u-boot.git/lib/efi_loader, branch v2025.01 Unnamed repository; edit this file 'description' to name the repository. efi_loader: Check for a valid fw_name before auto generating GUIDs 2024-12-05T07:01:33+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2024-12-03T16:13:37+00:00 05396fb724551e57ccf6de15ce9f4c0e3128f82c The gen_v5_guid() is a void and does no error checking with pointers being available etc. Instead it expects all things to be in place to generate GUIDs. If a board capsule definition is buggy and does not define the firmware names when enabling capsule updates, the board will crash trying to bring up the EFI subsystem. Check for a valid firmware name before generating GUIDs. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
The gen_v5_guid() is a void and does no error checking with pointers
being available etc. Instead it expects all things to be in place to
generate GUIDs. If a board capsule definition is buggy and does not
define the firmware names when enabling capsule updates, the board will
crash trying to bring up the EFI subsystem.

Check for a valid firmware name before generating GUIDs.

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Revert "efi_memory: do not add U-Boot memory to the memory map" 2024-11-30T14:37:53+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2024-11-29T17:08:13+00:00 65b38a519b0fcae6a76f48116a5f999400d7294c This reverts commit ("commit a68c9ac5d8af ("efi_memory: do not add U-Boot memory to the memory map"). This code was removed when the EFI subsystem started using LMB calls for the reservations. In hindsight it unearthed two problems. The e820 code is adding u-boot memory as EfiReservedMemory while it should look at what LMB added and decide instead of blindly overwriting it. The reason this worked is that we marked that code properly late, when the EFI came up. But now with the LMB changes, the EFI map gets added first and the e820 code overwrites it. The second problem is that we never mark SetVirtualAddressMap as runtime code, which we should according to the spec. Until we fix this the current hack can't go away, at least for architectures that *need* to call SVAM. More specifically x86 currently requires SVAM and sets the NX bit for pages not marked as *_CODE. So unless we do that late, it will crash trying to execute from non-executable memory. It's also worth noting that x86 calls SVAM late in the boot, so this will work until someone decides to overwrite/use BootServicesCode from the OS. Notably arm64 disables it explicitly if the VA space is > 48bits, so doesn't suffer from any of these problems. This doesn't really deserve a fixes tag, since it brings back a hack to remedy a situation that was wrong long before that commit, but in case anyone hits the same bug ... Simon sent the original revert in the link, but we need a proper justification for it. Link: https://lore.kernel.org/u-boot/20241112131830.576864-1-sjg@chromium.org/ Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reported-by: Simon Glass <sjg@chromium.org> 
This reverts commit ("commit a68c9ac5d8af ("efi_memory: do not add
U-Boot memory to the memory map").

This code was removed when the EFI subsystem started using LMB calls for
the reservations. In hindsight it unearthed two problems.

The e820 code is adding u-boot memory as EfiReservedMemory while it
should look at what LMB added and decide instead of blindly overwriting
it. The reason this worked is that we marked that code properly late,
when the EFI came up. But now with the LMB changes, the EFI map gets
added first and the e820 code overwrites it.

The second problem is that we never mark SetVirtualAddressMap as runtime
code, which we should according to the spec. Until we fix this the
current hack can't go away, at least for architectures that *need* to
call SVAM.

More specifically x86 currently requires SVAM and sets the NX bit for
pages not marked as *_CODE. So unless we do that late, it will crash
trying to execute from non-executable memory. It's also worth noting
that x86 calls SVAM late in the boot, so this will work until someone
decides to overwrite/use BootServicesCode from the OS.

Notably arm64 disables it explicitly if the VA space is > 48bits, so
doesn't suffer from any of these problems.

This doesn't really deserve a fixes tag, since it brings back a hack to
remedy a situation that was wrong long before that commit, but in case
anyone hits the same bug ...
Simon sent the original revert in the link, but we need a proper
justification for it.

Link: https://lore.kernel.org/u-boot/20241112131830.576864-1-sjg@chromium.org/
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reported-by: Simon Glass <sjg@chromium.org>
Merge patch series "Fix device removal order for Apple dart iommu" 2024-11-24T21:41:32+00:00 Tom Rini trini@konsulko.com 2024-11-24T21:41:32+00:00 880fcc49eb40a78ed27ff575aa02034d7bd74e80 Janne Grunau <j@jannau.net> says: Starting with v2024.10 dev_iommu_dma_unmap calls during device removal trigger a NULL pointer dereference in the Apple dart iommu driver. The iommu device is removed before its user. The sparsely used DM_FLAG_VITAL flag is intended to describe this dependency. Add it to the driver. Adding this flag is unfortunately not enough since the boot routines except the arm one simply remove all drivers. Add and use a new function which calls dm_remove_devioce_flags(DM_REMOVE_ACTIVE_ALL | DM_REMOVE_NON_VITAL); dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL); to ensure this order dependency is head consistently. Link: https://lore.kernel.org/r/20241123-iommu_apple_dart_ordering-v2-0-cc2ade6dde97@jannau.net 
Janne Grunau <j@jannau.net> says:

Starting with v2024.10 dev_iommu_dma_unmap calls during device removal
trigger a NULL pointer dereference in the Apple dart iommu driver. The
iommu device is removed before its user. The sparsely used DM_FLAG_VITAL
flag is intended to describe this dependency. Add it to the driver.

Adding this flag is unfortunately not enough since the boot routines
except the arm one simply remove all drivers. Add and use a new function
which calls
    dm_remove_devioce_flags(DM_REMOVE_ACTIVE_ALL | DM_REMOVE_NON_VITAL);
    dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL);
to ensure this order dependency is head consistently.

Link: https://lore.kernel.org/r/20241123-iommu_apple_dart_ordering-v2-0-cc2ade6dde97@jannau.net
dm: Add dm_remove_devices_active() for ordered device removal 2024-11-24T21:41:28+00:00 Janne Grunau j@jannau.net 2024-11-23T21:44:05+00:00 dabaa4ae32062cb3f3d995e5c63e6cef54ad079b This replaces dm_remove_devices_flags() calls in all boot implementations to ensure non vital devices are consistently removed first. All boot implementation except arch/arm/lib/bootm.c currently just call dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL). This can result in crashes when dependencies between devices exists. The driver model's design document describes DM_FLAG_VITAL as "indicates that the device is 'vital' to the operation of other devices". Device removal at boot should follow this. Instead of adding dm_remove_devices_flags() with (DM_REMOVE_ACTIVE_ALL | DM_REMOVE_NON_VITAL) everywhere add dm_remove_devices_active() which does this. Fixes a NULL pointer deref in the apple dart IOMMU driver during EFI boot. The xhci-pci (driver which depends on the IOMMU to work) removes its mapping on removal. This explodes when the IOMMU device was removed first. dm_remove_devices_flags() is kept since it is used for testing of device_remove() calls in dm. Signed-off-by: Janne Grunau <j@jannau.net> 
This replaces dm_remove_devices_flags() calls in all boot
implementations to ensure non vital devices are consistently removed
first. All boot implementation except arch/arm/lib/bootm.c currently
just call dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL). This can result
in crashes when dependencies between devices exists. The driver model's
design document describes DM_FLAG_VITAL as "indicates that the device is
'vital' to the operation of other devices". Device removal at boot
should follow this.

Instead of adding dm_remove_devices_flags() with (DM_REMOVE_ACTIVE_ALL |
DM_REMOVE_NON_VITAL) everywhere add dm_remove_devices_active() which
does this.

Fixes a NULL pointer deref in the apple dart IOMMU driver during EFI
boot. The xhci-pci (driver which depends on the IOMMU to work) removes
its mapping on removal. This explodes when the IOMMU device was removed
first.

dm_remove_devices_flags() is kept since it is used for testing of
device_remove() calls in dm.

Signed-off-by: Janne Grunau <j@jannau.net>
lmb: Correctly unmap and free memory on errors 2024-11-24T14:25:03+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2024-11-24T09:00:03+00:00 967d57ab592ce1bcab0785f8483b1b43c2d881aa We never free and unmap the memory on errors and we never unmap it when freeing it. The latter won't cause any problems even on sandbox, but for consistency always use unmap_sysmem() Fixes: commit 22f2c9ed9f53 ("efi: memory: use the lmb API's for allocating and freeing memory") Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
We never free and unmap the memory on errors and we never unmap it when
freeing it. The latter won't cause any problems even on sandbox, but for
consistency always use unmap_sysmem()

Fixes: commit 22f2c9ed9f53 ("efi: memory: use the lmb API's for allocating and freeing memory")
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: allow EFI_LOADER_BOUNCE_BUFFER on all architectures 2024-11-23T22:36:54+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2024-11-21T14:25:21+00:00 3fbbaf139cd8942c58255170aa49f5fedfc0846f Commit 775f7657ba58 ("Kconfig: clean up the efi configuration status") by mistake revoked commit dcd1b63b7072 ("efi_loader: allow EFI_LOADER_BOUNCE_BUFFER on all architectures"). Fixes: 775f7657ba58 ("Kconfig: clean up the efi configuration status") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Tested-by: Loic Devulder <ldevulder@suse.com> 
Commit 775f7657ba58 ("Kconfig: clean up the efi configuration status")
by mistake revoked commit dcd1b63b7072 ("efi_loader: allow
EFI_LOADER_BOUNCE_BUFFER on all architectures").

Fixes: 775f7657ba58 ("Kconfig: clean up the efi configuration status")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Tested-by: Loic Devulder <ldevulder@suse.com>
efi_loader: simplify efi_tcg2_hash_log_extend_event() 2024-11-23T22:14:15+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2024-11-05T04:20:45+00:00 a152e149991dd062ba47f41c06cc44723c30375f The value of variable nt is never used. Just use NULL when calling efi_check_pe(). The API function is not expected to write to the console. Such output might have unwanted side effects on the screen layout of an EFI application. Leave error handling to the caller. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
The value of variable nt is never used. Just use NULL when calling
efi_check_pe().

The API function is not expected to write to the console. Such output might
have unwanted side effects on the screen layout of an EFI application.

Leave error handling to the caller.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: Drop sandbox PXE architecture 2024-11-09T09:01:47+00:00 Simon Glass sjg@chromium.org 2024-11-07T21:31:47+00:00 16b5423eb390b1ad377a182f61f55e0303a08e18 Rather than returning 0, just return an error, since sandbox is not used with PXE at present. Signed-off-by: Simon Glass <sjg@chromium.org> 
Rather than returning 0, just return an error, since sandbox is not used
with PXE at present.

Signed-off-by: Simon Glass <sjg@chromium.org>
sandbox: Report host default-filename in native mode 2024-11-09T09:01:47+00:00 Simon Glass sjg@chromium.org 2024-11-07T21:31:46+00:00 7506c1566998d188867423bd184a9dd00a9246c4 When the --native flag is given, pretend to be running the host architecture rather than sandbox. Allow the same control for PXE too. Signed-off-by: Simon Glass <sjg@chromium.org> 
When the --native flag is given, pretend to be running the host
architecture rather than sandbox.

Allow the same control for PXE too.

Signed-off-by: Simon Glass <sjg@chromium.org>
efi_loader: Move get_efi_pxe_arch() to efi_helper 2024-11-09T09:01:46+00:00 Simon Glass sjg@chromium.org 2024-11-07T21:31:44+00:00 8aa8a33661f328ae4f4ebbe652004ab57950872e Move this function from the EFI bootmeth to the common efi_helper file. No functional change is intended. Signed-off-by: Simon Glass <sjg@chromium.org> 
Move this function from the EFI bootmeth to the common efi_helper file.
No functional change is intended.

Signed-off-by: Simon Glass <sjg@chromium.org>