xref: /openbmc/u-boot/lib/efi_loader/efi_memory.c (revision 90571a4a)
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  *  EFI application memory management
4  *
5  *  Copyright (c) 2016 Alexander Graf
6  */
7 
8 #include <common.h>
9 #include <efi_loader.h>
10 #include <malloc.h>
11 #include <mapmem.h>
12 #include <watchdog.h>
13 #include <linux/list_sort.h>
14 #include <linux/sizes.h>
15 
16 DECLARE_GLOBAL_DATA_PTR;
17 
18 efi_uintn_t efi_memory_map_key;
19 
20 struct efi_mem_list {
21 	struct list_head link;
22 	struct efi_mem_desc desc;
23 };
24 
25 #define EFI_CARVE_NO_OVERLAP		-1
26 #define EFI_CARVE_LOOP_AGAIN		-2
27 #define EFI_CARVE_OVERLAPS_NONRAM	-3
28 
29 /* This list contains all memory map items */
30 LIST_HEAD(efi_mem);
31 
32 #ifdef CONFIG_EFI_LOADER_BOUNCE_BUFFER
33 void *efi_bounce_buffer;
34 #endif
35 
36 /*
37  * U-Boot services each EFI AllocatePool request as a separate
38  * (multiple) page allocation.  We have to track the number of pages
39  * to be able to free the correct amount later.
40  * EFI requires 8 byte alignment for pool allocations, so we can
41  * prepend each allocation with an 64 bit header tracking the
42  * allocation size, and hand out the remainder to the caller.
43  */
44 struct efi_pool_allocation {
45 	u64 num_pages;
46 	char data[] __aligned(ARCH_DMA_MINALIGN);
47 };
48 
49 /*
50  * Sorts the memory list from highest address to lowest address
51  *
52  * When allocating memory we should always start from the highest
53  * address chunk, so sort the memory list such that the first list
54  * iterator gets the highest address and goes lower from there.
55  */
56 static int efi_mem_cmp(void *priv, struct list_head *a, struct list_head *b)
57 {
58 	struct efi_mem_list *mema = list_entry(a, struct efi_mem_list, link);
59 	struct efi_mem_list *memb = list_entry(b, struct efi_mem_list, link);
60 
61 	if (mema->desc.physical_start == memb->desc.physical_start)
62 		return 0;
63 	else if (mema->desc.physical_start < memb->desc.physical_start)
64 		return 1;
65 	else
66 		return -1;
67 }
68 
69 static uint64_t desc_get_end(struct efi_mem_desc *desc)
70 {
71 	return desc->physical_start + (desc->num_pages << EFI_PAGE_SHIFT);
72 }
73 
74 static void efi_mem_sort(void)
75 {
76 	struct list_head *lhandle;
77 	struct efi_mem_list *prevmem = NULL;
78 	bool merge_again = true;
79 
80 	list_sort(NULL, &efi_mem, efi_mem_cmp);
81 
82 	/* Now merge entries that can be merged */
83 	while (merge_again) {
84 		merge_again = false;
85 		list_for_each(lhandle, &efi_mem) {
86 			struct efi_mem_list *lmem;
87 			struct efi_mem_desc *prev = &prevmem->desc;
88 			struct efi_mem_desc *cur;
89 			uint64_t pages;
90 
91 			lmem = list_entry(lhandle, struct efi_mem_list, link);
92 			if (!prevmem) {
93 				prevmem = lmem;
94 				continue;
95 			}
96 
97 			cur = &lmem->desc;
98 
99 			if ((desc_get_end(cur) == prev->physical_start) &&
100 			    (prev->type == cur->type) &&
101 			    (prev->attribute == cur->attribute)) {
102 				/* There is an existing map before, reuse it */
103 				pages = cur->num_pages;
104 				prev->num_pages += pages;
105 				prev->physical_start -= pages << EFI_PAGE_SHIFT;
106 				prev->virtual_start -= pages << EFI_PAGE_SHIFT;
107 				list_del(&lmem->link);
108 				free(lmem);
109 
110 				merge_again = true;
111 				break;
112 			}
113 
114 			prevmem = lmem;
115 		}
116 	}
117 }
118 
119 /** efi_mem_carve_out - unmap memory region
120  *
121  * @map:		memory map
122  * @carve_desc:		memory region to unmap
123  * @overlap_only_ram:	the carved out region may only overlap RAM
124  * Return Value:	the number of overlapping pages which have been
125  *			removed from the map,
126  *			EFI_CARVE_NO_OVERLAP, if the regions don't overlap,
127  *			EFI_CARVE_OVERLAPS_NONRAM, if the carve and map overlap,
128  *			and the map contains anything but free ram
129  *			(only when overlap_only_ram is true),
130  *			EFI_CARVE_LOOP_AGAIN, if the mapping list should be
131  *			traversed again, as it has been altered.
132  *
133  * Unmaps all memory occupied by the carve_desc region from the list entry
134  * pointed to by map.
135  *
136  * In case of EFI_CARVE_OVERLAPS_NONRAM it is the callers responsibility
137  * to re-add the already carved out pages to the mapping.
138  */
139 static s64 efi_mem_carve_out(struct efi_mem_list *map,
140 			     struct efi_mem_desc *carve_desc,
141 			     bool overlap_only_ram)
142 {
143 	struct efi_mem_list *newmap;
144 	struct efi_mem_desc *map_desc = &map->desc;
145 	uint64_t map_start = map_desc->physical_start;
146 	uint64_t map_end = map_start + (map_desc->num_pages << EFI_PAGE_SHIFT);
147 	uint64_t carve_start = carve_desc->physical_start;
148 	uint64_t carve_end = carve_start +
149 			     (carve_desc->num_pages << EFI_PAGE_SHIFT);
150 
151 	/* check whether we're overlapping */
152 	if ((carve_end <= map_start) || (carve_start >= map_end))
153 		return EFI_CARVE_NO_OVERLAP;
154 
155 	/* We're overlapping with non-RAM, warn the caller if desired */
156 	if (overlap_only_ram && (map_desc->type != EFI_CONVENTIONAL_MEMORY))
157 		return EFI_CARVE_OVERLAPS_NONRAM;
158 
159 	/* Sanitize carve_start and carve_end to lie within our bounds */
160 	carve_start = max(carve_start, map_start);
161 	carve_end = min(carve_end, map_end);
162 
163 	/* Carving at the beginning of our map? Just move it! */
164 	if (carve_start == map_start) {
165 		if (map_end == carve_end) {
166 			/* Full overlap, just remove map */
167 			list_del(&map->link);
168 			free(map);
169 		} else {
170 			map->desc.physical_start = carve_end;
171 			map->desc.num_pages = (map_end - carve_end)
172 					      >> EFI_PAGE_SHIFT;
173 		}
174 
175 		return (carve_end - carve_start) >> EFI_PAGE_SHIFT;
176 	}
177 
178 	/*
179 	 * Overlapping maps, just split the list map at carve_start,
180 	 * it will get moved or removed in the next iteration.
181 	 *
182 	 * [ map_desc |__carve_start__| newmap ]
183 	 */
184 
185 	/* Create a new map from [ carve_start ... map_end ] */
186 	newmap = calloc(1, sizeof(*newmap));
187 	newmap->desc = map->desc;
188 	newmap->desc.physical_start = carve_start;
189 	newmap->desc.num_pages = (map_end - carve_start) >> EFI_PAGE_SHIFT;
190 	/* Insert before current entry (descending address order) */
191 	list_add_tail(&newmap->link, &map->link);
192 
193 	/* Shrink the map to [ map_start ... carve_start ] */
194 	map_desc->num_pages = (carve_start - map_start) >> EFI_PAGE_SHIFT;
195 
196 	return EFI_CARVE_LOOP_AGAIN;
197 }
198 
199 uint64_t efi_add_memory_map(uint64_t start, uint64_t pages, int memory_type,
200 			    bool overlap_only_ram)
201 {
202 	struct list_head *lhandle;
203 	struct efi_mem_list *newlist;
204 	bool carve_again;
205 	uint64_t carved_pages = 0;
206 
207 	debug("%s: 0x%llx 0x%llx %d %s\n", __func__,
208 	      start, pages, memory_type, overlap_only_ram ? "yes" : "no");
209 
210 	if (memory_type >= EFI_MAX_MEMORY_TYPE)
211 		return EFI_INVALID_PARAMETER;
212 
213 	if (!pages)
214 		return start;
215 
216 	++efi_memory_map_key;
217 	newlist = calloc(1, sizeof(*newlist));
218 	newlist->desc.type = memory_type;
219 	newlist->desc.physical_start = start;
220 	newlist->desc.virtual_start = start;
221 	newlist->desc.num_pages = pages;
222 
223 	switch (memory_type) {
224 	case EFI_RUNTIME_SERVICES_CODE:
225 	case EFI_RUNTIME_SERVICES_DATA:
226 		newlist->desc.attribute = EFI_MEMORY_WB | EFI_MEMORY_RUNTIME;
227 		break;
228 	case EFI_MMAP_IO:
229 		newlist->desc.attribute = EFI_MEMORY_RUNTIME;
230 		break;
231 	default:
232 		newlist->desc.attribute = EFI_MEMORY_WB;
233 		break;
234 	}
235 
236 	/* Add our new map */
237 	do {
238 		carve_again = false;
239 		list_for_each(lhandle, &efi_mem) {
240 			struct efi_mem_list *lmem;
241 			s64 r;
242 
243 			lmem = list_entry(lhandle, struct efi_mem_list, link);
244 			r = efi_mem_carve_out(lmem, &newlist->desc,
245 					      overlap_only_ram);
246 			switch (r) {
247 			case EFI_CARVE_OVERLAPS_NONRAM:
248 				/*
249 				 * The user requested to only have RAM overlaps,
250 				 * but we hit a non-RAM region. Error out.
251 				 */
252 				return 0;
253 			case EFI_CARVE_NO_OVERLAP:
254 				/* Just ignore this list entry */
255 				break;
256 			case EFI_CARVE_LOOP_AGAIN:
257 				/*
258 				 * We split an entry, but need to loop through
259 				 * the list again to actually carve it.
260 				 */
261 				carve_again = true;
262 				break;
263 			default:
264 				/* We carved a number of pages */
265 				carved_pages += r;
266 				carve_again = true;
267 				break;
268 			}
269 
270 			if (carve_again) {
271 				/* The list changed, we need to start over */
272 				break;
273 			}
274 		}
275 	} while (carve_again);
276 
277 	if (overlap_only_ram && (carved_pages != pages)) {
278 		/*
279 		 * The payload wanted to have RAM overlaps, but we overlapped
280 		 * with an unallocated region. Error out.
281 		 */
282 		return 0;
283 	}
284 
285 	/* Add our new map */
286         list_add_tail(&newlist->link, &efi_mem);
287 
288 	/* And make sure memory is listed in descending order */
289 	efi_mem_sort();
290 
291 	return start;
292 }
293 
294 static uint64_t efi_find_free_memory(uint64_t len, uint64_t max_addr)
295 {
296 	struct list_head *lhandle;
297 
298 	/*
299 	 * Prealign input max address, so we simplify our matching
300 	 * logic below and can just reuse it as return pointer.
301 	 */
302 	max_addr &= ~EFI_PAGE_MASK;
303 
304 	list_for_each(lhandle, &efi_mem) {
305 		struct efi_mem_list *lmem = list_entry(lhandle,
306 			struct efi_mem_list, link);
307 		struct efi_mem_desc *desc = &lmem->desc;
308 		uint64_t desc_len = desc->num_pages << EFI_PAGE_SHIFT;
309 		uint64_t desc_end = desc->physical_start + desc_len;
310 		uint64_t curmax = min(max_addr, desc_end);
311 		uint64_t ret = curmax - len;
312 
313 		/* We only take memory from free RAM */
314 		if (desc->type != EFI_CONVENTIONAL_MEMORY)
315 			continue;
316 
317 		/* Out of bounds for max_addr */
318 		if ((ret + len) > max_addr)
319 			continue;
320 
321 		/* Out of bounds for upper map limit */
322 		if ((ret + len) > desc_end)
323 			continue;
324 
325 		/* Out of bounds for lower map limit */
326 		if (ret < desc->physical_start)
327 			continue;
328 
329 		/* Return the highest address in this map within bounds */
330 		return ret;
331 	}
332 
333 	return 0;
334 }
335 
336 /*
337  * Allocate memory pages.
338  *
339  * @type		type of allocation to be performed
340  * @memory_type		usage type of the allocated memory
341  * @pages		number of pages to be allocated
342  * @memory		allocated memory
343  * @return		status code
344  */
345 efi_status_t efi_allocate_pages(int type, int memory_type,
346 				efi_uintn_t pages, uint64_t *memory)
347 {
348 	u64 len = pages << EFI_PAGE_SHIFT;
349 	efi_status_t r = EFI_SUCCESS;
350 	uint64_t addr;
351 
352 	if (!memory)
353 		return EFI_INVALID_PARAMETER;
354 
355 	switch (type) {
356 	case EFI_ALLOCATE_ANY_PAGES:
357 		/* Any page */
358 		addr = efi_find_free_memory(len, -1ULL);
359 		if (!addr) {
360 			r = EFI_NOT_FOUND;
361 			break;
362 		}
363 		break;
364 	case EFI_ALLOCATE_MAX_ADDRESS:
365 		/* Max address */
366 		addr = efi_find_free_memory(len, *memory);
367 		if (!addr) {
368 			r = EFI_NOT_FOUND;
369 			break;
370 		}
371 		break;
372 	case EFI_ALLOCATE_ADDRESS:
373 		/* Exact address, reserve it. The addr is already in *memory. */
374 		addr = *memory;
375 		break;
376 	default:
377 		/* UEFI doesn't specify other allocation types */
378 		r = EFI_INVALID_PARAMETER;
379 		break;
380 	}
381 
382 	if (r == EFI_SUCCESS) {
383 		uint64_t ret;
384 
385 		/* Reserve that map in our memory maps */
386 		ret = efi_add_memory_map(addr, pages, memory_type, true);
387 		if (ret == addr) {
388 			*memory = addr;
389 		} else {
390 			/* Map would overlap, bail out */
391 			r = EFI_OUT_OF_RESOURCES;
392 		}
393 	}
394 
395 	return r;
396 }
397 
398 void *efi_alloc(uint64_t len, int memory_type)
399 {
400 	uint64_t ret = 0;
401 	uint64_t pages = efi_size_in_pages(len);
402 	efi_status_t r;
403 
404 	r = efi_allocate_pages(EFI_ALLOCATE_ANY_PAGES, memory_type, pages,
405 			       &ret);
406 	if (r == EFI_SUCCESS)
407 		return (void*)(uintptr_t)ret;
408 
409 	return NULL;
410 }
411 
412 /*
413  * Free memory pages.
414  *
415  * @memory	start of the memory area to be freed
416  * @pages	number of pages to be freed
417  * @return	status code
418  */
419 efi_status_t efi_free_pages(uint64_t memory, efi_uintn_t pages)
420 {
421 	uint64_t r = 0;
422 
423 	r = efi_add_memory_map(memory, pages, EFI_CONVENTIONAL_MEMORY, false);
424 	/* Merging of adjacent free regions is missing */
425 
426 	if (r == memory)
427 		return EFI_SUCCESS;
428 
429 	return EFI_NOT_FOUND;
430 }
431 
432 /*
433  * Allocate memory from pool.
434  *
435  * @pool_type	type of the pool from which memory is to be allocated
436  * @size	number of bytes to be allocated
437  * @buffer	allocated memory
438  * @return	status code
439  */
440 efi_status_t efi_allocate_pool(int pool_type, efi_uintn_t size, void **buffer)
441 {
442 	efi_status_t r;
443 	struct efi_pool_allocation *alloc;
444 	u64 num_pages = efi_size_in_pages(size +
445 					  sizeof(struct efi_pool_allocation));
446 
447 	if (!buffer)
448 		return EFI_INVALID_PARAMETER;
449 
450 	if (size == 0) {
451 		*buffer = NULL;
452 		return EFI_SUCCESS;
453 	}
454 
455 	r = efi_allocate_pages(EFI_ALLOCATE_ANY_PAGES, pool_type, num_pages,
456 			       (uint64_t *)&alloc);
457 
458 	if (r == EFI_SUCCESS) {
459 		alloc->num_pages = num_pages;
460 		*buffer = alloc->data;
461 	}
462 
463 	return r;
464 }
465 
466 /*
467  * Free memory from pool.
468  *
469  * @buffer	start of memory to be freed
470  * @return	status code
471  */
472 efi_status_t efi_free_pool(void *buffer)
473 {
474 	efi_status_t r;
475 	struct efi_pool_allocation *alloc;
476 
477 	if (buffer == NULL)
478 		return EFI_INVALID_PARAMETER;
479 
480 	alloc = container_of(buffer, struct efi_pool_allocation, data);
481 	/* Sanity check, was the supplied address returned by allocate_pool */
482 	assert(((uintptr_t)alloc & EFI_PAGE_MASK) == 0);
483 
484 	r = efi_free_pages((uintptr_t)alloc, alloc->num_pages);
485 
486 	return r;
487 }
488 
489 /*
490  * Get map describing memory usage.
491  *
492  * @memory_map_size	on entry the size, in bytes, of the memory map buffer,
493  *			on exit the size of the copied memory map
494  * @memory_map		buffer to which the memory map is written
495  * @map_key		key for the memory map
496  * @descriptor_size	size of an individual memory descriptor
497  * @descriptor_version	version number of the memory descriptor structure
498  * @return		status code
499  */
500 efi_status_t efi_get_memory_map(efi_uintn_t *memory_map_size,
501 				struct efi_mem_desc *memory_map,
502 				efi_uintn_t *map_key,
503 				efi_uintn_t *descriptor_size,
504 				uint32_t *descriptor_version)
505 {
506 	efi_uintn_t map_size = 0;
507 	int map_entries = 0;
508 	struct list_head *lhandle;
509 	efi_uintn_t provided_map_size;
510 
511 	if (!memory_map_size)
512 		return EFI_INVALID_PARAMETER;
513 
514 	provided_map_size = *memory_map_size;
515 
516 	list_for_each(lhandle, &efi_mem)
517 		map_entries++;
518 
519 	map_size = map_entries * sizeof(struct efi_mem_desc);
520 
521 	*memory_map_size = map_size;
522 
523 	if (provided_map_size < map_size)
524 		return EFI_BUFFER_TOO_SMALL;
525 
526 	if (!memory_map)
527 		return EFI_INVALID_PARAMETER;
528 
529 	if (descriptor_size)
530 		*descriptor_size = sizeof(struct efi_mem_desc);
531 
532 	if (descriptor_version)
533 		*descriptor_version = EFI_MEMORY_DESCRIPTOR_VERSION;
534 
535 	/* Copy list into array */
536 	/* Return the list in ascending order */
537 	memory_map = &memory_map[map_entries - 1];
538 	list_for_each(lhandle, &efi_mem) {
539 		struct efi_mem_list *lmem;
540 
541 		lmem = list_entry(lhandle, struct efi_mem_list, link);
542 		*memory_map = lmem->desc;
543 		memory_map--;
544 	}
545 
546 	if (map_key)
547 		*map_key = efi_memory_map_key;
548 
549 	return EFI_SUCCESS;
550 }
551 
552 __weak void efi_add_known_memory(void)
553 {
554 	u64 ram_top = board_get_usable_ram_top(0) & ~EFI_PAGE_MASK;
555 	int i;
556 
557 	/*
558 	 * ram_top is just outside mapped memory. So use an offset of one for
559 	 * mapping the sandbox address.
560 	 */
561 	ram_top = (uintptr_t)map_sysmem(ram_top - 1, 0) + 1;
562 
563 	/* Fix for 32bit targets with ram_top at 4G */
564 	if (!ram_top)
565 		ram_top = 0x100000000ULL;
566 
567 	/* Add RAM */
568 	for (i = 0; i < CONFIG_NR_DRAM_BANKS; i++) {
569 		u64 ram_end, ram_start, pages;
570 
571 		ram_start = (uintptr_t)map_sysmem(gd->bd->bi_dram[i].start, 0);
572 		ram_end = ram_start + gd->bd->bi_dram[i].size;
573 
574 		/* Remove partial pages */
575 		ram_end &= ~EFI_PAGE_MASK;
576 		ram_start = (ram_start + EFI_PAGE_MASK) & ~EFI_PAGE_MASK;
577 
578 		if (ram_end <= ram_start) {
579 			/* Invalid mapping, keep going. */
580 			continue;
581 		}
582 
583 		pages = (ram_end - ram_start) >> EFI_PAGE_SHIFT;
584 
585 		efi_add_memory_map(ram_start, pages,
586 				   EFI_CONVENTIONAL_MEMORY, false);
587 
588 		/*
589 		 * Boards may indicate to the U-Boot memory core that they
590 		 * can not support memory above ram_top. Let's honor this
591 		 * in the efi_loader subsystem too by declaring any memory
592 		 * above ram_top as "already occupied by firmware".
593 		 */
594 		if (ram_top < ram_start) {
595 			/* ram_top is before this region, reserve all */
596 			efi_add_memory_map(ram_start, pages,
597 					   EFI_BOOT_SERVICES_DATA, true);
598 		} else if ((ram_top >= ram_start) && (ram_top < ram_end)) {
599 			/* ram_top is inside this region, reserve parts */
600 			pages = (ram_end - ram_top) >> EFI_PAGE_SHIFT;
601 
602 			efi_add_memory_map(ram_top, pages,
603 					   EFI_BOOT_SERVICES_DATA, true);
604 		}
605 	}
606 }
607 
608 /* Add memory regions for U-Boot's memory and for the runtime services code */
609 static void add_u_boot_and_runtime(void)
610 {
611 	unsigned long runtime_start, runtime_end, runtime_pages;
612 	unsigned long runtime_mask = EFI_PAGE_MASK;
613 	unsigned long uboot_start, uboot_pages;
614 	unsigned long uboot_stack_size = 16 * 1024 * 1024;
615 
616 	/* Add U-Boot */
617 	uboot_start = (gd->start_addr_sp - uboot_stack_size) & ~EFI_PAGE_MASK;
618 	uboot_pages = (gd->ram_top - uboot_start) >> EFI_PAGE_SHIFT;
619 	efi_add_memory_map(uboot_start, uboot_pages, EFI_LOADER_DATA, false);
620 
621 #if defined(__aarch64__)
622 	/*
623 	 * Runtime Services must be 64KiB aligned according to the
624 	 * "AArch64 Platforms" section in the UEFI spec (2.7+).
625 	 */
626 
627 	runtime_mask = SZ_64K - 1;
628 #endif
629 
630 	/*
631 	 * Add Runtime Services. We mark surrounding boottime code as runtime as
632 	 * well to fulfill the runtime alignment constraints but avoid padding.
633 	 */
634 	runtime_start = (ulong)&__efi_runtime_start & ~runtime_mask;
635 	runtime_end = (ulong)&__efi_runtime_stop;
636 	runtime_end = (runtime_end + runtime_mask) & ~runtime_mask;
637 	runtime_pages = (runtime_end - runtime_start) >> EFI_PAGE_SHIFT;
638 	efi_add_memory_map(runtime_start, runtime_pages,
639 			   EFI_RUNTIME_SERVICES_CODE, false);
640 }
641 
642 int efi_memory_init(void)
643 {
644 	efi_add_known_memory();
645 
646 	if (!IS_ENABLED(CONFIG_SANDBOX))
647 		add_u_boot_and_runtime();
648 
649 #ifdef CONFIG_EFI_LOADER_BOUNCE_BUFFER
650 	/* Request a 32bit 64MB bounce buffer region */
651 	uint64_t efi_bounce_buffer_addr = 0xffffffff;
652 
653 	if (efi_allocate_pages(EFI_ALLOCATE_MAX_ADDRESS, EFI_LOADER_DATA,
654 			       (64 * 1024 * 1024) >> EFI_PAGE_SHIFT,
655 			       &efi_bounce_buffer_addr) != EFI_SUCCESS)
656 		return -1;
657 
658 	efi_bounce_buffer = (void*)(uintptr_t)efi_bounce_buffer_addr;
659 #endif
660 
661 	return 0;
662 }
663