Merge tag 'efi-fixes-for-v6.1-1' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi

-22

drivers/firmware/efi/Kconfig

··· 124 124 is supported by the encapsulated image. (The compression algorithm 125 125 used is described in the zboot image header) 126 126 127 - config EFI_ZBOOT_SIGNED 128 - def_bool y 129 - depends on EFI_ZBOOT_SIGNING_CERT != "" 130 - depends on EFI_ZBOOT_SIGNING_KEY != "" 131 - 132 - config EFI_ZBOOT_SIGNING 133 - bool "Sign the EFI decompressor for UEFI secure boot" 134 - depends on EFI_ZBOOT 135 - help 136 - Use the 'sbsign' command line tool (which must exist on the host 137 - path) to sign both the EFI decompressor PE/COFF image, as well as the 138 - encapsulated PE/COFF image, which is subsequently compressed and 139 - wrapped by the former image. 140 - 141 - config EFI_ZBOOT_SIGNING_CERT 142 - string "Certificate to use for signing the compressed EFI boot image" 143 - depends on EFI_ZBOOT_SIGNING 144 - 145 - config EFI_ZBOOT_SIGNING_KEY 146 - string "Private key to use for signing the compressed EFI boot image" 147 - depends on EFI_ZBOOT_SIGNING 148 - 149 127 config EFI_ARMSTUB_DTB_LOADER 150 128 bool "Enable the DTB loader" 151 129 depends on EFI_GENERIC_STUB && !RISCV && !LOONGARCH

+1 -1

drivers/firmware/efi/arm-runtime.c

··· 63 63 64 64 if (!(md->attribute & EFI_MEMORY_RUNTIME)) 65 65 continue; 66 - if (md->virt_addr == 0) 66 + if (md->virt_addr == U64_MAX) 67 67 return false; 68 68 69 69 ret = efi_create_mapping(&efi_mm, md);

+2

drivers/firmware/efi/efi.c

··· 271 271 acpi_status ret = acpi_load_table(data, NULL); 272 272 if (ret) 273 273 pr_err("failed to load table: %u\n", ret); 274 + else 275 + continue; 274 276 } else { 275 277 pr_err("failed to get var data: 0x%lx\n", status); 276 278 }

+4 -25

drivers/firmware/efi/libstub/Makefile.zboot

··· 20 20 zboot-method-$(CONFIG_KERNEL_GZIP) := gzip 21 21 zboot-size-len-$(CONFIG_KERNEL_GZIP) := 0 22 22 23 - quiet_cmd_sbsign = SBSIGN $@ 24 - cmd_sbsign = sbsign --out $@ $< \ 25 - --key $(CONFIG_EFI_ZBOOT_SIGNING_KEY) \ 26 - --cert $(CONFIG_EFI_ZBOOT_SIGNING_CERT) 27 - 28 - $(obj)/$(EFI_ZBOOT_PAYLOAD).signed: $(obj)/$(EFI_ZBOOT_PAYLOAD) FORCE 29 - $(call if_changed,sbsign) 30 - 31 - ZBOOT_PAYLOAD-y := $(EFI_ZBOOT_PAYLOAD) 32 - ZBOOT_PAYLOAD-$(CONFIG_EFI_ZBOOT_SIGNED) := $(EFI_ZBOOT_PAYLOAD).signed 33 - 34 - $(obj)/vmlinuz: $(obj)/$(ZBOOT_PAYLOAD-y) FORCE 23 + $(obj)/vmlinuz: $(obj)/$(EFI_ZBOOT_PAYLOAD) FORCE 35 24 $(call if_changed,$(zboot-method-y)) 36 25 37 26 OBJCOPYFLAGS_vmlinuz.o := -I binary -O $(EFI_ZBOOT_BFD_TARGET) \ 38 - --rename-section .data=.gzdata,load,alloc,readonly,contents 27 + --rename-section .data=.gzdata,load,alloc,readonly,contents 39 28 $(obj)/vmlinuz.o: $(obj)/vmlinuz FORCE 40 29 $(call if_changed,objcopy) 41 30 ··· 42 53 $(obj)/vmlinuz.efi.elf: $(obj)/vmlinuz.o $(ZBOOT_DEPS) FORCE 43 54 $(call if_changed,ld) 44 55 45 - ZBOOT_EFI-y := vmlinuz.efi 46 - ZBOOT_EFI-$(CONFIG_EFI_ZBOOT_SIGNED) := vmlinuz.efi.unsigned 47 - 48 - OBJCOPYFLAGS_$(ZBOOT_EFI-y) := -O binary 49 - $(obj)/$(ZBOOT_EFI-y): $(obj)/vmlinuz.efi.elf FORCE 56 + OBJCOPYFLAGS_vmlinuz.efi := -O binary 57 + $(obj)/vmlinuz.efi: $(obj)/vmlinuz.efi.elf FORCE 50 58 $(call if_changed,objcopy) 51 59 52 60 targets += zboot-header.o vmlinuz vmlinuz.o vmlinuz.efi.elf vmlinuz.efi 53 - 54 - ifneq ($(CONFIG_EFI_ZBOOT_SIGNED),) 55 - $(obj)/vmlinuz.efi: $(obj)/vmlinuz.efi.unsigned FORCE 56 - $(call if_changed,sbsign) 57 - endif 58 - 59 - targets += $(EFI_ZBOOT_PAYLOAD).signed vmlinuz.efi.unsigned

+4 -4

drivers/firmware/efi/libstub/fdt.c

··· 313 313 314 314 /* 315 315 * Set the virtual address field of all 316 - * EFI_MEMORY_RUNTIME entries to 0. This will signal 317 - * the incoming kernel that no virtual translation has 318 - * been installed. 316 + * EFI_MEMORY_RUNTIME entries to U64_MAX. This will 317 + * signal the incoming kernel that no virtual 318 + * translation has been installed. 319 319 */ 320 320 for (l = 0; l < priv.boot_memmap->map_size; 321 321 l += priv.boot_memmap->desc_size) { 322 322 p = (void *)priv.boot_memmap->map + l; 323 323 324 324 if (p->attribute & EFI_MEMORY_RUNTIME) 325 - p->virt_addr = 0; 325 + p->virt_addr = U64_MAX; 326 326 } 327 327 } 328 328 return EFI_SUCCESS;

+3 -3

drivers/firmware/efi/libstub/x86-stub.c

··· 765 765 * relocated by efi_relocate_kernel. 766 766 * On failure, we exit to the firmware via efi_exit instead of returning. 767 767 */ 768 - unsigned long efi_main(efi_handle_t handle, 769 - efi_system_table_t *sys_table_arg, 770 - struct boot_params *boot_params) 768 + asmlinkage unsigned long efi_main(efi_handle_t handle, 769 + efi_system_table_t *sys_table_arg, 770 + struct boot_params *boot_params) 771 771 { 772 772 unsigned long bzimage_addr = (unsigned long)startup_32; 773 773 unsigned long buffer_start, buffer_end;

+2 -1

drivers/firmware/efi/libstub/zboot.lds

··· 38 38 } 39 39 } 40 40 41 - PROVIDE(__efistub__gzdata_size = ABSOLUTE(. - __efistub__gzdata_start)); 41 + PROVIDE(__efistub__gzdata_size = 42 + ABSOLUTE(__efistub__gzdata_end - __efistub__gzdata_start)); 42 43 43 44 PROVIDE(__data_rawsize = ABSOLUTE(_edata - _etext)); 44 45 PROVIDE(__data_size = ABSOLUTE(_end - _etext));

+1 -1

drivers/firmware/efi/riscv-runtime.c

··· 41 41 42 42 if (!(md->attribute & EFI_MEMORY_RUNTIME)) 43 43 continue; 44 - if (md->virt_addr == 0) 44 + if (md->virt_addr == U64_MAX) 45 45 return false; 46 46 47 47 ret = efi_create_mapping(&efi_mm, md);

+5 -5

drivers/firmware/efi/vars.c

··· 7 7 */ 8 8 9 9 #include <linux/types.h> 10 + #include <linux/sizes.h> 10 11 #include <linux/errno.h> 11 12 #include <linux/init.h> 12 13 #include <linux/module.h> ··· 21 20 22 21 static DEFINE_SEMAPHORE(efivars_lock); 23 22 24 - efi_status_t check_var_size(u32 attributes, unsigned long size) 23 + static efi_status_t check_var_size(u32 attributes, unsigned long size) 25 24 { 26 25 const struct efivar_operations *fops; 27 26 28 27 fops = __efivars->ops; 29 28 30 29 if (!fops->query_variable_store) 31 - return EFI_UNSUPPORTED; 30 + return (size <= SZ_64K) ? EFI_SUCCESS : EFI_OUT_OF_RESOURCES; 32 31 33 32 return fops->query_variable_store(attributes, size, false); 34 33 } 35 - EXPORT_SYMBOL_NS_GPL(check_var_size, EFIVAR); 36 34 35 + static 37 36 efi_status_t check_var_size_nonblocking(u32 attributes, unsigned long size) 38 37 { 39 38 const struct efivar_operations *fops; ··· 41 40 fops = __efivars->ops; 42 41 43 42 if (!fops->query_variable_store) 44 - return EFI_UNSUPPORTED; 43 + return (size <= SZ_64K) ? EFI_SUCCESS : EFI_OUT_OF_RESOURCES; 45 44 46 45 return fops->query_variable_store(attributes, size, true); 47 46 } 48 - EXPORT_SYMBOL_NS_GPL(check_var_size_nonblocking, EFIVAR); 49 47 50 48 /** 51 49 * efivars_kobject - get the kobject for the registered efivars

-16

fs/efivarfs/vars.c

··· 651 651 if (err) 652 652 return err; 653 653 654 - /* 655 - * Ensure that the available space hasn't shrunk below the safe level 656 - */ 657 - status = check_var_size(attributes, *size + ucs2_strsize(name, 1024)); 658 - if (status != EFI_SUCCESS) { 659 - if (status != EFI_UNSUPPORTED) { 660 - err = efi_status_to_err(status); 661 - goto out; 662 - } 663 - 664 - if (*size > 65536) { 665 - err = -ENOSPC; 666 - goto out; 667 - } 668 - } 669 - 670 654 status = efivar_set_variable_locked(name, vendor, attributes, *size, 671 655 data, false); 672 656 if (status != EFI_SUCCESS) {

-3

include/linux/efi.h

··· 1085 1085 efi_status_t efivar_set_variable(efi_char16_t *name, efi_guid_t *vendor, 1086 1086 u32 attr, unsigned long data_size, void *data); 1087 1087 1088 - efi_status_t check_var_size(u32 attributes, unsigned long size); 1089 - efi_status_t check_var_size_nonblocking(u32 attributes, unsigned long size); 1090 - 1091 1088 #if IS_ENABLED(CONFIG_EFI_CAPSULE_LOADER) 1092 1089 extern bool efi_capsule_pending(int *reset_type); 1093 1090

Configure Feed

Configure Feed