[U-Boot,v8,29/30] efi_loader: Pass address to fs_read()

Message ID	20180618140835.195901-30-sjg@chromium.org
State	Superseded
Delegated to:	Alexander Graf
Headers	show Return-Path: <u-boot-bounces@lists.denx.de> MIME-Version: 1.0 Date: Mon, 18 Jun 2018 08:08:34 -0600 In-Reply-To: <20180618140835.195901-1-sjg@chromium.org> Message-Id: <20180618140835.195901-30-sjg@chromium.org> References: <20180618140835.195901-1-sjg@chromium.org> From: Simon Glass <sjg@chromium.org> To: U-Boot Mailing List <u-boot@lists.denx.de> Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>, Heinrich Schuchardt <xypron.glpk@gmx.de>, Alexander Graf <agraf@suse.de> Subject: [U-Boot] [PATCH v8 29/30] efi_loader: Pass address to fs_read() Precedence: list Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
Series	efi: Enable sandbox support for EFI loader \| expand [U-Boot,v8,00/30] efi: Enable sandbox support for EFI loader [U-Boot,v8,01/30] efi: Don't allow CMD_BOOTEFI_SELFTEST on sandbox [U-Boot,v8,02/30] efi: sandbox: Adjust memory usage for sandbox [U-Boot,v8,03/30] sandbox: smbios: Update to support sandbox [U-Boot,v8,04/30] efi: sandbox: Add distroboot support [U-Boot,v8,05/30] efi: sandbox: Add relocation constants [U-Boot,v8,06/30] efi: sandbox: Enable EFI loader build for sandbox [U-Boot,v8,07/30] efi: Split out test init/uninit into functions [U-Boot,v8,08/30] efi: sandbox: Add a simple 'bootefi test' command [U-Boot,v8,09/30] efi: Create a function to set up for running EFI code [U-Boot,v8,10/30] efi: Rename bootefi_test_finish() to bootefi_run_finish() [U-Boot,v8,11/30] sandbox: Align RAM buffer to the machine page size [U-Boot,v8,12/30] sandbox: Try to start the RAM buffer at a particular address [U-Boot,v8,13/30] sandbox: Add support for calling abort() [U-Boot,v8,14/30] efi: Don't build sandbox with __attribute__((ms_abi)) [U-Boot,v8,15/30] vsprintf: Handle NULL with %pU [U-Boot,v8,16/30] efi_selftest: Clean up a few comments and messages [U-Boot,v8,17/30] sandbox: Enhance map_to_sysmem() to handle foreign pointers [U-Boot,v8,18/30] efi: Add a call to exit() along with why we can't use it [U-Boot,v8,19/30] efi: Relocate FDT to 127MB instead of 128MB [U-Boot,v8,20/30] efi: Tidy up device-tree-size calculation in copy_fdt() [U-Boot,v8,21/30] efi_loader: Use map_sysmem() in bootefi command [U-Boot,v8,22/30] efi: sandbox: Tidy up copy_fdt() to work with sandbox [U-Boot,v8,23/30] efi: Drop error return in efi_carve_out_dt_rsv() [U-Boot,v8,24/30] efi: Adjust memory handling to support sandbox [U-Boot,v8,25/30] efi: Add more debugging for memory allocations [U-Boot,v8,26/30] efi_loader: Use compiler constants for image loader [U-Boot,v8,27/30] efi_loader: efi_allocate_pages is too restrictive [U-Boot,v8,28/30] efi_loader: Disable miniapps on sandbox [U-Boot,v8,29/30] efi_loader: Pass address to fs_read() [U-Boot,v8,30/30] efi: sandbox: Enable selftest command

Message ID

20180618140835.195901-30-sjg@chromium.org

State

Superseded

Delegated to:

Alexander Graf

Headers

MIME-Version: 1.0
Date: Mon, 18 Jun 2018 08:08:34 -0600
In-Reply-To: <20180618140835.195901-1-sjg@chromium.org>
Message-Id: <20180618140835.195901-30-sjg@chromium.org>
References: <20180618140835.195901-1-sjg@chromium.org>
From: Simon Glass <sjg@chromium.org>
To: U-Boot Mailing List <u-boot@lists.denx.de>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
	Heinrich Schuchardt <xypron.glpk@gmx.de>, Alexander Graf <agraf@suse.de>
Subject: [U-Boot] [PATCH v8 29/30] efi_loader: Pass address to fs_read()
Precedence: list
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

Series

efi: Enable sandbox support for EFI loader | expand

Commit Message

Simon Glass June 18, 2018, 2:08 p.m. UTC

From: Alexander Graf <agraf@suse.de>

The fs_read() function wants to get an address rather than the
pointer to a buffer.

So let's convert the passed buffer from pointer back a the address
to make efi_loader on sandbox happier.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
---

Changes in v8: None
Changes in v7: None
Changes in v6: None
Changes in v5: None
Changes in v4: None
Changes in v3: None
Changes in v2: None

 lib/efi_loader/efi_file.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

Comments

Alexander Graf June 18, 2018, 3:08 p.m. UTC | #1

On 06/18/2018 04:08 PM, Simon Glass wrote:
> From: Alexander Graf <agraf@suse.de>
>
> The fs_read() function wants to get an address rather than the
> pointer to a buffer.
>
> So let's convert the passed buffer from pointer back a the address
> to make efi_loader on sandbox happier.
>
> Signed-off-by: Alexander Graf <agraf@suse.de>
> Reviewed-by: Simon Glass <sjg@chromium.org>
> Signed-off-by: Simon Glass <sjg@chromium.org>
> ---
>
> Changes in v8: None
> Changes in v7: None
> Changes in v6: None
> Changes in v5: None
> Changes in v4: None
> Changes in v3: None
> Changes in v2: None
>
>   lib/efi_loader/efi_file.c | 5 ++++-
>   1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/lib/efi_loader/efi_file.c b/lib/efi_loader/efi_file.c
> index e6a15bcb52..2107730ba5 100644
> --- a/lib/efi_loader/efi_file.c
> +++ b/lib/efi_loader/efi_file.c
> @@ -9,6 +9,7 @@
>   #include <charset.h>
>   #include <efi_loader.h>
>   #include <malloc.h>
> +#include <mapmem.h>
>   #include <fs.h>
>   
>   /* GUID for file system information */
> @@ -232,8 +233,10 @@ static efi_status_t file_read(struct file_handle *fh, u64 *buffer_size,
>   		void *buffer)
>   {
>   	loff_t actread;
> +	/* fs_read expects buffer address, not pointer */
> +	uintptr_t buffer_addr = (uintptr_t)map_to_sysmem(buffer);

As you've seen with your patch on the stack based map_to_sysmem() 
calculation, map_to_sysmem() really should only be used on pointers that 
we are sure come from RAM. With EFI binaries, that isn't true because of 
the stack, but it might be true due to other reasons too on real 
hardware, such as direct read/write to/from flash.

I think it's much safer to stay in pointer land once we passed the addr 
-> ptr boundary. Going from ptr -> addr is usually a recipe for disaster.


Alex

Simon Glass June 21, 2018, 2:01 a.m. UTC | #2

Hi Alex,

On 18 June 2018 at 09:08, Alexander Graf <agraf@suse.de> wrote:
> On 06/18/2018 04:08 PM, Simon Glass wrote:
>>
>> From: Alexander Graf <agraf@suse.de>
>>
>> The fs_read() function wants to get an address rather than the
>> pointer to a buffer.
>>
>> So let's convert the passed buffer from pointer back a the address
>> to make efi_loader on sandbox happier.
>>
>> Signed-off-by: Alexander Graf <agraf@suse.de>
>> Reviewed-by: Simon Glass <sjg@chromium.org>
>> Signed-off-by: Simon Glass <sjg@chromium.org>
>> ---
>>
>> Changes in v8: None
>> Changes in v7: None
>> Changes in v6: None
>> Changes in v5: None
>> Changes in v4: None
>> Changes in v3: None
>> Changes in v2: None
>>
>>   lib/efi_loader/efi_file.c | 5 ++++-
>>   1 file changed, 4 insertions(+), 1 deletion(-)
>>
>> diff --git a/lib/efi_loader/efi_file.c b/lib/efi_loader/efi_file.c
>> index e6a15bcb52..2107730ba5 100644
>> --- a/lib/efi_loader/efi_file.c
>> +++ b/lib/efi_loader/efi_file.c
>> @@ -9,6 +9,7 @@
>>   #include <charset.h>
>>   #include <efi_loader.h>
>>   #include <malloc.h>
>> +#include <mapmem.h>
>>   #include <fs.h>
>>     /* GUID for file system information */
>> @@ -232,8 +233,10 @@ static efi_status_t file_read(struct file_handle *fh,
>> u64 *buffer_size,
>>                 void *buffer)
>>   {
>>         loff_t actread;
>> +       /* fs_read expects buffer address, not pointer */
>> +       uintptr_t buffer_addr = (uintptr_t)map_to_sysmem(buffer);
>
>
> As you've seen with your patch on the stack based map_to_sysmem()
> calculation, map_to_sysmem() really should only be used on pointers that we
> are sure come from RAM. With EFI binaries, that isn't true because of the
> stack, but it might be true due to other reasons too on real hardware, such
> as direct read/write to/from flash.
>
> I think it's much safer to stay in pointer land once we passed the addr ->
> ptr boundary. Going from ptr -> addr is usually a recipe for disaster.

We actually have no choice but to support this. As mentioned elsewhere
addresses are the main currency in U-Boot and we should not look to
convert it to use pointers. They are much less enjoyable to work with.
The above patch is pretty simple.

Regards,
Simon

diff --git a/lib/efi_loader/efi_file.c b/lib/efi_loader/efi_file.c
index e6a15bcb52..2107730ba5 100644
--- a/lib/efi_loader/efi_file.c
+++ b/lib/efi_loader/efi_file.c
@@ -9,6 +9,7 @@ 
 #include <charset.h>
 #include <efi_loader.h>
 #include <malloc.h>
+#include <mapmem.h>
 #include <fs.h>
 
 /* GUID for file system information */
@@ -232,8 +233,10 @@  static efi_status_t file_read(struct file_handle *fh, u64 *buffer_size,
 		void *buffer)
 {
 	loff_t actread;
+	/* fs_read expects buffer address, not pointer */
+	uintptr_t buffer_addr = (uintptr_t)map_to_sysmem(buffer);
 
-	if (fs_read(fh->path, (ulong)buffer, fh->offset,
+	if (fs_read(fh->path, buffer_addr, fh->offset,
 		    *buffer_size, &actread))
 		return EFI_DEVICE_ERROR;

[U-Boot,v8,29/30] efi_loader: Pass address to fs_read()

Commit Message

Comments

Patch