| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220520195028.1347426-1-gpiccoli@igalia.com>
Date: Fri, 20 May 2022 16:50:26 -0300
From: "Guilherme G. Piccoli" <gpiccoli@...lia.com>
To: ardb@...nel.org, linux-efi@...r.kernel.org
Cc: linux-kernel@...r.kernel.org, kernel-dev@...lia.com,
kernel@...ccoli.net, anton@...msg.org, ccross@...roid.com,
keescook@...omium.org, matt@...eblueprint.co.uk,
matthew.garrett@...ula.com, tony.luck@...el.com,
"Guilherme G. Piccoli" <gpiccoli@...lia.com>
Subject: [PATCH 0/2] UEFI panic notification mechanism
Hi folks, this patch set is about a mechanism to notify the UEFI
firmware about a panic event in the kernel, so the firmware is
enabled to take some action. The specific use case for us is to
show an alternative splash screen if a panic happened.
The base for the idea is to explore the panic notifiers mechanism,
that allows a callback to execute in the panic path.
Patch 1 is kind of a "clean-up" in a way; just taking a helper out
of efibc and adding it on generic efi.h header, so we have common
code used by 3 modules (efibc, efi-pstore and efi-panic).
Patch 2 is the efi-panic module itself; it is *strongly* based on
efibc, and for that I'd like to hereby thank to the authors.
The efibc code is very clear!
Some design decisions to be discussed:
(1) The variable name and value - I called it PanicWarn, and the
data it holds is just a byte, set by default to 0xFF (though users
can change that via module parameter). I have no attachment to
these, we can improve naming and the size of the data for example,
suggestions are appreciated!
(2) The 3 modules (efibc, efi-pstore and efi-panic) share a lot of
ideas or code; both efi-{pstore,panic} deal with panic events, and
both efi{bc,-panic} rely on notifiers and share code.
Should we unify some of them or anything like that? It seemed to me
the proper approach would be a simple and small standalone module,
but I'm open for suggestions.
(3) I've noticed a behavior that also happens in efi-pstore, I'm not
sure if that's something to care about. In the efi-panic module, after
a fresh boot, we check if PanicWarn is there an if so, we print a
message and _delete_ that variable from the NVRAM. But...the variable
is still present in sysfs, in the list created by efivars. Same happens
with efi-pstore, if we delete the dumps generated from /sys/fs/pstore.
In my case, I've used the __efivar_entry_delete() variant, so it doesn't
delete from any list, only from the firmware area. Should this be handled?
Or we just don't care with the empty variable reference in the sysfs tree?
I appreciate feedbacks and suggestions, thanks in advance for the attention!
Cheers,
Guilherme
Guilherme G. Piccoli (2):
efi: Add a generic helper to convert strings to unicode
efi-panic: Introduce the UEFI panic notification module
drivers/firmware/efi/Kconfig | 10 ++++
drivers/firmware/efi/Makefile | 1 +
drivers/firmware/efi/efi-panic.c | 97 +++++++++++++++++++++++++++++++
drivers/firmware/efi/efi-pstore.c | 5 +-
drivers/firmware/efi/efibc.c | 16 ++---
include/linux/efi.h | 16 +++++
6 files changed, 130 insertions(+), 15 deletions(-)
create mode 100644 drivers/firmware/efi/efi-panic.c
--
2.36.0
Powered by blists - more mailing lists