[U-Boot] [PATCH 4/9] efi_loader: Add boot time services
Alexander Graf
agraf at suse.de
Fri Jan 15 01:13:15 CET 2016
On 26.12.15 19:09, Leif Lindholm wrote:
> On Tue, Dec 22, 2015 at 02:57:51PM +0100, Alexander Graf wrote:
>> When an EFI application runs, it has access to a few descriptor and callback
>> tables to instruct the EFI compliant firmware to do things for it. The bulk
>> of those interfaces are "boot time services". They handle all object management,
>> and memory allocation.
>>
>> This patch adds support for the boot time services and also exposes a system
>> table, which is the point of entry descriptor table for EFI payloads.
>
> One overall observation, and I may help track these down - but not all
> for this review: this code uses EFI_UNSUPPORTED as a default
> "something went wrong" error code, but this is not actually supported
> by the specification. I'm pointing out a few of these, but it would be
> preferable if we could crowdsource this a bit since there are quire a
> few instances...
>
>> Signed-off-by: Alexander Graf <agraf at suse.de>
>> ---
>> include/efi_loader.h | 41 +++
>> lib/efi_loader/efi_boottime.c | 838 ++++++++++++++++++++++++++++++++++++++++++
>> 2 files changed, 879 insertions(+)
>> create mode 100644 lib/efi_loader/efi_boottime.c
>>
>> diff --git a/include/efi_loader.h b/include/efi_loader.h
>> index da82354..ed7c389 100644
>> --- a/include/efi_loader.h
>> +++ b/include/efi_loader.h
>> @@ -24,14 +24,55 @@
>> #include <efi_api.h>
>> #include <linux/list.h>
>>
>> +/* #define DEBUG_EFI */
>> +
>> +#ifdef DEBUG_EFI
>> +#define EFI_ENTRY(format, ...) do { \
>> + efi_restore_gd(); \
>> + printf("EFI: Entry %s(" format ")\n", __func__, ##__VA_ARGS__); \
>> + } while(0)
>> +#else
>> +#define EFI_ENTRY(format, ...) do { \
>> + efi_restore_gd(); \
>> + } while(0)
>> +#endif
>> +
>> +#define EFI_EXIT(ret) efi_exit_func(ret);
>> +
>> +extern struct efi_system_table systab;
>> +
>> extern const efi_guid_t efi_guid_device_path;
>> extern const efi_guid_t efi_guid_loaded_image;
>>
>> +struct efi_class_map {
>> + const efi_guid_t *guid;
>> + const void *interface;
>> +};
>> +
>> +struct efi_handler {
>> + const efi_guid_t *guid;
>> + efi_status_t (EFIAPI *open)(void *handle,
>> + efi_guid_t *protocol, void **protocol_interface,
>> + void *agent_handle, void *controller_handle,
>> + uint32_t attributes);
>> +};
>> +
>> +struct efi_object {
>> + struct list_head link;
>> + struct efi_handler protocols[4];
>> + void *handle;
>> +};
>> +extern struct list_head efi_obj_list;
>> +
>> efi_status_t efi_return_handle(void *handle,
>> efi_guid_t *protocol, void **protocol_interface,
>> void *agent_handle, void *controller_handle,
>> uint32_t attributes);
>> +void efi_timer_check(void);
>> void *efi_load_pe(void *efi, struct efi_loaded_image *loaded_image_info);
>> +void efi_save_gd(void);
>> +void efi_restore_gd(void);
>> +efi_status_t efi_exit_func(efi_status_t ret);
>>
>> #define EFI_LOADER_POOL_SIZE (128 * 1024 * 1024)
>> void *efi_loader_alloc(uint64_t len);
>> diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c
>> new file mode 100644
>> index 0000000..ed95962
>> --- /dev/null
>> +++ b/lib/efi_loader/efi_boottime.c
>> @@ -0,0 +1,838 @@
>> +/*
>> + * EFI application boot time services
>> + *
>> + * Copyright (c) 2015 Alexander Graf
>> + *
>> + * This library is free software; you can redistribute it and/or
>> + * modify it under the terms of the GNU Lesser General Public
>> + * License as published by the Free Software Foundation; either
>> + * version 2.1 of the License, or (at your option) any later version.
>> + *
>> + * This library is distributed in the hope that it will be useful,
>> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
>> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
>> + * Lesser General Public License for more details.
>> + *
>> + * You should have received a copy of the GNU Lesser General Public
>> + * License along with this library; if not, write to the Free Software
>> + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
>> + *
>> + * SPDX-License-Identifier: LGPL-2.1+
>> + */
>> +
>> +#define DEBUG_EFI
>> +
>> +#include <common.h>
>> +#include <efi_loader.h>
>> +#include <malloc.h>
>> +#include <asm/global_data.h>
>> +#include <libfdt_env.h>
>> +#include <u-boot/crc.h>
>> +#include <bootm.h>
>> +#include <inttypes.h>
>> +#include <watchdog.h>
>> +
>> +DECLARE_GLOBAL_DATA_PTR;
>> +
>> +/*
>> + * EFI can pass arbitrary additional "tables" containing vendor specific
>> + * information to the payload. One such table is the FDT table which contains
>> + * a pointer to a flattened device tree blob.
>> + *
>> + * In most cases we want to pass an FDT to the payload, so reserve one slot of
>> + * config table space for it. The pointer gets populated by do_bootefi_exec().
>> + */
>> +static struct efi_configuration_table efi_conf_table[] = {
>> + {
>> + .guid = EFI_FDT_GUID,
>> + },
>> +};
>> +
>> +/*
>> + * The "gd" pointer lives in a register on ARM and AArch64 that we declare
>> + * fixed when compiling U-Boot. However, the payload does now know about that
>> + * restriction so we need to manually swap its and our view of that register on
>> + * EFI callback entry/exit.
>> + */
>> +static volatile void *efi_gd, *app_gd;
>> +
>> +/* Called from do_bootefi_exec() */
>> +void efi_save_gd(void)
>> +{
>> + efi_gd = gd;
>> +}
>> +
>> +/* Called on every callback entry */
>> +void efi_restore_gd(void)
>> +{
>> + if (gd != efi_gd)
>> + app_gd = gd;
>> + gd = efi_gd;
>> +}
>> +
>> +/* Called on every callback exit */
>> +efi_status_t efi_exit_func(efi_status_t ret)
>> +{
>> + gd = app_gd;
>> + return ret;
>> +}
>> +
>> +static efi_status_t efi_unsupported(const char *funcname)
>> +{
>> +#ifdef DEBUG_EFI
>> + printf("EFI: App called into unimplemented function %s\n", funcname);
>> +#endif
>> + return EFI_EXIT(EFI_UNSUPPORTED);
>
> Not always a legal return status.
>
>> +}
>> +
>> +static unsigned long efi_raise_tpl(unsigned long new_tpl)
>> +{
>> + EFI_ENTRY("0x%lx", new_tpl);
>> + return EFI_EXIT(efi_unsupported(__func__));
>
> "Unlike other UEFI interface functions, EFI_BOOT_SERVICES.RaiseTPL()
> does not return a status code. Instead, it returns the previous task
> priority level, which is to be restored later with a matching call to
> RestoreTPL()."
Since we don't do TPLs (or IRQs for that matter), I'll just return 0 here.
>
>> +}
>> +
>> +static void efi_restore_tpl(unsigned long old_tpl)
>> +{
>> + EFI_ENTRY("0x%lx", old_tpl);
>> + EFI_EXIT(efi_unsupported(__func__));
>
> (void function, nothing to return)
Yes, hence no return. EFI_EXIT deals with the gd swapping and
efi_unsupported() gives me a nice debug message :).
>
>> +}
>> +
>> +static void *efi_alloc(uint64_t len, int memory_type)
>> +{
>> + switch (memory_type) {
>> + case EFI_LOADER_DATA:
>> + return efi_loader_alloc(len);
>> + default:
>> + return malloc(len);
>> + }
>> +}
>> +
>> +static efi_status_t efi_allocate_pages(int type, int memory_type,
>> + unsigned long pages, uint64_t *memory)
>> +{
>> + u64 len = pages << 12;
>> + efi_status_t r = EFI_SUCCESS;
>> +
>> + EFI_ENTRY("%d, %d, 0x%lx, %p", type, memory_type, pages, memory);
>> +
>> + switch (type) {
>> + case 0:
>> + /* Any page means we can go to efi_alloc */
>> + *memory = (unsigned long)efi_alloc(len, memory_type);
>> + break;
>> + case 1:
>> + /* Max address */
>> + if (gd->relocaddr < *memory) {
>> + *memory = (unsigned long)efi_alloc(len, memory_type);
>> + break;
>> + }
>> + r = EFI_UNSUPPORTED;
>
> EFI_OUT_OF_RESOURCES/EFI_NOT_FOUND?
>
>> + break;
>> + case 2:
>> + /* Exact address, grant it. The addr is already in *memory. */
>
> As far as I can tell, this is why GRUB works. Because it filters
> through the memory map manually, requesting to allocate its heap at an
> exact address in a region of free memory in the UEFI memory map.
Yes.
> The key is that EFI_LOADER_MEMORY will be used by applications loaded
> as well as by U-Boot to load applications into. A simple example where
> this could be problematic would be a large(ish) initrd loaded via initrd=
> on kernel (stub loader) command line rather than via GRUB.
Ah, so here the 128MB limit on the LOADER_DATA section might bite us?
>
>> + break;
>> + default:
>
> It would actually be fair here to state that the above are the only
> types supported by the UEFI specification, as opposed to not being
> implemented.
>
>> + r = EFI_UNSUPPORTED;
>
> Actually, not a valid return value.
> EFI_INVALID_PARAMETER
>
>> + break;
>> + }
>> +
>> + return EFI_EXIT(r);
>> +}
>> +
>> +static efi_status_t efi_free_pages(uint64_t memory, unsigned long pages)
>> +{
>> + /* We don't free, let's cross our fingers we have plenty RAM */
>> + EFI_ENTRY("%"PRIx64", 0x%lx", memory, pages);
>> + return EFI_EXIT(EFI_SUCCESS);
>> +}
>> +
>> +/*
>> + * Returns the EFI memory map. In our case, this looks pretty simple:
>> + *
>> + * ____________________________ TOM
>> + * | |
>> + * | Second half of U-Boot |
>> + * |____________________________| &__efi_runtime_stop
>> + * | |
>> + * | EFI Runtime Services |
>> + * |____________________________| &__efi_runtime_start
>> + * | |
>> + * | First half of U-Boot |
>> + * |____________________________| start of EFI loader allocation space
>> + * | |
>> + * | Free RAM |
>> + * |____________________________| CONFIG_SYS_SDRAM_BASE
>> + *
>> + * All pointers are extended to live on a 4k boundary. After exiting the boot
>> + * services, only the EFI Runtime Services chunk of memory stays alive.
>> + */
>> +static efi_status_t efi_get_memory_map(unsigned long *memory_map_size,
>> + struct efi_mem_desc *memory_map,
>> + unsigned long *map_key,
>> + unsigned long *descriptor_size,
>> + uint32_t *descriptor_version)
>> +{
>> + struct efi_mem_desc efi_memory_map[] = {
>> + {
>> + /* RAM before U-Boot */
>> + .type = EFI_CONVENTIONAL_MEMORY,
>> + .attribute = 1 << EFI_MEMORY_WB_SHIFT,
>> + },
>> + {
>> + /* First half of U-Boot */
>> + .type = EFI_LOADER_DATA,
>> + .attribute = 1 << EFI_MEMORY_WB_SHIFT,
>> + },
>> + {
>> + /* EFI Runtime Services */
>> + .type = EFI_RUNTIME_SERVICES_CODE,
>> + .attribute = 1 << EFI_MEMORY_WB_SHIFT,
>> + },
>> + {
>> + /* Second half of U-Boot */
>> + .type = EFI_LOADER_DATA,
>> + .attribute = 1 << EFI_MEMORY_WB_SHIFT,
>> + },
>> + };
>> + ulong runtime_start, runtime_end, runtime_len_pages, runtime_len;
>> +
>> + EFI_ENTRY("%p, %p, %p, %p, %p", memory_map_size, memory_map, map_key,
>> + descriptor_size, descriptor_version);
>> +
>> + runtime_start = (ulong)&__efi_runtime_start & ~0xfffULL;
>> + runtime_end = ((ulong)&__efi_runtime_stop + 0xfff) & ~0xfffULL;
>> + runtime_len_pages = (runtime_end - runtime_start) >> 12;
>> + runtime_len = runtime_len_pages << 12;
>> +
>> + /* Fill in where normal RAM is (up to U-Boot) */
>> + efi_memory_map[0].num_pages = gd->relocaddr >> 12;
>
> U-Boot question: is gd->relocaddr always the offset from start of RAM?
> How does this work with gaps in memory map?
U-Boot always relocates itself at TOM (or at least what we consider TOM
here). gd->relocaddr is the physical address of the start of U-Boot
which is right below TOM.
>
>> +#ifdef CONFIG_SYS_SDRAM_BASE
>> + efi_memory_map[0].physical_start = CONFIG_SYS_SDRAM_BASE;
>> + efi_memory_map[0].virtual_start = CONFIG_SYS_SDRAM_BASE;
>> + efi_memory_map[0].num_pages -= CONFIG_SYS_SDRAM_BASE >> 12;
> #else
> #error "..."
> ?
If it's not defined, it's 0 :).
>> +#endif
>> +
>> + /* Remove U-Boot from the available RAM view */
>> + efi_memory_map[0].num_pages -= gd->mon_len >> 12;
>> +
>> + /* Remove the malloc area from the available RAM view */
>> + efi_memory_map[0].num_pages -= TOTAL_MALLOC_LEN >> 12;
>> +
>> + /* Give us some space for the stack */
>> + efi_memory_map[0].num_pages -= (16 * 1024 * 1024) >> 12;
>> +
>> + /* Reserve the EFI loader pool */
>> + efi_memory_map[0].num_pages -= EFI_LOADER_POOL_SIZE >> 12;
>> +
>> + /* Cut out the runtime services */
>> + efi_memory_map[2].physical_start = runtime_start;
>> + efi_memory_map[2].virtual_start = efi_memory_map[2].physical_start;
>> + efi_memory_map[2].num_pages = runtime_len_pages;
>> +
>> + /* Allocate the rest to U-Boot */
>> + efi_memory_map[1].physical_start = efi_memory_map[0].physical_start +
>> + (efi_memory_map[0].num_pages << 12);
>> + efi_memory_map[1].virtual_start = efi_memory_map[1].physical_start;
>> + efi_memory_map[1].num_pages = (runtime_start -
>> + efi_memory_map[1].physical_start) >> 12;
>> +
>> + efi_memory_map[3].physical_start = runtime_start + runtime_len;
>> + efi_memory_map[3].virtual_start = efi_memory_map[3].physical_start;
>> + efi_memory_map[3].num_pages = (gd->ram_top -
>> + efi_memory_map[3].physical_start) >> 12;
>> +
>> + *memory_map_size = sizeof(efi_memory_map);
>> +
>> + if (descriptor_size)
>> + *descriptor_size = sizeof(struct efi_mem_desc);
>> +
>> + if (*memory_map_size < sizeof(efi_memory_map)) {
>> + return EFI_EXIT(EFI_BUFFER_TOO_SMALL);
>> + }
>> +
>> + if (memory_map)
>> + memcpy(memory_map, efi_memory_map, sizeof(efi_memory_map));
>> +
>> + return EFI_EXIT(EFI_SUCCESS);
>> +}
>> +
>> +static efi_status_t efi_allocate_pool(int pool_type, unsigned long size, void **buffer)
>> +{
>> + return efi_allocate_pages(0, pool_type, (size + 0xfff) >> 12, (void*)buffer);
>> +}
>> +
>> +static efi_status_t efi_free_pool(void *buffer)
>> +{
>> + return efi_free_pages((ulong)buffer, 0);
>> +}
>> +
>> +/*
>> + * Our event capabilities are very limited. Only support a single
>> + * event to exist, so we don't need to maintain lists.
>> + */
>> +static struct {
>> + enum efi_event_type type;
>> + u32 trigger_type;
>> + u32 trigger_time;
>> + u64 trigger_next;
>> + unsigned long notify_tpl;
>> + void (*notify_function) (void *event, void *context);
>> + void *notify_context;
>> +} efi_event;
>> +
>> +static efi_status_t efi_create_event(enum efi_event_type type, ulong notify_tpl,
>> + void (*notify_function) (void *event,
>> + void *context),
>> + void *notify_context, void **event)
>> +{
>> + EFI_ENTRY("%d, 0x%lx, %p, %p", type, notify_tpl, notify_function,
>> + notify_context);
>> + if (efi_event.notify_function) {
>> + /* We only support one event at a time */
>> + return EFI_EXIT(EFI_UNSUPPORTED);
>
> EFI_OUT_OF_RESOURCES would be a better return value here.
Yup.
>
>> + }
>> +
>> + efi_event.type = type;
>> + efi_event.notify_tpl = notify_tpl;
>> + efi_event.notify_function = notify_function;
>> + efi_event.notify_context = notify_context;
>> + *event = &efi_event;
>> +
>> + return EFI_EXIT(EFI_SUCCESS);
>> +}
>> +
>> +/*
>> + * Our timers have to work without interrupts, so we check whenever keyboard
>> + * input or disk accesses happen if enough time elapsed for it to fire.
>> + */
>> +void efi_timer_check(void)
>> +{
>> + u64 now = timer_get_us();
>> +
>> + if (now >= efi_event.trigger_next) {
>> + /* Triggering! */
>> + if (efi_event.trigger_type == EFI_TIMER_PERIODIC)
>> + efi_event.trigger_next += efi_event.trigger_time / 10;
>> + efi_event.notify_function(&efi_event, efi_event.notify_context);
>> + }
>> +
>> + WATCHDOG_RESET();
>> +}
>> +
>> +static efi_status_t efi_set_timer(void *event, int type, uint64_t trigger_time)
>> +{
>> + /* We don't have 64bit division available everywhere, so limit timer
>> + * distances to 32bit bits. */
>> + u32 trigger32 = trigger_time;
>
> Add a warning message if this limit is exceeded?
ok
>
>> +
>> + EFI_ENTRY("%p, %d, %"PRIx64, event, type, trigger_time);
>> + if (event != &efi_event) {
>> + /* We only support one event at a time */
>> + return EFI_EXIT(EFI_UNSUPPORTED);
>
> This function should only ever be called with an event successfully
> created via create_event (and stored into efi_event). If we're called
> with another event handle, EFI_INVALID_PARAMETER is the appropriate
> error code.
Sounds reasonable.
>
>> + }
>> +
>> + switch (type) {
>> + case EFI_TIMER_STOP:
>> + efi_event.trigger_next = -1ULL;
>> + break;
>> + case EFI_TIMER_PERIODIC:
>> + case EFI_TIMER_RELATIVE:
>> + efi_event.trigger_next = timer_get_us() + (trigger32 / 10);
>> + break;
>> + default:
>> + return EFI_EXIT(EFI_UNSUPPORTED);
>> + }
>> + efi_event.trigger_type = type;
>> + efi_event.trigger_time = trigger_time;
>> +
>> + return EFI_EXIT(EFI_SUCCESS);
>> +}
[...]
>> +static const struct efi_boot_services efi_boot_services = {
>> + .hdr = {
>> + .headersize = sizeof(struct efi_table_hdr),
>> + },
>> + .raise_tpl = efi_raise_tpl,
>> + .restore_tpl = efi_restore_tpl,
>> + .allocate_pages = efi_allocate_pages,
>> + .free_pages = efi_free_pages,
>> + .get_memory_map = efi_get_memory_map,
>> + .allocate_pool = efi_allocate_pool,
>> + .free_pool = efi_free_pool,
>> + .create_event = efi_create_event,
>> + .set_timer = efi_set_timer,
>> + .wait_for_event = efi_wait_for_event,
>> + .signal_event = efi_signal_event,
>> + .close_event = efi_close_event,
>> + .check_event = efi_check_event,
>> + .install_protocol_interface = efi_install_protocol_interface,
>> + .reinstall_protocol_interface = efi_reinstall_protocol_interface,
>> + .uninstall_protocol_interface = efi_uninstall_protocol_interface,
>> + .handle_protocol = efi_handle_protocol,
>> + .reserved = NULL,
>> + .register_protocol_notify = efi_register_protocol_notify,
>> + .locate_handle = efi_locate_handle,
>> + .locate_device_path = efi_locate_device_path,
>> + .install_configuration_table = efi_install_configuration_table,
>> + .load_image = efi_load_image,
>> + .start_image = efi_start_image,
>> + .exit = (void*)efi_exit,
>> + .unload_image = efi_unload_image,
>> + .exit_boot_services = efi_exit_boot_services,
>> + .get_next_monotonic_count = efi_get_next_monotonic_count,
>> + .stall = efi_stall,
>> + .set_watchdog_timer = efi_set_watchdog_timer,
>> + .connect_controller = efi_connect_controller,
>> + .disconnect_controller = efi_disconnect_controller,
>> + .open_protocol = efi_open_protocol,
>> + .close_protocol = efi_close_protocol,
>> + .open_protocol_information = efi_open_protocol_information,
>> + .protocols_per_handle = efi_protocols_per_handle,
>> + .locate_handle_buffer = efi_locate_handle_buffer,
>> + .locate_protocol = efi_locate_protocol,
>> + .install_multiple_protocol_interfaces = efi_install_multiple_protocol_interfaces,
>> + .uninstall_multiple_protocol_interfaces = efi_uninstall_multiple_protocol_interfaces,
>> + .calculate_crc32 = efi_calculate_crc32,
>> + .copy_mem = efi_copy_mem,
>> + .set_mem = efi_set_mem,
>> +};
>> +
>> +
>> +static uint16_t firmware_vendor[] = { 'U','-','b','o','o','t',0 };
>
> Surely, if we're being formal, that should be 'D', 'a', 's', ' ',
> ... :)
Heh :) Sure!
>
>> +struct efi_system_table systab = {
>> + .hdr = {
>> + .signature = EFI_SYSTEM_TABLE_SIGNATURE,
>> + .revision = 0x20000, /* 2.0 */
>
> Really, this should claim to support revision 2.5, if not 2.6 (soon
> to be released). AArch64 support was only introduced in 2.4.
Works for me :).
Alex
More information about the U-Boot
mailing list