[U-Boot] [RFC] efi_loader: Handle 32-bit memory overflows

Alexander Graf agraf at suse.de
Wed Apr 13 13:48:49 CEST 2016


On 04/13/2016 01:26 PM, Andreas Färber wrote:
> Am 13.04.2016 um 07:50 schrieb Alexander Graf:
>>> Am 13.04.2016 um 05:24 schrieb Andreas Färber <afaerber at suse.de>:
>>>
>>> jetson-tk1 has 2 GB of RAM at 0x80000000, causing gd->ram_top to be zero.
>>> Handle this by replacing it with 0x100000000 in that case.
>> Nice catch!
>>
>>> Cc: Alexander Graf <agraf at suse.de>
>>> Signed-off-by: Andreas Färber <afaerber at suse.de>
>>> ---
>>> lib/efi_loader/efi_memory.c | 4 ++--
>>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/lib/efi_loader/efi_memory.c b/lib/efi_loader/efi_memory.c
>>> index 138736f..7b87108 100644
>>> --- a/lib/efi_loader/efi_memory.c
>>> +++ b/lib/efi_loader/efi_memory.c
>>> @@ -225,7 +225,7 @@ efi_status_t efi_allocate_pages(int type, int memory_type,
>>>     switch (type) {
>>>     case 0:
>>>         /* Any page */
>>> -        addr = efi_find_free_memory(len, gd->ram_top);
>>> +        addr = efi_find_free_memory(len, gd->ram_top == 0 ? 0x100000000ull : gd->ram_top);
> If we do use a constant, we should probably be using
> UINT64_C(0x100000000) rather than ull for compatibility.
>
>> Couldn't we just use gd->ram_top - 1? Then we underflow to 0xffffffff and everything should just work.
> Hm, that does work in my testing. Is it guaranteed it will handle that
> as unsigned long rather than uint64_t? And did you mean to always use it
> that way or just in the zero case? I.e., might we be wasting one byte in
> the non-zero case or is it guaranteed that the top of RAM is always
> reserved?

Top of RAM is where U-Boot lives, so it's always reserved anyways :).

> I was wondering whether we might run into the same overflow problem on
> aarch64, in which case my hunk would be wrong, but your -1 should work.

I'm not aware of an aarch64 implementation (or even spec) that would 
allow for 64bit physical address space, so we're safe on aarch64. But I 
like the -1 better, since it just completely negates any overflow.

>
>>>         if (!addr) {
>>>             r = EFI_NOT_FOUND;
>>>             break;
>>> @@ -343,7 +343,7 @@ int efi_memory_init(void)
>>>
>>>     /* Add U-Boot */
>>>     uboot_start = (gd->start_addr_sp - uboot_stack_size) & ~EFI_PAGE_MASK;
>>> -    uboot_pages = (gd->ram_top - uboot_start) >> EFI_PAGE_SHIFT;
>>> +    uboot_pages = ((gd->ram_top == 0 ? 0x100000000ull : gd->ram_top) - uboot_start) >> EFI_PAGE_SHIFT;
>> Are you sure this hunk is necessary? We should already underflow to the correct value here.
> Positive that _something_ here is necessary for sanity, it was using a
> huge number of pages (uboot_start is uint64_t).

Ok, so the fix would be to change uboot_start to unsigned long to have 
the same type as gd->ram_top.

>
> If we use an odd number like -1, then we probably should add
> EFI_PAGE_MASK as done for the RAM for the non-zero case, shouldn't we?
> That might overflow on aarch64 though...

Since we shift afterwards we don't need to mask anything. Bits that we 
would mask away are already gone after the shift ;).

Does the patch below work?


Alex

diff --git a/lib/efi_loader/efi_memory.c b/lib/efi_loader/efi_memory.c
index df99585..71a3d19 100644
--- a/lib/efi_loader/efi_memory.c
+++ b/lib/efi_loader/efi_memory.c
@@ -220,7 +220,7 @@ efi_status_t efi_allocate_pages(int type, int 
memory_type,
         switch (type) {
         case 0:
                 /* Any page */
-               addr = efi_find_free_memory(len, gd->ram_top);
+               addr = efi_find_free_memory(len, gd->start_addr_sp);
                 if (!addr) {
                         r = EFI_NOT_FOUND;
                         break;
@@ -320,9 +320,9 @@ efi_status_t efi_get_memory_map(unsigned long 
*memory_map_size,

  int efi_memory_init(void)
  {
-       uint64_t runtime_start, runtime_end, runtime_pages;
-       uint64_t uboot_start, uboot_pages;
-       uint64_t uboot_stack_size = 16 * 1024 * 1024;
+       unsigned long runtime_start, runtime_end, runtime_pages;
+       unsigned long uboot_start, uboot_pages;
+       unsigned long uboot_stack_size = 16 * 1024 * 1024;
         int i;

         /* Add RAM */



More information about the U-Boot mailing list