1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * EFI application memory management
4 *
5 * Copyright (c) 2016 Alexander Graf
6 */
7
8 #include <common.h>
9 #include <efi_loader.h>
10 #include <malloc.h>
11 #include <mapmem.h>
12 #include <watchdog.h>
13 #include <linux/list_sort.h>
14 #include <linux/sizes.h>
15
16 DECLARE_GLOBAL_DATA_PTR;
17
18 efi_uintn_t efi_memory_map_key;
19
20 struct efi_mem_list {
21 struct list_head link;
22 struct efi_mem_desc desc;
23 };
24
25 #define EFI_CARVE_NO_OVERLAP -1
26 #define EFI_CARVE_LOOP_AGAIN -2
27 #define EFI_CARVE_OVERLAPS_NONRAM -3
28
29 /* This list contains all memory map items */
30 LIST_HEAD(efi_mem);
31
32 #ifdef CONFIG_EFI_LOADER_BOUNCE_BUFFER
33 void *efi_bounce_buffer;
34 #endif
35
36 /*
37 * U-Boot services each EFI AllocatePool request as a separate
38 * (multiple) page allocation. We have to track the number of pages
39 * to be able to free the correct amount later.
40 * EFI requires 8 byte alignment for pool allocations, so we can
41 * prepend each allocation with an 64 bit header tracking the
42 * allocation size, and hand out the remainder to the caller.
43 */
44 struct efi_pool_allocation {
45 u64 num_pages;
46 char data[] __aligned(ARCH_DMA_MINALIGN);
47 };
48
49 /*
50 * Sorts the memory list from highest address to lowest address
51 *
52 * When allocating memory we should always start from the highest
53 * address chunk, so sort the memory list such that the first list
54 * iterator gets the highest address and goes lower from there.
55 */
efi_mem_cmp(void * priv,struct list_head * a,struct list_head * b)56 static int efi_mem_cmp(void *priv, struct list_head *a, struct list_head *b)
57 {
58 struct efi_mem_list *mema = list_entry(a, struct efi_mem_list, link);
59 struct efi_mem_list *memb = list_entry(b, struct efi_mem_list, link);
60
61 if (mema->desc.physical_start == memb->desc.physical_start)
62 return 0;
63 else if (mema->desc.physical_start < memb->desc.physical_start)
64 return 1;
65 else
66 return -1;
67 }
68
desc_get_end(struct efi_mem_desc * desc)69 static uint64_t desc_get_end(struct efi_mem_desc *desc)
70 {
71 return desc->physical_start + (desc->num_pages << EFI_PAGE_SHIFT);
72 }
73
efi_mem_sort(void)74 static void efi_mem_sort(void)
75 {
76 struct list_head *lhandle;
77 struct efi_mem_list *prevmem = NULL;
78 bool merge_again = true;
79
80 list_sort(NULL, &efi_mem, efi_mem_cmp);
81
82 /* Now merge entries that can be merged */
83 while (merge_again) {
84 merge_again = false;
85 list_for_each(lhandle, &efi_mem) {
86 struct efi_mem_list *lmem;
87 struct efi_mem_desc *prev = &prevmem->desc;
88 struct efi_mem_desc *cur;
89 uint64_t pages;
90
91 lmem = list_entry(lhandle, struct efi_mem_list, link);
92 if (!prevmem) {
93 prevmem = lmem;
94 continue;
95 }
96
97 cur = &lmem->desc;
98
99 if ((desc_get_end(cur) == prev->physical_start) &&
100 (prev->type == cur->type) &&
101 (prev->attribute == cur->attribute)) {
102 /* There is an existing map before, reuse it */
103 pages = cur->num_pages;
104 prev->num_pages += pages;
105 prev->physical_start -= pages << EFI_PAGE_SHIFT;
106 prev->virtual_start -= pages << EFI_PAGE_SHIFT;
107 list_del(&lmem->link);
108 free(lmem);
109
110 merge_again = true;
111 break;
112 }
113
114 prevmem = lmem;
115 }
116 }
117 }
118
119 /** efi_mem_carve_out - unmap memory region
120 *
121 * @map: memory map
122 * @carve_desc: memory region to unmap
123 * @overlap_only_ram: the carved out region may only overlap RAM
124 * Return Value: the number of overlapping pages which have been
125 * removed from the map,
126 * EFI_CARVE_NO_OVERLAP, if the regions don't overlap,
127 * EFI_CARVE_OVERLAPS_NONRAM, if the carve and map overlap,
128 * and the map contains anything but free ram
129 * (only when overlap_only_ram is true),
130 * EFI_CARVE_LOOP_AGAIN, if the mapping list should be
131 * traversed again, as it has been altered.
132 *
133 * Unmaps all memory occupied by the carve_desc region from the list entry
134 * pointed to by map.
135 *
136 * In case of EFI_CARVE_OVERLAPS_NONRAM it is the callers responsibility
137 * to re-add the already carved out pages to the mapping.
138 */
efi_mem_carve_out(struct efi_mem_list * map,struct efi_mem_desc * carve_desc,bool overlap_only_ram)139 static s64 efi_mem_carve_out(struct efi_mem_list *map,
140 struct efi_mem_desc *carve_desc,
141 bool overlap_only_ram)
142 {
143 struct efi_mem_list *newmap;
144 struct efi_mem_desc *map_desc = &map->desc;
145 uint64_t map_start = map_desc->physical_start;
146 uint64_t map_end = map_start + (map_desc->num_pages << EFI_PAGE_SHIFT);
147 uint64_t carve_start = carve_desc->physical_start;
148 uint64_t carve_end = carve_start +
149 (carve_desc->num_pages << EFI_PAGE_SHIFT);
150
151 /* check whether we're overlapping */
152 if ((carve_end <= map_start) || (carve_start >= map_end))
153 return EFI_CARVE_NO_OVERLAP;
154
155 /* We're overlapping with non-RAM, warn the caller if desired */
156 if (overlap_only_ram && (map_desc->type != EFI_CONVENTIONAL_MEMORY))
157 return EFI_CARVE_OVERLAPS_NONRAM;
158
159 /* Sanitize carve_start and carve_end to lie within our bounds */
160 carve_start = max(carve_start, map_start);
161 carve_end = min(carve_end, map_end);
162
163 /* Carving at the beginning of our map? Just move it! */
164 if (carve_start == map_start) {
165 if (map_end == carve_end) {
166 /* Full overlap, just remove map */
167 list_del(&map->link);
168 free(map);
169 } else {
170 map->desc.physical_start = carve_end;
171 map->desc.num_pages = (map_end - carve_end)
172 >> EFI_PAGE_SHIFT;
173 }
174
175 return (carve_end - carve_start) >> EFI_PAGE_SHIFT;
176 }
177
178 /*
179 * Overlapping maps, just split the list map at carve_start,
180 * it will get moved or removed in the next iteration.
181 *
182 * [ map_desc |__carve_start__| newmap ]
183 */
184
185 /* Create a new map from [ carve_start ... map_end ] */
186 newmap = calloc(1, sizeof(*newmap));
187 newmap->desc = map->desc;
188 newmap->desc.physical_start = carve_start;
189 newmap->desc.num_pages = (map_end - carve_start) >> EFI_PAGE_SHIFT;
190 /* Insert before current entry (descending address order) */
191 list_add_tail(&newmap->link, &map->link);
192
193 /* Shrink the map to [ map_start ... carve_start ] */
194 map_desc->num_pages = (carve_start - map_start) >> EFI_PAGE_SHIFT;
195
196 return EFI_CARVE_LOOP_AGAIN;
197 }
198
efi_add_memory_map(uint64_t start,uint64_t pages,int memory_type,bool overlap_only_ram)199 uint64_t efi_add_memory_map(uint64_t start, uint64_t pages, int memory_type,
200 bool overlap_only_ram)
201 {
202 struct list_head *lhandle;
203 struct efi_mem_list *newlist;
204 bool carve_again;
205 uint64_t carved_pages = 0;
206
207 debug("%s: 0x%llx 0x%llx %d %s\n", __func__,
208 start, pages, memory_type, overlap_only_ram ? "yes" : "no");
209
210 if (memory_type >= EFI_MAX_MEMORY_TYPE)
211 return EFI_INVALID_PARAMETER;
212
213 if (!pages)
214 return start;
215
216 ++efi_memory_map_key;
217 newlist = calloc(1, sizeof(*newlist));
218 newlist->desc.type = memory_type;
219 newlist->desc.physical_start = start;
220 newlist->desc.virtual_start = start;
221 newlist->desc.num_pages = pages;
222
223 switch (memory_type) {
224 case EFI_RUNTIME_SERVICES_CODE:
225 case EFI_RUNTIME_SERVICES_DATA:
226 newlist->desc.attribute = EFI_MEMORY_WB | EFI_MEMORY_RUNTIME;
227 break;
228 case EFI_MMAP_IO:
229 newlist->desc.attribute = EFI_MEMORY_RUNTIME;
230 break;
231 default:
232 newlist->desc.attribute = EFI_MEMORY_WB;
233 break;
234 }
235
236 /* Add our new map */
237 do {
238 carve_again = false;
239 list_for_each(lhandle, &efi_mem) {
240 struct efi_mem_list *lmem;
241 s64 r;
242
243 lmem = list_entry(lhandle, struct efi_mem_list, link);
244 r = efi_mem_carve_out(lmem, &newlist->desc,
245 overlap_only_ram);
246 switch (r) {
247 case EFI_CARVE_OVERLAPS_NONRAM:
248 /*
249 * The user requested to only have RAM overlaps,
250 * but we hit a non-RAM region. Error out.
251 */
252 return 0;
253 case EFI_CARVE_NO_OVERLAP:
254 /* Just ignore this list entry */
255 break;
256 case EFI_CARVE_LOOP_AGAIN:
257 /*
258 * We split an entry, but need to loop through
259 * the list again to actually carve it.
260 */
261 carve_again = true;
262 break;
263 default:
264 /* We carved a number of pages */
265 carved_pages += r;
266 carve_again = true;
267 break;
268 }
269
270 if (carve_again) {
271 /* The list changed, we need to start over */
272 break;
273 }
274 }
275 } while (carve_again);
276
277 if (overlap_only_ram && (carved_pages != pages)) {
278 /*
279 * The payload wanted to have RAM overlaps, but we overlapped
280 * with an unallocated region. Error out.
281 */
282 return 0;
283 }
284
285 /* Add our new map */
286 list_add_tail(&newlist->link, &efi_mem);
287
288 /* And make sure memory is listed in descending order */
289 efi_mem_sort();
290
291 return start;
292 }
293
efi_find_free_memory(uint64_t len,uint64_t max_addr)294 static uint64_t efi_find_free_memory(uint64_t len, uint64_t max_addr)
295 {
296 struct list_head *lhandle;
297
298 /*
299 * Prealign input max address, so we simplify our matching
300 * logic below and can just reuse it as return pointer.
301 */
302 max_addr &= ~EFI_PAGE_MASK;
303
304 list_for_each(lhandle, &efi_mem) {
305 struct efi_mem_list *lmem = list_entry(lhandle,
306 struct efi_mem_list, link);
307 struct efi_mem_desc *desc = &lmem->desc;
308 uint64_t desc_len = desc->num_pages << EFI_PAGE_SHIFT;
309 uint64_t desc_end = desc->physical_start + desc_len;
310 uint64_t curmax = min(max_addr, desc_end);
311 uint64_t ret = curmax - len;
312
313 /* We only take memory from free RAM */
314 if (desc->type != EFI_CONVENTIONAL_MEMORY)
315 continue;
316
317 /* Out of bounds for max_addr */
318 if ((ret + len) > max_addr)
319 continue;
320
321 /* Out of bounds for upper map limit */
322 if ((ret + len) > desc_end)
323 continue;
324
325 /* Out of bounds for lower map limit */
326 if (ret < desc->physical_start)
327 continue;
328
329 /* Return the highest address in this map within bounds */
330 return ret;
331 }
332
333 return 0;
334 }
335
336 /*
337 * Allocate memory pages.
338 *
339 * @type type of allocation to be performed
340 * @memory_type usage type of the allocated memory
341 * @pages number of pages to be allocated
342 * @memory allocated memory
343 * @return status code
344 */
efi_allocate_pages(int type,int memory_type,efi_uintn_t pages,uint64_t * memory)345 efi_status_t efi_allocate_pages(int type, int memory_type,
346 efi_uintn_t pages, uint64_t *memory)
347 {
348 u64 len = pages << EFI_PAGE_SHIFT;
349 efi_status_t r = EFI_SUCCESS;
350 uint64_t addr;
351
352 if (!memory)
353 return EFI_INVALID_PARAMETER;
354
355 switch (type) {
356 case EFI_ALLOCATE_ANY_PAGES:
357 /* Any page */
358 addr = efi_find_free_memory(len, -1ULL);
359 if (!addr) {
360 r = EFI_NOT_FOUND;
361 break;
362 }
363 break;
364 case EFI_ALLOCATE_MAX_ADDRESS:
365 /* Max address */
366 addr = efi_find_free_memory(len, *memory);
367 if (!addr) {
368 r = EFI_NOT_FOUND;
369 break;
370 }
371 break;
372 case EFI_ALLOCATE_ADDRESS:
373 /* Exact address, reserve it. The addr is already in *memory. */
374 addr = *memory;
375 break;
376 default:
377 /* UEFI doesn't specify other allocation types */
378 r = EFI_INVALID_PARAMETER;
379 break;
380 }
381
382 if (r == EFI_SUCCESS) {
383 uint64_t ret;
384
385 /* Reserve that map in our memory maps */
386 ret = efi_add_memory_map(addr, pages, memory_type, true);
387 if (ret == addr) {
388 *memory = addr;
389 } else {
390 /* Map would overlap, bail out */
391 r = EFI_OUT_OF_RESOURCES;
392 }
393 }
394
395 return r;
396 }
397
efi_alloc(uint64_t len,int memory_type)398 void *efi_alloc(uint64_t len, int memory_type)
399 {
400 uint64_t ret = 0;
401 uint64_t pages = efi_size_in_pages(len);
402 efi_status_t r;
403
404 r = efi_allocate_pages(EFI_ALLOCATE_ANY_PAGES, memory_type, pages,
405 &ret);
406 if (r == EFI_SUCCESS)
407 return (void*)(uintptr_t)ret;
408
409 return NULL;
410 }
411
412 /*
413 * Free memory pages.
414 *
415 * @memory start of the memory area to be freed
416 * @pages number of pages to be freed
417 * @return status code
418 */
efi_free_pages(uint64_t memory,efi_uintn_t pages)419 efi_status_t efi_free_pages(uint64_t memory, efi_uintn_t pages)
420 {
421 uint64_t r = 0;
422
423 r = efi_add_memory_map(memory, pages, EFI_CONVENTIONAL_MEMORY, false);
424 /* Merging of adjacent free regions is missing */
425
426 if (r == memory)
427 return EFI_SUCCESS;
428
429 return EFI_NOT_FOUND;
430 }
431
432 /*
433 * Allocate memory from pool.
434 *
435 * @pool_type type of the pool from which memory is to be allocated
436 * @size number of bytes to be allocated
437 * @buffer allocated memory
438 * @return status code
439 */
efi_allocate_pool(int pool_type,efi_uintn_t size,void ** buffer)440 efi_status_t efi_allocate_pool(int pool_type, efi_uintn_t size, void **buffer)
441 {
442 efi_status_t r;
443 u64 addr;
444 struct efi_pool_allocation *alloc;
445 u64 num_pages = efi_size_in_pages(size +
446 sizeof(struct efi_pool_allocation));
447
448 if (!buffer)
449 return EFI_INVALID_PARAMETER;
450
451 if (size == 0) {
452 *buffer = NULL;
453 return EFI_SUCCESS;
454 }
455
456 r = efi_allocate_pages(EFI_ALLOCATE_ANY_PAGES, pool_type, num_pages,
457 &addr);
458 if (r == EFI_SUCCESS) {
459 alloc = (struct efi_pool_allocation *)(uintptr_t)addr;
460 alloc->num_pages = num_pages;
461 *buffer = alloc->data;
462 }
463
464 return r;
465 }
466
467 /*
468 * Free memory from pool.
469 *
470 * @buffer start of memory to be freed
471 * @return status code
472 */
efi_free_pool(void * buffer)473 efi_status_t efi_free_pool(void *buffer)
474 {
475 efi_status_t r;
476 struct efi_pool_allocation *alloc;
477
478 if (buffer == NULL)
479 return EFI_INVALID_PARAMETER;
480
481 alloc = container_of(buffer, struct efi_pool_allocation, data);
482 /* Sanity check, was the supplied address returned by allocate_pool */
483 assert(((uintptr_t)alloc & EFI_PAGE_MASK) == 0);
484
485 r = efi_free_pages((uintptr_t)alloc, alloc->num_pages);
486
487 return r;
488 }
489
490 /*
491 * Get map describing memory usage.
492 *
493 * @memory_map_size on entry the size, in bytes, of the memory map buffer,
494 * on exit the size of the copied memory map
495 * @memory_map buffer to which the memory map is written
496 * @map_key key for the memory map
497 * @descriptor_size size of an individual memory descriptor
498 * @descriptor_version version number of the memory descriptor structure
499 * @return status code
500 */
efi_get_memory_map(efi_uintn_t * memory_map_size,struct efi_mem_desc * memory_map,efi_uintn_t * map_key,efi_uintn_t * descriptor_size,uint32_t * descriptor_version)501 efi_status_t efi_get_memory_map(efi_uintn_t *memory_map_size,
502 struct efi_mem_desc *memory_map,
503 efi_uintn_t *map_key,
504 efi_uintn_t *descriptor_size,
505 uint32_t *descriptor_version)
506 {
507 efi_uintn_t map_size = 0;
508 int map_entries = 0;
509 struct list_head *lhandle;
510 efi_uintn_t provided_map_size;
511
512 if (!memory_map_size)
513 return EFI_INVALID_PARAMETER;
514
515 provided_map_size = *memory_map_size;
516
517 list_for_each(lhandle, &efi_mem)
518 map_entries++;
519
520 map_size = map_entries * sizeof(struct efi_mem_desc);
521
522 *memory_map_size = map_size;
523
524 if (provided_map_size < map_size)
525 return EFI_BUFFER_TOO_SMALL;
526
527 if (!memory_map)
528 return EFI_INVALID_PARAMETER;
529
530 if (descriptor_size)
531 *descriptor_size = sizeof(struct efi_mem_desc);
532
533 if (descriptor_version)
534 *descriptor_version = EFI_MEMORY_DESCRIPTOR_VERSION;
535
536 /* Copy list into array */
537 /* Return the list in ascending order */
538 memory_map = &memory_map[map_entries - 1];
539 list_for_each(lhandle, &efi_mem) {
540 struct efi_mem_list *lmem;
541
542 lmem = list_entry(lhandle, struct efi_mem_list, link);
543 *memory_map = lmem->desc;
544 memory_map--;
545 }
546
547 if (map_key)
548 *map_key = efi_memory_map_key;
549
550 return EFI_SUCCESS;
551 }
552
efi_add_known_memory(void)553 __weak void efi_add_known_memory(void)
554 {
555 u64 ram_top = board_get_usable_ram_top(0) & ~EFI_PAGE_MASK;
556 int i;
557
558 /*
559 * ram_top is just outside mapped memory. So use an offset of one for
560 * mapping the sandbox address.
561 */
562 ram_top = (uintptr_t)map_sysmem(ram_top - 1, 0) + 1;
563
564 /* Fix for 32bit targets with ram_top at 4G */
565 if (!ram_top)
566 ram_top = 0x100000000ULL;
567
568 /* Add RAM */
569 for (i = 0; i < CONFIG_NR_DRAM_BANKS; i++) {
570 u64 ram_end, ram_start, pages;
571
572 ram_start = (uintptr_t)map_sysmem(gd->bd->bi_dram[i].start, 0);
573 ram_end = ram_start + gd->bd->bi_dram[i].size;
574
575 /* Remove partial pages */
576 ram_end &= ~EFI_PAGE_MASK;
577 ram_start = (ram_start + EFI_PAGE_MASK) & ~EFI_PAGE_MASK;
578
579 if (ram_end <= ram_start) {
580 /* Invalid mapping, keep going. */
581 continue;
582 }
583
584 pages = (ram_end - ram_start) >> EFI_PAGE_SHIFT;
585
586 efi_add_memory_map(ram_start, pages,
587 EFI_CONVENTIONAL_MEMORY, false);
588
589 /*
590 * Boards may indicate to the U-Boot memory core that they
591 * can not support memory above ram_top. Let's honor this
592 * in the efi_loader subsystem too by declaring any memory
593 * above ram_top as "already occupied by firmware".
594 */
595 if (ram_top < ram_start) {
596 /* ram_top is before this region, reserve all */
597 efi_add_memory_map(ram_start, pages,
598 EFI_BOOT_SERVICES_DATA, true);
599 } else if ((ram_top >= ram_start) && (ram_top < ram_end)) {
600 /* ram_top is inside this region, reserve parts */
601 pages = (ram_end - ram_top) >> EFI_PAGE_SHIFT;
602
603 efi_add_memory_map(ram_top, pages,
604 EFI_BOOT_SERVICES_DATA, true);
605 }
606 }
607 }
608
609 /* Add memory regions for U-Boot's memory and for the runtime services code */
add_u_boot_and_runtime(void)610 static void add_u_boot_and_runtime(void)
611 {
612 unsigned long runtime_start, runtime_end, runtime_pages;
613 unsigned long runtime_mask = EFI_PAGE_MASK;
614 unsigned long uboot_start, uboot_pages;
615 unsigned long uboot_stack_size = 16 * 1024 * 1024;
616
617 /* Add U-Boot */
618 uboot_start = (gd->start_addr_sp - uboot_stack_size) & ~EFI_PAGE_MASK;
619 uboot_pages = (gd->ram_top - uboot_start) >> EFI_PAGE_SHIFT;
620 efi_add_memory_map(uboot_start, uboot_pages, EFI_LOADER_DATA, false);
621
622 #if defined(__aarch64__)
623 /*
624 * Runtime Services must be 64KiB aligned according to the
625 * "AArch64 Platforms" section in the UEFI spec (2.7+).
626 */
627
628 runtime_mask = SZ_64K - 1;
629 #endif
630
631 /*
632 * Add Runtime Services. We mark surrounding boottime code as runtime as
633 * well to fulfill the runtime alignment constraints but avoid padding.
634 */
635 runtime_start = (ulong)&__efi_runtime_start & ~runtime_mask;
636 runtime_end = (ulong)&__efi_runtime_stop;
637 runtime_end = (runtime_end + runtime_mask) & ~runtime_mask;
638 runtime_pages = (runtime_end - runtime_start) >> EFI_PAGE_SHIFT;
639 efi_add_memory_map(runtime_start, runtime_pages,
640 EFI_RUNTIME_SERVICES_CODE, false);
641 }
642
efi_memory_init(void)643 int efi_memory_init(void)
644 {
645 efi_add_known_memory();
646
647 if (!IS_ENABLED(CONFIG_SANDBOX))
648 add_u_boot_and_runtime();
649
650 #ifdef CONFIG_EFI_LOADER_BOUNCE_BUFFER
651 /* Request a 32bit 64MB bounce buffer region */
652 uint64_t efi_bounce_buffer_addr = 0xffffffff;
653
654 if (efi_allocate_pages(EFI_ALLOCATE_MAX_ADDRESS, EFI_LOADER_DATA,
655 (64 * 1024 * 1024) >> EFI_PAGE_SHIFT,
656 &efi_bounce_buffer_addr) != EFI_SUCCESS)
657 return -1;
658
659 efi_bounce_buffer = (void*)(uintptr_t)efi_bounce_buffer_addr;
660 #endif
661
662 return 0;
663 }
664