linux-stable.git/drivers/firmware/efi, branch v6.18 Linux kernel stable tree Merge tag 'efi-next-for-v6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi 2025-10-05T19:08:14+00:00 Linus Torvalds torvalds@linux-foundation.org 2025-10-05T19:08:14+00:00 cf0e371d2b0e25d115442a281a232922a6dc0d6a Pull EFI updates from Ard Biesheuvel: - Document what OVMF stands for (Open Virtual Machine Firmware) - Clear NX restrictions also from 'more reliable' type memory when using the DXE service API * tag 'efi-next-for-v6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi: efi/x86: Memory protection on EfiGcdMemoryTypeMoreReliable efi: Explain OVMF acronym in OVMF_DEBUG_LOG help text 
Pull EFI updates from Ard Biesheuvel:

 - Document what OVMF stands for (Open Virtual Machine Firmware)

 - Clear NX restrictions also from 'more reliable' type memory when
   using the DXE service API

* tag 'efi-next-for-v6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi:
  efi/x86: Memory protection on EfiGcdMemoryTypeMoreReliable
  efi: Explain OVMF acronym in OVMF_DEBUG_LOG help text
Merge tag 'mm-nonmm-stable-2025-10-02-15-29' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm 2025-10-03T01:44:54+00:00 Linus Torvalds torvalds@linux-foundation.org 2025-10-03T01:44:54+00:00 e406d57be7bd2a4e73ea512c1ae36a40a44e499e Pull non-MM updates from Andrew Morton: - "ida: Remove the ida_simple_xxx() API" from Christophe Jaillet completes the removal of this legacy IDR API - "panic: introduce panic status function family" from Jinchao Wang provides a number of cleanups to the panic code and its various helpers, which were rather ad-hoc and scattered all over the place - "tools/delaytop: implement real-time keyboard interaction support" from Fan Yu adds a few nice user-facing usability changes to the delaytop monitoring tool - "efi: Fix EFI boot with kexec handover (KHO)" from Evangelos Petrongonas fixes a panic which was happening with the combination of EFI and KHO - "Squashfs: performance improvement and a sanity check" from Phillip Lougher teaches squashfs's lseek() about SEEK_DATA/SEEK_HOLE. A mere 150x speedup was measured for a well-chosen microbenchmark - plus another 50-odd singleton patches all over the place * tag 'mm-nonmm-stable-2025-10-02-15-29' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm: (75 commits) Squashfs: reject negative file sizes in squashfs_read_inode() kallsyms: use kmalloc_array() instead of kmalloc() MAINTAINERS: update Sibi Sankar's email address Squashfs: add SEEK_DATA/SEEK_HOLE support Squashfs: add additional inode sanity checking lib/genalloc: fix device leak in of_gen_pool_get() panic: remove CONFIG_PANIC_ON_OOPS_VALUE ocfs2: fix double free in user_cluster_connect() checkpatch: suppress strscpy warnings for userspace tools cramfs: fix incorrect physical page address calculation kernel: prevent prctl(PR_SET_PDEATHSIG) from racing with parent process exit Squashfs: fix uninit-value in squashfs_get_parent kho: only fill kimage if KHO is finalized ocfs2: avoid extra calls to strlen() after ocfs2_sprintf_system_inode_name() kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths sched/task.h: fix the wrong comment on task_lock() nesting with tasklist_lock coccinelle: platform_no_drv_owner: handle also built-in drivers coccinelle: of_table: handle SPI device ID tables lib/decompress: use designated initializers for struct compress_format efi: support booting with kexec handover (KHO) ... 
Pull non-MM updates from Andrew Morton:

 - "ida: Remove the ida_simple_xxx() API" from Christophe Jaillet
   completes the removal of this legacy IDR API

 - "panic: introduce panic status function family" from Jinchao Wang
   provides a number of cleanups to the panic code and its various
   helpers, which were rather ad-hoc and scattered all over the place

 - "tools/delaytop: implement real-time keyboard interaction support"
   from Fan Yu adds a few nice user-facing usability changes to the
   delaytop monitoring tool

 - "efi: Fix EFI boot with kexec handover (KHO)" from Evangelos
   Petrongonas fixes a panic which was happening with the combination of
   EFI and KHO

 - "Squashfs: performance improvement and a sanity check" from Phillip
   Lougher teaches squashfs's lseek() about SEEK_DATA/SEEK_HOLE. A mere
   150x speedup was measured for a well-chosen microbenchmark

 - plus another 50-odd singleton patches all over the place

* tag 'mm-nonmm-stable-2025-10-02-15-29' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm: (75 commits)
  Squashfs: reject negative file sizes in squashfs_read_inode()
  kallsyms: use kmalloc_array() instead of kmalloc()
  MAINTAINERS: update Sibi Sankar's email address
  Squashfs: add SEEK_DATA/SEEK_HOLE support
  Squashfs: add additional inode sanity checking
  lib/genalloc: fix device leak in of_gen_pool_get()
  panic: remove CONFIG_PANIC_ON_OOPS_VALUE
  ocfs2: fix double free in user_cluster_connect()
  checkpatch: suppress strscpy warnings for userspace tools
  cramfs: fix incorrect physical page address calculation
  kernel: prevent prctl(PR_SET_PDEATHSIG) from racing with parent process exit
  Squashfs: fix uninit-value in squashfs_get_parent
  kho: only fill kimage if KHO is finalized
  ocfs2: avoid extra calls to strlen() after ocfs2_sprintf_system_inode_name()
  kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths
  sched/task.h: fix the wrong comment on task_lock() nesting with tasklist_lock
  coccinelle: platform_no_drv_owner: handle also built-in drivers
  coccinelle: of_table: handle SPI device ID tables
  lib/decompress: use designated initializers for struct compress_format
  efi: support booting with kexec handover (KHO)
  ...
efi/x86: Memory protection on EfiGcdMemoryTypeMoreReliable 2025-09-29T15:13:39+00:00 Lenny Szubowicz lszubowi@redhat.com 2025-09-16T19:38:53+00:00 99da5bf3dd6a8cb951adcace6153c34c86547811 Check for needed memory protection changes on EFI DXE GCD memory space descriptors with type EfiGcdMemoryTypeMoreReliable in addition to EfiGcdMemoryTypeSystemMemory. This fixes a fault on entry into the decompressed kernel from the EFI stub that occurs when the memory allocated for the decompressed kernel is more reliable memory, has NX/XP set, and the kernel needs to use the EFI DXE protocol to adjust memory protections. The memory descriptors returned by the DXE protocol GetMemorySpaceDescriptor() service use a different GCD memory type to distinguish more reliable memory ranges from their conventional counterparts. This is in contrast to the EFI memory descriptors returned by the EFI GetMemoryMap() service which use the EFI_MEMORY_MORE_RELIABLE memory attributes flag to identify EFI_CONVENTIONAL_MEMORY type regions that have this additional property. Signed-off-by: Lenny Szubowicz <lszubowi@redhat.com> Signed-off-by: Ard Biesheuvel <ardb@kernel.org> 
Check for needed memory protection changes on EFI DXE GCD memory space
descriptors with type EfiGcdMemoryTypeMoreReliable in addition to
EfiGcdMemoryTypeSystemMemory.

This fixes a fault on entry into the decompressed kernel from the
EFI stub that occurs when the memory allocated for the decompressed
kernel is more reliable memory, has NX/XP set, and the kernel needs
to use the EFI DXE protocol to adjust memory protections.

The memory descriptors returned by the DXE protocol
GetMemorySpaceDescriptor() service use a different GCD memory type
to distinguish more reliable memory ranges from their conventional
counterparts. This is in contrast to the EFI memory descriptors
returned by the EFI GetMemoryMap() service which use the
EFI_MEMORY_MORE_RELIABLE memory attributes flag to identify
EFI_CONVENTIONAL_MEMORY type regions that have this additional
property.

Signed-off-by: Lenny Szubowicz <lszubowi@redhat.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Merge branch 'x86/urgent' into x86/apic, to resolve conflict 2025-09-16T06:24:22+00:00 Ingo Molnar mingo@kernel.org 2025-09-16T06:24:22+00:00 85df1cd15ff5d775e88e23b9fc2a9f429fa5b504 Conflicts: arch/x86/include/asm/sev.h Signed-off-by: Ingo Molnar <mingo@kernel.org> 
 Conflicts:
	arch/x86/include/asm/sev.h

Signed-off-by: Ingo Molnar <mingo@kernel.org>
efi: support booting with kexec handover (KHO) 2025-09-14T00:32:57+00:00 Evangelos Petrongonas epetron@amazon.de 2025-08-21T17:59:00+00:00 5b86af1ded2d90402477dce6d4cf8dfa95cca6ac When KHO (Kexec HandOver) is enabled, it sets up scratch memory regions early during device tree scanning. After kexec, the new kernel exclusively uses this region for memory allocations during boot up to the initialization of the page allocator However, when booting with EFI, EFI's reserve_regions() uses memblock_remove(0, PHYS_ADDR_MAX) to clear all memory regions before rebuilding them from EFI data. This destroys KHO scratch regions and their flags, thus causing a kernel panic, as there are no scratch memory regions. Instead of wholesale removal, iterate through memory regions and only remove non-KHO ones. This preserves KHO scratch regions, which are good known memory, while still allowing EFI to rebuild its memory map. Link: https://lkml.kernel.org/r/b34da9fd50c89644cd4204136cfa6f5533445c56.1755721529.git.epetron@amazon.de Signed-off-by: Evangelos Petrongonas <epetron@amazon.de> Acked-by: Mike Rapoport (Microsoft) <rppt@kernel.org> Acked-by: Pratyush Yadav <pratyush@kernel.org> Cc: Alexander Graf <graf@amazon.com> Cc: Ard Biesheuvel <ardb@kernel.org> Cc: Baoquan He <bhe@redhat.com> Cc: Changyuan Lyu <changyuanl@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> 
When KHO (Kexec HandOver) is enabled, it sets up scratch memory regions
early during device tree scanning.  After kexec, the new kernel
exclusively uses this region for memory allocations during boot up to the
initialization of the page allocator

However, when booting with EFI, EFI's reserve_regions() uses
memblock_remove(0, PHYS_ADDR_MAX) to clear all memory regions before
rebuilding them from EFI data.  This destroys KHO scratch regions and
their flags, thus causing a kernel panic, as there are no scratch memory
regions.

Instead of wholesale removal, iterate through memory regions and only
remove non-KHO ones.  This preserves KHO scratch regions, which are good
known memory, while still allowing EFI to rebuild its memory map.

Link: https://lkml.kernel.org/r/b34da9fd50c89644cd4204136cfa6f5533445c56.1755721529.git.epetron@amazon.de
Signed-off-by: Evangelos Petrongonas <epetron@amazon.de>
Acked-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
Acked-by: Pratyush Yadav <pratyush@kernel.org>
Cc: Alexander Graf <graf@amazon.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Baoquan He <bhe@redhat.com>
Cc: Changyuan Lyu <changyuanl@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
efistub/x86: Remap inittext read-execute when needed 2025-09-03T16:05:42+00:00 Ard Biesheuvel ardb@kernel.org 2025-08-28T10:22:23+00:00 e7b88bc0051c5062bdd73b58837cf277d0057358 Recent EFI x86 systems are more strict when it comes to mapping boot images, and require that mappings are either read-write or read-execute. Now that the boot code is being cleaned up and refactored, most of it is being moved into .init.text [where it arguably belongs] but that implies that when booting on such strict EFI firmware, we need to take care to map .init.text (and the .altinstr_aux section that follows it) read-execute as well. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Link: https://lore.kernel.org/20250828102202.1849035-44-ardb+git@google.com 
Recent EFI x86 systems are more strict when it comes to mapping boot
images, and require that mappings are either read-write or read-execute.

Now that the boot code is being cleaned up and refactored, most of it is
being moved into .init.text [where it arguably belongs] but that implies
that when booting on such strict EFI firmware, we need to take care to
map .init.text (and the .altinstr_aux section that follows it)
read-execute as well.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/20250828102202.1849035-44-ardb+git@google.com
efi: Explain OVMF acronym in OVMF_DEBUG_LOG help text 2025-08-29T17:02:04+00:00 Geert Uytterhoeven geert+renesas@glider.be 2025-08-12T13:54:29+00:00 05e75ac35ee9e38f96bbfebf1830ec2cace2e7f8 People not very intimate with EFI may not know the meaning of the OVMF acronym. Write it in full, to help users with making good decisions when configuring their kernels. Fixes: f393a761763c5427 ("efi: add ovmf debug log driver") Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be> Reviewed-by: Richard Lyu <richard.lyu@suse.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Ard Biesheuvel <ardb@kernel.org> 
People not very intimate with EFI may not know the meaning of the OVMF
acronym.  Write it in full, to help users with making good decisions
when configuring their kernels.

Fixes: f393a761763c5427 ("efi: add ovmf debug log driver")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Richard Lyu <richard.lyu@suse.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
efi: stmm: Drop unneeded null pointer check 2025-08-26T12:49:42+00:00 Jan Kiszka jan.kiszka@siemens.com 2025-08-25T16:07:13+00:00 134ed1093907a79e5d98087513f13fd7652c4df9 The API documenation of setup_mm_hdr does not mention that dptr can be NULL, this is a local function, and no caller passes NULL. So drop the unneeded check. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Sumit Garg <sumit.garg@oss.qualcomm.com> Signed-off-by: Ard Biesheuvel <ardb@kernel.org> 
The API documenation of setup_mm_hdr does not mention that dptr can be
NULL, this is a local function, and no caller passes NULL. So drop the
unneeded check.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
efi: stmm: Drop unused EFI error from setup_mm_hdr arguments 2025-08-26T12:49:42+00:00 Jan Kiszka jan.kiszka@siemens.com 2025-08-25T16:07:12+00:00 01a3044af5d910e1f8b0bee53b2e0eccee8f9a5c No caller ever evaluates what we return in 'ret'. They only use the return code of the function. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Sumit Garg <sumit.garg@oss.qualcomm.com> Signed-off-by: Ard Biesheuvel <ardb@kernel.org> 
No caller ever evaluates what we return in 'ret'. They only use the
return code of the function.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
efi: stmm: Do not return EFI_OUT_OF_RESOURCES on internal errors 2025-08-26T12:49:42+00:00 Jan Kiszka jan.kiszka@siemens.com 2025-08-25T16:07:11+00:00 80c6c1048625712200ab9cdc665d792b85594e2c When we are low on memory or when the internal API is violated, we cannot return EFI_OUT_OF_RESOURCES. According to the UEFI standard, that error code is either related to persistent storage used for the variable or even not foreseen as possible error (GetVariable e.g.). Use the not fully accurate but compliant error code EFI_DEVICE_ERROR in those cases. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Sumit Garg <sumit.garg@oss.qualcomm.com> Signed-off-by: Ard Biesheuvel <ardb@kernel.org> 
When we are low on memory or when the internal API is violated, we
cannot return EFI_OUT_OF_RESOURCES. According to the UEFI standard, that
error code is either related to persistent storage used for the variable
or even not foreseen as possible error (GetVariable e.g.). Use the not
fully accurate but compliant error code EFI_DEVICE_ERROR in those cases.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>