xref: /openbmc/u-boot/lib/efi_loader/efi_memory.c (revision fabbeb33)
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  *  EFI application memory management
4  *
5  *  Copyright (c) 2016 Alexander Graf
6  */
7 
8 #include <common.h>
9 #include <efi_loader.h>
10 #include <malloc.h>
11 #include <mapmem.h>
12 #include <watchdog.h>
13 #include <linux/list_sort.h>
14 #include <linux/sizes.h>
15 
16 DECLARE_GLOBAL_DATA_PTR;
17 
18 efi_uintn_t efi_memory_map_key;
19 
20 struct efi_mem_list {
21 	struct list_head link;
22 	struct efi_mem_desc desc;
23 };
24 
25 #define EFI_CARVE_NO_OVERLAP		-1
26 #define EFI_CARVE_LOOP_AGAIN		-2
27 #define EFI_CARVE_OVERLAPS_NONRAM	-3
28 
29 /* This list contains all memory map items */
30 LIST_HEAD(efi_mem);
31 
32 #ifdef CONFIG_EFI_LOADER_BOUNCE_BUFFER
33 void *efi_bounce_buffer;
34 #endif
35 
36 /*
37  * U-Boot services each EFI AllocatePool request as a separate
38  * (multiple) page allocation.  We have to track the number of pages
39  * to be able to free the correct amount later.
40  * EFI requires 8 byte alignment for pool allocations, so we can
41  * prepend each allocation with an 64 bit header tracking the
42  * allocation size, and hand out the remainder to the caller.
43  */
44 struct efi_pool_allocation {
45 	u64 num_pages;
46 	char data[] __aligned(ARCH_DMA_MINALIGN);
47 };
48 
49 /*
50  * Sorts the memory list from highest address to lowest address
51  *
52  * When allocating memory we should always start from the highest
53  * address chunk, so sort the memory list such that the first list
54  * iterator gets the highest address and goes lower from there.
55  */
56 static int efi_mem_cmp(void *priv, struct list_head *a, struct list_head *b)
57 {
58 	struct efi_mem_list *mema = list_entry(a, struct efi_mem_list, link);
59 	struct efi_mem_list *memb = list_entry(b, struct efi_mem_list, link);
60 
61 	if (mema->desc.physical_start == memb->desc.physical_start)
62 		return 0;
63 	else if (mema->desc.physical_start < memb->desc.physical_start)
64 		return 1;
65 	else
66 		return -1;
67 }
68 
69 static uint64_t desc_get_end(struct efi_mem_desc *desc)
70 {
71 	return desc->physical_start + (desc->num_pages << EFI_PAGE_SHIFT);
72 }
73 
74 static void efi_mem_sort(void)
75 {
76 	struct list_head *lhandle;
77 	struct efi_mem_list *prevmem = NULL;
78 	bool merge_again = true;
79 
80 	list_sort(NULL, &efi_mem, efi_mem_cmp);
81 
82 	/* Now merge entries that can be merged */
83 	while (merge_again) {
84 		merge_again = false;
85 		list_for_each(lhandle, &efi_mem) {
86 			struct efi_mem_list *lmem;
87 			struct efi_mem_desc *prev = &prevmem->desc;
88 			struct efi_mem_desc *cur;
89 			uint64_t pages;
90 
91 			lmem = list_entry(lhandle, struct efi_mem_list, link);
92 			if (!prevmem) {
93 				prevmem = lmem;
94 				continue;
95 			}
96 
97 			cur = &lmem->desc;
98 
99 			if ((desc_get_end(cur) == prev->physical_start) &&
100 			    (prev->type == cur->type) &&
101 			    (prev->attribute == cur->attribute)) {
102 				/* There is an existing map before, reuse it */
103 				pages = cur->num_pages;
104 				prev->num_pages += pages;
105 				prev->physical_start -= pages << EFI_PAGE_SHIFT;
106 				prev->virtual_start -= pages << EFI_PAGE_SHIFT;
107 				list_del(&lmem->link);
108 				free(lmem);
109 
110 				merge_again = true;
111 				break;
112 			}
113 
114 			prevmem = lmem;
115 		}
116 	}
117 }
118 
119 /** efi_mem_carve_out - unmap memory region
120  *
121  * @map:		memory map
122  * @carve_desc:		memory region to unmap
123  * @overlap_only_ram:	the carved out region may only overlap RAM
124  * Return Value:	the number of overlapping pages which have been
125  *			removed from the map,
126  *			EFI_CARVE_NO_OVERLAP, if the regions don't overlap,
127  *			EFI_CARVE_OVERLAPS_NONRAM, if the carve and map overlap,
128  *			and the map contains anything but free ram
129  *			(only when overlap_only_ram is true),
130  *			EFI_CARVE_LOOP_AGAIN, if the mapping list should be
131  *			traversed again, as it has been altered.
132  *
133  * Unmaps all memory occupied by the carve_desc region from the list entry
134  * pointed to by map.
135  *
136  * In case of EFI_CARVE_OVERLAPS_NONRAM it is the callers responsibility
137  * to re-add the already carved out pages to the mapping.
138  */
139 static s64 efi_mem_carve_out(struct efi_mem_list *map,
140 			     struct efi_mem_desc *carve_desc,
141 			     bool overlap_only_ram)
142 {
143 	struct efi_mem_list *newmap;
144 	struct efi_mem_desc *map_desc = &map->desc;
145 	uint64_t map_start = map_desc->physical_start;
146 	uint64_t map_end = map_start + (map_desc->num_pages << EFI_PAGE_SHIFT);
147 	uint64_t carve_start = carve_desc->physical_start;
148 	uint64_t carve_end = carve_start +
149 			     (carve_desc->num_pages << EFI_PAGE_SHIFT);
150 
151 	/* check whether we're overlapping */
152 	if ((carve_end <= map_start) || (carve_start >= map_end))
153 		return EFI_CARVE_NO_OVERLAP;
154 
155 	/* We're overlapping with non-RAM, warn the caller if desired */
156 	if (overlap_only_ram && (map_desc->type != EFI_CONVENTIONAL_MEMORY))
157 		return EFI_CARVE_OVERLAPS_NONRAM;
158 
159 	/* Sanitize carve_start and carve_end to lie within our bounds */
160 	carve_start = max(carve_start, map_start);
161 	carve_end = min(carve_end, map_end);
162 
163 	/* Carving at the beginning of our map? Just move it! */
164 	if (carve_start == map_start) {
165 		if (map_end == carve_end) {
166 			/* Full overlap, just remove map */
167 			list_del(&map->link);
168 			free(map);
169 		} else {
170 			map->desc.physical_start = carve_end;
171 			map->desc.num_pages = (map_end - carve_end)
172 					      >> EFI_PAGE_SHIFT;
173 		}
174 
175 		return (carve_end - carve_start) >> EFI_PAGE_SHIFT;
176 	}
177 
178 	/*
179 	 * Overlapping maps, just split the list map at carve_start,
180 	 * it will get moved or removed in the next iteration.
181 	 *
182 	 * [ map_desc |__carve_start__| newmap ]
183 	 */
184 
185 	/* Create a new map from [ carve_start ... map_end ] */
186 	newmap = calloc(1, sizeof(*newmap));
187 	newmap->desc = map->desc;
188 	newmap->desc.physical_start = carve_start;
189 	newmap->desc.num_pages = (map_end - carve_start) >> EFI_PAGE_SHIFT;
190 	/* Insert before current entry (descending address order) */
191 	list_add_tail(&newmap->link, &map->link);
192 
193 	/* Shrink the map to [ map_start ... carve_start ] */
194 	map_desc->num_pages = (carve_start - map_start) >> EFI_PAGE_SHIFT;
195 
196 	return EFI_CARVE_LOOP_AGAIN;
197 }
198 
199 uint64_t efi_add_memory_map(uint64_t start, uint64_t pages, int memory_type,
200 			    bool overlap_only_ram)
201 {
202 	struct list_head *lhandle;
203 	struct efi_mem_list *newlist;
204 	bool carve_again;
205 	uint64_t carved_pages = 0;
206 
207 	debug("%s: 0x%llx 0x%llx %d %s\n", __func__,
208 	      start, pages, memory_type, overlap_only_ram ? "yes" : "no");
209 
210 	if (memory_type >= EFI_MAX_MEMORY_TYPE)
211 		return EFI_INVALID_PARAMETER;
212 
213 	if (!pages)
214 		return start;
215 
216 	++efi_memory_map_key;
217 	newlist = calloc(1, sizeof(*newlist));
218 	newlist->desc.type = memory_type;
219 	newlist->desc.physical_start = start;
220 	newlist->desc.virtual_start = start;
221 	newlist->desc.num_pages = pages;
222 
223 	switch (memory_type) {
224 	case EFI_RUNTIME_SERVICES_CODE:
225 	case EFI_RUNTIME_SERVICES_DATA:
226 		newlist->desc.attribute = EFI_MEMORY_WB | EFI_MEMORY_RUNTIME;
227 		break;
228 	case EFI_MMAP_IO:
229 		newlist->desc.attribute = EFI_MEMORY_RUNTIME;
230 		break;
231 	default:
232 		newlist->desc.attribute = EFI_MEMORY_WB;
233 		break;
234 	}
235 
236 	/* Add our new map */
237 	do {
238 		carve_again = false;
239 		list_for_each(lhandle, &efi_mem) {
240 			struct efi_mem_list *lmem;
241 			s64 r;
242 
243 			lmem = list_entry(lhandle, struct efi_mem_list, link);
244 			r = efi_mem_carve_out(lmem, &newlist->desc,
245 					      overlap_only_ram);
246 			switch (r) {
247 			case EFI_CARVE_OVERLAPS_NONRAM:
248 				/*
249 				 * The user requested to only have RAM overlaps,
250 				 * but we hit a non-RAM region. Error out.
251 				 */
252 				return 0;
253 			case EFI_CARVE_NO_OVERLAP:
254 				/* Just ignore this list entry */
255 				break;
256 			case EFI_CARVE_LOOP_AGAIN:
257 				/*
258 				 * We split an entry, but need to loop through
259 				 * the list again to actually carve it.
260 				 */
261 				carve_again = true;
262 				break;
263 			default:
264 				/* We carved a number of pages */
265 				carved_pages += r;
266 				carve_again = true;
267 				break;
268 			}
269 
270 			if (carve_again) {
271 				/* The list changed, we need to start over */
272 				break;
273 			}
274 		}
275 	} while (carve_again);
276 
277 	if (overlap_only_ram && (carved_pages != pages)) {
278 		/*
279 		 * The payload wanted to have RAM overlaps, but we overlapped
280 		 * with an unallocated region. Error out.
281 		 */
282 		return 0;
283 	}
284 
285 	/* Add our new map */
286         list_add_tail(&newlist->link, &efi_mem);
287 
288 	/* And make sure memory is listed in descending order */
289 	efi_mem_sort();
290 
291 	return start;
292 }
293 
294 static uint64_t efi_find_free_memory(uint64_t len, uint64_t max_addr)
295 {
296 	struct list_head *lhandle;
297 
298 	/*
299 	 * Prealign input max address, so we simplify our matching
300 	 * logic below and can just reuse it as return pointer.
301 	 */
302 	max_addr &= ~EFI_PAGE_MASK;
303 
304 	list_for_each(lhandle, &efi_mem) {
305 		struct efi_mem_list *lmem = list_entry(lhandle,
306 			struct efi_mem_list, link);
307 		struct efi_mem_desc *desc = &lmem->desc;
308 		uint64_t desc_len = desc->num_pages << EFI_PAGE_SHIFT;
309 		uint64_t desc_end = desc->physical_start + desc_len;
310 		uint64_t curmax = min(max_addr, desc_end);
311 		uint64_t ret = curmax - len;
312 
313 		/* We only take memory from free RAM */
314 		if (desc->type != EFI_CONVENTIONAL_MEMORY)
315 			continue;
316 
317 		/* Out of bounds for max_addr */
318 		if ((ret + len) > max_addr)
319 			continue;
320 
321 		/* Out of bounds for upper map limit */
322 		if ((ret + len) > desc_end)
323 			continue;
324 
325 		/* Out of bounds for lower map limit */
326 		if (ret < desc->physical_start)
327 			continue;
328 
329 		/* Return the highest address in this map within bounds */
330 		return ret;
331 	}
332 
333 	return 0;
334 }
335 
336 /*
337  * Allocate memory pages.
338  *
339  * @type		type of allocation to be performed
340  * @memory_type		usage type of the allocated memory
341  * @pages		number of pages to be allocated
342  * @memory		allocated memory
343  * @return		status code
344  */
345 efi_status_t efi_allocate_pages(int type, int memory_type,
346 				efi_uintn_t pages, uint64_t *memory)
347 {
348 	u64 len = pages << EFI_PAGE_SHIFT;
349 	efi_status_t r = EFI_SUCCESS;
350 	uint64_t addr;
351 
352 	if (!memory)
353 		return EFI_INVALID_PARAMETER;
354 
355 	switch (type) {
356 	case EFI_ALLOCATE_ANY_PAGES:
357 		/* Any page */
358 		addr = efi_find_free_memory(len, -1ULL);
359 		if (!addr) {
360 			r = EFI_NOT_FOUND;
361 			break;
362 		}
363 		break;
364 	case EFI_ALLOCATE_MAX_ADDRESS:
365 		/* Max address */
366 		addr = efi_find_free_memory(len, *memory);
367 		if (!addr) {
368 			r = EFI_NOT_FOUND;
369 			break;
370 		}
371 		break;
372 	case EFI_ALLOCATE_ADDRESS:
373 		/* Exact address, reserve it. The addr is already in *memory. */
374 		addr = *memory;
375 		break;
376 	default:
377 		/* UEFI doesn't specify other allocation types */
378 		r = EFI_INVALID_PARAMETER;
379 		break;
380 	}
381 
382 	if (r == EFI_SUCCESS) {
383 		uint64_t ret;
384 
385 		/* Reserve that map in our memory maps */
386 		ret = efi_add_memory_map(addr, pages, memory_type, true);
387 		if (ret == addr) {
388 			*memory = addr;
389 		} else {
390 			/* Map would overlap, bail out */
391 			r = EFI_OUT_OF_RESOURCES;
392 		}
393 	}
394 
395 	return r;
396 }
397 
398 void *efi_alloc(uint64_t len, int memory_type)
399 {
400 	uint64_t ret = 0;
401 	uint64_t pages = efi_size_in_pages(len);
402 	efi_status_t r;
403 
404 	r = efi_allocate_pages(EFI_ALLOCATE_ANY_PAGES, memory_type, pages,
405 			       &ret);
406 	if (r == EFI_SUCCESS)
407 		return (void*)(uintptr_t)ret;
408 
409 	return NULL;
410 }
411 
412 /*
413  * Free memory pages.
414  *
415  * @memory	start of the memory area to be freed
416  * @pages	number of pages to be freed
417  * @return	status code
418  */
419 efi_status_t efi_free_pages(uint64_t memory, efi_uintn_t pages)
420 {
421 	uint64_t r = 0;
422 
423 	r = efi_add_memory_map(memory, pages, EFI_CONVENTIONAL_MEMORY, false);
424 	/* Merging of adjacent free regions is missing */
425 
426 	if (r == memory)
427 		return EFI_SUCCESS;
428 
429 	return EFI_NOT_FOUND;
430 }
431 
432 /*
433  * Allocate memory from pool.
434  *
435  * @pool_type	type of the pool from which memory is to be allocated
436  * @size	number of bytes to be allocated
437  * @buffer	allocated memory
438  * @return	status code
439  */
440 efi_status_t efi_allocate_pool(int pool_type, efi_uintn_t size, void **buffer)
441 {
442 	efi_status_t r;
443 	u64 addr;
444 	struct efi_pool_allocation *alloc;
445 	u64 num_pages = efi_size_in_pages(size +
446 					  sizeof(struct efi_pool_allocation));
447 
448 	if (!buffer)
449 		return EFI_INVALID_PARAMETER;
450 
451 	if (size == 0) {
452 		*buffer = NULL;
453 		return EFI_SUCCESS;
454 	}
455 
456 	r = efi_allocate_pages(EFI_ALLOCATE_ANY_PAGES, pool_type, num_pages,
457 			       &addr);
458 	if (r == EFI_SUCCESS) {
459 		alloc = (struct efi_pool_allocation *)(uintptr_t)addr;
460 		alloc->num_pages = num_pages;
461 		*buffer = alloc->data;
462 	}
463 
464 	return r;
465 }
466 
467 /*
468  * Free memory from pool.
469  *
470  * @buffer	start of memory to be freed
471  * @return	status code
472  */
473 efi_status_t efi_free_pool(void *buffer)
474 {
475 	efi_status_t r;
476 	struct efi_pool_allocation *alloc;
477 
478 	if (buffer == NULL)
479 		return EFI_INVALID_PARAMETER;
480 
481 	alloc = container_of(buffer, struct efi_pool_allocation, data);
482 	/* Sanity check, was the supplied address returned by allocate_pool */
483 	assert(((uintptr_t)alloc & EFI_PAGE_MASK) == 0);
484 
485 	r = efi_free_pages((uintptr_t)alloc, alloc->num_pages);
486 
487 	return r;
488 }
489 
490 /*
491  * Get map describing memory usage.
492  *
493  * @memory_map_size	on entry the size, in bytes, of the memory map buffer,
494  *			on exit the size of the copied memory map
495  * @memory_map		buffer to which the memory map is written
496  * @map_key		key for the memory map
497  * @descriptor_size	size of an individual memory descriptor
498  * @descriptor_version	version number of the memory descriptor structure
499  * @return		status code
500  */
501 efi_status_t efi_get_memory_map(efi_uintn_t *memory_map_size,
502 				struct efi_mem_desc *memory_map,
503 				efi_uintn_t *map_key,
504 				efi_uintn_t *descriptor_size,
505 				uint32_t *descriptor_version)
506 {
507 	efi_uintn_t map_size = 0;
508 	int map_entries = 0;
509 	struct list_head *lhandle;
510 	efi_uintn_t provided_map_size;
511 
512 	if (!memory_map_size)
513 		return EFI_INVALID_PARAMETER;
514 
515 	provided_map_size = *memory_map_size;
516 
517 	list_for_each(lhandle, &efi_mem)
518 		map_entries++;
519 
520 	map_size = map_entries * sizeof(struct efi_mem_desc);
521 
522 	*memory_map_size = map_size;
523 
524 	if (provided_map_size < map_size)
525 		return EFI_BUFFER_TOO_SMALL;
526 
527 	if (!memory_map)
528 		return EFI_INVALID_PARAMETER;
529 
530 	if (descriptor_size)
531 		*descriptor_size = sizeof(struct efi_mem_desc);
532 
533 	if (descriptor_version)
534 		*descriptor_version = EFI_MEMORY_DESCRIPTOR_VERSION;
535 
536 	/* Copy list into array */
537 	/* Return the list in ascending order */
538 	memory_map = &memory_map[map_entries - 1];
539 	list_for_each(lhandle, &efi_mem) {
540 		struct efi_mem_list *lmem;
541 
542 		lmem = list_entry(lhandle, struct efi_mem_list, link);
543 		*memory_map = lmem->desc;
544 		memory_map--;
545 	}
546 
547 	if (map_key)
548 		*map_key = efi_memory_map_key;
549 
550 	return EFI_SUCCESS;
551 }
552 
553 __weak void efi_add_known_memory(void)
554 {
555 	u64 ram_top = board_get_usable_ram_top(0) & ~EFI_PAGE_MASK;
556 	int i;
557 
558 	/*
559 	 * ram_top is just outside mapped memory. So use an offset of one for
560 	 * mapping the sandbox address.
561 	 */
562 	ram_top = (uintptr_t)map_sysmem(ram_top - 1, 0) + 1;
563 
564 	/* Fix for 32bit targets with ram_top at 4G */
565 	if (!ram_top)
566 		ram_top = 0x100000000ULL;
567 
568 	/* Add RAM */
569 	for (i = 0; i < CONFIG_NR_DRAM_BANKS; i++) {
570 		u64 ram_end, ram_start, pages;
571 
572 		ram_start = (uintptr_t)map_sysmem(gd->bd->bi_dram[i].start, 0);
573 		ram_end = ram_start + gd->bd->bi_dram[i].size;
574 
575 		/* Remove partial pages */
576 		ram_end &= ~EFI_PAGE_MASK;
577 		ram_start = (ram_start + EFI_PAGE_MASK) & ~EFI_PAGE_MASK;
578 
579 		if (ram_end <= ram_start) {
580 			/* Invalid mapping, keep going. */
581 			continue;
582 		}
583 
584 		pages = (ram_end - ram_start) >> EFI_PAGE_SHIFT;
585 
586 		efi_add_memory_map(ram_start, pages,
587 				   EFI_CONVENTIONAL_MEMORY, false);
588 
589 		/*
590 		 * Boards may indicate to the U-Boot memory core that they
591 		 * can not support memory above ram_top. Let's honor this
592 		 * in the efi_loader subsystem too by declaring any memory
593 		 * above ram_top as "already occupied by firmware".
594 		 */
595 		if (ram_top < ram_start) {
596 			/* ram_top is before this region, reserve all */
597 			efi_add_memory_map(ram_start, pages,
598 					   EFI_BOOT_SERVICES_DATA, true);
599 		} else if ((ram_top >= ram_start) && (ram_top < ram_end)) {
600 			/* ram_top is inside this region, reserve parts */
601 			pages = (ram_end - ram_top) >> EFI_PAGE_SHIFT;
602 
603 			efi_add_memory_map(ram_top, pages,
604 					   EFI_BOOT_SERVICES_DATA, true);
605 		}
606 	}
607 }
608 
609 /* Add memory regions for U-Boot's memory and for the runtime services code */
610 static void add_u_boot_and_runtime(void)
611 {
612 	unsigned long runtime_start, runtime_end, runtime_pages;
613 	unsigned long runtime_mask = EFI_PAGE_MASK;
614 	unsigned long uboot_start, uboot_pages;
615 	unsigned long uboot_stack_size = 16 * 1024 * 1024;
616 
617 	/* Add U-Boot */
618 	uboot_start = (gd->start_addr_sp - uboot_stack_size) & ~EFI_PAGE_MASK;
619 	uboot_pages = (gd->ram_top - uboot_start) >> EFI_PAGE_SHIFT;
620 	efi_add_memory_map(uboot_start, uboot_pages, EFI_LOADER_DATA, false);
621 
622 #if defined(__aarch64__)
623 	/*
624 	 * Runtime Services must be 64KiB aligned according to the
625 	 * "AArch64 Platforms" section in the UEFI spec (2.7+).
626 	 */
627 
628 	runtime_mask = SZ_64K - 1;
629 #endif
630 
631 	/*
632 	 * Add Runtime Services. We mark surrounding boottime code as runtime as
633 	 * well to fulfill the runtime alignment constraints but avoid padding.
634 	 */
635 	runtime_start = (ulong)&__efi_runtime_start & ~runtime_mask;
636 	runtime_end = (ulong)&__efi_runtime_stop;
637 	runtime_end = (runtime_end + runtime_mask) & ~runtime_mask;
638 	runtime_pages = (runtime_end - runtime_start) >> EFI_PAGE_SHIFT;
639 	efi_add_memory_map(runtime_start, runtime_pages,
640 			   EFI_RUNTIME_SERVICES_CODE, false);
641 }
642 
643 int efi_memory_init(void)
644 {
645 	efi_add_known_memory();
646 
647 	if (!IS_ENABLED(CONFIG_SANDBOX))
648 		add_u_boot_and_runtime();
649 
650 #ifdef CONFIG_EFI_LOADER_BOUNCE_BUFFER
651 	/* Request a 32bit 64MB bounce buffer region */
652 	uint64_t efi_bounce_buffer_addr = 0xffffffff;
653 
654 	if (efi_allocate_pages(EFI_ALLOCATE_MAX_ADDRESS, EFI_LOADER_DATA,
655 			       (64 * 1024 * 1024) >> EFI_PAGE_SHIFT,
656 			       &efi_bounce_buffer_addr) != EFI_SUCCESS)
657 		return -1;
658 
659 	efi_bounce_buffer = (void*)(uintptr_t)efi_bounce_buffer_addr;
660 #endif
661 
662 	return 0;
663 }
664