Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp1736036rwd; Fri, 9 Jun 2023 01:05:58 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5dyuLo5VrsBYykpYzSqlpGQBz/AJEcZC/SMCHWUeh4SN1GRXI9SXGJg3d2/4hwlzpwKQec X-Received: by 2002:a05:6a20:8413:b0:102:7c37:aef2 with SMTP id c19-20020a056a20841300b001027c37aef2mr361236pzd.58.1686297957642; Fri, 09 Jun 2023 01:05:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686297957; cv=none; d=google.com; s=arc-20160816; b=Jm+SgLp4obWvE9MZRBc+Xo4XFObasQRR5q+IwAcF2q5Tk1aJ5QEIttG6G9763AcZjd FnFQdfcZRYaA8aGzp+mLHLBurfRW8XBsEZM+PrrvHnfwC+seSqIJgd5+Sb7K6ph2Q7XD 2M7ia+Kt4MDhUVjWg+Co+b/RzMsbotwMODIBENvSc/d9XNiLXkiZkYkSapwDgWUH26+V v/gYUraGikaCFBR0D9MftmvYdtmCd2aY5xDdLTpvwmNrGN7SihNXjgL89AjZy4sA6OLl HfTSFkAga/Bf5yuzQbonXnNjJNovTMSeAJzMRHPlFs21U3X4UgoErPWrVqIsj2sSe8mE 8xBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=06aLnWhJdy0R77EsY3W61qYT6aLBj8zgctJ+CoIkn7k=; b=O1VL5FsJjbUaSYGMJn17RGkcnQbXT4aomVG24fhyvIcNtdca+u5jDekdsggP9Q6p5x HvDmhDlimccybTmWYmm7LuirsuiEFZ87sJtjpL2tvyHGZ6Xqq7Y1FJ/MbFmAyrVhT2EY ufT+2dECkAq3XbHRtGxKXVOXlQ7whgKQwQaWmS8N3dvmQSu8CWoJOwk2V9MfhZNzIidq j0x1e8sBDmDc2e3n5De8z26EYb/VJ2JFEbPcKPiUwnAqplzGLnkLa/UO3boDHRFlZDWm qV/P+y53BSLY2MVXomZUVFN0LlHYfDXQ1XJC9vuNQVEmDG8eORVNWOMRDQe0L3F/Ono1 KH2w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=dROKAMlm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z29-20020aa7991d000000b005a8b856ad47si2113156pff.7.2023.06.09.01.05.44; Fri, 09 Jun 2023 01:05:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=dROKAMlm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239414AbjFIIDD (ORCPT + 99 others); Fri, 9 Jun 2023 04:03:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38992 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239995AbjFIICr (ORCPT ); Fri, 9 Jun 2023 04:02:47 -0400 Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6806C46B6 for ; Fri, 9 Jun 2023 01:01:00 -0700 (PDT) Received: by mail-lj1-x234.google.com with SMTP id 38308e7fff4ca-2b1adf27823so16009181fa.2 for ; Fri, 09 Jun 2023 01:01:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686297642; x=1688889642; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=06aLnWhJdy0R77EsY3W61qYT6aLBj8zgctJ+CoIkn7k=; b=dROKAMlm60dMt/sFOkYwFrndwAc6rtu/0Fsi8H2vVIhFFlPPnHLqTyV6+5WR4qRGCs MZIxKJdOeDfJJbhVmU1yfSJqZ93i+//1HfRt78TXb5NsuXDnYerwmGazjylxknO4ngV3 YQJrrK17lzV2vSArB10Qpm7bFBSuZPemXs0f9v7Eg/wfYNvy/JfHNHGhIwgCYEdTVMMy cHOiELFspxfchQ8ZGuO0JXiQSaHgFFCuV4PE9nQthctMS5/O6HrIwQ9zVe4QlNOqvEG5 Nh74xoUGA+nt7G4PaZr++YqJQ9EJkYcy5fghSF3w7TLwttexeZ/JYzBBA8Z+PrQ/daNC +CbA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686297642; x=1688889642; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=06aLnWhJdy0R77EsY3W61qYT6aLBj8zgctJ+CoIkn7k=; b=hc13a4TapMPG2UFAvG0PSpo3l/kwyBJfoewbBC1/iHc8llI59z0BNSasdlvFgkCx5x ZiUdFgCQezQ2d36zLDrcTviMEGDPufinHyZ0qFNpCiPiNVUmYUWxftNTCXeZN8trDgc2 0YqynX5397Faw+Q79Q2N6RvEpgJR9YVMU8VirrDMLnGtgsfI5FDBO0bXezPoJQOptypF 1gvcSV/boK4mMcvEjYiPVYsBpSDNLBF9t4lP6VK6WnDsymriCQ0iit3AiKgQB+22uF/+ iMFG2Y5xTsENkqumWlxqApv46frd7tjqXLGf+mdb+WcXoou5/hLmCZXlkVQ/MOPfCQ3q 7lkQ== X-Gm-Message-State: AC+VfDy2CbtuL1P2rlIbhyitGzviBjWl2JHOJeuQ9xZ0ubK05HGY5O9n RSvrmQ/7yKK+Sqz2R1onUU7iuTpPC+R+z3Vq6ntwwg== X-Received: by 2002:a2e:98ca:0:b0:2b1:d4fc:75ff with SMTP id s10-20020a2e98ca000000b002b1d4fc75ffmr525291ljj.31.1686297642304; Fri, 09 Jun 2023 01:00:42 -0700 (PDT) MIME-Version: 1.0 References: <20230526010748.1222-1-masahisa.kojima@linaro.org> <76da826f-b608-6add-5401-6de818b180e3@siemens.com> <871ece13-7d6e-44d4-3bda-317658202f6f@siemens.com> <3eb9bf84-4cf0-6cfe-9ad3-f7eef7d775fb@siemens.com> In-Reply-To: From: Ilias Apalodimas Date: Fri, 9 Jun 2023 11:00:06 +0300 Message-ID: Subject: Re: [PATCH v5 3/3] efi: Add tee-based EFI variable driver To: Jan Kiszka Cc: Ard Biesheuvel , Sumit Garg , Masahisa Kojima , Jens Wiklander , linux-kernel@vger.kernel.org, op-tee@lists.trustedfirmware.org, Johan Hovold , Maxime Coquelin , Alexandre Torgue , linux-efi@vger.kernel.org, linux-stm32@st-md-mailman.stormreply.com, linux-arm-kernel@lists.infradead.org, "Su, Bao Cheng (RC-CN DF FA R&D)" Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Jan, On Fri, 9 Jun 2023 at 09:40, Jan Kiszka wrote: > > On 09.06.23 08:34, Ilias Apalodimas wrote: > > Hi Jan, > > > > [...] > > > >>> --- a/drivers/firmware/efi/vars.c > >>> +++ b/drivers/firmware/efi/vars.c > >>> @@ -123,7 +123,7 @@ EXPORT_SYMBOL_GPL(efivars_unregister); > >>> > >>> bool efivar_supports_writes(void) > >>> { > >>> - return __efivars && __efivars->ops->set_variable; > >>> + return __efivars && __efivars->ops->set_variable != set_variable_int; > >>> } > >>> EXPORT_SYMBOL_GPL(efivar_supports_writes); > >>> > >>> diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c > >>> index e028fafa04f3..e40b5c4c5106 100644 > >>> --- a/fs/efivarfs/super.c > >>> +++ b/fs/efivarfs/super.c > >>> @@ -242,9 +242,6 @@ static int efivarfs_fill_super(struct super_block > >>> *sb, struct fs_context *fc) > >>> sb->s_d_op = &efivarfs_d_ops; > >>> sb->s_time_gran = 1; > >>> > >>> - if (!efivar_supports_writes()) > >>> - sb->s_flags |= SB_RDONLY; > >>> - > >>> inode = efivarfs_get_inode(sb, NULL, S_IFDIR | 0755, 0, true); > >>> if (!inode) > >>> return -ENOMEM; > >>> diff --git a/include/linux/efi.h b/include/linux/efi.h > >>> index 58d1c271d3b0..ec0ac6ef50a3 100644 > >>> --- a/include/linux/efi.h > >>> +++ b/include/linux/efi.h > >>> @@ -1084,6 +1084,10 @@ int efivars_register(struct efivars *efivars, > >>> const struct efivar_operations *ops); > >>> int efivars_unregister(struct efivars *efivars); > >>> > >>> +efi_status_t set_variable_int(efi_char16_t *name, efi_guid_t *vendor, > >>> + u32 attributes, unsigned long data_size, > >>> + void *data); > >>> + > >>> void efivars_generic_ops_register(void); > >>> void efivars_generic_ops_unregister(void); > >>> > >>> Thanks > >>> /Ilias > >> > >> As just written in my other reply: The root cause is the dependency on > >> tee-supplicant daemon. That needs to be resolved, and then also r/w > >> mounting will just work. > > > > That's partially true. If we solve the dependency your problem will > > go away only if everything gets compiled as built in. But if you have > > them as modules there's still a chance you mount the efivarfs before > > installing all the modules. In that case, you'll end up with the same > > problem no? > > Obviously, this will need proper probing of the TA services in the > proper order so that the STMM driver is pulled in before efivarfs gets used. > > > > > That's why I think this patch (or a variation of it) is useful. It > > solves the kernel panic you are seeing if you remount the efivarfs as > > RW and It unifies the way the kernel responds to userspace no matter > > what the firmware does with its setvariableRT service. > > I'm not against fixes crashes, but the r/w issue is a different thing IMHO. Fair enough, but if we want to fix the crash only I think there's a better way to do it. I'll cook some patches and send them over Thanks /Ilias > > Jan > > -- > Siemens AG, Technology > Competence Center Embedded Linux >