[PATCH 1/1] cmd: bootefi: allocate device-tree copy from high memory

[Heinrich Schuchardt]

The bootefi command creates a copy of the device-tree within the first
127 MiB of memory. This may lead to overwriting previously loaded binaries
(e.g. kernel, initrd).

Linux EFI stub itself copies U-Boot's copy of the device-tree. This means
there is not restriction for U-Boot to place the device-tree copy to any
address. (Restrictions existed for 32bit ARM before Linux commit
7a1be318f579 ("ARM: 9012/1: move device tree mapping out of linear region")
for legacy booting.

Reported-by: Alexandre Ghiti <alexghiti at rivosinc.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
---
 cmd/bootefi.c | 15 +++------------
 1 file changed, 3 insertions(+), 12 deletions(-)

diff --git a/cmd/bootefi.c b/cmd/bootefi.c
index 6618335ddf..aca4e99930 100644
--- a/cmd/bootefi.c
+++ b/cmd/bootefi.c
@@ -208,21 +208,12 @@ static efi_status_t copy_fdt(void **fdtp)
 	 * Safe fdt location is at 127 MiB.
 	 * On the sandbox convert from the sandbox address space.
 	 */
-	new_fdt_addr = (uintptr_t)map_sysmem(fdt_ram_start + 0x7f00000 +
-					     fdt_size, 0);
-	ret = efi_allocate_pages(EFI_ALLOCATE_MAX_ADDRESS,
+	ret = efi_allocate_pages(EFI_ALLOCATE_ANY_PAGES,
 				 EFI_ACPI_RECLAIM_MEMORY, fdt_pages,
 				 &new_fdt_addr);
 	if (ret != EFI_SUCCESS) {
-		/* If we can't put it there, put it somewhere */
-		new_fdt_addr = (ulong)memalign(EFI_PAGE_SIZE, fdt_size);
-		ret = efi_allocate_pages(EFI_ALLOCATE_MAX_ADDRESS,
-					 EFI_ACPI_RECLAIM_MEMORY, fdt_pages,
-					 &new_fdt_addr);
-		if (ret != EFI_SUCCESS) {
-			log_err("ERROR: Failed to reserve space for FDT\n");
-			goto done;
-		}
+		log_err("ERROR: Failed to reserve space for FDT\n");
+		goto done;
 	}
 	new_fdt = (void *)(uintptr_t)new_fdt_addr;
 	memcpy(new_fdt, fdt, fdt_totalsize(fdt));
-- 
2.38.1