* [PATCH] efi_loader: check update capsule parameters @ 2021-06-11 16:15 Vincent Stehlé 2021-06-11 17:06 ` Heinrich Schuchardt 0 siblings, 1 reply; 4+ messages in thread From: Vincent Stehlé @ 2021-06-11 16:15 UTC (permalink / raw) To: u-boot Cc: Vincent Stehlé, Grant Likely, Heinrich Schuchardt, Alexander Graf UpdateCapsule() must return EFI_INVALID_PARAMETER in a number of cases, listed by the UEFI specification and tested by the SCT. Add a common function to do that. This fixes SCT UpdateCapsule_Conf failures. Reviewed-by: Grant Likely <grant.likely@arm.com> Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> Cc: Alexander Graf <agraf@csgraf.de> --- include/efi_loader.h | 24 ++++++++++++++++++++++++ lib/efi_loader/efi_capsule.c | 8 ++++---- lib/efi_loader/efi_runtime.c | 8 ++++++++ 3 files changed, 36 insertions(+), 4 deletions(-) diff --git a/include/efi_loader.h b/include/efi_loader.h index 0a9c82a257e..426d1c72d7d 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -910,6 +910,30 @@ extern const struct efi_firmware_management_protocol efi_fmp_fit; extern const struct efi_firmware_management_protocol efi_fmp_raw; /* Capsule update */ +static inline efi_status_t +efi_valid_update_capsule_params(struct efi_capsule_header + **capsule_header_array, + efi_uintn_t capsule_count, + u64 scatter_gather_list) +{ + u32 flags; + + if (!capsule_count) + return EFI_INVALID_PARAMETER; + + flags = capsule_header_array[0]->flags; + + if (((flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET) && + !scatter_gather_list) || + ((flags & CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE) && + !(flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET)) || + ((flags & CAPSULE_FLAGS_INITIATE_RESET) && + !(flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET))) + return EFI_INVALID_PARAMETER; + + return EFI_SUCCESS; +} + efi_status_t EFIAPI efi_update_capsule( struct efi_capsule_header **capsule_header_array, efi_uintn_t capsule_count, diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c index 60309d4a07d..380cfd70290 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c @@ -442,12 +442,12 @@ efi_status_t EFIAPI efi_update_capsule( EFI_ENTRY("%p, %zu, %llu\n", capsule_header_array, capsule_count, scatter_gather_list); - if (!capsule_count) { - ret = EFI_INVALID_PARAMETER; + ret = efi_valid_update_capsule_params(capsule_header_array, + capsule_count, + scatter_gather_list); + if (ret != EFI_SUCCESS) goto out; - } - ret = EFI_SUCCESS; for (i = 0, capsule = *capsule_header_array; i < capsule_count; i++, capsule = *(++capsule_header_array)) { /* sanity check */ diff --git a/lib/efi_loader/efi_runtime.c b/lib/efi_loader/efi_runtime.c index 93a695fc27e..449ad8b9f36 100644 --- a/lib/efi_loader/efi_runtime.c +++ b/lib/efi_loader/efi_runtime.c @@ -467,6 +467,14 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule_unsupported( efi_uintn_t capsule_count, u64 scatter_gather_list) { + efi_status_t ret; + + ret = efi_valid_update_capsule_params(capsule_header_array, + capsule_count, + scatter_gather_list); + if (ret != EFI_SUCCESS) + return ret; + return EFI_UNSUPPORTED; } -- 2.30.2 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] efi_loader: check update capsule parameters 2021-06-11 16:15 [PATCH] efi_loader: check update capsule parameters Vincent Stehlé @ 2021-06-11 17:06 ` Heinrich Schuchardt 2021-06-12 0:13 ` AKASHI Takahiro 0 siblings, 1 reply; 4+ messages in thread From: Heinrich Schuchardt @ 2021-06-11 17:06 UTC (permalink / raw) To: Vincent Stehlé Cc: Grant Likely, Alexander Graf, AKASHI Takahiro, Sughosh Ganu, Ilias Apalodimas, u-boot Cc: Takahiro, Sughosh, Ilias On 6/11/21 6:15 PM, Vincent Stehlé wrote: > UpdateCapsule() must return EFI_INVALID_PARAMETER in a number of cases, > listed by the UEFI specification and tested by the SCT. Add a common > function to do that. > > This fixes SCT UpdateCapsule_Conf failures. > > Reviewed-by: Grant Likely <grant.likely@arm.com> > Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com> > Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> > Cc: Alexander Graf <agraf@csgraf.de> > --- > include/efi_loader.h | 24 ++++++++++++++++++++++++ > lib/efi_loader/efi_capsule.c | 8 ++++---- > lib/efi_loader/efi_runtime.c | 8 ++++++++ > 3 files changed, 36 insertions(+), 4 deletions(-) > > diff --git a/include/efi_loader.h b/include/efi_loader.h > index 0a9c82a257e..426d1c72d7d 100644 > --- a/include/efi_loader.h > +++ b/include/efi_loader.h > @@ -910,6 +910,30 @@ extern const struct efi_firmware_management_protocol efi_fmp_fit; > extern const struct efi_firmware_management_protocol efi_fmp_raw; > > /* Capsule update */ > +static inline efi_status_t > +efi_valid_update_capsule_params(struct efi_capsule_header > + **capsule_header_array, > + efi_uintn_t capsule_count, > + u64 scatter_gather_list) > +{ > + u32 flags; > + > + if (!capsule_count) > + return EFI_INVALID_PARAMETER; If capsule count > 1, don't you have to check all capsules headers? > + > + flags = capsule_header_array[0]->flags; > + > + if (((flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET) && > + !scatter_gather_list) || > + ((flags & CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE) && > + !(flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET)) || > + ((flags & CAPSULE_FLAGS_INITIATE_RESET) && > + !(flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET))) > + return EFI_INVALID_PARAMETER; What happens if capsule(0) has CAPSULE_FLAGS_INITIATE_RESET and capsule(4) has !CAPSULE_FLAGS_PERSIST_ACROSS_RESET? Best regards Heinrich > + > + return EFI_SUCCESS; > +} > + > efi_status_t EFIAPI efi_update_capsule( > struct efi_capsule_header **capsule_header_array, > efi_uintn_t capsule_count, > diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c > index 60309d4a07d..380cfd70290 100644 > --- a/lib/efi_loader/efi_capsule.c > +++ b/lib/efi_loader/efi_capsule.c > @@ -442,12 +442,12 @@ efi_status_t EFIAPI efi_update_capsule( > EFI_ENTRY("%p, %zu, %llu\n", capsule_header_array, capsule_count, > scatter_gather_list); > > - if (!capsule_count) { > - ret = EFI_INVALID_PARAMETER; > + ret = efi_valid_update_capsule_params(capsule_header_array, > + capsule_count, > + scatter_gather_list); > + if (ret != EFI_SUCCESS) > goto out; > - } > > - ret = EFI_SUCCESS; > for (i = 0, capsule = *capsule_header_array; i < capsule_count; > i++, capsule = *(++capsule_header_array)) { > /* sanity check */ > diff --git a/lib/efi_loader/efi_runtime.c b/lib/efi_loader/efi_runtime.c > index 93a695fc27e..449ad8b9f36 100644 > --- a/lib/efi_loader/efi_runtime.c > +++ b/lib/efi_loader/efi_runtime.c > @@ -467,6 +467,14 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule_unsupported( > efi_uintn_t capsule_count, > u64 scatter_gather_list) > { > + efi_status_t ret; > + > + ret = efi_valid_update_capsule_params(capsule_header_array, > + capsule_count, > + scatter_gather_list); > + if (ret != EFI_SUCCESS) > + return ret; > + > return EFI_UNSUPPORTED; > } > > ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] efi_loader: check update capsule parameters 2021-06-11 17:06 ` Heinrich Schuchardt @ 2021-06-12 0:13 ` AKASHI Takahiro 2021-06-21 6:04 ` Heinrich Schuchardt 0 siblings, 1 reply; 4+ messages in thread From: AKASHI Takahiro @ 2021-06-12 0:13 UTC (permalink / raw) To: Heinrich Schuchardt Cc: Vincent Stehl??, Grant Likely, Alexander Graf, Sughosh Ganu, Ilias Apalodimas, u-boot Hi Vincent, Thank you for the update. On Fri, Jun 11, 2021 at 07:06:01PM +0200, Heinrich Schuchardt wrote: > Cc: Takahiro, Sughosh, Ilias > > On 6/11/21 6:15 PM, Vincent Stehlé wrote: > > UpdateCapsule() must return EFI_INVALID_PARAMETER in a number of cases, > > listed by the UEFI specification and tested by the SCT. Add a common > > function to do that. First of all, I would like to make clear one thing: My initial implementation of capsule support does *not* intend to support "UpdateCapsule" as runtime API. Instead, the sole objective is to provide "delivery of capsules via file" (or capsule on disk) method. This is because the initially-expected use case was that we would adopt capsules as an alternative for updating UEFI variables without using SetVariable runtime API. (This idea is no longer upheld, though.) This is why the API does not handle nor check parameters in the current code. I even regret to have added EFI_RUNTIME_UPDATE_CAPSULE option, which makes people confused. Nevertheless, I'm more than happy if other folks implement full semantics of UpdateCapsule. > > This fixes SCT UpdateCapsule_Conf failures. > > > > Reviewed-by: Grant Likely <grant.likely@arm.com> > > Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com> > > Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> > > Cc: Alexander Graf <agraf@csgraf.de> > > --- > > include/efi_loader.h | 24 ++++++++++++++++++++++++ > > lib/efi_loader/efi_capsule.c | 8 ++++---- > > lib/efi_loader/efi_runtime.c | 8 ++++++++ > > 3 files changed, 36 insertions(+), 4 deletions(-) > > > > diff --git a/include/efi_loader.h b/include/efi_loader.h > > index 0a9c82a257e..426d1c72d7d 100644 > > --- a/include/efi_loader.h > > +++ b/include/efi_loader.h > > @@ -910,6 +910,30 @@ extern const struct efi_firmware_management_protocol efi_fmp_fit; > > extern const struct efi_firmware_management_protocol efi_fmp_raw; > > > > /* Capsule update */ > > +static inline efi_status_t > > +efi_valid_update_capsule_params(struct efi_capsule_header > > + **capsule_header_array, > > + efi_uintn_t capsule_count, > > + u64 scatter_gather_list) > > +{ > > + u32 flags; > > + > > + if (!capsule_count) > > + return EFI_INVALID_PARAMETER; > > If capsule count > 1, don't you have to check all capsules headers? > > > + > > + flags = capsule_header_array[0]->flags; > > + > > + if (((flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET) && > > + !scatter_gather_list) || > > + ((flags & CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE) && > > + !(flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET)) || > > + ((flags & CAPSULE_FLAGS_INITIATE_RESET) && > > + !(flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET))) > > + return EFI_INVALID_PARAMETER; > > What happens if capsule(0) has CAPSULE_FLAGS_INITIATE_RESET and > capsule(4) has !CAPSULE_FLAGS_PERSIST_ACROSS_RESET? > > Best regards > > Heinrich > > > + > > + return EFI_SUCCESS; > > +} > > + > > efi_status_t EFIAPI efi_update_capsule( > > struct efi_capsule_header **capsule_header_array, > > efi_uintn_t capsule_count, > > diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c > > index 60309d4a07d..380cfd70290 100644 > > --- a/lib/efi_loader/efi_capsule.c > > +++ b/lib/efi_loader/efi_capsule.c > > @@ -442,12 +442,12 @@ efi_status_t EFIAPI efi_update_capsule( > > EFI_ENTRY("%p, %zu, %llu\n", capsule_header_array, capsule_count, > > scatter_gather_list); > > > > - if (!capsule_count) { > > - ret = EFI_INVALID_PARAMETER; > > + ret = efi_valid_update_capsule_params(capsule_header_array, > > + capsule_count, > > + scatter_gather_list); > > + if (ret != EFI_SUCCESS) > > goto out; > > - } > > > > - ret = EFI_SUCCESS; > > for (i = 0, capsule = *capsule_header_array; i < capsule_count; > > i++, capsule = *(++capsule_header_array)) { > > /* sanity check */ > > diff --git a/lib/efi_loader/efi_runtime.c b/lib/efi_loader/efi_runtime.c > > index 93a695fc27e..449ad8b9f36 100644 > > --- a/lib/efi_loader/efi_runtime.c > > +++ b/lib/efi_loader/efi_runtime.c > > @@ -467,6 +467,14 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule_unsupported( > > efi_uintn_t capsule_count, > > u64 scatter_gather_list) > > { > > + efi_status_t ret; > > + > > + ret = efi_valid_update_capsule_params(capsule_header_array, > > + capsule_count, > > + scatter_gather_list); This is "efi_update_capsule_unsupported" function. We don't have to check parameters. -Takahiro Akashi > > + if (ret != EFI_SUCCESS) > > + return ret; > > + > > return EFI_UNSUPPORTED; > > } > > > > > ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] efi_loader: check update capsule parameters 2021-06-12 0:13 ` AKASHI Takahiro @ 2021-06-21 6:04 ` Heinrich Schuchardt 0 siblings, 0 replies; 4+ messages in thread From: Heinrich Schuchardt @ 2021-06-21 6:04 UTC (permalink / raw) To: Vincent Stehle Cc: AKASHI Takahiro, u-boot, Grant Likely, Alexander Graf, Ilias Apalodimas, Sughosh Ganu On 6/12/21 2:13 AM, AKASHI Takahiro wrote: > Hi Vincent, > > Thank you for the update. > > On Fri, Jun 11, 2021 at 07:06:01PM +0200, Heinrich Schuchardt wrote: >> Cc: Takahiro, Sughosh, Ilias >> >> On 6/11/21 6:15 PM, Vincent Stehlé wrote: >>> UpdateCapsule() must return EFI_INVALID_PARAMETER in a number of cases, >>> listed by the UEFI specification and tested by the SCT. Add a common >>> function to do that. > > First of all, I would like to make clear one thing: > My initial implementation of capsule support does *not* > intend to support "UpdateCapsule" as runtime API. > Instead, the sole objective is to provide "delivery of > capsules via file" (or capsule on disk) method. > > This is because the initially-expected use case was > that we would adopt capsules as an alternative for > updating UEFI variables without using SetVariable runtime API. > (This idea is no longer upheld, though.) > > This is why the API does not handle nor check parameters > in the current code. I even regret to have added > EFI_RUNTIME_UPDATE_CAPSULE option, which makes people confused. > > Nevertheless, I'm more than happy if other folks implement > full semantics of UpdateCapsule. > >>> This fixes SCT UpdateCapsule_Conf failures. >>> >>> Reviewed-by: Grant Likely <grant.likely@arm.com> >>> Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com> >>> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> >>> Cc: Alexander Graf <agraf@csgraf.de> >>> --- >>> include/efi_loader.h | 24 ++++++++++++++++++++++++ >>> lib/efi_loader/efi_capsule.c | 8 ++++---- >>> lib/efi_loader/efi_runtime.c | 8 ++++++++ >>> 3 files changed, 36 insertions(+), 4 deletions(-) >>> >>> diff --git a/include/efi_loader.h b/include/efi_loader.h >>> index 0a9c82a257e..426d1c72d7d 100644 >>> --- a/include/efi_loader.h >>> +++ b/include/efi_loader.h >>> @@ -910,6 +910,30 @@ extern const struct efi_firmware_management_protocol efi_fmp_fit; >>> extern const struct efi_firmware_management_protocol efi_fmp_raw; >>> >>> /* Capsule update */ >>> +static inline efi_status_t >>> +efi_valid_update_capsule_params(struct efi_capsule_header >>> + **capsule_header_array, >>> + efi_uintn_t capsule_count, >>> + u64 scatter_gather_list) >>> +{ >>> + u32 flags; >>> + >>> + if (!capsule_count) >>> + return EFI_INVALID_PARAMETER; >> >> If capsule count > 1, don't you have to check all capsules headers? >> >>> + >>> + flags = capsule_header_array[0]->flags; >>> + >>> + if (((flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET) && >>> + !scatter_gather_list) || >>> + ((flags & CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE) && >>> + !(flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET)) || >>> + ((flags & CAPSULE_FLAGS_INITIATE_RESET) && >>> + !(flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET))) >>> + return EFI_INVALID_PARAMETER; >> >> What happens if capsule(0) has CAPSULE_FLAGS_INITIATE_RESET and >> capsule(4) has !CAPSULE_FLAGS_PERSIST_ACROSS_RESET? >> >> Best regards >> >> Heinrich >> >>> + >>> + return EFI_SUCCESS; >>> +} >>> + >>> efi_status_t EFIAPI efi_update_capsule( >>> struct efi_capsule_header **capsule_header_array, >>> efi_uintn_t capsule_count, >>> diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c >>> index 60309d4a07d..380cfd70290 100644 >>> --- a/lib/efi_loader/efi_capsule.c >>> +++ b/lib/efi_loader/efi_capsule.c >>> @@ -442,12 +442,12 @@ efi_status_t EFIAPI efi_update_capsule( >>> EFI_ENTRY("%p, %zu, %llu\n", capsule_header_array, capsule_count, >>> scatter_gather_list); >>> >>> - if (!capsule_count) { >>> - ret = EFI_INVALID_PARAMETER; >>> + ret = efi_valid_update_capsule_params(capsule_header_array, >>> + capsule_count, >>> + scatter_gather_list); >>> + if (ret != EFI_SUCCESS) >>> goto out; >>> - } >>> >>> - ret = EFI_SUCCESS; >>> for (i = 0, capsule = *capsule_header_array; i < capsule_count; >>> i++, capsule = *(++capsule_header_array)) { >>> /* sanity check */ >>> diff --git a/lib/efi_loader/efi_runtime.c b/lib/efi_loader/efi_runtime.c >>> index 93a695fc27e..449ad8b9f36 100644 >>> --- a/lib/efi_loader/efi_runtime.c >>> +++ b/lib/efi_loader/efi_runtime.c >>> @@ -467,6 +467,14 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule_unsupported( >>> efi_uintn_t capsule_count, >>> u64 scatter_gather_list) >>> { >>> + efi_status_t ret; >>> + >>> + ret = efi_valid_update_capsule_params(capsule_header_array, >>> + capsule_count, >>> + scatter_gather_list); > > This is "efi_update_capsule_unsupported" function. > We don't have to check parameters. > > -Takahiro Akashi Hello Vincent, I will mark this patch as "changes requested". Please, send an updated version. Best regards Heinrich > >>> + if (ret != EFI_SUCCESS) >>> + return ret; >>> + >>> return EFI_UNSUPPORTED; >>> } >>> >>> >> ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-06-21 6:04 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-06-11 16:15 [PATCH] efi_loader: check update capsule parameters Vincent Stehlé 2021-06-11 17:06 ` Heinrich Schuchardt 2021-06-12 0:13 ` AKASHI Takahiro 2021-06-21 6:04 ` Heinrich Schuchardt
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).