From e3f5c9cb0fcc95aa9287b5f8609294fe1a59b9da Mon Sep 17 00:00:00 2001
From: AKASHI Takahiro <takahiro.akashi@linaro.org>
Date: Tue, 21 Apr 2020 09:38:17 +0900
Subject: lib/crypto, efi_loader: move some headers to include/crypto

Pkcs7_parse.h and x509_parser.h are used in UEFI subsystem, in particular,
secure boot. So move them to include/crypto to avoid relative paths.

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Don't include include x509_parser.h twice.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 lib/efi_loader/efi_variable.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/efi_loader/efi_variable.c')

diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c
index 7df881a74b4..0c6d1deb58e 100644
--- a/lib/efi_loader/efi_variable.c
+++ b/lib/efi_loader/efi_variable.c
@@ -12,9 +12,9 @@
 #include <malloc.h>
 #include <rtc.h>
 #include <search.h>
+#include <crypto/pkcs7_parser.h>
 #include <linux/compat.h>
 #include <u-boot/crc.h>
-#include "../lib/crypto/pkcs7_parser.h"
 
 enum efi_secure_mode {
 	EFI_MODE_SETUP,
-- 
cgit v1.2.3


From f0ff75f2491ba27c04bb1f94e502a2be8fc0e78e Mon Sep 17 00:00:00 2001
From: AKASHI Takahiro <takahiro.akashi@linaro.org>
Date: Tue, 21 Apr 2020 09:39:20 +0900
Subject: efi_loader: factor out the common code from
 efi_transfer_secure_state()

efi_set_secure_stat() provides the common code for each stat transition
caused by efi_transfer_secure_state().

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Correct description of return value.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 lib/efi_loader/efi_variable.c | 194 ++++++++++++++----------------------------
 1 file changed, 64 insertions(+), 130 deletions(-)

(limited to 'lib/efi_loader/efi_variable.c')

diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c
index 0c6d1deb58e..9a3f1f3d2ee 100644
--- a/lib/efi_loader/efi_variable.c
+++ b/lib/efi_loader/efi_variable.c
@@ -176,6 +176,59 @@ static efi_status_t efi_set_variable_internal(u16 *variable_name,
 					      const void *data,
 					      bool ro_check);
 
+/**
+ * efi_set_secure_state - modify secure boot state variables
+ * @sec_boot:		value of SecureBoot
+ * @setup_mode:		value of SetupMode
+ * @audit_mode:		value of AuditMode
+ * @deployed_mode:	value of DeployedMode
+ *
+ * Modify secure boot stat-related variables as indicated.
+ *
+ * Return:		status code
+ */
+static efi_status_t efi_set_secure_state(int sec_boot, int setup_mode,
+					 int audit_mode, int deployed_mode)
+{
+	u32 attributes;
+	efi_status_t ret;
+
+	attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS |
+		     EFI_VARIABLE_RUNTIME_ACCESS |
+		     READ_ONLY;
+	ret = efi_set_variable_internal(L"SecureBoot",
+					&efi_global_variable_guid,
+					attributes,
+					sizeof(sec_boot), &sec_boot,
+					false);
+	if (ret != EFI_SUCCESS)
+		goto err;
+
+	ret = efi_set_variable_internal(L"SetupMode",
+					&efi_global_variable_guid,
+					attributes,
+					sizeof(setup_mode), &setup_mode,
+					false);
+	if (ret != EFI_SUCCESS)
+		goto err;
+
+	ret = efi_set_variable_internal(L"AuditMode",
+					&efi_global_variable_guid,
+					attributes,
+					sizeof(audit_mode), &audit_mode,
+					false);
+	if (ret != EFI_SUCCESS)
+		goto err;
+
+	ret = efi_set_variable_internal(L"DeployedMode",
+					&efi_global_variable_guid,
+					attributes,
+					sizeof(deployed_mode), &deployed_mode,
+					false);
+err:
+	return ret;
+}
+
 /**
  * efi_transfer_secure_state - handle a secure boot state transition
  * @mode:	new state
@@ -188,157 +241,38 @@ static efi_status_t efi_set_variable_internal(u16 *variable_name,
  */
 static efi_status_t efi_transfer_secure_state(enum efi_secure_mode mode)
 {
-	u32 attributes;
-	u8 val;
 	efi_status_t ret;
 
-	debug("Secure state from %d to %d\n", efi_secure_mode, mode);
+	debug("Switching secure state from %d to %d\n", efi_secure_mode, mode);
 
-	attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS |
-		     EFI_VARIABLE_RUNTIME_ACCESS;
 	if (mode == EFI_MODE_DEPLOYED) {
-		val = 1;
-		ret = efi_set_variable_internal(L"SecureBoot",
-						&efi_global_variable_guid,
-						attributes | READ_ONLY,
-						sizeof(val), &val,
-						false);
-		if (ret != EFI_SUCCESS)
-			goto err;
-		val = 0;
-		ret = efi_set_variable_internal(L"SetupMode",
-						&efi_global_variable_guid,
-						attributes | READ_ONLY,
-						sizeof(val), &val,
-						false);
-		if (ret != EFI_SUCCESS)
-			goto err;
-		val = 0;
-		ret = efi_set_variable_internal(L"AuditMode",
-						&efi_global_variable_guid,
-						attributes | READ_ONLY,
-						sizeof(val), &val,
-						false);
-		if (ret != EFI_SUCCESS)
-			goto err;
-		val = 1;
-		ret = efi_set_variable_internal(L"DeployedMode",
-						&efi_global_variable_guid,
-						attributes | READ_ONLY,
-						sizeof(val), &val,
-						false);
+		ret = efi_set_secure_state(1, 0, 0, 1);
 		if (ret != EFI_SUCCESS)
 			goto err;
 
 		efi_secure_boot = true;
 	} else if (mode == EFI_MODE_AUDIT) {
-		ret = efi_set_variable_internal(L"PK",
-						&efi_global_variable_guid,
-						attributes,
-						0, NULL,
-						false);
+		ret = efi_set_variable_internal(
+					L"PK", &efi_global_variable_guid,
+					EFI_VARIABLE_BOOTSERVICE_ACCESS |
+					EFI_VARIABLE_RUNTIME_ACCESS,
+					0, NULL, false);
 		if (ret != EFI_SUCCESS)
 			goto err;
-		val = 0;
-		ret = efi_set_variable_internal(L"SecureBoot",
-						&efi_global_variable_guid,
-						attributes | READ_ONLY,
-						sizeof(val), &val,
-						false);
-		if (ret != EFI_SUCCESS)
-			goto err;
-		val = 1;
-		ret = efi_set_variable_internal(L"SetupMode",
-						&efi_global_variable_guid,
-						attributes | READ_ONLY,
-						sizeof(val), &val,
-						false);
-		if (ret != EFI_SUCCESS)
-			goto err;
-		val = 1;
-		ret = efi_set_variable_internal(L"AuditMode",
-						&efi_global_variable_guid,
-						attributes | READ_ONLY,
-						sizeof(val), &val,
-						false);
-		if (ret != EFI_SUCCESS)
-			goto err;
-		val = 0;
-		ret = efi_set_variable_internal(L"DeployedMode",
-						&efi_global_variable_guid,
-						attributes | READ_ONLY,
-						sizeof(val), &val,
-						false);
+
+		ret = efi_set_secure_state(0, 1, 1, 0);
 		if (ret != EFI_SUCCESS)
 			goto err;
 
 		efi_secure_boot = true;
 	} else if (mode == EFI_MODE_USER) {
-		val = 1;
-		ret = efi_set_variable_internal(L"SecureBoot",
-						&efi_global_variable_guid,
-						attributes | READ_ONLY,
-						sizeof(val), &val,
-						false);
-		if (ret != EFI_SUCCESS)
-			goto err;
-		val = 0;
-		ret = efi_set_variable_internal(L"SetupMode",
-						&efi_global_variable_guid,
-						attributes | READ_ONLY,
-						sizeof(val), &val,
-						false);
-		if (ret != EFI_SUCCESS)
-			goto err;
-		val = 0;
-		ret = efi_set_variable_internal(L"AuditMode",
-						&efi_global_variable_guid,
-						attributes,
-						sizeof(val), &val,
-						false);
-		if (ret != EFI_SUCCESS)
-			goto err;
-		val = 0;
-		ret = efi_set_variable_internal(L"DeployedMode",
-						&efi_global_variable_guid,
-						attributes,
-						sizeof(val), &val,
-						false);
+		ret = efi_set_secure_state(1, 0, 0, 0);
 		if (ret != EFI_SUCCESS)
 			goto err;
 
 		efi_secure_boot = true;
 	} else if (mode == EFI_MODE_SETUP) {
-		val = 0;
-		ret = efi_set_variable_internal(L"SecureBoot",
-						&efi_global_variable_guid,
-						attributes | READ_ONLY,
-						sizeof(val), &val,
-						false);
-		if (ret != EFI_SUCCESS)
-			goto err;
-		val = 1;
-		ret = efi_set_variable_internal(L"SetupMode",
-						&efi_global_variable_guid,
-						attributes | READ_ONLY,
-						sizeof(val), &val,
-						false);
-		if (ret != EFI_SUCCESS)
-			goto err;
-		val = 0;
-		ret = efi_set_variable_internal(L"AuditMode",
-						&efi_global_variable_guid,
-						attributes,
-						sizeof(val), &val,
-						false);
-		if (ret != EFI_SUCCESS)
-			goto err;
-		val = 0;
-		ret = efi_set_variable_internal(L"DeployedMode",
-						&efi_global_variable_guid,
-						attributes | READ_ONLY,
-						sizeof(val), &val,
-						false);
+		ret = efi_set_secure_state(0, 1, 0, 0);
 		if (ret != EFI_SUCCESS)
 			goto err;
 	} else {
-- 
cgit v1.2.3


From c08cac0edc17f0d3c74425e5d41efa3c92686322 Mon Sep 17 00:00:00 2001
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
Date: Sat, 18 Apr 2020 12:31:17 +0200
Subject: efi_loader: eliminate efi_get_(non)volatile_variable

Eliminate superfluous functions efi_get_volatile_variable() and
efi_get_nonvolatile_variable().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 lib/efi_loader/efi_variable.c | 32 +++-----------------------------
 1 file changed, 3 insertions(+), 29 deletions(-)

(limited to 'lib/efi_loader/efi_variable.c')

diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c
index 9a3f1f3d2ee..ceb6b17b004 100644
--- a/lib/efi_loader/efi_variable.c
+++ b/lib/efi_loader/efi_variable.c
@@ -600,8 +600,7 @@ static
 efi_status_t EFIAPI efi_get_variable_common(u16 *variable_name,
 					    const efi_guid_t *vendor,
 					    u32 *attributes,
-					    efi_uintn_t *data_size, void *data,
-					    bool is_non_volatile)
+					    efi_uintn_t *data_size, void *data)
 {
 	char *native_name;
 	efi_status_t ret;
@@ -684,27 +683,6 @@ out:
 	return ret;
 }
 
-static
-efi_status_t EFIAPI efi_get_volatile_variable(u16 *variable_name,
-					      const efi_guid_t *vendor,
-					      u32 *attributes,
-					      efi_uintn_t *data_size,
-					      void *data)
-{
-	return efi_get_variable_common(variable_name, vendor, attributes,
-				       data_size, data, false);
-}
-
-efi_status_t EFIAPI efi_get_nonvolatile_variable(u16 *variable_name,
-						 const efi_guid_t *vendor,
-						 u32 *attributes,
-						 efi_uintn_t *data_size,
-						 void *data)
-{
-	return efi_get_variable_common(variable_name, vendor, attributes,
-				       data_size, data, true);
-}
-
 /**
  * efi_efi_get_variable() - retrieve value of a UEFI variable
  *
@@ -729,12 +707,8 @@ efi_status_t EFIAPI efi_get_variable(u16 *variable_name,
 	EFI_ENTRY("\"%ls\" %pUl %p %p %p", variable_name, vendor, attributes,
 		  data_size, data);
 
-	ret = efi_get_volatile_variable(variable_name, vendor, attributes,
-					data_size, data);
-	if (ret == EFI_NOT_FOUND)
-		ret = efi_get_nonvolatile_variable(variable_name, vendor,
-						   attributes, data_size, data);
-
+	ret = efi_get_variable_common(variable_name, vendor, attributes,
+				      data_size, data);
 	return EFI_EXIT(ret);
 }
 
-- 
cgit v1.2.3


From bb0e585c71e724d26eaeede7fdaaaa46ed26f930 Mon Sep 17 00:00:00 2001
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
Date: Sun, 3 May 2020 10:02:20 +0200
Subject: efi_loader: eliminate efi_set_(non)volatile_variable

Eliminate superfluous functions efi_set_volatile_variable() and
efi_set_nonvolatile_variable().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 lib/efi_loader/efi_variable.c | 141 +++++++++++-------------------------------
 1 file changed, 37 insertions(+), 104 deletions(-)

(limited to 'lib/efi_loader/efi_variable.c')

diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c
index ceb6b17b004..b9c2e4ebf68 100644
--- a/lib/efi_loader/efi_variable.c
+++ b/lib/efi_loader/efi_variable.c
@@ -169,12 +169,12 @@ static const char *parse_attr(const char *str, u32 *attrp, u64 *timep)
 	return str;
 }
 
-static efi_status_t efi_set_variable_internal(u16 *variable_name,
-					      const efi_guid_t *vendor,
-					      u32 attributes,
-					      efi_uintn_t data_size,
-					      const void *data,
-					      bool ro_check);
+static efi_status_t efi_set_variable_common(u16 *variable_name,
+					    const efi_guid_t *vendor,
+					    u32 attributes,
+					    efi_uintn_t data_size,
+					    const void *data,
+					    bool ro_check);
 
 /**
  * efi_set_secure_state - modify secure boot state variables
@@ -196,35 +196,28 @@ static efi_status_t efi_set_secure_state(int sec_boot, int setup_mode,
 	attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS |
 		     EFI_VARIABLE_RUNTIME_ACCESS |
 		     READ_ONLY;
-	ret = efi_set_variable_internal(L"SecureBoot",
-					&efi_global_variable_guid,
-					attributes,
-					sizeof(sec_boot), &sec_boot,
-					false);
+	ret = efi_set_variable_common(L"SecureBoot", &efi_global_variable_guid,
+				      attributes, sizeof(sec_boot), &sec_boot,
+				      false);
 	if (ret != EFI_SUCCESS)
 		goto err;
 
-	ret = efi_set_variable_internal(L"SetupMode",
-					&efi_global_variable_guid,
-					attributes,
-					sizeof(setup_mode), &setup_mode,
-					false);
+	ret = efi_set_variable_common(L"SetupMode", &efi_global_variable_guid,
+				      attributes, sizeof(setup_mode),
+				      &setup_mode, false);
 	if (ret != EFI_SUCCESS)
 		goto err;
 
-	ret = efi_set_variable_internal(L"AuditMode",
-					&efi_global_variable_guid,
-					attributes,
-					sizeof(audit_mode), &audit_mode,
-					false);
+	ret = efi_set_variable_common(L"AuditMode", &efi_global_variable_guid,
+				      attributes, sizeof(audit_mode),
+				      &audit_mode, false);
 	if (ret != EFI_SUCCESS)
 		goto err;
 
-	ret = efi_set_variable_internal(L"DeployedMode",
-					&efi_global_variable_guid,
-					attributes,
-					sizeof(deployed_mode), &deployed_mode,
-					false);
+	ret = efi_set_variable_common(L"DeployedMode",
+				      &efi_global_variable_guid, attributes,
+				      sizeof(deployed_mode), &deployed_mode,
+				      false);
 err:
 	return ret;
 }
@@ -234,7 +227,7 @@ err:
  * @mode:	new state
  *
  * Depending on @mode, secure boot related variables are updated.
- * Those variables are *read-only* for users, efi_set_variable_internal()
+ * Those variables are *read-only* for users, efi_set_variable_common()
  * is called here.
  *
  * Return:	EFI_SUCCESS on success, status code (negative) on error
@@ -252,11 +245,10 @@ static efi_status_t efi_transfer_secure_state(enum efi_secure_mode mode)
 
 		efi_secure_boot = true;
 	} else if (mode == EFI_MODE_AUDIT) {
-		ret = efi_set_variable_internal(
-					L"PK", &efi_global_variable_guid,
-					EFI_VARIABLE_BOOTSERVICE_ACCESS |
-					EFI_VARIABLE_RUNTIME_ACCESS,
-					0, NULL, false);
+		ret = efi_set_variable_common(L"PK", &efi_global_variable_guid,
+					      EFI_VARIABLE_BOOTSERVICE_ACCESS |
+					      EFI_VARIABLE_RUNTIME_ACCESS,
+					      0, NULL, false);
 		if (ret != EFI_SUCCESS)
 			goto err;
 
@@ -326,14 +318,13 @@ static efi_status_t efi_init_secure_state(void)
 
 	ret = efi_transfer_secure_state(mode);
 	if (ret == EFI_SUCCESS)
-		ret = efi_set_variable_internal(L"VendorKeys",
-						&efi_global_variable_guid,
-						EFI_VARIABLE_BOOTSERVICE_ACCESS
-						 | EFI_VARIABLE_RUNTIME_ACCESS
-						 | READ_ONLY,
-						sizeof(efi_vendor_keys),
-						&efi_vendor_keys,
-						false);
+		ret = efi_set_variable_common(L"VendorKeys",
+					      &efi_global_variable_guid,
+					      EFI_VARIABLE_BOOTSERVICE_ACCESS |
+					      EFI_VARIABLE_RUNTIME_ACCESS |
+					      READ_ONLY,
+					      sizeof(efi_vendor_keys),
+					      &efi_vendor_keys, false);
 
 err:
 	return ret;
@@ -872,14 +863,12 @@ efi_status_t EFIAPI efi_get_next_variable_name(efi_uintn_t *variable_name_size,
 	return EFI_EXIT(ret);
 }
 
-static
-efi_status_t EFIAPI efi_set_variable_common(u16 *variable_name,
+static efi_status_t efi_set_variable_common(u16 *variable_name,
 					    const efi_guid_t *vendor,
 					    u32 attributes,
 					    efi_uintn_t data_size,
 					    const void *data,
-					    bool ro_check,
-					    bool is_non_volatile)
+					    bool ro_check)
 {
 	char *native_name = NULL, *old_data = NULL, *val = NULL, *s;
 	efi_uintn_t old_size;
@@ -906,14 +895,6 @@ efi_status_t EFIAPI efi_set_variable_common(u16 *variable_name,
 	attr = 0;
 	ret = EFI_CALL(efi_get_variable(variable_name, vendor, &attr,
 					&old_size, NULL));
-	if (ret == EFI_BUFFER_TOO_SMALL) {
-		if ((is_non_volatile && !(attr & EFI_VARIABLE_NON_VOLATILE)) ||
-		    (!is_non_volatile && (attr & EFI_VARIABLE_NON_VOLATILE))) {
-			ret = EFI_INVALID_PARAMETER;
-			goto err;
-		}
-	}
-
 	append = !!(attributes & EFI_VARIABLE_APPEND_WRITE);
 	attributes &= ~(u32)EFI_VARIABLE_APPEND_WRITE;
 	delete = !append && (!data_size || !attributes);
@@ -1087,7 +1068,7 @@ out:
 		/* update VendorKeys */
 		if (vendor_keys_modified & efi_vendor_keys) {
 			efi_vendor_keys = 0;
-			ret = efi_set_variable_internal(
+			ret = efi_set_variable_common(
 						L"VendorKeys",
 						&efi_global_variable_guid,
 						EFI_VARIABLE_BOOTSERVICE_ACCESS
@@ -1109,54 +1090,6 @@ err:
 	return ret;
 }
 
-static
-efi_status_t EFIAPI efi_set_volatile_variable(u16 *variable_name,
-					      const efi_guid_t *vendor,
-					      u32 attributes,
-					      efi_uintn_t data_size,
-					      const void *data,
-					      bool ro_check)
-{
-	return efi_set_variable_common(variable_name, vendor, attributes,
-				       data_size, data, ro_check, false);
-}
-
-efi_status_t EFIAPI efi_set_nonvolatile_variable(u16 *variable_name,
-						 const efi_guid_t *vendor,
-						 u32 attributes,
-						 efi_uintn_t data_size,
-						 const void *data,
-						 bool ro_check)
-{
-	efi_status_t ret;
-
-	ret = efi_set_variable_common(variable_name, vendor, attributes,
-				      data_size, data, ro_check, true);
-
-	return ret;
-}
-
-static efi_status_t efi_set_variable_internal(u16 *variable_name,
-					      const efi_guid_t *vendor,
-					      u32 attributes,
-					      efi_uintn_t data_size,
-					      const void *data,
-					      bool ro_check)
-{
-	efi_status_t ret;
-
-	if (attributes & EFI_VARIABLE_NON_VOLATILE)
-		ret = efi_set_nonvolatile_variable(variable_name, vendor,
-						   attributes,
-						   data_size, data, ro_check);
-	else
-		ret = efi_set_volatile_variable(variable_name, vendor,
-						attributes, data_size, data,
-						ro_check);
-
-	return ret;
-}
-
 /**
  * efi_set_variable() - set value of a UEFI variable
  *
@@ -1182,9 +1115,9 @@ efi_status_t EFIAPI efi_set_variable(u16 *variable_name,
 	/* READ_ONLY bit is not part of API */
 	attributes &= ~(u32)READ_ONLY;
 
-	return EFI_EXIT(efi_set_variable_internal(variable_name, vendor,
-						  attributes, data_size, data,
-						  true));
+	return EFI_EXIT(efi_set_variable_common(variable_name, vendor,
+						attributes, data_size, data,
+						true));
 }
 
 /**
-- 
cgit v1.2.3


From 30f92ce9d5e895336f73cc1132a7fdc42e378353 Mon Sep 17 00:00:00 2001
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
Date: Sun, 3 May 2020 16:29:00 +0200
Subject: efi_loader: correct comments for efi_status_t

EFI_STATUS is unsigned (UINTN). Hence it cannot be negative.
Correct comments for 'Return:'.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 lib/efi_loader/efi_variable.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'lib/efi_loader/efi_variable.c')

diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c
index b9c2e4ebf68..58f8fae358c 100644
--- a/lib/efi_loader/efi_variable.c
+++ b/lib/efi_loader/efi_variable.c
@@ -230,7 +230,7 @@ err:
  * Those variables are *read-only* for users, efi_set_variable_common()
  * is called here.
  *
- * Return:	EFI_SUCCESS on success, status code (negative) on error
+ * Return:	status code
  */
 static efi_status_t efi_transfer_secure_state(enum efi_secure_mode mode)
 {
@@ -284,7 +284,7 @@ err:
 /**
  * efi_init_secure_state - initialize secure boot state
  *
- * Return:	EFI_SUCCESS on success, status code (negative) on error
+ * Return:	status code
  */
 static efi_status_t efi_init_secure_state(void)
 {
@@ -438,7 +438,7 @@ out:
  * attributes and signed time will also be returned in @env_attr and @time,
  * respectively.
  *
- * Return:	EFI_SUCCESS on success, status code (negative) on error
+ * Return:	status code
  */
 static efi_status_t efi_variable_authenticate(u16 *variable,
 					      const efi_guid_t *vendor,
-- 
cgit v1.2.3


From 3fdff6be40b01423aacf2c02eb3b4ef6d2186caf Mon Sep 17 00:00:00 2001
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
Date: Wed, 6 May 2020 01:37:25 +0200
Subject: efi_loader: error handling in efi_set_variable_common().

Fix unreachable code. Free memory on error.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 lib/efi_loader/efi_variable.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/efi_loader/efi_variable.c')

diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c
index 58f8fae358c..33df52e663e 100644
--- a/lib/efi_loader/efi_variable.c
+++ b/lib/efi_loader/efi_variable.c
@@ -981,7 +981,7 @@ static efi_status_t efi_set_variable_common(u16 *variable_name,
 	if (append) {
 		old_data = malloc(old_size);
 		if (!old_data) {
-			return EFI_OUT_OF_RESOURCES;
+			ret = EFI_OUT_OF_RESOURCES;
 			goto err;
 		}
 		ret = EFI_CALL(efi_get_variable(variable_name, vendor,
-- 
cgit v1.2.3


From 306bf6e7ff9b267e4c38f8f38900cb93fa96b62b Mon Sep 17 00:00:00 2001
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
Date: Wed, 6 May 2020 01:51:04 +0200
Subject: efi_loader: do not unnecessarily use EFI_CALL()

There is no need to call efi_get_variable() instead of
efi_get_variable_common(). So let's use the internal function.

Move forward declarations to the top of the file.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 lib/efi_loader/efi_variable.c | 34 +++++++++++++++++++---------------
 1 file changed, 19 insertions(+), 15 deletions(-)

(limited to 'lib/efi_loader/efi_variable.c')

diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c
index 33df52e663e..568bd3ccfdc 100644
--- a/lib/efi_loader/efi_variable.c
+++ b/lib/efi_loader/efi_variable.c
@@ -30,6 +30,18 @@ static u8 efi_vendor_keys;
 
 #define READ_ONLY BIT(31)
 
+static efi_status_t efi_get_variable_common(u16 *variable_name,
+					    const efi_guid_t *vendor,
+					    u32 *attributes,
+					    efi_uintn_t *data_size, void *data);
+
+static efi_status_t efi_set_variable_common(u16 *variable_name,
+					    const efi_guid_t *vendor,
+					    u32 attributes,
+					    efi_uintn_t data_size,
+					    const void *data,
+					    bool ro_check);
+
 /*
  * Mapping between EFI variables and u-boot variables:
  *
@@ -169,13 +181,6 @@ static const char *parse_attr(const char *str, u32 *attrp, u64 *timep)
 	return str;
 }
 
-static efi_status_t efi_set_variable_common(u16 *variable_name,
-					    const efi_guid_t *vendor,
-					    u32 attributes,
-					    efi_uintn_t data_size,
-					    const void *data,
-					    bool ro_check);
-
 /**
  * efi_set_secure_state - modify secure boot state variables
  * @sec_boot:		value of SecureBoot
@@ -300,8 +305,8 @@ static efi_status_t efi_init_secure_state(void)
 	 */
 
 	size = 0;
-	ret = EFI_CALL(efi_get_variable(L"PK", &efi_global_variable_guid,
-					NULL, &size, NULL));
+	ret = efi_get_variable_common(L"PK", &efi_global_variable_guid,
+				      NULL, &size, NULL);
 	if (ret == EFI_BUFFER_TOO_SMALL) {
 		if (IS_ENABLED(CONFIG_EFI_SECURE_BOOT))
 			mode = EFI_MODE_USER;
@@ -587,8 +592,7 @@ static efi_status_t efi_variable_authenticate(u16 *variable,
 }
 #endif /* CONFIG_EFI_SECURE_BOOT */
 
-static
-efi_status_t EFIAPI efi_get_variable_common(u16 *variable_name,
+static efi_status_t efi_get_variable_common(u16 *variable_name,
 					    const efi_guid_t *vendor,
 					    u32 *attributes,
 					    efi_uintn_t *data_size, void *data)
@@ -893,8 +897,8 @@ static efi_status_t efi_set_variable_common(u16 *variable_name,
 	/* check if a variable exists */
 	old_size = 0;
 	attr = 0;
-	ret = EFI_CALL(efi_get_variable(variable_name, vendor, &attr,
-					&old_size, NULL));
+	ret = efi_get_variable_common(variable_name, vendor, &attr,
+				      &old_size, NULL);
 	append = !!(attributes & EFI_VARIABLE_APPEND_WRITE);
 	attributes &= ~(u32)EFI_VARIABLE_APPEND_WRITE;
 	delete = !append && (!data_size || !attributes);
@@ -984,8 +988,8 @@ static efi_status_t efi_set_variable_common(u16 *variable_name,
 			ret = EFI_OUT_OF_RESOURCES;
 			goto err;
 		}
-		ret = EFI_CALL(efi_get_variable(variable_name, vendor,
-						&attr, &old_size, old_data));
+		ret = efi_get_variable_common(variable_name, vendor,
+					      &attr, &old_size, old_data);
 		if (ret != EFI_SUCCESS)
 			goto err;
 	} else {
-- 
cgit v1.2.3


From 9ad15227bb92acc2bf73c60da1bcf2ae3774246d Mon Sep 17 00:00:00 2001
From: Patrick Wildt <patrick@blueri.se>
Date: Thu, 7 May 2020 02:13:18 +0200
Subject: efi_loader: efi_variable_parse_signature() returns NULL on error

efi_variable_parse_signature() returns NULL on error, so IS_ERR()
is an incorrect check.  The goto err leads to pkcs7_free_message(),
which works fine on a NULL ptr.

Signed-off-by: Patrick Wildt <patrick@blueri.se>
Reviewed-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
---
 lib/efi_loader/efi_variable.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'lib/efi_loader/efi_variable.c')

diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c
index 568bd3ccfdc..60c12017578 100644
--- a/lib/efi_loader/efi_variable.c
+++ b/lib/efi_loader/efi_variable.c
@@ -524,9 +524,8 @@ static efi_status_t efi_variable_authenticate(u16 *variable,
 	var_sig = efi_variable_parse_signature(auth->auth_info.cert_data,
 					       auth->auth_info.hdr.dwLength
 						   - sizeof(auth->auth_info));
-	if (IS_ERR(var_sig)) {
+	if (!var_sig) {
 		debug("Parsing variable's signature failed\n");
-		var_sig = NULL;
 		goto err;
 	}
 
-- 
cgit v1.2.3