tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'efi-urgent-2020-06-28' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull EFI fixes from Ingo Molnar:

- Fix build regression on v4.8 and older

- Robustness fix for TPM log parsing code

- kobject refcount fix for the ESRT parsing code

- Two efivarfs fixes to make it behave more like an ordinary file
system

- Style fixup for zero length arrays

- Fix a regression in path separator handling in the initrd loader

- Fix a missing prototype warning

- Add some kerneldoc headers for newly introduced stub routines

- Allow support for SSDT overrides via EFI variables to be disabled

- Report CPU mode and MMU state upon entry for 32-bit ARM

- Use the correct stack pointer alignment when entering from mixed mode

* tag 'efi-urgent-2020-06-28' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
efi/libstub: arm: Print CPU boot mode and MMU state at boot
efi/libstub: arm: Omit arch specific config table matching array on arm64
efi/x86: Setup stack correctly for efi_pe_entry
efi: Make it possible to disable efivar_ssdt entirely
efi/libstub: Descriptions for stub helper functions
efi/libstub: Fix path separator regression
efi/libstub: Fix missing-prototype warning for skip_spaces()
efi: Replace zero-length array and use struct_size() helper
efivarfs: Don't return -EINTR when rate-limiting reads
efivarfs: Update inode modification time for successful writes
efi/esrt: Fix reference count leak in esre_create_sysfs_entry.
efi/tpm: Verify event log header before parsing
efi/x86: Fix build with gcc 4

Linus Torvalds bc53f67d 91a9a90d

+235 -37
+7
arch/arm/include/asm/efi.h
··· 87 87 return dram_base + SZ_512M; 88 88 } 89 89 90 + struct efi_arm_entry_state { 91 + u32 cpsr_before_ebs; 92 + u32 sctlr_before_ebs; 93 + u32 cpsr_after_ebs; 94 + u32 sctlr_after_ebs; 95 + }; 96 + 90 97 #endif /* _ASM_ARM_EFI_H */
+10 -1
arch/x86/boot/compressed/head_64.S
··· 213 213 * We place all of the values on our mini stack so lret can 214 214 * used to perform that far jump. 215 215 */ 216 - pushl $__KERNEL_CS 217 216 leal startup_64(%ebp), %eax 218 217 #ifdef CONFIG_EFI_MIXED 219 218 movl efi32_boot_args(%ebp), %edi ··· 223 224 movl efi32_boot_args+8(%ebp), %edx // saved bootparams pointer 224 225 cmpl $0, %edx 225 226 jnz 1f 227 + /* 228 + * efi_pe_entry uses MS calling convention, which requires 32 bytes of 229 + * shadow space on the stack even if all arguments are passed in 230 + * registers. We also need an additional 8 bytes for the space that 231 + * would be occupied by the return address, and this also results in 232 + * the correct stack alignment for entry. 233 + */ 234 + subl $40, %esp 226 235 leal efi_pe_entry(%ebp), %eax 227 236 movl %edi, %ecx // MS calling convention 228 237 movl %esi, %edx 229 238 1: 230 239 #endif 240 + pushl $__KERNEL_CS 231 241 pushl %eax 232 242 233 243 /* Enter paged protected Mode, activating Long Mode */ ··· 792 784 793 785 SYM_DATA_START_LOCAL(boot_stack) 794 786 .fill BOOT_STACK_SIZE, 1, 0 787 + .balign 16 795 788 SYM_DATA_END_LABEL(boot_stack, SYM_L_LOCAL, boot_stack_end) 796 789 797 790 /*
+11
drivers/firmware/efi/Kconfig
··· 278 278 depends on SERIAL_EARLYCON && !ARM && !IA64 279 279 select FONT_SUPPORT 280 280 select ARCH_USE_MEMREMAP_PROT 281 + 282 + config EFI_CUSTOM_SSDT_OVERLAYS 283 + bool "Load custom ACPI SSDT overlay from an EFI variable" 284 + depends on EFI_VARS && ACPI 285 + default ACPI_TABLE_UPGRADE 286 + help 287 + Allow loading of an ACPI SSDT overlay from an EFI variable specified 288 + by a kernel command line option. 289 + 290 + See Documentation/admin-guide/acpi/ssdt-overlays.rst for more 291 + information.
+36 -4
drivers/firmware/efi/arm-init.c
··· 52 52 } 53 53 54 54 static __initdata unsigned long screen_info_table = EFI_INVALID_TABLE_ADDR; 55 + static __initdata unsigned long cpu_state_table = EFI_INVALID_TABLE_ADDR; 55 56 56 57 static const efi_config_table_type_t arch_tables[] __initconst = { 57 58 {LINUX_EFI_ARM_SCREEN_INFO_TABLE_GUID, &screen_info_table}, 59 + {LINUX_EFI_ARM_CPU_STATE_TABLE_GUID, &cpu_state_table}, 58 60 {} 59 61 }; 60 62 ··· 64 62 { 65 63 struct screen_info *si; 66 64 67 - if (screen_info_table != EFI_INVALID_TABLE_ADDR) { 65 + if (IS_ENABLED(CONFIG_ARM) && 66 + screen_info_table != EFI_INVALID_TABLE_ADDR) { 68 67 si = early_memremap_ro(screen_info_table, sizeof(*si)); 69 68 if (!si) { 70 69 pr_err("Could not map screen_info config table\n"); ··· 119 116 goto out; 120 117 } 121 118 retval = efi_config_parse_tables(config_tables, systab->nr_tables, 122 - arch_tables); 119 + IS_ENABLED(CONFIG_ARM) ? arch_tables 120 + : NULL); 123 121 124 122 early_memunmap(config_tables, table_size); 125 123 out: ··· 242 238 243 239 init_screen_info(); 244 240 241 + #ifdef CONFIG_ARM 245 242 /* ARM does not permit early mappings to persist across paging_init() */ 246 - if (IS_ENABLED(CONFIG_ARM)) 247 - efi_memmap_unmap(); 243 + efi_memmap_unmap(); 244 + 245 + if (cpu_state_table != EFI_INVALID_TABLE_ADDR) { 246 + struct efi_arm_entry_state *state; 247 + bool dump_state = true; 248 + 249 + state = early_memremap_ro(cpu_state_table, 250 + sizeof(struct efi_arm_entry_state)); 251 + if (state == NULL) { 252 + pr_warn("Unable to map CPU entry state table.\n"); 253 + return; 254 + } 255 + 256 + if ((state->sctlr_before_ebs & 1) == 0) 257 + pr_warn(FW_BUG "EFI stub was entered with MMU and Dcache disabled, please fix your firmware!\n"); 258 + else if ((state->sctlr_after_ebs & 1) == 0) 259 + pr_warn(FW_BUG "ExitBootServices() returned with MMU and Dcache disabled, please fix your firmware!\n"); 260 + else 261 + dump_state = false; 262 + 263 + if (dump_state || efi_enabled(EFI_DBG)) { 264 + pr_info("CPSR at EFI stub entry : 0x%08x\n", state->cpsr_before_ebs); 265 + pr_info("SCTLR at EFI stub entry : 0x%08x\n", state->sctlr_before_ebs); 266 + pr_info("CPSR after ExitBootServices() : 0x%08x\n", state->cpsr_after_ebs); 267 + pr_info("SCTLR after ExitBootServices(): 0x%08x\n", state->sctlr_after_ebs); 268 + } 269 + early_memunmap(state, sizeof(struct efi_arm_entry_state)); 270 + } 271 + #endif 248 272 } 249 273 250 274 static bool efifb_overlaps_pci_range(const struct of_pci_range *range)
+3 -2
drivers/firmware/efi/efi.c
··· 189 189 efivars_unregister(&generic_efivars); 190 190 } 191 191 192 - #if IS_ENABLED(CONFIG_ACPI) 192 + #ifdef CONFIG_EFI_CUSTOM_SSDT_OVERLAYS 193 193 #define EFIVAR_SSDT_NAME_MAX 16 194 194 static char efivar_ssdt[EFIVAR_SSDT_NAME_MAX] __initdata; 195 195 static int __init efivar_ssdt_setup(char *str) ··· 622 622 rsv = (void *)(p + prsv % PAGE_SIZE); 623 623 624 624 /* reserve the entry itself */ 625 - memblock_reserve(prsv, EFI_MEMRESERVE_SIZE(rsv->size)); 625 + memblock_reserve(prsv, 626 + struct_size(rsv, entry, rsv->size)); 626 627 627 628 for (i = 0; i < atomic_read(&rsv->count); i++) { 628 629 memblock_reserve(rsv->entry[i].base,
+1 -1
drivers/firmware/efi/esrt.c
··· 181 181 rc = kobject_init_and_add(&entry->kobj, &esre1_ktype, NULL, 182 182 "entry%d", entry_num); 183 183 if (rc) { 184 - kfree(entry); 184 + kobject_put(&entry->kobj); 185 185 return rc; 186 186 } 187 187 }
+2 -1
drivers/firmware/efi/libstub/Makefile
··· 6 6 # enabled, even if doing so doesn't break the build. 7 7 # 8 8 cflags-$(CONFIG_X86_32) := -march=i386 9 - cflags-$(CONFIG_X86_64) := -mcmodel=small 9 + cflags-$(CONFIG_X86_64) := -mcmodel=small \ 10 + $(call cc-option,-maccumulate-outgoing-args) 10 11 cflags-$(CONFIG_X86) += -m$(BITS) -D__KERNEL__ \ 11 12 -fPIC -fno-strict-aliasing -mno-red-zone \ 12 13 -mno-mmx -mno-sse -fshort-wchar \
+53 -1
drivers/firmware/efi/libstub/arm32-stub.c
··· 7 7 8 8 #include "efistub.h" 9 9 10 + static efi_guid_t cpu_state_guid = LINUX_EFI_ARM_CPU_STATE_TABLE_GUID; 11 + 12 + struct efi_arm_entry_state *efi_entry_state; 13 + 14 + static void get_cpu_state(u32 *cpsr, u32 *sctlr) 15 + { 16 + asm("mrs %0, cpsr" : "=r"(*cpsr)); 17 + if ((*cpsr & MODE_MASK) == HYP_MODE) 18 + asm("mrc p15, 4, %0, c1, c0, 0" : "=r"(*sctlr)); 19 + else 20 + asm("mrc p15, 0, %0, c1, c0, 0" : "=r"(*sctlr)); 21 + } 22 + 10 23 efi_status_t check_platform_features(void) 11 24 { 25 + efi_status_t status; 26 + u32 cpsr, sctlr; 12 27 int block; 28 + 29 + get_cpu_state(&cpsr, &sctlr); 30 + 31 + efi_info("Entering in %s mode with MMU %sabled\n", 32 + ((cpsr & MODE_MASK) == HYP_MODE) ? "HYP" : "SVC", 33 + (sctlr & 1) ? "en" : "dis"); 34 + 35 + status = efi_bs_call(allocate_pool, EFI_LOADER_DATA, 36 + sizeof(*efi_entry_state), 37 + (void **)&efi_entry_state); 38 + if (status != EFI_SUCCESS) { 39 + efi_err("allocate_pool() failed\n"); 40 + return status; 41 + } 42 + 43 + efi_entry_state->cpsr_before_ebs = cpsr; 44 + efi_entry_state->sctlr_before_ebs = sctlr; 45 + 46 + status = efi_bs_call(install_configuration_table, &cpu_state_guid, 47 + efi_entry_state); 48 + if (status != EFI_SUCCESS) { 49 + efi_err("install_configuration_table() failed\n"); 50 + goto free_state; 51 + } 13 52 14 53 /* non-LPAE kernels can run anywhere */ 15 54 if (!IS_ENABLED(CONFIG_ARM_LPAE)) ··· 58 19 block = cpuid_feature_extract(CPUID_EXT_MMFR0, 0); 59 20 if (block < 5) { 60 21 efi_err("This LPAE kernel is not supported by your CPU\n"); 61 - return EFI_UNSUPPORTED; 22 + status = EFI_UNSUPPORTED; 23 + goto drop_table; 62 24 } 63 25 return EFI_SUCCESS; 26 + 27 + drop_table: 28 + efi_bs_call(install_configuration_table, &cpu_state_guid, NULL); 29 + free_state: 30 + efi_bs_call(free_pool, efi_entry_state); 31 + return status; 32 + } 33 + 34 + void efi_handle_post_ebs_state(void) 35 + { 36 + get_cpu_state(&efi_entry_state->cpsr_after_ebs, 37 + &efi_entry_state->sctlr_after_ebs); 64 38 } 65 39 66 40 static efi_guid_t screen_info_guid = LINUX_EFI_ARM_SCREEN_INFO_TABLE_GUID;
+67 -11
drivers/firmware/efi/libstub/efi-stub-helper.c
··· 32 32 return !efi_nosoftreserve; 33 33 } 34 34 35 + /** 36 + * efi_char16_puts() - Write a UCS-2 encoded string to the console 37 + * @str: UCS-2 encoded string 38 + */ 35 39 void efi_char16_puts(efi_char16_t *str) 36 40 { 37 41 efi_call_proto(efi_table_attr(efi_system_table, con_out), ··· 87 83 return c32; 88 84 } 89 85 86 + /** 87 + * efi_puts() - Write a UTF-8 encoded string to the console 88 + * @str: UTF-8 encoded string 89 + */ 90 90 void efi_puts(const char *str) 91 91 { 92 92 efi_char16_t buf[128]; ··· 121 113 } 122 114 } 123 115 116 + /** 117 + * efi_printk() - Print a kernel message 118 + * @fmt: format string 119 + * 120 + * The first letter of the format string is used to determine the logging level 121 + * of the message. If the level is less then the current EFI logging level, the 122 + * message is suppressed. The message will be truncated to 255 bytes. 123 + * 124 + * Return: number of printed characters 125 + */ 124 126 int efi_printk(const char *fmt, ...) 125 127 { 126 128 char printf_buf[256]; ··· 172 154 return printed; 173 155 } 174 156 175 - /* 176 - * Parse the ASCII string 'cmdline' for EFI options, denoted by the efi= 157 + /** 158 + * efi_parse_options() - Parse EFI command line options 159 + * @cmdline: kernel command line 160 + * 161 + * Parse the ASCII string @cmdline for EFI options, denoted by the efi= 177 162 * option, e.g. efi=nochunk. 178 163 * 179 164 * It should be noted that efi= is parsed in two very different 180 165 * environments, first in the early boot environment of the EFI boot 181 166 * stub, and subsequently during the kernel boot. 167 + * 168 + * Return: status code 182 169 */ 183 170 efi_status_t efi_parse_options(char const *cmdline) 184 171 { ··· 309 286 return (char *)cmdline_addr; 310 287 } 311 288 312 - /* 289 + /** 290 + * efi_exit_boot_services() - Exit boot services 291 + * @handle: handle of the exiting image 292 + * @map: pointer to receive the memory map 293 + * @priv: argument to be passed to @priv_func 294 + * @priv_func: function to process the memory map before exiting boot services 295 + * 313 296 * Handle calling ExitBootServices according to the requirements set out by the 314 297 * spec. Obtains the current memory map, and returns that info after calling 315 298 * ExitBootServices. The client must specify a function to perform any 316 299 * processing of the memory map data prior to ExitBootServices. A client 317 300 * specific structure may be passed to the function via priv. The client 318 301 * function may be called multiple times. 302 + * 303 + * Return: status code 319 304 */ 320 305 efi_status_t efi_exit_boot_services(void *handle, 321 306 struct efi_boot_memmap *map, ··· 392 361 return status; 393 362 } 394 363 364 + /** 365 + * get_efi_config_table() - retrieve UEFI configuration table 366 + * @guid: GUID of the configuration table to be retrieved 367 + * Return: pointer to the configuration table or NULL 368 + */ 395 369 void *get_efi_config_table(efi_guid_t guid) 396 370 { 397 371 unsigned long tables = efi_table_attr(efi_system_table, tables); ··· 444 408 }; 445 409 446 410 /** 447 - * efi_load_initrd_dev_path - load the initrd from the Linux initrd device path 411 + * efi_load_initrd_dev_path() - load the initrd from the Linux initrd device path 448 412 * @load_addr: pointer to store the address where the initrd was loaded 449 413 * @load_size: pointer to store the size of the loaded initrd 450 414 * @max: upper limit for the initrd memory allocation 451 - * @return: %EFI_SUCCESS if the initrd was loaded successfully, in which 452 - * case @load_addr and @load_size are assigned accordingly 453 - * %EFI_NOT_FOUND if no LoadFile2 protocol exists on the initrd 454 - * device path 455 - * %EFI_INVALID_PARAMETER if load_addr == NULL or load_size == NULL 456 - * %EFI_OUT_OF_RESOURCES if memory allocation failed 457 - * %EFI_LOAD_ERROR in all other cases 415 + * 416 + * Return: 417 + * * %EFI_SUCCESS if the initrd was loaded successfully, in which 418 + * case @load_addr and @load_size are assigned accordingly 419 + * * %EFI_NOT_FOUND if no LoadFile2 protocol exists on the initrd device path 420 + * * %EFI_INVALID_PARAMETER if load_addr == NULL or load_size == NULL 421 + * * %EFI_OUT_OF_RESOURCES if memory allocation failed 422 + * * %EFI_LOAD_ERROR in all other cases 458 423 */ 459 424 static 460 425 efi_status_t efi_load_initrd_dev_path(unsigned long *load_addr, ··· 518 481 load_addr, load_size); 519 482 } 520 483 484 + /** 485 + * efi_load_initrd() - Load initial RAM disk 486 + * @image: EFI loaded image protocol 487 + * @load_addr: pointer to loaded initrd 488 + * @load_size: size of loaded initrd 489 + * @soft_limit: preferred size of allocated memory for loading the initrd 490 + * @hard_limit: minimum size of allocated memory 491 + * 492 + * Return: status code 493 + */ 521 494 efi_status_t efi_load_initrd(efi_loaded_image_t *image, 522 495 unsigned long *load_addr, 523 496 unsigned long *load_size, ··· 552 505 return status; 553 506 } 554 507 508 + /** 509 + * efi_wait_for_key() - Wait for key stroke 510 + * @usec: number of microseconds to wait for key stroke 511 + * @key: key entered 512 + * 513 + * Wait for up to @usec microseconds for a key stroke. 514 + * 515 + * Return: status code, EFI_SUCCESS if key received 516 + */ 555 517 efi_status_t efi_wait_for_key(unsigned long usec, efi_input_key_t *key) 556 518 { 557 519 efi_event_t events[2], timer;
+3
drivers/firmware/efi/libstub/efi-stub.c
··· 329 329 if (status != EFI_SUCCESS) 330 330 goto fail_free_initrd; 331 331 332 + if (IS_ENABLED(CONFIG_ARM)) 333 + efi_handle_post_ebs_state(); 334 + 332 335 efi_enter_kernel(image_addr, fdt_addr, fdt_totalsize((void *)fdt_addr)); 333 336 /* not reached */ 334 337
+10 -2
drivers/firmware/efi/libstub/efistub.h
··· 157 157 #define EFI_EVT_NOTIFY_WAIT 0x00000100U 158 158 #define EFI_EVT_NOTIFY_SIGNAL 0x00000200U 159 159 160 - /* 161 - * boottime->wait_for_event takes an array of events as input. 160 + /** 161 + * efi_set_event_at() - add event to events array 162 + * 163 + * @events: array of UEFI events 164 + * @ids: index where to put the event in the array 165 + * @event: event to add to the aray 166 + * 167 + * boottime->wait_for_event() takes an array of events as input. 162 168 * Provide a helper to set it up correctly for mixed mode. 163 169 */ 164 170 static inline ··· 776 770 unsigned long *load_size, 777 771 unsigned long soft_limit, 778 772 unsigned long hard_limit); 773 + 774 + void efi_handle_post_ebs_state(void); 779 775 780 776 #endif
+12 -4
drivers/firmware/efi/libstub/file.c
··· 102 102 if (!found) 103 103 return 0; 104 104 105 + /* Skip any leading slashes */ 106 + while (cmdline[i] == L'/' || cmdline[i] == L'\\') 107 + i++; 108 + 105 109 while (--result_len > 0 && i < cmdline_len) { 106 - if (cmdline[i] == L'\0' || 107 - cmdline[i] == L'\n' || 108 - cmdline[i] == L' ') 110 + efi_char16_t c = cmdline[i++]; 111 + 112 + if (c == L'\0' || c == L'\n' || c == L' ') 109 113 break; 110 - *result++ = cmdline[i++]; 114 + else if (c == L'/') 115 + /* Replace UNIX dir separators with EFI standard ones */ 116 + *result++ = L'\\'; 117 + else 118 + *result++ = c; 111 119 } 112 120 *result = L'\0'; 113 121 return i;
+1
drivers/firmware/efi/libstub/skip_spaces.c
··· 1 1 // SPDX-License-Identifier: GPL-2.0 2 2 3 3 #include <linux/ctype.h> 4 + #include <linux/string.h> 4 5 #include <linux/types.h> 5 6 6 7 char *skip_spaces(const char *str)
+3 -4
fs/efivarfs/file.c
··· 51 51 } else { 52 52 inode_lock(inode); 53 53 i_size_write(inode, datasize + sizeof(attributes)); 54 + inode->i_mtime = current_time(inode); 54 55 inode_unlock(inode); 55 56 } 56 57 ··· 73 72 ssize_t size = 0; 74 73 int err; 75 74 76 - while (!__ratelimit(&file->f_cred->user->ratelimit)) { 77 - if (!msleep_interruptible(50)) 78 - return -EINTR; 79 - } 75 + while (!__ratelimit(&file->f_cred->user->ratelimit)) 76 + msleep(50); 80 77 81 78 err = efivar_entry_size(var, &datasize); 82 79
+3 -5
include/linux/efi.h
··· 350 350 * associated with ConOut 351 351 */ 352 352 #define LINUX_EFI_ARM_SCREEN_INFO_TABLE_GUID EFI_GUID(0xe03fc20a, 0x85dc, 0x406e, 0xb9, 0x0e, 0x4a, 0xb5, 0x02, 0x37, 0x1d, 0x95) 353 + #define LINUX_EFI_ARM_CPU_STATE_TABLE_GUID EFI_GUID(0xef79e4aa, 0x3c3d, 0x4989, 0xb9, 0x02, 0x07, 0xa9, 0x43, 0xe5, 0x50, 0xd2) 353 354 #define LINUX_EFI_LOADER_ENTRY_GUID EFI_GUID(0x4a67b082, 0x0a4c, 0x41cf, 0xb6, 0xc7, 0x44, 0x0b, 0x29, 0xbb, 0x8c, 0x4f) 354 355 #define LINUX_EFI_RANDOM_SEED_TABLE_GUID EFI_GUID(0x1ce1e5bc, 0x7ceb, 0x42f2, 0x81, 0xe5, 0x8a, 0xad, 0xf1, 0x80, 0xf5, 0x7b) 355 356 #define LINUX_EFI_TPM_EVENT_LOG_GUID EFI_GUID(0xb7799cb0, 0xeca2, 0x4943, 0x96, 0x67, 0x1f, 0xae, 0x07, 0xb7, 0x47, 0xfa) ··· 1237 1236 struct { 1238 1237 phys_addr_t base; 1239 1238 phys_addr_t size; 1240 - } entry[0]; 1239 + } entry[]; 1241 1240 }; 1242 1241 1243 - #define EFI_MEMRESERVE_SIZE(count) (sizeof(struct linux_efi_memreserve) + \ 1244 - (count) * sizeof(((struct linux_efi_memreserve *)0)->entry[0])) 1245 - 1246 1242 #define EFI_MEMRESERVE_COUNT(size) (((size) - sizeof(struct linux_efi_memreserve)) \ 1247 - / sizeof(((struct linux_efi_memreserve *)0)->entry[0])) 1243 + / sizeof_field(struct linux_efi_memreserve, entry[0])) 1248 1244 1249 1245 void __init efi_arch_mem_reserve(phys_addr_t addr, u64 size); 1250 1246
+13 -1
include/linux/tpm_eventlog.h
··· 81 81 u16 digest_size; 82 82 } __packed; 83 83 84 + #define TCG_SPECID_SIG "Spec ID Event03" 85 + 84 86 struct tcg_efi_specid_event_head { 85 87 u8 signature[16]; 86 88 u32 platform_class; ··· 173 171 int i; 174 172 int j; 175 173 u32 count, event_type; 174 + const u8 zero_digest[sizeof(event_header->digest)] = {0}; 176 175 177 176 marker = event; 178 177 marker_start = marker; ··· 201 198 count = READ_ONCE(event->count); 202 199 event_type = READ_ONCE(event->event_type); 203 200 201 + /* Verify that it's the log header */ 202 + if (event_header->pcr_idx != 0 || 203 + event_header->event_type != NO_ACTION || 204 + memcmp(event_header->digest, zero_digest, sizeof(zero_digest))) { 205 + size = 0; 206 + goto out; 207 + } 208 + 204 209 efispecid = (struct tcg_efi_specid_event_head *)event_header->event; 205 210 206 211 /* Check if event is malformed. */ 207 - if (count > efispecid->num_algs) { 212 + if (memcmp(efispecid->signature, TCG_SPECID_SIG, 213 + sizeof(TCG_SPECID_SIG)) || count > efispecid->num_algs) { 208 214 size = 0; 209 215 goto out; 210 216 }