Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
torvalds
GitHub Repository: torvalds/linux
 Path: blob/master/drivers/firmware/efi/libstub/x86-stub.c
26483 views
1
// SPDX-License-Identifier: GPL-2.0-only

2


3
/* -----------------------------------------------------------------------

4
 *

5
 *   Copyright 2011 Intel Corporation; author Matt Fleming

6
 *

7
 * ----------------------------------------------------------------------- */

8


9
#include <linux/efi.h>

10
#include <linux/pci.h>

11
#include <linux/stddef.h>

12


13
#include <asm/efi.h>

14
#include <asm/e820/types.h>

15
#include <asm/setup.h>

16
#include <asm/desc.h>

17
#include <asm/boot.h>

18
#include <asm/kaslr.h>

19
#include <asm/sev.h>

20


21
#include "efistub.h"

22
#include "x86-stub.h"

23


24
extern char _bss[], _ebss[];

25


26
const efi_system_table_t *efi_system_table;

27
const efi_dxe_services_table_t *efi_dxe_table;

28
static efi_loaded_image_t *image = NULL;

29
static efi_memory_attribute_protocol_t *memattr;

30


31
typedef union sev_memory_acceptance_protocol sev_memory_acceptance_protocol_t;

32
union sev_memory_acceptance_protocol {

33
	struct {

34
		efi_status_t (__efiapi * allow_unaccepted_memory)(

35
			sev_memory_acceptance_protocol_t *);

36
	};

37
	struct {

38
		u32 allow_unaccepted_memory;

39
	} mixed_mode;

40
};

41


42
static efi_status_t

43
preserve_pci_rom_image(efi_pci_io_protocol_t *pci, struct pci_setup_rom **__rom)

44
{

45
	struct pci_setup_rom *rom __free(efi_pool) = NULL;

46
	efi_status_t status;

47
	unsigned long size;

48
	uint64_t romsize;

49
	void *romimage;

50


51
	/*

52
	 * Some firmware images contain EFI function pointers at the place where

53
	 * the romimage and romsize fields are supposed to be. Typically the EFI

54
	 * code is mapped at high addresses, translating to an unrealistically

55
	 * large romsize. The UEFI spec limits the size of option ROMs to 16

56
	 * MiB so we reject any ROMs over 16 MiB in size to catch this.

57
	 */

58
	romimage = efi_table_attr(pci, romimage);

59
	romsize = efi_table_attr(pci, romsize);

60
	if (!romimage || !romsize || romsize > SZ_16M)

61
		return EFI_INVALID_PARAMETER;

62


63
	size = romsize + sizeof(*rom);

64


65
	status = efi_bs_call(allocate_pool, EFI_LOADER_DATA, size,

66
			     (void **)&rom);

67
	if (status != EFI_SUCCESS) {

68
		efi_err("Failed to allocate memory for 'rom'\n");

69
		return status;

70
	}

71


72
	memset(rom, 0, sizeof(*rom));

73


74
	rom->data.type	= SETUP_PCI;

75
	rom->data.len	= size - sizeof(struct setup_data);

76
	rom->data.next	= 0;

77
	rom->pcilen	= romsize;

78


79
	status = efi_call_proto(pci, pci.read, EfiPciIoWidthUint16,

80
				PCI_VENDOR_ID, 1, &rom->vendor);

81


82
	if (status != EFI_SUCCESS) {

83
		efi_err("Failed to read rom->vendor\n");

84
		return status;

85
	}

86


87
	status = efi_call_proto(pci, pci.read, EfiPciIoWidthUint16,

88
				PCI_DEVICE_ID, 1, &rom->devid);

89


90
	if (status != EFI_SUCCESS) {

91
		efi_err("Failed to read rom->devid\n");

92
		return status;

93
	}

94


95
	status = efi_call_proto(pci, get_location, &rom->segment, &rom->bus,

96
				&rom->device, &rom->function);

97


98
	if (status != EFI_SUCCESS)

99
		return status;

100


101
	memcpy(rom->romdata, romimage, romsize);

102
	*__rom = no_free_ptr(rom);

103
	return EFI_SUCCESS;

104
}

105


106
/*

107
 * There's no way to return an informative status from this function,

108
 * because any analysis (and printing of error messages) needs to be

109
 * done directly at the EFI function call-site.

110
 *

111
 * For example, EFI_INVALID_PARAMETER could indicate a bug or maybe we

112
 * just didn't find any PCI devices, but there's no way to tell outside

113
 * the context of the call.

114
 */

115
static void setup_efi_pci(struct boot_params *params)

116
{

117
	efi_status_t status;

118
	efi_handle_t *pci_handle __free(efi_pool) = NULL;

119
	efi_guid_t pci_proto = EFI_PCI_IO_PROTOCOL_GUID;

120
	struct setup_data *data;

121
	unsigned long num;

122
	efi_handle_t h;

123


124
	status = efi_bs_call(locate_handle_buffer, EFI_LOCATE_BY_PROTOCOL,

125
			     &pci_proto, NULL, &num, &pci_handle);

126
	if (status != EFI_SUCCESS)

127
		return;

128


129
	data = (struct setup_data *)(unsigned long)params->hdr.setup_data;

130


131
	while (data && data->next)

132
		data = (struct setup_data *)(unsigned long)data->next;

133


134
	for_each_efi_handle(h, pci_handle, num) {

135
		efi_pci_io_protocol_t *pci = NULL;

136
		struct pci_setup_rom *rom;

137


138
		status = efi_bs_call(handle_protocol, h, &pci_proto,

139
				     (void **)&pci);

140
		if (status != EFI_SUCCESS || !pci)

141
			continue;

142


143
		status = preserve_pci_rom_image(pci, &rom);

144
		if (status != EFI_SUCCESS)

145
			continue;

146


147
		if (data)

148
			data->next = (unsigned long)rom;

149
		else

150
			params->hdr.setup_data = (unsigned long)rom;

151


152
		data = (struct setup_data *)rom;

153
	}

154
}

155


156
static void retrieve_apple_device_properties(struct boot_params *boot_params)

157
{

158
	efi_guid_t guid = APPLE_PROPERTIES_PROTOCOL_GUID;

159
	struct setup_data *data, *new;

160
	efi_status_t status;

161
	u32 size = 0;

162
	apple_properties_protocol_t *p;

163


164
	status = efi_bs_call(locate_protocol, &guid, NULL, (void **)&p);

165
	if (status != EFI_SUCCESS)

166
		return;

167


168
	if (efi_table_attr(p, version) != 0x10000) {

169
		efi_err("Unsupported properties proto version\n");

170
		return;

171
	}

172


173
	efi_call_proto(p, get_all, NULL, &size);

174
	if (!size)

175
		return;

176


177
	do {

178
		status = efi_bs_call(allocate_pool, EFI_LOADER_DATA,

179
				     size + sizeof(struct setup_data),

180
				     (void **)&new);

181
		if (status != EFI_SUCCESS) {

182
			efi_err("Failed to allocate memory for 'properties'\n");

183
			return;

184
		}

185


186
		status = efi_call_proto(p, get_all, new->data, &size);

187


188
		if (status == EFI_BUFFER_TOO_SMALL)

189
			efi_bs_call(free_pool, new);

190
	} while (status == EFI_BUFFER_TOO_SMALL);

191


192
	new->type = SETUP_APPLE_PROPERTIES;

193
	new->len  = size;

194
	new->next = 0;

195


196
	data = (struct setup_data *)(unsigned long)boot_params->hdr.setup_data;

197
	if (!data) {

198
		boot_params->hdr.setup_data = (unsigned long)new;

199
	} else {

200
		while (data->next)

201
			data = (struct setup_data *)(unsigned long)data->next;

202
		data->next = (unsigned long)new;

203
	}

204
}

205


206
static bool apple_match_product_name(void)

207
{

208
	static const char type1_product_matches[][15] = {

209
		"MacBookPro11,3",

210
		"MacBookPro11,5",

211
		"MacBookPro13,3",

212
		"MacBookPro14,3",

213
		"MacBookPro15,1",

214
		"MacBookPro15,3",

215
		"MacBookPro16,1",

216
		"MacBookPro16,4",

217
	};

218
	const struct efi_smbios_type1_record *record;

219
	const u8 *product;

220


221
	record = (struct efi_smbios_type1_record *)efi_get_smbios_record(1);

222
	if (!record)

223
		return false;

224


225
	product = efi_get_smbios_string(record, product_name);

226
	if (!product)

227
		return false;

228


229
	for (int i = 0; i < ARRAY_SIZE(type1_product_matches); i++) {

230
		if (!strcmp(product, type1_product_matches[i]))

231
			return true;

232
	}

233


234
	return false;

235
}

236


237
static void apple_set_os(void)

238
{

239
	struct {

240
		unsigned long version;

241
		efi_status_t (__efiapi *set_os_version)(const char *);

242
		efi_status_t (__efiapi *set_os_vendor)(const char *);

243
	} *set_os;

244
	efi_status_t status;

245


246
	if (!efi_is_64bit() || !apple_match_product_name())

247
		return;

248


249
	status = efi_bs_call(locate_protocol, &APPLE_SET_OS_PROTOCOL_GUID, NULL,

250
			     (void **)&set_os);

251
	if (status != EFI_SUCCESS)

252
		return;

253


254
	if (set_os->version >= 2) {

255
		status = set_os->set_os_vendor("Apple Inc.");

256
		if (status != EFI_SUCCESS)

257
			efi_err("Failed to set OS vendor via apple_set_os\n");

258
	}

259


260
	if (set_os->version > 0) {

261
		/* The version being set doesn't seem to matter */

262
		status = set_os->set_os_version("Mac OS X 10.9");

263
		if (status != EFI_SUCCESS)

264
			efi_err("Failed to set OS version via apple_set_os\n");

265
	}

266
}

267


268
efi_status_t efi_adjust_memory_range_protection(unsigned long start,

269
						unsigned long size)

270
{

271
	efi_status_t status;

272
	efi_gcd_memory_space_desc_t desc;

273
	unsigned long end, next;

274
	unsigned long rounded_start, rounded_end;

275
	unsigned long unprotect_start, unprotect_size;

276


277
	rounded_start = rounddown(start, EFI_PAGE_SIZE);

278
	rounded_end = roundup(start + size, EFI_PAGE_SIZE);

279


280
	if (memattr != NULL) {

281
		status = efi_call_proto(memattr, set_memory_attributes,

282
					rounded_start,

283
					rounded_end - rounded_start,

284
					EFI_MEMORY_RO);

285
		if (status != EFI_SUCCESS) {

286
			efi_warn("Failed to set EFI_MEMORY_RO attribute\n");

287
			return status;

288
		}

289


290
		status = efi_call_proto(memattr, clear_memory_attributes,

291
					rounded_start,

292
					rounded_end - rounded_start,

293
					EFI_MEMORY_XP);

294
		if (status != EFI_SUCCESS)

295
			efi_warn("Failed to clear EFI_MEMORY_XP attribute\n");

296
		return status;

297
	}

298


299
	if (efi_dxe_table == NULL)

300
		return EFI_SUCCESS;

301


302
	/*

303
	 * Don't modify memory region attributes, they are

304
	 * already suitable, to lower the possibility to

305
	 * encounter firmware bugs.

306
	 */

307


308
	for (end = start + size; start < end; start = next) {

309


310
		status = efi_dxe_call(get_memory_space_descriptor, start, &desc);

311


312
		if (status != EFI_SUCCESS)

313
			break;

314


315
		next = desc.base_address + desc.length;

316


317
		/*

318
		 * Only system memory is suitable for trampoline/kernel image placement,

319
		 * so only this type of memory needs its attributes to be modified.

320
		 */

321


322
		if (desc.gcd_memory_type != EfiGcdMemoryTypeSystemMemory ||

323
		    (desc.attributes & (EFI_MEMORY_RO | EFI_MEMORY_XP)) == 0)

324
			continue;

325


326
		unprotect_start = max(rounded_start, (unsigned long)desc.base_address);

327
		unprotect_size = min(rounded_end, next) - unprotect_start;

328


329
		status = efi_dxe_call(set_memory_space_attributes,

330
				      unprotect_start, unprotect_size,

331
				      EFI_MEMORY_WB);

332


333
		if (status != EFI_SUCCESS) {

334
			efi_warn("Unable to unprotect memory range [%08lx,%08lx]: %lx\n",

335
				 unprotect_start,

336
				 unprotect_start + unprotect_size,

337
				 status);

338
			break;

339
		}

340
	}

341
	return EFI_SUCCESS;

342
}

343


344
static void setup_unaccepted_memory(void)

345
{

346
	efi_guid_t mem_acceptance_proto = OVMF_SEV_MEMORY_ACCEPTANCE_PROTOCOL_GUID;

347
	sev_memory_acceptance_protocol_t *proto;

348
	efi_status_t status;

349


350
	if (!IS_ENABLED(CONFIG_UNACCEPTED_MEMORY))

351
		return;

352


353
	/*

354
	 * Enable unaccepted memory before calling exit boot services in order

355
	 * for the UEFI to not accept all memory on EBS.

356
	 */

357
	status = efi_bs_call(locate_protocol, &mem_acceptance_proto, NULL,

358
			     (void **)&proto);

359
	if (status != EFI_SUCCESS)

360
		return;

361


362
	status = efi_call_proto(proto, allow_unaccepted_memory);

363
	if (status != EFI_SUCCESS)

364
		efi_err("Memory acceptance protocol failed\n");

365
}

366


367
static efi_char16_t *efistub_fw_vendor(void)

368
{

369
	unsigned long vendor = efi_table_attr(efi_system_table, fw_vendor);

370


371
	return (efi_char16_t *)vendor;

372
}

373


374
static const efi_char16_t apple[] = L"Apple";

375


376
static void setup_quirks(struct boot_params *boot_params)

377
{

378
	if (!memcmp(efistub_fw_vendor(), apple, sizeof(apple))) {

379
		if (IS_ENABLED(CONFIG_APPLE_PROPERTIES))

380
			retrieve_apple_device_properties(boot_params);

381


382
		apple_set_os();

383
	}

384
}

385


386
static void setup_graphics(struct boot_params *boot_params)

387
{

388
	struct screen_info *si = memset(&boot_params->screen_info, 0, sizeof(*si));

389


390
	efi_setup_gop(si);

391
}

392


393
static void __noreturn efi_exit(efi_handle_t handle, efi_status_t status)

394
{

395
	efi_bs_call(exit, handle, status, 0, NULL);

396
	for(;;)

397
		asm("hlt");

398
}

399


400
/*

401
 * Because the x86 boot code expects to be passed a boot_params we

402
 * need to create one ourselves (usually the bootloader would create

403
 * one for us).

404
 */

405
static efi_status_t efi_allocate_bootparams(efi_handle_t handle,

406
					    struct boot_params **bp)

407
{

408
	efi_guid_t proto = LOADED_IMAGE_PROTOCOL_GUID;

409
	struct boot_params *boot_params;

410
	struct setup_header *hdr;

411
	efi_status_t status;

412
	unsigned long alloc;

413
	char *cmdline_ptr;

414


415
	status = efi_bs_call(handle_protocol, handle, &proto, (void **)&image);

416
	if (status != EFI_SUCCESS) {

417
		efi_err("Failed to get handle for LOADED_IMAGE_PROTOCOL\n");

418
		return status;

419
	}

420


421
	status = efi_allocate_pages(PARAM_SIZE, &alloc, ULONG_MAX);

422
	if (status != EFI_SUCCESS)

423
		return status;

424


425
	boot_params = memset((void *)alloc, 0x0, PARAM_SIZE);

426
	hdr	    = &boot_params->hdr;

427


428
	/* Assign the setup_header fields that the kernel actually cares about */

429
	hdr->root_flags	= 1;

430
	hdr->vid_mode	= 0xffff;

431


432
	hdr->type_of_loader = 0x21;

433
	hdr->initrd_addr_max = INT_MAX;

434


435
	/* Convert unicode cmdline to ascii */

436
	cmdline_ptr = efi_convert_cmdline(image);

437
	if (!cmdline_ptr) {

438
		efi_free(PARAM_SIZE, alloc);

439
		return EFI_OUT_OF_RESOURCES;

440
	}

441


442
	efi_set_u64_split((unsigned long)cmdline_ptr, &hdr->cmd_line_ptr,

443
			  &boot_params->ext_cmd_line_ptr);

444


445
	*bp = boot_params;

446
	return EFI_SUCCESS;

447
}

448


449
static void add_e820ext(struct boot_params *params,

450
			struct setup_data *e820ext, u32 nr_entries)

451
{

452
	struct setup_data *data;

453


454
	e820ext->type = SETUP_E820_EXT;

455
	e820ext->len  = nr_entries * sizeof(struct boot_e820_entry);

456
	e820ext->next = 0;

457


458
	data = (struct setup_data *)(unsigned long)params->hdr.setup_data;

459


460
	while (data && data->next)

461
		data = (struct setup_data *)(unsigned long)data->next;

462


463
	if (data)

464
		data->next = (unsigned long)e820ext;

465
	else

466
		params->hdr.setup_data = (unsigned long)e820ext;

467
}

468


469
static efi_status_t

470
setup_e820(struct boot_params *params, struct setup_data *e820ext, u32 e820ext_size)

471
{

472
	struct boot_e820_entry *entry = params->e820_table;

473
	struct efi_info *efi = &params->efi_info;

474
	struct boot_e820_entry *prev = NULL;

475
	u32 nr_entries;

476
	u32 nr_desc;

477
	int i;

478


479
	nr_entries = 0;

480
	nr_desc = efi->efi_memmap_size / efi->efi_memdesc_size;

481


482
	for (i = 0; i < nr_desc; i++) {

483
		efi_memory_desc_t *d;

484
		unsigned int e820_type = 0;

485
		unsigned long m = efi->efi_memmap;

486


487
#ifdef CONFIG_X86_64

488
		m |= (u64)efi->efi_memmap_hi << 32;

489
#endif

490


491
		d = efi_memdesc_ptr(m, efi->efi_memdesc_size, i);

492
		switch (d->type) {

493
		case EFI_RESERVED_TYPE:

494
		case EFI_RUNTIME_SERVICES_CODE:

495
		case EFI_RUNTIME_SERVICES_DATA:

496
		case EFI_MEMORY_MAPPED_IO:

497
		case EFI_MEMORY_MAPPED_IO_PORT_SPACE:

498
		case EFI_PAL_CODE:

499
			e820_type = E820_TYPE_RESERVED;

500
			break;

501


502
		case EFI_UNUSABLE_MEMORY:

503
			e820_type = E820_TYPE_UNUSABLE;

504
			break;

505


506
		case EFI_ACPI_RECLAIM_MEMORY:

507
			e820_type = E820_TYPE_ACPI;

508
			break;

509


510
		case EFI_LOADER_CODE:

511
		case EFI_LOADER_DATA:

512
		case EFI_BOOT_SERVICES_CODE:

513
		case EFI_BOOT_SERVICES_DATA:

514
		case EFI_CONVENTIONAL_MEMORY:

515
			if (efi_soft_reserve_enabled() &&

516
			    (d->attribute & EFI_MEMORY_SP))

517
				e820_type = E820_TYPE_SOFT_RESERVED;

518
			else

519
				e820_type = E820_TYPE_RAM;

520
			break;

521


522
		case EFI_ACPI_MEMORY_NVS:

523
			e820_type = E820_TYPE_NVS;

524
			break;

525


526
		case EFI_PERSISTENT_MEMORY:

527
			e820_type = E820_TYPE_PMEM;

528
			break;

529


530
		case EFI_UNACCEPTED_MEMORY:

531
			if (!IS_ENABLED(CONFIG_UNACCEPTED_MEMORY))

532
				continue;

533
			e820_type = E820_TYPE_RAM;

534
			process_unaccepted_memory(d->phys_addr,

535
						  d->phys_addr + PAGE_SIZE * d->num_pages);

536
			break;

537
		default:

538
			continue;

539
		}

540


541
		/* Merge adjacent mappings */

542
		if (prev && prev->type == e820_type &&

543
		    (prev->addr + prev->size) == d->phys_addr) {

544
			prev->size += d->num_pages << 12;

545
			continue;

546
		}

547


548
		if (nr_entries == ARRAY_SIZE(params->e820_table)) {

549
			u32 need = (nr_desc - i) * sizeof(struct e820_entry) +

550
				   sizeof(struct setup_data);

551


552
			if (!e820ext || e820ext_size < need)

553
				return EFI_BUFFER_TOO_SMALL;

554


555
			/* boot_params map full, switch to e820 extended */

556
			entry = (struct boot_e820_entry *)e820ext->data;

557
		}

558


559
		entry->addr = d->phys_addr;

560
		entry->size = d->num_pages << PAGE_SHIFT;

561
		entry->type = e820_type;

562
		prev = entry++;

563
		nr_entries++;

564
	}

565


566
	if (nr_entries > ARRAY_SIZE(params->e820_table)) {

567
		u32 nr_e820ext = nr_entries - ARRAY_SIZE(params->e820_table);

568


569
		add_e820ext(params, e820ext, nr_e820ext);

570
		nr_entries -= nr_e820ext;

571
	}

572


573
	params->e820_entries = (u8)nr_entries;

574


575
	return EFI_SUCCESS;

576
}

577


578
static efi_status_t alloc_e820ext(u32 nr_desc, struct setup_data **e820ext,

579
				  u32 *e820ext_size)

580
{

581
	efi_status_t status;

582
	unsigned long size;

583


584
	size = sizeof(struct setup_data) +

585
		sizeof(struct e820_entry) * nr_desc;

586


587
	if (*e820ext) {

588
		efi_bs_call(free_pool, *e820ext);

589
		*e820ext = NULL;

590
		*e820ext_size = 0;

591
	}

592


593
	status = efi_bs_call(allocate_pool, EFI_LOADER_DATA, size,

594
			     (void **)e820ext);

595
	if (status == EFI_SUCCESS)

596
		*e820ext_size = size;

597


598
	return status;

599
}

600


601
static efi_status_t allocate_e820(struct boot_params *params,

602
				  struct setup_data **e820ext,

603
				  u32 *e820ext_size)

604
{

605
	struct efi_boot_memmap *map __free(efi_pool) = NULL;

606
	efi_status_t status;

607
	__u32 nr_desc;

608


609
	status = efi_get_memory_map(&map, false);

610
	if (status != EFI_SUCCESS)

611
		return status;

612


613
	nr_desc = map->map_size / map->desc_size;

614
	if (nr_desc > ARRAY_SIZE(params->e820_table) - EFI_MMAP_NR_SLACK_SLOTS) {

615
		u32 nr_e820ext = nr_desc - ARRAY_SIZE(params->e820_table) +

616
				 EFI_MMAP_NR_SLACK_SLOTS;

617


618
		status = alloc_e820ext(nr_e820ext, e820ext, e820ext_size);

619
		if (status != EFI_SUCCESS)

620
			return status;

621
	}

622


623
	if (IS_ENABLED(CONFIG_UNACCEPTED_MEMORY))

624
		return allocate_unaccepted_bitmap(nr_desc, map);

625


626
	return EFI_SUCCESS;

627
}

628


629
struct exit_boot_struct {

630
	struct boot_params	*boot_params;

631
	struct efi_info		*efi;

632
};

633


634
static efi_status_t exit_boot_func(struct efi_boot_memmap *map,

635
				   void *priv)

636
{

637
	const char *signature;

638
	struct exit_boot_struct *p = priv;

639


640
	signature = efi_is_64bit() ? EFI64_LOADER_SIGNATURE

641
				   : EFI32_LOADER_SIGNATURE;

642
	memcpy(&p->efi->efi_loader_signature, signature, sizeof(__u32));

643


644
	efi_set_u64_split((unsigned long)efi_system_table,

645
			  &p->efi->efi_systab, &p->efi->efi_systab_hi);

646
	p->efi->efi_memdesc_size	= map->desc_size;

647
	p->efi->efi_memdesc_version	= map->desc_ver;

648
	efi_set_u64_split((unsigned long)map->map,

649
			  &p->efi->efi_memmap, &p->efi->efi_memmap_hi);

650
	p->efi->efi_memmap_size		= map->map_size;

651


652
	return EFI_SUCCESS;

653
}

654


655
static efi_status_t exit_boot(struct boot_params *boot_params, void *handle)

656
{

657
	struct setup_data *e820ext = NULL;

658
	__u32 e820ext_size = 0;

659
	efi_status_t status;

660
	struct exit_boot_struct priv;

661


662
	priv.boot_params	= boot_params;

663
	priv.efi		= &boot_params->efi_info;

664


665
	status = allocate_e820(boot_params, &e820ext, &e820ext_size);

666
	if (status != EFI_SUCCESS)

667
		return status;

668


669
	/* Might as well exit boot services now */

670
	status = efi_exit_boot_services(handle, &priv, exit_boot_func);

671
	if (status != EFI_SUCCESS)

672
		return status;

673


674
	/* Historic? */

675
	boot_params->alt_mem_k	= 32 * 1024;

676


677
	status = setup_e820(boot_params, e820ext, e820ext_size);

678
	if (status != EFI_SUCCESS)

679
		return status;

680


681
	return EFI_SUCCESS;

682
}

683


684
static bool have_unsupported_snp_features(void)

685
{

686
	u64 unsupported;

687


688
	unsupported = snp_get_unsupported_features(sev_get_status());

689
	if (unsupported) {

690
		efi_err("Unsupported SEV-SNP features detected: 0x%llx\n",

691
			unsupported);

692
		return true;

693
	}

694
	return false;

695
}

696


697
static void efi_get_seed(void *seed, int size)

698
{

699
	efi_get_random_bytes(size, seed);

700


701
	/*

702
	 * This only updates seed[0] when running on 32-bit, but in that case,

703
	 * seed[1] is not used anyway, as there is no virtual KASLR on 32-bit.

704
	 */

705
	*(unsigned long *)seed ^= kaslr_get_random_long("EFI");

706
}

707


708
static void error(char *str)

709
{

710
	efi_warn("Decompression failed: %s\n", str);

711
}

712


713
static const char *cmdline_memmap_override;

714


715
static efi_status_t parse_options(const char *cmdline)

716
{

717
	static const char opts[][14] = {

718
		"mem=", "memmap=", "hugepages="

719
	};

720


721
	for (int i = 0; i < ARRAY_SIZE(opts); i++) {

722
		const char *p = strstr(cmdline, opts[i]);

723


724
		if (p == cmdline || (p > cmdline && isspace(p[-1]))) {

725
			cmdline_memmap_override = opts[i];

726
			break;

727
		}

728
	}

729


730
	return efi_parse_options(cmdline);

731
}

732


733
static efi_status_t efi_decompress_kernel(unsigned long *kernel_entry,

734
					  struct boot_params *boot_params)

735
{

736
	unsigned long virt_addr = LOAD_PHYSICAL_ADDR;

737
	unsigned long addr, alloc_size, entry;

738
	efi_status_t status;

739
	u32 seed[2] = {};

740


741
	boot_params_ptr	= boot_params;

742


743
	/* determine the required size of the allocation */

744
	alloc_size = ALIGN(max_t(unsigned long, output_len, kernel_total_size),

745
			   MIN_KERNEL_ALIGN);

746


747
	if (IS_ENABLED(CONFIG_RANDOMIZE_BASE) && !efi_nokaslr) {

748
		u64 range = KERNEL_IMAGE_SIZE - LOAD_PHYSICAL_ADDR - kernel_total_size;

749
		static const efi_char16_t ami[] = L"American Megatrends";

750


751
		efi_get_seed(seed, sizeof(seed));

752


753
		virt_addr += (range * seed[1]) >> 32;

754
		virt_addr &= ~(CONFIG_PHYSICAL_ALIGN - 1);

755


756
		/*

757
		 * Older Dell systems with AMI UEFI firmware v2.0 may hang

758
		 * while decompressing the kernel if physical address

759
		 * randomization is enabled.

760
		 *

761
		 * https://bugzilla.kernel.org/show_bug.cgi?id=218173

762
		 */

763
		if (efi_system_table->hdr.revision <= EFI_2_00_SYSTEM_TABLE_REVISION &&

764
		    !memcmp(efistub_fw_vendor(), ami, sizeof(ami))) {

765
			efi_debug("AMI firmware v2.0 or older detected - disabling physical KASLR\n");

766
			seed[0] = 0;

767
		} else if (cmdline_memmap_override) {

768
			efi_info("%s detected on the kernel command line - disabling physical KASLR\n",

769
				 cmdline_memmap_override);

770
			seed[0] = 0;

771
		}

772


773
		boot_params->hdr.loadflags |= KASLR_FLAG;

774
	}

775


776
	status = efi_random_alloc(alloc_size, CONFIG_PHYSICAL_ALIGN, &addr,

777
				  seed[0], EFI_LOADER_CODE,

778
				  LOAD_PHYSICAL_ADDR,

779
				  EFI_X86_KERNEL_ALLOC_LIMIT);

780
	if (status != EFI_SUCCESS)

781
		return status;

782


783
	entry = decompress_kernel((void *)addr, virt_addr, error);

784
	if (entry == ULONG_MAX) {

785
		efi_free(alloc_size, addr);

786
		return EFI_LOAD_ERROR;

787
	}

788


789
	*kernel_entry = addr + entry;

790


791
	return efi_adjust_memory_range_protection(addr, kernel_text_size);

792
}

793


794
static void __noreturn enter_kernel(unsigned long kernel_addr,

795
				    struct boot_params *boot_params)

796
{

797
	/* enter decompressed kernel with boot_params pointer in RSI/ESI */

798
	asm("jmp *%0"::"r"(kernel_addr), "S"(boot_params));

799


800
	unreachable();

801
}

802


803
/*

804
 * On success, this routine will jump to the relocated image directly and never

805
 * return.  On failure, it will exit to the firmware via efi_exit() instead of

806
 * returning.

807
 */

808
void __noreturn efi_stub_entry(efi_handle_t handle,

809
			       efi_system_table_t *sys_table_arg,

810
			       struct boot_params *boot_params)

811


812
{

813
	efi_guid_t guid = EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID;

814
	const struct linux_efi_initrd *initrd = NULL;

815
	unsigned long kernel_entry;

816
	struct setup_header *hdr;

817
	efi_status_t status;

818


819
	efi_system_table = sys_table_arg;

820
	/* Check if we were booted by the EFI firmware */

821
	if (efi_system_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE)

822
		efi_exit(handle, EFI_INVALID_PARAMETER);

823


824
	if (!IS_ENABLED(CONFIG_EFI_HANDOVER_PROTOCOL) || !boot_params) {

825
		status = efi_allocate_bootparams(handle, &boot_params);

826
		if (status != EFI_SUCCESS)

827
			efi_exit(handle, status);

828
	}

829


830
	hdr = &boot_params->hdr;

831


832
	if (have_unsupported_snp_features())

833
		efi_exit(handle, EFI_UNSUPPORTED);

834


835
	if (IS_ENABLED(CONFIG_EFI_DXE_MEM_ATTRIBUTES)) {

836
		efi_dxe_table = get_efi_config_table(EFI_DXE_SERVICES_TABLE_GUID);

837
		if (efi_dxe_table &&

838
		    efi_dxe_table->hdr.signature != EFI_DXE_SERVICES_TABLE_SIGNATURE) {

839
			efi_warn("Ignoring DXE services table: invalid signature\n");

840
			efi_dxe_table = NULL;

841
		}

842
	}

843


844
	/* grab the memory attributes protocol if it exists */

845
	efi_bs_call(locate_protocol, &guid, NULL, (void **)&memattr);

846


847
	status = efi_setup_5level_paging();

848
	if (status != EFI_SUCCESS) {

849
		efi_err("efi_setup_5level_paging() failed!\n");

850
		goto fail;

851
	}

852


853
#ifdef CONFIG_CMDLINE_BOOL

854
	status = parse_options(CONFIG_CMDLINE);

855
	if (status != EFI_SUCCESS) {

856
		efi_err("Failed to parse options\n");

857
		goto fail;

858
	}

859
#endif

860
	if (!IS_ENABLED(CONFIG_CMDLINE_OVERRIDE)) {

861
		unsigned long cmdline_paddr = ((u64)hdr->cmd_line_ptr |

862
					       ((u64)boot_params->ext_cmd_line_ptr << 32));

863
		status = parse_options((char *)cmdline_paddr);

864
		if (status != EFI_SUCCESS) {

865
			efi_err("Failed to parse options\n");

866
			goto fail;

867
		}

868
	}

869


870
	if (efi_mem_encrypt > 0)

871
		hdr->xloadflags |= XLF_MEM_ENCRYPTION;

872


873
	status = efi_decompress_kernel(&kernel_entry, boot_params);

874
	if (status != EFI_SUCCESS) {

875
		efi_err("Failed to decompress kernel\n");

876
		goto fail;

877
	}

878


879
	/*

880
	 * At this point, an initrd may already have been loaded by the

881
	 * bootloader and passed via bootparams. We permit an initrd loaded

882
	 * from the LINUX_EFI_INITRD_MEDIA_GUID device path to supersede it.

883
	 *

884
	 * If the device path is not present, any command-line initrd=

885
	 * arguments will be processed only if image is not NULL, which will be

886
	 * the case only if we were loaded via the PE entry point.

887
	 */

888
	status = efi_load_initrd(image, hdr->initrd_addr_max, ULONG_MAX,

889
				 &initrd);

890
	if (status != EFI_SUCCESS)

891
		goto fail;

892
	if (initrd && initrd->size > 0) {

893
		efi_set_u64_split(initrd->base, &hdr->ramdisk_image,

894
				  &boot_params->ext_ramdisk_image);

895
		efi_set_u64_split(initrd->size, &hdr->ramdisk_size,

896
				  &boot_params->ext_ramdisk_size);

897
	}

898


899


900
	/*

901
	 * If the boot loader gave us a value for secure_boot then we use that,

902
	 * otherwise we ask the BIOS.

903
	 */

904
	if (boot_params->secure_boot == efi_secureboot_mode_unset)

905
		boot_params->secure_boot = efi_get_secureboot();

906


907
	/* Ask the firmware to clear memory on unclean shutdown */

908
	efi_enable_reset_attack_mitigation();

909


910
	efi_random_get_seed();

911


912
	efi_retrieve_eventlog();

913


914
	setup_graphics(boot_params);

915


916
	setup_efi_pci(boot_params);

917


918
	setup_quirks(boot_params);

919


920
	setup_unaccepted_memory();

921


922
	status = exit_boot(boot_params, handle);

923
	if (status != EFI_SUCCESS) {

924
		efi_err("exit_boot() failed!\n");

925
		goto fail;

926
	}

927


928
	/*

929
	 * Call the SEV init code while still running with the firmware's

930
	 * GDT/IDT, so #VC exceptions will be handled by EFI.

931
	 */

932
	sev_enable(boot_params);

933


934
	efi_5level_switch();

935


936
	enter_kernel(kernel_entry, boot_params);

937
fail:

938
	efi_err("efi_stub_entry() failed!\n");

939


940
	efi_exit(handle, status);

941
}

942


943
efi_status_t __efiapi efi_pe_entry(efi_handle_t handle,

944
				   efi_system_table_t *sys_table_arg)

945
{

946
	efi_stub_entry(handle, sys_table_arg, NULL);

947
}

948


949
#ifdef CONFIG_EFI_HANDOVER_PROTOCOL

950
void efi_handover_entry(efi_handle_t handle, efi_system_table_t *sys_table_arg,

951
			struct boot_params *boot_params)

952
{

953
	memset(_bss, 0, _ebss - _bss);

954
	efi_stub_entry(handle, sys_table_arg, boot_params);

955
}

956


957
#ifndef CONFIG_EFI_MIXED

958
extern __alias(efi_handover_entry)

959
void efi32_stub_entry(efi_handle_t handle, efi_system_table_t *sys_table_arg,

960
		      struct boot_params *boot_params);

961


962
extern __alias(efi_handover_entry)

963
void efi64_stub_entry(efi_handle_t handle, efi_system_table_t *sys_table_arg,

964
		      struct boot_params *boot_params);

965
#endif

966
#endif

967


968