[GIT PULL 0/2] EFI urgent fixes

[GIT PULL 0/2] EFI urgent fixes

[Matt Fleming]

Folks, please pull the following two EFI patches. The first fixes a
build warning for PAE that Boris hit. The second makes mixed-mode EFI
boot again after the vmap'd stack changes introduced during the merge
window.

The following changes since commit bc33b0ca11e3df467777a4fa7639ba488c9d4911:

  Linux 4.9-rc4 (2016-11-05 16:23:36 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi.git tags/efi-urgent

for you to fetch changes up to 044ddf3d3e3cb62671f22fa837a2164d4786d867:

  x86/efi: Prevent mixed mode boot corruption with CONFIG_VMAP_STACK (2016-11-12 21:00:18 +0000)

----------------------------------------------------------------
 * Fix memory corruption when booting EFI mixed mode due to the recent
   vmap'd stack changes - Matt Fleming

 * Build warning fix in the EFI memmap code when CONFIG_X86_PAE and
   CONFIG_PHYS_ADDR_T_64BIT are enabled - Borislav Petkov

----------------------------------------------------------------
Borislav Petkov (1):
      x86/efi: Fix EFI memmap pointer size warning

Matt Fleming (1):
      x86/efi: Prevent mixed mode boot corruption with CONFIG_VMAP_STACK

 arch/x86/platform/efi/efi.c    |  2 +-
 arch/x86/platform/efi/efi_64.c | 80 ++++++++++++++++++++++++++++++------------
 2 files changed, 58 insertions(+), 24 deletions(-)

[PATCH 1/2] x86/efi: Fix EFI memmap pointer size warning

[Matt Fleming]

From: Borislav Petkov <bp@suse.de>

Fix this when building on 32-bit:

  arch/x86/platform/efi/efi.c: In function ‘__efi_enter_virtual_mode’:
  arch/x86/platform/efi/efi.c:911:5: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
       (efi_memory_desc_t *)pa);
       ^
  arch/x86/platform/efi/efi.c:918:5: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
       (efi_memory_desc_t *)pa);
       ^

The @pa local variable is declared as phys_addr_t and that is a u64 when
CONFIG_PHYS_ADDR_T_64BIT=y. (The last is enabled on 32-bit on a PAE
build.)

However, its value comes from __pa() which is basically doing pointer
arithmetic and checking, and returns unsigned long as it is the native
pointer width.

So let's use an unsigned long too. It should be fine to do so because
the later users cast it to a pointer too.

Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
---
 arch/x86/platform/efi/efi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
index bf99aa7005eb..936a488d6cf6 100644
--- a/arch/x86/platform/efi/efi.c
+++ b/arch/x86/platform/efi/efi.c
@@ -861,7 +861,7 @@ static void __init __efi_enter_virtual_mode(void)
 	int count = 0, pg_shift = 0;
 	void *new_memmap = NULL;
 	efi_status_t status;
-	phys_addr_t pa;
+	unsigned long pa;
 
 	efi.systab = NULL;
 
-- 
2.10.0

[PATCH 2/2] x86/efi: Prevent mixed mode boot corruption with CONFIG_VMAP_STACK

[Matt Fleming]

Booting an EFI mixed mode kernel has been crashing since commit:

  e37e43a497d5 ("x86/mm/64: Enable vmapped stacks (CONFIG_HAVE_ARCH_VMAP_STACK=y)")

The user-visible effect in my test setup was the kernel being unable
to find the root file system ramdisk. This was likely caused by silent
memory or page table corruption.

Enabling CONFIG_DEBUG_VIRTUAL immediately flagged the thunking code as
abusing virt_to_phys() because it was passing addresses that were not
part of the kernel direct mapping.

Use the slow version instead, which correctly handles all memory
regions by performing a page table walk.

Suggested-by: Andy Lutomirski <luto@amacapital.net>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
---
 arch/x86/platform/efi/efi_64.c | 80 ++++++++++++++++++++++++++++++------------
 1 file changed, 57 insertions(+), 23 deletions(-)

diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c
index 58b0f801f66f..319148bd4b05 100644
--- a/arch/x86/platform/efi/efi_64.c
+++ b/arch/x86/platform/efi/efi_64.c
@@ -31,6 +31,7 @@
 #include <linux/io.h>
 #include <linux/reboot.h>
 #include <linux/slab.h>
+#include <linux/ucs2_string.h>
 
 #include <asm/setup.h>
 #include <asm/page.h>
@@ -211,6 +212,35 @@ void efi_sync_low_kernel_mappings(void)
 	memcpy(pud_efi, pud_k, sizeof(pud_t) * num_entries);
 }
 
+/*
+ * Wrapper for slow_virt_to_phys() that handles NULL addresses.
+ */
+static inline phys_addr_t
+virt_to_phys_or_null_size(void *va, unsigned long size)
+{
+	bool bad_size;
+
+	if (!va)
+		return 0;
+
+	if (virt_addr_valid(va))
+		return virt_to_phys(va);
+
+	/*
+	 * A fully aligned variable on the stack is guaranteed not to
+	 * cross a page bounary. Try to catch strings on the stack by
+	 * checking that 'size' is a power of two.
+	 */
+	bad_size = size > PAGE_SIZE || !is_power_of_2(size);
+
+	WARN_ON(!IS_ALIGNED((unsigned long)va, size) || bad_size);
+
+	return slow_virt_to_phys(va);
+}
+
+#define virt_to_phys_or_null(addr)				\
+	virt_to_phys_or_null_size((addr), sizeof(*(addr)))
+
 int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages)
 {
 	unsigned long pfn, text;
@@ -494,8 +524,8 @@ static efi_status_t efi_thunk_get_time(efi_time_t *tm, efi_time_cap_t *tc)
 
 	spin_lock(&rtc_lock);
 
-	phys_tm = virt_to_phys(tm);
-	phys_tc = virt_to_phys(tc);
+	phys_tm = virt_to_phys_or_null(tm);
+	phys_tc = virt_to_phys_or_null(tc);
 
 	status = efi_thunk(get_time, phys_tm, phys_tc);
 
@@ -511,7 +541,7 @@ static efi_status_t efi_thunk_set_time(efi_time_t *tm)
 
 	spin_lock(&rtc_lock);
 
-	phys_tm = virt_to_phys(tm);
+	phys_tm = virt_to_phys_or_null(tm);
 
 	status = efi_thunk(set_time, phys_tm);
 
@@ -529,9 +559,9 @@ efi_thunk_get_wakeup_time(efi_bool_t *enabled, efi_bool_t *pending,
 
 	spin_lock(&rtc_lock);
 
-	phys_enabled = virt_to_phys(enabled);
-	phys_pending = virt_to_phys(pending);
-	phys_tm = virt_to_phys(tm);
+	phys_enabled = virt_to_phys_or_null(enabled);
+	phys_pending = virt_to_phys_or_null(pending);
+	phys_tm = virt_to_phys_or_null(tm);
 
 	status = efi_thunk(get_wakeup_time, phys_enabled,
 			     phys_pending, phys_tm);
@@ -549,7 +579,7 @@ efi_thunk_set_wakeup_time(efi_bool_t enabled, efi_time_t *tm)
 
 	spin_lock(&rtc_lock);
 
-	phys_tm = virt_to_phys(tm);
+	phys_tm = virt_to_phys_or_null(tm);
 
 	status = efi_thunk(set_wakeup_time, enabled, phys_tm);
 
@@ -558,6 +588,10 @@ efi_thunk_set_wakeup_time(efi_bool_t enabled, efi_time_t *tm)
 	return status;
 }
 
+static unsigned long efi_name_size(efi_char16_t *name)
+{
+	return ucs2_strsize(name, EFI_VAR_NAME_LEN) + 1;
+}
 
 static efi_status_t
 efi_thunk_get_variable(efi_char16_t *name, efi_guid_t *vendor,
@@ -567,11 +601,11 @@ efi_thunk_get_variable(efi_char16_t *name, efi_guid_t *vendor,
 	u32 phys_name, phys_vendor, phys_attr;
 	u32 phys_data_size, phys_data;
 
-	phys_data_size = virt_to_phys(data_size);
-	phys_vendor = virt_to_phys(vendor);
-	phys_name = virt_to_phys(name);
-	phys_attr = virt_to_phys(attr);
-	phys_data = virt_to_phys(data);
+	phys_data_size = virt_to_phys_or_null(data_size);
+	phys_vendor = virt_to_phys_or_null(vendor);
+	phys_name = virt_to_phys_or_null_size(name, efi_name_size(name));
+	phys_attr = virt_to_phys_or_null(attr);
+	phys_data = virt_to_phys_or_null_size(data, *data_size);
 
 	status = efi_thunk(get_variable, phys_name, phys_vendor,
 			   phys_attr, phys_data_size, phys_data);
@@ -586,9 +620,9 @@ efi_thunk_set_variable(efi_char16_t *name, efi_guid_t *vendor,
 	u32 phys_name, phys_vendor, phys_data;
 	efi_status_t status;
 
-	phys_name = virt_to_phys(name);
-	phys_vendor = virt_to_phys(vendor);
-	phys_data = virt_to_phys(data);
+	phys_name = virt_to_phys_or_null_size(name, efi_name_size(name));
+	phys_vendor = virt_to_phys_or_null(vendor);
+	phys_data = virt_to_phys_or_null_size(data, data_size);
 
 	/* If data_size is > sizeof(u32) we've got problems */
 	status = efi_thunk(set_variable, phys_name, phys_vendor,
@@ -605,9 +639,9 @@ efi_thunk_get_next_variable(unsigned long *name_size,
 	efi_status_t status;
 	u32 phys_name_size, phys_name, phys_vendor;
 
-	phys_name_size = virt_to_phys(name_size);
-	phys_vendor = virt_to_phys(vendor);
-	phys_name = virt_to_phys(name);
+	phys_name_size = virt_to_phys_or_null(name_size);
+	phys_vendor = virt_to_phys_or_null(vendor);
+	phys_name = virt_to_phys_or_null_size(name, *name_size);
 
 	status = efi_thunk(get_next_variable, phys_name_size,
 			   phys_name, phys_vendor);
@@ -621,7 +655,7 @@ efi_thunk_get_next_high_mono_count(u32 *count)
 	efi_status_t status;
 	u32 phys_count;
 
-	phys_count = virt_to_phys(count);
+	phys_count = virt_to_phys_or_null(count);
 	status = efi_thunk(get_next_high_mono_count, phys_count);
 
 	return status;
@@ -633,7 +667,7 @@ efi_thunk_reset_system(int reset_type, efi_status_t status,
 {
 	u32 phys_data;
 
-	phys_data = virt_to_phys(data);
+	phys_data = virt_to_phys_or_null_size(data, data_size);
 
 	efi_thunk(reset_system, reset_type, status, data_size, phys_data);
 }
@@ -661,9 +695,9 @@ efi_thunk_query_variable_info(u32 attr, u64 *storage_space,
 	if (efi.runtime_version < EFI_2_00_SYSTEM_TABLE_REVISION)
 		return EFI_UNSUPPORTED;
 
-	phys_storage = virt_to_phys(storage_space);
-	phys_remaining = virt_to_phys(remaining_space);
-	phys_max = virt_to_phys(max_variable_size);
+	phys_storage = virt_to_phys_or_null(storage_space);
+	phys_remaining = virt_to_phys_or_null(remaining_space);
+	phys_max = virt_to_phys_or_null(max_variable_size);
 
 	status = efi_thunk(query_variable_info, attr, phys_storage,
 			   phys_remaining, phys_max);
-- 
2.10.0

[tip:efi/urgent] x86/efi: Fix EFI memmap pointer size warning

[tip-bot for Borislav Petkov]

Commit-ID:  02e56902e40e4c1ff57590c717e46377b72d5966
Gitweb:     http://git.kernel.org/tip/02e56902e40e4c1ff57590c717e46377b72d5966
Author:     Borislav Petkov <bp@suse.de>
AuthorDate: Sat, 12 Nov 2016 21:04:23 +0000
Committer:  Ingo Molnar <mingo@kernel.org>
CommitDate: Sun, 13 Nov 2016 08:26:40 +0100

x86/efi: Fix EFI memmap pointer size warning

Fix this when building on 32-bit:

  arch/x86/platform/efi/efi.c: In function ‘__efi_enter_virtual_mode’:
  arch/x86/platform/efi/efi.c:911:5: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
       (efi_memory_desc_t *)pa);
       ^
  arch/x86/platform/efi/efi.c:918:5: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
       (efi_memory_desc_t *)pa);
       ^

The @pa local variable is declared as phys_addr_t and that is a u64 when
CONFIG_PHYS_ADDR_T_64BIT=y. (The last is enabled on 32-bit on a PAE
build.)

However, its value comes from __pa() which is basically doing pointer
arithmetic and checking, and returns unsigned long as it is the native
pointer width.

So let's use an unsigned long too. It should be fine to do so because
the later users cast it to a pointer too.

Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20161112210424.5157-2-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 arch/x86/platform/efi/efi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
index bf99aa7..936a488 100644
--- a/arch/x86/platform/efi/efi.c
+++ b/arch/x86/platform/efi/efi.c
@@ -861,7 +861,7 @@ static void __init __efi_enter_virtual_mode(void)
 	int count = 0, pg_shift = 0;
 	void *new_memmap = NULL;
 	efi_status_t status;
-	phys_addr_t pa;
+	unsigned long pa;
 
 	efi.systab = NULL;
 

[tip:efi/urgent] x86/efi: Prevent mixed mode boot corruption with CONFIG_VMAP_STACK=y

[tip-bot for Matt Fleming]

Commit-ID:  f6697df36bdf0bf7fce984605c2918d4a7b4269f
Gitweb:     http://git.kernel.org/tip/f6697df36bdf0bf7fce984605c2918d4a7b4269f
Author:     Matt Fleming <matt@codeblueprint.co.uk>
AuthorDate: Sat, 12 Nov 2016 21:04:24 +0000
Committer:  Ingo Molnar <mingo@kernel.org>
CommitDate: Sun, 13 Nov 2016 08:26:40 +0100

x86/efi: Prevent mixed mode boot corruption with CONFIG_VMAP_STACK=y

Booting an EFI mixed mode kernel has been crashing since commit:

  e37e43a497d5 ("x86/mm/64: Enable vmapped stacks (CONFIG_HAVE_ARCH_VMAP_STACK=y)")

The user-visible effect in my test setup was the kernel being unable
to find the root file system ramdisk. This was likely caused by silent
memory or page table corruption.

Enabling CONFIG_DEBUG_VIRTUAL=y immediately flagged the thunking code as
abusing virt_to_phys() because it was passing addresses that were not
part of the kernel direct mapping.

Use the slow version instead, which correctly handles all memory
regions by performing a page table walk.

Suggested-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20161112210424.5157-3-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 arch/x86/platform/efi/efi_64.c | 80 ++++++++++++++++++++++++++++++------------
 1 file changed, 57 insertions(+), 23 deletions(-)

diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c
index 58b0f80..319148b 100644
--- a/arch/x86/platform/efi/efi_64.c
+++ b/arch/x86/platform/efi/efi_64.c
@@ -31,6 +31,7 @@
 #include <linux/io.h>
 #include <linux/reboot.h>
 #include <linux/slab.h>
+#include <linux/ucs2_string.h>
 
 #include <asm/setup.h>
 #include <asm/page.h>
@@ -211,6 +212,35 @@ void efi_sync_low_kernel_mappings(void)
 	memcpy(pud_efi, pud_k, sizeof(pud_t) * num_entries);
 }
 
+/*
+ * Wrapper for slow_virt_to_phys() that handles NULL addresses.
+ */
+static inline phys_addr_t
+virt_to_phys_or_null_size(void *va, unsigned long size)
+{
+	bool bad_size;
+
+	if (!va)
+		return 0;
+
+	if (virt_addr_valid(va))
+		return virt_to_phys(va);
+
+	/*
+	 * A fully aligned variable on the stack is guaranteed not to
+	 * cross a page bounary. Try to catch strings on the stack by
+	 * checking that 'size' is a power of two.
+	 */
+	bad_size = size > PAGE_SIZE || !is_power_of_2(size);
+
+	WARN_ON(!IS_ALIGNED((unsigned long)va, size) || bad_size);
+
+	return slow_virt_to_phys(va);
+}
+
+#define virt_to_phys_or_null(addr)				\
+	virt_to_phys_or_null_size((addr), sizeof(*(addr)))
+
 int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages)
 {
 	unsigned long pfn, text;
@@ -494,8 +524,8 @@ static efi_status_t efi_thunk_get_time(efi_time_t *tm, efi_time_cap_t *tc)
 
 	spin_lock(&rtc_lock);
 
-	phys_tm = virt_to_phys(tm);
-	phys_tc = virt_to_phys(tc);
+	phys_tm = virt_to_phys_or_null(tm);
+	phys_tc = virt_to_phys_or_null(tc);
 
 	status = efi_thunk(get_time, phys_tm, phys_tc);
 
@@ -511,7 +541,7 @@ static efi_status_t efi_thunk_set_time(efi_time_t *tm)
 
 	spin_lock(&rtc_lock);
 
-	phys_tm = virt_to_phys(tm);
+	phys_tm = virt_to_phys_or_null(tm);
 
 	status = efi_thunk(set_time, phys_tm);
 
@@ -529,9 +559,9 @@ efi_thunk_get_wakeup_time(efi_bool_t *enabled, efi_bool_t *pending,
 
 	spin_lock(&rtc_lock);
 
-	phys_enabled = virt_to_phys(enabled);
-	phys_pending = virt_to_phys(pending);
-	phys_tm = virt_to_phys(tm);
+	phys_enabled = virt_to_phys_or_null(enabled);
+	phys_pending = virt_to_phys_or_null(pending);
+	phys_tm = virt_to_phys_or_null(tm);
 
 	status = efi_thunk(get_wakeup_time, phys_enabled,
 			     phys_pending, phys_tm);
@@ -549,7 +579,7 @@ efi_thunk_set_wakeup_time(efi_bool_t enabled, efi_time_t *tm)
 
 	spin_lock(&rtc_lock);
 
-	phys_tm = virt_to_phys(tm);
+	phys_tm = virt_to_phys_or_null(tm);
 
 	status = efi_thunk(set_wakeup_time, enabled, phys_tm);
 
@@ -558,6 +588,10 @@ efi_thunk_set_wakeup_time(efi_bool_t enabled, efi_time_t *tm)
 	return status;
 }
 
+static unsigned long efi_name_size(efi_char16_t *name)
+{
+	return ucs2_strsize(name, EFI_VAR_NAME_LEN) + 1;
+}
 
 static efi_status_t
 efi_thunk_get_variable(efi_char16_t *name, efi_guid_t *vendor,
@@ -567,11 +601,11 @@ efi_thunk_get_variable(efi_char16_t *name, efi_guid_t *vendor,
 	u32 phys_name, phys_vendor, phys_attr;
 	u32 phys_data_size, phys_data;
 
-	phys_data_size = virt_to_phys(data_size);
-	phys_vendor = virt_to_phys(vendor);
-	phys_name = virt_to_phys(name);
-	phys_attr = virt_to_phys(attr);
-	phys_data = virt_to_phys(data);
+	phys_data_size = virt_to_phys_or_null(data_size);
+	phys_vendor = virt_to_phys_or_null(vendor);
+	phys_name = virt_to_phys_or_null_size(name, efi_name_size(name));
+	phys_attr = virt_to_phys_or_null(attr);
+	phys_data = virt_to_phys_or_null_size(data, *data_size);
 
 	status = efi_thunk(get_variable, phys_name, phys_vendor,
 			   phys_attr, phys_data_size, phys_data);
@@ -586,9 +620,9 @@ efi_thunk_set_variable(efi_char16_t *name, efi_guid_t *vendor,
 	u32 phys_name, phys_vendor, phys_data;
 	efi_status_t status;
 
-	phys_name = virt_to_phys(name);
-	phys_vendor = virt_to_phys(vendor);
-	phys_data = virt_to_phys(data);
+	phys_name = virt_to_phys_or_null_size(name, efi_name_size(name));
+	phys_vendor = virt_to_phys_or_null(vendor);
+	phys_data = virt_to_phys_or_null_size(data, data_size);
 
 	/* If data_size is > sizeof(u32) we've got problems */
 	status = efi_thunk(set_variable, phys_name, phys_vendor,
@@ -605,9 +639,9 @@ efi_thunk_get_next_variable(unsigned long *name_size,
 	efi_status_t status;
 	u32 phys_name_size, phys_name, phys_vendor;
 
-	phys_name_size = virt_to_phys(name_size);
-	phys_vendor = virt_to_phys(vendor);
-	phys_name = virt_to_phys(name);
+	phys_name_size = virt_to_phys_or_null(name_size);
+	phys_vendor = virt_to_phys_or_null(vendor);
+	phys_name = virt_to_phys_or_null_size(name, *name_size);
 
 	status = efi_thunk(get_next_variable, phys_name_size,
 			   phys_name, phys_vendor);
@@ -621,7 +655,7 @@ efi_thunk_get_next_high_mono_count(u32 *count)
 	efi_status_t status;
 	u32 phys_count;
 
-	phys_count = virt_to_phys(count);
+	phys_count = virt_to_phys_or_null(count);
 	status = efi_thunk(get_next_high_mono_count, phys_count);
 
 	return status;
@@ -633,7 +667,7 @@ efi_thunk_reset_system(int reset_type, efi_status_t status,
 {
 	u32 phys_data;
 
-	phys_data = virt_to_phys(data);
+	phys_data = virt_to_phys_or_null_size(data, data_size);
 
 	efi_thunk(reset_system, reset_type, status, data_size, phys_data);
 }
@@ -661,9 +695,9 @@ efi_thunk_query_variable_info(u32 attr, u64 *storage_space,
 	if (efi.runtime_version < EFI_2_00_SYSTEM_TABLE_REVISION)
 		return EFI_UNSUPPORTED;
 
-	phys_storage = virt_to_phys(storage_space);
-	phys_remaining = virt_to_phys(remaining_space);
-	phys_max = virt_to_phys(max_variable_size);
+	phys_storage = virt_to_phys_or_null(storage_space);
+	phys_remaining = virt_to_phys_or_null(remaining_space);
+	phys_max = virt_to_phys_or_null(max_variable_size);
 
 	status = efi_thunk(query_variable_info, attr, phys_storage,
 			   phys_remaining, phys_max);

Re: [GIT PULL 0/2] EFI urgent fixes

[Matt Fleming]

On Tue, 20 Sep, at 11:20:17AM, Waiman Long wrote:
> On 09/20/2016 10:48 AM, Matt Fleming wrote:
> >Folks, please pull the following two fixes that address the boot hang
> >issue Waiman reported here,
> >
> >   https://lkml.kernel.org/r/57DF56D4.50304@hpe.com
> >
> >The following changes since commit 3be7988674ab33565700a37b210f502563d932e6:
> >
> >   Linux 4.8-rc7 (2016-09-18 17:27:41 -0700)
> >
> >are available in the git repository at:
> >
> >   git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi.git tags/efi-urgent
> >
> >for you to fetch changes up to 1297667083d5442aafe3e337b9413bf02b114edb:
> >
> >   x86/efi: Only map RAM into EFI page tables if in mixed-mode (2016-09-20 14:53:04 +0100)
> >
> >----------------------------------------------------------------
> >  * Fix a boot hang on large memory machines (multiple terabyte) caused
> >    by type conversion errors in the x86 pat code - Matt Fleming
> >
> >----------------------------------------------------------------
> >Matt Fleming (2):
> >       x86/mm/pat: Prevent hang during boot when mapping pages
> >       x86/efi: Only map RAM into EFI page tables if in mixed-mode
> >
> >  arch/x86/mm/pageattr.c         | 21 +++++++++++----------
> >  arch/x86/platform/efi/efi_64.c |  2 +-
> >  2 files changed, 12 insertions(+), 11 deletions(-)
> 
> Are you also going to send these fixes to the 4.6 and 4.7 stable trees as
> well?

I just checked and I failed to tag the first patch for stable, though
I did mean to. Yes, I'll send them to stable once they're merged.

Re: [GIT PULL 0/2] EFI urgent fixes

[Waiman Long]

On 09/20/2016 10:48 AM, Matt Fleming wrote:
> Folks, please pull the following two fixes that address the boot hang
> issue Waiman reported here,
>
>    https://lkml.kernel.org/r/57DF56D4.50304@hpe.com
>
> The following changes since commit 3be7988674ab33565700a37b210f502563d932e6:
>
>    Linux 4.8-rc7 (2016-09-18 17:27:41 -0700)
>
> are available in the git repository at:
>
>    git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi.git tags/efi-urgent
>
> for you to fetch changes up to 1297667083d5442aafe3e337b9413bf02b114edb:
>
>    x86/efi: Only map RAM into EFI page tables if in mixed-mode (2016-09-20 14:53:04 +0100)
>
> ----------------------------------------------------------------
>   * Fix a boot hang on large memory machines (multiple terabyte) caused
>     by type conversion errors in the x86 pat code - Matt Fleming
>
> ----------------------------------------------------------------
> Matt Fleming (2):
>        x86/mm/pat: Prevent hang during boot when mapping pages
>        x86/efi: Only map RAM into EFI page tables if in mixed-mode
>
>   arch/x86/mm/pageattr.c         | 21 +++++++++++----------
>   arch/x86/platform/efi/efi_64.c |  2 +-
>   2 files changed, 12 insertions(+), 11 deletions(-)

Are you also going to send these fixes to the 4.6 and 4.7 stable trees 
as well?

Cheers,
Longman

Re: [GIT PULL 0/2] EFI urgent fixes

[Ingo Molnar]

* Matt Fleming <matt@codeblueprint.co.uk> wrote:

> Folks, please pull the following two fixes that address the boot hang
> issue Waiman reported here,
> 
>   https://lkml.kernel.org/r/57DF56D4.50304@hpe.com
> 
> The following changes since commit 3be7988674ab33565700a37b210f502563d932e6:
> 
>   Linux 4.8-rc7 (2016-09-18 17:27:41 -0700)
> 
> are available in the git repository at:
> 
>   git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi.git tags/efi-urgent
> 
> for you to fetch changes up to 1297667083d5442aafe3e337b9413bf02b114edb:
> 
>   x86/efi: Only map RAM into EFI page tables if in mixed-mode (2016-09-20 14:53:04 +0100)
> 
> ----------------------------------------------------------------
>  * Fix a boot hang on large memory machines (multiple terabyte) caused
>    by type conversion errors in the x86 pat code - Matt Fleming
> 
> ----------------------------------------------------------------
> Matt Fleming (2):
>       x86/mm/pat: Prevent hang during boot when mapping pages
>       x86/efi: Only map RAM into EFI page tables if in mixed-mode
> 
>  arch/x86/mm/pageattr.c         | 21 +++++++++++----------
>  arch/x86/platform/efi/efi_64.c |  2 +-
>  2 files changed, 12 insertions(+), 11 deletions(-)

Pulled, thanks a lot Matt!

	Ingo

[GIT PULL 0/2] EFI urgent fixes

[Matt Fleming]

Folks, please pull the following two fixes that address the boot hang
issue Waiman reported here,

  https://lkml.kernel.org/r/57DF56D4.50304@hpe.com

The following changes since commit 3be7988674ab33565700a37b210f502563d932e6:

  Linux 4.8-rc7 (2016-09-18 17:27:41 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi.git tags/efi-urgent

for you to fetch changes up to 1297667083d5442aafe3e337b9413bf02b114edb:

  x86/efi: Only map RAM into EFI page tables if in mixed-mode (2016-09-20 14:53:04 +0100)

----------------------------------------------------------------
 * Fix a boot hang on large memory machines (multiple terabyte) caused
   by type conversion errors in the x86 pat code - Matt Fleming

----------------------------------------------------------------
Matt Fleming (2):
      x86/mm/pat: Prevent hang during boot when mapping pages
      x86/efi: Only map RAM into EFI page tables if in mixed-mode

 arch/x86/mm/pageattr.c         | 21 +++++++++++----------
 arch/x86/platform/efi/efi_64.c |  2 +-
 2 files changed, 12 insertions(+), 11 deletions(-)

[GIT PULL 0/2] EFI urgent fixes

[Matt Fleming]

Please pull the following two patches that fix EFI issues in v4.7.
They're both tagged for stable.

The following changes since commit 29b4817d4018df78086157ea3a55c1d9424a7cfc:

  Linux 4.8-rc1 (2016-08-07 18:18:00 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi.git tags/efi-urgent

for you to fetch changes up to be6743b7f66c7d8bf7f8a48de9d86a66a177c3a2:

  efi/capsule: Allocate whole capsule into virtual memory (2016-08-09 11:32:55 +0100)

----------------------------------------------------------------
 * Fix a boot crash on SGI/UV when kexec'ing a kernel with the "noefi"
   kernel parameter - Alex Thorlton

 * Wholly map EFI capsules with vmap() instead of just the first page
   with kmap(), so that the capsule driver works on Qualcomm QDF2432,
   and because the UEFI specification requires the capsule to be fully
   mapped into the kernel's virtual address space - Austin Christ

----------------------------------------------------------------
Alex Thorlton (1):
      x86/platform/uv: Skip UV runtime services mapping in the efi_runtime_disabled case

Austin Christ (1):
      efi/capsule: Allocate whole capsule into virtual memory

 arch/x86/platform/uv/bios_uv.c        | 3 ++-
 drivers/firmware/efi/capsule-loader.c | 8 +++++---
 drivers/firmware/efi/capsule.c        | 6 +++---
 3 files changed, 10 insertions(+), 7 deletions(-)

Re: [GIT PULL 0/2] EFI urgent fixes

[Ingo Molnar]

* Matt Fleming <matt@codeblueprint.co.uk> wrote:

> On Tue, 31 May, at 11:23:42AM, Matt Fleming wrote:
> > Folks, please pull the following urgent patches which fix a boot crash
> > when using the "noefi" parameter and the debug output on arm.
> > 
> > The following changes since commit 1a695a905c18548062509178b98bc91e67510864:
> > 
> >   Linux 4.7-rc1 (2016-05-29 09:29:24 -0700)
> > 
> > are available in the git repository at:
> > 
> >   git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi.git tags/efi-urgent
> > 
> > for you to fetch changes up to 1f0cf3892caeab20a99c19f5523499be77b533cd:
> > 
> >   efi/arm: Fix the format of debug message from efi (2016-05-30 22:51:53 +0100)
> > 
> > ----------------------------------------------------------------
> >  * Fix crash when booting with the "noefi" kernel parameter, caused by
> >    recent changes to for_each_efi_memory_desc_in_map() - Vitaly Kuznetsov
> > 
> >  * Unscramble the debug output on arm when efi=debug and memblock=debug
> >    is passed on the kernel cmdline - Dennis Chen
> > 
> > ----------------------------------------------------------------
> > Dennis Chen (1):
> >       efi/arm: Fix the format of debug message from efi
> > 
> > Vitaly Kuznetsov (1):
> >       efi: Fix for_each_efi_memory_desc_in_map() for empty memmaps
> > 
> >  drivers/firmware/efi/arm-init.c | 14 ++++++--------
> >  include/linux/efi.h             |  2 +-
> >  2 files changed, 7 insertions(+), 9 deletions(-)
> 
> Ping? I see these patches queued up in tip/efi/urgent but they don't
> appear to be in Linus' tree yet.

Yeah, will get them to Linus later today.

Thanks,

	Ingo

Re: [GIT PULL 0/2] EFI urgent fixes

[Matt Fleming]

On Tue, 31 May, at 11:23:42AM, Matt Fleming wrote:
> Folks, please pull the following urgent patches which fix a boot crash
> when using the "noefi" parameter and the debug output on arm.
> 
> The following changes since commit 1a695a905c18548062509178b98bc91e67510864:
> 
>   Linux 4.7-rc1 (2016-05-29 09:29:24 -0700)
> 
> are available in the git repository at:
> 
>   git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi.git tags/efi-urgent
> 
> for you to fetch changes up to 1f0cf3892caeab20a99c19f5523499be77b533cd:
> 
>   efi/arm: Fix the format of debug message from efi (2016-05-30 22:51:53 +0100)
> 
> ----------------------------------------------------------------
>  * Fix crash when booting with the "noefi" kernel parameter, caused by
>    recent changes to for_each_efi_memory_desc_in_map() - Vitaly Kuznetsov
> 
>  * Unscramble the debug output on arm when efi=debug and memblock=debug
>    is passed on the kernel cmdline - Dennis Chen
> 
> ----------------------------------------------------------------
> Dennis Chen (1):
>       efi/arm: Fix the format of debug message from efi
> 
> Vitaly Kuznetsov (1):
>       efi: Fix for_each_efi_memory_desc_in_map() for empty memmaps
> 
>  drivers/firmware/efi/arm-init.c | 14 ++++++--------
>  include/linux/efi.h             |  2 +-
>  2 files changed, 7 insertions(+), 9 deletions(-)

Ping? I see these patches queued up in tip/efi/urgent but they don't
appear to be in Linus' tree yet.

[GIT PULL 0/2] EFI urgent fixes

[Matt Fleming]

Folks, please pull the following urgent patches which fix a boot crash
when using the "noefi" parameter and the debug output on arm.

The following changes since commit 1a695a905c18548062509178b98bc91e67510864:

  Linux 4.7-rc1 (2016-05-29 09:29:24 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi.git tags/efi-urgent

for you to fetch changes up to 1f0cf3892caeab20a99c19f5523499be77b533cd:

  efi/arm: Fix the format of debug message from efi (2016-05-30 22:51:53 +0100)

----------------------------------------------------------------
 * Fix crash when booting with the "noefi" kernel parameter, caused by
   recent changes to for_each_efi_memory_desc_in_map() - Vitaly Kuznetsov

 * Unscramble the debug output on arm when efi=debug and memblock=debug
   is passed on the kernel cmdline - Dennis Chen

----------------------------------------------------------------
Dennis Chen (1):
      efi/arm: Fix the format of debug message from efi

Vitaly Kuznetsov (1):
      efi: Fix for_each_efi_memory_desc_in_map() for empty memmaps

 drivers/firmware/efi/arm-init.c | 14 ++++++--------
 include/linux/efi.h             |  2 +-
 2 files changed, 7 insertions(+), 9 deletions(-)

Re: [GIT PULL 0/2] EFI urgent fixes

[Ingo Molnar]

* Matt Fleming <matt@codeblueprint.co.uk> wrote:

> Folks, here are some bug fixes that missed the previous pull request
> but that are related to those patches.
> 
> The following changes since commit 4682c211a80ee93214b72d95f861b0f6e90e5445:
> 
>   Merge tag 'efi-urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi into x86/urgent (2016-02-16 13:14:57 +0100)
> 
> are available in the git repository at:
> 
>   git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi.git tags/efi-urgent
> 
> for you to fetch changes up to a68075908a37850918ad96b056acc9ac4ce1bd90:
> 
>   lib/ucs2_string: Correct ucs2 -> utf8 conversion (2016-02-16 12:49:05 +0000)
> 
> ----------------------------------------------------------------
>  * Fix bugs in our code that converts ucs2 strings to utf8 where we
>    unintentionally drop bits from the original string - Jason Andryuk
> 
>  * Add the efi-pstore variables to the variable whitelist so that
>    users can continue to delete them via efivarfs without needing to
>    manipulate the immutable flag - Matt Fleming
> 
> ----------------------------------------------------------------
> Jason Andryuk (1):
>       lib/ucs2_string: Correct ucs2 -> utf8 conversion
> 
> Matt Fleming (1):
>       efi: Add pstore variables to the deletion whitelist
> 
>  drivers/firmware/efi/vars.c |  1 +
>  lib/ucs2_string.c           | 14 +++++++-------
>  2 files changed, 8 insertions(+), 7 deletions(-)

Pulled, thanks Matt!

	Ingo

[GIT PULL 0/2] EFI urgent fixes

[Matt Fleming]

Folks, here are some bug fixes that missed the previous pull request
but that are related to those patches.

The following changes since commit 4682c211a80ee93214b72d95f861b0f6e90e5445:

  Merge tag 'efi-urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi into x86/urgent (2016-02-16 13:14:57 +0100)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi.git tags/efi-urgent

for you to fetch changes up to a68075908a37850918ad96b056acc9ac4ce1bd90:

  lib/ucs2_string: Correct ucs2 -> utf8 conversion (2016-02-16 12:49:05 +0000)

----------------------------------------------------------------
 * Fix bugs in our code that converts ucs2 strings to utf8 where we
   unintentionally drop bits from the original string - Jason Andryuk

 * Add the efi-pstore variables to the variable whitelist so that
   users can continue to delete them via efivarfs without needing to
   manipulate the immutable flag - Matt Fleming

----------------------------------------------------------------
Jason Andryuk (1):
      lib/ucs2_string: Correct ucs2 -> utf8 conversion

Matt Fleming (1):
      efi: Add pstore variables to the deletion whitelist

 drivers/firmware/efi/vars.c |  1 +
 lib/ucs2_string.c           | 14 +++++++-------
 2 files changed, 8 insertions(+), 7 deletions(-)

[GIT PULL 0/2] EFI urgent fixes

[Matt Fleming]

From: Matt Fleming <matt.fleming@intel.com>

Folks,

The patches in this pull request fix kernel crashes when booting Linux
on UEFI v2.5 machines with the Properties Table feature enabled.

Essentially, when this feature is enabled the firmware allocates
separate entries in the EFI memory map for the code and data sections
of PE/COFF images, whereas previously only one memory map entry would
have existed.

Because we've now got two entries that reference each other we *must*
map them into the kernel virtual address space with the same offsets
and in the same order as they appear in the EFI memory map. Failure to
do so causes the firmware to access unmapped/invalid addresses. 

These patches were intentionally kept as small as possible so that
they can be backported by distributions, aggressively.

The following changes since commit 1f93e4a96c9109378204c147b3eec0d0e8100fde:

  Linux 4.3-rc2 (2015-09-20 14:32:34 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi.git tags/efi-urgent

for you to fetch changes up to 1fa25e09ca2ce07f03bca93ad71800c312fd4951:

  arm64/efi: Don't pad between EFI_MEMORY_RUNTIME regions (2015-09-25 22:35:15 +0100)

----------------------------------------------------------------
 * arm64 bug fix for UEFI 2.5 firmware that has the Properties Table
   feature enabled. The fix avoids a kernel crash by removing the padding
   between runtime regions that we currently do in the kernel so we don't
   break the EFI's cross-region references - Ard Biesheuvel

 * Map EFI memory regions in-order on x86 so that we maintain the
   relative offset between regions and fix a crash when booting on
   UEFI 2.5 machines with the Properties Table feature enabled.

----------------------------------------------------------------
Ard Biesheuvel (1):
      arm64/efi: Don't pad between EFI_MEMORY_RUNTIME regions

Matt Fleming (1):
      x86/efi: Map EFI memmap entries in-order at runtime

 arch/arm64/kernel/efi.c                 |  3 +-
 arch/x86/platform/efi/efi.c             | 67 ++++++++++++++++++++++++-
 drivers/firmware/efi/libstub/arm-stub.c | 88 +++++++++++++++++++++++++++------
 3 files changed, 141 insertions(+), 17 deletions(-)