Merge tag 'efi-next-for-v5.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Pull more EFI updates from Ard Biesheuvel:
"Follow-up tweaks for EFI changes - they mostly address issues
introduced this merge window, except for Heinrich's patch:

- fix new DXE service invocations for mixed mode

- use correct Kconfig symbol when setting PE header flag

- clean up the drivers/firmware/efi Kconfig dependencies so that
features that depend on CONFIG_EFI are hidden from the UI when the
symbol is not enabled.

Also included is a RISC-V bugfix from Heinrich to avoid read-write
mappings of read-only firmware regions in the EFI page tables"

* tag 'efi-next-for-v5.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi:
efi: clean up Kconfig dependencies on CONFIG_EFI
efi/x86: libstub: Make DXE calls mixed mode safe
efi: x86: Fix config name for setting the NX-compatibility flag in the PE header
riscv: read-only pages should not be writable

Linus Torvalds 3 years ago 93ce7948 9be4cbd0

+38 -34

6 changed files

expand all

arch

riscv

kernel

efi.c

x86

boot

header.S

include

asm

efi.h

drivers

firmware

Makefile

efi

Kconfig

libstub

x86-stub.c

+1 -1

arch/riscv/kernel/efi.c

··· 65 65 66 66 if (md->attribute & EFI_MEMORY_RO) { 67 67 val = pte_val(pte) & ~_PAGE_WRITE; 68 - val = pte_val(pte) | _PAGE_READ; 68 + val |= _PAGE_READ; 69 69 pte = __pte(val); 70 70 } 71 71 if (md->attribute & EFI_MEMORY_XP) {

+1 -1

arch/x86/boot/header.S

··· 163 163 .long 0x200 # SizeOfHeaders 164 164 .long 0 # CheckSum 165 165 .word IMAGE_SUBSYSTEM_EFI_APPLICATION # Subsystem (EFI application) 166 - #ifdef CONFIG_DXE_MEM_ATTRIBUTES 166 + #ifdef CONFIG_EFI_DXE_MEM_ATTRIBUTES 167 167 .word IMAGE_DLL_CHARACTERISTICS_NX_COMPAT # DllCharacteristics 168 168 #else 169 169 .word 0 # DllCharacteristics

arch/x86/include/asm/efi.h

··· 270 270 return (u32)(status | (u64)status >> 32); 271 271 } 272 272 273 + #define __efi64_split(val) (val) & U32_MAX, (u64)(val) >> 32 274 + 273 275 #define __efi64_argmap_free_pages(addr, size) \ 274 276 ((addr), 0, (size)) 275 277 ··· 318 316 /* TCG2 protocol */ 319 317 #define __efi64_argmap_hash_log_extend_event(prot, fl, addr, size, ev) \ 320 318 ((prot), (fl), 0ULL, (u64)(addr), 0ULL, (u64)(size), 0ULL, ev) 319 + 320 + /* DXE services */ 321 + #define __efi64_argmap_get_memory_space_descriptor(phys, desc) \ 322 + (__efi64_split(phys), (desc)) 323 + 324 + #define __efi64_argmap_set_memory_space_descriptor(phys, size, flags) \ 325 + (__efi64_split(phys), __efi64_split(size), __efi64_split(flags)) 321 326 322 327 /* 323 328 * The macros below handle the plumbing for the argument mapping. To add a

+1 -2

drivers/firmware/Makefile

··· 32 32 obj-y += cirrus/ 33 33 obj-y += meson/ 34 34 obj-$(CONFIG_GOOGLE_FIRMWARE) += google/ 35 - obj-$(CONFIG_EFI) += efi/ 36 - obj-$(CONFIG_UEFI_CPER) += efi/ 35 + obj-y += efi/ 37 36 obj-y += imx/ 38 37 obj-y += psci/ 39 38 obj-y += smccc/

+24 -28

drivers/firmware/efi/Kconfig

··· 193 193 Say Y here to enable the runtime services support via /dev/efi_test. 194 194 If unsure, say N. 195 195 196 + config EFI_DEV_PATH_PARSER 197 + bool 198 + 196 199 config APPLE_PROPERTIES 197 200 bool "Apple Device Properties" 198 201 depends on EFI_STUB && X86 ··· 258 255 options "efi=disable_early_pci_dma" or "efi=no_disable_early_pci_dma" 259 256 may be used to override this option. 260 257 261 - endmenu 262 - 263 - config EFI_EMBEDDED_FIRMWARE 264 - bool 265 - depends on EFI 266 - select CRYPTO_LIB_SHA256 267 - 268 - config UEFI_CPER 269 - bool 270 - 271 - config UEFI_CPER_ARM 272 - bool 273 - depends on UEFI_CPER && ( ARM || ARM64 ) 274 - default y 275 - 276 - config UEFI_CPER_X86 277 - bool 278 - depends on UEFI_CPER && X86 279 - default y 280 - 281 - config EFI_DEV_PATH_PARSER 282 - bool 283 - depends on ACPI 284 - default n 285 - 286 258 config EFI_EARLYCON 287 259 def_bool y 288 - depends on EFI && SERIAL_EARLYCON && !ARM && !IA64 260 + depends on SERIAL_EARLYCON && !ARM && !IA64 289 261 select FONT_SUPPORT 290 262 select ARCH_USE_MEMREMAP_PROT 291 263 292 264 config EFI_CUSTOM_SSDT_OVERLAYS 293 265 bool "Load custom ACPI SSDT overlay from an EFI variable" 294 - depends on EFI && ACPI 266 + depends on ACPI 295 267 default ACPI_TABLE_UPGRADE 296 268 help 297 269 Allow loading of an ACPI SSDT overlay from an EFI variable specified ··· 292 314 293 315 config EFI_COCO_SECRET 294 316 bool "EFI Confidential Computing Secret Area Support" 295 - depends on EFI 296 317 help 297 318 Confidential Computing platforms (such as AMD SEV) allow the 298 319 Guest Owner to securely inject secrets during guest VM launch. ··· 304 327 for usage inside the kernel. This will allow the 305 328 virt/coco/efi_secret module to access the secrets, which in turn 306 329 allows userspace programs to access the injected secrets. 330 + 331 + config EFI_EMBEDDED_FIRMWARE 332 + bool 333 + select CRYPTO_LIB_SHA256 334 + 335 + endmenu 336 + 337 + config UEFI_CPER 338 + bool 339 + 340 + config UEFI_CPER_ARM 341 + bool 342 + depends on UEFI_CPER && ( ARM || ARM64 ) 343 + default y 344 + 345 + config UEFI_CPER_X86 346 + bool 347 + depends on UEFI_CPER && X86 348 + default y

+2 -2

drivers/firmware/efi/libstub/x86-stub.c

··· 260 260 EFI_MEMORY_WB); 261 261 262 262 if (status != EFI_SUCCESS) { 263 - efi_warn("Unable to unprotect memory range [%08lx,%08lx]: %d\n", 263 + efi_warn("Unable to unprotect memory range [%08lx,%08lx]: %lx\n", 264 264 unprotect_start, 265 265 unprotect_start + unprotect_size, 266 - (int)status); 266 + status); 267 267 } 268 268 } 269 269 }