2014-06-26 18:09:05 +08:00
|
|
|
/*
|
|
|
|
|
* runtime-wrappers.c - Runtime Services function call wrappers
|
|
|
|
|
*
|
|
|
|
|
* Copyright (C) 2014 Linaro Ltd. <ard.biesheuvel@linaro.org>
|
|
|
|
|
*
|
|
|
|
|
* Split off from arch/x86/platform/efi/efi.c
|
|
|
|
|
*
|
|
|
|
|
* Copyright (C) 1999 VA Linux Systems
|
|
|
|
|
* Copyright (C) 1999 Walt Drummond <drummond@valinux.com>
|
|
|
|
|
* Copyright (C) 1999-2002 Hewlett-Packard Co.
|
|
|
|
|
* Copyright (C) 2005-2008 Intel Co.
|
|
|
|
|
* Copyright (C) 2013 SuSE Labs
|
|
|
|
|
*
|
|
|
|
|
* This file is released under the GPLv2.
|
|
|
|
|
*/
|
|
|
|
|
|
2014-08-05 00:16:00 +08:00
|
|
|
#include <linux/bug.h>
|
2014-06-26 18:09:05 +08:00
|
|
|
#include <linux/efi.h>
|
efi/runtime-wrappers: Detect firmware IRQ flag corruption
The UEFI spec allows runtime services to be called with interrupts
masked or unmasked, and if a runtime service function needs to mask
interrupts, it must restore the mask to its original state before
returning (i.e. from the PoV of the OS, this does not change across a
call). Firmware should never unmask exceptions, as these may then be
taken by the OS unexpectedly.
Unfortunately, some firmware has been seen to unmask IRQs (and
potentially other maskable exceptions) across runtime services calls,
leaving IRQ flags corrupted after returning from a runtime services
function call. This may be detected by the IRQ tracing code, but often
goes unnoticed, leaving a potentially disastrous bug hidden.
This patch detects when the IRQ flags are corrupted by an EFI runtime
services call, logging the call and specific corruption to the console.
While restoring the expected value of the flags is insufficient to avoid
problems, we do so to avoid redundant warnings from elsewhere (e.g. IRQ
tracing).
The set of bits in flags which we want to check is architecture-specific
(e.g. we want to check FIQ on arm64, but not the zero flag on x86), so
each arch must provide ARCH_EFI_IRQ_FLAGS_MASK to describe those. In the
absence of this mask, the check is a no-op, and we redundantly save the
flags twice, but that will be short-lived as subsequent patches
will implement this and remove the scaffolding.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/1461614832-17633-37-git-send-email-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-04-26 04:07:08 +08:00
|
|
|
#include <linux/irqflags.h>
|
2014-08-05 00:16:00 +08:00
|
|
|
#include <linux/mutex.h>
|
|
|
|
|
#include <linux/spinlock.h>
|
efi/runtime-wrappers: Detect firmware IRQ flag corruption
The UEFI spec allows runtime services to be called with interrupts
masked or unmasked, and if a runtime service function needs to mask
interrupts, it must restore the mask to its original state before
returning (i.e. from the PoV of the OS, this does not change across a
call). Firmware should never unmask exceptions, as these may then be
taken by the OS unexpectedly.
Unfortunately, some firmware has been seen to unmask IRQs (and
potentially other maskable exceptions) across runtime services calls,
leaving IRQ flags corrupted after returning from a runtime services
function call. This may be detected by the IRQ tracing code, but often
goes unnoticed, leaving a potentially disastrous bug hidden.
This patch detects when the IRQ flags are corrupted by an EFI runtime
services call, logging the call and specific corruption to the console.
While restoring the expected value of the flags is insufficient to avoid
problems, we do so to avoid redundant warnings from elsewhere (e.g. IRQ
tracing).
The set of bits in flags which we want to check is architecture-specific
(e.g. we want to check FIQ on arm64, but not the zero flag on x86), so
each arch must provide ARCH_EFI_IRQ_FLAGS_MASK to describe those. In the
absence of this mask, the check is a no-op, and we redundantly save the
flags twice, but that will be short-lived as subsequent patches
will implement this and remove the scaffolding.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/1461614832-17633-37-git-send-email-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-04-26 04:07:08 +08:00
|
|
|
#include <linux/stringify.h>
|
2014-06-26 18:09:05 +08:00
|
|
|
#include <asm/efi.h>
|
|
|
|
|
|
efi/runtime-wrappers: Detect firmware IRQ flag corruption
The UEFI spec allows runtime services to be called with interrupts
masked or unmasked, and if a runtime service function needs to mask
interrupts, it must restore the mask to its original state before
returning (i.e. from the PoV of the OS, this does not change across a
call). Firmware should never unmask exceptions, as these may then be
taken by the OS unexpectedly.
Unfortunately, some firmware has been seen to unmask IRQs (and
potentially other maskable exceptions) across runtime services calls,
leaving IRQ flags corrupted after returning from a runtime services
function call. This may be detected by the IRQ tracing code, but often
goes unnoticed, leaving a potentially disastrous bug hidden.
This patch detects when the IRQ flags are corrupted by an EFI runtime
services call, logging the call and specific corruption to the console.
While restoring the expected value of the flags is insufficient to avoid
problems, we do so to avoid redundant warnings from elsewhere (e.g. IRQ
tracing).
The set of bits in flags which we want to check is architecture-specific
(e.g. we want to check FIQ on arm64, but not the zero flag on x86), so
each arch must provide ARCH_EFI_IRQ_FLAGS_MASK to describe those. In the
absence of this mask, the check is a no-op, and we redundantly save the
flags twice, but that will be short-lived as subsequent patches
will implement this and remove the scaffolding.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/1461614832-17633-37-git-send-email-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-04-26 04:07:08 +08:00
|
|
|
static void efi_call_virt_check_flags(unsigned long flags, const char *call)
|
|
|
|
|
{
|
|
|
|
|
unsigned long cur_flags, mismatch;
|
|
|
|
|
|
|
|
|
|
local_save_flags(cur_flags);
|
|
|
|
|
|
|
|
|
|
mismatch = flags ^ cur_flags;
|
|
|
|
|
if (!WARN_ON_ONCE(mismatch & ARCH_EFI_IRQ_FLAGS_MASK))
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
add_taint(TAINT_FIRMWARE_WORKAROUND, LOCKDEP_NOW_UNRELIABLE);
|
|
|
|
|
pr_err_ratelimited(FW_BUG "IRQ flags corrupted (0x%08lx=>0x%08lx) by EFI %s\n",
|
|
|
|
|
flags, cur_flags, call);
|
|
|
|
|
local_irq_restore(flags);
|
|
|
|
|
}
|
|
|
|
|
|
efi/runtime-wrappers: Add {__,}efi_call_virt() templates
Currently each architecture must implement two macros, efi_call_virt() and
__efi_call_virt(), which only differ by the presence or absence of a
return type. Otherwise, the logic surrounding the call is identical.
As each architecture must define the entire body of each, we can't place
any generic manipulation (e.g. irq flag validation) in the middle.
This patch adds template implementations of these macros. With these,
arch code can implement three template macros, avoiding reptition for
the void/non-void return cases:
* arch_efi_call_virt_setup()
Sets up the environment for the call (e.g. switching page tables,
allowing kernel-mode use of floating point, if required).
* arch_efi_call_virt()
Performs the call. The last expression in the macro must be the call
itself, allowing the logic to be shared by the void and non-void
cases.
* arch_efi_call_virt_teardown()
Restores the usual kernel environment once the call has returned.
While the savings from repition are minimal, we additionally gain the
ability to add common code around the call with the call environment set
up. This can be used to detect common firmware issues (e.g. bad irq mask
management).
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/1461614832-17633-32-git-send-email-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-04-26 04:07:03 +08:00
|
|
|
/*
|
|
|
|
|
* Arch code can implement the following three template macros, avoiding
|
|
|
|
|
* reptition for the void/non-void return cases of {__,}efi_call_virt:
|
|
|
|
|
*
|
|
|
|
|
* * arch_efi_call_virt_setup
|
|
|
|
|
*
|
|
|
|
|
* Sets up the environment for the call (e.g. switching page tables,
|
|
|
|
|
* allowing kernel-mode use of floating point, if required).
|
|
|
|
|
*
|
|
|
|
|
* * arch_efi_call_virt
|
|
|
|
|
*
|
|
|
|
|
* Performs the call. The last expression in the macro must be the call
|
|
|
|
|
* itself, allowing the logic to be shared by the void and non-void
|
|
|
|
|
* cases.
|
|
|
|
|
*
|
|
|
|
|
* * arch_efi_call_virt_teardown
|
|
|
|
|
*
|
|
|
|
|
* Restores the usual kernel environment once the call has returned.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#define efi_call_virt(f, args...) \
|
|
|
|
|
({ \
|
|
|
|
|
efi_status_t __s; \
|
efi/runtime-wrappers: Detect firmware IRQ flag corruption
The UEFI spec allows runtime services to be called with interrupts
masked or unmasked, and if a runtime service function needs to mask
interrupts, it must restore the mask to its original state before
returning (i.e. from the PoV of the OS, this does not change across a
call). Firmware should never unmask exceptions, as these may then be
taken by the OS unexpectedly.
Unfortunately, some firmware has been seen to unmask IRQs (and
potentially other maskable exceptions) across runtime services calls,
leaving IRQ flags corrupted after returning from a runtime services
function call. This may be detected by the IRQ tracing code, but often
goes unnoticed, leaving a potentially disastrous bug hidden.
This patch detects when the IRQ flags are corrupted by an EFI runtime
services call, logging the call and specific corruption to the console.
While restoring the expected value of the flags is insufficient to avoid
problems, we do so to avoid redundant warnings from elsewhere (e.g. IRQ
tracing).
The set of bits in flags which we want to check is architecture-specific
(e.g. we want to check FIQ on arm64, but not the zero flag on x86), so
each arch must provide ARCH_EFI_IRQ_FLAGS_MASK to describe those. In the
absence of this mask, the check is a no-op, and we redundantly save the
flags twice, but that will be short-lived as subsequent patches
will implement this and remove the scaffolding.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/1461614832-17633-37-git-send-email-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-04-26 04:07:08 +08:00
|
|
|
unsigned long flags; \
|
efi/runtime-wrappers: Add {__,}efi_call_virt() templates
Currently each architecture must implement two macros, efi_call_virt() and
__efi_call_virt(), which only differ by the presence or absence of a
return type. Otherwise, the logic surrounding the call is identical.
As each architecture must define the entire body of each, we can't place
any generic manipulation (e.g. irq flag validation) in the middle.
This patch adds template implementations of these macros. With these,
arch code can implement three template macros, avoiding reptition for
the void/non-void return cases:
* arch_efi_call_virt_setup()
Sets up the environment for the call (e.g. switching page tables,
allowing kernel-mode use of floating point, if required).
* arch_efi_call_virt()
Performs the call. The last expression in the macro must be the call
itself, allowing the logic to be shared by the void and non-void
cases.
* arch_efi_call_virt_teardown()
Restores the usual kernel environment once the call has returned.
While the savings from repition are minimal, we additionally gain the
ability to add common code around the call with the call environment set
up. This can be used to detect common firmware issues (e.g. bad irq mask
management).
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/1461614832-17633-32-git-send-email-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-04-26 04:07:03 +08:00
|
|
|
arch_efi_call_virt_setup(); \
|
efi/runtime-wrappers: Detect firmware IRQ flag corruption
The UEFI spec allows runtime services to be called with interrupts
masked or unmasked, and if a runtime service function needs to mask
interrupts, it must restore the mask to its original state before
returning (i.e. from the PoV of the OS, this does not change across a
call). Firmware should never unmask exceptions, as these may then be
taken by the OS unexpectedly.
Unfortunately, some firmware has been seen to unmask IRQs (and
potentially other maskable exceptions) across runtime services calls,
leaving IRQ flags corrupted after returning from a runtime services
function call. This may be detected by the IRQ tracing code, but often
goes unnoticed, leaving a potentially disastrous bug hidden.
This patch detects when the IRQ flags are corrupted by an EFI runtime
services call, logging the call and specific corruption to the console.
While restoring the expected value of the flags is insufficient to avoid
problems, we do so to avoid redundant warnings from elsewhere (e.g. IRQ
tracing).
The set of bits in flags which we want to check is architecture-specific
(e.g. we want to check FIQ on arm64, but not the zero flag on x86), so
each arch must provide ARCH_EFI_IRQ_FLAGS_MASK to describe those. In the
absence of this mask, the check is a no-op, and we redundantly save the
flags twice, but that will be short-lived as subsequent patches
will implement this and remove the scaffolding.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/1461614832-17633-37-git-send-email-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-04-26 04:07:08 +08:00
|
|
|
local_save_flags(flags); \
|
efi/runtime-wrappers: Add {__,}efi_call_virt() templates
Currently each architecture must implement two macros, efi_call_virt() and
__efi_call_virt(), which only differ by the presence or absence of a
return type. Otherwise, the logic surrounding the call is identical.
As each architecture must define the entire body of each, we can't place
any generic manipulation (e.g. irq flag validation) in the middle.
This patch adds template implementations of these macros. With these,
arch code can implement three template macros, avoiding reptition for
the void/non-void return cases:
* arch_efi_call_virt_setup()
Sets up the environment for the call (e.g. switching page tables,
allowing kernel-mode use of floating point, if required).
* arch_efi_call_virt()
Performs the call. The last expression in the macro must be the call
itself, allowing the logic to be shared by the void and non-void
cases.
* arch_efi_call_virt_teardown()
Restores the usual kernel environment once the call has returned.
While the savings from repition are minimal, we additionally gain the
ability to add common code around the call with the call environment set
up. This can be used to detect common firmware issues (e.g. bad irq mask
management).
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/1461614832-17633-32-git-send-email-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-04-26 04:07:03 +08:00
|
|
|
__s = arch_efi_call_virt(f, args); \
|
efi/runtime-wrappers: Detect firmware IRQ flag corruption
The UEFI spec allows runtime services to be called with interrupts
masked or unmasked, and if a runtime service function needs to mask
interrupts, it must restore the mask to its original state before
returning (i.e. from the PoV of the OS, this does not change across a
call). Firmware should never unmask exceptions, as these may then be
taken by the OS unexpectedly.
Unfortunately, some firmware has been seen to unmask IRQs (and
potentially other maskable exceptions) across runtime services calls,
leaving IRQ flags corrupted after returning from a runtime services
function call. This may be detected by the IRQ tracing code, but often
goes unnoticed, leaving a potentially disastrous bug hidden.
This patch detects when the IRQ flags are corrupted by an EFI runtime
services call, logging the call and specific corruption to the console.
While restoring the expected value of the flags is insufficient to avoid
problems, we do so to avoid redundant warnings from elsewhere (e.g. IRQ
tracing).
The set of bits in flags which we want to check is architecture-specific
(e.g. we want to check FIQ on arm64, but not the zero flag on x86), so
each arch must provide ARCH_EFI_IRQ_FLAGS_MASK to describe those. In the
absence of this mask, the check is a no-op, and we redundantly save the
flags twice, but that will be short-lived as subsequent patches
will implement this and remove the scaffolding.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/1461614832-17633-37-git-send-email-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-04-26 04:07:08 +08:00
|
|
|
efi_call_virt_check_flags(flags, __stringify(f)); \
|
efi/runtime-wrappers: Add {__,}efi_call_virt() templates
Currently each architecture must implement two macros, efi_call_virt() and
__efi_call_virt(), which only differ by the presence or absence of a
return type. Otherwise, the logic surrounding the call is identical.
As each architecture must define the entire body of each, we can't place
any generic manipulation (e.g. irq flag validation) in the middle.
This patch adds template implementations of these macros. With these,
arch code can implement three template macros, avoiding reptition for
the void/non-void return cases:
* arch_efi_call_virt_setup()
Sets up the environment for the call (e.g. switching page tables,
allowing kernel-mode use of floating point, if required).
* arch_efi_call_virt()
Performs the call. The last expression in the macro must be the call
itself, allowing the logic to be shared by the void and non-void
cases.
* arch_efi_call_virt_teardown()
Restores the usual kernel environment once the call has returned.
While the savings from repition are minimal, we additionally gain the
ability to add common code around the call with the call environment set
up. This can be used to detect common firmware issues (e.g. bad irq mask
management).
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/1461614832-17633-32-git-send-email-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-04-26 04:07:03 +08:00
|
|
|
arch_efi_call_virt_teardown(); \
|
|
|
|
|
__s; \
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
#define __efi_call_virt(f, args...) \
|
|
|
|
|
({ \
|
efi/runtime-wrappers: Detect firmware IRQ flag corruption
The UEFI spec allows runtime services to be called with interrupts
masked or unmasked, and if a runtime service function needs to mask
interrupts, it must restore the mask to its original state before
returning (i.e. from the PoV of the OS, this does not change across a
call). Firmware should never unmask exceptions, as these may then be
taken by the OS unexpectedly.
Unfortunately, some firmware has been seen to unmask IRQs (and
potentially other maskable exceptions) across runtime services calls,
leaving IRQ flags corrupted after returning from a runtime services
function call. This may be detected by the IRQ tracing code, but often
goes unnoticed, leaving a potentially disastrous bug hidden.
This patch detects when the IRQ flags are corrupted by an EFI runtime
services call, logging the call and specific corruption to the console.
While restoring the expected value of the flags is insufficient to avoid
problems, we do so to avoid redundant warnings from elsewhere (e.g. IRQ
tracing).
The set of bits in flags which we want to check is architecture-specific
(e.g. we want to check FIQ on arm64, but not the zero flag on x86), so
each arch must provide ARCH_EFI_IRQ_FLAGS_MASK to describe those. In the
absence of this mask, the check is a no-op, and we redundantly save the
flags twice, but that will be short-lived as subsequent patches
will implement this and remove the scaffolding.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/1461614832-17633-37-git-send-email-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-04-26 04:07:08 +08:00
|
|
|
unsigned long flags; \
|
efi/runtime-wrappers: Add {__,}efi_call_virt() templates
Currently each architecture must implement two macros, efi_call_virt() and
__efi_call_virt(), which only differ by the presence or absence of a
return type. Otherwise, the logic surrounding the call is identical.
As each architecture must define the entire body of each, we can't place
any generic manipulation (e.g. irq flag validation) in the middle.
This patch adds template implementations of these macros. With these,
arch code can implement three template macros, avoiding reptition for
the void/non-void return cases:
* arch_efi_call_virt_setup()
Sets up the environment for the call (e.g. switching page tables,
allowing kernel-mode use of floating point, if required).
* arch_efi_call_virt()
Performs the call. The last expression in the macro must be the call
itself, allowing the logic to be shared by the void and non-void
cases.
* arch_efi_call_virt_teardown()
Restores the usual kernel environment once the call has returned.
While the savings from repition are minimal, we additionally gain the
ability to add common code around the call with the call environment set
up. This can be used to detect common firmware issues (e.g. bad irq mask
management).
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/1461614832-17633-32-git-send-email-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-04-26 04:07:03 +08:00
|
|
|
arch_efi_call_virt_setup(); \
|
efi/runtime-wrappers: Detect firmware IRQ flag corruption
The UEFI spec allows runtime services to be called with interrupts
masked or unmasked, and if a runtime service function needs to mask
interrupts, it must restore the mask to its original state before
returning (i.e. from the PoV of the OS, this does not change across a
call). Firmware should never unmask exceptions, as these may then be
taken by the OS unexpectedly.
Unfortunately, some firmware has been seen to unmask IRQs (and
potentially other maskable exceptions) across runtime services calls,
leaving IRQ flags corrupted after returning from a runtime services
function call. This may be detected by the IRQ tracing code, but often
goes unnoticed, leaving a potentially disastrous bug hidden.
This patch detects when the IRQ flags are corrupted by an EFI runtime
services call, logging the call and specific corruption to the console.
While restoring the expected value of the flags is insufficient to avoid
problems, we do so to avoid redundant warnings from elsewhere (e.g. IRQ
tracing).
The set of bits in flags which we want to check is architecture-specific
(e.g. we want to check FIQ on arm64, but not the zero flag on x86), so
each arch must provide ARCH_EFI_IRQ_FLAGS_MASK to describe those. In the
absence of this mask, the check is a no-op, and we redundantly save the
flags twice, but that will be short-lived as subsequent patches
will implement this and remove the scaffolding.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/1461614832-17633-37-git-send-email-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-04-26 04:07:08 +08:00
|
|
|
local_save_flags(flags); \
|
efi/runtime-wrappers: Add {__,}efi_call_virt() templates
Currently each architecture must implement two macros, efi_call_virt() and
__efi_call_virt(), which only differ by the presence or absence of a
return type. Otherwise, the logic surrounding the call is identical.
As each architecture must define the entire body of each, we can't place
any generic manipulation (e.g. irq flag validation) in the middle.
This patch adds template implementations of these macros. With these,
arch code can implement three template macros, avoiding reptition for
the void/non-void return cases:
* arch_efi_call_virt_setup()
Sets up the environment for the call (e.g. switching page tables,
allowing kernel-mode use of floating point, if required).
* arch_efi_call_virt()
Performs the call. The last expression in the macro must be the call
itself, allowing the logic to be shared by the void and non-void
cases.
* arch_efi_call_virt_teardown()
Restores the usual kernel environment once the call has returned.
While the savings from repition are minimal, we additionally gain the
ability to add common code around the call with the call environment set
up. This can be used to detect common firmware issues (e.g. bad irq mask
management).
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/1461614832-17633-32-git-send-email-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-04-26 04:07:03 +08:00
|
|
|
arch_efi_call_virt(f, args); \
|
efi/runtime-wrappers: Detect firmware IRQ flag corruption
The UEFI spec allows runtime services to be called with interrupts
masked or unmasked, and if a runtime service function needs to mask
interrupts, it must restore the mask to its original state before
returning (i.e. from the PoV of the OS, this does not change across a
call). Firmware should never unmask exceptions, as these may then be
taken by the OS unexpectedly.
Unfortunately, some firmware has been seen to unmask IRQs (and
potentially other maskable exceptions) across runtime services calls,
leaving IRQ flags corrupted after returning from a runtime services
function call. This may be detected by the IRQ tracing code, but often
goes unnoticed, leaving a potentially disastrous bug hidden.
This patch detects when the IRQ flags are corrupted by an EFI runtime
services call, logging the call and specific corruption to the console.
While restoring the expected value of the flags is insufficient to avoid
problems, we do so to avoid redundant warnings from elsewhere (e.g. IRQ
tracing).
The set of bits in flags which we want to check is architecture-specific
(e.g. we want to check FIQ on arm64, but not the zero flag on x86), so
each arch must provide ARCH_EFI_IRQ_FLAGS_MASK to describe those. In the
absence of this mask, the check is a no-op, and we redundantly save the
flags twice, but that will be short-lived as subsequent patches
will implement this and remove the scaffolding.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/1461614832-17633-37-git-send-email-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-04-26 04:07:08 +08:00
|
|
|
efi_call_virt_check_flags(flags, __stringify(f)); \
|
efi/runtime-wrappers: Add {__,}efi_call_virt() templates
Currently each architecture must implement two macros, efi_call_virt() and
__efi_call_virt(), which only differ by the presence or absence of a
return type. Otherwise, the logic surrounding the call is identical.
As each architecture must define the entire body of each, we can't place
any generic manipulation (e.g. irq flag validation) in the middle.
This patch adds template implementations of these macros. With these,
arch code can implement three template macros, avoiding reptition for
the void/non-void return cases:
* arch_efi_call_virt_setup()
Sets up the environment for the call (e.g. switching page tables,
allowing kernel-mode use of floating point, if required).
* arch_efi_call_virt()
Performs the call. The last expression in the macro must be the call
itself, allowing the logic to be shared by the void and non-void
cases.
* arch_efi_call_virt_teardown()
Restores the usual kernel environment once the call has returned.
While the savings from repition are minimal, we additionally gain the
ability to add common code around the call with the call environment set
up. This can be used to detect common firmware issues (e.g. bad irq mask
management).
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/1461614832-17633-32-git-send-email-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-04-26 04:07:03 +08:00
|
|
|
arch_efi_call_virt_teardown(); \
|
|
|
|
|
})
|
|
|
|
|
|
2014-08-05 00:16:00 +08:00
|
|
|
/*
|
|
|
|
|
* According to section 7.1 of the UEFI spec, Runtime Services are not fully
|
|
|
|
|
* reentrant, and there are particular combinations of calls that need to be
|
|
|
|
|
* serialized. (source: UEFI Specification v2.4A)
|
|
|
|
|
*
|
|
|
|
|
* Table 31. Rules for Reentry Into Runtime Services
|
|
|
|
|
* +------------------------------------+-------------------------------+
|
|
|
|
|
* | If previous call is busy in | Forbidden to call |
|
|
|
|
|
* +------------------------------------+-------------------------------+
|
|
|
|
|
* | Any | SetVirtualAddressMap() |
|
|
|
|
|
* +------------------------------------+-------------------------------+
|
|
|
|
|
* | ConvertPointer() | ConvertPointer() |
|
|
|
|
|
* +------------------------------------+-------------------------------+
|
|
|
|
|
* | SetVariable() | ResetSystem() |
|
|
|
|
|
* | UpdateCapsule() | |
|
|
|
|
|
* | SetTime() | |
|
|
|
|
|
* | SetWakeupTime() | |
|
|
|
|
|
* | GetNextHighMonotonicCount() | |
|
|
|
|
|
* +------------------------------------+-------------------------------+
|
|
|
|
|
* | GetVariable() | GetVariable() |
|
|
|
|
|
* | GetNextVariableName() | GetNextVariableName() |
|
|
|
|
|
* | SetVariable() | SetVariable() |
|
|
|
|
|
* | QueryVariableInfo() | QueryVariableInfo() |
|
|
|
|
|
* | UpdateCapsule() | UpdateCapsule() |
|
|
|
|
|
* | QueryCapsuleCapabilities() | QueryCapsuleCapabilities() |
|
|
|
|
|
* | GetNextHighMonotonicCount() | GetNextHighMonotonicCount() |
|
|
|
|
|
* +------------------------------------+-------------------------------+
|
|
|
|
|
* | GetTime() | GetTime() |
|
|
|
|
|
* | SetTime() | SetTime() |
|
|
|
|
|
* | GetWakeupTime() | GetWakeupTime() |
|
|
|
|
|
* | SetWakeupTime() | SetWakeupTime() |
|
|
|
|
|
* +------------------------------------+-------------------------------+
|
|
|
|
|
*
|
|
|
|
|
* Due to the fact that the EFI pstore may write to the variable store in
|
|
|
|
|
* interrupt context, we need to use a spinlock for at least the groups that
|
|
|
|
|
* contain SetVariable() and QueryVariableInfo(). That leaves little else, as
|
|
|
|
|
* none of the remaining functions are actually ever called at runtime.
|
|
|
|
|
* So let's just use a single spinlock to serialize all Runtime Services calls.
|
|
|
|
|
*/
|
|
|
|
|
static DEFINE_SPINLOCK(efi_runtime_lock);
|
|
|
|
|
|
2014-06-26 18:09:05 +08:00
|
|
|
static efi_status_t virt_efi_get_time(efi_time_t *tm, efi_time_cap_t *tc)
|
|
|
|
|
{
|
|
|
|
|
efi_status_t status;
|
|
|
|
|
|
2016-02-17 20:35:55 +08:00
|
|
|
spin_lock(&efi_runtime_lock);
|
2014-06-26 18:09:05 +08:00
|
|
|
status = efi_call_virt(get_time, tm, tc);
|
2016-02-17 20:35:55 +08:00
|
|
|
spin_unlock(&efi_runtime_lock);
|
2014-06-26 18:09:05 +08:00
|
|
|
return status;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static efi_status_t virt_efi_set_time(efi_time_t *tm)
|
|
|
|
|
{
|
|
|
|
|
efi_status_t status;
|
|
|
|
|
|
2016-02-17 20:35:55 +08:00
|
|
|
spin_lock(&efi_runtime_lock);
|
2014-06-26 18:09:05 +08:00
|
|
|
status = efi_call_virt(set_time, tm);
|
2016-02-17 20:35:55 +08:00
|
|
|
spin_unlock(&efi_runtime_lock);
|
2014-06-26 18:09:05 +08:00
|
|
|
return status;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static efi_status_t virt_efi_get_wakeup_time(efi_bool_t *enabled,
|
|
|
|
|
efi_bool_t *pending,
|
|
|
|
|
efi_time_t *tm)
|
|
|
|
|
{
|
|
|
|
|
efi_status_t status;
|
|
|
|
|
|
2016-02-17 20:35:55 +08:00
|
|
|
spin_lock(&efi_runtime_lock);
|
2014-06-26 18:09:05 +08:00
|
|
|
status = efi_call_virt(get_wakeup_time, enabled, pending, tm);
|
2016-02-17 20:35:55 +08:00
|
|
|
spin_unlock(&efi_runtime_lock);
|
2014-06-26 18:09:05 +08:00
|
|
|
return status;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static efi_status_t virt_efi_set_wakeup_time(efi_bool_t enabled, efi_time_t *tm)
|
|
|
|
|
{
|
|
|
|
|
efi_status_t status;
|
|
|
|
|
|
2016-02-17 20:35:55 +08:00
|
|
|
spin_lock(&efi_runtime_lock);
|
2014-06-26 18:09:05 +08:00
|
|
|
status = efi_call_virt(set_wakeup_time, enabled, tm);
|
2016-02-17 20:35:55 +08:00
|
|
|
spin_unlock(&efi_runtime_lock);
|
2014-06-26 18:09:05 +08:00
|
|
|
return status;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static efi_status_t virt_efi_get_variable(efi_char16_t *name,
|
|
|
|
|
efi_guid_t *vendor,
|
|
|
|
|
u32 *attr,
|
|
|
|
|
unsigned long *data_size,
|
|
|
|
|
void *data)
|
|
|
|
|
{
|
2014-08-05 00:16:00 +08:00
|
|
|
efi_status_t status;
|
|
|
|
|
|
2016-02-17 20:35:55 +08:00
|
|
|
spin_lock(&efi_runtime_lock);
|
2014-08-05 00:16:00 +08:00
|
|
|
status = efi_call_virt(get_variable, name, vendor, attr, data_size,
|
|
|
|
|
data);
|
2016-02-17 20:35:55 +08:00
|
|
|
spin_unlock(&efi_runtime_lock);
|
2014-08-05 00:16:00 +08:00
|
|
|
return status;
|
2014-06-26 18:09:05 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static efi_status_t virt_efi_get_next_variable(unsigned long *name_size,
|
|
|
|
|
efi_char16_t *name,
|
|
|
|
|
efi_guid_t *vendor)
|
|
|
|
|
{
|
2014-08-05 00:16:00 +08:00
|
|
|
efi_status_t status;
|
|
|
|
|
|
2016-02-17 20:35:55 +08:00
|
|
|
spin_lock(&efi_runtime_lock);
|
2014-08-05 00:16:00 +08:00
|
|
|
status = efi_call_virt(get_next_variable, name_size, name, vendor);
|
2016-02-17 20:35:55 +08:00
|
|
|
spin_unlock(&efi_runtime_lock);
|
2014-08-05 00:16:00 +08:00
|
|
|
return status;
|
2014-06-26 18:09:05 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static efi_status_t virt_efi_set_variable(efi_char16_t *name,
|
|
|
|
|
efi_guid_t *vendor,
|
|
|
|
|
u32 attr,
|
|
|
|
|
unsigned long data_size,
|
|
|
|
|
void *data)
|
|
|
|
|
{
|
2014-08-05 00:16:00 +08:00
|
|
|
efi_status_t status;
|
|
|
|
|
|
2016-02-17 20:35:55 +08:00
|
|
|
spin_lock(&efi_runtime_lock);
|
2014-08-05 00:16:00 +08:00
|
|
|
status = efi_call_virt(set_variable, name, vendor, attr, data_size,
|
|
|
|
|
data);
|
2016-02-17 20:35:55 +08:00
|
|
|
spin_unlock(&efi_runtime_lock);
|
2014-08-05 00:16:00 +08:00
|
|
|
return status;
|
2014-06-26 18:09:05 +08:00
|
|
|
}
|
|
|
|
|
|
2014-10-01 04:58:52 +08:00
|
|
|
static efi_status_t
|
|
|
|
|
virt_efi_set_variable_nonblocking(efi_char16_t *name, efi_guid_t *vendor,
|
|
|
|
|
u32 attr, unsigned long data_size,
|
|
|
|
|
void *data)
|
|
|
|
|
{
|
|
|
|
|
efi_status_t status;
|
|
|
|
|
|
2016-02-17 20:35:55 +08:00
|
|
|
if (!spin_trylock(&efi_runtime_lock))
|
2014-10-01 04:58:52 +08:00
|
|
|
return EFI_NOT_READY;
|
|
|
|
|
|
|
|
|
|
status = efi_call_virt(set_variable, name, vendor, attr, data_size,
|
|
|
|
|
data);
|
2016-02-17 20:35:55 +08:00
|
|
|
spin_unlock(&efi_runtime_lock);
|
2014-10-01 04:58:52 +08:00
|
|
|
return status;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2014-06-26 18:09:05 +08:00
|
|
|
static efi_status_t virt_efi_query_variable_info(u32 attr,
|
|
|
|
|
u64 *storage_space,
|
|
|
|
|
u64 *remaining_space,
|
|
|
|
|
u64 *max_variable_size)
|
|
|
|
|
{
|
2014-08-05 00:16:00 +08:00
|
|
|
efi_status_t status;
|
|
|
|
|
|
2014-06-26 18:09:05 +08:00
|
|
|
if (efi.runtime_version < EFI_2_00_SYSTEM_TABLE_REVISION)
|
|
|
|
|
return EFI_UNSUPPORTED;
|
|
|
|
|
|
2016-02-17 20:35:55 +08:00
|
|
|
spin_lock(&efi_runtime_lock);
|
2014-08-05 00:16:00 +08:00
|
|
|
status = efi_call_virt(query_variable_info, attr, storage_space,
|
|
|
|
|
remaining_space, max_variable_size);
|
2016-02-17 20:35:55 +08:00
|
|
|
spin_unlock(&efi_runtime_lock);
|
2014-08-05 00:16:00 +08:00
|
|
|
return status;
|
2014-06-26 18:09:05 +08:00
|
|
|
}
|
|
|
|
|
|
2016-02-02 06:06:57 +08:00
|
|
|
static efi_status_t
|
|
|
|
|
virt_efi_query_variable_info_nonblocking(u32 attr,
|
|
|
|
|
u64 *storage_space,
|
|
|
|
|
u64 *remaining_space,
|
|
|
|
|
u64 *max_variable_size)
|
|
|
|
|
{
|
|
|
|
|
efi_status_t status;
|
|
|
|
|
|
|
|
|
|
if (efi.runtime_version < EFI_2_00_SYSTEM_TABLE_REVISION)
|
|
|
|
|
return EFI_UNSUPPORTED;
|
|
|
|
|
|
2016-02-17 20:35:55 +08:00
|
|
|
if (!spin_trylock(&efi_runtime_lock))
|
2016-02-02 06:06:57 +08:00
|
|
|
return EFI_NOT_READY;
|
|
|
|
|
|
|
|
|
|
status = efi_call_virt(query_variable_info, attr, storage_space,
|
|
|
|
|
remaining_space, max_variable_size);
|
2016-02-17 20:35:55 +08:00
|
|
|
spin_unlock(&efi_runtime_lock);
|
2016-02-02 06:06:57 +08:00
|
|
|
return status;
|
|
|
|
|
}
|
|
|
|
|
|
2014-06-26 18:09:05 +08:00
|
|
|
static efi_status_t virt_efi_get_next_high_mono_count(u32 *count)
|
|
|
|
|
{
|
2014-08-05 00:16:00 +08:00
|
|
|
efi_status_t status;
|
|
|
|
|
|
2016-02-17 20:35:55 +08:00
|
|
|
spin_lock(&efi_runtime_lock);
|
2014-08-05 00:16:00 +08:00
|
|
|
status = efi_call_virt(get_next_high_mono_count, count);
|
2016-02-17 20:35:55 +08:00
|
|
|
spin_unlock(&efi_runtime_lock);
|
2014-08-05 00:16:00 +08:00
|
|
|
return status;
|
2014-06-26 18:09:05 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void virt_efi_reset_system(int reset_type,
|
|
|
|
|
efi_status_t status,
|
|
|
|
|
unsigned long data_size,
|
|
|
|
|
efi_char16_t *data)
|
|
|
|
|
{
|
2016-02-17 20:35:55 +08:00
|
|
|
spin_lock(&efi_runtime_lock);
|
2014-06-26 18:09:05 +08:00
|
|
|
__efi_call_virt(reset_system, reset_type, status, data_size, data);
|
2016-02-17 20:35:55 +08:00
|
|
|
spin_unlock(&efi_runtime_lock);
|
2014-06-26 18:09:05 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static efi_status_t virt_efi_update_capsule(efi_capsule_header_t **capsules,
|
|
|
|
|
unsigned long count,
|
|
|
|
|
unsigned long sg_list)
|
|
|
|
|
{
|
2014-08-05 00:16:00 +08:00
|
|
|
efi_status_t status;
|
|
|
|
|
|
2014-06-26 18:09:05 +08:00
|
|
|
if (efi.runtime_version < EFI_2_00_SYSTEM_TABLE_REVISION)
|
|
|
|
|
return EFI_UNSUPPORTED;
|
|
|
|
|
|
2016-02-17 20:35:55 +08:00
|
|
|
spin_lock(&efi_runtime_lock);
|
2014-08-05 00:16:00 +08:00
|
|
|
status = efi_call_virt(update_capsule, capsules, count, sg_list);
|
2016-02-17 20:35:55 +08:00
|
|
|
spin_unlock(&efi_runtime_lock);
|
2014-08-05 00:16:00 +08:00
|
|
|
return status;
|
2014-06-26 18:09:05 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static efi_status_t virt_efi_query_capsule_caps(efi_capsule_header_t **capsules,
|
|
|
|
|
unsigned long count,
|
|
|
|
|
u64 *max_size,
|
|
|
|
|
int *reset_type)
|
|
|
|
|
{
|
2014-08-05 00:16:00 +08:00
|
|
|
efi_status_t status;
|
|
|
|
|
|
2014-06-26 18:09:05 +08:00
|
|
|
if (efi.runtime_version < EFI_2_00_SYSTEM_TABLE_REVISION)
|
|
|
|
|
return EFI_UNSUPPORTED;
|
|
|
|
|
|
2016-02-17 20:35:55 +08:00
|
|
|
spin_lock(&efi_runtime_lock);
|
2014-08-05 00:16:00 +08:00
|
|
|
status = efi_call_virt(query_capsule_caps, capsules, count, max_size,
|
|
|
|
|
reset_type);
|
2016-02-17 20:35:55 +08:00
|
|
|
spin_unlock(&efi_runtime_lock);
|
2014-08-05 00:16:00 +08:00
|
|
|
return status;
|
2014-06-26 18:09:05 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void efi_native_runtime_setup(void)
|
|
|
|
|
{
|
|
|
|
|
efi.get_time = virt_efi_get_time;
|
|
|
|
|
efi.set_time = virt_efi_set_time;
|
|
|
|
|
efi.get_wakeup_time = virt_efi_get_wakeup_time;
|
|
|
|
|
efi.set_wakeup_time = virt_efi_set_wakeup_time;
|
|
|
|
|
efi.get_variable = virt_efi_get_variable;
|
|
|
|
|
efi.get_next_variable = virt_efi_get_next_variable;
|
|
|
|
|
efi.set_variable = virt_efi_set_variable;
|
2014-10-01 04:58:52 +08:00
|
|
|
efi.set_variable_nonblocking = virt_efi_set_variable_nonblocking;
|
2014-06-26 18:09:05 +08:00
|
|
|
efi.get_next_high_mono_count = virt_efi_get_next_high_mono_count;
|
|
|
|
|
efi.reset_system = virt_efi_reset_system;
|
|
|
|
|
efi.query_variable_info = virt_efi_query_variable_info;
|
2016-02-02 06:06:57 +08:00
|
|
|
efi.query_variable_info_nonblocking = virt_efi_query_variable_info_nonblocking;
|
2014-06-26 18:09:05 +08:00
|
|
|
efi.update_capsule = virt_efi_update_capsule;
|
|
|
|
|
efi.query_capsule_caps = virt_efi_query_capsule_caps;
|
|
|
|
|
}
|
