[PATCH v3 5/7] efi_loader: set EFI HTTP Boot download buffer as reserved
Masahisa Kojima
masahisa.kojima at linaro.org
Fri Sep 15 12:16:38 CEST 2023
The buffer used to download the ISO image file must be
reserved to avoid the unintended access to the image.
For PE-COFF file case, this memory reservation is done
in LoadImage Boot Service.
Signed-off-by: Masahisa Kojima <masahisa.kojima at linaro.org>
---
include/efi_loader.h | 2 ++
lib/efi_loader/efi_bootmgr.c | 5 +++++
lib/efi_loader/efi_dt_fixup.c | 2 +-
3 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/include/efi_loader.h b/include/efi_loader.h
index 4a29ddaef4..c4207edc91 100644
--- a/include/efi_loader.h
+++ b/include/efi_loader.h
@@ -554,6 +554,8 @@ void efi_runtime_detach(void);
/* efi_convert_pointer() - convert pointer to virtual address */
efi_status_t EFIAPI efi_convert_pointer(efi_uintn_t debug_disposition,
void **address);
+/* add reserved memory to memory map */
+void efi_reserve_memory(u64 addr, u64 size, bool nomap);
/* Carve out DT reserved memory ranges */
void efi_carve_out_dt_rsv(void *fdt);
/* Purge unused kaslr-seed */
diff --git a/lib/efi_loader/efi_bootmgr.c b/lib/efi_loader/efi_bootmgr.c
index 1a287ad89d..d26c607815 100644
--- a/lib/efi_loader/efi_bootmgr.c
+++ b/lib/efi_loader/efi_bootmgr.c
@@ -326,6 +326,11 @@ static efi_status_t try_load_from_uri_path(struct efi_device_path_uri *uridp,
return EFI_INVALID_PARAMETER;
ret = load_default_file_from_blk_dev(blk, handle);
+ if (ret != EFI_SUCCESS)
+ return ret;
+
+ /* whole ramdisk must be reserved */
+ efi_reserve_memory(image_addr, image_size, true);
} else if (efi_check_pe((void *)image_addr, image_size, NULL) == EFI_SUCCESS) {
efi_handle_t mem_handle = NULL;
struct efi_device_path *file_path = NULL;
diff --git a/lib/efi_loader/efi_dt_fixup.c b/lib/efi_loader/efi_dt_fixup.c
index 838023c78f..edc515b9ff 100644
--- a/lib/efi_loader/efi_dt_fixup.c
+++ b/lib/efi_loader/efi_dt_fixup.c
@@ -22,7 +22,7 @@ const efi_guid_t efi_guid_dt_fixup_protocol = EFI_DT_FIXUP_PROTOCOL_GUID;
* @nomap: indicates that the memory range shall not be accessed by the
* UEFI payload
*/
-static void efi_reserve_memory(u64 addr, u64 size, bool nomap)
+void efi_reserve_memory(u64 addr, u64 size, bool nomap)
{
int type;
efi_uintn_t ret;
--
2.34.1
More information about the U-Boot
mailing list