linux-stable.git/drivers/firmware, branch v6.0.7 Linux kernel stable tree efi: ssdt: Don't free memory if ACPI table was loaded successfully 2022-10-26T10:22:57+00:00 Ard Biesheuvel ardb@kernel.org 2022-10-14T10:25:52+00:00 11497fd69cd2282538ec6eb4cda1d16fc061233d commit 4b017e59f01097f19b938f6dc4dc2c4720701610 upstream. Amadeusz reports KASAN use-after-free errors introduced by commit 3881ee0b1edc ("efi: avoid efivars layer when loading SSDTs from variables"). The problem appears to be that the memory that holds the new ACPI table is now freed unconditionally, instead of only when the ACPI core reported a failure to load the table. So let's fix this, by omitting the kfree() on success. Cc: <stable@vger.kernel.org> # v6.0 Link: https://lore.kernel.org/all/a101a10a-4fbb-5fae-2e3c-76cf96ed8fbd@linux.intel.com/ Fixes: 3881ee0b1edc ("efi: avoid efivars layer when loading SSDTs from variables") Reported-by: Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com> Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit 4b017e59f01097f19b938f6dc4dc2c4720701610 upstream.

Amadeusz reports KASAN use-after-free errors introduced by commit
3881ee0b1edc ("efi: avoid efivars layer when loading SSDTs from
variables"). The problem appears to be that the memory that holds the
new ACPI table is now freed unconditionally, instead of only when the
ACPI core reported a failure to load the table.

So let's fix this, by omitting the kfree() on success.

Cc: <stable@vger.kernel.org> # v6.0
Link: https://lore.kernel.org/all/a101a10a-4fbb-5fae-2e3c-76cf96ed8fbd@linux.intel.com/
Fixes: 3881ee0b1edc ("efi: avoid efivars layer when loading SSDTs from variables")
Reported-by: Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
efi: efivars: Fix variable writes without query_variable_store() 2022-10-26T10:22:57+00:00 Ard Biesheuvel ardb@kernel.org 2022-10-19T21:29:58+00:00 c2a000ad03bb3a0d0f389adcfc9f8c61622da363 commit 8a254d90a77580244ec57e82bca7eb65656cc167 upstream. Commit bbc6d2c6ef22 ("efi: vars: Switch to new wrapper layer") refactored the efivars layer so that the 'business logic' related to which UEFI variables affect the boot flow in which way could be moved out of it, and into the efivarfs driver. This inadvertently broke setting variables on firmware implementations that lack the QueryVariableInfo() boot service, because we no longer tolerate a EFI_UNSUPPORTED result from check_var_size() when calling efivar_entry_set_get_size(), which now ends up calling check_var_size() a second time inadvertently. If QueryVariableInfo() is missing, we support writes of up to 64k - let's move that logic into check_var_size(), and drop the redundant call. Cc: <stable@vger.kernel.org> # v6.0 Fixes: bbc6d2c6ef22 ("efi: vars: Switch to new wrapper layer") Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit 8a254d90a77580244ec57e82bca7eb65656cc167 upstream.

Commit bbc6d2c6ef22 ("efi: vars: Switch to new wrapper layer")
refactored the efivars layer so that the 'business logic' related to
which UEFI variables affect the boot flow in which way could be moved
out of it, and into the efivarfs driver.

This inadvertently broke setting variables on firmware implementations
that lack the QueryVariableInfo() boot service, because we no longer
tolerate a EFI_UNSUPPORTED result from check_var_size() when calling
efivar_entry_set_get_size(), which now ends up calling check_var_size()
a second time inadvertently.

If QueryVariableInfo() is missing, we support writes of up to 64k -
let's move that logic into check_var_size(), and drop the redundant
call.

Cc: <stable@vger.kernel.org> # v6.0
Fixes: bbc6d2c6ef22 ("efi: vars: Switch to new wrapper layer")
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
firmware: google: Test spinlock on panic path to avoid lockups 2022-10-21T10:38:49+00:00 Guilherme G. Piccoli gpiccoli@igalia.com 2022-09-09T20:07:55+00:00 dcdd03eef68969dd10533648c9001d62e064885e [ Upstream commit 3e081438b8e639cc76ef1a5ce0c1bd8a154082c7 ] Currently the gsmi driver registers a panic notifier as well as reboot and die notifiers. The callbacks registered are called in atomic and very limited context - for instance, panic disables preemption and local IRQs, also all secondary CPUs (not executing the panic path) are shutdown. With that said, taking a spinlock in this scenario is a dangerous invitation for lockup scenarios. So, fix that by checking if the spinlock is free to acquire in the panic notifier callback - if not, bail-out and avoid a potential hang. Fixes: 74c5b31c6618 ("driver: Google EFI SMI") Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Ard Biesheuvel <ardb@kernel.org> Cc: David Gow <davidgow@google.com> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Julius Werner <jwerner@chromium.org> Cc: Petr Mladek <pmladek@suse.com> Reviewed-by: Evan Green <evgreen@chromium.org> Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com> Link: https://lore.kernel.org/r/20220909200755.189679-1-gpiccoli@igalia.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit 3e081438b8e639cc76ef1a5ce0c1bd8a154082c7 ]

Currently the gsmi driver registers a panic notifier as well as
reboot and die notifiers. The callbacks registered are called in
atomic and very limited context - for instance, panic disables
preemption and local IRQs, also all secondary CPUs (not executing
the panic path) are shutdown.

With that said, taking a spinlock in this scenario is a dangerous
invitation for lockup scenarios. So, fix that by checking if the
spinlock is free to acquire in the panic notifier callback - if not,
bail-out and avoid a potential hang.

Fixes: 74c5b31c6618 ("driver: Google EFI SMI")
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: David Gow <davidgow@google.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Julius Werner <jwerner@chromium.org>
Cc: Petr Mladek <pmladek@suse.com>
Reviewed-by: Evan Green <evgreen@chromium.org>
Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
Link: https://lore.kernel.org/r/20220909200755.189679-1-gpiccoli@igalia.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
efi: libstub: drop pointless get_memory_map() call 2022-10-21T10:37:54+00:00 Ard Biesheuvel ardb@kernel.org 2022-09-15T17:00:24+00:00 107a47e89d028ea1de93de77d4f50247514ad89d commit d80ca810f096ff66f451e7a3ed2f0cd9ef1ff519 upstream. Currently, the non-x86 stub code calls get_memory_map() redundantly, given that the data it returns is never used anywhere. So drop the call. Cc: <stable@vger.kernel.org> # v4.14+ Fixes: 24d7c494ce46 ("efi/arm-stub: Round up FDT allocation to mapping size") Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit d80ca810f096ff66f451e7a3ed2f0cd9ef1ff519 upstream.

Currently, the non-x86 stub code calls get_memory_map() redundantly,
given that the data it returns is never used anywhere. So drop the call.

Cc: <stable@vger.kernel.org> # v4.14+
Fixes: 24d7c494ce46 ("efi/arm-stub: Round up FDT allocation to mapping size")
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Merge tag 'mmc-v6.0-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc 2022-09-28T18:36:31+00:00 Linus Torvalds torvalds@linux-foundation.org 2022-09-28T18:36:31+00:00 e817c070fd9f813774defd8ef5e0349108e924e0 Pull MMC fixes from Ulf Hansson: "A couple of MMC fixes. This time there is also a fix for the ARM SCMI firmware driver, which has been acked by Sudeep Holla, the maintainer. MMC core: - Terminate infinite loop in SD-UHS voltage switch MMC host: - hsq: Fix kernel crash in the recovery path - moxart: Fix bus width configurations - sdhci: Fix kernel panic for cqe irq ARM_SCMI: - Fixup clock management by reverting 'firmware: arm_scmi: Add clock management to the SCMI power domain'" * tag 'mmc-v6.0-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: hsq: Fix data stomping during mmc recovery Revert "firmware: arm_scmi: Add clock management to the SCMI power domain" mmc: core: Terminate infinite loop in SD-UHS voltage switch mmc: moxart: fix 4-bit bus width and remove 8-bit bus width mmc: sdhci: Fix host->cmd is null 
Pull MMC fixes from Ulf Hansson:
 "A couple of MMC fixes. This time there is also a fix for the ARM SCMI
  firmware driver, which has been acked by Sudeep Holla, the maintainer.

  MMC core:
   - Terminate infinite loop in SD-UHS voltage switch

  MMC host:
   - hsq: Fix kernel crash in the recovery path
   - moxart: Fix bus width configurations
   - sdhci: Fix kernel panic for cqe irq

  ARM_SCMI:
   - Fixup clock management by reverting 'firmware: arm_scmi: Add clock
     management to the SCMI power domain'"

* tag 'mmc-v6.0-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
  mmc: hsq: Fix data stomping during mmc recovery
  Revert "firmware: arm_scmi: Add clock management to the SCMI power domain"
  mmc: core: Terminate infinite loop in SD-UHS voltage switch
  mmc: moxart: fix 4-bit bus width and remove 8-bit bus width
  mmc: sdhci: Fix host->cmd is null
Revert "firmware: arm_scmi: Add clock management to the SCMI power domain" 2022-09-23T08:19:47+00:00 Ulf Hansson ulf.hansson@linaro.org 2022-09-19T12:20:33+00:00 3c6656337852e9f1a4079d172f3fddfbf00868f9 This reverts commit a3b884cef873 ("firmware: arm_scmi: Add clock management to the SCMI power domain"). Using the GENPD_FLAG_PM_CLK tells genpd to gate/ungate the consumer device's clock(s) during runtime suspend/resume through the PM clock API. More precisely, in genpd_runtime_resume() the clock(s) for the consumer device would become ungated prior to the driver-level ->runtime_resume() callbacks gets invoked. This behaviour isn't a good fit for all platforms/drivers. For example, a driver may need to make some preparations of its device in its ->runtime_resume() callback, like calling clk_set_rate() before the clock(s) should be ungated. In these cases, it's easier to let the clock(s) to be managed solely by the driver, rather than at the PM domain level. For these reasons, let's drop the use GENPD_FLAG_PM_CLK for the SCMI PM domain, as to enable it to be more easily adopted across ARM platforms. Fixes: a3b884cef873 ("firmware: arm_scmi: Add clock management to the SCMI power domain") Cc: Nicolas Pitre <npitre@baylibre.com> Cc: stable@vger.kernel.org Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org> Tested-by: Peng Fan <peng.fan@nxp.com> Acked-by: Sudeep Holla <sudeep.holla@arm.com> Link: https://lore.kernel.org/r/20220919122033.86126-1-ulf.hansson@linaro.org 
This reverts commit a3b884cef873 ("firmware: arm_scmi: Add clock management
to the SCMI power domain").

Using the GENPD_FLAG_PM_CLK tells genpd to gate/ungate the consumer
device's clock(s) during runtime suspend/resume through the PM clock API.
More precisely, in genpd_runtime_resume() the clock(s) for the consumer
device would become ungated prior to the driver-level ->runtime_resume()
callbacks gets invoked.

This behaviour isn't a good fit for all platforms/drivers. For example, a
driver may need to make some preparations of its device in its
->runtime_resume() callback, like calling clk_set_rate() before the
clock(s) should be ungated. In these cases, it's easier to let the clock(s)
to be managed solely by the driver, rather than at the PM domain level.

For these reasons, let's drop the use GENPD_FLAG_PM_CLK for the SCMI PM
domain, as to enable it to be more easily adopted across ARM platforms.

Fixes: a3b884cef873 ("firmware: arm_scmi: Add clock management to the SCMI power domain")
Cc: Nicolas Pitre <npitre@baylibre.com>
Cc: stable@vger.kernel.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Tested-by: Peng Fan <peng.fan@nxp.com>
Acked-by: Sudeep Holla <sudeep.holla@arm.com>
Link: https://lore.kernel.org/r/20220919122033.86126-1-ulf.hansson@linaro.org
Merge tag 'soc-fixes-6.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc 2022-09-22T18:10:11+00:00 Linus Torvalds torvalds@linux-foundation.org 2022-09-22T18:10:11+00:00 c69cf88cda5faca0e411babb67ac0d8bfd8b4646 Pull ARM SoC fixes from Arnd Bergmann: "Another set of fixes for fixes for the soc tree: - A fix for the interrupt number on at91/lan966 ethernet PHYs - A second round of fixes for NXP i.MX series, including a couple of build issues, and board specific DT corrections on TQMa8MPQL, imx8mp-venice-gw74xx and imx8mm-verdin for reliability and partially broken functionality - Several fixes for Rockchip SoCs, addressing a USB issue on BPI-R2-Pro, wakeup on Gru-Bob and reliability of high-speed SD cards, among other minor issues - A fix for a long-running naming mistake that prevented the moxart mmc driver from working at all - Multiple Arm SCMI firmware fixes for hardening some corner cases" * tag 'soc-fixes-6.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (30 commits) arm64: dts: imx8mp-venice-gw74xx: fix port/phy validation ARM: dts: lan966x: Fix the interrupt number for internal PHYs arm64: dts: imx8mp-venice-gw74xx: fix ksz9477 cpu port arm64: dts: imx8mp-venice-gw74xx: fix CAN STBY polarity dt-bindings: memory-controllers: fsl,imx8m-ddrc: drop Leonard Crestez arm64: dts: tqma8mqml: Include phy-imx8-pcie.h header arm64: defconfig: enable ARCH_NXP arm64: dts: imx8mp-tqma8mpql-mba8mpxl: add missing pinctrl for RTC alarm ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer arm64: dts: imx8mm-verdin: extend pmic voltages arm64: dts: rockchip: Remove 'enable-active-low' from rk3566-quartz64-a arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma arm64: dts: rockchip: fix property for usb2 phy supply on rk3568-evb1-v10 arm64: dts: rockchip: fix property for usb2 phy supply on rock-3a arm64: dts: imx8ulp: add #reset-cells for pcc arm64: dts: tqma8mpxl-ba8mpxl: Fix button GPIOs arm64: dts: imx8mn: remove GPU power domain reset arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz arm64: dts: imx8mm: Reverse CPLD_Dn GPIO label mapping on MX8Menlo arm64: dts: rockchip: fix upper usb port on BPI-R2-Pro ... 
Pull ARM SoC fixes from Arnd Bergmann:
 "Another set of fixes for fixes for the soc tree:

   - A fix for the interrupt number on at91/lan966 ethernet PHYs

   - A second round of fixes for NXP i.MX series, including a couple of
     build issues, and board specific DT corrections on TQMa8MPQL,
     imx8mp-venice-gw74xx and imx8mm-verdin for reliability and
     partially broken functionality

   - Several fixes for Rockchip SoCs, addressing a USB issue on
     BPI-R2-Pro, wakeup on Gru-Bob and reliability of high-speed SD
     cards, among other minor issues

   - A fix for a long-running naming mistake that prevented the moxart
     mmc driver from working at all

   - Multiple Arm SCMI firmware fixes for hardening some corner cases"

* tag 'soc-fixes-6.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (30 commits)
  arm64: dts: imx8mp-venice-gw74xx: fix port/phy validation
  ARM: dts: lan966x: Fix the interrupt number for internal PHYs
  arm64: dts: imx8mp-venice-gw74xx: fix ksz9477 cpu port
  arm64: dts: imx8mp-venice-gw74xx: fix CAN STBY polarity
  dt-bindings: memory-controllers: fsl,imx8m-ddrc: drop Leonard Crestez
  arm64: dts: tqma8mqml: Include phy-imx8-pcie.h header
  arm64: defconfig: enable ARCH_NXP
  arm64: dts: imx8mp-tqma8mpql-mba8mpxl: add missing pinctrl for RTC alarm
  ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer
  arm64: dts: imx8mm-verdin: extend pmic voltages
  arm64: dts: rockchip: Remove 'enable-active-low' from rk3566-quartz64-a
  arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma
  arm64: dts: rockchip: fix property for usb2 phy supply on rk3568-evb1-v10
  arm64: dts: rockchip: fix property for usb2 phy supply on rock-3a
  arm64: dts: imx8ulp: add #reset-cells for pcc
  arm64: dts: tqma8mpxl-ba8mpxl: Fix button GPIOs
  arm64: dts: imx8mn: remove GPU power domain reset
  arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz
  arm64: dts: imx8mm: Reverse CPLD_Dn GPIO label mapping on MX8Menlo
  arm64: dts: rockchip: fix upper usb port on BPI-R2-Pro
  ...
Merge tag 'efi-urgent-for-v6.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi 2022-09-22T17:27:38+00:00 Linus Torvalds torvalds@linux-foundation.org 2022-09-22T17:27:38+00:00 129e7152184b0224f9ca3f91b870acc14c64e1fa Pull EFI fixes from Ard Biesheuvel: - Use the right variable to check for shim insecure mode - Wipe setup_data field when booting via EFI - Add missing error check to efibc driver * tag 'efi-urgent-for-v6.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi: efi: libstub: check Shim mode using MokSBStateRT efi: x86: Wipe setup_data on pure EFI boot efi: efibc: Guard against allocation failure 
Pull EFI fixes from Ard Biesheuvel:

 - Use the right variable to check for shim insecure mode

 - Wipe setup_data field when booting via EFI

 - Add missing error check to efibc driver

* tag 'efi-urgent-for-v6.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi:
  efi: libstub: check Shim mode using MokSBStateRT
  efi: x86: Wipe setup_data on pure EFI boot
  efi: efibc: Guard against allocation failure
efi: libstub: check Shim mode using MokSBStateRT 2022-09-22T08:15:44+00:00 Ard Biesheuvel ardb@kernel.org 2022-09-20T15:08:23+00:00 5f56a74cc0a6d9b9f8ba89cea29cd7c4774cb2b1 We currently check the MokSBState variable to decide whether we should treat UEFI secure boot as being disabled, even if the firmware thinks otherwise. This is used by shim to indicate that it is not checking signatures on boot images. In the kernel, we use this to relax lockdown policies. However, in cases where shim is not even being used, we don't want this variable to interfere with lockdown, given that the variable may be non-volatile and therefore persist across a reboot. This means setting it once will persistently disable lockdown checks on a given system. So switch to the mirrored version of this variable, called MokSBStateRT, which is supposed to be volatile, and this is something we can check. Cc: <stable@vger.kernel.org> # v4.19+ Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Peter Jones <pjones@redhat.com> 
We currently check the MokSBState variable to decide whether we should
treat UEFI secure boot as being disabled, even if the firmware thinks
otherwise. This is used by shim to indicate that it is not checking
signatures on boot images. In the kernel, we use this to relax lockdown
policies.

However, in cases where shim is not even being used, we don't want this
variable to interfere with lockdown, given that the variable may be
non-volatile and therefore persist across a reboot. This means setting
it once will persistently disable lockdown checks on a given system.

So switch to the mirrored version of this variable, called MokSBStateRT,
which is supposed to be volatile, and this is something we can check.

Cc: <stable@vger.kernel.org> # v4.19+
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Peter Jones <pjones@redhat.com>
efi: x86: Wipe setup_data on pure EFI boot 2022-09-22T08:12:51+00:00 Ard Biesheuvel ardb@kernel.org 2022-08-04T13:39:48+00:00 63bf28ceb3ebbe76048c3fb2987996ca1ae64f83 When booting the x86 kernel via EFI using the LoadImage/StartImage boot services [as opposed to the deprecated EFI handover protocol], the setup header is taken from the image directly, and given that EFI's LoadImage has no Linux/x86 specific knowledge regarding struct bootparams or struct setup_header, any absolute addresses in the setup header must originate from the file and not from a prior loading stage. Since we cannot generally predict where LoadImage() decides to load an image (*), such absolute addresses must be treated as suspect: even if a prior boot stage intended to make them point somewhere inside the [signed] image, there is no way to validate that, and if they point at an arbitrary location in memory, the setup_data nodes will not be covered by any signatures or TPM measurements either, and could be made to contain an arbitrary sequence of SETUP_xxx nodes, which could interfere quite badly with the early x86 boot sequence. (*) Note that, while LoadImage() does take a buffer/size tuple in addition to a device path, which can be used to provide the image contents directly, it will re-allocate such images, as the memory footprint of an image is generally larger than the PE/COFF file representation. Cc: <stable@vger.kernel.org> # v5.10+ Link: https://lore.kernel.org/all/20220904165321.1140894-1-Jason@zx2c4.com/ Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Jason A. Donenfeld <Jason@zx2c4.com> 
When booting the x86 kernel via EFI using the LoadImage/StartImage boot
services [as opposed to the deprecated EFI handover protocol], the setup
header is taken from the image directly, and given that EFI's LoadImage
has no Linux/x86 specific knowledge regarding struct bootparams or
struct setup_header, any absolute addresses in the setup header must
originate from the file and not from a prior loading stage.

Since we cannot generally predict where LoadImage() decides to load an
image (*), such absolute addresses must be treated as suspect: even if a
prior boot stage intended to make them point somewhere inside the
[signed] image, there is no way to validate that, and if they point at
an arbitrary location in memory, the setup_data nodes will not be
covered by any signatures or TPM measurements either, and could be made
to contain an arbitrary sequence of SETUP_xxx nodes, which could
interfere quite badly with the early x86 boot sequence.

(*) Note that, while LoadImage() does take a buffer/size tuple in
addition to a device path, which can be used to provide the image
contents directly, it will re-allocate such images, as the memory
footprint of an image is generally larger than the PE/COFF file
representation.

Cc: <stable@vger.kernel.org> # v5.10+
Link: https://lore.kernel.org/all/20220904165321.1140894-1-Jason@zx2c4.com/
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Jason A. Donenfeld <Jason@zx2c4.com>