<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/drivers/firmware/efi, branch linux-5.18.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>efi: Allow to enable EFI runtime services by default on RT</title>
<updated>2022-06-09T08:29:58+00:00</updated>
<author>
<name>Javier Martinez Canillas</name>
<email>javierm@redhat.com</email>
</author>
<published>2022-03-31T15:16:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=80bcee8dc02ec4ef4a0e97b71eeb13010dfdd746'/>
<id>80bcee8dc02ec4ef4a0e97b71eeb13010dfdd746</id>
<content type='text'>
[ Upstream commit a031651ff2144a3d81d4916856c093bc1ea0a413 ]

Commit d9f283ae71af ("efi: Disable runtime services on RT") disabled EFI
runtime services by default when the CONFIG_PREEMPT_RT option is enabled.

The rationale for that commit is that some EFI calls could take too much
time, leading to large latencies which is an issue for Real-Time kernels.

But a side effect of that change was that now is not possible anymore to
enable the EFI runtime services by default when CONFIG_PREEMPT_RT is set,
without passing an efi=runtime command line parameter to the kernel.

Instead, let's add a new EFI_DISABLE_RUNTIME boolean Kconfig option, that
would be set to n by default but to y if CONFIG_PREEMPT_RT is enabled.

That way, the current behaviour is preserved but gives users a mechanism
to enable the EFI runtimes services in their kernels if that is required.
For example, if the firmware could guarantee bounded time for EFI calls.

Also, having a separate boolean config could allow users to disable the
EFI runtime services by default even when CONFIG_PREEMPT_RT is not set.

Reported-by: Alexander Larsson &lt;alexl@redhat.com&gt;
Fixes: d9f283ae71af ("efi: Disable runtime services on RT")
Signed-off-by: Javier Martinez Canillas &lt;javierm@redhat.com&gt;
Link: https://lore.kernel.org/r/20220331151654.184433-1-javierm@redhat.com
Signed-off-by: Ard Biesheuvel &lt;ardb@kernel.org&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit a031651ff2144a3d81d4916856c093bc1ea0a413 ]

Commit d9f283ae71af ("efi: Disable runtime services on RT") disabled EFI
runtime services by default when the CONFIG_PREEMPT_RT option is enabled.

The rationale for that commit is that some EFI calls could take too much
time, leading to large latencies which is an issue for Real-Time kernels.

But a side effect of that change was that now is not possible anymore to
enable the EFI runtime services by default when CONFIG_PREEMPT_RT is set,
without passing an efi=runtime command line parameter to the kernel.

Instead, let's add a new EFI_DISABLE_RUNTIME boolean Kconfig option, that
would be set to n by default but to y if CONFIG_PREEMPT_RT is enabled.

That way, the current behaviour is preserved but gives users a mechanism
to enable the EFI runtimes services in their kernels if that is required.
For example, if the firmware could guarantee bounded time for EFI calls.

Also, having a separate boolean config could allow users to disable the
EFI runtime services by default even when CONFIG_PREEMPT_RT is not set.

Reported-by: Alexander Larsson &lt;alexl@redhat.com&gt;
Fixes: d9f283ae71af ("efi: Disable runtime services on RT")
Signed-off-by: Javier Martinez Canillas &lt;javierm@redhat.com&gt;
Link: https://lore.kernel.org/r/20220331151654.184433-1-javierm@redhat.com
Signed-off-by: Ard Biesheuvel &lt;ardb@kernel.org&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'pstore-v5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux</title>
<updated>2022-03-22T02:24:47+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2022-03-22T02:24:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=fd2d7a4a354539dc141f702c6c277bf3380e8778'/>
<id>fd2d7a4a354539dc141f702c6c277bf3380e8778</id>
<content type='text'>
Pull pstore updates from Kees Cook:

 - Don't use semaphores in always-atomic-context code (Jann Horn)

 - Add "ECC:" prefix to ECC messages (Vincent Whitchurch)

* tag 'pstore-v5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  pstore: Don't use semaphores in always-atomic-context code
  pstore: Add prefix to ECC messages
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull pstore updates from Kees Cook:

 - Don't use semaphores in always-atomic-context code (Jann Horn)

 - Add "ECC:" prefix to ECC messages (Vincent Whitchurch)

* tag 'pstore-v5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  pstore: Don't use semaphores in always-atomic-context code
  pstore: Add prefix to ECC messages
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'tpmdd-next-v5.18-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd</title>
<updated>2022-03-21T17:26:29+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2022-03-21T17:26:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=9d8e7007dc7c4d7c8366739bbcd3f5e51dcd470f'/>
<id>9d8e7007dc7c4d7c8366739bbcd3f5e51dcd470f</id>
<content type='text'>
Pull tpm updates from Jarkko Sakkinen:
 "In order to split the work a bit we've aligned with David Howells more
  or less that I take more hardware/firmware aligned keyring patches,
  and he takes care more of the framework aligned patches.

  For TPM the patches worth of highlighting are the fixes for
  refcounting provided by Lino Sanfilippo and James Bottomley.

  Eric B. has done a bunch obvious (but important) fixes but there's one
  a bit controversial: removal of asym_tpm. It was added in 2018 when
  TPM1 was already declared as insecure and world had moved on to TPM2.
  I don't know how this has passed all the filters but I did not have a
  chance to see the patches when they were out. I simply cannot commit
  to maintaining this because it was from all angles just wrong to take
  it in the first place to the mainline kernel. Nobody should use this
  module really for anything.

  Finally, there is a new keyring '.machine' to hold MOK keys ('Machine
  Owner Keys'). In the mok side MokListTrustedRT UEFI variable can be
  set, from which kernel knows that MOK keys are kernel trusted keys and
  they are populated to the machine keyring. This keyring linked to the
  secondary trusted keyring, which means that can be used like any
  kernel trusted keys. This keyring of course can be used to hold other
  MOK'ish keys in other platforms in future"

* tag 'tpmdd-next-v5.18-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd: (24 commits)
  tpm: use try_get_ops() in tpm-space.c
  KEYS: asymmetric: properly validate hash_algo and encoding
  KEYS: asymmetric: enforce that sig algo matches key algo
  KEYS: remove support for asym_tpm keys
  tpm: fix reference counting for struct tpm_chip
  integrity: Only use machine keyring when uefi_check_trust_mok_keys is true
  integrity: Trust MOK keys if MokListTrustedRT found
  efi/mokvar: move up init order
  KEYS: Introduce link restriction for machine keys
  KEYS: store reference to machine keyring
  integrity: add new keyring handler for mok keys
  integrity: Introduce a Linux keyring called machine
  integrity: Fix warning about missing prototypes
  KEYS: trusted: Avoid calling null function trusted_key_exit
  KEYS: trusted: Fix trusted key backends when building as module
  tpm: xen-tpmfront: Use struct_size() helper
  KEYS: x509: remove dead code that set -&gt;unsupported_sig
  KEYS: x509: remove never-set -&gt;unsupported_key flag
  KEYS: x509: remove unused fields
  KEYS: x509: clearly distinguish between key and signature algorithms
  ...
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull tpm updates from Jarkko Sakkinen:
 "In order to split the work a bit we've aligned with David Howells more
  or less that I take more hardware/firmware aligned keyring patches,
  and he takes care more of the framework aligned patches.

  For TPM the patches worth of highlighting are the fixes for
  refcounting provided by Lino Sanfilippo and James Bottomley.

  Eric B. has done a bunch obvious (but important) fixes but there's one
  a bit controversial: removal of asym_tpm. It was added in 2018 when
  TPM1 was already declared as insecure and world had moved on to TPM2.
  I don't know how this has passed all the filters but I did not have a
  chance to see the patches when they were out. I simply cannot commit
  to maintaining this because it was from all angles just wrong to take
  it in the first place to the mainline kernel. Nobody should use this
  module really for anything.

  Finally, there is a new keyring '.machine' to hold MOK keys ('Machine
  Owner Keys'). In the mok side MokListTrustedRT UEFI variable can be
  set, from which kernel knows that MOK keys are kernel trusted keys and
  they are populated to the machine keyring. This keyring linked to the
  secondary trusted keyring, which means that can be used like any
  kernel trusted keys. This keyring of course can be used to hold other
  MOK'ish keys in other platforms in future"

* tag 'tpmdd-next-v5.18-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd: (24 commits)
  tpm: use try_get_ops() in tpm-space.c
  KEYS: asymmetric: properly validate hash_algo and encoding
  KEYS: asymmetric: enforce that sig algo matches key algo
  KEYS: remove support for asym_tpm keys
  tpm: fix reference counting for struct tpm_chip
  integrity: Only use machine keyring when uefi_check_trust_mok_keys is true
  integrity: Trust MOK keys if MokListTrustedRT found
  efi/mokvar: move up init order
  KEYS: Introduce link restriction for machine keys
  KEYS: store reference to machine keyring
  integrity: add new keyring handler for mok keys
  integrity: Introduce a Linux keyring called machine
  integrity: Fix warning about missing prototypes
  KEYS: trusted: Avoid calling null function trusted_key_exit
  KEYS: trusted: Fix trusted key backends when building as module
  tpm: xen-tpmfront: Use struct_size() helper
  KEYS: x509: remove dead code that set -&gt;unsupported_sig
  KEYS: x509: remove never-set -&gt;unsupported_key flag
  KEYS: x509: remove unused fields
  KEYS: x509: clearly distinguish between key and signature algorithms
  ...
</pre>
</div>
</content>
</entry>
<entry>
<title>pstore: Don't use semaphores in always-atomic-context code</title>
<updated>2022-03-15T18:08:23+00:00</updated>
<author>
<name>Jann Horn</name>
<email>jannh@google.com</email>
</author>
<published>2022-03-14T18:59:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=8126b1c73108bc691f5643df19071a59a69d0bc6'/>
<id>8126b1c73108bc691f5643df19071a59a69d0bc6</id>
<content type='text'>
pstore_dump() is *always* invoked in atomic context (nowadays in an RCU
read-side critical section, before that under a spinlock).
It doesn't make sense to try to use semaphores here.

This is mostly a revert of commit ea84b580b955 ("pstore: Convert buf_lock
to semaphore"), except that two parts aren't restored back exactly as they
were:

 - keep the lock initialization in pstore_register
 - in efi_pstore_write(), always set the "block" flag to false
 - omit "is_locked", that was unnecessary since
   commit 959217c84c27 ("pstore: Actually give up during locking failure")
 - fix the bailout message

The actual problem that the buggy commit was trying to address may have
been that the use of preemptible() in efi_pstore_write() was wrong - it
only looks at preempt_count() and the state of IRQs, but __rcu_read_lock()
doesn't touch either of those under CONFIG_PREEMPT_RCU.
(Sidenote: CONFIG_PREEMPT_RCU means that the scheduler can preempt tasks in
RCU read-side critical sections, but you're not allowed to actively
block/reschedule.)

Lockdep probably never caught the problem because it's very rare that you
actually hit the contended case, so lockdep always just sees the
down_trylock(), not the down_interruptible(), and so it can't tell that
there's a problem.

Fixes: ea84b580b955 ("pstore: Convert buf_lock to semaphore")
Cc: stable@vger.kernel.org
Acked-by: Sebastian Andrzej Siewior &lt;bigeasy@linutronix.de&gt;
Signed-off-by: Jann Horn &lt;jannh@google.com&gt;
Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Link: https://lore.kernel.org/r/20220314185953.2068993-1-jannh@google.com
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
pstore_dump() is *always* invoked in atomic context (nowadays in an RCU
read-side critical section, before that under a spinlock).
It doesn't make sense to try to use semaphores here.

This is mostly a revert of commit ea84b580b955 ("pstore: Convert buf_lock
to semaphore"), except that two parts aren't restored back exactly as they
were:

 - keep the lock initialization in pstore_register
 - in efi_pstore_write(), always set the "block" flag to false
 - omit "is_locked", that was unnecessary since
   commit 959217c84c27 ("pstore: Actually give up during locking failure")
 - fix the bailout message

The actual problem that the buggy commit was trying to address may have
been that the use of preemptible() in efi_pstore_write() was wrong - it
only looks at preempt_count() and the state of IRQs, but __rcu_read_lock()
doesn't touch either of those under CONFIG_PREEMPT_RCU.
(Sidenote: CONFIG_PREEMPT_RCU means that the scheduler can preempt tasks in
RCU read-side critical sections, but you're not allowed to actively
block/reschedule.)

Lockdep probably never caught the problem because it's very rare that you
actually hit the contended case, so lockdep always just sees the
down_trylock(), not the down_interruptible(), and so it can't tell that
there's a problem.

Fixes: ea84b580b955 ("pstore: Convert buf_lock to semaphore")
Cc: stable@vger.kernel.org
Acked-by: Sebastian Andrzej Siewior &lt;bigeasy@linutronix.de&gt;
Signed-off-by: Jann Horn &lt;jannh@google.com&gt;
Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Link: https://lore.kernel.org/r/20220314185953.2068993-1-jannh@google.com
</pre>
</div>
</content>
</entry>
<entry>
<title>efi/mokvar: move up init order</title>
<updated>2022-03-08T11:55:52+00:00</updated>
<author>
<name>Eric Snowberg</name>
<email>eric.snowberg@oracle.com</email>
</author>
<published>2022-01-26T02:58:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=847c5336d8439a3b8245b31fa127cf98a26afae8'/>
<id>847c5336d8439a3b8245b31fa127cf98a26afae8</id>
<content type='text'>
Move up the init order so it can be used by the new machine keyring.

Signed-off-by: Eric Snowberg &lt;eric.snowberg@oracle.com&gt;
Reviewed-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Move up the init order so it can be used by the new machine keyring.

Signed-off-by: Eric Snowberg &lt;eric.snowberg@oracle.com&gt;
Reviewed-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>efi: fix return value of __setup handlers</title>
<updated>2022-03-01T08:02:21+00:00</updated>
<author>
<name>Randy Dunlap</name>
<email>rdunlap@infradead.org</email>
</author>
<published>2022-03-01T04:18:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=9feaf8b387ee0ece9c1d7add308776b502a35d0c'/>
<id>9feaf8b387ee0ece9c1d7add308776b502a35d0c</id>
<content type='text'>
When "dump_apple_properties" is used on the kernel boot command line,
it causes an Unknown parameter message and the string is added to init's
argument strings:

  Unknown kernel command line parameters "dump_apple_properties
    BOOT_IMAGE=/boot/bzImage-517rc6 efivar_ssdt=newcpu_ssdt", will be
    passed to user space.

 Run /sbin/init as init process
   with arguments:
     /sbin/init
     dump_apple_properties
   with environment:
     HOME=/
     TERM=linux
     BOOT_IMAGE=/boot/bzImage-517rc6
     efivar_ssdt=newcpu_ssdt

Similarly when "efivar_ssdt=somestring" is used, it is added to the
Unknown parameter message and to init's environment strings, polluting
them (see examples above).

Change the return value of the __setup functions to 1 to indicate
that the __setup options have been handled.

Fixes: 58c5475aba67 ("x86/efi: Retrieve and assign Apple device properties")
Fixes: 475fb4e8b2f4 ("efi / ACPI: load SSTDs from EFI variables")
Signed-off-by: Randy Dunlap &lt;rdunlap@infradead.org&gt;
Reported-by: Igor Zhbanov &lt;i.zhbanov@omprussia.ru&gt;
Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Cc: Ard Biesheuvel &lt;ardb@kernel.org&gt;
Cc: linux-efi@vger.kernel.org
Cc: Lukas Wunner &lt;lukas@wunner.de&gt;
Cc: Octavian Purdila &lt;octavian.purdila@intel.com&gt;
Cc: "Rafael J. Wysocki" &lt;rafael@kernel.org&gt;
Cc: Matt Fleming &lt;matt@codeblueprint.co.uk&gt;
Link: https://lore.kernel.org/r/20220301041851.12459-1-rdunlap@infradead.org
Signed-off-by: Ard Biesheuvel &lt;ardb@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When "dump_apple_properties" is used on the kernel boot command line,
it causes an Unknown parameter message and the string is added to init's
argument strings:

  Unknown kernel command line parameters "dump_apple_properties
    BOOT_IMAGE=/boot/bzImage-517rc6 efivar_ssdt=newcpu_ssdt", will be
    passed to user space.

 Run /sbin/init as init process
   with arguments:
     /sbin/init
     dump_apple_properties
   with environment:
     HOME=/
     TERM=linux
     BOOT_IMAGE=/boot/bzImage-517rc6
     efivar_ssdt=newcpu_ssdt

Similarly when "efivar_ssdt=somestring" is used, it is added to the
Unknown parameter message and to init's environment strings, polluting
them (see examples above).

Change the return value of the __setup functions to 1 to indicate
that the __setup options have been handled.

Fixes: 58c5475aba67 ("x86/efi: Retrieve and assign Apple device properties")
Fixes: 475fb4e8b2f4 ("efi / ACPI: load SSTDs from EFI variables")
Signed-off-by: Randy Dunlap &lt;rdunlap@infradead.org&gt;
Reported-by: Igor Zhbanov &lt;i.zhbanov@omprussia.ru&gt;
Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Cc: Ard Biesheuvel &lt;ardb@kernel.org&gt;
Cc: linux-efi@vger.kernel.org
Cc: Lukas Wunner &lt;lukas@wunner.de&gt;
Cc: Octavian Purdila &lt;octavian.purdila@intel.com&gt;
Cc: "Rafael J. Wysocki" &lt;rafael@kernel.org&gt;
Cc: Matt Fleming &lt;matt@codeblueprint.co.uk&gt;
Link: https://lore.kernel.org/r/20220301041851.12459-1-rdunlap@infradead.org
Signed-off-by: Ard Biesheuvel &lt;ardb@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>efivars: Respect "block" flag in efivar_entry_set_safe()</title>
<updated>2022-02-28T09:07:50+00:00</updated>
<author>
<name>Jann Horn</name>
<email>jannh@google.com</email>
</author>
<published>2022-02-18T18:05:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=258dd902022cb10c83671176688074879517fd21'/>
<id>258dd902022cb10c83671176688074879517fd21</id>
<content type='text'>
When the "block" flag is false, the old code would sometimes still call
check_var_size(), which wrongly tells -&gt;query_variable_store() that it can
block.

As far as I can tell, this can't really materialize as a bug at the moment,
because -&gt;query_variable_store only does something on X86 with generic EFI,
and in that configuration we always take the efivar_entry_set_nonblocking()
path.

Fixes: ca0e30dcaa53 ("efi: Add nonblocking option to efi_query_variable_store()")
Signed-off-by: Jann Horn &lt;jannh@google.com&gt;
Signed-off-by: Ard Biesheuvel &lt;ardb@kernel.org&gt;
Link: https://lore.kernel.org/r/20220218180559.1432559-1-jannh@google.com
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When the "block" flag is false, the old code would sometimes still call
check_var_size(), which wrongly tells -&gt;query_variable_store() that it can
block.

As far as I can tell, this can't really materialize as a bug at the moment,
because -&gt;query_variable_store only does something on X86 with generic EFI,
and in that configuration we always take the efivar_entry_set_nonblocking()
path.

Fixes: ca0e30dcaa53 ("efi: Add nonblocking option to efi_query_variable_store()")
Signed-off-by: Jann Horn &lt;jannh@google.com&gt;
Signed-off-by: Ard Biesheuvel &lt;ardb@kernel.org&gt;
Link: https://lore.kernel.org/r/20220218180559.1432559-1-jannh@google.com
</pre>
</div>
</content>
</entry>
<entry>
<title>riscv/efi_stub: Fix get_boot_hartid_from_fdt() return value</title>
<updated>2022-02-28T09:07:49+00:00</updated>
<author>
<name>Sunil V L</name>
<email>sunilvl@ventanamicro.com</email>
</author>
<published>2022-01-28T04:50:04+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=dcf0c838854c86e1f41fb1934aea906845d69782'/>
<id>dcf0c838854c86e1f41fb1934aea906845d69782</id>
<content type='text'>
The get_boot_hartid_from_fdt() function currently returns U32_MAX
for failure case which is not correct because U32_MAX is a valid
hartid value. This patch fixes the issue by returning error code.

Cc: &lt;stable@vger.kernel.org&gt;
Fixes: d7071743db31 ("RISC-V: Add EFI stub support.")
Signed-off-by: Sunil V L &lt;sunilvl@ventanamicro.com&gt;
Reviewed-by: Heinrich Schuchardt &lt;heinrich.schuchardt@canonical.com&gt;
Signed-off-by: Ard Biesheuvel &lt;ardb@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The get_boot_hartid_from_fdt() function currently returns U32_MAX
for failure case which is not correct because U32_MAX is a valid
hartid value. This patch fixes the issue by returning error code.

Cc: &lt;stable@vger.kernel.org&gt;
Fixes: d7071743db31 ("RISC-V: Add EFI stub support.")
Signed-off-by: Sunil V L &lt;sunilvl@ventanamicro.com&gt;
Reviewed-by: Heinrich Schuchardt &lt;heinrich.schuchardt@canonical.com&gt;
Signed-off-by: Ard Biesheuvel &lt;ardb@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>efi: runtime: avoid EFIv2 runtime services on Apple x86 machines</title>
<updated>2022-01-23T09:31:27+00:00</updated>
<author>
<name>Ard Biesheuvel</name>
<email>ardb@kernel.org</email>
</author>
<published>2022-01-12T10:14:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=f5390cd0b43c2e54c7cf5506c7da4a37c5cef746'/>
<id>f5390cd0b43c2e54c7cf5506c7da4a37c5cef746</id>
<content type='text'>
Aditya reports [0] that his recent MacbookPro crashes in the firmware
when using the variable services at runtime. The culprit appears to be a
call to QueryVariableInfo(), which we did not use to call on Apple x86
machines in the past as they only upgraded from EFI v1.10 to EFI v2.40
firmware fairly recently, and QueryVariableInfo() (along with
UpdateCapsule() et al) was added in EFI v2.00.

The only runtime service introduced in EFI v2.00 that we actually use in
Linux is QueryVariableInfo(), as the capsule based ones are optional,
generally not used at runtime (all the LVFS/fwupd firmware update
infrastructure uses helper EFI programs that invoke capsule update at
boot time, not runtime), and not implemented by Apple machines in the
first place. QueryVariableInfo() is used to 'safely' set variables,
i.e., only when there is enough space. This prevents machines with buggy
firmwares from corrupting their NVRAMs when they run out of space.

Given that Apple machines have been using EFI v1.10 services only for
the longest time (the EFI v2.0 spec was released in 2006, and Linux
support for the newly introduced runtime services was added in 2011, but
the MacbookPro12,1 released in 2015 still claims to be EFI v1.10 only),
let's avoid the EFI v2.0 ones on all Apple x86 machines.

[0] https://lore.kernel.org/all/6D757C75-65B1-468B-842D-10410081A8E4@live.com/

Cc: &lt;stable@vger.kernel.org&gt;
Cc: Jeremy Kerr &lt;jk@ozlabs.org&gt;
Cc: Matthew Garrett &lt;mjg59@srcf.ucam.org&gt;
Reported-by: Aditya Garg &lt;gargaditya08@live.com&gt;
Tested-by: Orlando Chamberlain &lt;redecorating@protonmail.com&gt;
Signed-off-by: Ard Biesheuvel &lt;ardb@kernel.org&gt;
Tested-by: Aditya Garg &lt;gargaditya08@live.com&gt;
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215277
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Aditya reports [0] that his recent MacbookPro crashes in the firmware
when using the variable services at runtime. The culprit appears to be a
call to QueryVariableInfo(), which we did not use to call on Apple x86
machines in the past as they only upgraded from EFI v1.10 to EFI v2.40
firmware fairly recently, and QueryVariableInfo() (along with
UpdateCapsule() et al) was added in EFI v2.00.

The only runtime service introduced in EFI v2.00 that we actually use in
Linux is QueryVariableInfo(), as the capsule based ones are optional,
generally not used at runtime (all the LVFS/fwupd firmware update
infrastructure uses helper EFI programs that invoke capsule update at
boot time, not runtime), and not implemented by Apple machines in the
first place. QueryVariableInfo() is used to 'safely' set variables,
i.e., only when there is enough space. This prevents machines with buggy
firmwares from corrupting their NVRAMs when they run out of space.

Given that Apple machines have been using EFI v1.10 services only for
the longest time (the EFI v2.0 spec was released in 2006, and Linux
support for the newly introduced runtime services was added in 2011, but
the MacbookPro12,1 released in 2015 still claims to be EFI v1.10 only),
let's avoid the EFI v2.0 ones on all Apple x86 machines.

[0] https://lore.kernel.org/all/6D757C75-65B1-468B-842D-10410081A8E4@live.com/

Cc: &lt;stable@vger.kernel.org&gt;
Cc: Jeremy Kerr &lt;jk@ozlabs.org&gt;
Cc: Matthew Garrett &lt;mjg59@srcf.ucam.org&gt;
Reported-by: Aditya Garg &lt;gargaditya08@live.com&gt;
Tested-by: Orlando Chamberlain &lt;redecorating@protonmail.com&gt;
Signed-off-by: Ard Biesheuvel &lt;ardb@kernel.org&gt;
Tested-by: Aditya Garg &lt;gargaditya08@live.com&gt;
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215277
</pre>
</div>
</content>
</entry>
<entry>
<title>efi/libstub: arm64: Fix image check alignment at entry</title>
<updated>2022-01-23T09:31:27+00:00</updated>
<author>
<name>Mihai Carabas</name>
<email>mihai.carabas@oracle.com</email>
</author>
<published>2022-01-19T16:14:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=e9b7c3a4263bdcfd31bc3d03d48ce0ded7a94635'/>
<id>e9b7c3a4263bdcfd31bc3d03d48ce0ded7a94635</id>
<content type='text'>
The kernel is aligned at SEGMENT_SIZE and this is the size populated in the PE
headers:

arch/arm64/kernel/efi-header.S: .long   SEGMENT_ALIGN // SectionAlignment

EFI_KIMG_ALIGN is defined as: (SEGMENT_ALIGN &gt; THREAD_ALIGN ? SEGMENT_ALIGN :
THREAD_ALIGN)

So it depends on THREAD_ALIGN. On newer builds this message started to appear
even though the loader is taking into account the PE header (which is stating
SEGMENT_ALIGN).

Fixes: c32ac11da3f8 ("efi/libstub: arm64: Double check image alignment at entry")
Signed-off-by: Mihai Carabas &lt;mihai.carabas@oracle.com&gt;
Signed-off-by: Ard Biesheuvel &lt;ardb@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The kernel is aligned at SEGMENT_SIZE and this is the size populated in the PE
headers:

arch/arm64/kernel/efi-header.S: .long   SEGMENT_ALIGN // SectionAlignment

EFI_KIMG_ALIGN is defined as: (SEGMENT_ALIGN &gt; THREAD_ALIGN ? SEGMENT_ALIGN :
THREAD_ALIGN)

So it depends on THREAD_ALIGN. On newer builds this message started to appear
even though the loader is taking into account the PE header (which is stating
SEGMENT_ALIGN).

Fixes: c32ac11da3f8 ("efi/libstub: arm64: Double check image alignment at entry")
Signed-off-by: Mihai Carabas &lt;mihai.carabas@oracle.com&gt;
Signed-off-by: Ard Biesheuvel &lt;ardb@kernel.org&gt;
</pre>
</div>
</content>
</entry>
</feed>
