1 // SPDX-License-Identifier: GPL-2.0+
3 * EFI Test Driver for Runtime Services
5 * Copyright(C) 2012-2016 Canonical Ltd.
7 * This driver exports EFI runtime services interfaces into userspace, which
8 * allow to use and test UEFI runtime services provided by firmware.
12 #include <linux/miscdevice.h>
13 #include <linux/module.h>
14 #include <linux/init.h>
15 #include <linux/proc_fs.h>
16 #include <linux/efi.h>
17 #include <linux/security.h>
18 #include <linux/slab.h>
19 #include <linux/uaccess.h>
23 MODULE_AUTHOR("Ivan Hu <ivan.hu@canonical.com>");
24 MODULE_DESCRIPTION("EFI Test Driver");
25 MODULE_LICENSE("GPL");
28 * Count the bytes in 'str', including the terminating NULL.
30 * Note this function returns the number of *bytes*, not the number of
33 static inline size_t user_ucs2_strsize(efi_char16_t __user *str)
35 efi_char16_t *s = str, c;
41 /* Include terminating NULL */
42 len = sizeof(efi_char16_t);
44 if (get_user(c, s++)) {
45 /* Can't read userspace memory for size */
50 if (get_user(c, s++)) {
51 /* Can't read userspace memory for size */
54 len += sizeof(efi_char16_t);
60 * Allocate a buffer and copy a ucs2 string from user space into it.
63 copy_ucs2_from_user_len(efi_char16_t **dst, efi_char16_t __user *src,
73 if (!access_ok(src, 1))
76 buf = memdup_user(src, len);
87 * Count the bytes in 'str', including the terminating NULL.
89 * Just a wrap for user_ucs2_strsize
92 get_ucs2_strsize_from_user(efi_char16_t __user *src, size_t *len)
94 if (!access_ok(src, 1))
97 *len = user_ucs2_strsize(src);
105 * Calculate the required buffer allocation size and copy a ucs2 string
106 * from user space into it.
108 * This function differs from copy_ucs2_from_user_len() because it
109 * calculates the size of the buffer to allocate by taking the length of
112 * If a non-zero value is returned, the caller MUST NOT access 'dst'.
114 * It is the caller's responsibility to free 'dst'.
117 copy_ucs2_from_user(efi_char16_t **dst, efi_char16_t __user *src)
121 if (!access_ok(src, 1))
124 len = user_ucs2_strsize(src);
127 return copy_ucs2_from_user_len(dst, src, len);
131 * Copy a ucs2 string to a user buffer.
133 * This function is a simple wrapper around copy_to_user() that does
134 * nothing if 'src' is NULL, which is useful for reducing the amount of
135 * NULL checking the caller has to do.
137 * 'len' specifies the number of bytes to copy.
140 copy_ucs2_to_user_len(efi_char16_t __user *dst, efi_char16_t *src, size_t len)
145 if (!access_ok(dst, 1))
148 return copy_to_user(dst, src, len);
151 static long efi_runtime_get_variable(unsigned long arg)
153 struct efi_getvariable __user *getvariable_user;
154 struct efi_getvariable getvariable;
155 unsigned long datasize = 0, prev_datasize, *dz;
156 efi_guid_t vendor_guid, *vd = NULL;
158 efi_char16_t *name = NULL;
163 getvariable_user = (struct efi_getvariable __user *)arg;
165 if (copy_from_user(&getvariable, getvariable_user,
166 sizeof(getvariable)))
168 if (getvariable.data_size &&
169 get_user(datasize, getvariable.data_size))
171 if (getvariable.vendor_guid) {
172 if (copy_from_user(&vendor_guid, getvariable.vendor_guid,
173 sizeof(vendor_guid)))
178 if (getvariable.variable_name) {
179 rv = copy_ucs2_from_user(&name, getvariable.variable_name);
184 at = getvariable.attributes ? &attr : NULL;
185 dz = getvariable.data_size ? &datasize : NULL;
187 if (getvariable.data_size && getvariable.data) {
188 data = kmalloc(datasize, GFP_KERNEL);
195 prev_datasize = datasize;
196 status = efi.get_variable(name, vd, at, dz, data);
199 if (put_user(status, getvariable.status)) {
204 if (status != EFI_SUCCESS) {
205 if (status == EFI_BUFFER_TOO_SMALL) {
206 if (dz && put_user(datasize, getvariable.data_size)) {
215 if (prev_datasize < datasize) {
221 if (copy_to_user(getvariable.data, data, datasize)) {
227 if (at && put_user(attr, getvariable.attributes)) {
232 if (dz && put_user(datasize, getvariable.data_size))
241 static long efi_runtime_set_variable(unsigned long arg)
243 struct efi_setvariable __user *setvariable_user;
244 struct efi_setvariable setvariable;
245 efi_guid_t vendor_guid;
247 efi_char16_t *name = NULL;
251 setvariable_user = (struct efi_setvariable __user *)arg;
253 if (copy_from_user(&setvariable, setvariable_user, sizeof(setvariable)))
255 if (copy_from_user(&vendor_guid, setvariable.vendor_guid,
256 sizeof(vendor_guid)))
259 if (setvariable.variable_name) {
260 rv = copy_ucs2_from_user(&name, setvariable.variable_name);
265 data = memdup_user(setvariable.data, setvariable.data_size);
268 return PTR_ERR(data);
271 status = efi.set_variable(name, &vendor_guid,
272 setvariable.attributes,
273 setvariable.data_size, data);
275 if (put_user(status, setvariable.status)) {
280 rv = status == EFI_SUCCESS ? 0 : -EINVAL;
289 static long efi_runtime_get_time(unsigned long arg)
291 struct efi_gettime __user *gettime_user;
292 struct efi_gettime gettime;
297 gettime_user = (struct efi_gettime __user *)arg;
298 if (copy_from_user(&gettime, gettime_user, sizeof(gettime)))
301 status = efi.get_time(gettime.time ? &efi_time : NULL,
302 gettime.capabilities ? &cap : NULL);
304 if (put_user(status, gettime.status))
307 if (status != EFI_SUCCESS)
310 if (gettime.capabilities) {
311 efi_time_cap_t __user *cap_local;
313 cap_local = (efi_time_cap_t *)gettime.capabilities;
314 if (put_user(cap.resolution, &(cap_local->resolution)) ||
315 put_user(cap.accuracy, &(cap_local->accuracy)) ||
316 put_user(cap.sets_to_zero, &(cap_local->sets_to_zero)))
320 if (copy_to_user(gettime.time, &efi_time, sizeof(efi_time_t)))
327 static long efi_runtime_set_time(unsigned long arg)
329 struct efi_settime __user *settime_user;
330 struct efi_settime settime;
334 settime_user = (struct efi_settime __user *)arg;
335 if (copy_from_user(&settime, settime_user, sizeof(settime)))
337 if (copy_from_user(&efi_time, settime.time,
340 status = efi.set_time(&efi_time);
342 if (put_user(status, settime.status))
345 return status == EFI_SUCCESS ? 0 : -EINVAL;
348 static long efi_runtime_get_waketime(unsigned long arg)
350 struct efi_getwakeuptime __user *getwakeuptime_user;
351 struct efi_getwakeuptime getwakeuptime;
352 efi_bool_t enabled, pending;
356 getwakeuptime_user = (struct efi_getwakeuptime __user *)arg;
357 if (copy_from_user(&getwakeuptime, getwakeuptime_user,
358 sizeof(getwakeuptime)))
361 status = efi.get_wakeup_time(
362 getwakeuptime.enabled ? (efi_bool_t *)&enabled : NULL,
363 getwakeuptime.pending ? (efi_bool_t *)&pending : NULL,
364 getwakeuptime.time ? &efi_time : NULL);
366 if (put_user(status, getwakeuptime.status))
369 if (status != EFI_SUCCESS)
372 if (getwakeuptime.enabled && put_user(enabled,
373 getwakeuptime.enabled))
376 if (getwakeuptime.time) {
377 if (copy_to_user(getwakeuptime.time, &efi_time,
385 static long efi_runtime_set_waketime(unsigned long arg)
387 struct efi_setwakeuptime __user *setwakeuptime_user;
388 struct efi_setwakeuptime setwakeuptime;
393 setwakeuptime_user = (struct efi_setwakeuptime __user *)arg;
395 if (copy_from_user(&setwakeuptime, setwakeuptime_user,
396 sizeof(setwakeuptime)))
399 enabled = setwakeuptime.enabled;
400 if (setwakeuptime.time) {
401 if (copy_from_user(&efi_time, setwakeuptime.time,
405 status = efi.set_wakeup_time(enabled, &efi_time);
407 status = efi.set_wakeup_time(enabled, NULL);
409 if (put_user(status, setwakeuptime.status))
412 return status == EFI_SUCCESS ? 0 : -EINVAL;
415 static long efi_runtime_get_nextvariablename(unsigned long arg)
417 struct efi_getnextvariablename __user *getnextvariablename_user;
418 struct efi_getnextvariablename getnextvariablename;
419 unsigned long name_size, prev_name_size = 0, *ns = NULL;
421 efi_guid_t *vd = NULL;
422 efi_guid_t vendor_guid;
423 efi_char16_t *name = NULL;
426 getnextvariablename_user = (struct efi_getnextvariablename __user *)arg;
428 if (copy_from_user(&getnextvariablename, getnextvariablename_user,
429 sizeof(getnextvariablename)))
432 if (getnextvariablename.variable_name_size) {
433 if (get_user(name_size, getnextvariablename.variable_name_size))
436 prev_name_size = name_size;
439 if (getnextvariablename.vendor_guid) {
440 if (copy_from_user(&vendor_guid,
441 getnextvariablename.vendor_guid,
442 sizeof(vendor_guid)))
447 if (getnextvariablename.variable_name) {
448 size_t name_string_size = 0;
450 rv = get_ucs2_strsize_from_user(
451 getnextvariablename.variable_name,
456 * The name_size may be smaller than the real buffer size where
457 * variable name located in some use cases. The most typical
458 * case is passing a 0 to get the required buffer size for the
459 * 1st time call. So we need to copy the content from user
460 * space for at least the string size of variable name, or else
461 * the name passed to UEFI may not be terminated as we expected.
463 rv = copy_ucs2_from_user_len(&name,
464 getnextvariablename.variable_name,
465 prev_name_size > name_string_size ?
466 prev_name_size : name_string_size);
471 status = efi.get_next_variable(ns, name, vd);
473 if (put_user(status, getnextvariablename.status)) {
478 if (status != EFI_SUCCESS) {
479 if (status == EFI_BUFFER_TOO_SMALL) {
480 if (ns && put_user(*ns,
481 getnextvariablename.variable_name_size)) {
491 if (copy_ucs2_to_user_len(getnextvariablename.variable_name,
492 name, prev_name_size)) {
499 if (put_user(*ns, getnextvariablename.variable_name_size)) {
506 if (copy_to_user(getnextvariablename.vendor_guid, vd,
516 static long efi_runtime_get_nexthighmonocount(unsigned long arg)
518 struct efi_getnexthighmonotoniccount __user *getnexthighmonocount_user;
519 struct efi_getnexthighmonotoniccount getnexthighmonocount;
523 getnexthighmonocount_user = (struct
524 efi_getnexthighmonotoniccount __user *)arg;
526 if (copy_from_user(&getnexthighmonocount,
527 getnexthighmonocount_user,
528 sizeof(getnexthighmonocount)))
531 status = efi.get_next_high_mono_count(
532 getnexthighmonocount.high_count ? &count : NULL);
534 if (put_user(status, getnexthighmonocount.status))
537 if (status != EFI_SUCCESS)
540 if (getnexthighmonocount.high_count &&
541 put_user(count, getnexthighmonocount.high_count))
547 static long efi_runtime_reset_system(unsigned long arg)
549 struct efi_resetsystem __user *resetsystem_user;
550 struct efi_resetsystem resetsystem;
553 resetsystem_user = (struct efi_resetsystem __user *)arg;
554 if (copy_from_user(&resetsystem, resetsystem_user,
555 sizeof(resetsystem)))
557 if (resetsystem.data_size != 0) {
558 data = memdup_user((void *)resetsystem.data,
559 resetsystem.data_size);
561 return PTR_ERR(data);
564 efi.reset_system(resetsystem.reset_type, resetsystem.status,
565 resetsystem.data_size, (efi_char16_t *)data);
571 static long efi_runtime_query_variableinfo(unsigned long arg)
573 struct efi_queryvariableinfo __user *queryvariableinfo_user;
574 struct efi_queryvariableinfo queryvariableinfo;
576 u64 max_storage, remaining, max_size;
578 queryvariableinfo_user = (struct efi_queryvariableinfo __user *)arg;
580 if (copy_from_user(&queryvariableinfo, queryvariableinfo_user,
581 sizeof(queryvariableinfo)))
584 status = efi.query_variable_info(queryvariableinfo.attributes,
585 &max_storage, &remaining, &max_size);
587 if (put_user(status, queryvariableinfo.status))
590 if (status != EFI_SUCCESS)
593 if (put_user(max_storage,
594 queryvariableinfo.maximum_variable_storage_size))
597 if (put_user(remaining,
598 queryvariableinfo.remaining_variable_storage_size))
601 if (put_user(max_size, queryvariableinfo.maximum_variable_size))
607 static long efi_runtime_query_capsulecaps(unsigned long arg)
609 struct efi_querycapsulecapabilities __user *qcaps_user;
610 struct efi_querycapsulecapabilities qcaps;
611 efi_capsule_header_t *capsules;
617 qcaps_user = (struct efi_querycapsulecapabilities __user *)arg;
619 if (copy_from_user(&qcaps, qcaps_user, sizeof(qcaps)))
622 if (qcaps.capsule_count == ULONG_MAX)
625 capsules = kcalloc(qcaps.capsule_count + 1,
626 sizeof(efi_capsule_header_t), GFP_KERNEL);
630 for (i = 0; i < qcaps.capsule_count; i++) {
631 efi_capsule_header_t *c;
633 * We cannot dereference qcaps.capsule_header_array directly to
634 * obtain the address of the capsule as it resides in the
637 if (get_user(c, qcaps.capsule_header_array + i)) {
641 if (copy_from_user(&capsules[i], c,
642 sizeof(efi_capsule_header_t))) {
648 qcaps.capsule_header_array = &capsules;
650 status = efi.query_capsule_caps((efi_capsule_header_t **)
651 qcaps.capsule_header_array,
653 &max_size, &reset_type);
655 if (put_user(status, qcaps.status)) {
660 if (status != EFI_SUCCESS) {
665 if (put_user(max_size, qcaps.maximum_capsule_size)) {
670 if (put_user(reset_type, qcaps.reset_type))
678 static long efi_test_ioctl(struct file *file, unsigned int cmd,
682 case EFI_RUNTIME_GET_VARIABLE:
683 return efi_runtime_get_variable(arg);
685 case EFI_RUNTIME_SET_VARIABLE:
686 return efi_runtime_set_variable(arg);
688 case EFI_RUNTIME_GET_TIME:
689 return efi_runtime_get_time(arg);
691 case EFI_RUNTIME_SET_TIME:
692 return efi_runtime_set_time(arg);
694 case EFI_RUNTIME_GET_WAKETIME:
695 return efi_runtime_get_waketime(arg);
697 case EFI_RUNTIME_SET_WAKETIME:
698 return efi_runtime_set_waketime(arg);
700 case EFI_RUNTIME_GET_NEXTVARIABLENAME:
701 return efi_runtime_get_nextvariablename(arg);
703 case EFI_RUNTIME_GET_NEXTHIGHMONOTONICCOUNT:
704 return efi_runtime_get_nexthighmonocount(arg);
706 case EFI_RUNTIME_QUERY_VARIABLEINFO:
707 return efi_runtime_query_variableinfo(arg);
709 case EFI_RUNTIME_QUERY_CAPSULECAPABILITIES:
710 return efi_runtime_query_capsulecaps(arg);
712 case EFI_RUNTIME_RESET_SYSTEM:
713 return efi_runtime_reset_system(arg);
719 static int efi_test_open(struct inode *inode, struct file *file)
721 int ret = security_locked_down(LOCKDOWN_EFI_TEST);
726 if (!capable(CAP_SYS_ADMIN))
729 * nothing special to do here
730 * We do accept multiple open files at the same time as we
731 * synchronize on the per call operation.
736 static int efi_test_close(struct inode *inode, struct file *file)
742 * The various file operations we support.
744 static const struct file_operations efi_test_fops = {
745 .owner = THIS_MODULE,
746 .unlocked_ioctl = efi_test_ioctl,
747 .open = efi_test_open,
748 .release = efi_test_close,
752 static struct miscdevice efi_test_dev = {
758 static int __init efi_test_init(void)
762 ret = misc_register(&efi_test_dev);
764 pr_err("efi_test: can't misc_register on minor=%d\n",
772 static void __exit efi_test_exit(void)
774 misc_deregister(&efi_test_dev);
777 module_init(efi_test_init);
778 module_exit(efi_test_exit);