Commit b8dbf730 authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'efi-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull EFI updates from Ingo Molnar:
 "The biggest change in this cycle was the addition of ARM CPER error
  decoding when printing EFI errors into the kernel log.

  There are also misc smaller updates: documentation update, cleanups
  and an EFI memory map permissions quirk"

* 'efi-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/efi: Clarify that reset attack mitigation needs appropriate userspace
  efi: Parse ARM error information value
  efi: Move ARM CPER code to new file
  efi: Use PTR_ERR_OR_ZERO()
  arm64/efi: Ignore EFI_MEMORY_XP attribute if RP and/or WP are set
  efi/capsule-loader: Fix pr_err() string to end with newline
parents d7727946 a5c03c31
...@@ -48,7 +48,9 @@ static __init pteval_t create_mapping_protection(efi_memory_desc_t *md) ...@@ -48,7 +48,9 @@ static __init pteval_t create_mapping_protection(efi_memory_desc_t *md)
return pgprot_val(PAGE_KERNEL_ROX); return pgprot_val(PAGE_KERNEL_ROX);
/* RW- */ /* RW- */
if (attr & EFI_MEMORY_XP || type != EFI_RUNTIME_SERVICES_CODE) if (((attr & (EFI_MEMORY_RP | EFI_MEMORY_WP | EFI_MEMORY_XP)) ==
EFI_MEMORY_XP) ||
type != EFI_RUNTIME_SERVICES_CODE)
return pgprot_val(PAGE_KERNEL); return pgprot_val(PAGE_KERNEL);
/* RWX */ /* RWX */
......
...@@ -159,13 +159,21 @@ config RESET_ATTACK_MITIGATION ...@@ -159,13 +159,21 @@ config RESET_ATTACK_MITIGATION
using the TCG Platform Reset Attack Mitigation specification. This using the TCG Platform Reset Attack Mitigation specification. This
protects against an attacker forcibly rebooting the system while it protects against an attacker forcibly rebooting the system while it
still contains secrets in RAM, booting another OS and extracting the still contains secrets in RAM, booting another OS and extracting the
secrets. secrets. This should only be enabled when userland is configured to
clear the MemoryOverwriteRequest flag on clean shutdown after secrets
have been evicted, since otherwise it will trigger even on clean
reboots.
endmenu endmenu
config UEFI_CPER config UEFI_CPER
bool bool
config UEFI_CPER_ARM
bool
depends on UEFI_CPER && ( ARM || ARM64 )
default y
config EFI_DEV_PATH_PARSER config EFI_DEV_PATH_PARSER
bool bool
depends on ACPI depends on ACPI
......
...@@ -30,3 +30,4 @@ arm-obj-$(CONFIG_EFI) := arm-init.o arm-runtime.o ...@@ -30,3 +30,4 @@ arm-obj-$(CONFIG_EFI) := arm-init.o arm-runtime.o
obj-$(CONFIG_ARM) += $(arm-obj-y) obj-$(CONFIG_ARM) += $(arm-obj-y)
obj-$(CONFIG_ARM64) += $(arm-obj-y) obj-$(CONFIG_ARM64) += $(arm-obj-y)
obj-$(CONFIG_EFI_CAPSULE_LOADER) += capsule-loader.o obj-$(CONFIG_EFI_CAPSULE_LOADER) += capsule-loader.o
obj-$(CONFIG_UEFI_CPER_ARM) += cper-arm.o
...@@ -45,7 +45,7 @@ int __efi_capsule_setup_info(struct capsule_info *cap_info) ...@@ -45,7 +45,7 @@ int __efi_capsule_setup_info(struct capsule_info *cap_info)
pages_needed = ALIGN(cap_info->total_size, PAGE_SIZE) / PAGE_SIZE; pages_needed = ALIGN(cap_info->total_size, PAGE_SIZE) / PAGE_SIZE;
if (pages_needed == 0) { if (pages_needed == 0) {
pr_err("invalid capsule size"); pr_err("invalid capsule size\n");
return -EINVAL; return -EINVAL;
} }
......
This diff is collapsed.
...@@ -122,7 +122,7 @@ static const char * const proc_isa_strs[] = { ...@@ -122,7 +122,7 @@ static const char * const proc_isa_strs[] = {
"ARM A64", "ARM A64",
}; };
static const char * const proc_error_type_strs[] = { const char * const cper_proc_error_type_strs[] = {
"cache error", "cache error",
"TLB error", "TLB error",
"bus error", "bus error",
...@@ -157,8 +157,8 @@ static void cper_print_proc_generic(const char *pfx, ...@@ -157,8 +157,8 @@ static void cper_print_proc_generic(const char *pfx,
if (proc->validation_bits & CPER_PROC_VALID_ERROR_TYPE) { if (proc->validation_bits & CPER_PROC_VALID_ERROR_TYPE) {
printk("%s""error_type: 0x%02x\n", pfx, proc->proc_error_type); printk("%s""error_type: 0x%02x\n", pfx, proc->proc_error_type);
cper_print_bits(pfx, proc->proc_error_type, cper_print_bits(pfx, proc->proc_error_type,
proc_error_type_strs, cper_proc_error_type_strs,
ARRAY_SIZE(proc_error_type_strs)); ARRAY_SIZE(cper_proc_error_type_strs));
} }
if (proc->validation_bits & CPER_PROC_VALID_OPERATION) if (proc->validation_bits & CPER_PROC_VALID_OPERATION)
printk("%s""operation: %d, %s\n", pfx, proc->operation, printk("%s""operation: %d, %s\n", pfx, proc->operation,
...@@ -188,122 +188,6 @@ static void cper_print_proc_generic(const char *pfx, ...@@ -188,122 +188,6 @@ static void cper_print_proc_generic(const char *pfx,
printk("%s""IP: 0x%016llx\n", pfx, proc->ip); printk("%s""IP: 0x%016llx\n", pfx, proc->ip);
} }
#if defined(CONFIG_ARM64) || defined(CONFIG_ARM)
static const char * const arm_reg_ctx_strs[] = {
"AArch32 general purpose registers",
"AArch32 EL1 context registers",
"AArch32 EL2 context registers",
"AArch32 secure context registers",
"AArch64 general purpose registers",
"AArch64 EL1 context registers",
"AArch64 EL2 context registers",
"AArch64 EL3 context registers",
"Misc. system register structure",
};
static void cper_print_proc_arm(const char *pfx,
const struct cper_sec_proc_arm *proc)
{
int i, len, max_ctx_type;
struct cper_arm_err_info *err_info;
struct cper_arm_ctx_info *ctx_info;
char newpfx[64];
printk("%sMIDR: 0x%016llx\n", pfx, proc->midr);
len = proc->section_length - (sizeof(*proc) +
proc->err_info_num * (sizeof(*err_info)));
if (len < 0) {
printk("%ssection length: %d\n", pfx, proc->section_length);
printk("%ssection length is too small\n", pfx);
printk("%sfirmware-generated error record is incorrect\n", pfx);
printk("%sERR_INFO_NUM is %d\n", pfx, proc->err_info_num);
return;
}
if (proc->validation_bits & CPER_ARM_VALID_MPIDR)
printk("%sMultiprocessor Affinity Register (MPIDR): 0x%016llx\n",
pfx, proc->mpidr);
if (proc->validation_bits & CPER_ARM_VALID_AFFINITY_LEVEL)
printk("%serror affinity level: %d\n", pfx,
proc->affinity_level);
if (proc->validation_bits & CPER_ARM_VALID_RUNNING_STATE) {
printk("%srunning state: 0x%x\n", pfx, proc->running_state);
printk("%sPower State Coordination Interface state: %d\n",
pfx, proc->psci_state);
}
snprintf(newpfx, sizeof(newpfx), "%s%s", pfx, INDENT_SP);
err_info = (struct cper_arm_err_info *)(proc + 1);
for (i = 0; i < proc->err_info_num; i++) {
printk("%sError info structure %d:\n", pfx, i);
printk("%snum errors: %d\n", pfx, err_info->multiple_error + 1);
if (err_info->validation_bits & CPER_ARM_INFO_VALID_FLAGS) {
if (err_info->flags & CPER_ARM_INFO_FLAGS_FIRST)
printk("%sfirst error captured\n", newpfx);
if (err_info->flags & CPER_ARM_INFO_FLAGS_LAST)
printk("%slast error captured\n", newpfx);
if (err_info->flags & CPER_ARM_INFO_FLAGS_PROPAGATED)
printk("%spropagated error captured\n",
newpfx);
if (err_info->flags & CPER_ARM_INFO_FLAGS_OVERFLOW)
printk("%soverflow occurred, error info is incomplete\n",
newpfx);
}
printk("%serror_type: %d, %s\n", newpfx, err_info->type,
err_info->type < ARRAY_SIZE(proc_error_type_strs) ?
proc_error_type_strs[err_info->type] : "unknown");
if (err_info->validation_bits & CPER_ARM_INFO_VALID_ERR_INFO)
printk("%serror_info: 0x%016llx\n", newpfx,
err_info->error_info);
if (err_info->validation_bits & CPER_ARM_INFO_VALID_VIRT_ADDR)
printk("%svirtual fault address: 0x%016llx\n",
newpfx, err_info->virt_fault_addr);
if (err_info->validation_bits & CPER_ARM_INFO_VALID_PHYSICAL_ADDR)
printk("%sphysical fault address: 0x%016llx\n",
newpfx, err_info->physical_fault_addr);
err_info += 1;
}
ctx_info = (struct cper_arm_ctx_info *)err_info;
max_ctx_type = ARRAY_SIZE(arm_reg_ctx_strs) - 1;
for (i = 0; i < proc->context_info_num; i++) {
int size = sizeof(*ctx_info) + ctx_info->size;
printk("%sContext info structure %d:\n", pfx, i);
if (len < size) {
printk("%ssection length is too small\n", newpfx);
printk("%sfirmware-generated error record is incorrect\n", pfx);
return;
}
if (ctx_info->type > max_ctx_type) {
printk("%sInvalid context type: %d (max: %d)\n",
newpfx, ctx_info->type, max_ctx_type);
return;
}
printk("%sregister context type: %s\n", newpfx,
arm_reg_ctx_strs[ctx_info->type]);
print_hex_dump(newpfx, "", DUMP_PREFIX_OFFSET, 16, 4,
(ctx_info + 1), ctx_info->size, 0);
len -= size;
ctx_info = (struct cper_arm_ctx_info *)((long)ctx_info + size);
}
if (len > 0) {
printk("%sVendor specific error info has %u bytes:\n", pfx,
len);
print_hex_dump(newpfx, "", DUMP_PREFIX_OFFSET, 16, 4, ctx_info,
len, true);
}
}
#endif
static const char * const mem_err_type_strs[] = { static const char * const mem_err_type_strs[] = {
"unknown", "unknown",
"no error", "no error",
......
...@@ -608,7 +608,7 @@ static int __init efi_load_efivars(void) ...@@ -608,7 +608,7 @@ static int __init efi_load_efivars(void)
return 0; return 0;
pdev = platform_device_register_simple("efivars", 0, NULL, 0); pdev = platform_device_register_simple("efivars", 0, NULL, 0);
return IS_ERR(pdev) ? PTR_ERR(pdev) : 0; return PTR_ERR_OR_ZERO(pdev);
} }
device_initcall(efi_load_efivars); device_initcall(efi_load_efivars);
#endif #endif
......
...@@ -275,6 +275,50 @@ enum { ...@@ -275,6 +275,50 @@ enum {
#define CPER_ARM_INFO_FLAGS_PROPAGATED BIT(2) #define CPER_ARM_INFO_FLAGS_PROPAGATED BIT(2)
#define CPER_ARM_INFO_FLAGS_OVERFLOW BIT(3) #define CPER_ARM_INFO_FLAGS_OVERFLOW BIT(3)
#define CPER_ARM_CACHE_ERROR 0
#define CPER_ARM_TLB_ERROR 1
#define CPER_ARM_BUS_ERROR 2
#define CPER_ARM_VENDOR_ERROR 3
#define CPER_ARM_MAX_TYPE CPER_ARM_VENDOR_ERROR
#define CPER_ARM_ERR_VALID_TRANSACTION_TYPE BIT(0)
#define CPER_ARM_ERR_VALID_OPERATION_TYPE BIT(1)
#define CPER_ARM_ERR_VALID_LEVEL BIT(2)
#define CPER_ARM_ERR_VALID_PROC_CONTEXT_CORRUPT BIT(3)
#define CPER_ARM_ERR_VALID_CORRECTED BIT(4)
#define CPER_ARM_ERR_VALID_PRECISE_PC BIT(5)
#define CPER_ARM_ERR_VALID_RESTARTABLE_PC BIT(6)
#define CPER_ARM_ERR_VALID_PARTICIPATION_TYPE BIT(7)
#define CPER_ARM_ERR_VALID_TIME_OUT BIT(8)
#define CPER_ARM_ERR_VALID_ADDRESS_SPACE BIT(9)
#define CPER_ARM_ERR_VALID_MEM_ATTRIBUTES BIT(10)
#define CPER_ARM_ERR_VALID_ACCESS_MODE BIT(11)
#define CPER_ARM_ERR_TRANSACTION_SHIFT 16
#define CPER_ARM_ERR_TRANSACTION_MASK GENMASK(1,0)
#define CPER_ARM_ERR_OPERATION_SHIFT 18
#define CPER_ARM_ERR_OPERATION_MASK GENMASK(3,0)
#define CPER_ARM_ERR_LEVEL_SHIFT 22
#define CPER_ARM_ERR_LEVEL_MASK GENMASK(2,0)
#define CPER_ARM_ERR_PC_CORRUPT_SHIFT 25
#define CPER_ARM_ERR_PC_CORRUPT_MASK GENMASK(0,0)
#define CPER_ARM_ERR_CORRECTED_SHIFT 26
#define CPER_ARM_ERR_CORRECTED_MASK GENMASK(0,0)
#define CPER_ARM_ERR_PRECISE_PC_SHIFT 27
#define CPER_ARM_ERR_PRECISE_PC_MASK GENMASK(0,0)
#define CPER_ARM_ERR_RESTARTABLE_PC_SHIFT 28
#define CPER_ARM_ERR_RESTARTABLE_PC_MASK GENMASK(0,0)
#define CPER_ARM_ERR_PARTICIPATION_TYPE_SHIFT 29
#define CPER_ARM_ERR_PARTICIPATION_TYPE_MASK GENMASK(1,0)
#define CPER_ARM_ERR_TIME_OUT_SHIFT 31
#define CPER_ARM_ERR_TIME_OUT_MASK GENMASK(0,0)
#define CPER_ARM_ERR_ADDRESS_SPACE_SHIFT 32
#define CPER_ARM_ERR_ADDRESS_SPACE_MASK GENMASK(1,0)
#define CPER_ARM_ERR_MEM_ATTRIBUTES_SHIFT 34
#define CPER_ARM_ERR_MEM_ATTRIBUTES_MASK GENMASK(8,0)
#define CPER_ARM_ERR_ACCESS_MODE_SHIFT 43
#define CPER_ARM_ERR_ACCESS_MODE_MASK GENMASK(0,0)
/* /*
* All tables and structs must be byte-packed to match CPER * All tables and structs must be byte-packed to match CPER
* specification, since the tables are provided by the system BIOS * specification, since the tables are provided by the system BIOS
...@@ -494,6 +538,8 @@ struct cper_sec_pcie { ...@@ -494,6 +538,8 @@ struct cper_sec_pcie {
/* Reset to default packing */ /* Reset to default packing */
#pragma pack() #pragma pack()
extern const char * const cper_proc_error_type_strs[4];
u64 cper_next_record_id(void); u64 cper_next_record_id(void);
const char *cper_severity_str(unsigned int); const char *cper_severity_str(unsigned int);
const char *cper_mem_err_type_str(unsigned int); const char *cper_mem_err_type_str(unsigned int);
...@@ -503,5 +549,7 @@ void cper_mem_err_pack(const struct cper_sec_mem_err *, ...@@ -503,5 +549,7 @@ void cper_mem_err_pack(const struct cper_sec_mem_err *,
struct cper_mem_err_compact *); struct cper_mem_err_compact *);
const char *cper_mem_err_unpack(struct trace_seq *, const char *cper_mem_err_unpack(struct trace_seq *,
struct cper_mem_err_compact *); struct cper_mem_err_compact *);
void cper_print_proc_arm(const char *pfx,
const struct cper_sec_proc_arm *proc);
#endif #endif
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment