From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A8C47C7EE25 for ; Fri, 9 Jun 2023 08:03:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239896AbjFIIDG (ORCPT ); Fri, 9 Jun 2023 04:03:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38992 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239995AbjFIICr (ORCPT ); Fri, 9 Jun 2023 04:02:47 -0400 Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6806C46B6 for ; Fri, 9 Jun 2023 01:01:00 -0700 (PDT) Received: by mail-lj1-x234.google.com with SMTP id 38308e7fff4ca-2b1adf27823so16009181fa.2 for ; Fri, 09 Jun 2023 01:01:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686297642; x=1688889642; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=06aLnWhJdy0R77EsY3W61qYT6aLBj8zgctJ+CoIkn7k=; b=dROKAMlm60dMt/sFOkYwFrndwAc6rtu/0Fsi8H2vVIhFFlPPnHLqTyV6+5WR4qRGCs MZIxKJdOeDfJJbhVmU1yfSJqZ93i+//1HfRt78TXb5NsuXDnYerwmGazjylxknO4ngV3 YQJrrK17lzV2vSArB10Qpm7bFBSuZPemXs0f9v7Eg/wfYNvy/JfHNHGhIwgCYEdTVMMy cHOiELFspxfchQ8ZGuO0JXiQSaHgFFCuV4PE9nQthctMS5/O6HrIwQ9zVe4QlNOqvEG5 Nh74xoUGA+nt7G4PaZr++YqJQ9EJkYcy5fghSF3w7TLwttexeZ/JYzBBA8Z+PrQ/daNC +CbA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686297642; x=1688889642; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=06aLnWhJdy0R77EsY3W61qYT6aLBj8zgctJ+CoIkn7k=; b=hc13a4TapMPG2UFAvG0PSpo3l/kwyBJfoewbBC1/iHc8llI59z0BNSasdlvFgkCx5x ZiUdFgCQezQ2d36zLDrcTviMEGDPufinHyZ0qFNpCiPiNVUmYUWxftNTCXeZN8trDgc2 0YqynX5397Faw+Q79Q2N6RvEpgJR9YVMU8VirrDMLnGtgsfI5FDBO0bXezPoJQOptypF 1gvcSV/boK4mMcvEjYiPVYsBpSDNLBF9t4lP6VK6WnDsymriCQ0iit3AiKgQB+22uF/+ iMFG2Y5xTsENkqumWlxqApv46frd7tjqXLGf+mdb+WcXoou5/hLmCZXlkVQ/MOPfCQ3q 7lkQ== X-Gm-Message-State: AC+VfDy2CbtuL1P2rlIbhyitGzviBjWl2JHOJeuQ9xZ0ubK05HGY5O9n RSvrmQ/7yKK+Sqz2R1onUU7iuTpPC+R+z3Vq6ntwwg== X-Google-Smtp-Source: ACHHUZ6sDFOrDw132Cxb7TJmxDK1wGBHWBj8Fj1F3tNZ4ozNN7LXTygGpdV6UGgjan6VSVHykaR+fa1+M66McOZDoJE= X-Received: by 2002:a2e:98ca:0:b0:2b1:d4fc:75ff with SMTP id s10-20020a2e98ca000000b002b1d4fc75ffmr525291ljj.31.1686297642304; Fri, 09 Jun 2023 01:00:42 -0700 (PDT) MIME-Version: 1.0 References: <20230526010748.1222-1-masahisa.kojima@linaro.org> <76da826f-b608-6add-5401-6de818b180e3@siemens.com> <871ece13-7d6e-44d4-3bda-317658202f6f@siemens.com> <3eb9bf84-4cf0-6cfe-9ad3-f7eef7d775fb@siemens.com> In-Reply-To: From: Ilias Apalodimas Date: Fri, 9 Jun 2023 11:00:06 +0300 Message-ID: Subject: Re: [PATCH v5 3/3] efi: Add tee-based EFI variable driver To: Jan Kiszka Cc: Ard Biesheuvel , Sumit Garg , Masahisa Kojima , Jens Wiklander , linux-kernel@vger.kernel.org, op-tee@lists.trustedfirmware.org, Johan Hovold , Maxime Coquelin , Alexandre Torgue , linux-efi@vger.kernel.org, linux-stm32@st-md-mailman.stormreply.com, linux-arm-kernel@lists.infradead.org, "Su, Bao Cheng (RC-CN DF FA R&D)" Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Jan, On Fri, 9 Jun 2023 at 09:40, Jan Kiszka wrote: > > On 09.06.23 08:34, Ilias Apalodimas wrote: > > Hi Jan, > > > > [...] > > > >>> --- a/drivers/firmware/efi/vars.c > >>> +++ b/drivers/firmware/efi/vars.c > >>> @@ -123,7 +123,7 @@ EXPORT_SYMBOL_GPL(efivars_unregister); > >>> > >>> bool efivar_supports_writes(void) > >>> { > >>> - return __efivars && __efivars->ops->set_variable; > >>> + return __efivars && __efivars->ops->set_variable != set_variable_int; > >>> } > >>> EXPORT_SYMBOL_GPL(efivar_supports_writes); > >>> > >>> diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c > >>> index e028fafa04f3..e40b5c4c5106 100644 > >>> --- a/fs/efivarfs/super.c > >>> +++ b/fs/efivarfs/super.c > >>> @@ -242,9 +242,6 @@ static int efivarfs_fill_super(struct super_block > >>> *sb, struct fs_context *fc) > >>> sb->s_d_op = &efivarfs_d_ops; > >>> sb->s_time_gran = 1; > >>> > >>> - if (!efivar_supports_writes()) > >>> - sb->s_flags |= SB_RDONLY; > >>> - > >>> inode = efivarfs_get_inode(sb, NULL, S_IFDIR | 0755, 0, true); > >>> if (!inode) > >>> return -ENOMEM; > >>> diff --git a/include/linux/efi.h b/include/linux/efi.h > >>> index 58d1c271d3b0..ec0ac6ef50a3 100644 > >>> --- a/include/linux/efi.h > >>> +++ b/include/linux/efi.h > >>> @@ -1084,6 +1084,10 @@ int efivars_register(struct efivars *efivars, > >>> const struct efivar_operations *ops); > >>> int efivars_unregister(struct efivars *efivars); > >>> > >>> +efi_status_t set_variable_int(efi_char16_t *name, efi_guid_t *vendor, > >>> + u32 attributes, unsigned long data_size, > >>> + void *data); > >>> + > >>> void efivars_generic_ops_register(void); > >>> void efivars_generic_ops_unregister(void); > >>> > >>> Thanks > >>> /Ilias > >> > >> As just written in my other reply: The root cause is the dependency on > >> tee-supplicant daemon. That needs to be resolved, and then also r/w > >> mounting will just work. > > > > That's partially true. If we solve the dependency your problem will > > go away only if everything gets compiled as built in. But if you have > > them as modules there's still a chance you mount the efivarfs before > > installing all the modules. In that case, you'll end up with the same > > problem no? > > Obviously, this will need proper probing of the TA services in the > proper order so that the STMM driver is pulled in before efivarfs gets used. > > > > > That's why I think this patch (or a variation of it) is useful. It > > solves the kernel panic you are seeing if you remount the efivarfs as > > RW and It unifies the way the kernel responds to userspace no matter > > what the firmware does with its setvariableRT service. > > I'm not against fixes crashes, but the r/w issue is a different thing IMHO. Fair enough, but if we want to fix the crash only I think there's a better way to do it. I'll cook some patches and send them over Thanks /Ilias > > Jan > > -- > Siemens AG, Technology > Competence Center Embedded Linux >