1 /*
2  * Originally from efivars.c
3  *
4  * Copyright (C) 2001,2003,2004 Dell <Matt_Domsch@dell.com>
5  * Copyright (C) 2004 Intel Corporation <matthew.e.tolentino@intel.com>
6  *
7  *  This program is free software; you can redistribute it and/or modify
8  *  it under the terms of the GNU General Public License as published by
9  *  the Free Software Foundation; either version 2 of the License, or
10  *  (at your option) any later version.
11  *
12  *  This program is distributed in the hope that it will be useful,
13  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
14  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  *  GNU General Public License for more details.
16  *
17  *  You should have received a copy of the GNU General Public License
18  *  along with this program; if not, write to the Free Software
19  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
20  */
21 
22 #include <linux/capability.h>
23 #include <linux/types.h>
24 #include <linux/errno.h>
25 #include <linux/init.h>
26 #include <linux/mm.h>
27 #include <linux/module.h>
28 #include <linux/string.h>
29 #include <linux/smp.h>
30 #include <linux/efi.h>
31 #include <linux/sysfs.h>
32 #include <linux/device.h>
33 #include <linux/slab.h>
34 #include <linux/ctype.h>
35 #include <linux/ucs2_string.h>
36 
37 /* Private pointer to registered efivars */
38 static struct efivars *__efivars;
39 
40 /*
41  * efivars_lock protects three things:
42  * 1) efivarfs_list and efivars_sysfs_list
43  * 2) ->ops calls
44  * 3) (un)registration of __efivars
45  */
46 static DEFINE_SEMAPHORE(efivars_lock);
47 
48 static bool efivar_wq_enabled = true;
49 DECLARE_WORK(efivar_work, NULL);
50 EXPORT_SYMBOL_GPL(efivar_work);
51 
52 static bool
validate_device_path(efi_char16_t * var_name,int match,u8 * buffer,unsigned long len)53 validate_device_path(efi_char16_t *var_name, int match, u8 *buffer,
54 		     unsigned long len)
55 {
56 	struct efi_generic_dev_path *node;
57 	int offset = 0;
58 
59 	node = (struct efi_generic_dev_path *)buffer;
60 
61 	if (len < sizeof(*node))
62 		return false;
63 
64 	while (offset <= len - sizeof(*node) &&
65 	       node->length >= sizeof(*node) &&
66 		node->length <= len - offset) {
67 		offset += node->length;
68 
69 		if ((node->type == EFI_DEV_END_PATH ||
70 		     node->type == EFI_DEV_END_PATH2) &&
71 		    node->sub_type == EFI_DEV_END_ENTIRE)
72 			return true;
73 
74 		node = (struct efi_generic_dev_path *)(buffer + offset);
75 	}
76 
77 	/*
78 	 * If we're here then either node->length pointed past the end
79 	 * of the buffer or we reached the end of the buffer without
80 	 * finding a device path end node.
81 	 */
82 	return false;
83 }
84 
85 static bool
validate_boot_order(efi_char16_t * var_name,int match,u8 * buffer,unsigned long len)86 validate_boot_order(efi_char16_t *var_name, int match, u8 *buffer,
87 		    unsigned long len)
88 {
89 	/* An array of 16-bit integers */
90 	if ((len % 2) != 0)
91 		return false;
92 
93 	return true;
94 }
95 
96 static bool
validate_load_option(efi_char16_t * var_name,int match,u8 * buffer,unsigned long len)97 validate_load_option(efi_char16_t *var_name, int match, u8 *buffer,
98 		     unsigned long len)
99 {
100 	u16 filepathlength;
101 	int i, desclength = 0, namelen;
102 
103 	namelen = ucs2_strnlen(var_name, EFI_VAR_NAME_LEN);
104 
105 	/* Either "Boot" or "Driver" followed by four digits of hex */
106 	for (i = match; i < match+4; i++) {
107 		if (var_name[i] > 127 ||
108 		    hex_to_bin(var_name[i] & 0xff) < 0)
109 			return true;
110 	}
111 
112 	/* Reject it if there's 4 digits of hex and then further content */
113 	if (namelen > match + 4)
114 		return false;
115 
116 	/* A valid entry must be at least 8 bytes */
117 	if (len < 8)
118 		return false;
119 
120 	filepathlength = buffer[4] | buffer[5] << 8;
121 
122 	/*
123 	 * There's no stored length for the description, so it has to be
124 	 * found by hand
125 	 */
126 	desclength = ucs2_strsize((efi_char16_t *)(buffer + 6), len - 6) + 2;
127 
128 	/* Each boot entry must have a descriptor */
129 	if (!desclength)
130 		return false;
131 
132 	/*
133 	 * If the sum of the length of the description, the claimed filepath
134 	 * length and the original header are greater than the length of the
135 	 * variable, it's malformed
136 	 */
137 	if ((desclength + filepathlength + 6) > len)
138 		return false;
139 
140 	/*
141 	 * And, finally, check the filepath
142 	 */
143 	return validate_device_path(var_name, match, buffer + desclength + 6,
144 				    filepathlength);
145 }
146 
147 static bool
validate_uint16(efi_char16_t * var_name,int match,u8 * buffer,unsigned long len)148 validate_uint16(efi_char16_t *var_name, int match, u8 *buffer,
149 		unsigned long len)
150 {
151 	/* A single 16-bit integer */
152 	if (len != 2)
153 		return false;
154 
155 	return true;
156 }
157 
158 static bool
validate_ascii_string(efi_char16_t * var_name,int match,u8 * buffer,unsigned long len)159 validate_ascii_string(efi_char16_t *var_name, int match, u8 *buffer,
160 		      unsigned long len)
161 {
162 	int i;
163 
164 	for (i = 0; i < len; i++) {
165 		if (buffer[i] > 127)
166 			return false;
167 
168 		if (buffer[i] == 0)
169 			return true;
170 	}
171 
172 	return false;
173 }
174 
175 struct variable_validate {
176 	efi_guid_t vendor;
177 	char *name;
178 	bool (*validate)(efi_char16_t *var_name, int match, u8 *data,
179 			 unsigned long len);
180 };
181 
182 /*
183  * This is the list of variables we need to validate, as well as the
184  * whitelist for what we think is safe not to default to immutable.
185  *
186  * If it has a validate() method that's not NULL, it'll go into the
187  * validation routine.  If not, it is assumed valid, but still used for
188  * whitelisting.
189  *
190  * Note that it's sorted by {vendor,name}, but globbed names must come after
191  * any other name with the same prefix.
192  */
193 static const struct variable_validate variable_validate[] = {
194 	{ EFI_GLOBAL_VARIABLE_GUID, "BootNext", validate_uint16 },
195 	{ EFI_GLOBAL_VARIABLE_GUID, "BootOrder", validate_boot_order },
196 	{ EFI_GLOBAL_VARIABLE_GUID, "Boot*", validate_load_option },
197 	{ EFI_GLOBAL_VARIABLE_GUID, "DriverOrder", validate_boot_order },
198 	{ EFI_GLOBAL_VARIABLE_GUID, "Driver*", validate_load_option },
199 	{ EFI_GLOBAL_VARIABLE_GUID, "ConIn", validate_device_path },
200 	{ EFI_GLOBAL_VARIABLE_GUID, "ConInDev", validate_device_path },
201 	{ EFI_GLOBAL_VARIABLE_GUID, "ConOut", validate_device_path },
202 	{ EFI_GLOBAL_VARIABLE_GUID, "ConOutDev", validate_device_path },
203 	{ EFI_GLOBAL_VARIABLE_GUID, "ErrOut", validate_device_path },
204 	{ EFI_GLOBAL_VARIABLE_GUID, "ErrOutDev", validate_device_path },
205 	{ EFI_GLOBAL_VARIABLE_GUID, "Lang", validate_ascii_string },
206 	{ EFI_GLOBAL_VARIABLE_GUID, "OsIndications", NULL },
207 	{ EFI_GLOBAL_VARIABLE_GUID, "PlatformLang", validate_ascii_string },
208 	{ EFI_GLOBAL_VARIABLE_GUID, "Timeout", validate_uint16 },
209 	{ LINUX_EFI_CRASH_GUID, "*", NULL },
210 	{ NULL_GUID, "", NULL },
211 };
212 
213 /*
214  * Check if @var_name matches the pattern given in @match_name.
215  *
216  * @var_name: an array of @len non-NUL characters.
217  * @match_name: a NUL-terminated pattern string, optionally ending in "*". A
218  *              final "*" character matches any trailing characters @var_name,
219  *              including the case when there are none left in @var_name.
220  * @match: on output, the number of non-wildcard characters in @match_name
221  *         that @var_name matches, regardless of the return value.
222  * @return: whether @var_name fully matches @match_name.
223  */
224 static bool
variable_matches(const char * var_name,size_t len,const char * match_name,int * match)225 variable_matches(const char *var_name, size_t len, const char *match_name,
226 		 int *match)
227 {
228 	for (*match = 0; ; (*match)++) {
229 		char c = match_name[*match];
230 
231 		switch (c) {
232 		case '*':
233 			/* Wildcard in @match_name means we've matched. */
234 			return true;
235 
236 		case '\0':
237 			/* @match_name has ended. Has @var_name too? */
238 			return (*match == len);
239 
240 		default:
241 			/*
242 			 * We've reached a non-wildcard char in @match_name.
243 			 * Continue only if there's an identical character in
244 			 * @var_name.
245 			 */
246 			if (*match < len && c == var_name[*match])
247 				continue;
248 			return false;
249 		}
250 	}
251 }
252 
253 bool
efivar_validate(efi_guid_t vendor,efi_char16_t * var_name,u8 * data,unsigned long data_size)254 efivar_validate(efi_guid_t vendor, efi_char16_t *var_name, u8 *data,
255 		unsigned long data_size)
256 {
257 	int i;
258 	unsigned long utf8_size;
259 	u8 *utf8_name;
260 
261 	utf8_size = ucs2_utf8size(var_name);
262 	utf8_name = kmalloc(utf8_size + 1, GFP_KERNEL);
263 	if (!utf8_name)
264 		return false;
265 
266 	ucs2_as_utf8(utf8_name, var_name, utf8_size);
267 	utf8_name[utf8_size] = '\0';
268 
269 	for (i = 0; variable_validate[i].name[0] != '\0'; i++) {
270 		const char *name = variable_validate[i].name;
271 		int match = 0;
272 
273 		if (efi_guidcmp(vendor, variable_validate[i].vendor))
274 			continue;
275 
276 		if (variable_matches(utf8_name, utf8_size+1, name, &match)) {
277 			if (variable_validate[i].validate == NULL)
278 				break;
279 			kfree(utf8_name);
280 			return variable_validate[i].validate(var_name, match,
281 							     data, data_size);
282 		}
283 	}
284 	kfree(utf8_name);
285 	return true;
286 }
287 EXPORT_SYMBOL_GPL(efivar_validate);
288 
289 bool
efivar_variable_is_removable(efi_guid_t vendor,const char * var_name,size_t len)290 efivar_variable_is_removable(efi_guid_t vendor, const char *var_name,
291 			     size_t len)
292 {
293 	int i;
294 	bool found = false;
295 	int match = 0;
296 
297 	/*
298 	 * Check if our variable is in the validated variables list
299 	 */
300 	for (i = 0; variable_validate[i].name[0] != '\0'; i++) {
301 		if (efi_guidcmp(variable_validate[i].vendor, vendor))
302 			continue;
303 
304 		if (variable_matches(var_name, len,
305 				     variable_validate[i].name, &match)) {
306 			found = true;
307 			break;
308 		}
309 	}
310 
311 	/*
312 	 * If it's in our list, it is removable.
313 	 */
314 	return found;
315 }
316 EXPORT_SYMBOL_GPL(efivar_variable_is_removable);
317 
318 static efi_status_t
check_var_size(u32 attributes,unsigned long size)319 check_var_size(u32 attributes, unsigned long size)
320 {
321 	const struct efivar_operations *fops = __efivars->ops;
322 
323 	if (!fops->query_variable_store)
324 		return EFI_UNSUPPORTED;
325 
326 	return fops->query_variable_store(attributes, size, false);
327 }
328 
329 static efi_status_t
check_var_size_nonblocking(u32 attributes,unsigned long size)330 check_var_size_nonblocking(u32 attributes, unsigned long size)
331 {
332 	const struct efivar_operations *fops = __efivars->ops;
333 
334 	if (!fops->query_variable_store)
335 		return EFI_UNSUPPORTED;
336 
337 	return fops->query_variable_store(attributes, size, true);
338 }
339 
variable_is_present(efi_char16_t * variable_name,efi_guid_t * vendor,struct list_head * head)340 static bool variable_is_present(efi_char16_t *variable_name, efi_guid_t *vendor,
341 				struct list_head *head)
342 {
343 	struct efivar_entry *entry, *n;
344 	unsigned long strsize1, strsize2;
345 	bool found = false;
346 
347 	strsize1 = ucs2_strsize(variable_name, 1024);
348 	list_for_each_entry_safe(entry, n, head, list) {
349 		strsize2 = ucs2_strsize(entry->var.VariableName, 1024);
350 		if (strsize1 == strsize2 &&
351 			!memcmp(variable_name, &(entry->var.VariableName),
352 				strsize2) &&
353 			!efi_guidcmp(entry->var.VendorGuid,
354 				*vendor)) {
355 			found = true;
356 			break;
357 		}
358 	}
359 	return found;
360 }
361 
362 /*
363  * Returns the size of variable_name, in bytes, including the
364  * terminating NULL character, or variable_name_size if no NULL
365  * character is found among the first variable_name_size bytes.
366  */
var_name_strnsize(efi_char16_t * variable_name,unsigned long variable_name_size)367 static unsigned long var_name_strnsize(efi_char16_t *variable_name,
368 				       unsigned long variable_name_size)
369 {
370 	unsigned long len;
371 	efi_char16_t c;
372 
373 	/*
374 	 * The variable name is, by definition, a NULL-terminated
375 	 * string, so make absolutely sure that variable_name_size is
376 	 * the value we expect it to be. If not, return the real size.
377 	 */
378 	for (len = 2; len <= variable_name_size; len += sizeof(c)) {
379 		c = variable_name[(len / sizeof(c)) - 1];
380 		if (!c)
381 			break;
382 	}
383 
384 	return min(len, variable_name_size);
385 }
386 
387 /*
388  * Print a warning when duplicate EFI variables are encountered and
389  * disable the sysfs workqueue since the firmware is buggy.
390  */
dup_variable_bug(efi_char16_t * str16,efi_guid_t * vendor_guid,unsigned long len16)391 static void dup_variable_bug(efi_char16_t *str16, efi_guid_t *vendor_guid,
392 			     unsigned long len16)
393 {
394 	size_t i, len8 = len16 / sizeof(efi_char16_t);
395 	char *str8;
396 
397 	/*
398 	 * Disable the workqueue since the algorithm it uses for
399 	 * detecting new variables won't work with this buggy
400 	 * implementation of GetNextVariableName().
401 	 */
402 	efivar_wq_enabled = false;
403 
404 	str8 = kzalloc(len8, GFP_KERNEL);
405 	if (!str8)
406 		return;
407 
408 	for (i = 0; i < len8; i++)
409 		str8[i] = str16[i];
410 
411 	printk(KERN_WARNING "efivars: duplicate variable: %s-%pUl\n",
412 	       str8, vendor_guid);
413 	kfree(str8);
414 }
415 
416 /**
417  * efivar_init - build the initial list of EFI variables
418  * @func: callback function to invoke for every variable
419  * @data: function-specific data to pass to @func
420  * @atomic: do we need to execute the @func-loop atomically?
421  * @duplicates: error if we encounter duplicates on @head?
422  * @head: initialised head of variable list
423  *
424  * Get every EFI variable from the firmware and invoke @func. @func
425  * should call efivar_entry_add() to build the list of variables.
426  *
427  * Returns 0 on success, or a kernel error code on failure.
428  */
efivar_init(int (* func)(efi_char16_t *,efi_guid_t,unsigned long,void *),void * data,bool duplicates,struct list_head * head)429 int efivar_init(int (*func)(efi_char16_t *, efi_guid_t, unsigned long, void *),
430 		void *data, bool duplicates, struct list_head *head)
431 {
432 	const struct efivar_operations *ops = __efivars->ops;
433 	unsigned long variable_name_size = 1024;
434 	efi_char16_t *variable_name;
435 	efi_status_t status;
436 	efi_guid_t vendor_guid;
437 	int err = 0;
438 
439 	variable_name = kzalloc(variable_name_size, GFP_KERNEL);
440 	if (!variable_name) {
441 		printk(KERN_ERR "efivars: Memory allocation failed.\n");
442 		return -ENOMEM;
443 	}
444 
445 	if (down_interruptible(&efivars_lock)) {
446 		err = -EINTR;
447 		goto free;
448 	}
449 
450 	/*
451 	 * Per EFI spec, the maximum storage allocated for both
452 	 * the variable name and variable data is 1024 bytes.
453 	 */
454 
455 	do {
456 		variable_name_size = 1024;
457 
458 		status = ops->get_next_variable(&variable_name_size,
459 						variable_name,
460 						&vendor_guid);
461 		switch (status) {
462 		case EFI_SUCCESS:
463 			if (duplicates)
464 				up(&efivars_lock);
465 
466 			variable_name_size = var_name_strnsize(variable_name,
467 							       variable_name_size);
468 
469 			/*
470 			 * Some firmware implementations return the
471 			 * same variable name on multiple calls to
472 			 * get_next_variable(). Terminate the loop
473 			 * immediately as there is no guarantee that
474 			 * we'll ever see a different variable name,
475 			 * and may end up looping here forever.
476 			 */
477 			if (duplicates &&
478 			    variable_is_present(variable_name, &vendor_guid,
479 						head)) {
480 				dup_variable_bug(variable_name, &vendor_guid,
481 						 variable_name_size);
482 				status = EFI_NOT_FOUND;
483 			} else {
484 				err = func(variable_name, vendor_guid,
485 					   variable_name_size, data);
486 				if (err)
487 					status = EFI_NOT_FOUND;
488 			}
489 
490 			if (duplicates) {
491 				if (down_interruptible(&efivars_lock)) {
492 					err = -EINTR;
493 					goto free;
494 				}
495 			}
496 
497 			break;
498 		case EFI_NOT_FOUND:
499 			break;
500 		default:
501 			printk(KERN_WARNING "efivars: get_next_variable: status=%lx\n",
502 				status);
503 			status = EFI_NOT_FOUND;
504 			break;
505 		}
506 
507 	} while (status != EFI_NOT_FOUND);
508 
509 	up(&efivars_lock);
510 free:
511 	kfree(variable_name);
512 
513 	return err;
514 }
515 EXPORT_SYMBOL_GPL(efivar_init);
516 
517 /**
518  * efivar_entry_add - add entry to variable list
519  * @entry: entry to add to list
520  * @head: list head
521  *
522  * Returns 0 on success, or a kernel error code on failure.
523  */
efivar_entry_add(struct efivar_entry * entry,struct list_head * head)524 int efivar_entry_add(struct efivar_entry *entry, struct list_head *head)
525 {
526 	if (down_interruptible(&efivars_lock))
527 		return -EINTR;
528 	list_add(&entry->list, head);
529 	up(&efivars_lock);
530 
531 	return 0;
532 }
533 EXPORT_SYMBOL_GPL(efivar_entry_add);
534 
535 /**
536  * efivar_entry_remove - remove entry from variable list
537  * @entry: entry to remove from list
538  *
539  * Returns 0 on success, or a kernel error code on failure.
540  */
efivar_entry_remove(struct efivar_entry * entry)541 int efivar_entry_remove(struct efivar_entry *entry)
542 {
543 	if (down_interruptible(&efivars_lock))
544 		return -EINTR;
545 	list_del(&entry->list);
546 	up(&efivars_lock);
547 
548 	return 0;
549 }
550 EXPORT_SYMBOL_GPL(efivar_entry_remove);
551 
552 /*
553  * efivar_entry_list_del_unlock - remove entry from variable list
554  * @entry: entry to remove
555  *
556  * Remove @entry from the variable list and release the list lock.
557  *
558  * NOTE: slightly weird locking semantics here - we expect to be
559  * called with the efivars lock already held, and we release it before
560  * returning. This is because this function is usually called after
561  * set_variable() while the lock is still held.
562  */
efivar_entry_list_del_unlock(struct efivar_entry * entry)563 static void efivar_entry_list_del_unlock(struct efivar_entry *entry)
564 {
565 	list_del(&entry->list);
566 	up(&efivars_lock);
567 }
568 
569 /**
570  * __efivar_entry_delete - delete an EFI variable
571  * @entry: entry containing EFI variable to delete
572  *
573  * Delete the variable from the firmware but leave @entry on the
574  * variable list.
575  *
576  * This function differs from efivar_entry_delete() because it does
577  * not remove @entry from the variable list. Also, it is safe to be
578  * called from within a efivar_entry_iter_begin() and
579  * efivar_entry_iter_end() region, unlike efivar_entry_delete().
580  *
581  * Returns 0 on success, or a converted EFI status code if
582  * set_variable() fails.
583  */
__efivar_entry_delete(struct efivar_entry * entry)584 int __efivar_entry_delete(struct efivar_entry *entry)
585 {
586 	const struct efivar_operations *ops = __efivars->ops;
587 	efi_status_t status;
588 
589 	status = ops->set_variable(entry->var.VariableName,
590 				   &entry->var.VendorGuid,
591 				   0, 0, NULL);
592 
593 	return efi_status_to_err(status);
594 }
595 EXPORT_SYMBOL_GPL(__efivar_entry_delete);
596 
597 /**
598  * efivar_entry_delete - delete variable and remove entry from list
599  * @entry: entry containing variable to delete
600  *
601  * Delete the variable from the firmware and remove @entry from the
602  * variable list. It is the caller's responsibility to free @entry
603  * once we return.
604  *
605  * Returns 0 on success, -EINTR if we can't grab the semaphore,
606  * converted EFI status code if set_variable() fails.
607  */
efivar_entry_delete(struct efivar_entry * entry)608 int efivar_entry_delete(struct efivar_entry *entry)
609 {
610 	const struct efivar_operations *ops = __efivars->ops;
611 	efi_status_t status;
612 
613 	if (down_interruptible(&efivars_lock))
614 		return -EINTR;
615 
616 	status = ops->set_variable(entry->var.VariableName,
617 				   &entry->var.VendorGuid,
618 				   0, 0, NULL);
619 	if (!(status == EFI_SUCCESS || status == EFI_NOT_FOUND)) {
620 		up(&efivars_lock);
621 		return efi_status_to_err(status);
622 	}
623 
624 	efivar_entry_list_del_unlock(entry);
625 	return 0;
626 }
627 EXPORT_SYMBOL_GPL(efivar_entry_delete);
628 
629 /**
630  * efivar_entry_set - call set_variable()
631  * @entry: entry containing the EFI variable to write
632  * @attributes: variable attributes
633  * @size: size of @data buffer
634  * @data: buffer containing variable data
635  * @head: head of variable list
636  *
637  * Calls set_variable() for an EFI variable. If creating a new EFI
638  * variable, this function is usually followed by efivar_entry_add().
639  *
640  * Before writing the variable, the remaining EFI variable storage
641  * space is checked to ensure there is enough room available.
642  *
643  * If @head is not NULL a lookup is performed to determine whether
644  * the entry is already on the list.
645  *
646  * Returns 0 on success, -EINTR if we can't grab the semaphore,
647  * -EEXIST if a lookup is performed and the entry already exists on
648  * the list, or a converted EFI status code if set_variable() fails.
649  */
efivar_entry_set(struct efivar_entry * entry,u32 attributes,unsigned long size,void * data,struct list_head * head)650 int efivar_entry_set(struct efivar_entry *entry, u32 attributes,
651 		     unsigned long size, void *data, struct list_head *head)
652 {
653 	const struct efivar_operations *ops = __efivars->ops;
654 	efi_status_t status;
655 	efi_char16_t *name = entry->var.VariableName;
656 	efi_guid_t vendor = entry->var.VendorGuid;
657 
658 	if (down_interruptible(&efivars_lock))
659 		return -EINTR;
660 	if (head && efivar_entry_find(name, vendor, head, false)) {
661 		up(&efivars_lock);
662 		return -EEXIST;
663 	}
664 
665 	status = check_var_size(attributes, size + ucs2_strsize(name, 1024));
666 	if (status == EFI_SUCCESS || status == EFI_UNSUPPORTED)
667 		status = ops->set_variable(name, &vendor,
668 					   attributes, size, data);
669 
670 	up(&efivars_lock);
671 
672 	return efi_status_to_err(status);
673 
674 }
675 EXPORT_SYMBOL_GPL(efivar_entry_set);
676 
677 /*
678  * efivar_entry_set_nonblocking - call set_variable_nonblocking()
679  *
680  * This function is guaranteed to not block and is suitable for calling
681  * from crash/panic handlers.
682  *
683  * Crucially, this function will not block if it cannot acquire
684  * efivars_lock. Instead, it returns -EBUSY.
685  */
686 static int
efivar_entry_set_nonblocking(efi_char16_t * name,efi_guid_t vendor,u32 attributes,unsigned long size,void * data)687 efivar_entry_set_nonblocking(efi_char16_t *name, efi_guid_t vendor,
688 			     u32 attributes, unsigned long size, void *data)
689 {
690 	const struct efivar_operations *ops = __efivars->ops;
691 	efi_status_t status;
692 
693 	if (down_trylock(&efivars_lock))
694 		return -EBUSY;
695 
696 	status = check_var_size_nonblocking(attributes,
697 					    size + ucs2_strsize(name, 1024));
698 	if (status != EFI_SUCCESS) {
699 		up(&efivars_lock);
700 		return -ENOSPC;
701 	}
702 
703 	status = ops->set_variable_nonblocking(name, &vendor, attributes,
704 					       size, data);
705 
706 	up(&efivars_lock);
707 	return efi_status_to_err(status);
708 }
709 
710 /**
711  * efivar_entry_set_safe - call set_variable() if enough space in firmware
712  * @name: buffer containing the variable name
713  * @vendor: variable vendor guid
714  * @attributes: variable attributes
715  * @block: can we block in this context?
716  * @size: size of @data buffer
717  * @data: buffer containing variable data
718  *
719  * Ensures there is enough free storage in the firmware for this variable, and
720  * if so, calls set_variable(). If creating a new EFI variable, this function
721  * is usually followed by efivar_entry_add().
722  *
723  * Returns 0 on success, -ENOSPC if the firmware does not have enough
724  * space for set_variable() to succeed, or a converted EFI status code
725  * if set_variable() fails.
726  */
efivar_entry_set_safe(efi_char16_t * name,efi_guid_t vendor,u32 attributes,bool block,unsigned long size,void * data)727 int efivar_entry_set_safe(efi_char16_t *name, efi_guid_t vendor, u32 attributes,
728 			  bool block, unsigned long size, void *data)
729 {
730 	const struct efivar_operations *ops = __efivars->ops;
731 	efi_status_t status;
732 
733 	if (!ops->query_variable_store)
734 		return -ENOSYS;
735 
736 	/*
737 	 * If the EFI variable backend provides a non-blocking
738 	 * ->set_variable() operation and we're in a context where we
739 	 * cannot block, then we need to use it to avoid live-locks,
740 	 * since the implication is that the regular ->set_variable()
741 	 * will block.
742 	 *
743 	 * If no ->set_variable_nonblocking() is provided then
744 	 * ->set_variable() is assumed to be non-blocking.
745 	 */
746 	if (!block && ops->set_variable_nonblocking)
747 		return efivar_entry_set_nonblocking(name, vendor, attributes,
748 						    size, data);
749 
750 	if (!block) {
751 		if (down_trylock(&efivars_lock))
752 			return -EBUSY;
753 	} else {
754 		if (down_interruptible(&efivars_lock))
755 			return -EINTR;
756 	}
757 
758 	status = check_var_size(attributes, size + ucs2_strsize(name, 1024));
759 	if (status != EFI_SUCCESS) {
760 		up(&efivars_lock);
761 		return -ENOSPC;
762 	}
763 
764 	status = ops->set_variable(name, &vendor, attributes, size, data);
765 
766 	up(&efivars_lock);
767 
768 	return efi_status_to_err(status);
769 }
770 EXPORT_SYMBOL_GPL(efivar_entry_set_safe);
771 
772 /**
773  * efivar_entry_find - search for an entry
774  * @name: the EFI variable name
775  * @guid: the EFI variable vendor's guid
776  * @head: head of the variable list
777  * @remove: should we remove the entry from the list?
778  *
779  * Search for an entry on the variable list that has the EFI variable
780  * name @name and vendor guid @guid. If an entry is found on the list
781  * and @remove is true, the entry is removed from the list.
782  *
783  * The caller MUST call efivar_entry_iter_begin() and
784  * efivar_entry_iter_end() before and after the invocation of this
785  * function, respectively.
786  *
787  * Returns the entry if found on the list, %NULL otherwise.
788  */
efivar_entry_find(efi_char16_t * name,efi_guid_t guid,struct list_head * head,bool remove)789 struct efivar_entry *efivar_entry_find(efi_char16_t *name, efi_guid_t guid,
790 				       struct list_head *head, bool remove)
791 {
792 	struct efivar_entry *entry, *n;
793 	int strsize1, strsize2;
794 	bool found = false;
795 
796 	list_for_each_entry_safe(entry, n, head, list) {
797 		strsize1 = ucs2_strsize(name, 1024);
798 		strsize2 = ucs2_strsize(entry->var.VariableName, 1024);
799 		if (strsize1 == strsize2 &&
800 		    !memcmp(name, &(entry->var.VariableName), strsize1) &&
801 		    !efi_guidcmp(guid, entry->var.VendorGuid)) {
802 			found = true;
803 			break;
804 		}
805 	}
806 
807 	if (!found)
808 		return NULL;
809 
810 	if (remove) {
811 		if (entry->scanning) {
812 			/*
813 			 * The entry will be deleted
814 			 * after scanning is completed.
815 			 */
816 			entry->deleting = true;
817 		} else
818 			list_del(&entry->list);
819 	}
820 
821 	return entry;
822 }
823 EXPORT_SYMBOL_GPL(efivar_entry_find);
824 
825 /**
826  * efivar_entry_size - obtain the size of a variable
827  * @entry: entry for this variable
828  * @size: location to store the variable's size
829  */
efivar_entry_size(struct efivar_entry * entry,unsigned long * size)830 int efivar_entry_size(struct efivar_entry *entry, unsigned long *size)
831 {
832 	const struct efivar_operations *ops = __efivars->ops;
833 	efi_status_t status;
834 
835 	*size = 0;
836 
837 	if (down_interruptible(&efivars_lock))
838 		return -EINTR;
839 	status = ops->get_variable(entry->var.VariableName,
840 				   &entry->var.VendorGuid, NULL, size, NULL);
841 	up(&efivars_lock);
842 
843 	if (status != EFI_BUFFER_TOO_SMALL)
844 		return efi_status_to_err(status);
845 
846 	return 0;
847 }
848 EXPORT_SYMBOL_GPL(efivar_entry_size);
849 
850 /**
851  * __efivar_entry_get - call get_variable()
852  * @entry: read data for this variable
853  * @attributes: variable attributes
854  * @size: size of @data buffer
855  * @data: buffer to store variable data
856  *
857  * The caller MUST call efivar_entry_iter_begin() and
858  * efivar_entry_iter_end() before and after the invocation of this
859  * function, respectively.
860  */
__efivar_entry_get(struct efivar_entry * entry,u32 * attributes,unsigned long * size,void * data)861 int __efivar_entry_get(struct efivar_entry *entry, u32 *attributes,
862 		       unsigned long *size, void *data)
863 {
864 	const struct efivar_operations *ops = __efivars->ops;
865 	efi_status_t status;
866 
867 	status = ops->get_variable(entry->var.VariableName,
868 				   &entry->var.VendorGuid,
869 				   attributes, size, data);
870 
871 	return efi_status_to_err(status);
872 }
873 EXPORT_SYMBOL_GPL(__efivar_entry_get);
874 
875 /**
876  * efivar_entry_get - call get_variable()
877  * @entry: read data for this variable
878  * @attributes: variable attributes
879  * @size: size of @data buffer
880  * @data: buffer to store variable data
881  */
efivar_entry_get(struct efivar_entry * entry,u32 * attributes,unsigned long * size,void * data)882 int efivar_entry_get(struct efivar_entry *entry, u32 *attributes,
883 		     unsigned long *size, void *data)
884 {
885 	const struct efivar_operations *ops = __efivars->ops;
886 	efi_status_t status;
887 
888 	if (down_interruptible(&efivars_lock))
889 		return -EINTR;
890 	status = ops->get_variable(entry->var.VariableName,
891 				   &entry->var.VendorGuid,
892 				   attributes, size, data);
893 	up(&efivars_lock);
894 
895 	return efi_status_to_err(status);
896 }
897 EXPORT_SYMBOL_GPL(efivar_entry_get);
898 
899 /**
900  * efivar_entry_set_get_size - call set_variable() and get new size (atomic)
901  * @entry: entry containing variable to set and get
902  * @attributes: attributes of variable to be written
903  * @size: size of data buffer
904  * @data: buffer containing data to write
905  * @set: did the set_variable() call succeed?
906  *
907  * This is a pretty special (complex) function. See efivarfs_file_write().
908  *
909  * Atomically call set_variable() for @entry and if the call is
910  * successful, return the new size of the variable from get_variable()
911  * in @size. The success of set_variable() is indicated by @set.
912  *
913  * Returns 0 on success, -EINVAL if the variable data is invalid,
914  * -ENOSPC if the firmware does not have enough available space, or a
915  * converted EFI status code if either of set_variable() or
916  * get_variable() fail.
917  *
918  * If the EFI variable does not exist when calling set_variable()
919  * (EFI_NOT_FOUND), @entry is removed from the variable list.
920  */
efivar_entry_set_get_size(struct efivar_entry * entry,u32 attributes,unsigned long * size,void * data,bool * set)921 int efivar_entry_set_get_size(struct efivar_entry *entry, u32 attributes,
922 			      unsigned long *size, void *data, bool *set)
923 {
924 	const struct efivar_operations *ops = __efivars->ops;
925 	efi_char16_t *name = entry->var.VariableName;
926 	efi_guid_t *vendor = &entry->var.VendorGuid;
927 	efi_status_t status;
928 	int err;
929 
930 	*set = false;
931 
932 	if (efivar_validate(*vendor, name, data, *size) == false)
933 		return -EINVAL;
934 
935 	/*
936 	 * The lock here protects the get_variable call, the conditional
937 	 * set_variable call, and removal of the variable from the efivars
938 	 * list (in the case of an authenticated delete).
939 	 */
940 	if (down_interruptible(&efivars_lock))
941 		return -EINTR;
942 
943 	/*
944 	 * Ensure that the available space hasn't shrunk below the safe level
945 	 */
946 	status = check_var_size(attributes, *size + ucs2_strsize(name, 1024));
947 	if (status != EFI_SUCCESS) {
948 		if (status != EFI_UNSUPPORTED) {
949 			err = efi_status_to_err(status);
950 			goto out;
951 		}
952 
953 		if (*size > 65536) {
954 			err = -ENOSPC;
955 			goto out;
956 		}
957 	}
958 
959 	status = ops->set_variable(name, vendor, attributes, *size, data);
960 	if (status != EFI_SUCCESS) {
961 		err = efi_status_to_err(status);
962 		goto out;
963 	}
964 
965 	*set = true;
966 
967 	/*
968 	 * Writing to the variable may have caused a change in size (which
969 	 * could either be an append or an overwrite), or the variable to be
970 	 * deleted. Perform a GetVariable() so we can tell what actually
971 	 * happened.
972 	 */
973 	*size = 0;
974 	status = ops->get_variable(entry->var.VariableName,
975 				   &entry->var.VendorGuid,
976 				   NULL, size, NULL);
977 
978 	if (status == EFI_NOT_FOUND)
979 		efivar_entry_list_del_unlock(entry);
980 	else
981 		up(&efivars_lock);
982 
983 	if (status && status != EFI_BUFFER_TOO_SMALL)
984 		return efi_status_to_err(status);
985 
986 	return 0;
987 
988 out:
989 	up(&efivars_lock);
990 	return err;
991 
992 }
993 EXPORT_SYMBOL_GPL(efivar_entry_set_get_size);
994 
995 /**
996  * efivar_entry_iter_begin - begin iterating the variable list
997  *
998  * Lock the variable list to prevent entry insertion and removal until
999  * efivar_entry_iter_end() is called. This function is usually used in
1000  * conjunction with __efivar_entry_iter() or efivar_entry_iter().
1001  */
efivar_entry_iter_begin(void)1002 int efivar_entry_iter_begin(void)
1003 {
1004 	return down_interruptible(&efivars_lock);
1005 }
1006 EXPORT_SYMBOL_GPL(efivar_entry_iter_begin);
1007 
1008 /**
1009  * efivar_entry_iter_end - finish iterating the variable list
1010  *
1011  * Unlock the variable list and allow modifications to the list again.
1012  */
efivar_entry_iter_end(void)1013 void efivar_entry_iter_end(void)
1014 {
1015 	up(&efivars_lock);
1016 }
1017 EXPORT_SYMBOL_GPL(efivar_entry_iter_end);
1018 
1019 /**
1020  * __efivar_entry_iter - iterate over variable list
1021  * @func: callback function
1022  * @head: head of the variable list
1023  * @data: function-specific data to pass to callback
1024  * @prev: entry to begin iterating from
1025  *
1026  * Iterate over the list of EFI variables and call @func with every
1027  * entry on the list. It is safe for @func to remove entries in the
1028  * list via efivar_entry_delete().
1029  *
1030  * You MUST call efivar_enter_iter_begin() before this function, and
1031  * efivar_entry_iter_end() afterwards.
1032  *
1033  * It is possible to begin iteration from an arbitrary entry within
1034  * the list by passing @prev. @prev is updated on return to point to
1035  * the last entry passed to @func. To begin iterating from the
1036  * beginning of the list @prev must be %NULL.
1037  *
1038  * The restrictions for @func are the same as documented for
1039  * efivar_entry_iter().
1040  */
__efivar_entry_iter(int (* func)(struct efivar_entry *,void *),struct list_head * head,void * data,struct efivar_entry ** prev)1041 int __efivar_entry_iter(int (*func)(struct efivar_entry *, void *),
1042 			struct list_head *head, void *data,
1043 			struct efivar_entry **prev)
1044 {
1045 	struct efivar_entry *entry, *n;
1046 	int err = 0;
1047 
1048 	if (!prev || !*prev) {
1049 		list_for_each_entry_safe(entry, n, head, list) {
1050 			err = func(entry, data);
1051 			if (err)
1052 				break;
1053 		}
1054 
1055 		if (prev)
1056 			*prev = entry;
1057 
1058 		return err;
1059 	}
1060 
1061 
1062 	list_for_each_entry_safe_continue((*prev), n, head, list) {
1063 		err = func(*prev, data);
1064 		if (err)
1065 			break;
1066 	}
1067 
1068 	return err;
1069 }
1070 EXPORT_SYMBOL_GPL(__efivar_entry_iter);
1071 
1072 /**
1073  * efivar_entry_iter - iterate over variable list
1074  * @func: callback function
1075  * @head: head of variable list
1076  * @data: function-specific data to pass to callback
1077  *
1078  * Iterate over the list of EFI variables and call @func with every
1079  * entry on the list. It is safe for @func to remove entries in the
1080  * list via efivar_entry_delete() while iterating.
1081  *
1082  * Some notes for the callback function:
1083  *  - a non-zero return value indicates an error and terminates the loop
1084  *  - @func is called from atomic context
1085  */
efivar_entry_iter(int (* func)(struct efivar_entry *,void *),struct list_head * head,void * data)1086 int efivar_entry_iter(int (*func)(struct efivar_entry *, void *),
1087 		      struct list_head *head, void *data)
1088 {
1089 	int err = 0;
1090 
1091 	err = efivar_entry_iter_begin();
1092 	if (err)
1093 		return err;
1094 	err = __efivar_entry_iter(func, head, data, NULL);
1095 	efivar_entry_iter_end();
1096 
1097 	return err;
1098 }
1099 EXPORT_SYMBOL_GPL(efivar_entry_iter);
1100 
1101 /**
1102  * efivars_kobject - get the kobject for the registered efivars
1103  *
1104  * If efivars_register() has not been called we return NULL,
1105  * otherwise return the kobject used at registration time.
1106  */
efivars_kobject(void)1107 struct kobject *efivars_kobject(void)
1108 {
1109 	if (!__efivars)
1110 		return NULL;
1111 
1112 	return __efivars->kobject;
1113 }
1114 EXPORT_SYMBOL_GPL(efivars_kobject);
1115 
1116 /**
1117  * efivar_run_worker - schedule the efivar worker thread
1118  */
efivar_run_worker(void)1119 void efivar_run_worker(void)
1120 {
1121 	if (efivar_wq_enabled)
1122 		schedule_work(&efivar_work);
1123 }
1124 EXPORT_SYMBOL_GPL(efivar_run_worker);
1125 
1126 /**
1127  * efivars_register - register an efivars
1128  * @efivars: efivars to register
1129  * @ops: efivars operations
1130  * @kobject: @efivars-specific kobject
1131  *
1132  * Only a single efivars can be registered at any time.
1133  */
efivars_register(struct efivars * efivars,const struct efivar_operations * ops,struct kobject * kobject)1134 int efivars_register(struct efivars *efivars,
1135 		     const struct efivar_operations *ops,
1136 		     struct kobject *kobject)
1137 {
1138 	if (down_interruptible(&efivars_lock))
1139 		return -EINTR;
1140 
1141 	efivars->ops = ops;
1142 	efivars->kobject = kobject;
1143 
1144 	__efivars = efivars;
1145 
1146 	pr_info("Registered efivars operations\n");
1147 
1148 	up(&efivars_lock);
1149 
1150 	return 0;
1151 }
1152 EXPORT_SYMBOL_GPL(efivars_register);
1153 
1154 /**
1155  * efivars_unregister - unregister an efivars
1156  * @efivars: efivars to unregister
1157  *
1158  * The caller must have already removed every entry from the list,
1159  * failure to do so is an error.
1160  */
efivars_unregister(struct efivars * efivars)1161 int efivars_unregister(struct efivars *efivars)
1162 {
1163 	int rv;
1164 
1165 	if (down_interruptible(&efivars_lock))
1166 		return -EINTR;
1167 
1168 	if (!__efivars) {
1169 		printk(KERN_ERR "efivars not registered\n");
1170 		rv = -EINVAL;
1171 		goto out;
1172 	}
1173 
1174 	if (__efivars != efivars) {
1175 		rv = -EINVAL;
1176 		goto out;
1177 	}
1178 
1179 	pr_info("Unregistered efivars operations\n");
1180 	__efivars = NULL;
1181 
1182 	rv = 0;
1183 out:
1184 	up(&efivars_lock);
1185 	return rv;
1186 }
1187 EXPORT_SYMBOL_GPL(efivars_unregister);
1188