Resetting the luv-yocto master branch
by Matt Fleming
Folks,
Based on the recent discussions we've had on this mailing list,
https://lists.01.org/pipermail/luv/2015-January/000265.html
and the pain points experienced in moving from Dora to Dizzy, I think
it's best if we move to a release process that more closely matches
upstream Yocto Project and OE-core, where we fork a branch every time
a new release is created in upstream Yocto Project.
So, once v1.2 drops (week of 23rd March) I plan on moving the 'master'
branch of the luv-yocto repository to point at the 'master' branch of
Poky. The benefits are discussed in the thread referenced above but
mainly it allows us to pull new changes from upstream much sooner.
What this will mean is that after the v1.2 tag is created you'll see
something like the following when fetching updates,
$ git fetch
remote: Counting objects: 12698, done.
remote: Compressing objects: 100% (2537/2537), done.
remote: Total 10416 (delta 7720), reused 10409 (delta 7713)
Receiving objects: 100% (10416/10416), 2.60 MiB | 0 bytes/s, done.
Resolving deltas: 100% (7720/7720), completed with 879 local objects.
From /home/foobar/luv-yocto
+ fd8d0b4...dda70ca master -> origin/master (forced update)
and a git pull will fail with a whole bunch of conflicts, because git
can't do a simple merge.
If you don't have any changes on your master branch the easiest way to
get upto date is to do,
$ git reset --hard origin/master
However, if you do have updates, before you do the reset you must save
them either by creating patches or stashing your changes.
Do not merge your old branches into the new master branch, the resulting
history will be an abomination, and explicitly contradicts what I'm
trying to do here - make it possible to merge upstream without causing
huge amounts of conflicts.
The old tip of the master branch will always be accessible with the
'v1.2' tag, so it's not like the history is going to be lost in any way.
Let me know if you have any questions.
--
Matt Fleming, Intel Open Source Technology Center
7 years
- 1
- 1
[PATCH] luv-test-manager: Add luv.halt cmdline option for powering off
by Matt Fleming
From: Matt Fleming <matt.fleming(a)intel.com>
When running automated tests it's super handy to be able to power off
the machine once the tests have completed. This signals to any
monitoring processes/machines that results are ready to be inspected.
If you've got a smart PDU you should be able to query it for the
machine's status to know when it's off, but a poor man's solution would
be to ping the machine and wait a couple of seconds extra once it
disappears from the network.
Signed-off-by: Matt Fleming <matt.fleming(a)intel.com>
---
meta-luv/recipes-core/initscripts/initscripts/luv-test-manager | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/meta-luv/recipes-core/initscripts/initscripts/luv-test-manager b/meta-luv/recipes-core/initscripts/initscripts/luv-test-manager
index e5de98d..983ce4e 100644
--- a/meta-luv/recipes-core/initscripts/initscripts/luv-test-manager
+++ b/meta-luv/recipes-core/initscripts/initscripts/luv-test-manager
@@ -136,3 +136,8 @@ fi
umount -l /mnt/.psplash
}
+
+grep -q luv.halt /proc/cmdline
+if [ $? -ne 1 ]; then
+ halt -p
+fi
--
2.1.0
7 years, 1 month
- 2
- 2
[LuvOS][FWTS][uefirtauthvar] Test case 12 passed even if UEFI doesn't support authenticated variable
by Heyi Guo
Hi all,
Test case 12 of uefiauthvar will pass even if UEFI doesn't support
authenticated variable, while all other cases in this suite will be
skipped.
Test case 12 is to test invalid parameter processing of auth var,
however, if UEFI doesn't support auth var, it will always return
invalid parameter.
Below is the log:
uefirtauthvar ;INF Test 11 of 13: Authenticated variable test with invalid
uefirtauthvar ;INF attributes.
uefirtauthvar ;INF Return status: EFI_INVALID_PARAMETER. A parameter was
uefirtauthvar ;INF incorrect.
uefirtauthvar ;INF Test 12 of 13: Test with both authenticated attributes are
uefirtauthvar ;INF set.
uefirtauthvar ;INF Test 13 of 13: Set and delete authenticated variable created
uefirtauthvar ;INF by different key test.
uefirtauthvar ;INF Return status: EFI_INVALID_PARAMETER. A parameter was
uefirtauthvar ;INF incorrect.
uefirtauthvar ;SUM 1 passed, 0 failed, 0 warning, 0 aborted, 12 skipped, 0 info
uefirtauthvar ;SUM only.
I think it is more reasonable to have a basic test before any further
test to make sure UEFI supports auth var, otherwise all test cases
should be skipped. Test 12 being passed is a little confusing.
Thanks.
Heyi Guo
7 years, 1 month
- 3
- 4
Linux UEFI Validation Project v1.2 release
by Matt Fleming
Folks,
The final v1.2 release is now out and available at the usual location,
https://download.01.org/linux-uefi-validation/v1.2/luv-live-v1.2.tar.bz2
The big ticket items in this release are the introduction of arm64
support thanks to Naresh Bhat, and Secure Boot support from Ricardo
Neri. With Secure Boot enabled, you'll be dropped into MokManager the
first time you boot and will need to install LUV.cer from the USB drive.
Reminder: We will be switching the 'master' branch to follow upstream
poky more closely now as described in the following thread,
https://lists.01.org/pipermail/luv/2015-February/000317.html
Shortlog from v1.2-rc4 appeneded below.
Matt Fleming (2):
grub-efi: implement an UEFI Exit service for shim in grub
LUV v1.2
Naresh Bhat (9):
aarch64: Add genericarmv8 machine configuration file
leg-kernel: Update leg kernel config
fwts : Upgrade to version 15.03.00
luv-efi: Define bootimg dependency
bootimg: Add support to install Image
syslinux: Remove bootimg dependency on aarch64
bootimg: Skip iso image build on aarch64
grub: Update grub git recipe
grub-efi: Impliment switch case to install GRUB_IMAGE
Ricardo Neri (11):
sbsigntool: inherit from autotools-brokensep
sbsigntool: make the source directory explicit when patching
shim-signed: add recipe for shim-signed
luv-live-image: make the limage depend on signed-shim
luv-efi: install components for secure boot
grub-efi: add header structures for TE and DOS executables
grub-efi: add needed data structures for shim
grub-efi: chainloader: port shim to grub
grub-efi: use shim to load and verify an image
grub-efi: boot the image using shim
grub-efi: take care of unload undershim
--
Matt Fleming, Intel Open Source Technology Center
7 years, 1 month
- 1
- 0
[PATCH 00/12] Add support for UEFI Secure Boot
by Ricardo Neri
Secure boot is a UEFI firmware feature that prevents the execution of
unsigned code prior to the execution of the operating system. At the
start of the execution cycle, the firmware verifies that the binary
intended to be executed is signed with any of the x509 certificates of
which the firmware is aware. If the binary is allowed to run, it is
the responsability of such binary to make sure that subsequent executable
code is also trusted.
In this implementation, the shim loader by Matthew Garret is used
(https://github.com/rhinstaller/shim). The binary form of the shim is
certified to be signed by the UEFI certification authority. Thus, it will
be able to run without changes to the firmware. Then, shim loads the grub
booloader that has been signed with LUV keys. For this to work, a human needs
to add the LUV x509 certificate (included in the bootable media) to database
that shim maintains (a.k.a., machine owner keys).
This work also includes a port to grub of the mechanism that shim uses
to verify, relocate and execute trusted binaries. This is needed as in the
case of x86, the test suite BITS is executed as another grub bootloader
that is chainloaded from the initial grub.
Finally, this work also includes recipes to generate the key and certificate
to sign the LUV and BITS bootloader... and of course sign the relevant
binaries.
At the moment, only x86_64 is supported.
Thanks and BR,
Ricardo
Matt Fleming (1):
grub-efi: implement an UEFI Exit service for shim in grub
Ricardo Neri (11):
sbsigntool: inherit from autotools-brokensep
sbsigntool: make the source directory explicit when patching
shim-signed: add recipe for shim-signed
luv-live-image: make the limage depend on signed-shim
luv-efi: install components for secure boot
grub-efi: add header structures for TE and DOS executables
grub-efi: add needed data structures for shim
grub-efi: chainloader: port shim to grub
grub-efi: use shim to load and verify an image
grub-efi: boot the image using shim
grub-efi: take care of unload undershim
meta-luv/classes/luv-efi.bbclass | 38 +-
meta-luv/recipes-bsp/shim-signed/shim-signed.bb | 52 ++
meta-luv/recipes-core/images/luv-live-image.bb | 4 +-
.../recipes-devtools/sbsigntool/sbsigntool_git.bb | 4 +-
...header-structures-for-TE-and-DOS-executab.patch | 65 +++
.../0002-shim-add-needed-data-structures.patch | 159 ++++++
...ader-implement-an-UEFI-Exit-service-for-s.patch | 79 +++
.../0004-efi-chainloader-port-shim-to-grub.patch | 580 +++++++++++++++++++++
...ader-use-shim-to-load-and-verify-an-image.patch | 96 ++++
...efi-chainloader-boot-the-image-using-shim.patch | 61 +++
...chainloader-take-care-of-unload-undershim.patch | 41 ++
meta/recipes-bsp/grub/grub-efi_2.00.bb | 7 +
12 files changed, 1182 insertions(+), 4 deletions(-)
create mode 100644 meta-luv/recipes-bsp/shim-signed/shim-signed.bb
create mode 100644 meta/recipes-bsp/grub/files/0001-pe32.h-add-header-structures-for-TE-and-DOS-executab.patch
create mode 100644 meta/recipes-bsp/grub/files/0002-shim-add-needed-data-structures.patch
create mode 100644 meta/recipes-bsp/grub/files/0003-efi-chainloader-implement-an-UEFI-Exit-service-for-s.patch
create mode 100644 meta/recipes-bsp/grub/files/0004-efi-chainloader-port-shim-to-grub.patch
create mode 100644 meta/recipes-bsp/grub/files/0005-efi-chainloader-use-shim-to-load-and-verify-an-image.patch
create mode 100644 meta/recipes-bsp/grub/files/0006-efi-chainloader-boot-the-image-using-shim.patch
create mode 100644 meta/recipes-bsp/grub/files/0007-efi-chainloader-take-care-of-unload-undershim.patch
--
1.9.1
7 years, 1 month
- 1
- 12
[v4 PATCH 0/9] luvOS support for ARM64
by Naresh Bhat
A set of patches which will help to build and run luvOS distribution for aarch64 architecture.
With this set you can build and run the luvOS distribution for genericarmv8 machine.
I have verified the luvOS distribution on ARM64 FVP base model.
The flow of luvOS distribution on arm64 architecture
<boot> -> <upstream GRUB> -> leg-kernel with ACPI support -> efivarfs -> fwts -> kernel-efi-warnings -> <DONE>
Instructions and logs visit
Linaro wiki - https://wiki.linaro.org/LEG/Engineering/luvOS
Git repository - https://git.linaro.org/people/naresh.bhat/luvOS/luv-yocto.git
Changes since V0:[RFC series]
- Add all the comments from Matt Fleming on RFC series
- Rebase all patches on top of v1.2-rc3-dizzy
- cherry pick few patches from upstream
- Drop all the unnecessary aarch64 patches
Changes since V1:[series]
- Rebase all patches on top of v1.2-rc4
- Modify grub_git.bb recipe so that it can be built for both native and non-native architecture
- Update leg-kernel defconfig file
- Skip syslinux package for aarch64 build
- Skip ISO image build for aarch64
- Address Matt Fleming comments on bootimg bbclass. Modify the class to support aarch64/x86_64/i386 architecture
- Update FWTS version to 15.01.00
- Define bootimg dependency in luv-efi bbclass for aarch64 (i.e. grub)
Changes since V2:[series]
- Add more description on patches.
- Include changes suggested by Graeme, Matt Fleming, Bernhard Reutner-Fischer and Burton Ross on grub_git.bb
- Update FWTS version 15.03.00
Changes since V3:[series]
- Include "install -D" change to cut down the fork as suggested on openembedded-core developer mailing list
- Update FWTS along with fix for broken aarch64 architecture
- Update grub_git.bb recipe with changes suggested on openembedded-core developer mailing list
- Include NOISO_aarch64 = "1" change in bootimg.bbclass
- Impliment switch case to install grub image in grub-efi.bbclass
Naresh Bhat (9):
aarch64: Add genericarmv8 machine configuration file
leg-kernel: Update leg kernel config
fwts : Upgrade to version 15.03.00
luv-efi: Define bootimg dependency
bootimg: Add support to install Image
syslinux: Remove bootimg dependency on aarch64
bootimg: Skip iso image build on aarch64
grub: Update grub git recipe
grub-efi: Impliment switch case to install GRUB_IMAGE
meta-luv/classes/luv-efi.bbclass | 11 +-
...01-efi_runtime-Set-default-value-for-KVER.patch | 27 -
...-ensure-we-don-t-allocate-a-zero-byte-buf.patch | 37 +
...-Refactor-ioctl-code-into-helper-function.patch | 506 -------
...-Group-kernel-version-dependent-functions.patch | 99 --
...me-Do-not-pass-user-addresses-to-firmware.patch | 374 -----
...fi_runtime-donot-dereference-user-address.patch | 444 ------
...de-remove-failures-when-kernel-does-not-h.patch | 40 -
...ert-report-info-instead-of-failure-for-mi.patch | 68 -
...runtime-Don-t-use-get_user-on-non-pointer.patch | 34 -
...-limit-the-amount-of-data-copied-to-users.patch | 95 --
...-get_nextvariable-copy-only-the-needed-na.patch | 41 -
...able-allow-large-sizes-for-variable-names.patch | 245 ----
meta-luv/recipes-core/fwts/fwts_git.bb | 22 +-
meta-luv/recipes-kernel/linux/leg-kernel/defconfig | 1510 ++++++++++++++------
meta/classes/bootimg.bbclass | 12 +-
meta/classes/grub-efi.bbclass | 20 +-
meta/classes/syslinux.bbclass | 5 +-
meta/conf/machine/genericarmv8.conf | 16 +
meta/conf/machine/genericarmv8b.conf | 6 +
meta/conf/machine/include/arm64/arch-armv8.inc | 20 +
meta/recipes-bsp/grub/grub_git.bb | 48 +-
22 files changed, 1261 insertions(+), 2419 deletions(-)
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0001-efi_runtime-Set-default-value-for-KVER.patch
create mode 100644 meta-luv/recipes-core/fwts/fwts/0001-efi_runtime-ensure-we-don-t-allocate-a-zero-byte-buf.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0002-efi_runtime-Refactor-ioctl-code-into-helper-function.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0003-efi_runtime-Group-kernel-version-dependent-functions.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0004-efi_runtime-Do-not-pass-user-addresses-to-firmware.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0005-efi_runtime-donot-dereference-user-address.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0006-cpu-microcode-remove-failures-when-kernel-does-not-h.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0007-securebootcert-report-info-instead-of-failure-for-mi.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0008-efi_runtime-Don-t-use-get_user-on-non-pointer.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0009-efi_runtime-limit-the-amount-of-data-copied-to-users.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0010-efi_runtime-get_nextvariable-copy-only-the-needed-na.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0011-uefirtvariable-allow-large-sizes-for-variable-names.patch
create mode 100644 meta/conf/machine/genericarmv8.conf
create mode 100644 meta/conf/machine/genericarmv8b.conf
create mode 100644 meta/conf/machine/include/arm64/arch-armv8.inc
--
1.7.9.5
7 years, 1 month
- 2
- 10
[PATCH 6/9] syslinux: Remove bootimg dependency on aarch64
by Naresh Bhat
Remove the bootimg dependency as syslinux for aarch64. The reason to skip the syslinux package
- syslinux package contains x86 assembly code. Hence it cannot be compiled on aarch64.
- There is no BIOS on aarch64 to answer syscalls.
Signed-off-by: Naresh Bhat <naresh.bhat(a)linaro.org>
---
meta/classes/syslinux.bbclass | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/meta/classes/syslinux.bbclass b/meta/classes/syslinux.bbclass
index d6498d9..7bd8fed 100644
--- a/meta/classes/syslinux.bbclass
+++ b/meta/classes/syslinux.bbclass
@@ -17,7 +17,15 @@
# ${SYSLINUX_SERIAL_TTY} - Set alternate console=tty... kernel boot argument
# ${SYSLINUX_KERNEL_ARGS} - Add additional kernel arguments
-do_bootimg[depends] += "${MLPREFIX}syslinux:do_populate_sysroot \
+def boot_image_depends(bb, d):
+ import re
+ deps = bb.data.getVar('TARGET_PREFIX', d, True)
+ if re.search("(x86_64|i.86).*",deps):
+ return "${MLPREFIX}syslinux:do_populate_sysroot"
+ if re.search("aarch64",deps):
+ return ""
+BIMGDEP = "${@boot_image_depends(bb, d)}"
+do_bootimg[depends] += "${BIMGDEP} \
syslinux-native:do_populate_sysroot"
SYSLINUXCFG = "${S}/syslinux.cfg"
--
1.7.9.5
7 years, 2 months
- 1
- 0
[PATCH 3/9] fwts : Upgrade to version 15.03.00
by Naresh Bhat
Upgrade fwts to version 15.03.00. Along with the latest patch
efi_runtime-ensure-we-don-t-allocate-a-zero-byte-buf.patch
This bug is being tracked on bugz
Ubuntu - https://bugs.launchpad.net/ubuntu/+source/fwts/+bug/1429890
Linaro - https://bugs.linaro.org/show_bug.cgi?id=1319
Remove all the other patches which are already upstreamed on FWTS.
Signed-off-by: Naresh Bhat <naresh.bhat(a)linaro.org>
---
...01-efi_runtime-Set-default-value-for-KVER.patch | 27 --
...-ensure-we-don-t-allocate-a-zero-byte-buf.patch | 37 ++
...-Refactor-ioctl-code-into-helper-function.patch | 506 --------------------
...-Group-kernel-version-dependent-functions.patch | 99 ----
...me-Do-not-pass-user-addresses-to-firmware.patch | 374 ---------------
...fi_runtime-donot-dereference-user-address.patch | 444 -----------------
...de-remove-failures-when-kernel-does-not-h.patch | 40 --
...ert-report-info-instead-of-failure-for-mi.patch | 68 ---
...runtime-Don-t-use-get_user-on-non-pointer.patch | 34 --
...-limit-the-amount-of-data-copied-to-users.patch | 95 ----
...-get_nextvariable-copy-only-the-needed-na.patch | 41 --
...able-allow-large-sizes-for-variable-names.patch | 245 ----------
meta-luv/recipes-core/fwts/fwts_git.bb | 22 +-
13 files changed, 44 insertions(+), 1988 deletions(-)
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0001-efi_runtime-Set-default-value-for-KVER.patch
create mode 100644 meta-luv/recipes-core/fwts/fwts/0001-efi_runtime-ensure-we-don-t-allocate-a-zero-byte-buf.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0002-efi_runtime-Refactor-ioctl-code-into-helper-function.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0003-efi_runtime-Group-kernel-version-dependent-functions.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0004-efi_runtime-Do-not-pass-user-addresses-to-firmware.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0005-efi_runtime-donot-dereference-user-address.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0006-cpu-microcode-remove-failures-when-kernel-does-not-h.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0007-securebootcert-report-info-instead-of-failure-for-mi.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0008-efi_runtime-Don-t-use-get_user-on-non-pointer.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0009-efi_runtime-limit-the-amount-of-data-copied-to-users.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0010-efi_runtime-get_nextvariable-copy-only-the-needed-na.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0011-uefirtvariable-allow-large-sizes-for-variable-names.patch
diff --git a/meta-luv/recipes-core/fwts/fwts/0001-efi_runtime-Set-default-value-for-KVER.patch b/meta-luv/recipes-core/fwts/fwts/0001-efi_runtime-Set-default-value-for-KVER.patch
deleted file mode 100644
index bbe37b4..0000000
--- a/meta-luv/recipes-core/fwts/fwts/0001-efi_runtime-Set-default-value-for-KVER.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 1cdc7e119a0137f5028614db3bcebb6063d1f72a Mon Sep 17 00:00:00 2001
-From: Matt Fleming <matt.fleming(a)intel.com>
-Date: Thu, 3 Apr 2014 09:51:23 +0100
-Subject: [PATCH 1/4] efi_runtime: Set default value for $KVER
-
-Instead of requiring a value to be specified for $KVER, we can set a
-default which will do the right thing in most cases, e.g. build the
-efi_runtime module against the running kernel.
-
-Cc: Borislav Petkov <bp(a)alien8.de>
-Signed-off-by: Matt Fleming <matt.fleming(a)intel.com>
----
- efi_runtime/Makefile | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/efi_runtime/Makefile b/efi_runtime/Makefile
-index a9c0ea7..b145502 100644
---- a/efi_runtime/Makefile
-+++ b/efi_runtime/Makefile
-@@ -1,3 +1,4 @@
-+KVER ?= `uname -r`
- obj-m += efi_runtime.o
- all:
- make -C /lib/modules/$(KVER)/build M=`pwd` modules
---
-1.7.11.7
-
diff --git a/meta-luv/recipes-core/fwts/fwts/0001-efi_runtime-ensure-we-don-t-allocate-a-zero-byte-buf.patch b/meta-luv/recipes-core/fwts/fwts/0001-efi_runtime-ensure-we-don-t-allocate-a-zero-byte-buf.patch
new file mode 100644
index 0000000..2720b76
--- /dev/null
+++ b/meta-luv/recipes-core/fwts/fwts/0001-efi_runtime-ensure-we-don-t-allocate-a-zero-byte-buf.patch
@@ -0,0 +1,37 @@
+From dfb828dca7e6f4f5fd47cc1a7509160b6668c8bc Mon Sep 17 00:00:00 2001
+From: Colin Ian King <colin.king(a)canonical.com>
+Date: Tue, 10 Mar 2015 16:46:38 +0000
+Subject: [PATCH] efi_runtime: ensure we don't allocate a zero byte buffer (LP:
+ #1429890)
+
+BugLink: https://bugs.linaro.org/show_bug.cgi?id=1319
+
+We are seeing kernel panics when the EFI userspace is exercising
+the efi runtime driver with a zero sized variable. The root cause
+is a zero byte kmalloc() which does not return zero and returns
+a buffer that we can't actually write into. For zero bytes, allocate
+1 byte buffer so we at least get a legitimate allocation of something.
+
+Signed-off-by: Colin Ian King <colin.king(a)canonical.com>
+Reviewed/Tested By: Naresh Bhat <naresh.bhat(a)linaro.org>
+---
+ efi_runtime/efi_runtime.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/efi_runtime/efi_runtime.c b/efi_runtime/efi_runtime.c
+index ff31685..f2ccd57 100644
+--- a/efi_runtime/efi_runtime.c
++++ b/efi_runtime/efi_runtime.c
+@@ -154,7 +154,8 @@ copy_ucs2_from_user_len(uint16_t **dst, uint16_t __user *src, size_t len)
+ if (!access_ok(VERIFY_READ, src, 1))
+ return -EFAULT;
+
+- *dst = kmalloc(len, GFP_KERNEL);
++ /* Ensure we don't kmalloc a zero byte buffer */
++ *dst = kmalloc(len ? len : len + 1, GFP_KERNEL);
+ if (!*dst)
+ return -ENOMEM;
+
+--
+2.1.4
+
diff --git a/meta-luv/recipes-core/fwts/fwts/0002-efi_runtime-Refactor-ioctl-code-into-helper-function.patch b/meta-luv/recipes-core/fwts/fwts/0002-efi_runtime-Refactor-ioctl-code-into-helper-function.patch
deleted file mode 100644
index 84e233a..0000000
--- a/meta-luv/recipes-core/fwts/fwts/0002-efi_runtime-Refactor-ioctl-code-into-helper-function.patch
+++ /dev/null
@@ -1,506 +0,0 @@
-From 8da10c8c9dec4f2a3725c301ebe623f67fdb8766 Mon Sep 17 00:00:00 2001
-From: Matt Fleming <matt.fleming(a)intel.com>
-Date: Thu, 3 Apr 2014 10:21:41 +0100
-Subject: [PATCH 2/4] efi_runtime: Refactor ioctl code into helper functions
-
-efi_runtime_ioctl() has grown to be fairly unwieldy because it includes
-all the data objects and logic in one place. Make use of helper
-functions for each of the ioctl commands to make the code easier to read
-and maintain.
-
-There is no intended change to functionality, just code movement.
-
-Signed-off-by: Matt Fleming <matt.fleming(a)intel.com>
----
- efi_runtime/efi_runtime.c | 419 +++++++++++++++++++++++++++-------------------
- 1 file changed, 246 insertions(+), 173 deletions(-)
-
-diff --git a/efi_runtime/efi_runtime.c b/efi_runtime/efi_runtime.c
-index db46f11..be1e20a 100644
---- a/efi_runtime/efi_runtime.c
-+++ b/efi_runtime/efi_runtime.c
-@@ -100,235 +100,308 @@ static void convert_to_guid(efi_guid_t *vendor, EFI_GUID *vendor_guid)
- vendor_guid->Data4[i] = vendor->b[i+8];
- }
-
--static long efi_runtime_ioctl(struct file *file, unsigned int cmd,
-- unsigned long arg)
-+static long efi_runtime_get_variable(unsigned long arg)
- {
-- efi_status_t status;
- struct efi_getvariable __user *pgetvariable;
-- struct efi_setvariable __user *psetvariable;
--
-- efi_guid_t vendor;
-- EFI_GUID vendor_guid;
- unsigned long datasize;
-+ EFI_GUID vendor_guid;
-+ efi_guid_t vendor;
-+ efi_status_t status;
- uint32_t attr;
-
-- efi_time_t eft;
-- efi_time_cap_t cap;
-- struct efi_gettime __user *pgettime;
-- struct efi_settime __user *psettime;
-+ pgetvariable = (struct efi_getvariable __user *)arg;
-+
-+ if (get_user(datasize, pgetvariable->DataSize) ||
-+ copy_from_user(&vendor_guid, pgetvariable->VendorGuid,
-+ sizeof(EFI_GUID)))
-+ return -EFAULT;
-+
-+ convert_from_guid(&vendor, &vendor_guid);
-+ status = efi.get_variable(pgetvariable->VariableName, &vendor,
-+ &attr, &datasize, pgetvariable->Data);
-+ if (put_user(status, pgetvariable->status))
-+ return -EFAULT;
-+ if (status == EFI_SUCCESS) {
-+ if (put_user(attr, pgetvariable->Attributes) ||
-+ put_user(datasize, pgetvariable->DataSize))
-+ return -EFAULT;
-+ return 0;
-+ } else {
-+ printk(KERN_ERR "efi_runtime: can't get variable\n");
-+ return -EINVAL;
-+ }
-
-- unsigned char enabled, pending;
-- EFI_TIME efi_time;
-- struct efi_getwakeuptime __user *pgetwakeuptime;
-- struct efi_setwakeuptime __user *psetwakeuptime;
-+ return 0;
-+}
-
-- struct efi_getnextvariablename __user *pgetnextvariablename;
-- unsigned long name_size;
-+static long efi_runtime_set_variable(unsigned long arg)
-+{
-+ struct efi_setvariable __user *psetvariable;
-+ unsigned long datasize;
-+ EFI_GUID vendor_guid;
-+ efi_guid_t vendor;
-+ efi_status_t status;
-+ uint32_t attr;
-
-- struct efi_getnexthighmonotoniccount __user *pgetnexthighmonotoniccount;
--#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,1,0)
-- struct efi_queryvariableinfo __user *pqueryvariableinfo;
-- struct efi_querycapsulecapabilities __user *pquerycapsulecapabilities;
--#endif
-+ psetvariable = (struct efi_setvariable __user *)arg;
-+ if (get_user(datasize, &psetvariable->DataSize) ||
-+ get_user(attr, &psetvariable->Attributes) ||
-+ copy_from_user(&vendor_guid, psetvariable->VendorGuid,
-+ sizeof(EFI_GUID)))
-+ return -EFAULT;
-
-- switch (cmd) {
-- case EFI_RUNTIME_GET_VARIABLE:
-- pgetvariable = (struct efi_getvariable __user *)arg;
-+ convert_from_guid(&vendor, &vendor_guid);
-+ status = efi.set_variable(psetvariable->VariableName, &vendor,
-+ attr, datasize, psetvariable->Data);
-
-- if (get_user(datasize, pgetvariable->DataSize) ||
-- copy_from_user(&vendor_guid, pgetvariable->VendorGuid,
-- sizeof(EFI_GUID)))
-- return -EFAULT;
-+ if (put_user(status, psetvariable->status))
-+ return -EFAULT;
-+ return status == EFI_SUCCESS ? 0 : -EINVAL;
-+}
-
-- convert_from_guid(&vendor, &vendor_guid);
-- status = efi.get_variable(pgetvariable->VariableName, &vendor,
-- &attr, &datasize, pgetvariable->Data);
-- if (put_user(status, pgetvariable->status))
-- return -EFAULT;
-- if (status == EFI_SUCCESS) {
-- if (put_user(attr, pgetvariable->Attributes) ||
-- put_user(datasize, pgetvariable->DataSize))
-- return -EFAULT;
-- return 0;
-- } else {
-- printk(KERN_ERR "efi_runtime: can't get variable\n");
-- return -EINVAL;
-- }
-+static long efi_runtime_get_time(unsigned long arg)
-+{
-+ struct efi_gettime __user *pgettime;
-+ efi_status_t status;
-+ efi_time_cap_t cap;
-+ efi_time_t eft;
-
-- case EFI_RUNTIME_SET_VARIABLE:
-- psetvariable = (struct efi_setvariable __user *)arg;
-- if (get_user(datasize, &psetvariable->DataSize) ||
-- get_user(attr, &psetvariable->Attributes) ||
-- copy_from_user(&vendor_guid, psetvariable->VendorGuid,
-- sizeof(EFI_GUID)))
-- return -EFAULT;
-+ status = efi.get_time(&eft, &cap);
-+ pgettime = (struct efi_gettime __user *)arg;
-+ if (put_user(status, pgettime->status))
-+ return -EFAULT;
-+ if (status != EFI_SUCCESS) {
-+ printk(KERN_ERR "efitime: can't read time\n");
-+ return -EINVAL;
-+ }
-+ if (put_user(cap.resolution,
-+ &pgettime->Capabilities->Resolution) ||
-+ put_user(cap.accuracy,
-+ &pgettime->Capabilities->Accuracy) ||
-+ put_user(cap.sets_to_zero,
-+ &pgettime->Capabilities->SetsToZero))
-+ return -EFAULT;
-+ return copy_to_user(pgettime->Time, &eft,
-+ sizeof(EFI_TIME)) ? -EFAULT : 0;
-+}
-
-- convert_from_guid(&vendor, &vendor_guid);
-- status = efi.set_variable(psetvariable->VariableName, &vendor,
-- attr, datasize, psetvariable->Data);
-+static long efi_runtime_set_time(unsigned long arg)
-+{
-+ struct efi_settime __user *psettime;
-+ efi_status_t status;
-+ EFI_TIME efi_time;
-+ efi_time_t eft;
-
-- if (put_user(status, psetvariable->status))
-- return -EFAULT;
-- return status == EFI_SUCCESS ? 0 : -EINVAL;
-+ psettime = (struct efi_settime __user *)arg;
-+ if (copy_from_user(&efi_time, psettime->Time,
-+ sizeof(EFI_TIME)))
-+ return -EFAULT;
-+ convert_to_efi_time(&eft, &efi_time);
-+ status = efi.set_time(&eft);
-
-- case EFI_RUNTIME_GET_TIME:
-- status = efi.get_time(&eft, &cap);
-- pgettime = (struct efi_gettime __user *)arg;
-- if (put_user(status, pgettime->status))
-- return -EFAULT;
-- if (status != EFI_SUCCESS) {
-- printk(KERN_ERR "efitime: can't read time\n");
-- return -EINVAL;
-- }
-- if (put_user(cap.resolution,
-- &pgettime->Capabilities->Resolution) ||
-- put_user(cap.accuracy,
-- &pgettime->Capabilities->Accuracy) ||
-- put_user(cap.sets_to_zero,
-- &pgettime->Capabilities->SetsToZero))
-- return -EFAULT;
-- return copy_to_user(pgettime->Time, &eft,
-- sizeof(EFI_TIME)) ? -EFAULT : 0;
-+ if (put_user(status, psettime->status))
-+ return -EFAULT;
-
-- case EFI_RUNTIME_SET_TIME:
-+ return status == EFI_SUCCESS ? 0 : -EINVAL;
-+}
-
-- psettime = (struct efi_settime __user *)arg;
-- if (copy_from_user(&efi_time, psettime->Time,
-- sizeof(EFI_TIME)))
-- return -EFAULT;
-- convert_to_efi_time(&eft, &efi_time);
-- status = efi.set_time(&eft);
-+static long efi_runtime_get_waketime(unsigned long arg)
-+{
-+ struct efi_getwakeuptime __user *pgetwakeuptime;
-+ unsigned char enabled, pending;
-+ efi_status_t status;
-+ EFI_TIME efi_time;
-+ efi_time_t eft;
-
-- if (put_user(status, psettime->status))
-- return -EFAULT;
-+ status = efi.get_wakeup_time((efi_bool_t *)&enabled,
-+ (efi_bool_t *)&pending, &eft);
-
-- return status == EFI_SUCCESS ? 0 : -EINVAL;
-+ pgetwakeuptime = (struct efi_getwakeuptime __user *)arg;
-
-- case EFI_RUNTIME_GET_WAKETIME:
-+ if (put_user(status, pgetwakeuptime->status))
-+ return -EFAULT;
-+ if (status != EFI_SUCCESS)
-+ return -EINVAL;
-
-- status = efi.get_wakeup_time((efi_bool_t *)&enabled,
-- (efi_bool_t *)&pending, &eft);
-+ if (put_user(enabled, pgetwakeuptime->Enabled) ||
-+ put_user(pending, pgetwakeuptime->Pending))
-+ return -EFAULT;
-
-- pgetwakeuptime = (struct efi_getwakeuptime __user *)arg;
-+ convert_from_efi_time(&eft, &efi_time);
-
-- if (put_user(status, pgetwakeuptime->status))
-- return -EFAULT;
-- if (status != EFI_SUCCESS)
-- return -EINVAL;
-+ return copy_to_user(pgetwakeuptime->Time, &efi_time,
-+ sizeof(EFI_TIME)) ? -EFAULT : 0;
-+}
-
-- if (put_user(enabled, pgetwakeuptime->Enabled) ||
-- put_user(pending, pgetwakeuptime->Pending))
-- return -EFAULT;
-+static long efi_runtime_set_waketime(unsigned long arg)
-+{
-+ struct efi_setwakeuptime __user *psetwakeuptime;
-+ unsigned char enabled;
-+ efi_status_t status;
-+ EFI_TIME efi_time;
-+ efi_time_t eft;
-
-- convert_from_efi_time(&eft, &efi_time);
-+ psetwakeuptime = (struct efi_setwakeuptime __user *)arg;
-
-- return copy_to_user(pgetwakeuptime->Time, &efi_time,
-- sizeof(EFI_TIME)) ? -EFAULT : 0;
-+ if (get_user(enabled, &psetwakeuptime->Enabled) ||
-+ copy_from_user(&efi_time,
-+ psetwakeuptime->Time,
-+ sizeof(EFI_TIME)))
-+ return -EFAULT;
-
-- case EFI_RUNTIME_SET_WAKETIME:
-+ convert_to_efi_time(&eft, &efi_time);
-
-- psetwakeuptime = (struct efi_setwakeuptime __user *)arg;
-+ status = efi.set_wakeup_time(enabled, &eft);
-
-- if (get_user(enabled, &psetwakeuptime->Enabled) ||
-- copy_from_user(&efi_time,
-- psetwakeuptime->Time,
-- sizeof(EFI_TIME)))
-- return -EFAULT;
-+ if (put_user(status, psetwakeuptime->status))
-+ return -EFAULT;
-
-- convert_to_efi_time(&eft, &efi_time);
-+ return status == EFI_SUCCESS ? 0 : -EINVAL;
-+}
-
-- status = efi.set_wakeup_time(enabled, &eft);
-+static long efi_runtime_get_nextvariablename(unsigned long arg)
-+{
-+ struct efi_getnextvariablename __user *pgetnextvariablename;
-+ unsigned long name_size;
-+ efi_status_t status;
-+ efi_guid_t vendor;
-+ EFI_GUID vendor_guid;
-
-- if (put_user(status, psetwakeuptime->status))
-- return -EFAULT;
-+ pgetnextvariablename = (struct efi_getnextvariablename
-+ __user *)arg;
-+
-+ if (get_user(name_size, pgetnextvariablename->VariableNameSize)
-+ || copy_from_user(&vendor_guid,
-+ pgetnextvariablename->VendorGuid,
-+ sizeof(EFI_GUID)))
-+ return -EFAULT;
-+ if (name_size > 1024)
-+ return -EFAULT;
-+
-+ convert_from_guid(&vendor, &vendor_guid);
-+
-+ status = efi.get_next_variable(&name_size,
-+ pgetnextvariablename->VariableName,
-+ &vendor);
-+ if (put_user(status, pgetnextvariablename->status))
-+ return -EFAULT;
-+ convert_to_guid(&vendor, &vendor_guid);
-+
-+ if (put_user(name_size, pgetnextvariablename->VariableNameSize))
-+ return -EFAULT;
-+
-+ if (copy_to_user(pgetnextvariablename->VendorGuid,
-+ &vendor_guid, sizeof(EFI_GUID)))
-+ return -EFAULT;
-+ if (status != EFI_SUCCESS)
-+ return -EINVAL;
-+ return 0;
-+}
-
-- return status == EFI_SUCCESS ? 0 : -EINVAL;
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,1,0)
-+static long efi_runtime_query_variableinfo(unsigned long arg)
-+{
-+ struct efi_queryvariableinfo __user *pqueryvariableinfo;
-+ efi_status_t status;
-+ uint32_t attr;
-
-- case EFI_RUNTIME_GET_NEXTVARIABLENAME:
-+ pqueryvariableinfo = (struct efi_queryvariableinfo __user *)arg;
-
-- pgetnextvariablename = (struct efi_getnextvariablename
-- __user *)arg;
-+ if (get_user(attr, &pqueryvariableinfo->Attributes))
-+ return -EFAULT;
-
-- if (get_user(name_size, pgetnextvariablename->VariableNameSize)
-- || copy_from_user(&vendor_guid,
-- pgetnextvariablename->VendorGuid,
-- sizeof(EFI_GUID)))
-- return -EFAULT;
-- if (name_size > 1024)
-- return -EFAULT;
-+ status = efi.query_variable_info(attr,
-+ pqueryvariableinfo->MaximumVariableStorageSize,
-+ pqueryvariableinfo->RemainingVariableStorageSize
-+ , pqueryvariableinfo->MaximumVariableSize);
-+ if (put_user(status, pqueryvariableinfo->status))
-+ return -EFAULT;
-+ if (status != EFI_SUCCESS)
-+ return -EINVAL;
-
-- convert_from_guid(&vendor, &vendor_guid);
-+ return 0;
-+}
-+#endif
-
-- status = efi.get_next_variable(&name_size,
-- pgetnextvariablename->VariableName,
-- &vendor);
-- if (put_user(status, pgetnextvariablename->status))
-- return -EFAULT;
-- convert_to_guid(&vendor, &vendor_guid);
-+static long efi_runtime_get_nexthighmonocount(unsigned long arg)
-+{
-+ struct efi_getnexthighmonotoniccount __user *pgetnexthighmonotoniccount;
-+ efi_status_t status;
-
-- if (put_user(name_size, pgetnextvariablename->VariableNameSize))
-- return -EFAULT;
-+ pgetnexthighmonotoniccount = (struct
-+ efi_getnexthighmonotoniccount __user *)arg;
-
-- if (copy_to_user(pgetnextvariablename->VendorGuid,
-- &vendor_guid, sizeof(EFI_GUID)))
-- return -EFAULT;
-- if (status != EFI_SUCCESS)
-- return -EINVAL;
-- return 0;
-+ status = efi.get_next_high_mono_count(pgetnexthighmonotoniccount
-+ ->HighCount);
-+ if (put_user(status, pgetnexthighmonotoniccount->status))
-+ return -EFAULT;
-+ if (status != EFI_SUCCESS)
-+ return -EINVAL;
-+
-+ return 0;
-+}
-
- #if LINUX_VERSION_CODE >= KERNEL_VERSION(3,1,0)
-- case EFI_RUNTIME_QUERY_VARIABLEINFO:
-+static long efi_runtime_query_capsulecaps(unsigned long arg)
-+{
-+ struct efi_querycapsulecapabilities __user *pquerycapsulecapabilities;
-+ efi_status_t status;
-
-- pqueryvariableinfo = (struct efi_queryvariableinfo __user *)arg;
-+ pquerycapsulecapabilities = (struct
-+ efi_querycapsulecapabilities __user *)arg;
-
-- if (get_user(attr, &pqueryvariableinfo->Attributes))
-- return -EFAULT;
-+ status = efi.query_capsule_caps(
-+ (efi_capsule_header_t **)
-+ pquerycapsulecapabilities->CapsuleHeaderArray,
-+ pquerycapsulecapabilities->CapsuleCount,
-+ pquerycapsulecapabilities->MaximumCapsuleSize,
-+ (int *)pquerycapsulecapabilities->ResetType);
-
-- status = efi.query_variable_info(attr,
-- pqueryvariableinfo->MaximumVariableStorageSize,
-- pqueryvariableinfo->RemainingVariableStorageSize
-- , pqueryvariableinfo->MaximumVariableSize);
-- if (put_user(status, pqueryvariableinfo->status))
-- return -EFAULT;
-- if (status != EFI_SUCCESS)
-- return -EINVAL;
-+ if (put_user(status, pquerycapsulecapabilities->status))
-+ return -EFAULT;
-+ if (status != EFI_SUCCESS)
-+ return -EINVAL;
-
-- return 0;
-+ return 0;
-+}
- #endif
-
-- case EFI_RUNTIME_GET_NEXTHIGHMONOTONICCOUNT:
-+static long efi_runtime_ioctl(struct file *file, unsigned int cmd,
-+ unsigned long arg)
-+{
-+ switch (cmd) {
-+ case EFI_RUNTIME_GET_VARIABLE:
-+ return efi_runtime_get_variable(arg);
-
-- pgetnexthighmonotoniccount = (struct
-- efi_getnexthighmonotoniccount __user *)arg;
-+ case EFI_RUNTIME_SET_VARIABLE:
-+ return efi_runtime_set_variable(arg);
-
-- status = efi.get_next_high_mono_count(pgetnexthighmonotoniccount
-- ->HighCount);
-- if (put_user(status, pgetnexthighmonotoniccount->status))
-- return -EFAULT;
-- if (status != EFI_SUCCESS)
-- return -EINVAL;
-+ case EFI_RUNTIME_GET_TIME:
-+ return efi_runtime_get_time(arg);
-+
-+ case EFI_RUNTIME_SET_TIME:
-+ return efi_runtime_set_time(arg);
-
-- return 0;
-+ case EFI_RUNTIME_GET_WAKETIME:
-+ return efi_runtime_get_waketime(arg);
-
--#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,1,0)
-- case EFI_RUNTIME_QUERY_CAPSULECAPABILITIES:
-+ case EFI_RUNTIME_SET_WAKETIME:
-+ return efi_runtime_set_waketime(arg);
-
-- pquerycapsulecapabilities = (struct
-- efi_querycapsulecapabilities __user *)arg;
-+ case EFI_RUNTIME_GET_NEXTVARIABLENAME:
-+ return efi_runtime_get_nextvariablename(arg);
-
-- status = efi.query_capsule_caps(
-- (efi_capsule_header_t **)
-- pquerycapsulecapabilities->CapsuleHeaderArray,
-- pquerycapsulecapabilities->CapsuleCount,
-- pquerycapsulecapabilities->MaximumCapsuleSize,
-- (int *)pquerycapsulecapabilities->ResetType);
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,1,0)
-+ case EFI_RUNTIME_QUERY_VARIABLEINFO:
-+ return efi_runtime_query_variableinfo(arg);
-+#endif
-
-- if (put_user(status, pquerycapsulecapabilities->status))
-- return -EFAULT;
-- if (status != EFI_SUCCESS)
-- return -EINVAL;
-+ case EFI_RUNTIME_GET_NEXTHIGHMONOTONICCOUNT:
-+ return efi_runtime_get_nexthighmonocount(arg);
-
-- return 0;
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,1,0)
-+ case EFI_RUNTIME_QUERY_CAPSULECAPABILITIES:
-+ return efi_runtime_query_capsulecaps(arg);
- #endif
- }
-
---
-1.7.11.7
-
diff --git a/meta-luv/recipes-core/fwts/fwts/0003-efi_runtime-Group-kernel-version-dependent-functions.patch b/meta-luv/recipes-core/fwts/fwts/0003-efi_runtime-Group-kernel-version-dependent-functions.patch
deleted file mode 100644
index f0829da..0000000
--- a/meta-luv/recipes-core/fwts/fwts/0003-efi_runtime-Group-kernel-version-dependent-functions.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-From 24cb3f2fef2d6cdecd2e1312c3a228e5e0f2403c Mon Sep 17 00:00:00 2001
-From: Matt Fleming <matt.fleming(a)intel.com>
-Date: Thu, 3 Apr 2014 10:26:13 +0100
-Subject: [PATCH 3/4] efi_runtime: Group kernel version dependent functions
-
-Instead of using multiple identical #if preprocessor blocks group the
-function calls and implementations together so that we can keep the
-preprocessor checks to a minimum.
-
-This change also more clearly conveys the message that the two functions
-are dependent on the same kernel version. With multiple #if block it's
-easy to misread them and think that, becuase there's more than one, they
-must have different kernel version requirements.
-
-Signed-off-by: Matt Fleming <matt.fleming(a)intel.com>
----
- efi_runtime/efi_runtime.c | 47 ++++++++++++++++++++++-------------------------
- 1 file changed, 22 insertions(+), 25 deletions(-)
-
-diff --git a/efi_runtime/efi_runtime.c b/efi_runtime/efi_runtime.c
-index be1e20a..1d905e2 100644
---- a/efi_runtime/efi_runtime.c
-+++ b/efi_runtime/efi_runtime.c
-@@ -298,6 +298,25 @@ static long efi_runtime_get_nextvariablename(unsigned long arg)
- return 0;
- }
-
-+static long efi_runtime_get_nexthighmonocount(unsigned long arg)
-+{
-+ struct efi_getnexthighmonotoniccount __user *pgetnexthighmonotoniccount;
-+ efi_status_t status;
-+
-+ pgetnexthighmonotoniccount = (struct
-+ efi_getnexthighmonotoniccount __user *)arg;
-+
-+ status = efi.get_next_high_mono_count(pgetnexthighmonotoniccount
-+ ->HighCount);
-+ if (put_user(status, pgetnexthighmonotoniccount->status))
-+ return -EFAULT;
-+ if (status != EFI_SUCCESS)
-+ return -EINVAL;
-+
-+ return 0;
-+}
-+
-+
- #if LINUX_VERSION_CODE >= KERNEL_VERSION(3,1,0)
- static long efi_runtime_query_variableinfo(unsigned long arg)
- {
-@@ -321,27 +340,7 @@ static long efi_runtime_query_variableinfo(unsigned long arg)
-
- return 0;
- }
--#endif
-
--static long efi_runtime_get_nexthighmonocount(unsigned long arg)
--{
-- struct efi_getnexthighmonotoniccount __user *pgetnexthighmonotoniccount;
-- efi_status_t status;
--
-- pgetnexthighmonotoniccount = (struct
-- efi_getnexthighmonotoniccount __user *)arg;
--
-- status = efi.get_next_high_mono_count(pgetnexthighmonotoniccount
-- ->HighCount);
-- if (put_user(status, pgetnexthighmonotoniccount->status))
-- return -EFAULT;
-- if (status != EFI_SUCCESS)
-- return -EINVAL;
--
-- return 0;
--}
--
--#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,1,0)
- static long efi_runtime_query_capsulecaps(unsigned long arg)
- {
- struct efi_querycapsulecapabilities __user *pquerycapsulecapabilities;
-@@ -391,15 +390,13 @@ static long efi_runtime_ioctl(struct file *file, unsigned int cmd,
- case EFI_RUNTIME_GET_NEXTVARIABLENAME:
- return efi_runtime_get_nextvariablename(arg);
-
--#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,1,0)
-- case EFI_RUNTIME_QUERY_VARIABLEINFO:
-- return efi_runtime_query_variableinfo(arg);
--#endif
--
- case EFI_RUNTIME_GET_NEXTHIGHMONOTONICCOUNT:
- return efi_runtime_get_nexthighmonocount(arg);
-
- #if LINUX_VERSION_CODE >= KERNEL_VERSION(3,1,0)
-+ case EFI_RUNTIME_QUERY_VARIABLEINFO:
-+ return efi_runtime_query_variableinfo(arg);
-+
- case EFI_RUNTIME_QUERY_CAPSULECAPABILITIES:
- return efi_runtime_query_capsulecaps(arg);
- #endif
---
-1.7.11.7
-
diff --git a/meta-luv/recipes-core/fwts/fwts/0004-efi_runtime-Do-not-pass-user-addresses-to-firmware.patch b/meta-luv/recipes-core/fwts/fwts/0004-efi_runtime-Do-not-pass-user-addresses-to-firmware.patch
deleted file mode 100644
index cae364f..0000000
--- a/meta-luv/recipes-core/fwts/fwts/0004-efi_runtime-Do-not-pass-user-addresses-to-firmware.patch
+++ /dev/null
@@ -1,374 +0,0 @@
-From 4d6baaaed706bcb006aa296b2b63799b2082df3a Mon Sep 17 00:00:00 2001
-From: Matt Fleming <matt.fleming(a)intel.com>
-Date: Thu, 3 Apr 2014 12:20:48 +0100
-Subject: [PATCH 4/4] efi_runtime: Do not pass user addresses to firmware
-
-Currently there's some inconsistency with how arguments are passed to
-the firmware from the efi_runtime driver. Some values have the standard
-get_user()/put_user() calls, others do not.
-
-Passing userspace pointers directly to the firmware is a bug because
-those addresses may fault. And if they are going to fault we'd like to
-know about it in the kernel rather than at some later time when
-executing in firmware context.
-
-Furthermore, beginning with v3.14 of the kernel the current tests
-actually cause the kernel to crash because firmware calls are now done
-with their own, entirely separate, page tables - no user addresses are
-mapped during execution of runtime services.
-
-This change doesn't require predication on a particular kernel version
-because the efi_runtime should really have always done this copying
-to/from userspace for every argument of the runtime services.
-
-This patch is heavily based on one from Borislav.
-
-Cc: Borislav Petkov <bp(a)alien8.de>
-Signed-off-by: Matt Fleming <matt.fleming(a)intel.com>
----
- efi_runtime/efi_runtime.c | 239 +++++++++++++++++++++++++++++++++++++++++-----
- 1 file changed, 215 insertions(+), 24 deletions(-)
-
-diff --git a/efi_runtime/efi_runtime.c b/efi_runtime/efi_runtime.c
-index 1d905e2..7ce3e2a 100644
---- a/efi_runtime/efi_runtime.c
-+++ b/efi_runtime/efi_runtime.c
-@@ -24,7 +24,7 @@
- #include <linux/init.h>
- #include <linux/proc_fs.h>
- #include <linux/efi.h>
--
-+#include <linux/slab.h>
- #include <linux/uaccess.h>
-
- #include "efi_runtime.h"
-@@ -100,6 +100,110 @@ static void convert_to_guid(efi_guid_t *vendor, EFI_GUID *vendor_guid)
- vendor_guid->Data4[i] = vendor->b[i+8];
- }
-
-+/*
-+ * Count the bytes in 'str', including the terminating NULL.
-+ *
-+ * Note this function returns the number of *bytes*, not the number of
-+ * ucs2 characters.
-+ */
-+static inline size_t __strsize(uint16_t *str)
-+{
-+ uint16_t *s = str;
-+ size_t len;
-+
-+ if (!str)
-+ return 0;
-+
-+ /* Include terminating NULL */
-+ len = sizeof(uint16_t);
-+
-+ while (*s++ != 0)
-+ len += sizeof(uint16_t);
-+
-+ return len;
-+}
-+
-+/*
-+ * Copy a ucs2 string from user space into a newly allocated kernel
-+ * buffer.
-+ *
-+ * We take an explicit number of bytes to copy, and therefore do not
-+ * make any assumptions about 'src' (such as it being a valid string).
-+ */
-+static inline int
-+get_ucs2_len(uint16_t **dst, uint16_t __user *src, size_t len)
-+{
-+ if (!src) {
-+ *dst = NULL;
-+ return 0;
-+ }
-+
-+ if (!access_ok(VERIFY_READ, src, 1))
-+ return -EFAULT;
-+
-+ *dst = kmalloc(len, GFP_KERNEL);
-+ if (!*dst)
-+ return -ENOMEM;
-+
-+ if (copy_from_user(*dst, src, len)) {
-+ kfree(*dst);
-+ return -EFAULT;
-+ }
-+
-+ return 0;
-+}
-+
-+/*
-+ * Copy a ucs2 string from user space into a newly allocated kernel
-+ * buffer.
-+ *
-+ * If a non-zero value is returned, the caller MUST NOT access 'dst'.
-+ */
-+static inline int get_ucs2(uint16_t **dst, uint16_t __user *src)
-+{
-+ size_t len;
-+
-+ if (!access_ok(VERIFY_READ, src, 1))
-+ return -EFAULT;
-+
-+ len = __strsize(src);
-+ return get_ucs2_len(dst, src, len);
-+}
-+
-+/*
-+ * Write a ucs2 string to a user buffer.
-+ *
-+ * 'len' specifies the number of bytes to copy.
-+ */
-+static inline int
-+put_ucs2_len(uint16_t *src, uint16_t __user *dst, size_t len)
-+{
-+ if (!src)
-+ return 0;
-+
-+ if (!access_ok(VERIFY_WRITE, dst, 1))
-+ return -EFAULT;
-+
-+ return copy_to_user(dst, src, len);
-+}
-+
-+/*
-+ * Write a NUL-terminated ucs2 string to a user buffer.
-+ *
-+ * We calculate the number of bytes to write from the ucs2 string 'src',
-+ * including the terminating NUL.
-+ */
-+static inline int put_ucs2(uint16_t *src, uint16_t __user *dst)
-+{
-+ size_t len;
-+
-+ if (!access_ok(VERIFY_WRITE, dst, 1))
-+ return -EFAULT;
-+
-+ len = __strsize(src);
-+ return put_ucs2_len(src, dst, len);
-+}
-+
- static long efi_runtime_get_variable(unsigned long arg)
- {
- struct efi_getvariable __user *pgetvariable;
-@@ -107,7 +211,10 @@ static long efi_runtime_get_variable(unsigned long arg)
- EFI_GUID vendor_guid;
- efi_guid_t vendor;
- efi_status_t status;
-+ uint16_t *name;
- uint32_t attr;
-+ void *data;
-+ int rv = 0;
-
- pgetvariable = (struct efi_getvariable __user *)arg;
-
-@@ -117,8 +224,27 @@ static long efi_runtime_get_variable(unsigned long arg)
- return -EFAULT;
-
- convert_from_guid(&vendor, &vendor_guid);
-- status = efi.get_variable(pgetvariable->VariableName, &vendor,
-- &attr, &datasize, pgetvariable->Data);
-+
-+ rv = get_ucs2(&name, pgetvariable->VariableName);
-+ if (rv)
-+ return rv;
-+
-+ data = kmalloc(datasize, GFP_KERNEL);
-+ if (!data) {
-+ kfree(name);
-+ return -ENOMEM;
-+ }
-+
-+ status = efi.get_variable(name, &vendor, &attr, &datasize, data);
-+
-+ kfree(name);
-+
-+ rv = copy_to_user(pgetvariable->Data, data, datasize);
-+ kfree(data);
-+
-+ if (rv)
-+ return rv;
-+
- if (put_user(status, pgetvariable->status))
- return -EFAULT;
- if (status == EFI_SUCCESS) {
-@@ -141,7 +267,10 @@ static long efi_runtime_set_variable(unsigned long arg)
- EFI_GUID vendor_guid;
- efi_guid_t vendor;
- efi_status_t status;
-+ uint16_t *name;
- uint32_t attr;
-+ void *data;
-+ int rv;
-
- psetvariable = (struct efi_setvariable __user *)arg;
- if (get_user(datasize, &psetvariable->DataSize) ||
-@@ -151,8 +280,21 @@ static long efi_runtime_set_variable(unsigned long arg)
- return -EFAULT;
-
- convert_from_guid(&vendor, &vendor_guid);
-- status = efi.set_variable(psetvariable->VariableName, &vendor,
-- attr, datasize, psetvariable->Data);
-+
-+ rv = get_ucs2(&name, psetvariable->VariableName);
-+ if (rv)
-+ return rv;
-+
-+ data = kmalloc(datasize, GFP_KERNEL);
-+ if (copy_from_user(data, psetvariable->Data, datasize)) {
-+ kfree(name);
-+ return -EFAULT;
-+ }
-+
-+ status = efi.set_variable(name, &vendor, attr, datasize, data);
-+
-+ kfree(data);
-+ kfree(name);
-
- if (put_user(status, psetvariable->status))
- return -EFAULT;
-@@ -266,6 +408,8 @@ static long efi_runtime_get_nextvariablename(unsigned long arg)
- efi_status_t status;
- efi_guid_t vendor;
- EFI_GUID vendor_guid;
-+ uint16_t *name;
-+ int rv;
-
- pgetnextvariablename = (struct efi_getnextvariablename
- __user *)arg;
-@@ -280,9 +424,18 @@ static long efi_runtime_get_nextvariablename(unsigned long arg)
-
- convert_from_guid(&vendor, &vendor_guid);
-
-- status = efi.get_next_variable(&name_size,
-- pgetnextvariablename->VariableName,
-- &vendor);
-+ rv = get_ucs2_len(&name, pgetnextvariablename->VariableName, 1024);
-+ if (rv)
-+ return rv;
-+
-+ status = efi.get_next_variable(&name_size, name, &vendor);
-+
-+ rv = put_ucs2_len(name, pgetnextvariablename->VariableName, name_size);
-+ kfree(name);
-+
-+ if (rv)
-+ return -EFAULT;
-+
- if (put_user(status, pgetnextvariablename->status))
- return -EFAULT;
- convert_to_guid(&vendor, &vendor_guid);
-@@ -302,14 +455,18 @@ static long efi_runtime_get_nexthighmonocount(unsigned long arg)
- {
- struct efi_getnexthighmonotoniccount __user *pgetnexthighmonotoniccount;
- efi_status_t status;
-+ uint32_t count;
-
- pgetnexthighmonotoniccount = (struct
- efi_getnexthighmonotoniccount __user *)arg;
-
-- status = efi.get_next_high_mono_count(pgetnexthighmonotoniccount
-- ->HighCount);
-+ status = efi.get_next_high_mono_count(&count);
- if (put_user(status, pgetnexthighmonotoniccount->status))
- return -EFAULT;
-+
-+ if (put_user(count, pgetnexthighmonotoniccount->HighCount))
-+ return -EFAULT;
-+
- if (status != EFI_SUCCESS)
- return -EINVAL;
-
-@@ -322,6 +479,7 @@ static long efi_runtime_query_variableinfo(unsigned long arg)
- {
- struct efi_queryvariableinfo __user *pqueryvariableinfo;
- efi_status_t status;
-+ uint64_t max_storage, remaining, max_size;
- uint32_t attr;
-
- pqueryvariableinfo = (struct efi_queryvariableinfo __user *)arg;
-@@ -329,10 +487,18 @@ static long efi_runtime_query_variableinfo(unsigned long arg)
- if (get_user(attr, &pqueryvariableinfo->Attributes))
- return -EFAULT;
-
-- status = efi.query_variable_info(attr,
-- pqueryvariableinfo->MaximumVariableStorageSize,
-- pqueryvariableinfo->RemainingVariableStorageSize
-- , pqueryvariableinfo->MaximumVariableSize);
-+ status = efi.query_variable_info(attr, &max_storage,
-+ &remaining, &max_size);
-+
-+ if (put_user(max_storage, pqueryvariableinfo->MaximumVariableStorageSize))
-+ return -EFAULT;
-+
-+ if (put_user(remaining, pqueryvariableinfo->RemainingVariableStorageSize))
-+ return -EFAULT;
-+
-+ if (put_user(max_size, pqueryvariableinfo->MaximumVariableSize))
-+ return -EFAULT;
-+
- if (put_user(status, pqueryvariableinfo->status))
- return -EFAULT;
- if (status != EFI_SUCCESS)
-@@ -343,21 +509,46 @@ static long efi_runtime_query_variableinfo(unsigned long arg)
-
- static long efi_runtime_query_capsulecaps(unsigned long arg)
- {
-- struct efi_querycapsulecapabilities __user *pquerycapsulecapabilities;
-+ struct efi_querycapsulecapabilities __user *u_caps;
-+ struct efi_querycapsulecapabilities caps;
-+ EFI_CAPSULE_HEADER *capsules;
- efi_status_t status;
-+ uint64_t max_size;
-+ int i, reset_type;
-
-- pquerycapsulecapabilities = (struct
-- efi_querycapsulecapabilities __user *)arg;
-+ u_caps = (struct efi_querycapsulecapabilities __user *)arg;
-
-- status = efi.query_capsule_caps(
-- (efi_capsule_header_t **)
-- pquerycapsulecapabilities->CapsuleHeaderArray,
-- pquerycapsulecapabilities->CapsuleCount,
-- pquerycapsulecapabilities->MaximumCapsuleSize,
-- (int *)pquerycapsulecapabilities->ResetType);
-+ if (copy_from_user(&caps, u_caps, sizeof(caps)))
-+ return -EFAULT;
-+
-+ capsules = kcalloc(caps.CapsuleCount + 1,
-+ sizeof(EFI_CAPSULE_HEADER), GFP_KERNEL);
-+ if (!capsules)
-+ return -ENOMEM;
-+
-+ for (i = 0; i < caps.CapsuleCount; i++) {
-+ if (copy_from_user(&capsules[i],
-+ (EFI_CAPSULE_HEADER *)u_caps->CapsuleHeaderArray[i],
-+ sizeof(EFI_CAPSULE_HEADER)))
-+ return -EFAULT;
-+ }
-+
-+ caps.CapsuleHeaderArray = &capsules;
-
-- if (put_user(status, pquerycapsulecapabilities->status))
-+ status = efi.query_capsule_caps((efi_capsule_header_t **)
-+ caps.CapsuleHeaderArray,
-+ caps.CapsuleCount,
-+ &max_size, &reset_type);
-+
-+ if (put_user(status, u_caps->status))
-+ return -EFAULT;
-+
-+ if (put_user(max_size, u_caps->MaximumCapsuleSize))
- return -EFAULT;
-+
-+ if (put_user(reset_type, u_caps->ResetType))
-+ return -EFAULT;
-+
- if (status != EFI_SUCCESS)
- return -EINVAL;
-
---
-1.7.11.7
-
diff --git a/meta-luv/recipes-core/fwts/fwts/0005-efi_runtime-donot-dereference-user-address.patch b/meta-luv/recipes-core/fwts/fwts/0005-efi_runtime-donot-dereference-user-address.patch
deleted file mode 100644
index 9f9c17c..0000000
--- a/meta-luv/recipes-core/fwts/fwts/0005-efi_runtime-donot-dereference-user-address.patch
+++ /dev/null
@@ -1,444 +0,0 @@
-diff -Nurp a/efi_runtime/efi_runtime.c b/efi_runtime/efi_runtime.c
---- a/efi_runtime/efi_runtime.c 2014-07-27 00:43:39.263763036 -0700
-+++ b/efi_runtime/efi_runtime.c 2014-08-14 23:12:47.746531304 -0700
-@@ -108,7 +108,7 @@ static void convert_to_guid(efi_guid_t *vendor, EFI_GUID *vendor_guid)
- */
- static inline size_t __strsize(uint16_t *str)
- {
-- uint16_t *s = str;
-+ uint16_t *s = str, c;
- size_t len;
-
- if (!str)
-@@ -117,9 +117,18 @@ static inline size_t __strsize(uint16_t *str)
- /* Include terminating NULL */
- len = sizeof(uint16_t);
-
-- while (*s++ != 0)
-- len += sizeof(uint16_t);
-+ if(get_user(c, s++)) {
-+ WARN(1, "fwts: Can't read userspace memory for size");
-+ return 0;
-+ }
-
-+ while (c != 0) {
-+ if (get_user(c, s++)) {
-+ WARN(1, "Can't read userspace memory for size");
-+ return 0;
-+ }
-+ len += sizeof(uint16_t);
-+ }
- return len;
- }
-
-@@ -207,6 +216,7 @@ static inline int put_ucs2(uint16_t *src, uint16_t __user *dst)
- static long efi_runtime_get_variable(unsigned long arg)
- {
- struct efi_getvariable __user *pgetvariable;
-+ struct efi_getvariable pgetvariable_local;
- unsigned long datasize;
- EFI_GUID vendor_guid;
- efi_guid_t vendor;
-@@ -218,14 +228,18 @@ static long efi_runtime_get_variable(unsigned long arg)
-
- pgetvariable = (struct efi_getvariable __user *)arg;
-
-- if (get_user(datasize, pgetvariable->DataSize) ||
-- copy_from_user(&vendor_guid, pgetvariable->VendorGuid,
-- sizeof(EFI_GUID)))
-+ if (copy_from_user(&pgetvariable_local, pgetvariable,
-+ sizeof(pgetvariable_local)))
-+ return -EFAULT;
-+
-+ if (get_user(datasize, pgetvariable_local.DataSize) ||
-+ copy_from_user(&vendor_guid, pgetvariable_local.VendorGuid,
-+ sizeof(vendor_guid)))
- return -EFAULT;
-
- convert_from_guid(&vendor, &vendor_guid);
-
-- rv = get_ucs2(&name, pgetvariable->VariableName);
-+ rv = get_ucs2(&name, pgetvariable_local.VariableName);
- if (rv)
- return rv;
-
-@@ -239,17 +253,17 @@ static long efi_runtime_get_variable(unsigned long arg)
-
- kfree(name);
-
-- rv = copy_to_user(pgetvariable->Data, data, datasize);
-+ rv = copy_to_user(pgetvariable_local.Data, data, datasize);
- kfree(data);
-
- if (rv)
- return rv;
-
-- if (put_user(status, pgetvariable->status))
-+ if (put_user(status, pgetvariable_local.status))
- return -EFAULT;
- if (status == EFI_SUCCESS) {
-- if (put_user(attr, pgetvariable->Attributes) ||
-- put_user(datasize, pgetvariable->DataSize))
-+ if (put_user(attr, pgetvariable_local.Attributes) ||
-+ put_user(datasize, pgetvariable_local.DataSize))
- return -EFAULT;
- return 0;
- } else {
-@@ -263,40 +277,43 @@ static long efi_runtime_get_variable(unsigned long arg)
- static long efi_runtime_set_variable(unsigned long arg)
- {
- struct efi_setvariable __user *psetvariable;
-- unsigned long datasize;
-+ struct efi_setvariable psetvariable_local;
- EFI_GUID vendor_guid;
- efi_guid_t vendor;
- efi_status_t status;
- uint16_t *name;
-- uint32_t attr;
- void *data;
- int rv;
-
- psetvariable = (struct efi_setvariable __user *)arg;
-- if (get_user(datasize, &psetvariable->DataSize) ||
-- get_user(attr, &psetvariable->Attributes) ||
-- copy_from_user(&vendor_guid, psetvariable->VendorGuid,
-- sizeof(EFI_GUID)))
-+
-+ if (copy_from_user(&psetvariable_local, psetvariable,
-+ sizeof(psetvariable_local)))
-+ return -EFAULT;
-+ if (copy_from_user(&vendor_guid, psetvariable_local.VendorGuid,
-+ sizeof(vendor_guid)))
- return -EFAULT;
-
- convert_from_guid(&vendor, &vendor_guid);
-
-- rv = get_ucs2(&name, psetvariable->VariableName);
-+ rv = get_ucs2(&name, psetvariable_local.VariableName);
- if (rv)
- return rv;
-
-- data = kmalloc(datasize, GFP_KERNEL);
-- if (copy_from_user(data, psetvariable->Data, datasize)) {
-+ data = kmalloc(psetvariable_local.DataSize, GFP_KERNEL);
-+ if (copy_from_user(data, psetvariable_local.Data,
-+ psetvariable_local.DataSize)) {
- kfree(name);
- return -EFAULT;
- }
-
-- status = efi.set_variable(name, &vendor, attr, datasize, data);
-+ status = efi.set_variable(name, &vendor, psetvariable_local.Attributes,
-+ psetvariable_local.DataSize, data);
-
- kfree(data);
- kfree(name);
-
-- if (put_user(status, psetvariable->status))
-+ if (put_user(status, psetvariable_local.status))
- return -EFAULT;
- return status == EFI_SUCCESS ? 0 : -EINVAL;
- }
-@@ -304,52 +304,60 @@ static long efi_runtime_set_variable(uns
- static long efi_runtime_get_time(unsigned long arg)
- {
- struct efi_gettime __user *pgettime;
-+ struct efi_gettime pgettime_local;
-+ EFI_TIME_CAPABILITIES __user *cap_local;
- efi_status_t status;
- efi_time_cap_t cap;
- efi_time_t eft;
-
- status = efi.get_time(&eft, &cap);
- pgettime = (struct efi_gettime __user *)arg;
-- if (put_user(status, pgettime->status))
-+ if (copy_from_user(&pgettime_local, pgettime, sizeof(pgettime_local)))
-+ return -EFAULT;
-+
-+ cap_local = (EFI_TIME_CAPABILITIES *)pgettime_local.Capabilities;
-+ if (put_user(status, pgettime_local.status))
- return -EFAULT;
- if (status != EFI_SUCCESS) {
- printk(KERN_ERR "efitime: can't read time\n");
- return -EINVAL;
- }
-- if (put_user(cap.resolution,
-- &pgettime->Capabilities->Resolution) ||
-- put_user(cap.accuracy,
-- &pgettime->Capabilities->Accuracy) ||
-- put_user(cap.sets_to_zero,
-- &pgettime->Capabilities->SetsToZero))
-+ if (put_user(cap.resolution,
-+ &(cap_local->Resolution)) ||
-+ put_user(cap.accuracy, &(cap_local->Accuracy)) ||
-+ put_user(cap.sets_to_zero,&(cap_local->SetsToZero)))
- return -EFAULT;
-- return copy_to_user(pgettime->Time, &eft,
-+ return copy_to_user(pgettime_local.Time, &eft,
- sizeof(EFI_TIME)) ? -EFAULT : 0;
- }
-
- static long efi_runtime_set_time(unsigned long arg)
- {
- struct efi_settime __user *psettime;
-+ struct efi_settime psettime_local;
- efi_status_t status;
- EFI_TIME efi_time;
- efi_time_t eft;
-
- psettime = (struct efi_settime __user *)arg;
-- if (copy_from_user(&efi_time, psettime->Time,
-+ if (copy_from_user(&psettime_local, psettime, sizeof(psettime_local)))
-+ return -EFAULT;
-+ if (copy_from_user(&efi_time, psettime_local.Time,
- sizeof(EFI_TIME)))
- return -EFAULT;
- convert_to_efi_time(&eft, &efi_time);
- status = efi.set_time(&eft);
-
-- if (put_user(status, psettime->status))
-+ if (put_user(status, psettime_local.status))
- return -EFAULT;
--
-- return status == EFI_SUCCESS ? 0 : -EINVAL;
-+
-+ return status == EFI_SUCCESS ? 0 : -EINVAL;
- }
-
- static long efi_runtime_get_waketime(unsigned long arg)
- {
- struct efi_getwakeuptime __user *pgetwakeuptime;
-+ struct efi_getwakeuptime pgetwakeuptime_local;
- unsigned char enabled, pending;
- efi_status_t status;
- EFI_TIME efi_time;
-@@ -357,53 +365,56 @@ static long efi_runtime_get_waketime(uns
-
- status = efi.get_wakeup_time((efi_bool_t *)&enabled,
- (efi_bool_t *)&pending, &eft);
--
-+
- pgetwakeuptime = (struct efi_getwakeuptime __user *)arg;
--
-- if (put_user(status, pgetwakeuptime->status))
-+
-+ if (copy_from_user(&pgetwakeuptime_local, pgetwakeuptime, sizeof(pgetwakeuptime_local)))
-+ return -EFAULT;
-+ if (put_user(status, pgetwakeuptime_local.status))
- return -EFAULT;
- if (status != EFI_SUCCESS)
- return -EINVAL;
--
-- if (put_user(enabled, pgetwakeuptime->Enabled) ||
-- put_user(pending, pgetwakeuptime->Pending))
-+ if (put_user(enabled, pgetwakeuptime_local.Enabled) ||
-+ put_user(pending, pgetwakeuptime_local.Pending))
- return -EFAULT;
--
- convert_from_efi_time(&eft, &efi_time);
--
-- return copy_to_user(pgetwakeuptime->Time, &efi_time,
-+
-+ return copy_to_user(pgetwakeuptime_local.Time, &efi_time,
- sizeof(EFI_TIME)) ? -EFAULT : 0;
- }
-
- static long efi_runtime_set_waketime(unsigned long arg)
- {
- struct efi_setwakeuptime __user *psetwakeuptime;
-+ struct efi_setwakeuptime psetwakeuptime_local;
- unsigned char enabled;
- efi_status_t status;
- EFI_TIME efi_time;
- efi_time_t eft;
-
- psetwakeuptime = (struct efi_setwakeuptime __user *)arg;
--
-- if (get_user(enabled, &psetwakeuptime->Enabled) ||
-- copy_from_user(&efi_time,
-- psetwakeuptime->Time,
-- sizeof(EFI_TIME)))
-+
-+ if (copy_from_user(&psetwakeuptime_local, psetwakeuptime, sizeof(psetwakeuptime_local)))
- return -EFAULT;
--
-+
-+ if (get_user(enabled, &(psetwakeuptime_local.Enabled)) ||
-+ copy_from_user(&efi_time, psetwakeuptime_local.Time, sizeof(EFI_TIME)))
-+ return -EFAULT;
-+
- convert_to_efi_time(&eft, &efi_time);
--
-+
- status = efi.set_wakeup_time(enabled, &eft);
--
-- if (put_user(status, psetwakeuptime->status))
-+
-+ if (put_user(status, psetwakeuptime_local.status))
- return -EFAULT;
--
-+
- return status == EFI_SUCCESS ? 0 : -EINVAL;
- }
-
- static long efi_runtime_get_nextvariablename(unsigned long arg)
- {
- struct efi_getnextvariablename __user *pgetnextvariablename;
-+ struct efi_getnextvariablename pgetnextvariablename_local;
- unsigned long name_size;
- efi_status_t status;
- efi_guid_t vendor;
-@@ -414,37 +442,41 @@ static long efi_runtime_get_nextvariablename(unsigned long arg)
- pgetnextvariablename = (struct efi_getnextvariablename
- __user *)arg;
-
-- if (get_user(name_size, pgetnextvariablename->VariableNameSize)
-- || copy_from_user(&vendor_guid,
-- pgetnextvariablename->VendorGuid,
-- sizeof(EFI_GUID)))
-+ if (copy_from_user(&pgetnextvariablename_local, pgetnextvariablename,
-+ sizeof(pgetnextvariablename_local)))
-+ return -EFAULT;
-+
-+ if (get_user(name_size, pgetnextvariablename_local.VariableNameSize) ||
-+ copy_from_user(&vendor_guid, pgetnextvariablename_local.VendorGuid,
-+ sizeof(vendor_guid)))
- return -EFAULT;
- if (name_size > 1024)
- return -EFAULT;
-
- convert_from_guid(&vendor, &vendor_guid);
-
-- rv = get_ucs2_len(&name, pgetnextvariablename->VariableName, 1024);
-+ rv = get_ucs2_len(&name, pgetnextvariablename_local.VariableName, 1024);
- if (rv)
- return rv;
-
- status = efi.get_next_variable(&name_size, name, &vendor);
-
-- rv = put_ucs2_len(name, pgetnextvariablename->VariableName, name_size);
-+ rv = put_ucs2_len(name, pgetnextvariablename_local.VariableName,
-+ name_size);
- kfree(name);
-
- if (rv)
- return -EFAULT;
-
-- if (put_user(status, pgetnextvariablename->status))
-+ if (put_user(status, pgetnextvariablename_local.status))
- return -EFAULT;
- convert_to_guid(&vendor, &vendor_guid);
-
-- if (put_user(name_size, pgetnextvariablename->VariableNameSize))
-+ if (put_user(name_size, pgetnextvariablename_local.VariableNameSize))
- return -EFAULT;
-
-- if (copy_to_user(pgetnextvariablename->VendorGuid,
-- &vendor_guid, sizeof(EFI_GUID)))
-+ if (copy_to_user(pgetnextvariablename_local.VendorGuid,
-+ &vendor_guid, sizeof(EFI_GUID)))
- return -EFAULT;
- if (status != EFI_SUCCESS)
- return -EINVAL;
-@@ -454,6 +486,7 @@ static long efi_runtime_get_nextvariablename(unsigned long arg)
- static long efi_runtime_get_nexthighmonocount(unsigned long arg)
- {
- struct efi_getnexthighmonotoniccount __user *pgetnexthighmonotoniccount;
-+ struct efi_getnexthighmonotoniccount pgetnexthighmonotoniccount_local;
- efi_status_t status;
- uint32_t count;
-
-@@ -461,10 +494,15 @@ static long efi_runtime_get_nexthighmonocount(unsigned long arg)
- efi_getnexthighmonotoniccount __user *)arg;
-
- status = efi.get_next_high_mono_count(&count);
-- if (put_user(status, pgetnexthighmonotoniccount->status))
-+
-+ if (copy_from_user(&pgetnexthighmonotoniccount_local,
-+ pgetnexthighmonotoniccount,
-+ sizeof(pgetnexthighmonotoniccount_local)))
-+ return -EFAULT;
-+ if (put_user(status, pgetnexthighmonotoniccount_local.status))
- return -EFAULT;
-
-- if (put_user(count, pgetnexthighmonotoniccount->HighCount))
-+ if (put_user(count, pgetnexthighmonotoniccount_local.HighCount))
- return -EFAULT;
-
- if (status != EFI_SUCCESS)
-@@ -478,28 +516,31 @@ static long efi_runtime_get_nexthighmonocount(unsigned long arg)
- static long efi_runtime_query_variableinfo(unsigned long arg)
- {
- struct efi_queryvariableinfo __user *pqueryvariableinfo;
-+ struct efi_queryvariableinfo pqueryvariableinfo_local;
- efi_status_t status;
- uint64_t max_storage, remaining, max_size;
-- uint32_t attr;
-
- pqueryvariableinfo = (struct efi_queryvariableinfo __user *)arg;
-
-- if (get_user(attr, &pqueryvariableinfo->Attributes))
-+ if (copy_from_user(&pqueryvariableinfo_local, pqueryvariableinfo,
-+ sizeof(pqueryvariableinfo_local)))
- return -EFAULT;
-
-- status = efi.query_variable_info(attr, &max_storage,
-- &remaining, &max_size);
-+ status = efi.query_variable_info(pqueryvariableinfo_local.Attributes,
-+ &max_storage, &remaining, &max_size);
-
-- if (put_user(max_storage, pqueryvariableinfo->MaximumVariableStorageSize))
-+ if (put_user(max_storage,
-+ pqueryvariableinfo_local.MaximumVariableStorageSize))
- return -EFAULT;
-
-- if (put_user(remaining, pqueryvariableinfo->RemainingVariableStorageSize))
-+ if (put_user(remaining,
-+ pqueryvariableinfo_local.RemainingVariableStorageSize))
- return -EFAULT;
-
-- if (put_user(max_size, pqueryvariableinfo->MaximumVariableSize))
-+ if (put_user(max_size, pqueryvariableinfo_local.MaximumVariableSize))
- return -EFAULT;
-
-- if (put_user(status, pqueryvariableinfo->status))
-+ if (put_user(status, pqueryvariableinfo_local.status))
- return -EFAULT;
- if (status != EFI_SUCCESS)
- return -EINVAL;
-@@ -527,9 +568,15 @@ static long efi_runtime_query_capsulecaps(unsigned long arg)
- return -ENOMEM;
-
- for (i = 0; i < caps.CapsuleCount; i++) {
-- if (copy_from_user(&capsules[i],
-- (EFI_CAPSULE_HEADER *)u_caps->CapsuleHeaderArray[i],
-- sizeof(EFI_CAPSULE_HEADER)))
-+ EFI_CAPSULE_HEADER *c;
-+ /*
-+ * We cannot dereference caps.CapsuleHeaderArray directly to
-+ * obtain the address of the capsule as it resides in the
-+ * user space
-+ */
-+ if (get_user(c, caps.CapsuleHeaderArray + i))
-+ return -EFAULT;
-+ if (copy_from_user(&capsules[i], c, sizeof(EFI_CAPSULE_HEADER)))
- return -EFAULT;
- }
-
-@@ -540,13 +587,13 @@ static long efi_runtime_query_capsulecaps(unsigned long arg)
- caps.CapsuleCount,
- &max_size, &reset_type);
-
-- if (put_user(status, u_caps->status))
-+ if (put_user(status, caps.status))
- return -EFAULT;
-
-- if (put_user(max_size, u_caps->MaximumCapsuleSize))
-+ if (put_user(max_size, caps.MaximumCapsuleSize))
- return -EFAULT;
-
-- if (put_user(reset_type, u_caps->ResetType))
-+ if (put_user(reset_type, caps.ResetType))
- return -EFAULT;
-
- if (status != EFI_SUCCESS)
diff --git a/meta-luv/recipes-core/fwts/fwts/0006-cpu-microcode-remove-failures-when-kernel-does-not-h.patch b/meta-luv/recipes-core/fwts/fwts/0006-cpu-microcode-remove-failures-when-kernel-does-not-h.patch
deleted file mode 100644
index 5ba272a..0000000
--- a/meta-luv/recipes-core/fwts/fwts/0006-cpu-microcode-remove-failures-when-kernel-does-not-h.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 823c7c1ec79a88a1d7dab03b160f5fe79af17e71 Mon Sep 17 00:00:00 2001
-From: Alex Hung <alex.hung(a)canonical.com>
-Date: Tue, 17 Jun 2014 12:04:53 -0700
-Subject: [PATCH] cpu: microcode: remove failures when kernel does not have
- newer version (LP: #1322534)
-
-New systems usually have new microcode than kernel does, and
-therefore reporting failures is not correct. This patch changes
-it to report skipped when kernel does not have microcode updates.
-
-Signed-off-by: Alex Hung <alex.hung(a)canonical.com>
-Acked-by: Colin Ian King <colin.king(a)canonical.com>
-Acked-by: Ivan Hu <ivan.hu(a)canonical.com>
----
- src/cpu/microcode/microcode.c | 7 ++-----
- 1 file changed, 2 insertions(+), 5 deletions(-)
-
-diff --git a/src/cpu/microcode/microcode.c b/src/cpu/microcode/microcode.c
-index bf0dd928b6d9..d49316892cd8 100644
---- a/src/cpu/microcode/microcode.c
-+++ b/src/cpu/microcode/microcode.c
-@@ -230,13 +230,10 @@ static int microcode_test1(fwts_framework *fw)
- }
-
- /*
-- * We found the old revision but not a
-- * new revsion, failed
-+ * Kernel does not have newer version than BIOS
- */
- if (info->new_revision == UNKNOWN) {
-- failed++;
-- fwts_failed(fw, LOG_LEVEL_MEDIUM, "MicrocodeNotUpdated",
-- "The kernel did not report that CPU %d has had a microcode update. "
-+ fwts_log_info(fw, "The kernel did not report that CPU %d has had a microcode update. "
- "The current firmware is revision 0x%x and probably has not been updated.",
- cpu, info->old_revision);
- continue;
---
-1.9.3
-
diff --git a/meta-luv/recipes-core/fwts/fwts/0007-securebootcert-report-info-instead-of-failure-for-mi.patch b/meta-luv/recipes-core/fwts/fwts/0007-securebootcert-report-info-instead-of-failure-for-mi.patch
deleted file mode 100644
index a7739a1..0000000
--- a/meta-luv/recipes-core/fwts/fwts/0007-securebootcert-report-info-instead-of-failure-for-mi.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 0a6240d2d3c1dce6b6e156b3d4c92da44442c2cf Mon Sep 17 00:00:00 2001
-From: Ivan Hu <ivan.hu(a)canonical.com>
-Date: Mon, 29 Sep 2014 13:33:09 +0800
-Subject: [PATCH] securebootcert: report info instead of failure for missing DB
- and KEK when secureboot disabled (LP: #1374351 )
-
-When secureboot enabled, it's obverious that something wrong with missing DB and
-KEK variables, failures will be report. When the secureboot disabled and missing
-DB and KEK variables, report the information that the machine is not in
-readiness for secureboot.
-
-Signed-off-by: Ivan Hu <ivan.hu(a)canonical.com>
-Acked-by: Alex Hung <alex.hung(a)canonical.com>
-Acked-by: Colin Ian King <colin.king(a)canonical.com>
----
- src/uefi/securebootcert/securebootcert.c | 22 ++++++++++++++++------
- 1 file changed, 16 insertions(+), 6 deletions(-)
-
-diff --git a/src/uefi/securebootcert/securebootcert.c b/src/uefi/securebootcert/securebootcert.c
-index 53d9e1387759..4fd6cefe956f 100644
---- a/src/uefi/securebootcert/securebootcert.c
-+++ b/src/uefi/securebootcert/securebootcert.c
-@@ -62,6 +62,7 @@ typedef struct _EFI_SIGNATURE_LIST {
- }
-
- static uint8_t var_found;
-+static bool securebooted = false;
-
- static bool compare_guid(EFI_GUID *guid1, uint8_t *guid2)
- {
-@@ -118,6 +119,8 @@ static void securebootcert_secure_boot(fwts_framework *fw, fwts_uefi_var *var, c
- "The secure boot variable data invalid.");
- return;
- }
-+ if (value == 1)
-+ securebooted = true;
- fwts_log_info_verbatum(fw, " Value: 0x%2.2x%s.", value, mode);
- fwts_passed(fw, "Secure boot relative variable %s check passed.", varname);
- }
-@@ -359,12 +362,19 @@ static int securebootcert_test1(fwts_framework *fw)
- if (!(var_found & VAR_SETUPMODE_FOUND))
- fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound",
- "The secure boot variable SetupMode not found.");
-- if (!(var_found & VAR_DB_FOUND))
-- fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound",
-- "The secure boot variable DB not found.");
-- if (!(var_found & VAR_KEK_FOUND))
-- fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound",
-- "The secure boot variable KEK not found.");
-+ if (securebooted) {
-+ if (!(var_found & VAR_DB_FOUND))
-+ fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound",
-+ "The secure boot variable DB not found.");
-+ if (!(var_found & VAR_KEK_FOUND))
-+ fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound",
-+ "The secure boot variable KEK not found.");
-+ } else {
-+ if (!(var_found & VAR_DB_FOUND))
-+ fwts_log_info(fw, "Not in readiness for secureboot, variable DB not found.");
-+ if (!(var_found & VAR_KEK_FOUND))
-+ fwts_log_info(fw, "Not in readiness for secureboot, variable KEK not found.");
-+ }
-
- fwts_uefi_free_variable_names(&name_list);
-
---
-1.9.3
-
diff --git a/meta-luv/recipes-core/fwts/fwts/0008-efi_runtime-Don-t-use-get_user-on-non-pointer.patch b/meta-luv/recipes-core/fwts/fwts/0008-efi_runtime-Don-t-use-get_user-on-non-pointer.patch
deleted file mode 100644
index 1bdd4c5..0000000
--- a/meta-luv/recipes-core/fwts/fwts/0008-efi_runtime-Don-t-use-get_user-on-non-pointer.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 690bee3feb9a4bb290f62255483a646b9aa7b23b Mon Sep 17 00:00:00 2001
-From: Matt Fleming <matt.fleming(a)intel.com>
-Date: Mon, 6 Oct 2014 14:09:10 +0100
-Subject: [PATCH] efi_runtime: Don't use get_user() on non-pointer
-
-We don't need to try to construct a pointer from a structure on the
-stack in order to use get_user(). We can just access it directly.
-
-This fixes an efi_runtime_set_waketime() failure, introduced with commit
-"fwts: Copied the structure from userland locally in kernel space".
-
-Signed-off-by: Matt Fleming <matt.fleming(a)intel.com>
----
- efi_runtime/efi_runtime.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/efi_runtime/efi_runtime.c b/efi_runtime/efi_runtime.c
-index 249f2619ca23..7332d6b090eb 100644
---- a/efi_runtime/efi_runtime.c
-+++ b/efi_runtime/efi_runtime.c
-@@ -397,8 +397,8 @@ static long efi_runtime_set_waketime(unsigned long arg)
- if (copy_from_user(&psetwakeuptime_local, psetwakeuptime, sizeof(psetwakeuptime_local)))
- return -EFAULT;
-
-- if (get_user(enabled, &(psetwakeuptime_local.Enabled)) ||
-- copy_from_user(&efi_time, psetwakeuptime_local.Time, sizeof(EFI_TIME)))
-+ enabled = psetwakeuptime_local.Enabled;
-+ if (copy_from_user(&efi_time, psetwakeuptime_local.Time, sizeof(EFI_TIME)))
- return -EFAULT;
-
- convert_to_efi_time(&eft, &efi_time);
---
-1.9.3
-
diff --git a/meta-luv/recipes-core/fwts/fwts/0009-efi_runtime-limit-the-amount-of-data-copied-to-users.patch b/meta-luv/recipes-core/fwts/fwts/0009-efi_runtime-limit-the-amount-of-data-copied-to-users.patch
deleted file mode 100644
index 1cb64bd..0000000
--- a/meta-luv/recipes-core/fwts/fwts/0009-efi_runtime-limit-the-amount-of-data-copied-to-users.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-From 86f893d46049c2fc684856f7e13018b4bde4ad4e Mon Sep 17 00:00:00 2001
-From: Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com>
-Date: Wed, 31 Dec 2014 12:05:20 -0800
-Subject: [PATCH] efi_runtime: limit the amount of data copied to userspace
-
-The memory used to copy the variable name/data from userspace and back is
-supplied by the userspace. Thus, we must not write beyond the boundaries
-of the supplied memory. Otherwise, problems may arise (e.g., segmentation
-faults). However, the UEFI runtime service functions GetNextVariableName/
-GetVariable can change the size of the memory if, for instance, the
-buffer is too small. The firmware could also be defective.
-
-Hence, only copy to the userspace the variable name/data if the UEFI
-functions return successfully. Also, in case there is a defect in the
-firmware, only copy to the userspace the variable name/data if the needed
-memory is less or equal to what the userspace provide.
-
-Signed-off-by: Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com>
----
- efi_runtime/efi_runtime.c | 18 +++++++++++-------
- 1 file changed, 11 insertions(+), 7 deletions(-)
-
-diff --git a/efi_runtime/efi_runtime.c b/efi_runtime/efi_runtime.c
-index 86fb449..e92a082 100644
---- a/efi_runtime/efi_runtime.c
-+++ b/efi_runtime/efi_runtime.c
-@@ -217,7 +217,7 @@ static long efi_runtime_get_variable(unsigned long arg)
- {
- struct efi_getvariable __user *pgetvariable;
- struct efi_getvariable pgetvariable_local;
-- unsigned long datasize;
-+ unsigned long datasize, prev_datasize;
- EFI_GUID vendor_guid;
- efi_guid_t vendor;
- efi_status_t status;
-@@ -249,11 +249,13 @@ static long efi_runtime_get_variable(unsigned long arg)
- return -ENOMEM;
- }
-
-+ prev_datasize = datasize;
- status = efi.get_variable(name, &vendor, &attr, &datasize, data);
-
- kfree(name);
-
-- rv = copy_to_user(pgetvariable_local.Data, data, datasize);
-+ if (status == EFI_SUCCESS && prev_datasize >= datasize)
-+ rv = copy_to_user(pgetvariable_local.Data, data, datasize);
- kfree(data);
-
- if (rv)
-@@ -261,7 +263,7 @@ static long efi_runtime_get_variable(unsigned long arg)
-
- if (put_user(status, pgetvariable_local.status))
- return -EFAULT;
-- if (status == EFI_SUCCESS) {
-+ if (status == EFI_SUCCESS && prev_datasize >= datasize) {
- if (put_user(attr, pgetvariable_local.Attributes) ||
- put_user(datasize, pgetvariable_local.DataSize))
- return -EFAULT;
-@@ -435,7 +437,7 @@ static long efi_runtime_get_nextvariablename(unsigned long arg)
- {
- struct efi_getnextvariablename __user *pgetnextvariablename;
- struct efi_getnextvariablename pgetnextvariablename_local;
-- unsigned long name_size;
-+ unsigned long name_size, prev_name_size;
- efi_status_t status;
- efi_guid_t vendor;
- EFI_GUID vendor_guid;
-@@ -462,10 +464,12 @@ static long efi_runtime_get_nextvariablename(unsigned long arg)
- if (rv)
- return rv;
-
-+ prev_name_size = name_size;
- status = efi.get_next_variable(&name_size, name, &vendor);
-
-- rv = put_ucs2_len(name, pgetnextvariablename_local.VariableName,
-- name_size);
-+ if (status == EFI_SUCCESS && prev_name_size >= name_size)
-+ rv = put_ucs2_len(name, pgetnextvariablename_local.VariableName,
-+ name_size);
- kfree(name);
-
- if (rv)
-@@ -481,7 +485,7 @@ static long efi_runtime_get_nextvariablename(unsigned long arg)
- if (copy_to_user(pgetnextvariablename_local.VendorGuid,
- &vendor_guid, sizeof(EFI_GUID)))
- return -EFAULT;
-- if (status != EFI_SUCCESS)
-+ if (status != EFI_SUCCESS || name_size > prev_name_size)
- return -EINVAL;
- return 0;
- }
---
-1.9.1
-
diff --git a/meta-luv/recipes-core/fwts/fwts/0010-efi_runtime-get_nextvariable-copy-only-the-needed-na.patch b/meta-luv/recipes-core/fwts/fwts/0010-efi_runtime-get_nextvariable-copy-only-the-needed-na.patch
deleted file mode 100644
index 16f0ccd..0000000
--- a/meta-luv/recipes-core/fwts/fwts/0010-efi_runtime-get_nextvariable-copy-only-the-needed-na.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 47843e674034226daee6549ce50744c27958bb85 Mon Sep 17 00:00:00 2001
-From: Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com>
-Date: Thu, 15 Jan 2015 17:40:13 -0800
-Subject: [PATCH] efi_runtime: get_nextvariable: copy only the needed name
- bytes
-
-We trust the name_size passed by the user_space. Thus, there is not
-need to copy from user more bytes than specified.
-
-Furthermore, this behavior could mask potential problems in the
-firmware: to start traversing the list of variable names, some firmware
-implementations may just blindly check if name[0] is '\0' without
-even checking if the size of the buffer passed by the operating system
-is at least 2 bytes (UEFI variable names are stored in strings of 2-byte
-characters). This behaviour is wrong as the firmware must not access
-memory beyond the name buffer. By providing a 1024-bytes buffer of
-zeroes we allow the name[0] == '\0' to pass, regardless of the size
-of the buffer.
-
-Signed-off-by: Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com>
----
- efi_runtime/efi_runtime.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/efi_runtime/efi_runtime.c b/efi_runtime/efi_runtime.c
-index e3eb4f2..fe5c40d 100644
---- a/efi_runtime/efi_runtime.c
-+++ b/efi_runtime/efi_runtime.c
-@@ -457,7 +457,8 @@ static long efi_runtime_get_nextvariablename(unsigned long arg)
-
- convert_from_guid(&vendor, &vendor_guid);
-
-- rv = get_ucs2_len(&name, pgetnextvariablename_local.VariableName, 1024);
-+ rv = get_ucs2_len(&name, pgetnextvariablename_local.VariableName,
-+ name_size);
- if (rv)
- return rv;
-
---
-1.9.1
-
diff --git a/meta-luv/recipes-core/fwts/fwts/0011-uefirtvariable-allow-large-sizes-for-variable-names.patch b/meta-luv/recipes-core/fwts/fwts/0011-uefirtvariable-allow-large-sizes-for-variable-names.patch
deleted file mode 100644
index 2e064d3..0000000
--- a/meta-luv/recipes-core/fwts/fwts/0011-uefirtvariable-allow-large-sizes-for-variable-names.patch
+++ /dev/null
@@ -1,245 +0,0 @@
-From 39645d13c25b395781234d8aa8376be6a2a38d2c Mon Sep 17 00:00:00 2001
-From: Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com>
-Date: Thu, 15 Jan 2015 18:05:06 -0800
-Subject: [PATCH] uefirtvariable: allow large sizes for variable names
-
-The UEFI specification does not define the maximum length for the
-variable name. Thus, it may happen that some firmware implementations
-have variable names longer than 1024 characters. Rather than limiting
-the maximum size to 1024 characters, set the initial size to 1024 chars
-and enlarge as required.
-
-Signed-off-by: Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com>
----
- efi_runtime/efi_runtime.c | 2 -
- src/uefi/uefirtvariable/uefirtvariable.c | 93 +++++++++++++++++++++++++++++---
- 2 files changed, 85 insertions(+), 10 deletions(-)
-
-diff --git a/efi_runtime/efi_runtime.c b/efi_runtime/efi_runtime.c
-index 33ccfba..4351b18 100644
---- a/efi_runtime/efi_runtime.c
-+++ b/efi_runtime/efi_runtime.c
-@@ -452,8 +452,6 @@ static long efi_runtime_get_nextvariablename(unsigned long arg)
- copy_from_user(&vendor_guid, pgetnextvariablename_local.VendorGuid,
- sizeof(vendor_guid)))
- return -EFAULT;
-- if (name_size > 1024)
-- return -EFAULT;
-
- convert_from_guid(&vendor, &vendor_guid);
-
-diff --git a/src/uefi/uefirtvariable/uefirtvariable.c b/src/uefi/uefirtvariable/uefirtvariable.c
-index 4b32693..ce1f7a3 100644
---- a/src/uefi/uefirtvariable/uefirtvariable.c
-+++ b/src/uefi/uefirtvariable/uefirtvariable.c
-@@ -265,7 +265,8 @@ static int getnextvariable_test1(fwts_framework *fw)
-
- struct efi_getnextvariablename getnextvariablename;
- uint64_t variablenamesize = MAX_DATA_LENGTH;
-- uint16_t variablename[MAX_DATA_LENGTH];
-+ uint64_t maxvariablenamesize = variablenamesize;
-+ uint16_t *variablename;
- EFI_GUID vendorguid;
- bool found_name = false, found_guid = false;
-
-@@ -299,6 +300,11 @@ static int getnextvariable_test1(fwts_framework *fw)
- return FWTS_ERROR;
- }
-
-+ variablename = malloc(sizeof(uint16_t) * variablenamesize);
-+ if (!variablename) {
-+ fwts_skipped(fw, "Unable to alloc memory for variable name");
-+ return FWTS_SKIP;
-+ }
- getnextvariablename.VariableNameSize = &variablenamesize;
- getnextvariablename.VariableName = variablename;
- getnextvariablename.VendorGuid = &vendorguid;
-@@ -310,7 +316,7 @@ static int getnextvariable_test1(fwts_framework *fw)
- */
- variablename[0] = '\0';
- while (true) {
-- variablenamesize = MAX_DATA_LENGTH;
-+ variablenamesize = maxvariablenamesize;
- ioret = ioctl(fd, EFI_RUNTIME_GET_NEXTVARIABLENAME, &getnextvariablename);
-
- if (ioret == -1) {
-@@ -319,6 +325,20 @@ static int getnextvariable_test1(fwts_framework *fw)
- if (*getnextvariablename.status == EFI_NOT_FOUND)
- break;
-
-+ /*
-+ * If the buffer we provided is too small for the name,
-+ * allocate a larger buffer and try again
-+ */
-+ if (*getnextvariablename.status == EFI_BUFFER_TOO_SMALL) {
-+ variablename = realloc(variablename,
-+ sizeof(uint16_t) * variablenamesize);
-+ if (variablename) {
-+ getnextvariablename.VariableName = variablename;
-+ maxvariablenamesize = variablenamesize;
-+ continue;
-+ }
-+ }
-+
- fwts_failed(fw, LOG_LEVEL_HIGH,
- "UEFIRuntimeGetNextVariableName",
- "Failed to get next variable name with UEFI "
-@@ -334,6 +354,12 @@ static int getnextvariable_test1(fwts_framework *fw)
- break;
- };
-
-+ if (variablename) {
-+ free(variablename);
-+ getnextvariablename.VariableName = NULL;
-+ variablename = NULL;
-+ }
-+
- if (!found_name) {
- fwts_failed(fw, LOG_LEVEL_HIGH,
- "UEFIRuntimeGetNextVariableNameName",
-@@ -374,6 +400,9 @@ err_restore_env:
- return FWTS_ERROR;
- }
-
-+ if (variablename)
-+ free(variablename);
-+
- return FWTS_ERROR;
- }
-
-@@ -404,9 +433,16 @@ static int getnextvariable_test2(fwts_framework *fw)
-
- struct efi_getnextvariablename getnextvariablename;
- uint64_t variablenamesize = MAX_DATA_LENGTH;
-- uint16_t variablename[MAX_DATA_LENGTH];
-+ uint64_t maxvariablenamesize = variablenamesize;
-+ uint16_t *variablename;
- EFI_GUID vendorguid;
-
-+ variablename = malloc(sizeof(uint16_t) * variablenamesize);
-+ if (!variablename) {
-+ fwts_skipped(fw, "Unable to alloc memory for variable name");
-+ return FWTS_SKIP;
-+ }
-+
- getnextvariablename.VariableNameSize = &variablenamesize;
- getnextvariablename.VariableName = variablename;
- getnextvariablename.VendorGuid = &vendorguid;
-@@ -418,7 +454,7 @@ static int getnextvariable_test2(fwts_framework *fw)
- */
- variablename[0] = '\0';
- while (true) {
-- variablenamesize = MAX_DATA_LENGTH;
-+ variablenamesize = maxvariablenamesize;
- ioret = ioctl(fd, EFI_RUNTIME_GET_NEXTVARIABLENAME, &getnextvariablename);
-
- if (ioret == -1) {
-@@ -426,6 +462,19 @@ static int getnextvariable_test2(fwts_framework *fw)
- /* no next variable was found*/
- if (*getnextvariablename.status == EFI_NOT_FOUND)
- break;
-+ /*
-+ * If the buffer we provided is too small for the name,
-+ * allocate a larger buffer and try again
-+ */
-+ if (*getnextvariablename.status == EFI_BUFFER_TOO_SMALL) {
-+ variablename = realloc(variablename,
-+ sizeof(uint16_t) * variablenamesize);
-+ if (variablename) {
-+ getnextvariablename.VariableName = variablename;
-+ maxvariablenamesize = variablenamesize;
-+ continue;
-+ }
-+ }
-
- fwts_failed(fw, LOG_LEVEL_HIGH,
- "UEFIRuntimeGetNextVariableName",
-@@ -435,17 +484,20 @@ static int getnextvariable_test2(fwts_framework *fw)
- goto err;
- }
-
-- if (variablenamesize != MAX_DATA_LENGTH &&
-- !strlen_valid(variablename, variablenamesize)) {
-+ if (!strlen_valid(variablename, variablenamesize)) {
- fwts_warning(fw, "UEFIRuntimeGetNextVariableName "
- "Unexpected variable name size returned.");
- goto err;
- }
- };
-
-+ if (variablename)
-+ free(variablename);
- return FWTS_OK;
-
- err:
-+ if (variablename)
-+ free(variablename);
- return FWTS_ERROR;
- }
-
-@@ -533,9 +585,16 @@ static int getnextvariable_test3(fwts_framework *fw)
-
- struct efi_getnextvariablename getnextvariablename;
- uint64_t variablenamesize = MAX_DATA_LENGTH;
-- uint16_t variablename[MAX_DATA_LENGTH];
-+ uint64_t maxvariablenamesize = variablenamesize;
-+ uint16_t *variablename;
- EFI_GUID vendorguid;
-
-+ variablename = malloc(sizeof(uint16_t) * variablenamesize);
-+ if (!variablename) {
-+ fwts_skipped(fw, "Unable to alloc memory for variable name");
-+ return FWTS_SKIP;
-+ }
-+
- getnextvariablename.VariableNameSize = &variablenamesize;
- getnextvariablename.VariableName = variablename;
- getnextvariablename.VendorGuid = &vendorguid;
-@@ -549,7 +608,7 @@ static int getnextvariable_test3(fwts_framework *fw)
- while (true) {
- struct efi_var_item *item;
-
-- variablenamesize = MAX_DATA_LENGTH;
-+ variablenamesize = maxvariablenamesize;
- ioret = ioctl(fd, EFI_RUNTIME_GET_NEXTVARIABLENAME, &getnextvariablename);
-
- if (ioret == -1) {
-@@ -558,6 +617,20 @@ static int getnextvariable_test3(fwts_framework *fw)
- if (*getnextvariablename.status == EFI_NOT_FOUND)
- break;
-
-+ /*
-+ * if the buffer we provided is too small for the name,
-+ * allocate a larger buffer and try again
-+ */
-+ if (*getnextvariablename.status == EFI_BUFFER_TOO_SMALL) {
-+ variablename = realloc(variablename,
-+ sizeof(uint16_t) * variablenamesize);
-+ if (variablename) {
-+ getnextvariablename.VariableName = variablename;
-+ maxvariablenamesize = variablenamesize;
-+ continue;
-+ }
-+ }
-+
- fwts_failed(fw, LOG_LEVEL_HIGH,
- "UEFIRuntimeGetNextVariableName",
- "Failed to get next variable name with UEFI "
-@@ -602,10 +675,14 @@ static int getnextvariable_test3(fwts_framework *fw)
- };
-
- bucket_destroy();
-+ if (variablename)
-+ free(variablename);
- return FWTS_OK;
-
- err:
- bucket_destroy();
-+ if (variablename)
-+ free(variablename);
- return FWTS_ERROR;
- }
-
---
-1.9.1
-
diff --git a/meta-luv/recipes-core/fwts/fwts_git.bb b/meta-luv/recipes-core/fwts/fwts_git.bb
index 1e11c70..517655d 100644
--- a/meta-luv/recipes-core/fwts/fwts_git.bb
+++ b/meta-luv/recipes-core/fwts/fwts_git.bb
@@ -2,32 +2,24 @@ SUMMARY = "Firmware testsuite"
DESCRIPTION = "The tool fwts comprises of tests that are designed to exercise BIOS, these need access to read BIOS data and ACPI tables"
HOMEPAGE = "https://wiki.ubuntu.com/Kernel/Reference/fwts"
LICENSE = "GPLv2+"
-LIC_FILES_CHKSUM = "file://src/main.c;beginline=1;endline=16;md5=deb8af5388e838d133eaa036f4d1496f"
+LIC_FILES_CHKSUM = "file://src/main.c;beginline=1;endline=16;md5=9bd929284041f05a42b0b6a7b1864a31"
-PV = "14.03.01+git${SRCPV}"
+PV = "15.03.00+git${SRCPV}"
-SRCREV = "8ec44dc1e55ecf334f4afa8eed8795ed5776c396"
+SRCREV = "0c7719f699d1bad94385a887d3da78aa5ed558a9"
SRC_URI = "git://kernel.ubuntu.com/hwe/fwts.git \
file://luv-parser-fwts \
- file://0001-efi_runtime-Set-default-value-for-KVER.patch \
- file://0002-efi_runtime-Refactor-ioctl-code-into-helper-function.patch \
- file://0003-efi_runtime-Group-kernel-version-dependent-functions.patch \
- file://0004-efi_runtime-Do-not-pass-user-addresses-to-firmware.patch \
- file://0005-efi_runtime-donot-dereference-user-address.patch \
- file://0006-cpu-microcode-remove-failures-when-kernel-does-not-h.patch \
- file://0007-securebootcert-report-info-instead-of-failure-for-mi.patch \
- file://0008-efi_runtime-Don-t-use-get_user-on-non-pointer.patch \
- file://0009-efi_runtime-limit-the-amount-of-data-copied-to-users.patch \
- file://0010-efi_runtime-get_nextvariable-copy-only-the-needed-na.patch \
- file://0011-uefirtvariable-allow-large-sizes-for-variable-names.patch \
+ file://0001-efi_runtime-ensure-we-don-t-allocate-a-zero-byte-buf.patch \
"
S = "${WORKDIR}/git"
DEPENDS = "autoconf automake libtool libpcre json-c flex bison \
- virtual/kernel "
+ virtual/kernel glib-2.0"
inherit autotools-brokensep luv-test module-base
+CFLAGS += "-I${STAGING_INCDIR}/json"
+
do_unpack[depends] += "virtual/kernel:do_populate_sysroot"
do_compile_append() {
--
1.7.9.5
7 years, 2 months
- 1
- 0
[Luv PATCH v3 0/9] luvOS support for ARM64
by Naresh Bhat
A set of patches which will help to build and run luvOS distribution for aarch64 architecture.
With this set you can build and run the luvOS distribution for genericarmv8 machine.
I have verified the luvOS distribution on ARM64 FVP base model.
The flow of luvOS distribution on arm64 architecture
<boot> -> <upstream GRUB> -> leg-kernel with ACPI support -> efivarfs -> fwts -> kernel-efi-warnings -> <DONE>
Instructions and logs visit
Linaro wiki - https://wiki.linaro.org/LEG/Engineering/luvOS
Git repository - https://git.linaro.org/people/naresh.bhat/luvOS/luv-yocto.git
Changes since V0:[RFC series]
- Add all the comments from Matt Fleming on RFC series
- Rebase all patches on top of v1.2-rc3-dizzy
- cherry pick few patches from upstream
- Drop all the unnecessary aarch64 patches
Changes since V1:[series]
- Rebase all patches on top of v1.2-rc4
- Modify grub_git.bb recipe so that it can be built for both native and non-native architecture
- Update leg-kernel defconfig file
- Skip syslinux package for aarch64 build
- Skip ISO image build for aarch64
- Address Matt Fleming comments on bootimg bbclass. Modify the class to support aarch64/x86_64/i386 architecture
- Update FWTS version to 15.01.00
- Define bootimg dependency in luv-efi bbclass for aarch64 (i.e. grub)
Changes since V2:[series]
- Add more description on patches.
- Include changes suggested by Graeme, Matt Fleming, Bernhard Reutner-Fischer and Burton Ross on grub_git.bb
- Update FWTS version 15.03.00
Naresh Bhat (9):
aarch64: Add genericarmv8 machine configuration file
leg-kernel: Update leg kernel config
fwts : Upgrade to version 15.03.00
luv-efi: Define bootimg dependency
bootimg: Add support to install Image
syslinux: Remove bootimg dependency for aarch64
bootimg: Skip iso image build for aarch64
grub: Update grub git recipe
grub-efi: Impliment switch case to install GRUB_IMAGE
meta-luv/classes/luv-efi.bbclass | 11 +-
...01-efi_runtime-Set-default-value-for-KVER.patch | 27 -
...-Refactor-ioctl-code-into-helper-function.patch | 506 -------
...-Group-kernel-version-dependent-functions.patch | 99 --
...me-Do-not-pass-user-addresses-to-firmware.patch | 374 -----
...fi_runtime-donot-dereference-user-address.patch | 444 ------
...de-remove-failures-when-kernel-does-not-h.patch | 40 -
...ert-report-info-instead-of-failure-for-mi.patch | 68 -
...runtime-Don-t-use-get_user-on-non-pointer.patch | 34 -
...-limit-the-amount-of-data-copied-to-users.patch | 95 --
...-get_nextvariable-copy-only-the-needed-na.patch | 41 -
...able-allow-large-sizes-for-variable-names.patch | 245 ----
meta-luv/recipes-core/fwts/fwts_git.bb | 21 +-
meta-luv/recipes-kernel/linux/leg-kernel/defconfig | 1510 ++++++++++++++------
meta/classes/bootimg.bbclass | 17 +-
meta/classes/grub-efi.bbclass | 20 +-
meta/classes/syslinux.bbclass | 11 +-
meta/conf/machine/genericarmv8.conf | 16 +
meta/conf/machine/genericarmv8b.conf | 6 +
meta/conf/machine/include/arm64/arch-armv8.inc | 20 +
meta/recipes-bsp/grub/grub_git.bb | 48 +-
21 files changed, 1233 insertions(+), 2420 deletions(-)
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0001-efi_runtime-Set-default-value-for-KVER.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0002-efi_runtime-Refactor-ioctl-code-into-helper-function.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0003-efi_runtime-Group-kernel-version-dependent-functions.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0004-efi_runtime-Do-not-pass-user-addresses-to-firmware.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0005-efi_runtime-donot-dereference-user-address.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0006-cpu-microcode-remove-failures-when-kernel-does-not-h.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0007-securebootcert-report-info-instead-of-failure-for-mi.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0008-efi_runtime-Don-t-use-get_user-on-non-pointer.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0009-efi_runtime-limit-the-amount-of-data-copied-to-users.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0010-efi_runtime-get_nextvariable-copy-only-the-needed-na.patch
delete mode 100644 meta-luv/recipes-core/fwts/fwts/0011-uefirtvariable-allow-large-sizes-for-variable-names.patch
create mode 100644 meta/conf/machine/genericarmv8.conf
create mode 100644 meta/conf/machine/genericarmv8b.conf
create mode 100644 meta/conf/machine/include/arm64/arch-armv8.inc
--
1.7.9.5
7 years, 2 months
- 1
- 9
[FWTS] Firmware Test Suite 15.03.00 is released
by ivanhu
Hi all:
FWTS 15.03.00 is released. It is available from:
Tar:http://fwts.ubuntu.com/release/fwts-V15.03.00.tar.gz
PPA:https://launchpad.net/~firmware-testing-team/+archive/ubuntu/ppa-fwts...
The release notes is available at
https://wiki.ubuntu.com/FirmwareTestSuite/ReleaseNotes/15.03.00
= New Features =
* lib: fwts_framework: add --show-tests-categories option (LP: #1415953)
* ACPICA: Update to use ACPICA version 20150204 (LP:#1418453)
* dmicheck: support smbios check for version 2.8.0 (LP: #1418869)
= Fixed Bugs =
* efi: uefirtvariable: fix build error on Ubuntu Precise
* lib: fwts_acpi_tables: fix logcal/bit-wise & thinko
* lib: fwts_framework: use strtok instead of strtok_r
* uefirtauthvar: missing return error when mismatch size of set/get test data
* dmicheck: fix the range of Interface Type on Type38 (LP: #1416092)
* efi_runtime: do not dereference userspace pointers from strings
* efi_runtime: do not access userspace addresses directly
* efi_runtime: limit the amount of data copied to userspace
* efi_runtime: get_nextvariable: copy only the needed name bytes
* uefirtvariable: allow large sizes for variable names
* efi_runtime: handle memory errors when setting variables
= Known Issues =
* build fail on lucid
= Detailed Changelog =
Please check /usr/share/doc/fwts/changelog.Debian.gz or fwts-15.03.00-0ubuntu1.debian.tar.gz from https://launchpad.net/ubuntu/+source/fwts
7 years, 2 months
- 3
- 3