X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=lib%2Fefi_loader%2Fefi_memory.c;h=4c0216b1d245a1a8914d34a6f3c83a7093adab05;hb=b225c92fd0c0b09b99e2290c5e42708f9046a7a2;hp=ebd2b36c03d7042700ea3a21ffa9155ef06f4fc8;hpb=63f7e3fca391a50a499fed828fe16325fdee45f3;p=oweals%2Fu-boot.git

diff --git a/lib/efi_loader/efi_memory.c b/lib/efi_loader/efi_memory.c
index ebd2b36c03..4c0216b1d2 100644
--- a/lib/efi_loader/efi_memory.c
+++ b/lib/efi_loader/efi_memory.c
@@ -15,6 +15,9 @@
 
 DECLARE_GLOBAL_DATA_PTR;
 
+/* Magic number identifying memory allocated from pool */
+#define EFI_ALLOC_POOL_MAGIC 0x1fe67ddf6491caa2
+
 efi_uintn_t efi_memory_map_key;
 
 struct efi_mem_list {
@@ -33,7 +36,12 @@ LIST_HEAD(efi_mem);
 void *efi_bounce_buffer;
 #endif
 
-/*
+/**
+ * efi_pool_allocation - memory block allocated from pool
+ *
+ * @num_pages:	number of pages allocated
+ * @checksum:	checksum
+ *
  * U-Boot services each EFI AllocatePool request as a separate
  * (multiple) page allocation.  We have to track the number of pages
  * to be able to free the correct amount later.
@@ -43,9 +51,26 @@ void *efi_bounce_buffer;
  */
 struct efi_pool_allocation {
 	u64 num_pages;
+	u64 checksum;
 	char data[] __aligned(ARCH_DMA_MINALIGN);
 };
 
+/**
+ * checksum() - calculate checksum for memory allocated from pool
+ *
+ * @alloc:	allocation header
+ * Return:	checksum, always non-zero
+ */
+static u64 checksum(struct efi_pool_allocation *alloc)
+{
+	u64 addr = (uintptr_t)alloc;
+	u64 ret = (addr >> 32) ^ (addr << 32) ^ alloc->num_pages ^
+		  EFI_ALLOC_POOL_MAGIC;
+	if (!ret)
+		++ret;
+	return ret;
+}
+
 /*
  * Sorts the memory list from highest address to lowest address
  *
@@ -168,6 +193,7 @@ static s64 efi_mem_carve_out(struct efi_mem_list *map,
 			free(map);
 		} else {
 			map->desc.physical_start = carve_end;
+			map->desc.virtual_start = carve_end;
 			map->desc.num_pages = (map_end - carve_end)
 					      >> EFI_PAGE_SHIFT;
 		}
@@ -186,6 +212,7 @@ static s64 efi_mem_carve_out(struct efi_mem_list *map,
 	newmap = calloc(1, sizeof(*newmap));
 	newmap->desc = map->desc;
 	newmap->desc.physical_start = carve_start;
+	newmap->desc.virtual_start = carve_start;
 	newmap->desc.num_pages = (map_end - carve_start) >> EFI_PAGE_SHIFT;
 	/* Insert before current entry (descending address order) */
 	list_add_tail(&newmap->link, &map->link);
@@ -196,22 +223,32 @@ static s64 efi_mem_carve_out(struct efi_mem_list *map,
 	return EFI_CARVE_LOOP_AGAIN;
 }
 
-uint64_t efi_add_memory_map(uint64_t start, uint64_t pages, int memory_type,
-			    bool overlap_only_ram)
+/**
+ * efi_add_memory_map() - add memory area to the memory map
+ *
+ * @start:		start address, must be a multiple of EFI_PAGE_SIZE
+ * @pages:		number of pages to add
+ * @memory_type:	type of memory added
+ * @overlap_only_ram:	the memory area must overlap existing
+ * Return:		status code
+ */
+efi_status_t efi_add_memory_map(uint64_t start, uint64_t pages, int memory_type,
+				bool overlap_only_ram)
 {
 	struct list_head *lhandle;
 	struct efi_mem_list *newlist;
 	bool carve_again;
 	uint64_t carved_pages = 0;
+	struct efi_event *evt;
 
-	debug("%s: 0x%llx 0x%llx %d %s\n", __func__,
-	      start, pages, memory_type, overlap_only_ram ? "yes" : "no");
+	EFI_PRINT("%s: 0x%llx 0x%llx %d %s\n", __func__,
+		  start, pages, memory_type, overlap_only_ram ? "yes" : "no");
 
 	if (memory_type >= EFI_MAX_MEMORY_TYPE)
 		return EFI_INVALID_PARAMETER;
 
 	if (!pages)
-		return start;
+		return EFI_SUCCESS;
 
 	++efi_memory_map_key;
 	newlist = calloc(1, sizeof(*newlist));
@@ -249,7 +286,7 @@ uint64_t efi_add_memory_map(uint64_t start, uint64_t pages, int memory_type,
 				 * The user requested to only have RAM overlaps,
 				 * but we hit a non-RAM region. Error out.
 				 */
-				return 0;
+				return EFI_NO_MAPPING;
 			case EFI_CARVE_NO_OVERLAP:
 				/* Just ignore this list entry */
 				break;
@@ -279,7 +316,7 @@ uint64_t efi_add_memory_map(uint64_t start, uint64_t pages, int memory_type,
 		 * The payload wanted to have RAM overlaps, but we overlapped
 		 * with an unallocated region. Error out.
 		 */
-		return 0;
+		return EFI_NO_MAPPING;
 	}
 
 	/* Add our new map */
@@ -288,7 +325,52 @@ uint64_t efi_add_memory_map(uint64_t start, uint64_t pages, int memory_type,
 	/* And make sure memory is listed in descending order */
 	efi_mem_sort();
 
-	return start;
+	/* Notify that the memory map was changed */
+	list_for_each_entry(evt, &efi_events, link) {
+		if (evt->group &&
+		    !guidcmp(evt->group,
+			     &efi_guid_event_group_memory_map_change)) {
+			efi_signal_event(evt);
+			break;
+		}
+	}
+
+	return EFI_SUCCESS;
+}
+
+/**
+ * efi_check_allocated() - validate address to be freed
+ *
+ * Check that the address is within allocated memory:
+ *
+ * * The address must be in a range of the memory map.
+ * * The address may not point to EFI_CONVENTIONAL_MEMORY.
+ *
+ * Page alignment is not checked as this is not a requirement of
+ * efi_free_pool().
+ *
+ * @addr:		address of page to be freed
+ * @must_be_allocated:	return success if the page is allocated
+ * Return:		status code
+ */
+static efi_status_t efi_check_allocated(u64 addr, bool must_be_allocated)
+{
+	struct efi_mem_list *item;
+
+	list_for_each_entry(item, &efi_mem, link) {
+		u64 start = item->desc.physical_start;
+		u64 end = start + (item->desc.num_pages << EFI_PAGE_SHIFT);
+
+		if (addr >= start && addr < end) {
+			if (must_be_allocated ^
+			    (item->desc.type == EFI_CONVENTIONAL_MEMORY))
+				return EFI_SUCCESS;
+			else
+				return EFI_NOT_FOUND;
+		}
+	}
+
+	return EFI_NOT_FOUND;
 }
 
 static uint64_t efi_find_free_memory(uint64_t len, uint64_t max_addr)
@@ -346,9 +428,13 @@ efi_status_t efi_allocate_pages(int type, int memory_type,
 				efi_uintn_t pages, uint64_t *memory)
 {
 	u64 len = pages << EFI_PAGE_SHIFT;
-	efi_status_t r = EFI_SUCCESS;
+	efi_status_t ret;
 	uint64_t addr;
 
+	/* Check import parameters */
+	if (memory_type >= EFI_PERSISTENT_MEMORY_TYPE &&
+	    memory_type <= 0x6FFFFFFF)
+		return EFI_INVALID_PARAMETER;
 	if (!memory)
 		return EFI_INVALID_PARAMETER;
 
@@ -356,43 +442,35 @@ efi_status_t efi_allocate_pages(int type, int memory_type,
 	case EFI_ALLOCATE_ANY_PAGES:
 		/* Any page */
 		addr = efi_find_free_memory(len, -1ULL);
-		if (!addr) {
-			r = EFI_NOT_FOUND;
-			break;
-		}
+		if (!addr)
+			return EFI_OUT_OF_RESOURCES;
 		break;
 	case EFI_ALLOCATE_MAX_ADDRESS:
 		/* Max address */
 		addr = efi_find_free_memory(len, *memory);
-		if (!addr) {
-			r = EFI_NOT_FOUND;
-			break;
-		}
+		if (!addr)
+			return EFI_OUT_OF_RESOURCES;
 		break;
 	case EFI_ALLOCATE_ADDRESS:
 		/* Exact address, reserve it. The addr is already in *memory. */
+		ret = efi_check_allocated(*memory, false);
+		if (ret != EFI_SUCCESS)
+			return EFI_NOT_FOUND;
 		addr = *memory;
 		break;
 	default:
 		/* UEFI doesn't specify other allocation types */
-		r = EFI_INVALID_PARAMETER;
-		break;
+		return EFI_INVALID_PARAMETER;
 	}
 
-	if (r == EFI_SUCCESS) {
-		uint64_t ret;
+	/* Reserve that map in our memory maps */
+	if (efi_add_memory_map(addr, pages, memory_type, true) != EFI_SUCCESS)
+		/* Map would overlap, bail out */
+		return  EFI_OUT_OF_RESOURCES;
 
-		/* Reserve that map in our memory maps */
-		ret = efi_add_memory_map(addr, pages, memory_type, true);
-		if (ret == addr) {
-			*memory = addr;
-		} else {
-			/* Map would overlap, bail out */
-			r = EFI_OUT_OF_RESOURCES;
-		}
-	}
+	*memory = addr;
 
-	return r;
+	return EFI_SUCCESS;
 }
 
 void *efi_alloc(uint64_t len, int memory_type)
@@ -409,37 +487,49 @@ void *efi_alloc(uint64_t len, int memory_type)
 	return NULL;
 }
 
-/*
- * Free memory pages.
+/**
+ * efi_free_pages() - free memory pages
  *
- * @memory	start of the memory area to be freed
- * @pages	number of pages to be freed
- * @return	status code
+ * @memory:	start of the memory area to be freed
+ * @pages:	number of pages to be freed
+ * Return:	status code
  */
 efi_status_t efi_free_pages(uint64_t memory, efi_uintn_t pages)
 {
-	uint64_t r = 0;
+	efi_status_t ret;
+
+	ret = efi_check_allocated(memory, true);
+	if (ret != EFI_SUCCESS)
+		return ret;
 
-	r = efi_add_memory_map(memory, pages, EFI_CONVENTIONAL_MEMORY, false);
+	/* Sanity check */
+	if (!memory || (memory & EFI_PAGE_MASK) || !pages) {
+		printf("%s: illegal free 0x%llx, 0x%zx\n", __func__,
+		       memory, pages);
+		return EFI_INVALID_PARAMETER;
+	}
+
+	ret = efi_add_memory_map(memory, pages, EFI_CONVENTIONAL_MEMORY, false);
 	/* Merging of adjacent free regions is missing */
 
-	if (r == memory)
-		return EFI_SUCCESS;
+	if (ret != EFI_SUCCESS)
+		return EFI_NOT_FOUND;
 
-	return EFI_NOT_FOUND;
+	return ret;
 }
 
-/*
- * Allocate memory from pool.
+/**
+ * efi_allocate_pool - allocate memory from pool
  *
- * @pool_type	type of the pool from which memory is to be allocated
- * @size	number of bytes to be allocated
- * @buffer	allocated memory
- * @return	status code
+ * @pool_type:	type of the pool from which memory is to be allocated
+ * @size:	number of bytes to be allocated
+ * @buffer:	allocated memory
+ * Return:	status code
  */
 efi_status_t efi_allocate_pool(int pool_type, efi_uintn_t size, void **buffer)
 {
 	efi_status_t r;
+	u64 addr;
 	struct efi_pool_allocation *alloc;
 	u64 num_pages = efi_size_in_pages(size +
 					  sizeof(struct efi_pool_allocation));
@@ -453,37 +543,49 @@ efi_status_t efi_allocate_pool(int pool_type, efi_uintn_t size, void **buffer)
 	}
 
 	r = efi_allocate_pages(EFI_ALLOCATE_ANY_PAGES, pool_type, num_pages,
-			       (uint64_t *)&alloc);
-
+			       &addr);
 	if (r == EFI_SUCCESS) {
+		alloc = (struct efi_pool_allocation *)(uintptr_t)addr;
 		alloc->num_pages = num_pages;
+		alloc->checksum = checksum(alloc);
 		*buffer = alloc->data;
 	}
 
 	return r;
 }
 
-/*
- * Free memory from pool.
+/**
+ * efi_free_pool() - free memory from pool
  *
- * @buffer	start of memory to be freed
- * @return	status code
+ * @buffer:	start of memory to be freed
+ * Return:	status code
  */
 efi_status_t efi_free_pool(void *buffer)
 {
-	efi_status_t r;
+	efi_status_t ret;
 	struct efi_pool_allocation *alloc;
 
-	if (buffer == NULL)
+	if (!buffer)
 		return EFI_INVALID_PARAMETER;
 
+	ret = efi_check_allocated((uintptr_t)buffer, true);
+	if (ret != EFI_SUCCESS)
+		return ret;
+
 	alloc = container_of(buffer, struct efi_pool_allocation, data);
-	/* Sanity check, was the supplied address returned by allocate_pool */
-	assert(((uintptr_t)alloc & EFI_PAGE_MASK) == 0);
 
-	r = efi_free_pages((uintptr_t)alloc, alloc->num_pages);
+	/* Check that this memory was allocated by efi_allocate_pool() */
+	if (((uintptr_t)alloc & EFI_PAGE_MASK) ||
+	    alloc->checksum != checksum(alloc)) {
+		printf("%s: illegal free 0x%p\n", __func__, buffer);
+		return EFI_INVALID_PARAMETER;
+	}
+	/* Avoid double free */
+	alloc->checksum = 0;
 
-	return r;
+	ret = efi_free_pages((uintptr_t)alloc, alloc->num_pages);
+
+	return ret;
 }
 
 /*