Commit graph

790 commits

Author SHA1 Message Date
Stefan Brüns
b61d857b2f efi_loader: Readd freed pages to memory pool
Currently each allocation creates a new mapping. Readding the mapping
as free memory (EFI_CONVENTIONAL_MEMORY) potentially allows to hand out
an existing mapping, thus limiting the number of mapping descriptors in
the memory map.

Mitigates a problem with current (4.8rc7) linux kernels when doing an
efi_get_memory map, resulting in an infinite loop. Space for the memory
map is reserved with allocate_pool (implicitly creating a new mapping) and
filled. If there is insufficient slack space (8 entries) in the map, the
space is freed and a new round is started, with space for one more entry.
As each round increases requirement and allocation by exactly one, there
is never enough slack space. (At least 32 entries are allocated, so as
long as there are less than 24 entries, there is enough slack).
Earlier kernels reserved no slack, and did less allocations, so this
problem was not visible.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
2016-10-18 09:08:07 +02:00
Stefan Brüns
42417bc84d efi_loader: Track size of pool allocations to allow freeing
We need a functional free_pool implementation, as otherwise each
allocate_pool causes growth of the memory descriptor table.

Different to free_pages, free_pool does not provide the size for the
to be freed allocation, thus we have to track the size ourselves.

As the only EFI requirement for pool allocation is an alignment of
8 bytes, we can keep allocating a range using the page allocator,
reserve the first 8 bytes for our bookkeeping and hand out the
remainder to the caller. This saves us from having to use any
independent data structures for tracking.

To simplify the conversion between pool allocations and the corresponding
page allocation, we create an auxiliary struct efi_pool_allocation.

Given the allocation size free_pool size can handoff freeing the page
range, which was indirectly allocated by a call to allocate_pool,
to free_pages.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
2016-10-18 09:08:07 +02:00
Stefan Brüns
ead1274b7f efi_loader: Move efi_allocate_pool implementation to efi_memory.c
We currently handle efi_allocate_pool() in our boot time service
file. In the following patch, pool allocation will receive additional
internal semantics that we should preserve inside efi_memory.c instead.

As foundation for those changes, split the function into an externally
facing efi_allocate_pool_ext() for use by payloads and an internal helper
efi_allocate_pool() in efi_memory.c that handles the actual allocation.

While at it, change the magic 0xfff / 12 constants to the more obvious
EFI_PAGE_MASK/SHIFT defines.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
2016-10-18 09:08:07 +02:00
Robin Randhawa
991d62fa73 efi_loader: Fix crash on 32-bit systems
A type mismatch in the efi_allocate_pool boot service flow causes
hazardous memory scribbling on 32-bit systems.

This is efi_allocate_pool's prototype:

static efi_status_t EFIAPI efi_allocate_pool(int pool_type,
						    unsigned long size,
						    void **buffer);

Internally, it invokes efi_allocate_pages as follows:

efi_allocate_pages(0, pool_type, (size + 0xfff) >> 12,
					    (void*)buffer);

This is efi_allocate_pages' prototype:

efi_status_t efi_allocate_pages(int type, int memory_type,
					unsigned long pages,
					uint64_t *memory);

The problem: efi_allocate_pages does this internally:

    *memory = addr;

This fix in efi_allocate_pool uses a transitional uintptr_t cast to
ensure the correct outcome, irrespective of the system's native word
size.

This was observed when bootefi'ing the EFI instance of FreeBSD's first
stage bootstrap (boot1.efi) on a 32-bit ARM platform (Qemu VExpress +
Cortex-a9).

Signed-off-by: Robin Randhawa <robin.randhawa@arm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2016-10-18 09:08:07 +02:00
Stefan Brüns
bdf5c1b360 efi_loader: Fix memory map size check to avoid out-of-bounds access
The current efi_get_memory_map() function overwrites the map_size
property before reading its value. That way the sanity check whether our
memory map fits into the given array always succeeds, potentially
overwriting arbitrary payload memory.

This patch moves the property update write after its sanity check, so
that the check actually verifies the correct value.

So far this has not triggered any known bugs, but we're better off safe
than sorry.

If the buffer is to small, the returned memory_map_size indicates the
required size to the caller.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
2016-10-18 09:08:07 +02:00
Stefan Brüns
852efbf5bd efi_loader: Update description of internal efi_mem_carve_out
In 74c16acce3 the return values where
changed, but the description was kept.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
2016-10-18 09:08:06 +02:00
Alexander Graf
692fcdd800 arm: Add return value argument to longjmp
The normal longjmp command allows for a caller to pass the return value
of the setjmp() invocation. This patch adds that semantic to the arm
implementation of it and adjusts the efi_loader call respectively.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-10-08 09:33:34 -04:00
Mian Yousaf Kaukab
4c02c11de8 efi_loader: provide efi_mem_desc version
Provide version of struct efi_mem_desc in efi_get_memory_map().

EFI_BOOT_SERVICES.GetMemoryMap() in UEFI specification v2.6 defines
memory descriptor version to 1. Linux kernel also expects descriptor
version to be 1 and prints following warning during boot if its not:

Unexpected EFI_MEMORY_DESCRIPTOR version 0

Signed-off-by: Mian Yousaf Kaukab <yousaf.kaukab@gmail.com>
2016-09-07 08:49:07 -04:00
Alexander Graf
b1237c6e8a efi_loader: Fix relocations above 64kb image size
We were truncating the image offset within the target image to 16 bits
which again meant that we were potentially overwriting random memory
in the lower 16 bits of the image.

This patch casts the offset to a more reasonable 32bits.

With this applied, I can successfully see Shell.efi assert because it
can't find a protocol it expects to be available.

Signed-off-by: Alexander Graf <agraf@suse.de>
2016-08-20 14:03:27 -04:00
Alexander Graf
0812d1a094 efi_loader: disk: Sanitize exposed devices
When a target device is 0 bytes long, there's no point in exposing it to
the user. Let's just skip them.

Also, when an offset is passed into the efi disk creation, we should
remove this offset from the total number of sectors we can handle.

This patch fixes both things.

Signed-off-by: Alexander Graf <agraf@suse.de>
2016-08-08 13:33:00 -04:00
Alexander Graf
f9d334bdfc efi_loader: disk: Fix CONFIG_BLK breakage
When using CONFIG_BLK, there were 2 issues:

  1) The name we generate the device with has to match the
     name we set in efi_set_bootdev()

  2) The device we pass into our block functions was wrong,
     we should not rediscover it but just use the already known
     pointer.

This patch fixes both issues.

Signed-off-by: Alexander Graf <agraf@suse.de>
2016-08-08 13:32:59 -04:00
Andreas Färber
c933ed94bc efi_loader: Add debug output for efi_add_memory_map()
Tracing the arguments has been helpful for pinpointing overflows.

Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Alexander Graf <agraf@suse.de>
2016-07-22 14:46:23 -04:00
Alexander Graf
a812241091 efi_loader: Add DM_VIDEO support
Some systems are starting to shift to support DM_VIDEO which exposes
the frame buffer through a slightly different interface.

This is a poor man's effort to support the dm video interface instead
of the lcd one. We still only support a single display device.

Signed-off-by: Alexander Graf <agraf@suse.de>
[trini: Remove fb_size / fb_base as they were not used]
Signed-off-by: Tom Rini <trini@konsulko.com>
2016-06-06 13:39:17 -04:00
Alexander Graf
74c16acce3 efi_loader: Don't allocate from memory holes
When a payload calls our memory allocator with the exact address hint, we
happily allocate memory from completely unpopulated regions. Payloads however
expect this to only succeed if they would be allocating from free conventional
memory.

This patch makes the logic behind those checks a bit more obvious and ensures
that we always allocate from known good free conventional memory regions if we
want to allocate ram.

Reported-by: Jonathan Gray <jsg@jsg.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2016-06-06 13:39:16 -04:00
Alexander Graf
edcef3ba1d efi_loader: Move to normal debug infrastructure
We introduced special "DEBUG_EFI" defines when the efi loader
support was new. After giving it a bit of thought, turns out
we really didn't have to - the normal #define DEBUG infrastructure
works well enough for efi loader as well.

So this patch switches to the common debug() and #define DEBUG
way of printing debug information.

Signed-off-by: Alexander Graf <agraf@suse.de>
2016-06-06 13:39:16 -04:00
Alexander Graf
a86aeaf228 efi_loader: Add exit support
Some times you may want to exit an EFI payload again, for example
to default boot into a PXE installation and decide that you would
rather want to boot from the local disk instead.

This patch adds exit functionality to the EFI implementation, allowing
EFI payloads to exit.

Signed-off-by: Alexander Graf <agraf@suse.de>
2016-06-06 13:39:15 -04:00
Tom Rini
e4a94ce4ac Merge git://git.denx.de/u-boot-dm
For odroid-c2 (arch-meson) for now disable designware eth as meson
now needs to do some harder GPIO work.

Signed-off-by: Tom Rini <trini@konsulko.com>

Conflicts:
	lib/efi_loader/efi_disk.c

Modified:
	configs/odroid-c2_defconfig
2016-05-27 20:34:12 -04:00
Alexander Graf
c9cfac5d30 efi_loader: gop: Don't expose fb address
Recently Linux is gaining support for efifb on AArch64 and that support actually
tries to make use of the frame buffer address we expose to it via gop.

While this wouldn't be bad in theory, in practice it means a few bad things

  1) We expose 16bit frame buffers as 32bit today
  2) Linux can't deal with overlapping non-PCI regions between efifb and
     a different frame buffer driver

For now, let's just disable exposure of the frame buffer address. Most OSs that
get booted will have a native driver for the GPU anyway.

Signed-off-by: Alexander Graf <agraf@suse.de>
[trini: Remove line_len entirely]
Signed-off-by: Tom Rini <trini@konsulko.com>
2016-05-27 15:39:57 -04:00
Alexander Graf
ae87440578 efi_loader: Clean up system table on exit
We put the system table into our runtime services data section so that
payloads may still access it after exit_boot_services. However, most fields
in it are quite useless once we're in that state, so let's just patch them
out.

With this patch we don't get spurious warnings when running EFI binaries
anymore.

Signed-off-by: Alexander Graf <agraf@suse.de>
2016-05-27 15:39:56 -04:00
Alexander Graf
51735ae0ea efi_loader: Add bounce buffer support
Some hardware that is supported by U-Boot can not handle DMA above 32bits.
For these systems, we need to come up with a way to expose the disk interface
in a safe way.

This patch implements EFI specific bounce buffers. For non-EFI cases, this
apparently was no issue so far, since we can just define our environment
variables conveniently.

Signed-off-by: Alexander Graf <agraf@suse.de>
2016-05-27 15:39:48 -04:00
Simon Glass
487d756f78 dm: efi: Update for CONFIG_BLK
This code does not currently build with driver model enabled for block
devices. Update it to correct this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexander Graf <agraf@suse.de>
2016-05-27 10:23:09 -06:00
Alexander Graf
0efe1bcf5c efi_loader: Add network access support
We can now successfully boot EFI applications from disk, but users
may want to also run them from a PXE setup.

This patch implements rudimentary network support, allowing a payload
to send and receive network packets.

With this patch, I was able to successfully run grub2 with network
access inside of QEMU's -M xlnx-ep108.

Signed-off-by: Alexander Graf <agraf@suse.de>
2016-05-27 10:01:10 -04:00
Simon Glass
6dd9faf8f9 dm: part: Drop the block_drvr table
This is not needed since we can use the functions provided by the legacy
block device support.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-05-17 09:54:43 -06:00
Andreas Färber
dede284d1c efi_loader: Handle memory overflows
jetson-tk1 has 2 GB of RAM at 0x80000000, causing gd->ram_top to be zero.
Handle this by either avoiding ram_top or by using the same type as
ram_top to reverse the overflow effect.

Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Alexander Graf <agraf@suse.de>
2016-04-18 17:11:44 -04:00
Alexander Graf
cee752fa8d efi_loader: Expose ascending efi memory map
The EFI memory map does not need to be in a strict order, but 32bit
grub2 does expect it to be ascending. If it's not, it may try to
allocate memory inside the U-Boot data memory region.

We already sort the memory map in descending order, so let's just
reverse it when we pass it to a payload.

Signed-off-by: Alexander Graf <agraf@suse.de>
Tested-by: Andreas Färber <afaerber@suse.de>
2016-04-18 17:11:40 -04:00
Alexander Graf
36c37a8481 efi_loader: Always flush in cache line size granularity
The cache line flush helpers only work properly when they get aligned
start and end addresses. Round our flush range to cache line size. It's
safe because we're guaranteed to flush within a single page which has the
same cache attributes.

Reported-by: Marek Vasut <marex@denx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Tested-by: Andreas Färber <afaerber@suse.de>
2016-04-18 17:11:39 -04:00
Alexander Graf
ecbe1a07c5 efi_loader: Increase path string to 32 characters
Whenever we want to tell our payload about a path, we limit ourselves
to a reasonable amount of characters. So far we only passed in device
names - exceeding 16 chars was unlikely there.

However by now we also pass real file path information, so let's increase
the limit to 32 characters. That way common paths like "boot/efi/bootaa64.efi"
fit just fine.

Signed-off-by: Alexander Graf <agraf@suse.de>
2016-04-18 17:11:37 -04:00
Alexander Graf
8c3df0bf2e efi_loader: Add el torito support
When loading an el torito image, uEFI exposes said image as a raw
block device to the payload.

Let's do the same by creating new block devices with added offsets for
the respective el torito partitions.

Signed-off-by: Alexander Graf <agraf@suse.de>
2016-04-18 17:11:36 -04:00
Alexander Graf
4a12a97c14 efi_loader: Split drive add into function
The snippet of code to add a drive to our drive list needs to
get called from 2 places in the future. Split it into a separate
function.

Signed-off-by: Alexander Graf <agraf@suse.de>
2016-04-18 17:11:35 -04:00
Alexander Graf
38ce65e1fe efi_loader: Always allocate the highest available address
Some EFI applications (grub2) expect that an allocation always returns
the highest available memory address for the given size.

Without this, we may run into situations where the initrd gets allocated
at a lower address than the kernel.

This patch fixes booting in such situations for me.

Signed-off-by: Alexander Graf <agraf@suse.de>
2016-04-01 17:18:06 -04:00
Alexander Graf
1cd29f0abd efi_loader: Fix some entry/exit points
When switching between EFI context and U-Boot context we need to swap
the register that "gd" resides in.

Some functions slipped through here, with efi_allocate_pool / efi_free_pool
not doing the switch correctly and efi_return_handle switching too often.

Fix them all up to make sure we always have consistent register state.

Signed-off-by: Alexander Graf <agraf@suse.de>
2016-03-27 09:13:02 -04:00
Alexander Graf
be8d324191 efi_loader: Add GOP support
The EFI standard defines a simple boot protocol that an EFI payload can use
to access video output.

This patch adds support to expose exactly that one (and the mode already in
use) as possible graphical configuration to an EFI payload.

With this, I can successfully run grub2 with graphical output.

Signed-off-by: Alexander Graf <agraf@suse.de>
2016-03-27 09:12:12 -04:00
Alexander Graf
0f4060ebcb efi_loader: Pass proper device path in on boot
EFI payloads can query for the device they were booted from. Because
we have a disconnect between loading binaries and running binaries,
we passed in a dummy device path so far.

Unfortunately that breaks grub2's logic to find its configuration
file from the same device it was booted from.

This patch adds logic to have the "load" command call into our efi
code to set the device path to the one we last loaded a binary from.

With this grub2 properly detects where we got booted from and can
find its configuration file, even when searching by-partition.

Signed-off-by: Alexander Graf <agraf@suse.de>
2016-03-15 21:30:14 -04:00
Alexander Graf
ed980b8c62 efi_loader: hook up in build environment
Now that we have all the bits and pieces ready for EFI payload loading
support, hook them up in Makefiles and KConfigs so that we can build.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
[trini: Enable only when we of OF_LIBFDT, disable on kwb and colibri_pxa270]
Signed-off-by: Tom Rini <trini@konsulko.com>
2016-03-15 21:30:11 -04:00
Alexander Graf
5d00995c36 efi_loader: Implement memory allocation and map
The EFI loader needs to maintain views of memory - general system memory
windows as well as used locations inside those and potential runtime service
MMIO windows.

To manage all of these, add a few helpers that maintain an internal
representation of the map the similar to how the EFI API later on reports
it to the application.

For allocations, the scheme is very simple. We basically allow allocations
to replace chunks of previously done maps, so that a new LOADER_DATA
allocation for example can remove a piece of the RAM map. When no specific
address is given, we just take the highest possible address in the lowest
RAM map that fits the allocation size.

Signed-off-by: Alexander Graf <agraf@suse.de>
Tested-by: Simon Glass <sjg@chromium.org>
2016-03-15 21:30:10 -04:00
Alexander Graf
2a22d05d33 efi_loader: Add disk interfaces
A EFI applications usually want to access storage devices to load data from.

This patch adds support for EFI disk interfaces. It loops through all block
storage interfaces known to U-Boot and creates an EFI object for each existing
one. EFI applications can then through these objects call U-Boot's read and
write functions.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
[trini: Update for various DM changes since posting]
Signed-off-by: Tom Rini <trini@konsulko.com>
2016-03-15 18:03:11 -04:00
Alexander Graf
50149ea37a efi_loader: Add runtime services
After booting has finished, EFI allows firmware to still interact with the OS
using the "runtime services". These callbacks live in a separate address space,
since they are available long after U-Boot has been overwritten by the OS.

This patch adds enough framework for arbitrary code inside of U-Boot to become
a runtime service with the right section attributes set. For now, we don't make
use of it yet though.

We could maybe in the future map U-boot environment variables to EFI variables
here.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
2016-03-15 18:03:10 -04:00
Alexander Graf
c1311ad4e0 efi_loader: Add console interface
One of the basic EFI interfaces is the console interface. Using it an EFI
application can interface with the user. This patch implements an EFI console
interface using getc() and putc().

Today, we only implement text based consoles. We also convert the EFI Unicode
characters to UTF-8 on the fly, hoping that everyone managed to jump on the
train by now.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
2016-03-15 18:03:09 -04:00
Alexander Graf
bee91169f5 efi_loader: Add boot time services
When an EFI application runs, it has access to a few descriptor and callback
tables to instruct the EFI compliant firmware to do things for it. The bulk
of those interfaces are "boot time services". They handle all object management,
and memory allocation.

This patch adds support for the boot time services and also exposes a system
table, which is the point of entry descriptor table for EFI payloads.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
2016-03-15 18:03:06 -04:00
Alexander Graf
cb149c6634 efi_loader: Add PE image loader
EFI uses the PE binary format for its application images. Add support to EFI PE
binaries as well as all necessary bits for the "EFI image loader" interfaces.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
2016-03-15 15:19:23 -04:00