[PATCH] efi_loader: check update capsule parameters
Heinrich Schuchardt
xypron.glpk at gmx.de
Mon Jun 21 08:04:42 CEST 2021
On 6/12/21 2:13 AM, AKASHI Takahiro wrote:
> Hi Vincent,
>
> Thank you for the update.
>
> On Fri, Jun 11, 2021 at 07:06:01PM +0200, Heinrich Schuchardt wrote:
>> Cc: Takahiro, Sughosh, Ilias
>>
>> On 6/11/21 6:15 PM, Vincent Stehlé wrote:
>>> UpdateCapsule() must return EFI_INVALID_PARAMETER in a number of cases,
>>> listed by the UEFI specification and tested by the SCT. Add a common
>>> function to do that.
>
> First of all, I would like to make clear one thing:
> My initial implementation of capsule support does *not*
> intend to support "UpdateCapsule" as runtime API.
> Instead, the sole objective is to provide "delivery of
> capsules via file" (or capsule on disk) method.
>
> This is because the initially-expected use case was
> that we would adopt capsules as an alternative for
> updating UEFI variables without using SetVariable runtime API.
> (This idea is no longer upheld, though.)
>
> This is why the API does not handle nor check parameters
> in the current code. I even regret to have added
> EFI_RUNTIME_UPDATE_CAPSULE option, which makes people confused.
>
> Nevertheless, I'm more than happy if other folks implement
> full semantics of UpdateCapsule.
>
>>> This fixes SCT UpdateCapsule_Conf failures.
>>>
>>> Reviewed-by: Grant Likely <grant.likely at arm.com>
>>> Signed-off-by: Vincent Stehlé <vincent.stehle at arm.com>
>>> Cc: Heinrich Schuchardt <xypron.glpk at gmx.de>
>>> Cc: Alexander Graf <agraf at csgraf.de>
>>> ---
>>> include/efi_loader.h | 24 ++++++++++++++++++++++++
>>> lib/efi_loader/efi_capsule.c | 8 ++++----
>>> lib/efi_loader/efi_runtime.c | 8 ++++++++
>>> 3 files changed, 36 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/include/efi_loader.h b/include/efi_loader.h
>>> index 0a9c82a257e..426d1c72d7d 100644
>>> --- a/include/efi_loader.h
>>> +++ b/include/efi_loader.h
>>> @@ -910,6 +910,30 @@ extern const struct efi_firmware_management_protocol efi_fmp_fit;
>>> extern const struct efi_firmware_management_protocol efi_fmp_raw;
>>>
>>> /* Capsule update */
>>> +static inline efi_status_t
>>> +efi_valid_update_capsule_params(struct efi_capsule_header
>>> + **capsule_header_array,
>>> + efi_uintn_t capsule_count,
>>> + u64 scatter_gather_list)
>>> +{
>>> + u32 flags;
>>> +
>>> + if (!capsule_count)
>>> + return EFI_INVALID_PARAMETER;
>>
>> If capsule count > 1, don't you have to check all capsules headers?
>>
>>> +
>>> + flags = capsule_header_array[0]->flags;
>>> +
>>> + if (((flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET) &&
>>> + !scatter_gather_list) ||
>>> + ((flags & CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE) &&
>>> + !(flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET)) ||
>>> + ((flags & CAPSULE_FLAGS_INITIATE_RESET) &&
>>> + !(flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET)))
>>> + return EFI_INVALID_PARAMETER;
>>
>> What happens if capsule(0) has CAPSULE_FLAGS_INITIATE_RESET and
>> capsule(4) has !CAPSULE_FLAGS_PERSIST_ACROSS_RESET?
>>
>> Best regards
>>
>> Heinrich
>>
>>> +
>>> + return EFI_SUCCESS;
>>> +}
>>> +
>>> efi_status_t EFIAPI efi_update_capsule(
>>> struct efi_capsule_header **capsule_header_array,
>>> efi_uintn_t capsule_count,
>>> diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
>>> index 60309d4a07d..380cfd70290 100644
>>> --- a/lib/efi_loader/efi_capsule.c
>>> +++ b/lib/efi_loader/efi_capsule.c
>>> @@ -442,12 +442,12 @@ efi_status_t EFIAPI efi_update_capsule(
>>> EFI_ENTRY("%p, %zu, %llu\n", capsule_header_array, capsule_count,
>>> scatter_gather_list);
>>>
>>> - if (!capsule_count) {
>>> - ret = EFI_INVALID_PARAMETER;
>>> + ret = efi_valid_update_capsule_params(capsule_header_array,
>>> + capsule_count,
>>> + scatter_gather_list);
>>> + if (ret != EFI_SUCCESS)
>>> goto out;
>>> - }
>>>
>>> - ret = EFI_SUCCESS;
>>> for (i = 0, capsule = *capsule_header_array; i < capsule_count;
>>> i++, capsule = *(++capsule_header_array)) {
>>> /* sanity check */
>>> diff --git a/lib/efi_loader/efi_runtime.c b/lib/efi_loader/efi_runtime.c
>>> index 93a695fc27e..449ad8b9f36 100644
>>> --- a/lib/efi_loader/efi_runtime.c
>>> +++ b/lib/efi_loader/efi_runtime.c
>>> @@ -467,6 +467,14 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule_unsupported(
>>> efi_uintn_t capsule_count,
>>> u64 scatter_gather_list)
>>> {
>>> + efi_status_t ret;
>>> +
>>> + ret = efi_valid_update_capsule_params(capsule_header_array,
>>> + capsule_count,
>>> + scatter_gather_list);
>
> This is "efi_update_capsule_unsupported" function.
> We don't have to check parameters.
>
> -Takahiro Akashi
Hello Vincent,
I will mark this patch as "changes requested". Please, send an updated
version.
Best regards
Heinrich
>
>>> + if (ret != EFI_SUCCESS)
>>> + return ret;
>>> +
>>> return EFI_UNSUPPORTED;
>>> }
>>>
>>>
>>
More information about the U-Boot
mailing list