1 // SPDX-License-Identifier: GPL-2.0+
3 * Originally from efivars.c
5 * Copyright (C) 2001,2003,2004 Dell <Matt_Domsch@dell.com>
6 * Copyright (C) 2004 Intel Corporation <matthew.e.tolentino@intel.com>
9 #include <linux/capability.h>
10 #include <linux/types.h>
11 #include <linux/errno.h>
12 #include <linux/init.h>
14 #include <linux/module.h>
15 #include <linux/string.h>
16 #include <linux/smp.h>
17 #include <linux/efi.h>
18 #include <linux/device.h>
19 #include <linux/slab.h>
20 #include <linux/ctype.h>
21 #include <linux/ucs2_string.h>
25 MODULE_IMPORT_NS(EFIVAR
);
28 validate_device_path(efi_char16_t
*var_name
, int match
, u8
*buffer
,
31 struct efi_generic_dev_path
*node
;
34 node
= (struct efi_generic_dev_path
*)buffer
;
36 if (len
< sizeof(*node
))
39 while (offset
<= len
- sizeof(*node
) &&
40 node
->length
>= sizeof(*node
) &&
41 node
->length
<= len
- offset
) {
42 offset
+= node
->length
;
44 if ((node
->type
== EFI_DEV_END_PATH
||
45 node
->type
== EFI_DEV_END_PATH2
) &&
46 node
->sub_type
== EFI_DEV_END_ENTIRE
)
49 node
= (struct efi_generic_dev_path
*)(buffer
+ offset
);
53 * If we're here then either node->length pointed past the end
54 * of the buffer or we reached the end of the buffer without
55 * finding a device path end node.
61 validate_boot_order(efi_char16_t
*var_name
, int match
, u8
*buffer
,
64 /* An array of 16-bit integers */
72 validate_load_option(efi_char16_t
*var_name
, int match
, u8
*buffer
,
76 int i
, desclength
= 0, namelen
;
78 namelen
= ucs2_strnlen(var_name
, EFI_VAR_NAME_LEN
);
80 /* Either "Boot" or "Driver" followed by four digits of hex */
81 for (i
= match
; i
< match
+4; i
++) {
82 if (var_name
[i
] > 127 ||
83 hex_to_bin(var_name
[i
] & 0xff) < 0)
87 /* Reject it if there's 4 digits of hex and then further content */
88 if (namelen
> match
+ 4)
91 /* A valid entry must be at least 8 bytes */
95 filepathlength
= buffer
[4] | buffer
[5] << 8;
98 * There's no stored length for the description, so it has to be
101 desclength
= ucs2_strsize((efi_char16_t
*)(buffer
+ 6), len
- 6) + 2;
103 /* Each boot entry must have a descriptor */
108 * If the sum of the length of the description, the claimed filepath
109 * length and the original header are greater than the length of the
110 * variable, it's malformed
112 if ((desclength
+ filepathlength
+ 6) > len
)
116 * And, finally, check the filepath
118 return validate_device_path(var_name
, match
, buffer
+ desclength
+ 6,
123 validate_uint16(efi_char16_t
*var_name
, int match
, u8
*buffer
,
126 /* A single 16-bit integer */
134 validate_ascii_string(efi_char16_t
*var_name
, int match
, u8
*buffer
,
139 for (i
= 0; i
< len
; i
++) {
150 struct variable_validate
{
153 bool (*validate
)(efi_char16_t
*var_name
, int match
, u8
*data
,
158 * This is the list of variables we need to validate, as well as the
159 * whitelist for what we think is safe not to default to immutable.
161 * If it has a validate() method that's not NULL, it'll go into the
162 * validation routine. If not, it is assumed valid, but still used for
165 * Note that it's sorted by {vendor,name}, but globbed names must come after
166 * any other name with the same prefix.
168 static const struct variable_validate variable_validate
[] = {
169 { EFI_GLOBAL_VARIABLE_GUID
, "BootNext", validate_uint16
},
170 { EFI_GLOBAL_VARIABLE_GUID
, "BootOrder", validate_boot_order
},
171 { EFI_GLOBAL_VARIABLE_GUID
, "Boot*", validate_load_option
},
172 { EFI_GLOBAL_VARIABLE_GUID
, "DriverOrder", validate_boot_order
},
173 { EFI_GLOBAL_VARIABLE_GUID
, "Driver*", validate_load_option
},
174 { EFI_GLOBAL_VARIABLE_GUID
, "ConIn", validate_device_path
},
175 { EFI_GLOBAL_VARIABLE_GUID
, "ConInDev", validate_device_path
},
176 { EFI_GLOBAL_VARIABLE_GUID
, "ConOut", validate_device_path
},
177 { EFI_GLOBAL_VARIABLE_GUID
, "ConOutDev", validate_device_path
},
178 { EFI_GLOBAL_VARIABLE_GUID
, "ErrOut", validate_device_path
},
179 { EFI_GLOBAL_VARIABLE_GUID
, "ErrOutDev", validate_device_path
},
180 { EFI_GLOBAL_VARIABLE_GUID
, "Lang", validate_ascii_string
},
181 { EFI_GLOBAL_VARIABLE_GUID
, "OsIndications", NULL
},
182 { EFI_GLOBAL_VARIABLE_GUID
, "PlatformLang", validate_ascii_string
},
183 { EFI_GLOBAL_VARIABLE_GUID
, "Timeout", validate_uint16
},
184 { LINUX_EFI_CRASH_GUID
, "*", NULL
},
185 { NULL_GUID
, "", NULL
},
189 * Check if @var_name matches the pattern given in @match_name.
191 * @var_name: an array of @len non-NUL characters.
192 * @match_name: a NUL-terminated pattern string, optionally ending in "*". A
193 * final "*" character matches any trailing characters @var_name,
194 * including the case when there are none left in @var_name.
195 * @match: on output, the number of non-wildcard characters in @match_name
196 * that @var_name matches, regardless of the return value.
197 * @return: whether @var_name fully matches @match_name.
200 variable_matches(const char *var_name
, size_t len
, const char *match_name
,
203 for (*match
= 0; ; (*match
)++) {
204 char c
= match_name
[*match
];
208 /* Wildcard in @match_name means we've matched. */
212 /* @match_name has ended. Has @var_name too? */
213 return (*match
== len
);
217 * We've reached a non-wildcard char in @match_name.
218 * Continue only if there's an identical character in
221 if (*match
< len
&& c
== var_name
[*match
])
229 efivar_validate(efi_guid_t vendor
, efi_char16_t
*var_name
, u8
*data
,
230 unsigned long data_size
)
233 unsigned long utf8_size
;
236 utf8_size
= ucs2_utf8size(var_name
);
237 utf8_name
= kmalloc(utf8_size
+ 1, GFP_KERNEL
);
241 ucs2_as_utf8(utf8_name
, var_name
, utf8_size
);
242 utf8_name
[utf8_size
] = '\0';
244 for (i
= 0; variable_validate
[i
].name
[0] != '\0'; i
++) {
245 const char *name
= variable_validate
[i
].name
;
248 if (efi_guidcmp(vendor
, variable_validate
[i
].vendor
))
251 if (variable_matches(utf8_name
, utf8_size
+1, name
, &match
)) {
252 if (variable_validate
[i
].validate
== NULL
)
255 return variable_validate
[i
].validate(var_name
, match
,
264 efivar_variable_is_removable(efi_guid_t vendor
, const char *var_name
,
272 * Check if our variable is in the validated variables list
274 for (i
= 0; variable_validate
[i
].name
[0] != '\0'; i
++) {
275 if (efi_guidcmp(variable_validate
[i
].vendor
, vendor
))
278 if (variable_matches(var_name
, len
,
279 variable_validate
[i
].name
, &match
)) {
286 * If it's in our list, it is removable.
291 static bool variable_is_present(efi_char16_t
*variable_name
, efi_guid_t
*vendor
,
292 struct list_head
*head
)
294 struct efivar_entry
*entry
, *n
;
295 unsigned long strsize1
, strsize2
;
298 strsize1
= ucs2_strsize(variable_name
, EFI_VAR_NAME_LEN
);
299 list_for_each_entry_safe(entry
, n
, head
, list
) {
300 strsize2
= ucs2_strsize(entry
->var
.VariableName
, EFI_VAR_NAME_LEN
);
301 if (strsize1
== strsize2
&&
302 !memcmp(variable_name
, &(entry
->var
.VariableName
),
304 !efi_guidcmp(entry
->var
.VendorGuid
,
314 * Returns the size of variable_name, in bytes, including the
315 * terminating NULL character, or variable_name_size if no NULL
316 * character is found among the first variable_name_size bytes.
318 static unsigned long var_name_strnsize(efi_char16_t
*variable_name
,
319 unsigned long variable_name_size
)
325 * The variable name is, by definition, a NULL-terminated
326 * string, so make absolutely sure that variable_name_size is
327 * the value we expect it to be. If not, return the real size.
329 for (len
= 2; len
<= variable_name_size
; len
+= sizeof(c
)) {
330 c
= variable_name
[(len
/ sizeof(c
)) - 1];
335 return min(len
, variable_name_size
);
339 * Print a warning when duplicate EFI variables are encountered and
340 * disable the sysfs workqueue since the firmware is buggy.
342 static void dup_variable_bug(efi_char16_t
*str16
, efi_guid_t
*vendor_guid
,
345 size_t i
, len8
= len16
/ sizeof(efi_char16_t
);
348 str8
= kzalloc(len8
, GFP_KERNEL
);
352 for (i
= 0; i
< len8
; i
++)
355 printk(KERN_WARNING
"efivars: duplicate variable: %s-%pUl\n",
361 * efivar_init - build the initial list of EFI variables
362 * @func: callback function to invoke for every variable
363 * @data: function-specific data to pass to @func
364 * @head: initialised head of variable list
366 * Get every EFI variable from the firmware and invoke @func. @func
367 * should call efivar_entry_add() to build the list of variables.
369 * Returns 0 on success, or a kernel error code on failure.
371 int efivar_init(int (*func
)(efi_char16_t
*, efi_guid_t
, unsigned long, void *,
373 void *data
, struct list_head
*head
)
375 unsigned long variable_name_size
= 512;
376 efi_char16_t
*variable_name
;
378 efi_guid_t vendor_guid
;
381 variable_name
= kzalloc(variable_name_size
, GFP_KERNEL
);
382 if (!variable_name
) {
383 printk(KERN_ERR
"efivars: Memory allocation failed.\n");
392 * A small set of old UEFI implementations reject sizes
393 * above a certain threshold, the lowest seen in the wild
398 variable_name_size
= 512;
399 BUILD_BUG_ON(EFI_VAR_NAME_LEN
< 512);
401 status
= efivar_get_next_variable(&variable_name_size
,
406 variable_name_size
= var_name_strnsize(variable_name
,
410 * Some firmware implementations return the
411 * same variable name on multiple calls to
412 * get_next_variable(). Terminate the loop
413 * immediately as there is no guarantee that
414 * we'll ever see a different variable name,
415 * and may end up looping here forever.
417 if (variable_is_present(variable_name
, &vendor_guid
,
419 dup_variable_bug(variable_name
, &vendor_guid
,
421 status
= EFI_NOT_FOUND
;
423 err
= func(variable_name
, vendor_guid
,
424 variable_name_size
, data
, head
);
426 status
= EFI_NOT_FOUND
;
429 case EFI_UNSUPPORTED
:
431 status
= EFI_NOT_FOUND
;
435 case EFI_BUFFER_TOO_SMALL
:
436 pr_warn("efivars: Variable name size exceeds maximum (%lu > 512)\n",
438 status
= EFI_NOT_FOUND
;
441 pr_warn("efivars: get_next_variable: status=%lx\n", status
);
442 status
= EFI_NOT_FOUND
;
446 } while (status
!= EFI_NOT_FOUND
);
450 kfree(variable_name
);
456 * efivar_entry_add - add entry to variable list
457 * @entry: entry to add to list
460 * Returns 0 on success, or a kernel error code on failure.
462 int efivar_entry_add(struct efivar_entry
*entry
, struct list_head
*head
)
469 list_add(&entry
->list
, head
);
476 * __efivar_entry_add - add entry to variable list
477 * @entry: entry to add to list
480 void __efivar_entry_add(struct efivar_entry
*entry
, struct list_head
*head
)
482 list_add(&entry
->list
, head
);
486 * efivar_entry_remove - remove entry from variable list
487 * @entry: entry to remove from list
489 * Returns 0 on success, or a kernel error code on failure.
491 void efivar_entry_remove(struct efivar_entry
*entry
)
493 list_del(&entry
->list
);
497 * efivar_entry_list_del_unlock - remove entry from variable list
498 * @entry: entry to remove
500 * Remove @entry from the variable list and release the list lock.
502 * NOTE: slightly weird locking semantics here - we expect to be
503 * called with the efivars lock already held, and we release it before
504 * returning. This is because this function is usually called after
505 * set_variable() while the lock is still held.
507 static void efivar_entry_list_del_unlock(struct efivar_entry
*entry
)
509 list_del(&entry
->list
);
514 * efivar_entry_delete - delete variable and remove entry from list
515 * @entry: entry containing variable to delete
517 * Delete the variable from the firmware and remove @entry from the
518 * variable list. It is the caller's responsibility to free @entry
521 * Returns 0 on success, -EINTR if we can't grab the semaphore,
522 * converted EFI status code if set_variable() fails.
524 int efivar_entry_delete(struct efivar_entry
*entry
)
533 status
= efivar_set_variable_locked(entry
->var
.VariableName
,
534 &entry
->var
.VendorGuid
,
536 if (!(status
== EFI_SUCCESS
|| status
== EFI_NOT_FOUND
)) {
538 return efi_status_to_err(status
);
541 efivar_entry_list_del_unlock(entry
);
546 * efivar_entry_size - obtain the size of a variable
547 * @entry: entry for this variable
548 * @size: location to store the variable's size
550 int efivar_entry_size(struct efivar_entry
*entry
, unsigned long *size
)
561 status
= efivar_get_variable(entry
->var
.VariableName
,
562 &entry
->var
.VendorGuid
, NULL
, size
, NULL
);
565 if (status
!= EFI_BUFFER_TOO_SMALL
)
566 return efi_status_to_err(status
);
572 * __efivar_entry_get - call get_variable()
573 * @entry: read data for this variable
574 * @attributes: variable attributes
575 * @size: size of @data buffer
576 * @data: buffer to store variable data
578 * The caller MUST call efivar_entry_iter_begin() and
579 * efivar_entry_iter_end() before and after the invocation of this
580 * function, respectively.
582 int __efivar_entry_get(struct efivar_entry
*entry
, u32
*attributes
,
583 unsigned long *size
, void *data
)
587 status
= efivar_get_variable(entry
->var
.VariableName
,
588 &entry
->var
.VendorGuid
,
589 attributes
, size
, data
);
591 return efi_status_to_err(status
);
595 * efivar_entry_get - call get_variable()
596 * @entry: read data for this variable
597 * @attributes: variable attributes
598 * @size: size of @data buffer
599 * @data: buffer to store variable data
601 int efivar_entry_get(struct efivar_entry
*entry
, u32
*attributes
,
602 unsigned long *size
, void *data
)
609 err
= __efivar_entry_get(entry
, attributes
, size
, data
);
616 * efivar_entry_set_get_size - call set_variable() and get new size (atomic)
617 * @entry: entry containing variable to set and get
618 * @attributes: attributes of variable to be written
619 * @size: size of data buffer
620 * @data: buffer containing data to write
621 * @set: did the set_variable() call succeed?
623 * This is a pretty special (complex) function. See efivarfs_file_write().
625 * Atomically call set_variable() for @entry and if the call is
626 * successful, return the new size of the variable from get_variable()
627 * in @size. The success of set_variable() is indicated by @set.
629 * Returns 0 on success, -EINVAL if the variable data is invalid,
630 * -ENOSPC if the firmware does not have enough available space, or a
631 * converted EFI status code if either of set_variable() or
632 * get_variable() fail.
634 * If the EFI variable does not exist when calling set_variable()
635 * (EFI_NOT_FOUND), @entry is removed from the variable list.
637 int efivar_entry_set_get_size(struct efivar_entry
*entry
, u32 attributes
,
638 unsigned long *size
, void *data
, bool *set
)
640 efi_char16_t
*name
= entry
->var
.VariableName
;
641 efi_guid_t
*vendor
= &entry
->var
.VendorGuid
;
647 if (efivar_validate(*vendor
, name
, data
, *size
) == false)
651 * The lock here protects the get_variable call, the conditional
652 * set_variable call, and removal of the variable from the efivars
653 * list (in the case of an authenticated delete).
659 status
= efivar_set_variable_locked(name
, vendor
, attributes
, *size
,
661 if (status
!= EFI_SUCCESS
) {
662 err
= efi_status_to_err(status
);
669 * Writing to the variable may have caused a change in size (which
670 * could either be an append or an overwrite), or the variable to be
671 * deleted. Perform a GetVariable() so we can tell what actually
675 status
= efivar_get_variable(entry
->var
.VariableName
,
676 &entry
->var
.VendorGuid
,
679 if (status
== EFI_NOT_FOUND
)
680 efivar_entry_list_del_unlock(entry
);
684 if (status
&& status
!= EFI_BUFFER_TOO_SMALL
)
685 return efi_status_to_err(status
);
696 * efivar_entry_iter - iterate over variable list
697 * @func: callback function
698 * @head: head of variable list
699 * @data: function-specific data to pass to callback
701 * Iterate over the list of EFI variables and call @func with every
702 * entry on the list. It is safe for @func to remove entries in the
703 * list via efivar_entry_delete() while iterating.
705 * Some notes for the callback function:
706 * - a non-zero return value indicates an error and terminates the loop
707 * - @func is called from atomic context
709 int efivar_entry_iter(int (*func
)(struct efivar_entry
*, void *),
710 struct list_head
*head
, void *data
)
712 struct efivar_entry
*entry
, *n
;
719 list_for_each_entry_safe(entry
, n
, head
, list
) {
720 err
= func(entry
, data
);