Re: [PATCH 2/2] arm64: efi: Pass reboot cmd parameter to efi_reboot()
From: Sumit Garg <sumit.garg@kernel.org>
Date: 2025-11-14 12:16:18
Also in:
linux-arm-msm, linux-efi, lkml
On Fri, Nov 14, 2025 at 10:35:33AM +0100, Ard Biesheuvel wrote:
On Fri, 14 Nov 2025 at 10:33, Ard Biesheuvel [off-list ref] wrote:quoted
On Fri, 14 Nov 2025 at 10:31, Sumit Garg [off-list ref] wrote:quoted
On Fri, Nov 14, 2025 at 10:26:03AM +0100, Ard Biesheuvel wrote:quoted
On Fri, 14 Nov 2025 at 09:51, Sumit Garg [off-list ref] wrote:quoted
From: Sumit Garg <redacted> EFI ResetSystem runtime service allows for platform specific reset type allowing the OS to pass reset data for the UEFI implementation to take corresponding action. So lets pass the reboot cmd parameter for the EFI driver to determine whether it's a platform specific reset requested or not. Signed-off-by: Sumit Garg <redacted> --- arch/arm64/kernel/process.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index fba7ca102a8c..51784986c568 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c@@ -136,7 +136,7 @@ void machine_restart(char *cmd) * ResetSystem(). */ if (efi_enabled(EFI_RUNTIME_SERVICES)) - efi_reboot(reboot_mode, NULL); + efi_reboot(reboot_mode, cmd);I agree with the general principle. However, there are already existing callers of kernel_restart() that would end up passing a random string to efi_reboot(), resulting in platform specific reset with undefined result.Yeah true but the UEFI spec says: "If the platform does not recognize the EFI_GUID in ResetData the platform must pick a supported reset type to perform. The platform may optionally log the parameters from any non-normal reset that occurs." So, in these cases the UEFI implementation can fallback to normal reset optionally logging the reset data being passed. Does that sounds reasonable to you?What the UEFI spec says might deviate from how real platforms in the field will behave when being passed a reset type that nobody ever tried passing before.
I suppose from OS point of view, we need to follow the UEFI specification. However, there will be scope for quirks later if the real world problems occur. Currently, in case of EFI reboot we are just ignoring the reboot cmd parameter. If you have in mind any sanity checks we should do here then feel free to propose and I can try to implement them.
Also, the GUID is expected to follow an unbounded NULL terminated UTF-16 string in memory, so we could easily cause a crash by doing this if \0\0 doesn't appear in the memory following the string.
Okay I see, would following change on top of this patchset address this concern?
--- a/drivers/firmware/efi/reboot.c
+++ b/drivers/firmware/efi/reboot.c@@ -5,6 +5,7 @@ */ #include <linux/efi.h> #include <linux/reboot.h> +#include <linux/ucs2_string.h> static struct sys_off_handler *efi_sys_off_handler;
@@ -14,11 +15,18 @@ void efi_reboot(enum reboot_mode reboot_mode, const char *data) { const char *str[] = { "cold", "warm", "shutdown", "platform" }; int efi_mode, cap_reset_mode; + unsigned long reset_data_sz = 0; + efi_char16_t *reset_data = NULL; if (!efi_rt_services_supported(EFI_RT_SUPPORTED_RESET_SYSTEM)) return; if (data) { + reset_data_sz = ucs2_strlen(data) * sizeof(efi_char16_t); + reset_data = kzalloc(reset_data_sz + 2, GFP_KERNEL); + memcpy(reset_data, data, reset_data_sz); + reset_data_sz += 2; + efi_mode = EFI_RESET_PLATFORM_SPECIFIC; } else { switch (reboot_mode) {
@@ -47,8 +55,7 @@ void efi_reboot(enum reboot_mode reboot_mode, const char *data) efi_mode = cap_reset_mode; } - efi.reset_system(efi_mode, EFI_SUCCESS, sizeof(data), - (efi_char16_t *)data); + efi.reset_system(efi_mode, EFI_SUCCESS, reset_data_sz, reset_data); } bool __weak efi_poweroff_required(void) -Sumit