IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The EFI TCG spec, in §10.2.6 "Measuring UEFI Variables and UEFI GPT
Data", only reasons about the load options passed to a loaded image in
the context of boot options booted directly from the BDS, which are
measured into PCR #5 along with the rest of the Boot#### EFI variable.
However, the UEFI spec mentions the following in the documentation of
the LoadImage() boot service and the EFI_LOADED_IMAGE protocol:
The caller may fill in the image’s "load options" data, or add
additional protocol support to the handle before passing control to
the newly loaded image by calling EFI_BOOT_SERVICES.StartImage().
The typical boot sequence for Linux EFI systems is to load GRUB via a
boot option from the BDS, which [hopefully] calls LoadImage to load the
kernel image, passing the kernel command line via the mechanism
described above. This means that we cannot rely on the firmware
implementing TCG measured boot to ensure that the kernel command line
gets measured before the image is started, so the EFI stub will have to
take care of this itself.
Given that PCR #5 has an official use in the TCG measured boot spec,
let's avoid it in this case. Instead, add a measurement in PCR #9 (which
we already use for our initrd) and extend it with the LoadOptions
measurements
Co-developed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Currently, from the efi-stub, we are only measuring the loaded initrd,
using the TCG2 measured boot protocols. A following patch is
introducing measurements of additional components, such as the kernel
command line. On top of that, we will shortly have to support other
types of measured boot that don't expose the TCG2 protocols.
So let's prepare for that, by rejigging the efi_measure_initrd() routine
into something that we should be able to reuse for measuring other
assets, and which can be extended later to support other measured boot
protocols.
Co-developed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
This is necessary because the EFI libstub refactoring patches are mostly
directed at enabling LoongArch to wire up generic EFI boot support
without being forced to consume DT properties that conflict with
information that EFI also provides, e.g., memory map and reservations,
etc.
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEE+9lifEBpyUIVN1cpw08iOZLZjyQFAmMy3RMACgkQw08iOZLZ
jyTTEwwAxIsv4t82EIj0D2Ml37TjmuB1cenbKHqq8c6cK/2xPGk1Hprd0KbpXuWh
hF88DoBeDyZ68RTmncEzwSCu5ZSIlQwPNATaAGn4qIYi6uHpHufM6IUDspYrXJnO
5K6HE0Rc5PKIDVJdA2dqnXLIxrVe5IG1UTHwzqJAi6/eTal5S22Y7lCALa0MjeAZ
fsGEOztztrdoRRY0+H3VStg4oVbMGmMH24N3ODtM5yNS7qqmfKrEvAfGkTC+6wGG
O8klUF9EcluvGNiLT2c2YeCKsqTVKun0K1TYvY8ATjAONqj8zImja9g1wTjtZOgz
rnfS0RGmbrv9X5jkaC7k8KkCGfMWwcuQTnKNYmuzt51bzNQw7tJWltfVMFR3pqN8
+1594fBxLT0llnS9P9qXpZLfjvxhqeQuNMkOQr+gG1E+2h1N9CJQxhhLKLtesLMp
Pm6RHlpc8CrYrmHDL6oPHEg6oYTNe3NmuIVUB71wsl8czGMrU11JpxG/Q4iOtZOB
vA5hkpn2
=IlXm
-----END PGP SIGNATURE-----
Merge tag 'efi-loongarch-for-v6.1-2' into HEAD
Second shared stable tag between EFI and LoongArch trees
This is necessary because the EFI libstub refactoring patches are mostly
directed at enabling LoongArch to wire up generic EFI boot support
without being forced to consume DT properties that conflict with
information that EFI also provides, e.g., memory map and reservations,
etc.
LoongArch does not use FDT or DT natively [yet], and the only reason it
currently uses it is so that it can reuse the existing EFI stub code.
Overloading the DT with data passed between the EFI stub and the core
kernel has been a source of problems: there is the overlap between
information provided by EFI which DT can also provide (initrd base/size,
command line, memory descriptions), requiring us to reason about which
is which and what to prioritize. It has also resulted in ABI leaks,
i.e., internal ABI being promoted to external ABI inadvertently because
the bootloader can set the EFI stub's DT properties as well (e.g.,
"kaslr-seed"). This has become especially problematic with boot
environments that want to pretend that EFI boot is being done (to access
ACPI and SMBIOS tables, for instance) but have no ability to execute the
EFI stub, and so the environment that the EFI stub creates is emulated
[poorly, in some cases].
Another downside of treating DT like this is that the DT binary that the
kernel receives is different from the one created by the firmware, which
is undesirable in the context of secure and measured boot.
Given that LoongArch support in Linux is brand new, we can avoid these
pitfalls, and treat the DT strictly as a hardware description, and use a
separate handover method between the EFI stub and the kernel. Now that
initrd loading and passing the EFI memory map have been refactored into
pure EFI routines that use EFI configuration tables, the only thing we
need to pass directly is the kernel command line (even if we could pass
this via a config table as well, it is used extremely early, so passing
it directly is preferred in this case.)
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Huacai Chen <chenhuacai@loongson.cn>
Expose the EFI boot time memory map to the kernel via a configuration
table. This is arch agnostic and enables future changes that remove the
dependency on DT on architectures that don't otherwise rely on it.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Refactor the generic EFI stub entry code so that all the dependencies on
device tree are abstracted and hidden behind a generic efi_boot_kernel()
routine that can also be implemented in other ways. This allows users of
the generic stub to avoid using FDT for passing information to the core
kernel.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Use a EFI configuration table to pass the initrd to the core kernel,
instead of per-arch methods. This cleans up the code considerably, and
should make it easier for architectures to get rid of their reliance on
DT for doing EFI boot in the future.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Remove the RB tree and start using the maple tree for vm_area_struct
tracking.
Drop validate_mm() calls in expand_upwards() and expand_downwards() as the
lock is not held.
Link: https://lkml.kernel.org/r/20220906194824.2110408-18-Liam.Howlett@oracle.com
Signed-off-by: Liam R. Howlett <Liam.Howlett@Oracle.com>
Tested-by: Yu Zhao <yuzhao@google.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: "Matthew Wilcox (Oracle)" <willy@infradead.org>
Cc: SeongJae Park <sj@kernel.org>
Cc: Sven Schnelle <svens@linux.ibm.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Will Deacon <will@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Start tracking the VMAs with the new maple tree structure in parallel with
the rb_tree. Add debug and trace events for maple tree operations and
duplicate the rb_tree that is created on forks into the maple tree.
The maple tree is added to the mm_struct including the mm_init struct,
added support in required mm/mmap functions, added tracking in kernel/fork
for process forking, and used to find the unmapped_area and checked
against what the rbtree finds.
This also moves the mmap_lock() in exit_mmap() since the oom reaper call
does walk the VMAs. Otherwise lockdep will be unhappy if oom happens.
When splitting a vma fails due to allocations of the maple tree nodes,
the error path in __split_vma() calls new->vm_ops->close(new). The page
accounting for hugetlb is actually in the close() operation, so it
accounts for the removal of 1/2 of the VMA which was not adjusted. This
results in a negative exit value. To avoid the negative charge, set
vm_start = vm_end and vm_pgoff = 0.
There is also a potential accounting issue in special mappings from
insert_vm_struct() failing to allocate, so reverse the charge there in
the failure scenario.
Link: https://lkml.kernel.org/r/20220906194824.2110408-9-Liam.Howlett@oracle.com
Signed-off-by: Liam R. Howlett <Liam.Howlett@Oracle.com>
Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Tested-by: Yu Zhao <yuzhao@google.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: SeongJae Park <sj@kernel.org>
Cc: Sven Schnelle <svens@linux.ibm.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Will Deacon <will@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Currently, struct efi_boot_memmap is a struct that is passed around
between callers of efi_get_memory_map() and the users of the resulting
data, and which carries pointers to various variables whose values are
provided by the EFI GetMemoryMap() boot service.
This is overly complex, and it is much easier to carry these values in
the struct itself. So turn the struct into one that carries these data
items directly, including a flex array for the variable number of EFI
memory descriptors that the boot service may return.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
The virt map is a set of efi_memory_desc_t descriptors that are passed
to SetVirtualAddressMap() to inform the firmware about the desired
virtual mapping of the regions marked as EFI_MEMORY_RUNTIME. The only
reason we currently call the efi_get_memory_map() helper is that it
gives us an allocation that is guaranteed to be of sufficient size.
However, efi_get_memory_map() has grown some additional complexity over
the years, and today, we're actually better off calling the EFI boot
service directly with a zero size, which tells us how much memory should
be enough for the virt map.
While at it, avoid creating the VA map allocation if we will not be
using it anyway, i.e., if efi_novamap is true.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
With -fsanitize=kcfi, we no longer need function_nocfi() as
the compiler won't change function references to point to a
jump table. Remove all implementations and uses of the macro.
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Tested-by: Kees Cook <keescook@chromium.org>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220908215504.3686827-14-samitolvanen@google.com
Functions called through a psci_initcall_t pointer all have
non-const arguments. Fix the type definition to avoid tripping
indirect call checks with CFI_CLANG.
Suggested-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Tested-by: Kees Cook <keescook@chromium.org>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220908215504.3686827-9-samitolvanen@google.com
In preparation for removing CC_FLAGS_CFI from CC_FLAGS_LTO, explicitly
filter out CC_FLAGS_CFI in all the makefiles where we currently filter
out CC_FLAGS_LTO.
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Tested-by: Kees Cook <keescook@chromium.org>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220908215504.3686827-2-samitolvanen@google.com
Currently the gsmi driver registers a panic notifier as well as
reboot and die notifiers. The callbacks registered are called in
atomic and very limited context - for instance, panic disables
preemption and local IRQs, also all secondary CPUs (not executing
the panic path) are shutdown.
With that said, taking a spinlock in this scenario is a dangerous
invitation for lockup scenarios. So, fix that by checking if the
spinlock is free to acquire in the panic notifier callback - if not,
bail-out and avoid a potential hang.
Fixes: 74c5b31c6618 ("driver: Google EFI SMI")
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: David Gow <davidgow@google.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Julius Werner <jwerner@chromium.org>
Cc: Petr Mladek <pmladek@suse.com>
Reviewed-by: Evan Green <evgreen@chromium.org>
Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
Link: https://lore.kernel.org/r/20220909200755.189679-1-gpiccoli@igalia.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The icc-bwmon driver is expected to support measuring LLCC/DDR bandwidth
on SDM845 and SC7280.
The LLCC driver is extended to provide per-platform register mappings to
the LLCC EDAC driver. The QMI encoder/decoder is updated to allow the
passed qmi_elem_info to be const.
Support for SDM845 is added to the sleep stats driver. Power-domains for
the SM6375 platform is added to RPMPD and the platform is added to
socinfo, together with the PM6125 pmic id.
A couple of of_node reference issues are corrected in the smem state and
smsm drivers.
The Qualcomm SCM driver binding is converted to YAML.
-----BEGIN PGP SIGNATURE-----
iQJJBAABCAAzFiEEBd4DzF816k8JZtUlCx85Pw2ZrcUFAmMrMtQVHGFuZGVyc3Nv
bkBrZXJuZWwub3JnAAoJEAsfOT8Nma3Foy8P/3xNqiQAVdWD/49rycmoNg02Jg6A
L9WM0GI1TMKCJV+tr2QFFknFOzTxr4VhIefddUWWJYGnzN89sHqYbWjBbnPaHVv/
Im7opHZ1Aq5hPct5TvlXrMjNDhe3+2y44qv4+H9q8Kk7nOVUQwOfE3J7VE71B1tO
gLHEdlafSH+M62PJsiDQRIgtU2jfFBBpOC+J4OazvRsYQboI29U5Aro08Yqy/KFq
opEMJlnetzPl1zI+7Tu56V8gVWnBIedQJJCT/EZEWMJ8Lf8XMbuTaTrW+ioSnjrT
SyLgAzvLCI8yMOaLSssdpk6pgtsMleqRI/SHlvUX2+sUlxK3Gycw9rxsU6RJ80gk
SRjYXEwr78w4QGcC/eY8Lg+d0xi/A1MOMGLYoQGyKzHtyi+q1x3yQQ5HW6YS0qlO
J6a9zSL2PNfLyXv7DE1PblKUZtifV/8U+gYviwe09Rj7mkZWzlOC946uUp4B9VEE
R96qoLZtyvgAzBCnpWIJ0IwYSRdqVNYpDKKb4CGQ9qAdyHZIg+DL9i6vozwWsyZk
gRTXo4K9MuqHya+vZYOH4zyi8eIHgqdSNSbo/4893E3GcAtPBw1YRdCPWNPITdQg
bcTfg/7bFymeHN3arbkXjclXp1O12JA+umsPnRnWtmmoCPNqh8wki4v32dqcpyQq
FvkQpszZbeHQGxq4
=R/5I
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAmMt02wACgkQmmx57+YA
GNlEyw/+Je0NXWJdKYHw9+nkc5GJCrB7Sytz9xmavB/1JMTDyjMcRgbmXg0gl1ZF
6gYACVcv1GgIFFrDrjEHm81qVunjr+z3oyqY/Tr4XDk2AvFJicX/kltSOxWozHrV
TYGd3HtneGMA6jhT7T76b849N4p0S9gJu62+tQiD2wa31oFAnfhrf790QJZahHZf
/VPGiNiOhINMJJk+rUal8R4A8CWXdx9GTTulhcSD3g9HPTWJuq+SJ6SSCuNmOLPO
4KZeWytBmihSWIjWsyuKUwSmK1ceNH/Vt6QhenPUZynZ4ojuJOUeOTnkf+mR6M2A
ysetlsi8GDiQSWW/hb/+b733YFOTVVFbigEjt6B40HKLAXlgiAqwCVzWFQ61Eg48
UNnx26RUlT3PGw0oF1pSOvl8a/0DDKhzteyQSJQ/gR59SKLjhwEB27Ml1C2B+VVM
FHn0WnhnAvC6qPBrRh6HUVtoqblRsaT6UJ+qwr6TDhmiDMTmQP49dMbA9Me+lphb
ACbhqk+yUoaYhq6oK2pneqtgP0A4QuFSZAzGE6tXryILYeme+LOpL2ff2NNAsY5C
6jX+6oyAZVSmJKs0itQyTyQqmJ/5bFp8ob5dpwNeFMLgRvohpDh/EChjkTV7N0EU
NK12FkJIvDptBFMOClVx5PurCLPwG4cI2/qIZ8xHuEdzrpELYgI=
=GSE8
-----END PGP SIGNATURE-----
Merge tag 'qcom-drivers-for-6.1' of https://git.kernel.org/pub/scm/linux/kernel/git/qcom/linux into arm/drivers
Qualcomm driver updates for 6.1
The icc-bwmon driver is expected to support measuring LLCC/DDR bandwidth
on SDM845 and SC7280.
The LLCC driver is extended to provide per-platform register mappings to
the LLCC EDAC driver. The QMI encoder/decoder is updated to allow the
passed qmi_elem_info to be const.
Support for SDM845 is added to the sleep stats driver. Power-domains for
the SM6375 platform is added to RPMPD and the platform is added to
socinfo, together with the PM6125 pmic id.
A couple of of_node reference issues are corrected in the smem state and
smsm drivers.
The Qualcomm SCM driver binding is converted to YAML.
* tag 'qcom-drivers-for-6.1' of https://git.kernel.org/pub/scm/linux/kernel/git/qcom/linux: (29 commits)
soc: qcom: rpmpd: Add SM6375 support
dt-bindings: power: rpmpd: Add SM6375 power domains
firmware: qcom: scm: remove unused __qcom_scm_init declaration
dt-bindings: power: qcom,rpmpd: drop non-working codeaurora.org emails
soc: qcom: icc-bwmon: force clear counter/irq registers
soc: qcom: icc-bwmon: add support for sc7280 LLCC BWMON
dt-bindings: interconnect: qcom,msm8998-bwmon: Add support for sc7280 BWMONs
soc: qcom: llcc: Pass LLCC version based register offsets to EDAC driver
soc: qcom: llcc: Rename reg_offset structs to reflect LLCC version
soc: qcom: qmi: use const for struct qmi_elem_info
soc: qcom: icc-bwmon: remove redundant ret variable
dt-bindings: soc: qcom: stats: Document SDM845 compatible
soc: qcom: stats: Add SDM845 stats config and compatible
dt-bindings: firmware: document Qualcomm SM6115 SCM
soc: qcom: Make QCOM_RPMPD depend on OF
dt-bindings: firmware: convert Qualcomm SCM binding to the yaml
soc: qcom: socinfo: Add PM6125 ID
soc: qcom: socinfo: Add an ID for SM6375
soc: qcom: smem_state: Add refcounting for the 'state->of_node'
soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe()
...
Link: https://lore.kernel.org/r/20220921155753.1316308-1-andersson@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Ensure that the SMBIOS entry point is long enough to include all the
fields we need. Otherwise it is pointless to even attempt to verify
its checksum.
Also fix the maximum length check, which is technically 32, not 31.
It does not matter in practice as the only valid values are 31 (for
SMBIOS 2.x) and 24 (for SMBIOS 3.x), but let's still have the check
right in case new fields are added to either structure in the future.
Signed-off-by: Jean Delvare <jdelvare@suse.de>
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Link: https://lore.kernel.org/lkml/20220823094857.27f3d924@endymion.delvare/T/
This reverts commit a3b884cef873 ("firmware: arm_scmi: Add clock management
to the SCMI power domain").
Using the GENPD_FLAG_PM_CLK tells genpd to gate/ungate the consumer
device's clock(s) during runtime suspend/resume through the PM clock API.
More precisely, in genpd_runtime_resume() the clock(s) for the consumer
device would become ungated prior to the driver-level ->runtime_resume()
callbacks gets invoked.
This behaviour isn't a good fit for all platforms/drivers. For example, a
driver may need to make some preparations of its device in its
->runtime_resume() callback, like calling clk_set_rate() before the
clock(s) should be ungated. In these cases, it's easier to let the clock(s)
to be managed solely by the driver, rather than at the PM domain level.
For these reasons, let's drop the use GENPD_FLAG_PM_CLK for the SCMI PM
domain, as to enable it to be more easily adopted across ARM platforms.
Fixes: a3b884cef873 ("firmware: arm_scmi: Add clock management to the SCMI power domain")
Cc: Nicolas Pitre <npitre@baylibre.com>
Cc: stable@vger.kernel.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Tested-by: Peng Fan <peng.fan@nxp.com>
Acked-by: Sudeep Holla <sudeep.holla@arm.com>
Link: https://lore.kernel.org/r/20220919122033.86126-1-ulf.hansson@linaro.org
Another set of fixes for fixes for the soc tree:
- A fix for the interrupt number on at91/lan966 ethernet PHYs
- A second round of fixes for NXP i.MX series, including a couple
of build issues, and board specific DT corrections on
TQMa8MPQL, imx8mp-venice-gw74xx and imx8mm-verdin for reliability
and partially broken functionality.
- Several fixes for Rockchip SoCs, addressing a USB issue on BPI-R2-Pro,
wakeup on Gru-Bob and reliability of high-speed SD cards, among
other minor issues.
- A fix for a long-running naming mistake that prevented the moxart mmc
driver from working at all.
- Multiple Arm SCMI firmware fixes for hardening some corner cases.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAmMsf8kACgkQmmx57+YA
GNklew//T+pAuVwhR8OMp3DolbM/CwezgZgEXkuqDS0GvLkuoR71N7y1wEO77CDI
9/luYQiFnMI8ooBMXLG545EJCZNommtDKWfSMjJnYeVQit3nupJSYaOLkzD949hg
fg2BhA3mIKJY53m5SHRfZJOr+Q5E1DEmREX7m9e3nXTDY7izWpE2HtlKt26lKTq4
w4sbchmrC4YRLqkBbSGLczClCakF0/L3QhGUIfBlTdLmhye0PJiQzfhVTKgdb7Jr
l0T8vt5vg+5f5ib3PrnPQCaA3Azgu0QvImwKr7/vU/Sn6/e/xwV/hcuqQBZPFbbl
RmSkHb3mBLXogk/EjLiw8y59D22SIbdtE+/tD+FRP+q0gjgPKobRZiqLFijvIWSB
TtaTsKhotFKFs+pDysF0C/IfpK9MaYcX71WdqfvwlPiGGK7xCt3W+AKzgUmRVfew
dVMeyBlVL9T3003MpLkiaIoDp8JfJsD3051CCH5tdOtF53PeKsgTUEXtnQezBof2
80KgGXg2QGbwx+vYPGJqgQKzG7teq06G4BERK/yeFCrOsxrRXzH/icDA3F5xKY5f
IqQiTqvZeCQvvr8G1iZb6YkhflQHaNktsRCajxERTgPfRzuQFHwF96C/+weGcZBp
edBtweGCJ7AvV8vmvmvCdMDg9BDfgHOOwiNOKqmVvsIO01Ei8Oc=
=fI2K
-----END PGP SIGNATURE-----
Merge tag 'soc-fixes-6.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
Pull ARM SoC fixes from Arnd Bergmann:
"Another set of fixes for fixes for the soc tree:
- A fix for the interrupt number on at91/lan966 ethernet PHYs
- A second round of fixes for NXP i.MX series, including a couple of
build issues, and board specific DT corrections on TQMa8MPQL,
imx8mp-venice-gw74xx and imx8mm-verdin for reliability and
partially broken functionality
- Several fixes for Rockchip SoCs, addressing a USB issue on
BPI-R2-Pro, wakeup on Gru-Bob and reliability of high-speed SD
cards, among other minor issues
- A fix for a long-running naming mistake that prevented the moxart
mmc driver from working at all
- Multiple Arm SCMI firmware fixes for hardening some corner cases"
* tag 'soc-fixes-6.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (30 commits)
arm64: dts: imx8mp-venice-gw74xx: fix port/phy validation
ARM: dts: lan966x: Fix the interrupt number for internal PHYs
arm64: dts: imx8mp-venice-gw74xx: fix ksz9477 cpu port
arm64: dts: imx8mp-venice-gw74xx: fix CAN STBY polarity
dt-bindings: memory-controllers: fsl,imx8m-ddrc: drop Leonard Crestez
arm64: dts: tqma8mqml: Include phy-imx8-pcie.h header
arm64: defconfig: enable ARCH_NXP
arm64: dts: imx8mp-tqma8mpql-mba8mpxl: add missing pinctrl for RTC alarm
ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer
arm64: dts: imx8mm-verdin: extend pmic voltages
arm64: dts: rockchip: Remove 'enable-active-low' from rk3566-quartz64-a
arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma
arm64: dts: rockchip: fix property for usb2 phy supply on rk3568-evb1-v10
arm64: dts: rockchip: fix property for usb2 phy supply on rock-3a
arm64: dts: imx8ulp: add #reset-cells for pcc
arm64: dts: tqma8mpxl-ba8mpxl: Fix button GPIOs
arm64: dts: imx8mn: remove GPU power domain reset
arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz
arm64: dts: imx8mm: Reverse CPLD_Dn GPIO label mapping on MX8Menlo
arm64: dts: rockchip: fix upper usb port on BPI-R2-Pro
...
- Use the right variable to check for shim insecure mode
- Wipe setup_data field when booting via EFI
- Add missing error check to efibc driver
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEE+9lifEBpyUIVN1cpw08iOZLZjyQFAmMsbqYACgkQw08iOZLZ
jyROTAwAoKK2463ZJb6H4JAPf3NWWy5lTiJE5GnQpf75soJENNJGQil2d2RBKDEs
v8aBK6RleMTltmNesy7DNEHCi1It5zWNEPUIuo3AfteSHqeAZaebtfZ0JInatdGo
umw3XriYxIG0XTr6SWktjzQvOrouT/+HqSLE/FdOHjFW3l2WXpWeqrZ69QRirrYL
/tWVAwT5b8Y3Ds7lma4ivm8BZYEHVFdzHDUfZYh+YW13tRw23c93TNUF9vl9Pa83
My9ncQIB9UqDZ6KVze/7tQ9BG5WatRgDJb+QlLaBSXX5191qfouj1mW7waoJ+Gs9
ptQGBWGuOsGj9/85ixh+o9xjZrDq6sZksWI+pcbnJK7zQIrh2wBZI0xIaX79ekOM
wUtavQ1QezuKntg7kZFgutMnUrqtCbEbQ9RL5JsbndQ8PkZH5v5XygwzBc/6h0pj
ZgD3CQ04sDvy/UHhIARHDKzNCQldXjUyEVpAWwGlkPqTDqyPthtluzZ53kZbh+HX
o+/rXcw8
=Earg
-----END PGP SIGNATURE-----
Merge tag 'efi-urgent-for-v6.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi
Pull EFI fixes from Ard Biesheuvel:
- Use the right variable to check for shim insecure mode
- Wipe setup_data field when booting via EFI
- Add missing error check to efibc driver
* tag 'efi-urgent-for-v6.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi:
efi: libstub: check Shim mode using MokSBStateRT
efi: x86: Wipe setup_data on pure EFI boot
efi: efibc: Guard against allocation failure
We currently check the MokSBState variable to decide whether we should
treat UEFI secure boot as being disabled, even if the firmware thinks
otherwise. This is used by shim to indicate that it is not checking
signatures on boot images. In the kernel, we use this to relax lockdown
policies.
However, in cases where shim is not even being used, we don't want this
variable to interfere with lockdown, given that the variable may be
non-volatile and therefore persist across a reboot. This means setting
it once will persistently disable lockdown checks on a given system.
So switch to the mirrored version of this variable, called MokSBStateRT,
which is supposed to be volatile, and this is something we can check.
Cc: <stable@vger.kernel.org> # v4.19+
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Peter Jones <pjones@redhat.com>
When booting the x86 kernel via EFI using the LoadImage/StartImage boot
services [as opposed to the deprecated EFI handover protocol], the setup
header is taken from the image directly, and given that EFI's LoadImage
has no Linux/x86 specific knowledge regarding struct bootparams or
struct setup_header, any absolute addresses in the setup header must
originate from the file and not from a prior loading stage.
Since we cannot generally predict where LoadImage() decides to load an
image (*), such absolute addresses must be treated as suspect: even if a
prior boot stage intended to make them point somewhere inside the
[signed] image, there is no way to validate that, and if they point at
an arbitrary location in memory, the setup_data nodes will not be
covered by any signatures or TPM measurements either, and could be made
to contain an arbitrary sequence of SETUP_xxx nodes, which could
interfere quite badly with the early x86 boot sequence.
(*) Note that, while LoadImage() does take a buffer/size tuple in
addition to a device path, which can be used to provide the image
contents directly, it will re-allocate such images, as the memory
footprint of an image is generally larger than the PE/COFF file
representation.
Cc: <stable@vger.kernel.org> # v5.10+
Link: https://lore.kernel.org/all/20220904165321.1140894-1-Jason@zx2c4.com/
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Jason A. Donenfeld <Jason@zx2c4.com>
Currently, the non-x86 stub code calls get_memory_map() redundantly,
given that the data it returns is never used anywhere. So drop the call.
Cc: <stable@vger.kernel.org> # v4.14+
Fixes: 24d7c494ce46 ("efi/arm-stub: Round up FDT allocation to mapping size")
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
There is a single kmalloc in this driver, and it's not currently
guarded against allocation failure. Do it here by just bailing-out
the reboot handler, in case this tentative allocation fails.
Fixes: 416581e48679 ("efi: efibc: avoid efivar API for setting variables")
Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Even though it is unlikely to ever make a difference, let's use u32
consistently for the size of the load_options provided by the firmware
(aka the command line)
While at it, do some general cleanup too: use efi_char16_t, avoid using
options_chars in places where it really means options_size, etc.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Implement a minimal EFI app that decompresses the real kernel image and
launches it using the firmware's LoadImage and StartImage boot services.
This removes the need for any arch-specific hacks.
Note that on systems that have UEFI secure boot policies enabled,
LoadImage/StartImage require images to be signed, or their hashes known
a priori, in order to be permitted to boot.
There are various possible strategies to work around this requirement,
but they all rely either on overriding internal PI/DXE protocols (which
are not part of the EFI spec) or omitting the firmware provided
LoadImage() and StartImage() boot services, which is also undesirable,
given that they encapsulate platform specific policies related to secure
boot and measured boot, but also related to memory permissions (whether
or not and which types of heap allocations have both write and execute
permissions.)
The only generic and truly portable way around this is to simply sign
both the inner and the outer image with the same key/cert pair, so this
is what is implemented here.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
ACPI utils provide acpi_dev_uid_to_integer() helper to extract _UID as
an integer. Use it instead of custom approach.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
To avoid pulling in the wrong object when using the libstub static
library to build the decompressor, define efi_system_table in a separate
compilation unit.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
The stub is used in different execution environments, but on arm64,
RISC-V and LoongArch, we still use the core kernel's implementation of
memcpy and memset, as they are just a branch instruction away, and can
generally be reused even from code such as the EFI stub that runs in a
completely different address space.
KAsan complicates this slightly, resulting in the need for some hacks to
expose the uninstrumented, __ prefixed versions as the normal ones, as
the latter are instrumented to include the KAsan checks, which only work
in the core kernel.
Unfortunately, #define'ing memcpy to __memcpy when building C code does
not guarantee that no explicit memcpy() calls will be emitted. And with
the upcoming zboot support, which consists of a separate binary which
therefore needs its own implementation of memcpy/memset anyway, it's
better to provide one explicitly instead of linking to the existing one.
Given that EFI exposes implementations of memmove() and memset() via the
boot services table, let's wire those up in the appropriate way, and
drop the references to the core kernel ones.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Define the correct prototypes for the load_image, start_image and
unload_image boot service pointers so we can call them from the EFI
zboot code.
Also add some prototypes related to installation and deinstallation of
protocols in to the EFI protocol database, including some definitions
related to device paths.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Small set of changes in preparation to add support for FF-A v1.1
specification later. It mainly contains:
1. Splitting up ffa_ops into different categories namely information,
message and memory. It helps to make info and memory operations
independent from ffa_device so thata generic memory management
module can use it without specific ffa_dev.
2. Adds support for querying FF-A features and use the same to detect
the support for 64-bit operations.
3. Adds v1.1 get_partition_info support and use the same to set up
32-bit execution mode flag automatically.
4. Adds pointer to the ffa_dev_ops in struct ffa_dev and drop
ffa_dev_ops_get() which enables to drop ffa_ops in optee_ffa
structure using ffa_dev->ops directly. Additionally ffa_dev_ops is
renamed as ffa_ops.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEunHlEgbzHrJD3ZPhAEG6vDF+4pgFAmMgVOEACgkQAEG6vDF+
4phosQ//Q6tnJtcxgw7AeioIeGrXEAQy9Psyt8JrGixTHWSgq42G8Z0PKPO7MwFn
F5RxVSE85E4wLBLu3xiuR1mlAglBOvec3cY4/4XBfN8nxzYUBiaOn8U7Jjnh3QYk
vp0MTzECsi9a2T9T4zr0hLAdO/5uZBG16nf45iKOo9qEF6KS7WZWhdPHcyG4MpCH
u6L2aKGb0XzfzT0YAHxvOipVTdYg4smtmhtOj5vvuD1XEve4ARh8WjhNFwE2L6zt
6RH/CgzhEJFOJkR/WjNdlcD9b/9QuwvmIORXFUP7jTIR/SYHB4k7xutz/DD2L4/P
Xp/qiNrlrQnXpdMbYbr5S9e1jlPfjwbsiG5CNf620gS+Up5ZLD+Vnhu64A+Bfml2
8YSjJHNurkiCzTzpawGiRl0uGEwvvOhZBnlGaaeJP9ga98dQc5eom+qLbeDyT/dK
ESILyaetQniHCUU+hIbZ9jnfj0sdlgd5gF6Lbsnqdy25KktIiVzscL0Wkwl5jY6C
JiCv++6ieH44NrDTNaFzF/MjpBcBxXmp/qposT2wuPHxdY+OPnbjorGoLZP1F2Ns
i/+1l724sm1ETdwm/eVn9aWoH681G1APd45xYE2khLme7o9V+xapJD5khQN0nSet
gJ20gstIDjHBhOGYCFg/Q2l7HlrvrFYXLgN/4GI8z6CJUuUCpj0=
=u/KH
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAmMjhesACgkQmmx57+YA
GNlVfBAAk3s11gubrUNcY1HLhZXkAY/QmNVt8yEnP6CjMkOc3nIAVqtjklXJ6+dp
WtMsJUx993DH8wmGvid4IF2BWPTSeQ6xMfx5dqKgFLg1fIPRejomD2g+JtPlKyFO
UeOzg0T7H3Fht3UnYH3D7muc1zkFXumwZPATqVJY8vFF8jJTnQEfoy0iN1qYBM4Y
ex1EXteXDbhA0jezmqGlTMcDGNgZs1JeYBciaZl4U/pH2dF79tTUDeQh/l4ZbtTd
Z1V8mvbZHwFuWax2frPeVFnVGYD3VP5c28/qxLYrueYEaSEbOtYFDSkbP0U2D4GG
jhYO2PPCPw/qxjx8PGfjciAK1y4WKwTXs+D4KfdY+IyhuoTSi+VN0stCFQGoOf06
eMy/eUTCA02ICe3IKcO3KqZbAH3mBpiw7AgmMAkSRSdOadFKfZ4PauTdmR/a7gJL
E4MyMwfY1yJ3oJeHx/WvFPL4Iwl26QTx2q/srjDlTJ9laHQv/D1RBi51zwnEC8bp
kxuP69hqapiroiKAJcnHGpJX4icm2vV7YUBGqF03Sw+SByiJYGt47ojEcbA/kEDk
Cis383/TN2xNFSZ+uu5MWj2vkbus5m8OQ2OvDgJ7lUoPVgjBpzd7kBuyT5bpY+aU
m//viWe28xjOQz0KmB4pnitBO2xmYdo2G94Xak/xgu7ksAVItnY=
=aIAe
-----END PGP SIGNATURE-----
Merge tag 'ffa-updates-6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/sudeep.holla/linux into arm/drivers
Arm FF-A firmware driver updates for v6.1
Small set of changes in preparation to add support for FF-A v1.1
specification later. It mainly contains:
1. Splitting up ffa_ops into different categories namely information,
message and memory. It helps to make info and memory operations
independent from ffa_device so thata generic memory management
module can use it without specific ffa_dev.
2. Adds support for querying FF-A features and use the same to detect
the support for 64-bit operations.
3. Adds v1.1 get_partition_info support and use the same to set up
32-bit execution mode flag automatically.
4. Adds pointer to the ffa_dev_ops in struct ffa_dev and drop
ffa_dev_ops_get() which enables to drop ffa_ops in optee_ffa
structure using ffa_dev->ops directly. Additionally ffa_dev_ops is
renamed as ffa_ops.
* tag 'ffa-updates-6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/sudeep.holla/linux:
firmware: arm_ffa: Split up ffa_ops into info, message and memory operations
firmware: arm_ffa: Set up 32bit execution mode flag using partiion property
firmware: arm_ffa: Add v1.1 get_partition_info support
firmware: arm_ffa: Rename ffa_dev_ops as ffa_ops
firmware: arm_ffa: Make memory apis ffa_device independent
firmware: arm_ffa: Use FFA_FEATURES to detect if native versions are supported
firmware: arm_ffa: Add support for querying FF-A features
firmware: arm_ffa: Remove ffa_dev_ops_get()
tee: optee: Drop ffa_ops in optee_ffa structure using ffa_dev->ops directly
firmware: arm_ffa: Add pointer to the ffa_dev_ops in struct ffa_dev
Link: https://lore.kernel.org/r/20220913100612.2924643-1-sudeep.holla@arm.com
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
This patch fixes the following Coccinelle warning:
drivers/firmware/tegra/bpmp-debugfs.c:379: WARNING opportunity for memdup_user
Use memdup_user() rather than duplicating its implementation. This is a
little bit restricted to reduce false positives.
Signed-off-by: Qing Wang <wangqing@vivo.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
__qcom_scm_init has been removed since
commit 9a434cee773a ("firmware: qcom_scm: Dynamically support
SMCCC and legacy conventions"), so remove it.
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220911092912.3219132-1-cuigaosheng1@huawei.com
Normally we include the full register name in the defines for fields within
registers but this has not been followed for ID registers. In preparation
for automatic generation of defines add the _EL1s into the defines for
ID_AA64MMFR0_EL1 to follow the convention. No functional changes.
Signed-off-by: Mark Brown <broonie@kernel.org>
Reviewed-by: Kristina Martsenko <kristina.martsenko@arm.com>
Link: https://lore.kernel.org/r/20220905225425.1871461-5-broonie@kernel.org
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Few fixes addressing possible out of bound access violations by
hardening them, incorrect asynchronous resets by restricting them,
incorrect SCMI tracing message format by harmonizing them, missing
kernel-doc in optee transport, missing SCMI PM driver remove
routine by adding it to avoid warning when scmi driver is unloaded
and finally improve checks in the info_get operations.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEunHlEgbzHrJD3ZPhAEG6vDF+4pgFAmMHX00ACgkQAEG6vDF+
4pgEQRAAxOv22MIag/QHC9CyRdgmn9x/pDvBVpCaO831VmIo53gV1QhSUl1wfadA
NMH5zcs1QATz2swDyj30WAElwtMH7fbTR2KjR3TlHAVvSbM+gDqOoHRVMRFBIXd2
r3xqF06NqVRsk83ANM5MEtBMI9TJXCCWjyolHNbU2PxLgO85lsZ8SgazOql945Bi
H3VSp6IrPQ2TL+GF58MEoyn5WiAEl/ZgpC0lMFl2P1kU4t1g1Rzxsr8LfmHKTpJl
dyM4R51SB9G6NyJf1aeWxtybYhqkvkH8TOgwRjNGCWloidCKomXe/yTiguU2iAkm
F3EF7va0Tjs0onxBEULDDPLv8GGqS1Z4rhFhpXoPEKeefx1taAZQPnzMCBNVmoxS
WlSDuwC3L9jdwXExi3xLRID3zzXz7H5ESpi/FZhZ2MHYBU/ZkFx1nE+julRpb5QK
p7sWQ8KjKkvGWmUv2OoI27O7K3PGfMnz46Z8fLFpfcTIein4yLgh+dh46rLO/0n1
iFwpjQeBrzKX7OXhSa3aKcXympi8LRLMXfEs0tB7XmDMQr92bSus8hkDjMcYOvDN
9JS0667RRM8LuGddPcW4jDsOXAFFpy0wNzIATMdmZRKp4IKlpsOhFyVwpDCW1Fg2
gKMQMeDxn1c0j8qEBY3xrSbjrfzVA7PE6s+6he8kXmva71Lfa/Q=
=op8P
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAmMZ+EoACgkQmmx57+YA
GNkRAg/+PuDhY5LEJe1mDNrxzgC6/kXctJoofR2h4cZwGs3ZXdIn4apoDc3utxAS
bBJ9SXZi44tIA41qs0ZkOHViP8361SKdHtGdW3v33w3wE8BzTHEV6ZezJhQiX5Qb
juNQrtgCS9LAkgBfvBrp0tuFPRXIy2yQexcWARvbOvgRjqAoM79qUWPHOoL28vJw
o8J5jogqrFRx5mbvvuGLGZvcu0Hp5FdDuNDyrjshzlGkQKG2ChRzQlf0iequ5ZzG
vA8RHUP05tWh1doqlroyQhHL2CIxsEPw3WfqgthdBJOztrKV7kY9X7Az3jUK7LHx
e1mTRgFZ3stBYagzosw4488RFUz0wEN/9o37C8Cn5B0hXPEjv3EOKtZpmS7R+CNi
+Y5fugeghs4hSkJgZ6r73VXr2WVFZuuexCeOlcIoWVXaT8m79QSCb0bFndOpajIS
OpduLncqSyNe7fF8/g1Ul0HpBDZH06Hf18EXvWX94jNqC368xZjJyRtvo8kb7oEu
+fClemQoPL9DGYnv+RiEjTWPUsn7sIM0418oyDO0QaWrhcljuzn0tbtmZtWOeXrk
ozj6CnukN40J77rXOVlMxqH16iAqZ9HDUAuolkXgo4/8uzMuNpiBwtgw8YExnzA9
o7vixof29kd1yH19TiC6enI+mmaTRZ/RT1TUPe7R4TaUW8wsdo0=
=4nfv
-----END PGP SIGNATURE-----
Merge tag 'scmi-fixes-6.0' of git://git.kernel.org/pub/scm/linux/kernel/git/sudeep.holla/linux into arm/fixes
Arm SCMI fixes for v6.0
Few fixes addressing possible out of bound access violations by
hardening them, incorrect asynchronous resets by restricting them,
incorrect SCMI tracing message format by harmonizing them, missing
kernel-doc in optee transport, missing SCMI PM driver remove
routine by adding it to avoid warning when scmi driver is unloaded
and finally improve checks in the info_get operations.
* tag 'scmi-fixes-6.0' of git://git.kernel.org/pub/scm/linux/kernel/git/sudeep.holla/linux:
firmware: arm_scmi: Harmonize SCMI tracing message format
firmware: arm_scmi: Add SCMI PM driver remove routine
firmware: arm_scmi: Fix the asynchronous reset requests
firmware: arm_scmi: Harden accesses to the reset domains
firmware: arm_scmi: Harden accesses to the sensor domains
firmware: arm_scmi: Improve checks in the info_get operations
firmware: arm_scmi: Fix missing kernel-doc in optee
Link: https://lore.kernel.org/r/20220829174435.207911-1-sudeep.holla@arm.com
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
- prevent the randstruct plugin from re-ordering EFI protocol
definitions;
- fix a use-after-free in the capsule loader
- drop unused variable
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEE+9lifEBpyUIVN1cpw08iOZLZjyQFAmMZw2gACgkQw08iOZLZ
jyQ+Rgv/XGT12sS/7sBldWWRdJcz7ix9G/nZQHAK68qahC9WSIIXbmeZDPspdP6C
7WZs9VQ1CizwHbBxX4voKJD2gV8PDF8hjcq+i5YsHPCuW7Rn607gsPBjBUuISuen
8M3Yrr3xj+uBmkTRqTV2/WgkWgmPrzdicXbP6TcWe9ZFPRO4eaKuqVgFzC0Z2W3h
3O4X8tjth25PAmbYcOJ8H9i9GlVBm/al0it+OM4HgyQduPMRPWBUtibitg5QC8P1
rOqeeAeZAt58qRN5Tf5t/sDSARnjyiqm4ruNpL15/cACaur+YFGtu3Y0i/+NCaw/
s8Aqh2z7ljxb8tYgAYtDofNvQe8aY3bOwnI3rJLL4cd5AvEJQF27A545IpPu78YE
Zvu7Gs+qk12669dePnggFEYQg9MCRqRN40QWnADXBoT8kn1x0z3Pj1OdyN5AhI8t
DqE9bxWqEoh3rDeGMkp5tL0PYJ6SYJ9ldfCnWxOPl1j2g7WP94fRUhMxa2IlqVjx
PRv4/gf8
=IHhL
-----END PGP SIGNATURE-----
Merge tag 'efi-urgent-for-v6.0-1' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi
Pull EFI fixes from Ard Biesheuvel:
"A couple of low-priority EFI fixes:
- prevent the randstruct plugin from re-ordering EFI protocol
definitions
- fix a use-after-free in the capsule loader
- drop unused variable"
* tag 'efi-urgent-for-v6.0-1' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi:
efi: capsule-loader: Fix use-after-free in efi_capsule_write
efi/x86: libstub: remove unused variable
efi: libstub: Disable struct randomization
In preparation to make memory operations accessible for a non
ffa_driver/device, it is better to split the ffa_ops into different
categories of operations: info, message and memory. The info and memory
are ffa_device independent and can be used without any associated
ffa_device from a non ffa_driver.
However, we don't export these info and memory APIs yet without the user.
The first users of these APIs can export them.
Link: https://lore.kernel.org/r/20220907145240.1683088-11-sudeep.holla@arm.com
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
FF-A v1.1 adds a flag in the partition properties to indicate if the
partition runs in the AArch32 or AArch64 execution state. Use the same
to set-up the 32-bit execution flag mode in the ffa_dev automatically
if the detected firmware version is above v1.0 and ignore any requests
to do the same from the ffa_driver.
Link: https://lore.kernel.org/r/20220907145240.1683088-10-sudeep.holla@arm.com
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
FF-A v1.1 adds support to discovery the UUIDs of the partitions that was
missing in v1.0 and which the driver workarounds by using UUIDs supplied
by the ffa_drivers.
Add the v1.1 get_partition_info support and disable the workaround if
the detected FF-A version is greater than v1.0.
Link: https://lore.kernel.org/r/20220907145240.1683088-9-sudeep.holla@arm.com
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Except the message APIs, all other APIs are ffa_device independent and can
be used without any associated ffa_device from a non ffa_driver.
In order to reflect the same, just rename ffa_dev_ops as ffa_ops to
avoid any confusion or to keep it simple.
Link: https://lore.kernel.org/r/20220907145240.1683088-8-sudeep.holla@arm.com
Suggested-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
There is a requirement to make memory APIs independent of the ffa_device.
One of the use-case is to have a common memory driver that manages the
memory for all the ffa_devices. That common memory driver won't be a
ffa_driver or won't have any ffa_device associated with it. So having
these memory APIs accessible without a ffa_device is needed and should
be possible as most of these are handled by the partition manager(SPM
or hypervisor).
Drop the ffa_device argument to the memory APIs and make them ffa_device
independent.
Link: https://lore.kernel.org/r/20220907145240.1683088-7-sudeep.holla@arm.com
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Currently, the ffa_dev->mode_32bit is use to detect if the native 64-bit
or 32-bit versions of FF-A ABI needs to be used. However for the FF-A
memory ABIs, it is not dependent on the ffa_device(i.e. the partition)
itself, but the partition manager(SPM).
So, the FFA_FEATURES can be use to detect if the native 64bit ABIs are
supported or not and appropriate calls can be made based on that.
Use FFA_FEATURES to detect if native versions of MEM_LEND or MEM_SHARE
are implemented and make of the same to use native memory ABIs later on.
Link: https://lore.kernel.org/r/20220907145240.1683088-6-sudeep.holla@arm.com
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Add support for FFA_FEATURES to discover properties supported at the
FF-A interface. This interface can be used to query:
- If an FF-A interface is implemented by the component at the higher EL,
- If an implemented FF-A interface also implements any optional features
described in its interface definition, and
- Any implementation details exported by an implemented FF-A interface
as described in its interface definition.
Link: https://lore.kernel.org/r/20220907145240.1683088-5-sudeep.holla@arm.com
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
The only user of this exported ffa_dev_ops_get() was OPTEE driver which
now uses ffa_dev->ops directly, there are no other users for this.
Also, since any ffa driver can use ffa_dev->ops directly, there will be
no need for ffa_dev_ops_get(), so just remove ffa_dev_ops_get().
Link: https://lore.kernel.org/r/20220907145240.1683088-4-sudeep.holla@arm.com
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Currently ffa_dev_ops_get() is the way to fetch the ffa_dev_ops pointer.
It checks if the ffa_dev structure pointer is valid before returning the
ffa_dev_ops pointer.
Instead, the pointer can be made part of the ffa_dev structure and since
the core driver is incharge of creating ffa_device for each identified
partition, there is no need to check for the validity explicitly if the
pointer is embedded in the structure.
Add the pointer to the ffa_dev_ops in the ffa_dev structure itself and
initialise the same as part of creation of the device.
Link: https://lore.kernel.org/r/20220907145240.1683088-2-sudeep.holla@arm.com
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
A race condition may occur if the user calls close() on another thread
during a write() operation on the device node of the efi capsule.
This is a race condition that occurs between the efi_capsule_write() and
efi_capsule_flush() functions of efi_capsule_fops, which ultimately
results in UAF.
So, the page freeing process is modified to be done in
efi_capsule_release() instead of efi_capsule_flush().
Cc: <stable@vger.kernel.org> # v4.9+
Signed-off-by: Hyunwoo Kim <imv4bel@gmail.com>
Link: https://lore.kernel.org/all/20220907102920.GA88602@ubuntu/
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
