From patchwork Tue Oct 15 18:15:51 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ardb+git@google.com>
X-Patchwork-Id: 836346
Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com
 [209.85.128.201])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by smtp.subspace.kernel.org (Postfix) with ESMTPS id A52811FAEF3
 for <linux-efi@vger.kernel.org>; Tue, 15 Oct 2024 18:16:01 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
 t=1729016163; cv=none;
 b=XFxdnG3t/4dmgJ7Jzo9zfGl0IjU9kYeAT52y2mN8lVwCyB1xyp5vfQUwHKOVCPN+CmqDgulzvgMJTxJk+RqbCIfqY5c8Y8rNuwWR2PbztWUipGzZF0Ih+mQQi9ZSdEJicROMWikF6gAN4SL3ujsv6+JqQ/d+ukzJVYb8ahdQOv4=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
 s=arc-20240116; t=1729016163; c=relaxed/simple;
 bh=1T6yD1P7ph0N1EELkpHc9HmNiM6TWkRhIMzSNPpxag8=;
 h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
 To:Cc:Content-Type;
 b=pKXz4bagYvnf6/jWs6v3dpOfGB5usDWUNmssIVGnc8mX9ADHNvmia9P7Ta9juh/94iIVd2P0lf2w7ho0texiJ4ODAmDVyBAiU5GOjXnpD/A2/oak6wJAGDhpFa2T86Mj3h5whK/EwKvGLSFZoY3WZ4TV7cBck251p/UL9aoE8D4=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=ueAvDDbw; arc=none smtp.client-ip=209.85.128.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="ueAvDDbw"
Received: by mail-yw1-f201.google.com with SMTP id
 00721157ae682-6e38fabff35so38585397b3.0
 for <linux-efi@vger.kernel.org>; Tue, 15 Oct 2024 11:16:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=google.com; s=20230601; t=1729016161; x=1729620961;
 darn=vger.kernel.org;
 h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
 :date:from:to:cc:subject:date:message-id:reply-to;
 bh=vb0F1D/URMqrEFjwIj8UXRbubquki/NP7m91+7wn/AA=;
 b=ueAvDDbw79bIL3Hf6xn9SqB96rGdC3WNIVGeUzdilFOsxnqeo+JG0bqL4xbDakBDRS
 snwZ3zijZaDY7CqJstutRKvvNdNNPd1YAuzFmhbUjSzeWKsqkgMW8stm62X79lv9FVsc
 iLoxIwDEyBYZt45vGPNd7lyE4PSt9g9pHdmFuK95WawFFj3kFEIkunf5Kq5hLptDHZ74
 oaWeltIw94nHEFFCqV0UzYj6LpQ5Ze9XSNeHwEDuK8waLKvdnS+Pjo7k3zPzIL6bhi2U
 PFRFT31+7A5+xWmWVTEQ29ZKIGlkEm6u56ZDYjgMynBLuttCjJYYjK1qPxbnBFNJortp
 q0Cg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1729016161; x=1729620961;
 h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
 :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=vb0F1D/URMqrEFjwIj8UXRbubquki/NP7m91+7wn/AA=;
 b=NNJX7o6JstSEO1IE0DXr2wVKb0kRQ4GsczldFAkyz4Kv7oxhKYjudMxJ87r2KxqRP0
 AhcYbkYzOXEgHR+0pE7KXo8P96ZuKDpz+/vWDOPaAM0s0skvedqGmaH1/N9Nrou5AAnA
 g8EG9ilT7dporD3lHXREcimnYGKmt3dhT4+eHTxBIglZ/qdI2tZp9MfxAfmWMyGuPn/f
 MByOiP24W6vTExJD4/XwahXvXZm68HkeShqdXV2uEBF/gN+UKZpnc8FoozQG0G6i8Q5p
 biYD5W3vQ/GQKYqrMbouB5EW7xTdyTV/BmlbYRcU3nPUdMRzGlBwLcPsOvwW8KOOkOur
 +jbA==
X-Gm-Message-State: AOJu0YxT9HY8gTVg3j8EqedZTM9uG1RRMZ3fGZvyboM0+7RTeUaCDsOb
 B+d/TU/XP8P4WLPyXdyIsvJqNKVBqFLZFtYu2tXZvYSEdVx0EgnD9debHYWYBTnoGwYePyEwHTv
 ruiSX+wybKrDAJlanMndK+aiCW+dLwM3Jv4OznBzm0jYfXPFMHoIOTsupPHIVKStkgVjQ6E2t1/
 xnCLoVpQkrYxqzV1PZx1zyPAchZQ==
X-Google-Smtp-Source: AGHT+IF0ZFpt5BuaaKZZKmArgpOmwAK2y4TVZ0ZMvSmzW3l/nsz2mOo0qLLkWGNat2clvzQKDi0jqUQU
X-Received: from palermo.c.googlers.com
 ([fda3:e722:ac3:cc00:7b:198d:ac11:8138])
 (user=ardb job=sendgmr) by 2002:a05:690c:7406:b0:6e3:8562:ffa with SMTP id
 00721157ae682-6e3d41bede4mr387857b3.5.1729016160512; Tue, 15 Oct 2024
 11:16:00 -0700 (PDT)
Date: Tue, 15 Oct 2024 20:15:51 +0200
In-Reply-To: <20241015181549.3121999-6-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-efi@vger.kernel.org
List-Id: <linux-efi.vger.kernel.org>
List-Subscribe: <mailto:linux-efi+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-efi+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20241015181549.3121999-6-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=1035; i=ardb@kernel.org;
 h=from:subject; bh=DUEag0n79tEu8RYPtJV8R8SWhGsqbJq47gyRYXEDML4=;
 b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ1vY/iTL6tc/x0yfv/90ClBTt75/3geTTy8iWGhjNmd5
 ZtCJ6g6d5SyMIhxMMiKKbIIzP77bufpiVK1zrNkYeawMoEMYeDiFICJzFvD8D970vqGxVwcRr1b
 50Zsd57Su/LzvgvJ3xQYDKVrOH2UGp4x/K/OL1PLdl/kekB0cnbZhubNv3f9aWQ3cJlzhPOThvw
 Tdw4A
X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog
Message-ID: <20241015181549.3121999-7-ardb+git@google.com>
Subject: [PATCH 1/4] efi/libstub: Free correct pointer on failure
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-efi@vger.kernel.org
Cc: Ard Biesheuvel <ardb@kernel.org>, Jonathan Marek <jonathan@marek.ca>,
 stable@vger.kernel.org

From: Ard Biesheuvel <ardb@kernel.org>

cmdline_ptr is an out parameter, which is not allocated by the function
itself, and likely points into the caller's stack.

cmdline refers to the pool allocation that should be freed when cleaning
up after a failure, so pass this instead to free_pool().

Fixes: 42c8ea3dca09 ("efi: libstub: Factor out EFI stub entrypoint ...")
Cc: <stable@vger.kernel.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 drivers/firmware/efi/libstub/efi-stub.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/firmware/efi/libstub/efi-stub.c b/drivers/firmware/efi/libstub/efi-stub.c
index f09e277ba210..fc71dcab43e0 100644
--- a/drivers/firmware/efi/libstub/efi-stub.c
+++ b/drivers/firmware/efi/libstub/efi-stub.c
@@ -148,7 +148,7 @@ efi_status_t efi_handle_cmdline(efi_loaded_image_t *image, char **cmdline_ptr)
 	return EFI_SUCCESS;
 
 fail_free_cmdline:
-	efi_bs_call(free_pool, cmdline_ptr);
+	efi_bs_call(free_pool, cmdline);
 	return status;
 }
 

From patchwork Tue Oct 15 18:15:52 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ardb+git@google.com>
X-Patchwork-Id: 835580
Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com
 [209.85.221.74])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by smtp.subspace.kernel.org (Postfix) with ESMTPS id 99E041FC7CB
 for <linux-efi@vger.kernel.org>; Tue, 15 Oct 2024 18:16:04 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.221.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
 t=1729016166; cv=none;
 b=eQDBjI8hYCGpwthJ8rAIdTLCGQm31xBgrJbZ9KoTx1JAZ6Xn0hXmBoFRMn2Szgxi9v7j4jR5BoO2lS8+fRCCx1sgK2pCBrPYhoac/fxJIbcupan+tavvlyiCSnfepOEF9NOgZ8ezmHj3vnDyyyLgJb76o60A9mrfOsiwbvXG4o8=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
 s=arc-20240116; t=1729016166; c=relaxed/simple;
 bh=b87ayRd+0jao6K4vPna/+mdAOtmUW7+XZCwmRq9oWHQ=;
 h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
 To:Cc:Content-Type;
 b=HXLMYYFVJNp6VlDTlWGVVt7uDhpofGurMqGMfEFD/3vZ3jvA6PZFxeD0ou2FgIGmKl0aHUu+JF9d2bgaYB/hURgG/Gj/YPdvbE8j0jfgJAA63j7pVcZ+CgeqtImy+rnVp5zaCHjlKpUoKLs659ZfG7cfwm3nMVKm2Piah2DsfZM=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=pLflK2gD; arc=none smtp.client-ip=209.85.221.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="pLflK2gD"
Received: by mail-wr1-f74.google.com with SMTP id
 ffacd0b85a97d-37d531a19a9so2190047f8f.1
 for <linux-efi@vger.kernel.org>; Tue, 15 Oct 2024 11:16:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=google.com; s=20230601; t=1729016163; x=1729620963;
 darn=vger.kernel.org;
 h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
 :date:from:to:cc:subject:date:message-id:reply-to;
 bh=gKrdOQ75FBbO4ANdT3ghwOB3kXgMXiavZjOJcy1MRlY=;
 b=pLflK2gDgsKbsFdmGuoSuohLZZPdQA54Ih3EG1BRUXrr7WlE3NqUNhEeJBVmwREVVe
 wPzMTKn58X2nal66er7g3HbTzxYwsSKAvtWf+ynKjuV3JFxQT0S5KGIH0XcLzM98Lhj7
 NaOh955Ik+m9qaqLy72nruHm4cqB6a1KkUyHMcbrPcfMbsmU2g1E43bHCHebUi062mVC
 +0EmxvfFpNc2b1lyQAWO7cqnDhGYogPPNspQZsYFiaxQFRFYyXxGLnERt7lUMRqqmt8G
 MCnFerytUpRqYm6hUY27i7X2gn/3KYFPymrfPU/I0vi4plO1M/f7KO8LVWEKACVhQE3J
 kxEw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1729016163; x=1729620963;
 h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
 :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=gKrdOQ75FBbO4ANdT3ghwOB3kXgMXiavZjOJcy1MRlY=;
 b=TGuLiB+3KqQaC5VrTO/vXs224w5mmNfAnFa9I7KlLefTfjfkEjoP+ANWx7fOcVFeT5
 rDmVNS2Xxv/LTw7AWs5qfwdWNsnvnqoqfkpLcPp+67V5+MIuRsu6yBl/lYFTlWKWcVSG
 fvwcWQrb59cWbZOWQOzO2saEB976WDCpLpzjrhXzEXyrVCubd2ShwEgDN1FrqUY4fN70
 F2EQL8F9/YzuMtUpuRqMPsj5kilFSHmlhMJiblG7w0aHRx9npD/4N9/g6suZqRpHoRXq
 aZ2dkCiF6UtWkA7B9Pc/lBfOxmQ5xBai/9eNsVdwzgoI0jS17rI2CavOS3v+7dXp4F/F
 qlNA==
X-Gm-Message-State: AOJu0Yx0kcGyZWMe2wUNo8YMY2lCZiUCJJQKWlFtZg7ujeoOZEf1vasm
 yt4R6p0tKhddyytcjJxLskODUd6fDZN6BCZeQK5/1j79xdhIfRG8B7edkhx+eEsLPjRW5J87rb0
 b4dhHMpTWN2dvyP3OAShObxVRVpA7xJiaLjwhrfvxJuQdyVYF/OtUF8DLWiWafInIvFK81cuq1k
 ohsxF+6Bev69D/xpfiqrzs1vL2ag==
X-Google-Smtp-Source: AGHT+IGpNnE4p3YkPK1YBjXCrg3zGTzNO+hBUhMMCkB+ZIw+PmhcSBY1oNo6mo0U/IO5rcDIJ/hrtAt6
X-Received: from palermo.c.googlers.com
 ([fda3:e722:ac3:cc00:7b:198d:ac11:8138])
 (user=ardb job=sendgmr) by 2002:a5d:45ce:0:b0:374:cc7a:d8e0 with SMTP id
 ffacd0b85a97d-37d86d86799mr502f8f.7.1729016162780; Tue, 15 Oct 2024 11:16:02
 -0700 (PDT)
Date: Tue, 15 Oct 2024 20:15:52 +0200
In-Reply-To: <20241015181549.3121999-6-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-efi@vger.kernel.org
List-Id: <linux-efi.vger.kernel.org>
List-Subscribe: <mailto:linux-efi+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-efi+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20241015181549.3121999-6-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=2042; i=ardb@kernel.org;
 h=from:subject; bh=Nza7TziAGAQU7OPBsBI793/ZBkfITFZBS2q5EcAgC4g=;
 b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ1vY8T7syw8gjN0QgN0F+6RilqvZTtb/tjWPRuX1+6zD
 DVZ+PFERykLgxgHg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZiIQQbDX/Elz2rvyVRc+Rlx
 /d+VzjoF7fgJOn7cMyRn2S48sqJhZxIjw37bmN5JJyU9jN6W3mH/l99tezBnJ7fAjKamu8ndS2o
 1OQE=
X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog
Message-ID: <20241015181549.3121999-8-ardb+git@google.com>
Subject: [PATCH 2/4] efi/libstub: Parse builtin command line after bootloader
 provided one
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-efi@vger.kernel.org
Cc: Ard Biesheuvel <ardb@kernel.org>, Jonathan Marek <jonathan@marek.ca>

From: Ard Biesheuvel <ardb@kernel.org>

When CONFIG_CMDLINE_EXTEND is set, the core kernel command line handling
logic appends CONFIG_CMDLINE to the bootloader provided command line.
The EFI stub does the opposite, and parses the builtin one first.

The usual behavior of command line options is that the last one takes
precedence if it appears multiple times, unless there is a meaningful
way to combine them. In either case, parsing the builtin command line
first while the core kernel does it in the opposite order is likely to
produce inconsistent results in such cases.

Therefore, switch the order in the stub to match the core kernel.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 drivers/firmware/efi/libstub/efi-stub.c | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/drivers/firmware/efi/libstub/efi-stub.c b/drivers/firmware/efi/libstub/efi-stub.c
index fc71dcab43e0..382b54f40603 100644
--- a/drivers/firmware/efi/libstub/efi-stub.c
+++ b/drivers/firmware/efi/libstub/efi-stub.c
@@ -126,28 +126,25 @@ efi_status_t efi_handle_cmdline(efi_loaded_image_t *image, char **cmdline_ptr)
 		return EFI_OUT_OF_RESOURCES;
 	}
 
+	if (!IS_ENABLED(CONFIG_CMDLINE_FORCE)) {
+		status = efi_parse_options(cmdline);
+		if (status != EFI_SUCCESS)
+			goto fail_free_cmdline;
+	}
+
 	if (IS_ENABLED(CONFIG_CMDLINE_EXTEND) ||
 	    IS_ENABLED(CONFIG_CMDLINE_FORCE) ||
 	    cmdline[0] == 0) {
 		status = efi_parse_options(CONFIG_CMDLINE);
-		if (status != EFI_SUCCESS) {
-			efi_err("Failed to parse options\n");
-			goto fail_free_cmdline;
-		}
-	}
-
-	if (!IS_ENABLED(CONFIG_CMDLINE_FORCE)) {
-		status = efi_parse_options(cmdline);
-		if (status != EFI_SUCCESS) {
-			efi_err("Failed to parse options\n");
+		if (status != EFI_SUCCESS)
 			goto fail_free_cmdline;
-		}
 	}
 
 	*cmdline_ptr = cmdline;
 	return EFI_SUCCESS;
 
 fail_free_cmdline:
+	efi_err("Failed to parse options\n");
 	efi_bs_call(free_pool, cmdline);
 	return status;
 }

From patchwork Tue Oct 15 18:15:53 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ardb+git@google.com>
X-Patchwork-Id: 836345
Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com
 [209.85.128.201])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by smtp.subspace.kernel.org (Postfix) with ESMTPS id 367BB1C4A2C
 for <linux-efi@vger.kernel.org>; Tue, 15 Oct 2024 18:16:05 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
 t=1729016167; cv=none;
 b=V4my9rtJUI4lECdOVfjfzL/wGAr3sVoSgard6bnAx/tQ5RluO8MzLavxLm75x7f7Ena8kq334rkmkHe/qxiIh/pZJieeUqATixuoEVbsLOIMJ3NlPg5yypGDIhVN7tZb70YW84c/HCW2cfbDEFk3V6RDT3J97yA42xAGtj+eURs=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
 s=arc-20240116; t=1729016167; c=relaxed/simple;
 bh=78He2FK+/2krU9RFdYW3YR5nfig5DrBmhR4zYII6dMM=;
 h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
 To:Cc:Content-Type;
 b=VGLURr4FYn0R/5KCzz5Qm4cgozlgoqT8/UvG9C6uqajcLHJATGMhJfPWjWASZgPchHePM4q8sekrjtQS3wMuuQIw+Jw30ojcXguwu1wGYpBHUKx1LYtG4KtfKeLlwF7B29YpHSk9C5Cn9HdqXed0lrrBKDCY2D2TpqJq5Ijl8q0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=m8n8Q1dR; arc=none smtp.client-ip=209.85.128.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="m8n8Q1dR"
Received: by mail-yw1-f201.google.com with SMTP id
 00721157ae682-6e370d76c15so47308307b3.2
 for <linux-efi@vger.kernel.org>; Tue, 15 Oct 2024 11:16:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=google.com; s=20230601; t=1729016165; x=1729620965;
 darn=vger.kernel.org;
 h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
 :date:from:to:cc:subject:date:message-id:reply-to;
 bh=ktKghyxHm11wEF2/2/gDtu+FZZ4Hn4i/DuFW9LgNftI=;
 b=m8n8Q1dRmKqVh0ZPpS9JSCzp0TiTqCc0a8NKt3rp4V3NmeG+9402lQUeJVlXtwlJJI
 MAWTmA64OIQIRwUzIcQwoiSEpRElX7hZQyNItE384Qw5id13Sn2s89uDQnr8ITeAoDfi
 vAB/URkMd776s+o49ywZ5kbJ/TacgCQOnbweMvfPhrW6JZVmizaiLNxA6r15zGRak3PH
 q+ug8GTQ3L+Oy2TGa67ei+uha/p5LTFn8ZGk1D+3ADe6S3hmXvzZl8R3MRjfc7HHDaTj
 c8P5KU/DMJyTPDTHKNrKj4pAIXAM7P3y+ZOshNUZIOUYT9LRb8bxAEFx8Ah7jos5VFxn
 4Yrg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1729016165; x=1729620965;
 h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
 :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=ktKghyxHm11wEF2/2/gDtu+FZZ4Hn4i/DuFW9LgNftI=;
 b=i/5f/YY0M6rMDY9DS2lOrvf1J7K319ZeULvJU8x8nAHtgqg2EtZM5I+X9Oa5i864DG
 JZ9qmOawPvXKcBcLVyRAhwtAhvT787aotNdw5Nuj00fd2nYFRgyUHLbTNnEhdheBkRrL
 Q3j+s7skzitDfHp6dQ3UbritSuuS0WmQp7fN/r0/TV7H+alW5RU/vS0yXReQza74VJe3
 WxURAmmCJxhWA5rUX2pl9vijDy04H7Srh3dCc/F4+6hhyi7L1yvzMaAZIrZbeR8Z8fbd
 HlauQnp8EcqLmQky/BcB6x58X/Bgsh3ul4W3K53C1rlx4OrPw4FD+ZMlcRmXcpb7bPBA
 x6cw==
X-Gm-Message-State: AOJu0Yxya4E5YGSMo7fZv2mlzylsyDeKmShJcNkYGE8bXmdqo4iULLj2
 22ZPzKu/cD0L4xiT31UBXADGLABl/e/GSPmPZ9QPLhS0007swx1EGbLcpwc1Gw3w22X4GemVigo
 XhAa+vZAcOlv4yDICAgJXb5wCnnNAYlZTIqzVOyK8emzvsSGzUeHjLSTU1nNpbBUxxGKARZTayc
 OrjkhbyMOTO60GfMBlaIqzPwQBGQ==
X-Google-Smtp-Source: AGHT+IGdVSOGE1JltzrPFL8pPOOuBkA3cOIa+YxwI0yJGCj1McaAR2LG6j9iMww2m1Vt4Hq6wr/77jqx
X-Received: from palermo.c.googlers.com
 ([fda3:e722:ac3:cc00:7b:198d:ac11:8138])
 (user=ardb job=sendgmr) by 2002:a05:690c:6204:b0:6dd:bf69:7e23 with SMTP id
 00721157ae682-6e3d41dfebbmr244597b3.7.1729016165114; Tue, 15 Oct 2024
 11:16:05 -0700 (PDT)
Date: Tue, 15 Oct 2024 20:15:53 +0200
In-Reply-To: <20241015181549.3121999-6-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-efi@vger.kernel.org
List-Id: <linux-efi.vger.kernel.org>
List-Subscribe: <mailto:linux-efi+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-efi+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20241015181549.3121999-6-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=2452; i=ardb@kernel.org;
 h=from:subject; bh=V30wFoEPnYJ8Z+bzf3VNggC2Gnf/7+Jxb1Wv4jziTGY=;
 b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ1vY8R/P1E2We3i8jtsn4/rbpkprLn1ef0TjiNn3Xe7B
 +7fUHOxo5SFQYyDQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEzkiD0jw7JcN4esg7vXM78s
 1YlpPWIwP07mqdNlw3mTY69YcvJMXM/IcC4hc+Y0iz3GqnzplR8bb60tDj6bxLLu46QKvZV6pXz
 CDAA=
X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog
Message-ID: <20241015181549.3121999-9-ardb+git@google.com>
Subject: [PATCH 3/4] efi/libstub: Fix command line fallback handling when
 loading files
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-efi@vger.kernel.org
Cc: Ard Biesheuvel <ardb@kernel.org>, Jonathan Marek <jonathan@marek.ca>

From: Ard Biesheuvel <ardb@kernel.org>

CONFIG_CMDLINE, when set, is supposed to serve either as a fallback when
no command line is provided by the bootloader, or to be taken into account
unconditionally, depending on the configured options.

The initrd and dtb loader ignores CONFIG_CMDLINE in either case, and
only takes the EFI firmware provided load options into account. This
means that configuring the kernel with initrd= or dtb= on the built-in
command line does not produce the expected result.

Fix this by doing a separate pass over the built-in command line when
dealing with initrd= or dtb= options.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 drivers/firmware/efi/libstub/file.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/drivers/firmware/efi/libstub/file.c b/drivers/firmware/efi/libstub/file.c
index d6a025df07dc..17bf25dccc07 100644
--- a/drivers/firmware/efi/libstub/file.c
+++ b/drivers/firmware/efi/libstub/file.c
@@ -189,6 +189,7 @@ efi_status_t handle_cmdline_files(efi_loaded_image_t *image,
 				  unsigned long *load_addr,
 				  unsigned long *load_size)
 {
+	const bool ignore_load_options = false;
 	const efi_char16_t *cmdline = efi_table_attr(image, load_options);
 	u32 cmdline_len = efi_table_attr(image, load_options_size);
 	unsigned long efi_chunk_size = ULONG_MAX;
@@ -197,6 +198,7 @@ efi_status_t handle_cmdline_files(efi_loaded_image_t *image,
 	unsigned long alloc_addr;
 	unsigned long alloc_size;
 	efi_status_t status;
+	bool twopass;
 	int offset;
 
 	if (!load_addr || !load_size)
@@ -209,6 +211,21 @@ efi_status_t handle_cmdline_files(efi_loaded_image_t *image,
 		efi_chunk_size = EFI_READ_CHUNK_SIZE;
 
 	alloc_addr = alloc_size = 0;
+
+	if (!ignore_load_options && cmdline_len > 0) {
+		twopass = IS_ENABLED(CONFIG_CMDLINE_BOOL) ||
+			  IS_ENABLED(CONFIG_CMDLINE_EXTEND);
+	} else {
+do_builtin:
+#ifdef CONFIG_CMDLINE
+		static const efi_char16_t builtin_cmdline[] = L"" CONFIG_CMDLINE;
+
+		cmdline	    = builtin_cmdline;
+		cmdline_len = ARRAY_SIZE(builtin_cmdline) - 1;
+#endif
+		twopass     = false;
+	}
+
 	do {
 		struct finfo fi;
 		unsigned long size;
@@ -290,6 +307,9 @@ efi_status_t handle_cmdline_files(efi_loaded_image_t *image,
 		efi_call_proto(volume, close);
 	} while (offset > 0);
 
+	if (twopass)
+		goto do_builtin;
+
 	*load_addr = alloc_addr;
 	*load_size = alloc_size;
 

From patchwork Tue Oct 15 18:15:54 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ardb+git@google.com>
X-Patchwork-Id: 835579
Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com
 [209.85.128.201])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by smtp.subspace.kernel.org (Postfix) with ESMTPS id 68D571C4A2C
 for <linux-efi@vger.kernel.org>; Tue, 15 Oct 2024 18:16:08 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
 t=1729016169; cv=none;
 b=PGEZuSPK8xSC10aGzghypjWwsGvhQ6kfj+9f+9pzG+6rS94vorVSjGk/CDbioHK0TP5GHS3GiS/JaGyFM5Fi1bIkpKUQo+CK7Q7X2LcDCrX7VnDdDkvbY5RhNLh3knQouRp8eEoeDY2yfssyeXiopSU9JmnSXyWZR7/kW4iTXzk=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
 s=arc-20240116; t=1729016169; c=relaxed/simple;
 bh=BJZj/dEBYUvetfEZcPn6U2INkGIIWdrX/wfmsQx2rxI=;
 h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
 To:Cc:Content-Type;
 b=LFE8Pl4+DTrv8uc9dte9Mt0El6JsvXaKfcK4rDqtdi6aMleoTovZ+KjfNSSFMdjG5yKnPpj63HYW8weaNU0sCM5PvOVONnNR26oYikt+zdIt1A2cLwNiN2iAcA1atADEcUwyFOuzqdcNrRJh1PKqkKmM1DnGu3rBbJ0woE74Bt4=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=BQQvVp9k; arc=none smtp.client-ip=209.85.128.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="BQQvVp9k"
Received: by mail-yw1-f201.google.com with SMTP id
 00721157ae682-6e000d68bb1so1417717b3.1
 for <linux-efi@vger.kernel.org>; Tue, 15 Oct 2024 11:16:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=google.com; s=20230601; t=1729016167; x=1729620967;
 darn=vger.kernel.org;
 h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
 :date:from:to:cc:subject:date:message-id:reply-to;
 bh=aLB4hXLLxRt5W1gNs5r4BTRK4JBX5nV19kECJ9LPoq8=;
 b=BQQvVp9kH7y0tvjfxk3ezh63eP5PdUTTrkA9YyP7goiVidA6GSOgFFBQTQPghvHmeT
 xWzNqa+P0pTNgbv4IOrWVwwszXrcKcVuVME38HCg7XDZ/KbdyhgUlejdtd/LJHi0z+S6
 0DjeNuuUXGLrN4tQvtuoX0aFN/4ZPJqVxL3lFLBU703Cr3f+ZEIQLeIFefffTD+jRwuk
 l0eQmtEx46yTpt1kO0AAR2eAZJwjbd3+7HZWvWE3ByRKRnhKDE10CHPXw33s5DAJS+5R
 1VpzPxJtcjvOrEXfHB26uCR8BpzWlseK5lgkqYKGeXmlbq+Hb6JUQWiUThRz+R+jdfrK
 vi/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1729016167; x=1729620967;
 h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
 :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=aLB4hXLLxRt5W1gNs5r4BTRK4JBX5nV19kECJ9LPoq8=;
 b=ZlVc6hLjOVKxcKG8IlLKY5Y67EHXjapNM6D+Plc2ANHNcW0wbj++HnbOk4ABHlQJqI
 VyRxiaaCWsxZ17zKp6aeW9yfmJ0AmaaJSX490f92XIh8o5BK4sWFFwJOTWRuTuk7fiqp
 w6QPpee5I5i3WxScIS9MtsHOOYhqfvyl7G4mP5WdfP0KsxP55iotMqflChB7zUiLAfYl
 bldvKo4m0JtKjBJnnSj6F9EF/X1rMCgoiauc418slbvEXNGsK+XxbkxyUAl6h7b7WyMr
 Iz3SVjgt/km+HXsvSjemS3i1+aWgpOtfnUxovcxFhNpSBbAN5P2u9rQqp9XYdTCf2IrF
 JlRw==
X-Gm-Message-State: AOJu0YzyTzHhfSq5nobPBipEcsTiQGwdRpazjqFYhYEFxbXxizRvrbEV
 dCRBFrdqe1AzRokSiKmX4/usR4RSuW7COzigvC0x9RBtNI57KkvPu3k2za5ar0lv37EGhjaW78G
 ki+/F3K3UNTySkXCL9qRGBpHKa/+uFFFg6I0XsOewNAxztfEtmJ3R1Hufd5+ilbn4ntZnPxCuk8
 r3hCfUS12RBcp+eSHqrkCV6AJL5A==
X-Google-Smtp-Source: AGHT+IGKAM7sU9sXkondbx1hiQgcs9CSlRrfIWUr3OyF6Of+7LZoTMoTYcZyQ6Rw1HfX60fHOnFDi0sq
X-Received: from palermo.c.googlers.com
 ([fda3:e722:ac3:cc00:7b:198d:ac11:8138])
 (user=ardb job=sendgmr) by 2002:a05:6902:1ca:b0:e28:e97f:5397 with SMTP id
 3f1490d57ef6-e2977518269mr3960276.3.1729016167269; Tue, 15 Oct 2024 11:16:07
 -0700 (PDT)
Date: Tue, 15 Oct 2024 20:15:54 +0200
In-Reply-To: <20241015181549.3121999-6-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-efi@vger.kernel.org
List-Id: <linux-efi.vger.kernel.org>
List-Subscribe: <mailto:linux-efi+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-efi+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20241015181549.3121999-6-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=1208; i=ardb@kernel.org;
 h=from:subject; bh=6m7aUuA46M4Ug0AbSzb6lLfveQg53ri9buly5/TPwIc=;
 b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ1vY6R5g152/SnOR5NXlHs3xVk1fQzsXzl/cQTfL5sdD
 08Hm+3pKGVhEONgkBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABPhSGFkWHmoctPMZ7UPOebP
 +7L/X3HAL1Gdfk32BecjBd7nc01fasrwP0LbUmK1yOOc3qz8Ip+/kVOrGsLf1xRsbzoQ0SU/YdY
 3LgA=
X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog
Message-ID: <20241015181549.3121999-10-ardb+git@google.com>
Subject: [PATCH 4/4] efi/libstub: Take command line overrides into account for
 loaded files
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-efi@vger.kernel.org
Cc: Ard Biesheuvel <ardb@kernel.org>, Jonathan Marek <jonathan@marek.ca>

From: Ard Biesheuvel <ardb@kernel.org>

When CONFIG_CMDLINE_OVERRIDE or CONFIG_CMDLINE_FORCE are configured, the
command line provided by the boot stack should be ignored, and only the
built-in command line should be taken into account.

Add the required handling of this when dealing with initrd= or dtb=
command line options in the EFI stub.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 drivers/firmware/efi/libstub/file.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/firmware/efi/libstub/file.c b/drivers/firmware/efi/libstub/file.c
index 17bf25dccc07..0e41b88238b1 100644
--- a/drivers/firmware/efi/libstub/file.c
+++ b/drivers/firmware/efi/libstub/file.c
@@ -189,7 +189,8 @@ efi_status_t handle_cmdline_files(efi_loaded_image_t *image,
 				  unsigned long *load_addr,
 				  unsigned long *load_size)
 {
-	const bool ignore_load_options = false;
+	const bool ignore_load_options = IS_ENABLED(CONFIG_CMDLINE_OVERRIDE) ||
+					 IS_ENABLED(CONFIG_CMDLINE_FORCE);
 	const efi_char16_t *cmdline = efi_table_attr(image, load_options);
 	u32 cmdline_len = efi_table_attr(image, load_options_size);
 	unsigned long efi_chunk_size = ULONG_MAX;