summaryrefslogtreecommitdiffstats
path: root/0003-efi-efi_memmap_insert-don-t-insert-a-region-more-tha.patch
diff options
context:
space:
mode:
Diffstat (limited to '0003-efi-efi_memmap_insert-don-t-insert-a-region-more-tha.patch')
-rw-r--r--0003-efi-efi_memmap_insert-don-t-insert-a-region-more-tha.patch114
1 files changed, 114 insertions, 0 deletions
diff --git a/0003-efi-efi_memmap_insert-don-t-insert-a-region-more-tha.patch b/0003-efi-efi_memmap_insert-don-t-insert-a-region-more-tha.patch
new file mode 100644
index 000000000..aceeb1d0c
--- /dev/null
+++ b/0003-efi-efi_memmap_insert-don-t-insert-a-region-more-tha.patch
@@ -0,0 +1,114 @@
+From f6e5aedc786ca2360a9b2aaa2fc31769a9c182d0 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Wed, 7 Dec 2016 14:41:25 -0500
+Subject: [PATCH 3/4] efi: efi_memmap_insert(): don't insert a region more than
+ once
+
+Some machines, such as the Lenovo ThinkPad W541 with firmware GNET80WW
+(2.28), include memory map entries with phys_addr=0x0 and num_pages=0.
+
+When this is true on a machine with an ESRT config table,
+efi_esrt_init() will try to reserve that table with efi_mem_reserve().
+When it does, efi_arch_mem_reserve() will use efi_mem_desc_lookup() to
+find the memory map in question, call efi_memmap_split_count() to
+determine how many regions it will be split into, allocates new ram for
+the map, and calls efi_memmap_insert() to add the entry.
+
+efi_memmap_insert() iterates across all regions in the old map, and for
+each region, it tests whether the address for the new map is within that
+region. Unfortunately we'll try to insert the new map in *each* of
+these entries, causing even more duplicate entries. But
+efi_memmap_split_count() only returned the split count for the first
+entry, because it was called with the result of efi_mem_desc_lookup(),
+which only returns the first entry it came across. As a result, this
+will overflow the memory map's allocation and eventually panic.
+
+Unfortunately the method of computing the size does not handle the
+0xffffffffffffffff or 0x0 edge cases well, and all valid addresses wind
+up being covered by any such entry. Even if the math weren't off by 1
+byte in the num_pages=0 case, a duplicate entry in the table, or an
+entry with num_pages of ((u64)-1LL >> EFI_PAGE_SHIFT) or (u64)-1LL (i.e.
+either the maximum number of virtually addressable pages or just the
+largest value you can stuff in the field) would have the same effect.
+
+In any case, if we see more than one memory map in efi_memmap_insert()
+that covers the same region, it is an error to try to split up more than
+one of them, overflowing the allocation. So this makes it never try to
+split more than one region per invocation of efi_arch_mem_reserve().
+
+I have not attempted to address the math error.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ drivers/firmware/efi/memmap.c | 29 ++++++++++++++++++++++++++++-
+ 1 file changed, 28 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/firmware/efi/memmap.c b/drivers/firmware/efi/memmap.c
+index f03ddec..5b71c717 100644
+--- a/drivers/firmware/efi/memmap.c
++++ b/drivers/firmware/efi/memmap.c
+@@ -219,6 +219,7 @@ void __init efi_memmap_insert(struct efi_memory_map *old_memmap, void *buf,
+ efi_memory_desc_t *md;
+ u64 start, end;
+ void *old, *new;
++ bool did_split=false;
+
+ /* modifying range */
+ m_start = mem->range.start;
+@@ -251,6 +252,15 @@ void __init efi_memmap_insert(struct efi_memory_map *old_memmap, void *buf,
+
+ if (m_start <= start &&
+ (start < m_end && m_end < end)) {
++ if (did_split) {
++ pr_warn_once("%s: memory map for 0x%llx pages at 0x%016llx also covers address 0x%016llx. Not splitting.\n",
++ __func__,
++ md->num_pages, md->phys_addr,
++ m_start);
++ continue;
++ }
++
++ did_split = true;
+ /* first part */
+ md->attribute |= m_attr;
+ md->num_pages = (m_end - md->phys_addr + 1) >>
+@@ -265,9 +275,18 @@ void __init efi_memmap_insert(struct efi_memory_map *old_memmap, void *buf,
+ }
+
+ if ((start < m_start && m_start < end) && m_end < end) {
++ if (did_split) {
++ pr_warn_once("%s: memory map for 0x%llx pages at 0x%016llx also covers address 0x%016llx. Not splitting.\n",
++ __func__,
++ md->num_pages, md->phys_addr,
++ m_start);
++ continue;
++ }
++ did_split = true;
+ /* first part */
+ md->num_pages = (m_start - md->phys_addr) >>
+ EFI_PAGE_SHIFT;
++
+ /* middle part */
+ new += old_memmap->desc_size;
+ memcpy(new, old, old_memmap->desc_size);
+@@ -284,9 +303,17 @@ void __init efi_memmap_insert(struct efi_memory_map *old_memmap, void *buf,
+ md->num_pages = (end - m_end) >>
+ EFI_PAGE_SHIFT;
+ }
+-
++// else
+ if ((start < m_start && m_start < end) &&
+ (end <= m_end)) {
++ if (did_split) {
++ pr_warn_once("%s: memory map for 0x%llx pages at 0x%016llx also covers address 0x%016llx. Not splitting.\n",
++ __func__,
++ md->num_pages, md->phys_addr,
++ m_start);
++ continue;
++ }
++ did_split = true;
+ /* first part */
+ md->num_pages = (m_start - md->phys_addr) >>
+ EFI_PAGE_SHIFT;
+--
+2.9.3
+
generated by cgit (git 2.34.1) at 2024-06-13 10:10:26 +0000