From: Aditya Garg <gargaditya08@live.com>
To: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Ard Biesheuvel <ardb@kernel.org>, Jeremy Kerr <jk@ozlabs.org>,
"joeyli.kernel@gmail.com" <joeyli.kernel@gmail.com>,
"zohar@linux.ibm.com" <zohar@linux.ibm.com>,
"jmorris@namei.org" <jmorris@namei.org>,
"eric.snowberg@oracle.com" <eric.snowberg@oracle.com>,
"dhowells@redhat.com" <dhowells@redhat.com>,
"jlee@suse.com" <jlee@suse.com>,
"James.Bottomley@hansenpartnership.com"
<James.Bottomley@HansenPartnership.com>,
"jarkko@kernel.org" <jarkko@kernel.org>,
"mic@digikod.net" <mic@digikod.net>,
"dmitry.kasatkin@gmail.com" <dmitry.kasatkin@gmail.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
"linux-efi@vger.kernel.org" <linux-efi@vger.kernel.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
"stable@vger.kernel.org" <stable@vger.kernel.org>,
"keyrings@vger.kernel.org" <keyrings@vger.kernel.org>,
"linux-integrity@vger.kernel.org"
<linux-integrity@vger.kernel.org>,
Orlando Chamberlain <redecorating@protonmail.com>,
Aun-Ali Zaidi <admin@kodeit.net>
Subject: Re: [PATCH] efi: Do not import certificates from UEFI Secure Boot for T2 Macs
Date: Thu, 10 Feb 2022 04:43:04 +0000 [thread overview]
Message-ID: <4D024AA6-CA95-4C7B-93CE-9A1E7F86BE43@live.com> (raw)
In-Reply-To: <20220209193705.GA15463@srcf.ucam.org>
> ie, can you try something like this?
>
> diff --git a/drivers/firmware/efi/runtime-wrappers.c b/drivers/firmware/efi/runtime-wrappers.c
> index f3e54f6616f0..01cbd4811d1e 100644
> --- a/drivers/firmware/efi/runtime-wrappers.c
> +++ b/drivers/firmware/efi/runtime-wrappers.c
> @@ -32,6 +32,8 @@
> #include <linux/stringify.h>
> #include <linux/workqueue.h>
> #include <linux/completion.h>
> +#include <linux/ucs2_string.h>
> +#include <linux/slab.h>
>
> #include <asm/efi.h>
>
> @@ -203,6 +205,21 @@ static void efi_call_rts(struct work_struct *work)
> (efi_time_t *)arg2);
> break;
> case EFI_GET_VARIABLE:
> + unsigned long utf8_name_size;
> + char *utf8_name;
> + char guid_str[sizeof(efi_guid_t)+1];
> +
> + utf8_name_size = ucs2_utf8size((efi_char16_t *)arg1);
> + utf8_name = kmalloc(utf8_name_size+1, GFP_KERNEL);
> + if (!utf8_name) {
> + printk(KERN_INFO "failed to allocate UTF8 buffer\n");
> + break;
> + }
> +
> + ucs2_as_utf8(utf8_name, (efi_char16_t *)arg1, utf8_name_size + 1);
> + efi_guid_to_str((efi_guid_t *)arg2, guid_str);
> +
> + printk(KERN_INFO "Reading EFI variable %s-%s\n", utf8_name, guid_str);
> status = efi_call_virt(get_variable, (efi_char16_t *)arg1,
> (efi_guid_t *)arg2, (u32 *)arg3,
> (unsigned long *)arg4, (void *)arg5);
>
Hi Matthew
I haven't tested this yet (Kernel is compiling) but I have found out that this part of the code is causing a crash
static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
unsigned long *size, efi_status_t *status)
{
unsigned long lsize = 4;
unsigned long tmpdb[4];
void *db;
*status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb);
if (*status == EFI_NOT_FOUND)
return NULL;
if (*status != EFI_BUFFER_TOO_SMALL) {
pr_err("Couldn't get size: 0x%lx\n", *status);
return NULL;
}
db = kmalloc(lsize, GFP_KERNEL);
if (!db)
return NULL;
*status = efi.get_variable(name, guid, NULL, &lsize, db);
if (*status != EFI_SUCCESS) {
kfree(db);
pr_err("Error reading db var: 0x%lx\n", *status);
return NULL;
}
*size = lsize;
return db;
}
If I remove the return 0 I had added from other 3 left functions, crash doesn't occur.
When the kernel compiles with your patch, I’ll send whatever I get.
Regards
Aditya
next prev parent reply other threads:[~2022-02-10 4:43 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-09 14:27 [PATCH] efi: Do not import certificates from UEFI Secure Boot for T2 Macs Aditya Garg
2022-02-09 15:39 ` David Laight
2022-02-10 10:43 ` Aditya Garg
2022-02-10 10:44 ` [PATCH v2] " Aditya Garg
2022-02-10 10:47 ` [PATCH v3] " Aditya Garg
2022-02-13 7:39 ` Lukas Wunner
2022-02-13 8:36 ` Aditya Garg
2022-02-23 13:49 ` Aditya Garg
2022-02-10 10:47 ` [PATCH v2] " Ard Biesheuvel
2022-02-10 10:53 ` Aditya Garg
2022-02-09 16:49 ` [PATCH] " Matthew Garrett
2022-02-09 18:02 ` Aditya Garg
2022-02-09 18:35 ` Matthew Garrett
2022-02-09 19:37 ` Matthew Garrett
2022-02-10 4:43 ` Aditya Garg [this message]
2022-02-10 5:49 ` Aditya Garg
2022-02-10 18:09 ` Matthew Garrett
2022-02-11 4:51 ` Aditya Garg
2022-02-11 16:28 ` Matthew Garrett
2022-02-12 5:53 ` Aditya Garg
2022-02-12 19:42 ` Matthew Garrett
2022-02-13 8:22 ` Aditya Garg
2022-02-13 21:33 ` Matthew Garrett
2022-02-14 0:33 ` Aditya Garg
2022-02-10 5:54 ` Aditya Garg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D024AA6-CA95-4C7B-93CE-9A1E7F86BE43@live.com \
--to=gargaditya08@live.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=admin@kodeit.net \
--cc=ardb@kernel.org \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=eric.snowberg@oracle.com \
--cc=jarkko@kernel.org \
--cc=jk@ozlabs.org \
--cc=jlee@suse.com \
--cc=jmorris@namei.org \
--cc=joeyli.kernel@gmail.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=mjg59@srcf.ucam.org \
--cc=redecorating@protonmail.com \
--cc=stable@vger.kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).