[Bug 2141276] Re: efi: Fix swapped arguments to bsearch() in efi_status_to_*() SAUCE patch

This bug is awaiting verification that the linux- nvidia-6.17/6.17.0-1017.17 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux- nvidia-6.17' to 'verification-done-noble-linux-nvidia-6.17'. If the problem still exists, change the tag 'verification-needed-noble-linux- nvidia-6.17' to 'verification-failed-noble-linux-nvidia-6.17'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-noble-linux-nvidia-6.17-v2 verification-needed-noble-linux-nvidia-6.17 -- You received this bug notification because you are subscribed to linux in Ubuntu. Matching subscriptions: Bgg, Bmail, Nb https://bugs.launchpad.net/bugs/2141276 Title: efi: Fix swapped arguments to bsearch() in efi_status_to_*() SAUCE patch Status in linux package in Ubuntu: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Noble: Fix Released Status in linux source package in Questing: Fix Released Status in linux source package in Resolute: Fix Released Bug description: [Impact] The swapped bsearch() arguments cause the function to calculate incorrect element offsets when searching the efi_error_codes array: - Buggy behavior: bsearch thinks there are 24 elements of 12 bytes each - Correct behavior: 12 elements of 24 bytes each (on 64-bit systems) This causes efi_status_to_err() and efi_status_to_str() to read at wrong memory offsets (every 12 bytes instead of every 24 bytes), potentially: - Returning incorrect errno values for EFI status codes - Returning wrong error description strings - Failing to find valid status codes and returning default error values These functions are used to translate EFI firmware error codes to Linux errno values and human-readable strings, affecting error reporting for EFI-related operations including secure boot and firmware variable access. [Test Plan] 1. Build kernel with the fix applied 2. Boot system with UEFI firmware 3. Trigger EFI error conditions that exercise efi_status_to_err() and efi_status_to_str(), such as: - Secure boot signature verification failures - EFI variable access errors - MOK (Machine Owner Key) operations 4. Verify dmesg shows correct EFI error messages 5. Compare error messages before and after the fix to confirm correct status code translation Alternatively, a unit test can verify the bsearch returns correct results: - Call efi_status_to_err() with known EFI status codes (e.g., EFI_SUCCESS, EFI_INVALID_PARAMETER, EFI_SECURITY_VIOLATION) - Verify correct errno values are returned (-EINVAL, -EACCES, etc.) [Where problems could occur] The fix swaps two adjacent function arguments. Potential issues: 1. The fix changes the search behavior, which could theoretically expose latent bugs in code that was accidentally working due to the incorrect search. For example, if code was relying on the -EINVAL fallback when bsearch failed to find a match, it might now receive a different (correct) errno value. 2. Since this affects EFI error reporting, any issues would manifest as incorrect error messages in dmesg or wrong return values from EFI operations. This could affect debugging but should not cause system instability. [Other Info] - Root cause: The bug was introduced in the SAUCE patch cherry-picked from kernel-ark commit 2ae9082db0b5: https://gitlab.com/cki-project/kernel-ark/-/commit/2ae9082db0b5 - Upstream fix: https://gitlab.com/cki-project/kernel-ark/-/commit/49bcc48074ba - bsearch(3) man page: https://man7.org/linux/man-pages/man3/bsearch.3.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2141276/+subscriptions