[PATCH 1/1] cmd: bootefi: allocate device-tree copy from high memory

Thu Feb 23 20:19:23 CET 2023

On Thu, Feb 23, 2023 at 7:00 PM Heinrich Schuchardt
<heinrich.schuchardt at canonical.com> wrote:
>
> The bootefi command creates a copy of the device-tree within the first
> 127 MiB of memory. This may lead to overwriting previously loaded binaries
> (e.g. kernel, initrd).
>
> Linux EFI stub itself copies U-Boot's copy of the device-tree. This means
> there is not restriction for U-Boot to place the device-tree copy to any
> address. (Restrictions existed for 32bit ARM before Linux commit
> 7a1be318f579 ("ARM: 9012/1: move device tree mapping out of linear region")
> for legacy booting.
>
> Reported-by: Alexandre Ghiti <alexghiti at rivosinc.com>
> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
> ---
>  cmd/bootefi.c | 15 +++------------
>  1 file changed, 3 insertions(+), 12 deletions(-)
>
> diff --git a/cmd/bootefi.c b/cmd/bootefi.c
> index 6618335ddf..aca4e99930 100644
> --- a/cmd/bootefi.c
> +++ b/cmd/bootefi.c
> @@ -208,21 +208,12 @@ static efi_status_t copy_fdt(void **fdtp)
>          * Safe fdt location is at 127 MiB.
>          * On the sandbox convert from the sandbox address space.
>          */

The comment should be removed too.

> -       new_fdt_addr = (uintptr_t)map_sysmem(fdt_ram_start + 0x7f00000 +
> -                                            fdt_size, 0);
> -       ret = efi_allocate_pages(EFI_ALLOCATE_MAX_ADDRESS,
> +       ret = efi_allocate_pages(EFI_ALLOCATE_ANY_PAGES,
>                                  EFI_ACPI_RECLAIM_MEMORY, fdt_pages,
>                                  &new_fdt_addr);
>         if (ret != EFI_SUCCESS) {
> -               /* If we can't put it there, put it somewhere */
> -               new_fdt_addr = (ulong)memalign(EFI_PAGE_SIZE, fdt_size);
> -               ret = efi_allocate_pages(EFI_ALLOCATE_MAX_ADDRESS,
> -                                        EFI_ACPI_RECLAIM_MEMORY, fdt_pages,
> -                                        &new_fdt_addr);
> -               if (ret != EFI_SUCCESS) {
> -                       log_err("ERROR: Failed to reserve space for FDT\n");
> -                       goto done;
> -               }
> +               log_err("ERROR: Failed to reserve space for FDT\n");
> +               goto done;
>         }
>         new_fdt = (void *)(uintptr_t)new_fdt_addr;
>         memcpy(new_fdt, fdt, fdt_totalsize(fdt));
> --
> 2.38.1
>

Otherwise, you can add:

Tested-by: Alexandre Ghiti <alexghiti at rivosinc.com>

Thanks Heinrich!

Alex