From nobody Sun Sep 14 06:37:25 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass(p=reject dis=none)  header.from=cloud.com
ARC-Seal: i=1; a=rsa-sha256; t=1757579102; cv=none;
	d=zohomail.com; s=zohoarc;
	b=RC36qxBzmN2jj/r6Ak7dukVclJ4KKwgW8v9qhEPHpiKu2Ga6zOafhuWa/HgzqPBaZvpa4b7CvVDnvs5vaag7gJT11zcT6Y8m08wQ/TeeM9GRknyYXECPPk//P0hFq7rvr7KowM4uxbm/3UVkpiNrKz44vrEMfLZpNQilyzZZouM=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1757579102;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=pB+WsDeqv2sCpekU87otjg/rOz733WUlwzupkyN3uYo=;
	b=Ah437pIhRXc28izmRiw2gtFMIrGo+hhuxHkl4XTlektXyeskPeTav4Qa6D5H/8skRrsxrwbiJs6+OufJ0x8VmjO9pY6o7qh9nhizQnYQA7rRKEyYs1z074atqwHF3H3etNW1r9ZVd90x2mVwnatuJIrkEacGDI7swPHHAwnBB38=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass header.from=<gerald.elder-vass@cloud.com> (p=reject dis=none)
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 1757579102729436.01231763862177;
 Thu, 11 Sep 2025 01:25:02 -0700 (PDT)
Received: from list by lists.xenproject.org with
 outflank-mailman.1119698.1464983 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1uwcbi-0007hb-U5; Thu, 11 Sep 2025 08:24:42 +0000
Received: by outflank-mailman (output) from mailman id 1119698.1464983;
 Thu, 11 Sep 2025 08:24:42 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1uwcbi-0007gj-PP; Thu, 11 Sep 2025 08:24:42 +0000
Received: by outflank-mailman (input) for mailman id 1119698;
 Thu, 11 Sep 2025 08:24:41 +0000
Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50]
 helo=se1-gles-flk1.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from
 <SRS0=jUFa=3W=cloud.com=gerald.elder-vass@srs-se1.protection.inumbo.net>)
 id 1uwcbh-0007Fi-MO
 for xen-devel@lists.xenproject.org; Thu, 11 Sep 2025 08:24:41 +0000
Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com
 [2a00:1450:4864:20::629])
 by se1-gles-flk1.inumbo.com (Halon) with ESMTPS
 id c299c8a4-8ee8-11f0-9809-7dc792cee155;
 Thu, 11 Sep 2025 10:24:39 +0200 (CEST)
Received: by mail-ej1-x629.google.com with SMTP id
 a640c23a62f3a-b047f28a83dso83142766b.2
 for <xen-devel@lists.xenproject.org>; Thu, 11 Sep 2025 01:24:39 -0700 (PDT)
Received: from eddie5.eng.citrite.net ([185.25.67.249])
 by smtp.gmail.com with ESMTPSA id
 4fb4d7f45d1cf-62ec33b4d63sm699314a12.23.2025.09.11.01.24.38
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 11 Sep 2025 01:24:38 -0700 (PDT)
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
X-Inumbo-ID: c299c8a4-8ee8-11f0-9809-7dc792cee155
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=cloud.com; s=cloud; t=1757579079; x=1758183879;
 darn=lists.xenproject.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=pB+WsDeqv2sCpekU87otjg/rOz733WUlwzupkyN3uYo=;
        b=GxyytkzAZYLHgOU/J0QrE4MKIoX9Y/4nZzIB3/AJt3dDwHcg2s0mabWL2LGwA7Ze3l
         /lsbVkDxBBXMrZUAtXtZOgBtdfuU6ILzdXNWwGpbiEe/Ctp6Wz/gpshkwowGJaZs9fiX
         V1aop4FXklFtqkqhlZgl7qmyFQ+jXfMxsOmjk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1757579079; x=1758183879;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=pB+WsDeqv2sCpekU87otjg/rOz733WUlwzupkyN3uYo=;
        b=qZxEBn2GdZFu5SUJ3iF6XuFbNec3nCagqhFzmI/SkvHG6ZmwDTw02niT3ywGyQmAZM
         kv9OsBj9p+LfWmzw3aTPLGiCbuRCXMBBacEC6nb9cZey0E0VO9sXu/hBpPAwk5PDP2Wk
         JKsMOEvCEFrx5ME2eLXC3C48d33UB+EQqCrYqrqFb6TxDlM3owPkJwwyqDdM764swE3C
         lQZlEv8IWOJ+gZMd8G9jQ19LtokC5ymUCKWEr5i7ppDNZg1BFCtXTdvFiS7hcuIkOti7
         DHmrbwvVZumB/8Vqk/2t9aClATLZEXH0jraqodNlFMDUQJI6KgbhZvn2scPh4JCwPOMR
         224A==
X-Gm-Message-State: AOJu0YxNRZoe0q5KMi6acqaGxbVCr5Z5BKVhh9IPe4q7On1guGjLM0uk
	c42C8xvZVN/rNhraRTDkjWNCENmGUSnD8AEZoGtMeuY0bycAvCFS15SFI6qHVlDDBMD6QgAPcq/
	MQeQ1
X-Gm-Gg: ASbGncusW6NutUwDg9n0YqIj8mJ+Q/ugG4SHpyk3n4nW7TTGLL4yYPjnPSIZaG+O7hv
	c7R+Ce7ZjnBjUXn+uvjjoL9jTs2VgT/DhB02efkcwCSCzez9EJCVI194hWklgO/97aTuOwNyRYE
	0ps/fWFND2vUxCWGxao16tHysrncvgJlxOTw+Kyvg/nZrcwaPEGKRKlKyRNOkC73SiZDsswmtAt
	G4mjqBs5q7QC9AffmDZeY/Y0JnZIQqQuBc/esbL+oCEQ5hnUR1jce0otDg5X13By00zSd2Yn660
	n8xcFbGCXexDFjUgr1mGr0g7ICiK2GY/RLkhf575f6/2xgh3KIzPDPpzrHeiEAF8oO8bg8UCKNY
	mUOoZBTiqyBq2jY480KLb5r1fhQRRgc2Z+8Gz38pT7YAMfg==
X-Google-Smtp-Source: 
 AGHT+IGaN9ZR/JxKJ7mWuLxKQ/UrcA1+M6nyqmmQC7YK/MYv/l+HoZAtQ+OWShztok74LycAI8QyaA==
X-Received: by 2002:a17:907:6e90:b0:af9:29c1:1103 with SMTP id
 a640c23a62f3a-b04b16e4b03mr1631561566b.55.1757579078947;
        Thu, 11 Sep 2025 01:24:38 -0700 (PDT)
From: Gerald Elder-Vass <gerald.elder-vass@cloud.com>
To: Xen-devel <xen-devel@lists.xenproject.org>
Cc: Gerald Elder-Vass <gerald.elder-vass@cloud.com>,
	=?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>,
	"Daniel P. Smith" <dpsmith@apertussolutions.com>,
	Jan Beulich <jbeulich@suse.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>,
	Anthony PERARD <anthony.perard@vates.tech>,
	Michal Orzel <michal.orzel@amd.com>,
	Julien Grall <julien@xen.org>,
	=?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com>,
	Stefano Stabellini <sstabellini@kernel.org>
Subject: [PATCH 1/3] efi: Fix line length in init_secure_boot_mode
Date: Thu, 11 Sep 2025 08:24:27 +0000
Message-ID: 
 <e891b84f4814c1feff7a6bca51c89dc9c8971b02.1757519202.git.gerald.elder-vass@cloud.com>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1757519202.git.gerald.elder-vass@cloud.com>
References: <cover.1757519202.git.gerald.elder-vass@cloud.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @cloud.com)
X-ZM-MESSAGEID: 1757579109196116600

Commit cb41b4ce14a9 introduced init_secure_boot_mode but one line was
not wrapped appropriately.

Signed-off-by: Gerald Elder-Vass <gerald.elder-vass@cloud.com>
---
CC: Marek Marczykowski-G=C3=B3recki <marmarek@invisiblethingslab.com>
CC: "Daniel P. Smith" <dpsmith@apertussolutions.com>
CC: Jan Beulich <jbeulich@suse.com>
CC: Andrew Cooper <andrew.cooper3@citrix.com>
CC: Anthony PERARD <anthony.perard@vates.tech>
CC: Michal Orzel <michal.orzel@amd.com>
CC: Julien Grall <julien@xen.org>
CC: "Roger Pau Monn=C3=A9" <roger.pau@citrix.com>
CC: Stefano Stabellini <sstabellini@kernel.org>
---
 xen/common/efi/boot.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c
index b86c83d3348c..69fc022c18ab 100644
--- a/xen/common/efi/boot.c
+++ b/xen/common/efi/boot.c
@@ -923,7 +923,8 @@ static void __init init_secure_boot_mode(void)
=20
     if ( status =3D=3D EFI_NOT_FOUND ||
          (status =3D=3D EFI_SUCCESS &&
-          attr =3D=3D (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNT=
IME_ACCESS) &&
+          attr =3D=3D (EFI_VARIABLE_BOOTSERVICE_ACCESS |
+                   EFI_VARIABLE_RUNTIME_ACCESS) &&
           size =3D=3D 1 && data =3D=3D 0) )
         /* Platform does not support Secure Boot or it's disabled. */
         efi_secure_boot =3D false;
--=20
2.47.3


From nobody Sun Sep 14 06:37:25 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass(p=reject dis=none)  header.from=cloud.com
ARC-Seal: i=1; a=rsa-sha256; t=1757579100; cv=none;
	d=zohomail.com; s=zohoarc;
	b=PEDG09pHzQm4i53bU2XPilWl5Z0VtA9QFd2+o4Wb46hN6AflZyZBgUZSEgePaPop1+OPPHaZSpiBaNiLqgv5rXVKhFFNE1ecrkqHhDJJmK4RRZspthgwDpdulbhNJtNwuvMUe3OgACAs4xbtY0zDHom/GnJZdKmxqvDQTKk0eSc=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1757579100;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=v9lB+5/QMJwJ7zbazXB6aIwcP7l9eUd98XmJoHTDbJs=;
	b=j2yYpxQqYFwvEBVQCqhXVWx21MJRtgF8dWg/4IOAXipSzUVkI6RJPM5WLvhgj7Oa6Hiqgf317L2AEPTZzv7Zw+o1gMZSySaavtc4lBJqjdTiBf0SdtEzm+hylR2XTDu48+uPrOQhQ7NSWeiPEIRt1BjVgFmBixw7CEUYmxN9SZ8=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass header.from=<gerald.elder-vass@cloud.com> (p=reject dis=none)
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 1757579100637538.724225354376;
 Thu, 11 Sep 2025 01:25:00 -0700 (PDT)
Received: from list by lists.xenproject.org with
 outflank-mailman.1119697.1464970 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1uwcbh-0007Iv-PO; Thu, 11 Sep 2025 08:24:41 +0000
Received: by outflank-mailman (output) from mailman id 1119697.1464970;
 Thu, 11 Sep 2025 08:24:41 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1uwcbh-0007Ij-Iu; Thu, 11 Sep 2025 08:24:41 +0000
Received: by outflank-mailman (input) for mailman id 1119697;
 Thu, 11 Sep 2025 08:24:40 +0000
Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254]
 helo=se1-gles-sth1.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from
 <SRS0=jUFa=3W=cloud.com=gerald.elder-vass@srs-se1.protection.inumbo.net>)
 id 1uwcbg-0007FO-UX
 for xen-devel@lists.xenproject.org; Thu, 11 Sep 2025 08:24:40 +0000
Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com
 [2a00:1450:4864:20::52a])
 by se1-gles-sth1.inumbo.com (Halon) with ESMTPS
 id c30c039a-8ee8-11f0-9d13-b5c5bf9af7f9;
 Thu, 11 Sep 2025 10:24:40 +0200 (CEST)
Received: by mail-ed1-x52a.google.com with SMTP id
 4fb4d7f45d1cf-61cd6089262so623681a12.3
 for <xen-devel@lists.xenproject.org>; Thu, 11 Sep 2025 01:24:40 -0700 (PDT)
Received: from eddie5.eng.citrite.net ([185.25.67.249])
 by smtp.gmail.com with ESMTPSA id
 4fb4d7f45d1cf-62ec33b4d63sm699314a12.23.2025.09.11.01.24.39
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 11 Sep 2025 01:24:39 -0700 (PDT)
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
X-Inumbo-ID: c30c039a-8ee8-11f0-9d13-b5c5bf9af7f9
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=cloud.com; s=cloud; t=1757579080; x=1758183880;
 darn=lists.xenproject.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=v9lB+5/QMJwJ7zbazXB6aIwcP7l9eUd98XmJoHTDbJs=;
        b=UIHSARv08ikvpv4T8rE6zAmMpAarg+fSKDSpIWbN5YfWIrh+BI2vIrp8lfrTRWKXYW
         xTPaeCP5EIbFNdiPQ2ecwaEPzzcyvcqry4MJW/jgfnpFiVrKfm7LyAZfNTsqLycIz0Iv
         95iRU6kAAbxkvZJtwTF+0hmD7Sp+DzsWS/mbw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1757579080; x=1758183880;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=v9lB+5/QMJwJ7zbazXB6aIwcP7l9eUd98XmJoHTDbJs=;
        b=NEvleZNVx+cg6N0/rwhdkxCOJGIsO8Mh4xDJZ1G1YAjRWFcEsFYXJTy7NllhOaAand
         v3KARnCz7LkjRa0FZhnwFx1cotCNqqWG8tCOHA+YibWi3tRO8zw0wSRITgpKJ7w3j3ly
         r8J00KTakbd46QsEDsQ9GTwBq94a89hw1g4FhBlS8/9iOi8DUJ7LUcROEmkEAtcokEeD
         7N5OszenKAkAz7gMIUDjd0LJwHJ7HAB0t8XQ2w/wGcYNUkCjs3yGvflV0ooJamfbQBj7
         FZn9mzumtIGfgwQqtCc200FM5S+8at7V48+6rb+x+t2uW8poZp6dfiS6lD/yajsrk2uA
         nTwA==
X-Gm-Message-State: AOJu0Yyuh1CZJbS/EtRKl0iyviO2FpOaT8Tafwgm6UueilpV8BRCke+Z
	FXhoYa8h98/+3Zvy6BC5AB1gHePV4Xkteg70Q0W+NP2dLtizzl6kYXwsJMzKh9Rv2kbOGlUGiP/
	PGGmx
X-Gm-Gg: ASbGncsKLTtCuM0jS/dQbJXon6sI/YMgJ1eFN+M8JaDZSyWkisINW2+3heJPqupoODb
	tnu9Q55idQz5Yb31Mg612zOQehIWyO/gve2Y13uA9ru9BCU8fLOxqbd/JRpq5xuPT3dgU+MCD1S
	agEiJoyTM8GJHIT4o0qmQNCM3DhVpG/yTkEcinixVHcHWl3xrCxVCVVbu1UVz2UpwV+4gAD6GoA
	5hbNnhjnUL/Ifi8uN/P1pFb1nOSqLXiv6CueLniH2UWRr/uX9wLWZziUyf9SdyZ4AS9apOb29Bu
	dT0iXgKN03EKG/EutkdnFnVQy5CYmI9xSYD0rXQxIgw7lITh3KP06ssvS5IU9+5/rLFeKF2Es2B
	BQ0lHGwx+xUFoxvXFAPaexaGA7YrJRBy9NgfU7ZnUTZ3OV8s2Y5rBylXV
X-Google-Smtp-Source: 
 AGHT+IH9SIXzCcsHIgtZJiF8z9cGC3nRFa8aW436bg/A+OEbsBn9eW6N1Eq2im/QA1rrEXK1AOEBAQ==
X-Received: by 2002:a05:6402:2685:b0:61d:dd9:20db with SMTP id
 4fb4d7f45d1cf-6237c048793mr15809936a12.31.1757579079733;
        Thu, 11 Sep 2025 01:24:39 -0700 (PDT)
From: Gerald Elder-Vass <gerald.elder-vass@cloud.com>
To: Xen-devel <xen-devel@lists.xenproject.org>
Cc: Gerald Elder-Vass <gerald.elder-vass@cloud.com>,
	=?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>,
	"Daniel P. Smith" <dpsmith@apertussolutions.com>,
	Jan Beulich <jbeulich@suse.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>,
	Anthony PERARD <anthony.perard@vates.tech>,
	Michal Orzel <michal.orzel@amd.com>,
	Julien Grall <julien@xen.org>,
	=?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com>,
	Stefano Stabellini <sstabellini@kernel.org>
Subject: [PATCH 2/3] efi: Protect against unnecessary image unloading
Date: Thu, 11 Sep 2025 08:24:28 +0000
Message-ID: 
 <1f7b5737d4b36623af2734d525c895b77fef08fc.1757519202.git.gerald.elder-vass@cloud.com>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1757519202.git.gerald.elder-vass@cloud.com>
References: <cover.1757519202.git.gerald.elder-vass@cloud.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @cloud.com)
X-ZM-MESSAGEID: 1757579101267116600

Commit 59a1d6d3ea1e introduced Shim's LoadImage protocol and unloads the
image after loading it (for verification purposes) regardless of the
returned status. The protocol API implies this is the correct behaviour
but we should add a check to protect against the unlikely case this
frees any memory in use.

Signed-off-by: Gerald Elder-Vass <gerald.elder-vass@cloud.com>
---
CC: Marek Marczykowski-G=C3=B3recki <marmarek@invisiblethingslab.com>
CC: "Daniel P. Smith" <dpsmith@apertussolutions.com>
CC: Jan Beulich <jbeulich@suse.com>
CC: Andrew Cooper <andrew.cooper3@citrix.com>
CC: Anthony PERARD <anthony.perard@vates.tech>
CC: Michal Orzel <michal.orzel@amd.com>
CC: Julien Grall <julien@xen.org>
CC: "Roger Pau Monn=C3=A9" <roger.pau@citrix.com>
CC: Stefano Stabellini <sstabellini@kernel.org>
---
 xen/common/efi/boot.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c
index 69fc022c18ab..ca162db0d8d3 100644
--- a/xen/common/efi/boot.c
+++ b/xen/common/efi/boot.c
@@ -1062,7 +1062,7 @@ static void __init efi_verify_kernel(EFI_HANDLE Image=
Handle)
     static EFI_GUID __initdata shim_image_guid =3D SHIM_IMAGE_LOADER_GUID;
     static EFI_GUID __initdata shim_lock_guid =3D SHIM_LOCK_PROTOCOL_GUID;
     SHIM_IMAGE_LOADER *shim_loader;
-    EFI_HANDLE loaded_kernel;
+    EFI_HANDLE loaded_kernel =3D NULL;
     EFI_SHIM_LOCK_PROTOCOL *shim_lock;
     EFI_STATUS status;
     bool verified =3D false;
@@ -1078,11 +1078,12 @@ static void __init efi_verify_kernel(EFI_HANDLE Ima=
geHandle)
             verified =3D true;
=20
         /*
-         * Always unload the image.  We only needed LoadImage() to perform
-         * verification anyway, and in the case of a failure there may sti=
ll
-         * be cleanup needing to be performed.
+         * If the kernel was loaded, unload it. We only needed LoadImage()=
 to
+         * perform verification anyway, and in the case of a failure there=
 may
+         * still be cleanup needing to be performed.
          */
-        shim_loader->UnloadImage(loaded_kernel);
+        if ( loaded_kernel )
+            shim_loader->UnloadImage(loaded_kernel);
     }
=20
     /* Otherwise, fall back to SHIM_LOCK. */
--=20
2.47.3


From nobody Sun Sep 14 06:37:25 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass(p=reject dis=none)  header.from=cloud.com
ARC-Seal: i=1; a=rsa-sha256; t=1757579103; cv=none;
	d=zohomail.com; s=zohoarc;
	b=UzFpBhrtHuGb44LwiX/BwzW5fSMFvW/vbx0LIbe2bQjF0DZEit3vZU5X96Hbsf1LXWbPb1NnpX9kDEe3Vn+8NHRhmEZKjgFurptDvNHgjK49nVI/joSOV0J0OFyCWj7ETYO4wme6hoO4qC+onz6L5i9WkyAOQ2SgfWBJqJG8QEs=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1757579103;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=Hl9F9GdCq3XbjB4Z6CoXc+8IbHjldBrhiMbyobpL14w=;
	b=Dmp/UaSsIoybyYAORU5snoGsMpAfOD5m26afUHvOSJyak/YmJcwGE4qamxgfT3qP71lf/w7ZbW/q9WMfKCafKxnYR1hugNyHDLkWJmlxdo6ljcMocDI6mfdpM6YqJA2hm3EDXsbtc7e2cXWdiflx7u0CB9WGmAtCP4jox/uQBsA=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass header.from=<gerald.elder-vass@cloud.com> (p=reject dis=none)
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 1757579103488632.2587357819825;
 Thu, 11 Sep 2025 01:25:03 -0700 (PDT)
Received: from list by lists.xenproject.org with
 outflank-mailman.1119699.1464994 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1uwcbk-0007wk-6j; Thu, 11 Sep 2025 08:24:44 +0000
Received: by outflank-mailman (output) from mailman id 1119699.1464994;
 Thu, 11 Sep 2025 08:24:44 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1uwcbk-0007wZ-1n; Thu, 11 Sep 2025 08:24:44 +0000
Received: by outflank-mailman (input) for mailman id 1119699;
 Thu, 11 Sep 2025 08:24:43 +0000
Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50]
 helo=se1-gles-flk1.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from
 <SRS0=jUFa=3W=cloud.com=gerald.elder-vass@srs-se1.protection.inumbo.net>)
 id 1uwcbi-0007Fi-VF
 for xen-devel@lists.xenproject.org; Thu, 11 Sep 2025 08:24:42 +0000
Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com
 [2a00:1450:4864:20::533])
 by se1-gles-flk1.inumbo.com (Halon) with ESMTPS
 id c38985a8-8ee8-11f0-9809-7dc792cee155;
 Thu, 11 Sep 2025 10:24:41 +0200 (CEST)
Received: by mail-ed1-x533.google.com with SMTP id
 4fb4d7f45d1cf-6188b72b7caso453389a12.2
 for <xen-devel@lists.xenproject.org>; Thu, 11 Sep 2025 01:24:41 -0700 (PDT)
Received: from eddie5.eng.citrite.net ([185.25.67.249])
 by smtp.gmail.com with ESMTPSA id
 4fb4d7f45d1cf-62ec33b4d63sm699314a12.23.2025.09.11.01.24.39
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 11 Sep 2025 01:24:40 -0700 (PDT)
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
X-Inumbo-ID: c38985a8-8ee8-11f0-9809-7dc792cee155
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=cloud.com; s=cloud; t=1757579081; x=1758183881;
 darn=lists.xenproject.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=Hl9F9GdCq3XbjB4Z6CoXc+8IbHjldBrhiMbyobpL14w=;
        b=fr0h3FTIxmM+G4o1dmsolkSZje1J3/tPXvZSITkGeUfjrysK9MAyPT3w73nLqejlbx
         XM2fylkZk++4QwjkJvHMxfUFcUursUBbQZnzWOhKvASB0O4HVQsK2pVx1w4wudg2oKMO
         mMOF4VY9NW42zlWRo0Ink9O6nl2wPtNZBMUlc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1757579081; x=1758183881;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Hl9F9GdCq3XbjB4Z6CoXc+8IbHjldBrhiMbyobpL14w=;
        b=dabbcyCveCATqLHkCr9t+Hi49Pa/NoSWXnciMFjHMK4gYeBo4E5t/n1wWKPWdscWxo
         XAbqoE3/0S5ArCw9VdwuakMifElu+aBmftDo8La6SsAu3nstfVXWwCHFHhMrdpJBYQMT
         QdTb9z1XOiFQCOwFFeuTXV2vYjaRJkcKkgwqufhhNj3x2ihbYk6ahZYyxE9eOLSsQIa/
         hLF83vuhUVX8WnaZ1h1uglJE/CiZmfvBv44IEM8duDreOWYsOoZardwdR9oyUvYYXkhv
         CFa7UZZfthNrxzgLXvwhjdF1IafW+EvZurHvprfW4cmC7Dv1+EsQhcSBTXkhjY8JBxlJ
         01QQ==
X-Gm-Message-State: AOJu0YxY28lulxA3ZuIqd4W9vo/LrZkvc9/yTuNQ2YrqGDMERmqDELIm
	TX+29L4rLBfS4MICVz5T6iHi3/2+ehfudjeE+QwHjnzgJhAPLqeL3ZJQdRo85HG13V4PAJ6Q7kR
	ewPQm
X-Gm-Gg: ASbGncsFVJMNShJnssiaMfJLnC1S9CV9h1BbRL4kdhj2ZKqYM6avuqr5+FKSt5kO3vB
	skSqKfiazWtEiJU97rDYQuoHhKIPJrW803CA/o8Hdo3r242D7wrQ5WUmzRyifK5ovb2XQGE7i3q
	w+cCdc1QwFmP/QOfT/UF8Z2IQPl5Y6EeyzyFBbQ9r2PVmYm5S6MKCrpqF1y/Ea7LK0IPX8014Rv
	+WSeqsICs1QvRalQ6z6M4vSuDfLRh4rC8MyfuBUU462Az4ZjUGK9vvKetSHxtV/YeUW7pahfequ
	pJ215mUwO1FjpmGn+hHwq1+VSrmbAoPECCf9VhECOzC8Hn1Z19yBKeRvbtLa+Dv+8Vl5zd238JY
	UxtrmO43xyXGdqFuAsnmEcR090GL47B1cPeXxPKWxsgTszw==
X-Google-Smtp-Source: 
 AGHT+IEKYdGW49F1QRWZFaaOhXYtDEMXUm2DU7DUuF8lWq0D1h9ghowYA5zkYThRoQSb4KytgD1/BQ==
X-Received: by 2002:a05:6402:5049:b0:61c:e99d:fdef with SMTP id
 4fb4d7f45d1cf-62372bbf6cdmr15573109a12.2.1757579080505;
        Thu, 11 Sep 2025 01:24:40 -0700 (PDT)
From: Gerald Elder-Vass <gerald.elder-vass@cloud.com>
To: Xen-devel <xen-devel@lists.xenproject.org>
Cc: Gerald Elder-Vass <gerald.elder-vass@cloud.com>,
	=?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>,
	"Daniel P. Smith" <dpsmith@apertussolutions.com>,
	Jan Beulich <jbeulich@suse.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>,
	Anthony PERARD <anthony.perard@vates.tech>,
	Michal Orzel <michal.orzel@amd.com>,
	Julien Grall <julien@xen.org>,
	=?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com>,
	Stefano Stabellini <sstabellini@kernel.org>
Subject: [PATCH 3/3] efi: Limit Shim's Verify success to EFI_SUCCESS
Date: Thu, 11 Sep 2025 08:24:29 +0000
Message-ID: 
 <20fa42c198ab257085a49e157a2d0e58a0010393.1757519202.git.gerald.elder-vass@cloud.com>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1757519202.git.gerald.elder-vass@cloud.com>
References: <cover.1757519202.git.gerald.elder-vass@cloud.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @cloud.com)
X-ZM-MESSAGEID: 1757579107153116600

Commit 59a1d6d3ea1e replaced the Verify status check with
!EFI_ERROR(...), this changed the behaviour to consider any warnings
(EFI_WARN_) to be considered a successful verification.

This commit reverts that behaviour change.

Signed-off-by: Gerald Elder-Vass <gerald.elder-vass@cloud.com>
Reported-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---
CC: Marek Marczykowski-G=C3=B3recki <marmarek@invisiblethingslab.com>
CC: "Daniel P. Smith" <dpsmith@apertussolutions.com>
CC: Jan Beulich <jbeulich@suse.com>
CC: Andrew Cooper <andrew.cooper3@citrix.com>
CC: Anthony PERARD <anthony.perard@vates.tech>
CC: Michal Orzel <michal.orzel@amd.com>
CC: Julien Grall <julien@xen.org>
CC: "Roger Pau Monn=C3=A9" <roger.pau@citrix.com>
CC: Stefano Stabellini <sstabellini@kernel.org>
---
 xen/common/efi/boot.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c
index ca162db0d8d3..36e1e2cf9d4a 100644
--- a/xen/common/efi/boot.c
+++ b/xen/common/efi/boot.c
@@ -1090,7 +1090,7 @@ static void __init efi_verify_kernel(EFI_HANDLE Image=
Handle)
     if ( !verified &&
          !EFI_ERROR(efi_bs->LocateProtocol(&shim_lock_guid, NULL,
                                            (void **)&shim_lock)) &&
-         !EFI_ERROR(shim_lock->Verify(kernel.ptr, kernel.size)) )
+         shim_lock->Verify(kernel.ptr, kernel.size) =3D=3D EFI_SUCCESS )
         verified =3D true;
=20
     if ( !verified )
--=20
2.47.3