[GIT PULL 0/2] EFI fixes for v4.11-rc

[GIT PULL 0/2] EFI fixes for v4.11-rc

[Ard Biesheuvel]

The following changes since commit 6053dc981449718d90a429933e99b441e1adaea6:

  Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux (2017-03-01 10:32:30 -0800)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi.git tags/efi-urgent

for you to fetch changes up to 2f0db11e7e12538bfe5483f7f113481c3443f151:

  efi: arm: Fix boot crash with CONFIG_CPUMASK_OFFSTACK=y (2017-03-01 18:45:02 +0000)

Please pull.

----------------------------------------------------------------
Two bug fixes for UEFI:
- don't complain about the Secure Boot status being undetectable on systems
  that are not Secure Boot capable to begin with,
- for stable: fix a panic when booting Fedora's 32-bit ARM kernel in UEFI mode,
  caused by an unexpected interaction with CONFIG_CPUMASK_OFFSTACK=y.

----------------------------------------------------------------
Ard Biesheuvel (2):
      efi: libstub: Treat missing SecureBoot variable as S/B disabled
      efi: arm: Fix boot crash with CONFIG_CPUMASK_OFFSTACK=y

 drivers/firmware/efi/arm-runtime.c        | 1 +
 drivers/firmware/efi/libstub/secureboot.c | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

[PATCH 1/2] efi: libstub: Treat missing SecureBoot variable as S/B disabled

[Ard Biesheuvel]

The newly refactored code that infers the firmware's Secure Boot state
prints the following error when the EFI variable 'SecureBoot' does not
exist:

  EFI stub: ERROR: Could not determine UEFI Secure Boot status.

However, this variable is only guaranteed to be defined on a system that
is Secure Boot capable to begin with, and so it is not an error if it is
missing. So report Secure Boot as being disabled in this case, without
printing any error messages.

Cc: Matt Fleming <matt@codeblueprint.co.uk>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 drivers/firmware/efi/libstub/secureboot.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/firmware/efi/libstub/secureboot.c b/drivers/firmware/efi/libstub/secureboot.c
index 6def402bf569..5da36e56b36a 100644
--- a/drivers/firmware/efi/libstub/secureboot.c
+++ b/drivers/firmware/efi/libstub/secureboot.c
@@ -45,6 +45,8 @@ enum efi_secureboot_mode efi_get_secureboot(efi_system_table_t *sys_table_arg)
 	size = sizeof(secboot);
 	status = get_efi_var(efi_SecureBoot_name, &efi_variable_guid,
 			     NULL, &size, &secboot);
+	if (status == EFI_NOT_FOUND)
+		return efi_secureboot_mode_disabled;
 	if (status != EFI_SUCCESS)
 		goto out_efi_err;
 
@@ -78,7 +80,5 @@ enum efi_secureboot_mode efi_get_secureboot(efi_system_table_t *sys_table_arg)
 
 out_efi_err:
 	pr_efi_err(sys_table_arg, "Could not determine UEFI Secure Boot status.\n");
-	if (status == EFI_NOT_FOUND)
-		return efi_secureboot_mode_disabled;
 	return efi_secureboot_mode_unknown;
 }
-- 
2.7.4

[PATCH 2/2] efi: arm: Fix boot crash with CONFIG_CPUMASK_OFFSTACK=y

[Ard Biesheuvel]

On ARM and arm64, we use a dedicated mm_struct to map the UEFI
Runtime Services regions, which allows us to map those regions
on demand, and in a way that is guaranteed to be compatible
with incoming kernels across kexec.

As it turns out, we don't fully initialize the mm_struct in the
same way as process mm_structs are initialized on fork(), which
results in the following crash on ARM if CONFIG_CPUMASK_OFFSTACK
is enabled:

  EFI Variables Facility v0.08 2004-May-17
  Unable to handle kernel NULL pointer dereference at virtual address 00000000
  pgd = c0204000
  [00000000] *pgd=00000000
  Internal error: Oops: 805 [#1] SMP ARM
  Modules linked in:
  CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.8.6-300.fc25.armv7hl #1
  Hardware name: Generic DT based system
  task: ee90d700 task.stack: ee904000
  PC is at __memzero+0x60/0x7c
  LR is at check_and_switch_context+0x22c/0x494
  pc : [<c0515a80>]    lr : [<c02234e0>]    psr: 000c0093
  sp : ee905e18  ip : 00000004  fp : 00000000
  r10: 00000000  r9 : c0e8e718  r8 : c0e38f70
  r7 : 00000000  r6 : 00000005  r5 : c0e390d8  r4 : c0d87098
  r3 : 00000000  r2 : 00000000  r1 : 00000004  r0 : 00000000
  Flags: nzcv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment none
  Control: 10c5383d  Table: 4020406a  DAC: 00000051
  Process swapper/0 (pid: 1, stack limit = 0xee904220)
  Stack: (0xee905e18 to 0xee906000)
  ...
  [<c0515a80>] (__memzero) from [<c02234e0>] (check_and_switch_context+0x22c/0x494)
  [<c02234e0>] (check_and_switch_context) from [<c0770cc4>] (virt_efi_get_next_variable+0x28/0x8c)
  [<c0770cc4>] (virt_efi_get_next_variable) from [<c076dbac>] (efivar_init+0x94/0x2d4)
  [<c076dbac>] (efivar_init) from [<c076fa38>] (efivars_sysfs_init+0x8c/0x1e8)
  [<c076fa38>] (efivars_sysfs_init) from [<c0209d48>] (do_one_initcall+0x130/0x158)
  [<c0209d48>] (do_one_initcall) from [<c0c5bea8>] (kernel_init_freeable+0x210/0x25c)

This is due to a missing call to mm_init_cpumask(), so add it.

Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: <stable@vger.kernel.org> # v4.5+
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 drivers/firmware/efi/arm-runtime.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/firmware/efi/arm-runtime.c b/drivers/firmware/efi/arm-runtime.c
index 349dc3e1e52e..974c5a31a005 100644
--- a/drivers/firmware/efi/arm-runtime.c
+++ b/drivers/firmware/efi/arm-runtime.c
@@ -65,6 +65,7 @@ static bool __init efi_virtmap_init(void)
 	bool systab_found;
 
 	efi_mm.pgd = pgd_alloc(&efi_mm);
+	mm_init_cpumask(&efi_mm);
 	init_new_context(NULL, &efi_mm);
 
 	systab_found = false;
-- 
2.7.4

[tip:efi/urgent] efi/libstub: Treat missing SecureBoot variable as Secure Boot disabled

[tip-bot for Ard Biesheuvel]

Commit-ID:  52e51f16407b7b34e26affb500a21e250d9fce0b
Gitweb:     http://git.kernel.org/tip/52e51f16407b7b34e26affb500a21e250d9fce0b
Author:     Ard Biesheuvel <ard.biesheuvel@linaro.org>
AuthorDate: Wed, 1 Mar 2017 19:04:35 +0000
Committer:  Ingo Molnar <mingo@kernel.org>
CommitDate: Thu, 2 Mar 2017 08:11:18 +0100

efi/libstub: Treat missing SecureBoot variable as Secure Boot disabled

The newly refactored code that infers the firmware's Secure Boot state
prints the following error when the EFI variable 'SecureBoot' does not
exist:

  EFI stub: ERROR: Could not determine UEFI Secure Boot status.

However, this variable is only guaranteed to be defined on a system that
is Secure Boot capable to begin with, and so it is not an error if it is
missing. So report Secure Boot as being disabled in this case, without
printing any error messages.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/1488395076-29712-2-git-send-email-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 drivers/firmware/efi/libstub/secureboot.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/firmware/efi/libstub/secureboot.c b/drivers/firmware/efi/libstub/secureboot.c
index 6def402..5da36e5 100644
--- a/drivers/firmware/efi/libstub/secureboot.c
+++ b/drivers/firmware/efi/libstub/secureboot.c
@@ -45,6 +45,8 @@ enum efi_secureboot_mode efi_get_secureboot(efi_system_table_t *sys_table_arg)
 	size = sizeof(secboot);
 	status = get_efi_var(efi_SecureBoot_name, &efi_variable_guid,
 			     NULL, &size, &secboot);
+	if (status == EFI_NOT_FOUND)
+		return efi_secureboot_mode_disabled;
 	if (status != EFI_SUCCESS)
 		goto out_efi_err;
 
@@ -78,7 +80,5 @@ secure_boot_enabled:
 
 out_efi_err:
 	pr_efi_err(sys_table_arg, "Could not determine UEFI Secure Boot status.\n");
-	if (status == EFI_NOT_FOUND)
-		return efi_secureboot_mode_disabled;
 	return efi_secureboot_mode_unknown;
 }

[tip:efi/urgent] efi/arm: Fix boot crash with CONFIG_CPUMASK_OFFSTACK=y

[tip-bot for Ard Biesheuvel]

Commit-ID:  d1eb98143c56f24fef125f5bbed49ae0b52fb7d6
Gitweb:     http://git.kernel.org/tip/d1eb98143c56f24fef125f5bbed49ae0b52fb7d6
Author:     Ard Biesheuvel <ard.biesheuvel@linaro.org>
AuthorDate: Wed, 1 Mar 2017 19:05:54 +0000
Committer:  Ingo Molnar <mingo@kernel.org>
CommitDate: Thu, 2 Mar 2017 08:11:19 +0100

efi/arm: Fix boot crash with CONFIG_CPUMASK_OFFSTACK=y

On ARM and arm64, we use a dedicated mm_struct to map the UEFI
Runtime Services regions, which allows us to map those regions
on demand, and in a way that is guaranteed to be compatible
with incoming kernels across kexec.

As it turns out, we don't fully initialize the mm_struct in the
same way as process mm_structs are initialized on fork(), which
results in the following crash on ARM if CONFIG_CPUMASK_OFFSTACK=y
is enabled:

  ...
  EFI Variables Facility v0.08 2004-May-17
  Unable to handle kernel NULL pointer dereference at virtual address 00000000
  [...]
  Process swapper/0 (pid: 1)
  ...
  __memzero()
  check_and_switch_context()
  virt_efi_get_next_variable()
  efivar_init()
  efivars_sysfs_init()
  do_one_initcall()
  ...

This is due to a missing call to mm_init_cpumask(), so add it.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: <stable@vger.kernel.org> # v4.5+
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/1488395154-29786-1-git-send-email-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 drivers/firmware/efi/arm-runtime.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/firmware/efi/arm-runtime.c b/drivers/firmware/efi/arm-runtime.c
index 349dc3e..974c5a3 100644
--- a/drivers/firmware/efi/arm-runtime.c
+++ b/drivers/firmware/efi/arm-runtime.c
@@ -65,6 +65,7 @@ static bool __init efi_virtmap_init(void)
 	bool systab_found;
 
 	efi_mm.pgd = pgd_alloc(&efi_mm);
+	mm_init_cpumask(&efi_mm);
 	init_new_context(NULL, &efi_mm);
 
 	systab_found = false;