From: Mark Pearson mpearson-lenovo@squebb.ca
[ Upstream commit a0d6959c345d89d811288a718e3f6b145dcadc8c ]
Add extra error messages that are used by ThinkCenter platforms.
Signed-off-by: Kean Ren kean0048@gmail.com Signed-off-by: Mark Pearson mpearson-lenovo@squebb.ca Link: https://lore.kernel.org/r/20250903173824.1472244-4-mpearson-lenovo@squebb.ca Reviewed-by: Ilpo Järvinen ilpo.jarvinen@linux.intel.com Signed-off-by: Ilpo Järvinen ilpo.jarvinen@linux.intel.com Signed-off-by: Sasha Levin sashal@kernel.org ---
LLM Generated explanations, may be completely bogus:
YES
- What it fixes - On ThinkCentre systems, BIOS WMI calls for certificate operations can return TC‑specific strings that this driver did not recognize. Unknown strings fall back to -EPERM, so a successful operation could be reported as failure, and real failures would be collapsed into a generic error. This creates real user-facing breakage for sysfs writes that manage BIOS certificates.
- Where the bug is - Error mapping logic: `tlmi_errstr_to_err()` maps BIOS strings to errno by scanning `tlmi_errs[]`, and returns -EPERM on no match: drivers/platform/x86/lenovo/think-lmi.c:247–257. - All BIOS WMI method wrappers use this path via `tlmi_simple_call()`: drivers/platform/x86/lenovo/think-lmi.c:273–300. Any non-zero mapping is propagated as the sysfs write result.
- What changed - Added ThinkCentre-specific strings to the mapping table `tlmi_errs[]`: - Success string: `"Set Certificate operation was successful."` → `0` - Specific failure strings: invalid parameter/type/password, retry exceeded, password invalid, operation aborted, no free slots, certificate not found, internal error, certificate too large → appropriate `-EINVAL`, `-EACCES`, `-EBUSY`, `-ENOSPC`, `-EEXIST`, `-EFAULT`, `-EFBIG` - Location: drivers/platform/x86/lenovo/think-lmi.c:207–224 - This ensures ThinkCentre BIOS responses are properly interpreted instead of defaulting to -EPERM.
- Why it matters in practice - Certificate operations in this driver (e.g., install/update/clear certificate, cert→password) call `tlmi_simple_call()` with ThinkCentre certificate GUIDs (see call sites in `certificate_store()` and `cert_to_password_store()`): drivers/platform/x86/lenovo/think-lmi.c:841, 895–906, 795. With the old table, a genuine success response like `"Set Certificate operation was successful."` would be treated as an error (-EPERM), causing sysfs writes such as `.../authentication/*/certificate` to fail even though the BIOS accepted the operation. - The new entries also surface more precise errno for failures, improving diagnostics for userspace tools and admins.
- Risk and scope - Minimal: a localized addition to a string→errno table; no control flow or architectural changes. - Affects only Lenovo think-lmi driver behavior on ThinkCentre platforms when handling certificate-related WMI responses. - No user-visible API changes beyond correcting erroneous return codes; improves correctness and debuggability.
- Stable backport fit - Fixes a real user-impacting bug (false -EPERM on success, ambiguous errors). - Small, self-contained, and low-risk. - Confined to platform/x86/lenovo/think-lmi.
Given the above, this is a good candidate for stable backporting.
drivers/platform/x86/lenovo/think-lmi.c | 11 +++++++++++ 1 file changed, 11 insertions(+)
diff --git a/drivers/platform/x86/lenovo/think-lmi.c b/drivers/platform/x86/lenovo/think-lmi.c index 0992b41b6221d..e6a2c8e94cfdc 100644 --- a/drivers/platform/x86/lenovo/think-lmi.c +++ b/drivers/platform/x86/lenovo/think-lmi.c @@ -179,10 +179,21 @@ MODULE_PARM_DESC(debug_support, "Enable debug command support");
static const struct tlmi_err_codes tlmi_errs[] = { {"Success", 0}, + {"Set Certificate operation was successful.", 0}, {"Not Supported", -EOPNOTSUPP}, {"Invalid Parameter", -EINVAL}, {"Access Denied", -EACCES}, {"System Busy", -EBUSY}, + {"Set Certificate operation failed with status:Invalid Parameter.", -EINVAL}, + {"Set Certificate operation failed with status:Invalid certificate type.", -EINVAL}, + {"Set Certificate operation failed with status:Invalid password format.", -EINVAL}, + {"Set Certificate operation failed with status:Password retry count exceeded.", -EACCES}, + {"Set Certificate operation failed with status:Password Invalid.", -EACCES}, + {"Set Certificate operation failed with status:Operation aborted.", -EBUSY}, + {"Set Certificate operation failed with status:No free slots to write.", -ENOSPC}, + {"Set Certificate operation failed with status:Certificate not found.", -EEXIST}, + {"Set Certificate operation failed with status:Internal error.", -EFAULT}, + {"Set Certificate operation failed with status:Certificate too large.", -EFBIG}, };
static const char * const encoding_options[] = {