projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
x86/setup: Always reserve the first 1M of RAM
[linux-block.git] / arch / x86 / platform / efi / quirks.c
CommitLineData
457c8996 1// SPDX-License-Identifier: GPL-2.0-only
26d7f65f
MF		 2#define pr_fmt(fmt) "efi: " fmt
3
eeb9db09
ST		 4#include <linux/init.h>
5#include <linux/kernel.h>
6#include <linux/string.h>
7#include <linux/time.h>
8#include <linux/types.h>
9#include <linux/efi.h>
10#include <linux/slab.h>
11#include <linux/memblock.h>
44be28e9 12#include <linux/acpi.h>
d394f2d9 13#include <linux/dmi.h>
5520b7e7
IM		 14
15#include <asm/e820/api.h>
eeb9db09
ST		 16#include <asm/efi.h>
17#include <asm/uv/uv.h>
2959c95d 18#include <asm/cpu_device_id.h>
e71b6f0b 19#include <asm/realmode.h>
3425d934 20#include <asm/reboot.h>
eeb9db09
ST		 21
22#define EFI_MIN_RESERVE 5120
23
24#define EFI_DUMMY_GUID \
25 EFI_GUID(0x4424ac57, 0xbe4b, 0x47dd, 0x9e, 0x97, 0xed, 0x50, 0xf0, 0x9f, 0x92, 0xa9)
26
2959c95d
JK		 27#define QUARK_CSH_SIGNATURE 0x5f435348 /* _CSH */
28#define QUARK_SECURITY_HEADER_SIZE 0x400
29
30/*
31 * Header prepended to the standard EFI capsule on Quark systems the are based
32 * on Intel firmware BSP.
33 * @csh_signature: Unique identifier to sanity check signed module
34 * presence ("_CSH").
35 * @version: Current version of CSH used. Should be one for Quark A0.
36 * @modulesize: Size of the entire module including the module header
37 * and payload.
38 * @security_version_number_index: Index of SVN to use for validation of signed
39 * module.
40 * @security_version_number: Used to prevent against roll back of modules.
41 * @rsvd_module_id: Currently unused for Clanton (Quark).
42 * @rsvd_module_vendor: Vendor Identifier. For Intel products value is
43 * 0x00008086.
44 * @rsvd_date: BCD representation of build date as yyyymmdd, where
45 * yyyy=4 digit year, mm=1-12, dd=1-31.
46 * @headersize: Total length of the header including including any
47 * padding optionally added by the signing tool.
48 * @hash_algo: What Hash is used in the module signing.
49 * @cryp_algo: What Crypto is used in the module signing.
50 * @keysize: Total length of the key data including including any
51 * padding optionally added by the signing tool.
52 * @signaturesize: Total length of the signature including including any
53 * padding optionally added by the signing tool.
54 * @rsvd_next_header: 32-bit pointer to the next Secure Boot Module in the
55 * chain, if there is a next header.
56 * @rsvd: Reserved, padding structure to required size.
57 *
58 * See also QuartSecurityHeader_t in
59 * Quark_EDKII_v1.2.1.1/QuarkPlatformPkg/Include/QuarkBootRom.h
60 * from https://downloadcenter.intel.com/download/23197/Intel-Quark-SoC-X1000-Board-Support-Package-BSP
61 */
62struct quark_security_header {
63 u32 csh_signature;
64 u32 version;
65 u32 modulesize;
66 u32 security_version_number_index;
67 u32 security_version_number;
68 u32 rsvd_module_id;
69 u32 rsvd_module_vendor;
70 u32 rsvd_date;
71 u32 headersize;
72 u32 hash_algo;
73 u32 cryp_algo;
74 u32 keysize;
75 u32 signaturesize;
76 u32 rsvd_next_header;
77 u32 rsvd[2];
78};
79
36b64976 80static const efi_char16_t efi_dummy_name[] = L"DUMMY";
eeb9db09
ST		 81
82static bool efi_no_storage_paranoia;
83
84/*
85 * Some firmware implementations refuse to boot if there's insufficient
86 * space in the variable store. The implementation of garbage collection
87 * in some FW versions causes stale (deleted) variables to take up space
88 * longer than intended and space is only freed once the store becomes
89 * almost completely full.
90 *
91 * Enabling this option disables the space checks in
92 * efi_query_variable_store() and forces garbage collection.
93 *
94 * Only enable this option if deleting EFI variables does not free up
95 * space in your variable store, e.g. if despite deleting variables
96 * you're unable to create new ones.
97 */
98static int __init setup_storage_paranoia(char *arg)
99{
100 efi_no_storage_paranoia = true;
101 return 0;
102}
103early_param("efi_no_storage_paranoia", setup_storage_paranoia);
104
105/*
106 * Deleting the dummy variable which kicks off garbage collection
107*/
108void efi_delete_dummy_variable(void)
109{
5a58bc1b
SP		 110 efi.set_variable_nonblocking((efi_char16_t *)efi_dummy_name,
111 &EFI_DUMMY_GUID,
112 EFI_VARIABLE_NON_VOLATILE |
113 EFI_VARIABLE_BOOTSERVICE_ACCESS |
114 EFI_VARIABLE_RUNTIME_ACCESS, 0, NULL);
eeb9db09
ST		 115}
116
ca0e30dc
AB		 117/*
118 * In the nonblocking case we do not attempt to perform garbage
119 * collection if we do not have enough free space. Rather, we do the
120 * bare minimum check and give up immediately if the available space
121 * is below EFI_MIN_RESERVE.
122 *
123 * This function is intended to be small and simple because it is
124 * invoked from crash handler paths.
125 */
126static efi_status_t
127query_variable_store_nonblocking(u32 attributes, unsigned long size)
128{
129 efi_status_t status;
130 u64 storage_size, remaining_size, max_size;
131
132 status = efi.query_variable_info_nonblocking(attributes, &storage_size,
133 &remaining_size,
134 &max_size);
135 if (status != EFI_SUCCESS)
136 return status;
137
138 if (remaining_size - size < EFI_MIN_RESERVE)
139 return EFI_OUT_OF_RESOURCES;
140
141 return EFI_SUCCESS;
142}
143
eeb9db09
ST		 144/*
145 * Some firmware implementations refuse to boot if there's insufficient space
146 * in the variable store. Ensure that we never use more than a safe limit.
147 *
148 * Return EFI_SUCCESS if it is safe to write 'size' bytes to the variable
149 * store.
150 */
ca0e30dc
AB		 151efi_status_t efi_query_variable_store(u32 attributes, unsigned long size,
152 bool nonblocking)
eeb9db09
ST		 153{
154 efi_status_t status;
155 u64 storage_size, remaining_size, max_size;
156
157 if (!(attributes & EFI_VARIABLE_NON_VOLATILE))
158 return 0;
159
ca0e30dc
AB		 160 if (nonblocking)
161 return query_variable_store_nonblocking(attributes, size);
162
eeb9db09
ST		 163 status = efi.query_variable_info(attributes, &storage_size,
164 &remaining_size, &max_size);
165 if (status != EFI_SUCCESS)
166 return status;
167
168 /*
169 * We account for that by refusing the write if permitting it would
170 * reduce the available space to under 5KB. This figure was provided by
171 * Samsung, so should be safe.
172 */
173 if ((remaining_size - size < EFI_MIN_RESERVE) &&
174 !efi_no_storage_paranoia) {
175
176 /*
177 * Triggering garbage collection may require that the firmware
178 * generate a real EFI_OUT_OF_RESOURCES error. We can force
179 * that by attempting to use more space than is available.
180 */
181 unsigned long dummy_size = remaining_size + 1024;
9f66d8d7 182 void *dummy = kzalloc(dummy_size, GFP_KERNEL);
eeb9db09
ST		 183
184 if (!dummy)
185 return EFI_OUT_OF_RESOURCES;
186
36b64976
AB		 187 status = efi.set_variable((efi_char16_t *)efi_dummy_name,
188 &EFI_DUMMY_GUID,
eeb9db09
ST		 189 EFI_VARIABLE_NON_VOLATILE |
190 EFI_VARIABLE_BOOTSERVICE_ACCESS |
191 EFI_VARIABLE_RUNTIME_ACCESS,
192 dummy_size, dummy);
193
194 if (status == EFI_SUCCESS) {
195 /*
196 * This should have failed, so if it didn't make sure
197 * that we delete it...
198 */
199 efi_delete_dummy_variable();
200 }
201
202 kfree(dummy);
203
204 /*
205 * The runtime code may now have triggered a garbage collection
206 * run, so check the variable info again
207 */
208 status = efi.query_variable_info(attributes, &storage_size,
209 &remaining_size, &max_size);
210
211 if (status != EFI_SUCCESS)
212 return status;
213
214 /*
215 * There still isn't enough room, so return an error
216 */
217 if (remaining_size - size < EFI_MIN_RESERVE)
218 return EFI_OUT_OF_RESOURCES;
219 }
220
221 return EFI_SUCCESS;
222}
223EXPORT_SYMBOL_GPL(efi_query_variable_store);
224
816e7612
MF		 225/*
226 * The UEFI specification makes it clear that the operating system is
227 * free to do whatever it wants with boot services code after
228 * ExitBootServices() has been called. Ignoring this recommendation a
229 * significant bunch of EFI implementations continue calling into boot
230 * services code (SetVirtualAddressMap). In order to work around such
231 * buggy implementations we reserve boot services region during EFI
232 * init and make sure it stays executable. Then, after
233 * SetVirtualAddressMap(), it is discarded.
234 *
235 * However, some boot services regions contain data that is required
236 * by drivers, so we need to track which memory ranges can never be
237 * freed. This is done by tagging those regions with the
238 * EFI_MEMORY_RUNTIME attribute.
239 *
240 * Any driver that wants to mark a region as reserved must use
241 * efi_mem_reserve() which will insert a new EFI memory descriptor
242 * into efi.memmap (splitting existing regions if necessary) and tag
243 * it with EFI_MEMORY_RUNTIME.
244 */
245void __init efi_arch_mem_reserve(phys_addr_t addr, u64 size)
246{
1db91035 247 struct efi_memory_map_data data = { 0 };
816e7612
MF		 248 struct efi_mem_range mr;
249 efi_memory_desc_t md;
250 int num_entries;
251 void *new;
252
7e1550b8
AB		 253 if (efi_mem_desc_lookup(addr, &md) ||
254 md.type != EFI_BOOT_SERVICES_DATA) {
816e7612
MF		 255 pr_err("Failed to lookup EFI memory descriptor for %pa\n", &addr);
256 return;
257 }
258
259 if (addr + size > md.phys_addr + (md.num_pages << EFI_PAGE_SHIFT)) {
260 pr_err("Region spans EFI memory descriptors, %pa\n", &addr);
261 return;
262 }
263
92dc3350
MF		 264 size += addr % EFI_PAGE_SIZE;
265 size = round_up(size, EFI_PAGE_SIZE);
266 addr = round_down(addr, EFI_PAGE_SIZE);
267
816e7612 268 mr.range.start = addr;
92dc3350 269 mr.range.end = addr + size - 1;
816e7612
MF		 270 mr.attribute = md.attribute | EFI_MEMORY_RUNTIME;
271
272 num_entries = efi_memmap_split_count(&md, &mr.range);
273 num_entries += efi.memmap.nr_map;
274
1db91035 275 if (efi_memmap_alloc(num_entries, &data) != 0) {
816e7612
MF		 276 pr_err("Could not allocate boot services memmap\n");
277 return;
278 }
279
1db91035 280 new = early_memremap(data.phys_map, data.size);
816e7612
MF		 281 if (!new) {
282 pr_err("Failed to map new boot services memmap\n");
283 return;
284 }
285
286 efi_memmap_insert(&efi.memmap, new, &mr);
1db91035 287 early_memunmap(new, data.size);
816e7612 288
1db91035 289 efi_memmap_install(&data);
af164898
DY		 290 e820__range_update(addr, size, E820_TYPE_RAM, E820_TYPE_RESERVED);
291 e820__update_table(e820_table);
816e7612
MF		 292}
293
452308de
MF		 294/*
295 * Helper function for efi_reserve_boot_services() to figure out if we
296 * can free regions in efi_free_boot_services().
297 *
298 * Use this function to ensure we do not free regions owned by somebody
299 * else. We must only reserve (and then free) regions:
300 *
301 * - Not within any part of the kernel
09821ff1 302 * - Not the BIOS reserved area (E820_TYPE_RESERVED, E820_TYPE_NVS, etc)
452308de 303 */
8fe55212 304static __init bool can_free_region(u64 start, u64 size)
452308de
MF		 305{
306 if (start + size > __pa_symbol(_text) && start <= __pa_symbol(_end))
307 return false;
308
09821ff1 309 if (!e820__mapped_all(start, start+size, E820_TYPE_RAM))
452308de
MF		 310 return false;
311
312 return true;
313}
314
eeb9db09
ST		 315void __init efi_reserve_boot_services(void)
316{
78ce248f 317 efi_memory_desc_t *md;
eeb9db09 318
6950e31b
DW		 319 if (!efi_enabled(EFI_MEMMAP))
320 return;
321
78ce248f 322 for_each_efi_memory_desc(md) {
eeb9db09
ST		 323 u64 start = md->phys_addr;
324 u64 size = md->num_pages << EFI_PAGE_SHIFT;
452308de 325 bool already_reserved;
eeb9db09
ST		 326
327 if (md->type != EFI_BOOT_SERVICES_CODE &&
328 md->type != EFI_BOOT_SERVICES_DATA)
329 continue;
452308de
MF		 330
331 already_reserved = memblock_is_region_reserved(start, size);
332
333 /*
334 * Because the following memblock_reserve() is paired
53ab85eb 335 * with memblock_free_late() for this region in
452308de
MF		 336 * efi_free_boot_services(), we must be extremely
337 * careful not to reserve, and subsequently free,
338 * critical regions of memory (like the kernel image) or
339 * those regions that somebody else has already
340 * reserved.
341 *
342 * A good example of a critical region that must not be
343 * freed is page zero (first 4Kb of memory), which may
344 * contain boot services code/data but is marked
09821ff1 345 * E820_TYPE_RESERVED by trim_bios_range().
452308de
MF		 346 */
347 if (!already_reserved) {
eeb9db09 348 memblock_reserve(start, size);
452308de
MF		 349
350 /*
351 * If we are the first to reserve the region, no
352 * one else cares about it. We own it and can
353 * free it later.
354 */
355 if (can_free_region(start, size))
356 continue;
357 }
358
359 /*
360 * We don't own the region. We must not free it.
361 *
362 * Setting this bit for a boot services region really
363 * doesn't make sense as far as the firmware is
364 * concerned, but it does provide us with a way to tag
365 * those regions that must not be paired with
53ab85eb 366 * memblock_free_late().
452308de
MF		 367 */
368 md->attribute |= EFI_MEMORY_RUNTIME;
eeb9db09
ST		 369 }
370}
371
08cfb38f
SPP		 372/*
373 * Apart from having VA mappings for EFI boot services code/data regions,
374 * (duplicate) 1:1 mappings were also created as a quirk for buggy firmware. So,
375 * unmap both 1:1 and VA mappings.
376 */
377static void __init efi_unmap_pages(efi_memory_desc_t *md)
378{
379 pgd_t *pgd = efi_mm.pgd;
380 u64 pa = md->phys_addr;
381 u64 va = md->virt_addr;
382
1debf095
SPP		 383 /*
384 * EFI mixed mode has all RAM mapped to access arguments while making
385 * EFI runtime calls, hence don't unmap EFI boot services code/data
386 * regions.
387 */
a8147dba 388 if (efi_is_mixed())
1debf095
SPP		 389 return;
390
08cfb38f
SPP		 391 if (kernel_unmap_pages_in_pgd(pgd, pa, md->num_pages))
392 pr_err("Failed to unmap 1:1 mapping for 0x%llx\n", pa);
393
394 if (kernel_unmap_pages_in_pgd(pgd, va, md->num_pages))
395 pr_err("Failed to unmap VA mapping for 0x%llx\n", va);
396}
397
eeb9db09
ST		 398void __init efi_free_boot_services(void)
399{
1db91035 400 struct efi_memory_map_data data = { 0 };
78ce248f 401 efi_memory_desc_t *md;
816e7612
MF		 402 int num_entries = 0;
403 void *new, *new_md;
eeb9db09 404
0e72a6a3
HG		 405 /* Keep all regions for /sys/kernel/debug/efi */
406 if (efi_enabled(EFI_DBG))
407 return;
408
78ce248f 409 for_each_efi_memory_desc(md) {
eeb9db09
ST		 410 unsigned long long start = md->phys_addr;
411 unsigned long long size = md->num_pages << EFI_PAGE_SHIFT;
5bc653b7 412 size_t rm_size;
eeb9db09
ST		 413
414 if (md->type != EFI_BOOT_SERVICES_CODE &&
816e7612
MF		 415 md->type != EFI_BOOT_SERVICES_DATA) {
416 num_entries++;
eeb9db09 417 continue;
816e7612 418 }
eeb9db09 419
452308de 420 /* Do not free, someone else owns it: */
816e7612
MF		 421 if (md->attribute & EFI_MEMORY_RUNTIME) {
422 num_entries++;
eeb9db09 423 continue;
816e7612 424 }
eeb9db09 425
08cfb38f
SPP		 426 /*
427 * Before calling set_virtual_address_map(), EFI boot services
428 * code/data regions were mapped as a quirk for buggy firmware.
429 * Unmap them from efi_pgd before freeing them up.
430 */
431 efi_unmap_pages(md);
432
5bc653b7
AL		 433 /*
434 * Nasty quirk: if all sub-1MB memory is used for boot
435 * services, we can get here without having allocated the
436 * real mode trampoline. It's too late to hand boot services
437 * memory back to the memblock allocator, so instead
438 * try to manually allocate the trampoline if needed.
439 *
440 * I've seen this on a Dell XPS 13 9350 with firmware
441 * 1.4.4 with SGX enabled booting Linux via Fedora 24's
442 * grub2-efi on a hard disk. (And no, I don't know why
443 * this happened, but Linux should still try to boot rather
163b0991 444 * panicking early.)
5bc653b7
AL		 445 */
446 rm_size = real_mode_size_needed();
447 if (rm_size && (start + rm_size) < (1<<20) && size >= rm_size) {
f560bd19 448 set_real_mode_mem(start);
5bc653b7
AL		 449 start += rm_size;
450 size -= rm_size;
451 }
452
f1d4d47c
MR		 453 /*
454 * Don't free memory under 1M for two reasons:
455 * - BIOS might clobber it
456 * - Crash kernel needs it to be reserved
457 */
458 if (start + size < SZ_1M)
459 continue;
460 if (start < SZ_1M) {
461 size -= (SZ_1M - start);
462 start = SZ_1M;
463 }
464
53ab85eb 465 memblock_free_late(start, size);
eeb9db09 466 }
816e7612 467
1ea34adb
JG		 468 if (!num_entries)
469 return;
470
1db91035 471 if (efi_memmap_alloc(num_entries, &data) != 0) {
816e7612
MF		 472 pr_err("Failed to allocate new EFI memmap\n");
473 return;
474 }
475
1db91035 476 new = memremap(data.phys_map, data.size, MEMREMAP_WB);
816e7612
MF		 477 if (!new) {
478 pr_err("Failed to map new EFI memmap\n");
479 return;
480 }
481
482 /*
483 * Build a new EFI memmap that excludes any boot services
484 * regions that are not tagged EFI_MEMORY_RUNTIME, since those
485 * regions have now been freed.
486 */
487 new_md = new;
488 for_each_efi_memory_desc(md) {
489 if (!(md->attribute & EFI_MEMORY_RUNTIME) &&
490 (md->type == EFI_BOOT_SERVICES_CODE ||
491 md->type == EFI_BOOT_SERVICES_DATA))
492 continue;
493
494 memcpy(new_md, md, efi.memmap.desc_size);
495 new_md += efi.memmap.desc_size;
496 }
497
498 memunmap(new);
499
1db91035 500 if (efi_memmap_install(&data) != 0) {
816e7612
MF		 501 pr_err("Could not install new EFI memmap\n");
502 return;
503 }
eeb9db09
ST		 504}
505
506/*
507 * A number of config table entries get remapped to virtual addresses
508 * after entering EFI virtual mode. However, the kexec kernel requires
509 * their physical addresses therefore we pass them via setup_data and
510 * correct those entries to their respective physical addresses here.
511 *
512 * Currently only handles smbios which is necessary for some firmware
513 * implementation.
514 */
515int __init efi_reuse_config(u64 tables, int nr_tables)
516{
517 int i, sz, ret = 0;
518 void *p, *tablep;
519 struct efi_setup_data *data;
520
88447c5b
RB		 521 if (nr_tables == 0)
522 return 0;
523
eeb9db09
ST		 524 if (!efi_setup)
525 return 0;
526
527 if (!efi_enabled(EFI_64BIT))
528 return 0;
529
530 data = early_memremap(efi_setup, sizeof(*data));
531 if (!data) {
532 ret = -ENOMEM;
533 goto out;
534 }
535
536 if (!data->smbios)
537 goto out_memremap;
538
539 sz = sizeof(efi_config_table_64_t);
540
541 p = tablep = early_memremap(tables, nr_tables * sz);
542 if (!p) {
543 pr_err("Could not map Configuration table!\n");
544 ret = -ENOMEM;
545 goto out_memremap;
546 }
547
9cd437ac 548 for (i = 0; i < nr_tables; i++) {
eeb9db09
ST		 549 efi_guid_t guid;
550
551 guid = ((efi_config_table_64_t *)p)->guid;
552
553 if (!efi_guidcmp(guid, SMBIOS_TABLE_GUID))
554 ((efi_config_table_64_t *)p)->table = data->smbios;
555 p += sz;
556 }
98a716b6 557 early_memunmap(tablep, nr_tables * sz);
eeb9db09
ST		 558
559out_memremap:
98a716b6 560 early_memunmap(data, sizeof(*data));
eeb9db09
ST		 561out:
562 return ret;
563}
564
565void __init efi_apply_memmap_quirks(void)
566{
567 /*
568 * Once setup is done earlier, unmap the EFI memory map on mismatched
569 * firmware/kernel architectures since there is no support for runtime
570 * services.
571 */
572 if (!efi_runtime_supported()) {
26d7f65f 573 pr_info("Setup done, disabling due to 32/64-bit mismatch\n");
9479c7ce 574 efi_memmap_unmap();
eeb9db09 575 }
eeb9db09 576}
44be28e9
MF		 577
578/*
579 * For most modern platforms the preferred method of powering off is via
580 * ACPI. However, there are some that are known to require the use of
581 * EFI runtime services and for which ACPI does not work at all.
582 *
583 * Using EFI is a last resort, to be used only if no other option
584 * exists.
585 */
586bool efi_reboot_required(void)
587{
588 if (!acpi_gbl_reduced_hardware)
589 return false;
590
591 efi_reboot_quirk_mode = EFI_RESET_WARM;
592 return true;
593}
594
595bool efi_poweroff_required(void)
596{
13737181 597 return acpi_gbl_reduced_hardware || acpi_no_s5;
44be28e9 598}
2959c95d
JK		 599
600#ifdef CONFIG_EFI_CAPSULE_QUIRK_QUARK_CSH
601
602static int qrk_capsule_setup_info(struct capsule_info *cap_info, void **pkbuff,
603 size_t hdr_bytes)
604{
605 struct quark_security_header *csh = *pkbuff;
606
607 /* Only process data block that is larger than the security header */
608 if (hdr_bytes < sizeof(struct quark_security_header))
609 return 0;
610
611 if (csh->csh_signature != QUARK_CSH_SIGNATURE ||
612 csh->headersize != QUARK_SECURITY_HEADER_SIZE)
613 return 1;
614
615 /* Only process data block if EFI header is included */
616 if (hdr_bytes < QUARK_SECURITY_HEADER_SIZE +
617 sizeof(efi_capsule_header_t))
618 return 0;
619
620 pr_debug("Quark security header detected\n");
621
622 if (csh->rsvd_next_header != 0) {
623 pr_err("multiple Quark security headers not supported\n");
624 return -EINVAL;
625 }
626
627 *pkbuff += csh->headersize;
628 cap_info->total_size = csh->headersize;
629
630 /*
631 * Update the first page pointer to skip over the CSH header.
632 */
f24c4d47
AB		 633 cap_info->phys[0] += csh->headersize;
634
635 /*
636 * cap_info->capsule should point at a virtual mapping of the entire
637 * capsule, starting at the capsule header. Our image has the Quark
638 * security header prepended, so we cannot rely on the default vmap()
639 * mapping created by the generic capsule code.
640 * Given that the Quark firmware does not appear to care about the
641 * virtual mapping, let's just point cap_info->capsule at our copy
642 * of the capsule header.
643 */
644 cap_info->capsule = &cap_info->header;
2959c95d
JK		 645
646 return 1;
647}
648
2959c95d 649static const struct x86_cpu_id efi_capsule_quirk_ids[] = {
9595198f
TG		 650 X86_MATCH_VENDOR_FAM_MODEL(INTEL, 5, INTEL_FAM5_QUARK_X1000,
651 &qrk_capsule_setup_info),
2959c95d
JK		 652 { }
653};
654
655int efi_capsule_setup_info(struct capsule_info *cap_info, void *kbuff,
656 size_t hdr_bytes)
657{
658 int (*quirk_handler)(struct capsule_info *, void **, size_t);
659 const struct x86_cpu_id *id;
660 int ret;
661
662 if (hdr_bytes < sizeof(efi_capsule_header_t))
663 return 0;
664
665 cap_info->total_size = 0;
666
667 id = x86_match_cpu(efi_capsule_quirk_ids);
668 if (id) {
669 /*
670 * The quirk handler is supposed to return
671 * - a value > 0 if the setup should continue, after advancing
672 * kbuff as needed
673 * - 0 if not enough hdr_bytes are available yet
674 * - a negative error code otherwise
675 */
676 quirk_handler = (typeof(quirk_handler))id->driver_data;
677 ret = quirk_handler(cap_info, &kbuff, hdr_bytes);
678 if (ret <= 0)
679 return ret;
680 }
681
682 memcpy(&cap_info->header, kbuff, sizeof(cap_info->header));
683
684 cap_info->total_size += cap_info->header.imagesize;
685
686 return __efi_capsule_setup_info(cap_info);
687}
688
689#endif
3425d934
SP		 690
691/*
692 * If any access by any efi runtime service causes a page fault, then,
693 * 1. If it's efi_reset_system(), reboot through BIOS.
694 * 2. If any other efi runtime service, then
695 * a. Return error status to the efi caller process.
696 * b. Disable EFI Runtime Services forever and
697 * c. Freeze efi_rts_wq and schedule new process.
698 *
699 * @return: Returns, if the page fault is not handled. This function
700 * will never return if the page fault is handled successfully.
701 */
c46f5223 702void efi_crash_gracefully_on_page_fault(unsigned long phys_addr)
3425d934
SP		 703{
704 if (!IS_ENABLED(CONFIG_X86_64))
705 return;
706
c46f5223
AL		 707 /*
708 * If we get an interrupt/NMI while processing an EFI runtime service
709 * then this is a regular OOPS, not an EFI failure.
710 */
711 if (in_interrupt())
712 return;
713
3425d934
SP		 714 /*
715 * Make sure that an efi runtime service caused the page fault.
c46f5223
AL		 716 * READ_ONCE() because we might be OOPSing in a different thread,
717 * and we don't want to trip KTSAN while trying to OOPS.
3425d934 718 */
c46f5223
AL		 719 if (READ_ONCE(efi_rts_work.efi_rts_id) == EFI_NONE ||
720 current_work() != &efi_rts_work.work)
3425d934
SP		 721 return;
722
723 /*
724 * Address range 0x0000 - 0x0fff is always mapped in the efi_pgd, so
725 * page faulting on these addresses isn't expected.
726 */
919aef44 727 if (phys_addr <= 0x0fff)
3425d934
SP		 728 return;
729
730 /*
731 * Print stack trace as it might be useful to know which EFI Runtime
732 * Service is buggy.
733 */
734 WARN(1, FW_BUG "Page fault caused by firmware at PA: 0x%lx\n",
735 phys_addr);
736
737 /*
738 * Buggy efi_reset_system() is handled differently from other EFI
739 * Runtime Services as it doesn't use efi_rts_wq. Although,
740 * native_machine_emergency_restart() says that machine_real_restart()
d9f6e12f 741 * could fail, it's better not to complicate this fault handler
3425d934
SP		 742 * because this case occurs *very* rarely and hence could be improved
743 * on a need by basis.
744 */
5c418dc7 745 if (efi_rts_work.efi_rts_id == EFI_RESET_SYSTEM) {
3425d934
SP		 746 pr_info("efi_reset_system() buggy! Reboot through BIOS\n");
747 machine_real_restart(MRR_BIOS);
748 return;
749 }
750
751 /*
752 * Before calling EFI Runtime Service, the kernel has switched the
753 * calling process to efi_mm. Hence, switch back to task_mm.
754 */
755 arch_efi_call_virt_teardown();
756
757 /* Signal error status to the efi caller process */
758 efi_rts_work.status = EFI_ABORTED;
759 complete(&efi_rts_work.efi_rts_comp);
760
761 clear_bit(EFI_RUNTIME_SERVICES, &efi.flags);
762 pr_info("Froze efi_rts_wq and disabled EFI Runtime Services\n");
763
764 /*
765 * Call schedule() in an infinite loop, so that any spurious wake ups
766 * will never run efi_rts_wq again.
767 */
768 for (;;) {
769 set_current_state(TASK_IDLE);
770 schedule();
771 }
3425d934 772}
Linux 6.x block layer and io_uring tree(s)