Barker Reviewed-by: Heinrich Schuchardt --- arch/x86/include/asm/bootparam.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/include/asm/bootparam.h b/arch/x86/include/asm/bootparam.h index ea816ca746..ac4865300f 100644 --- a/arch/x86/include/asm/bootparam.h +++ b/arch/x86/include/asm/bootparam.h @@ -62,7 +62,7 @@ struct setup_indirect { /** * struct setup_header - Information needed by Linux to boot * - * See https://www.kernel.org/doc/html/latest/x86/boot.html + * See https://www.kernel.org/doc/html/latest/arch/x86/boot.html */ struct setup_header { __u8 setup_sects; From d7fe913f23b1907ac6ccb1552151fbcaa89bcdb0 Mon Sep 17 00:00:00 2001 From: Alper Nebi Yasak Date: Sat, 8 Jul 2023 18:23:05 +0300 Subject: [PATCH 2/6] efi_loader: Avoid underflow when calculating remaining var store size The efi_var_mem_free() function calculates the available size for a new EFI variable by subtracting the occupied buffer size and the overhead for a new variable from the maximum buffer size set in Kconfig. This is then returned as QueryVariableInfo()'s RemainingVariableStorageSize output. This can underflow as the calculation is done in and processed as unsigned integer types. Check for underflow before doing the subtraction and return zero if there's no space. Fixes: f1f990a8c958 ("efi_loader: memory buffer for variables") Signed-off-by: Alper Nebi Yasak Reviewed-by: Heinrich Schuchardt --- lib/efi_loader/efi_var_mem.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/efi_loader/efi_var_mem.c b/lib/efi_loader/efi_var_mem.c index d6b65aed12..5fa7dcb8d3 100644 --- a/lib/efi_loader/efi_var_mem.c +++ b/lib/efi_loader/efi_var_mem.c @@ -177,6 +177,10 @@ efi_status_t __efi_runtime efi_var_mem_ins( u64 __efi_runtime efi_var_mem_free(void) { + if (efi_var_buf->length + sizeof(struct efi_var_entry) >= + EFI_VAR_BUF_SIZE) + return 0; + return EFI_VAR_BUF_SIZE - efi_var_buf->length - sizeof(struct efi_var_entry); } From 9fd3f881c6edb3daf42277a24c4d1b8932a6df50 Mon Sep 17 00:00:00 2001 From: Alper Nebi Yasak Date: Sat, 8 Jul 2023 18:21:12 +0300 Subject: [PATCH 3/6] efi_loader: Increase default variable store size to 64KiB Debian's arm64 UEFI Secure Boot shim makes the EFI variable store run out of space while mirroring its MOK database to variables. This can be observed in QEMU like so: $ tools/buildman/buildman -o build/qemu_arm64 --boards=qemu_arm64 -w $ cd build/qemu_arm64 $ curl -L -o debian.iso \ https://cdimage.debian.org/debian-cd/current/arm64/iso-cd/debian-12.0.0-arm64-netinst.iso $ qemu-system-aarch64 \ -nographic -bios u-boot.bin \ -machine virt -cpu cortex-a53 -m 1G -smp 2 \ -drive if=virtio,file=debian.iso,index=0,format=raw,readonly=on,media=cdrom [...] => # interrupt autoboot => env set -e -bs -nv -rt -guid 605dab50-e046-4300-abb6-3dd810dd8b23 SHIM_VERBOSE 1 => boot [...] mok.c:296:mirror_one_esl() SetVariable("MokListXRT43", ... varsz=0x4C) = Out of Resources mok.c:452:mirror_mok_db() esd:0x7DB92D20 adj:0x30 Failed to set MokListXRT: Out of Resources mok.c:767:mirror_one_mok_variable() mirror_mok_db("MokListXRT", datasz=17328) returned Out of Resources mok.c:812:mirror_one_mok_variable() returning Out of Resources Could not create MokListXRT: Out of Resources [...] Welcome to GRUB! This would normally be fine as shim would continue to run grubaa64.efi, but shim's error handling code for this case has a bug [1] that causes a synchronous abort on at least chromebook_kevin (but apparently not on QEMU arm64). Double the default variable store size so the variables fit. There is a note about this value matching PcdFlashNvStorageVariableSize when EFI_MM_COMM_TEE is enabled, so keep the old default in that case. [1] https://github.com/rhboot/shim/pull/577 Signed-off-by: Alper Nebi Yasak Reviewed-by: Heinrich Schuchardt --- lib/efi_loader/Kconfig | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index c5835e6ef6..a22e47616f 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -96,7 +96,8 @@ endif config EFI_VAR_BUF_SIZE int "Memory size of the UEFI variable store" - default 16384 + default 16384 if EFI_MM_COMM_TEE + default 65536 range 4096 2147483647 help This defines the size in bytes of the memory area reserved for keeping @@ -106,7 +107,7 @@ config EFI_VAR_BUF_SIZE match the value of PcdFlashNvStorageVariableSize used to compile the StandAloneMM module. - Minimum 4096, default 16384. + Minimum 4096, default 65536, or 16384 when using StandAloneMM. config EFI_GET_TIME bool "GetTime() runtime service" From 0c95744bccea30c013cdd92c2c6afb6f96bd063a Mon Sep 17 00:00:00 2001 From: Masahisa Kojima Date: Thu, 29 Jun 2023 11:13:51 +0900 Subject: [PATCH 4/6] cmd: efidebug: add missing efi_free_pool for dh subcommand This adds the missing efi_free_pool call for dh subcommand. Fixes: a80146205d0a ("cmd: efidebug: add dh command") Signed-off-by: Masahisa Kojima Reviewed-by: Ilias Apalodimas Reviewed-by: Heinrich Schuchardt --- cmd/efidebug.c | 1 + 1 file changed, 1 insertion(+) diff --git a/cmd/efidebug.c b/cmd/efidebug.c index 9622430c47..0be3af3e76 100644 --- a/cmd/efidebug.c +++ b/cmd/efidebug.c @@ -486,6 +486,7 @@ static int do_efi_show_handles(struct cmd_tbl *cmdtp, int flag, if (guidcmp(guid[j], &efi_guid_device_path)) printf(" %pUs\n", guid[j]); } + efi_free_pool(guid); } efi_free_pool(handles); From fefb7e1e3d515590aa5bb906f9ceaecfa06be608 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sun, 9 Jul 2023 04:00:06 +0200 Subject: [PATCH 5/6] doc: harmonize Linux kernel documentation links Linux internally uses https://www.kernel.org/doc/html/latest/ for documentation links. When referring to their documentation we should do the same. Signed-off-by: Heinrich Schuchardt --- doc/develop/docstyle.rst | 2 +- doc/usage/blkmap.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/develop/docstyle.rst b/doc/develop/docstyle.rst index f9ba83a559..50506d6857 100644 --- a/doc/develop/docstyle.rst +++ b/doc/develop/docstyle.rst @@ -20,7 +20,7 @@ We apply the following rules: * For documentation we use reStructured text conforming to the requirements of `Sphinx `_. * For documentation within code we follow the Linux kernel guide - `Writing kernel-doc comments `_. + `Writing kernel-doc comments `_. * We try to stick to 80 columns per line in documents. * For tables we prefer simple tables over grid tables. We avoid list tables as they make the reStructured text documents hard to read. diff --git a/doc/usage/blkmap.rst b/doc/usage/blkmap.rst index dbfa8e5aad..7337ea507a 100644 --- a/doc/usage/blkmap.rst +++ b/doc/usage/blkmap.rst @@ -19,7 +19,7 @@ wherever they might be located. The implementation is loosely modeled on Linux's "Device Mapper" subsystem, see `kernel documentation`_ for more information. -.. _kernel documentation: https://docs.kernel.org/admin-guide/device-mapper/index.html +.. _kernel documentation: https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/index.html Example: Netbooting an Ext4 Image From e05a4b12a056fd7fe22e85715c8f5e5e811fb551 Mon Sep 17 00:00:00 2001 From: Malte Schmidt Date: Fri, 16 Jun 2023 10:28:05 +0200 Subject: [PATCH 6/6] mkeficapsule: fix efi_firmware_management_capsule_header data type The data type of item_offset_list shall be UINT64 according to the UEFI [1] specifications. In include/efi_api.h the correct data type is used. The bug was probably never noticed because of little endianness. [1] https://uefi.org/specs/UEFI/2.10/index.html Signed-off-by: Malte Schmidt Signed-off-by: Stefan Herbrechtsmeier --- tools/eficapsule.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/eficapsule.h b/tools/eficapsule.h index 072a4b5598..6ffed6cc59 100644 --- a/tools/eficapsule.h +++ b/tools/eficapsule.h @@ -63,7 +63,7 @@ struct efi_firmware_management_capsule_header { uint32_t version; uint16_t embedded_driver_count; uint16_t payload_item_count; - uint32_t item_offset_list[]; + uint64_t item_offset_list[]; } __packed; /* image_capsule_support */