From: Rob Clark <robdclark@gmail.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 3/4] efi_loader: add checking for incorrect use of EFI_ENTRY/EXIT
Date: Thu, 27 Jul 2017 08:04:18 -0400 [thread overview]
Message-ID: <20170727120419.32186-3-robdclark@gmail.com> (raw)
In-Reply-To: <20170727120419.32186-1-robdclark@gmail.com>
Missing an EFI_ENTRY() or doubling up EFI_EXIT() leads to non-obvious
crashes. Let's add some error checking.
Signed-off-by: Rob Clark <robdclark@gmail.com>
---
include/efi_loader.h | 17 +++++++++-------
lib/efi_loader/efi_boottime.c | 45 +++++++++++++++++++++++++++++--------------
2 files changed, 41 insertions(+), 21 deletions(-)
diff --git a/include/efi_loader.h b/include/efi_loader.h
index eb16c14b69..4262d0ac6b 100644
--- a/include/efi_loader.h
+++ b/include/efi_loader.h
@@ -15,11 +15,14 @@
#include <linux/list.h>
+int __efi_entry_check(void);
+int __efi_exit_check(void);
+
/*
* Enter the u-boot world from UEFI:
*/
#define EFI_ENTRY(format, ...) do { \
- efi_restore_gd(); \
+ assert(__efi_entry_check()); \
debug("EFI: Entry %s(" format ")\n", __func__, ##__VA_ARGS__); \
} while(0)
@@ -29,7 +32,8 @@
#define EFI_EXIT(ret) ({ \
efi_status_t _r = ret; \
debug("EFI: Exit: %s: %u\n", __func__, (u32)(_r & ~EFI_ERROR_MASK)); \
- efi_exit_func(_r); \
+ assert(__efi_exit_check()); \
+ _r; \
})
/*
@@ -37,9 +41,9 @@
*/
#define EFI_CALL(exp) do { \
debug("EFI: Call: %s\n", #exp); \
- efi_exit_func(EFI_SUCCESS); \
+ assert(__efi_exit_check()); \
exp; \
- efi_restore_gd(); \
+ assert(__efi_entry_check()); \
debug("EFI: Return From: %s\n", #exp); \
} while(0)
@@ -139,10 +143,9 @@ void efi_timer_check(void);
void *efi_load_pe(void *efi, struct efi_loaded_image *loaded_image_info);
/* Called once to store the pristine gd pointer */
void efi_save_gd(void);
-/* Called from EFI_ENTRY on callback entry to put gd into the gd register */
+/* Special case handler for error/abort that just tries to dtrt to get
+ * back to u-boot world */
void efi_restore_gd(void);
-/* Called from EFI_EXIT on callback exit to restore the gd register */
-efi_status_t efi_exit_func(efi_status_t ret);
/* Call this to relocate the runtime section to an address space */
void efi_runtime_relocate(ulong offset, struct efi_mem_desc *map);
/* Call this to set the current device name */
diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c
index 849d229821..66137d4ff9 100644
--- a/lib/efi_loader/efi_boottime.c
+++ b/lib/efi_loader/efi_boottime.c
@@ -49,6 +49,30 @@ static struct efi_configuration_table __efi_runtime_data efi_conf_table[2];
static volatile void *efi_gd, *app_gd;
#endif
+static int entry_count;
+
+/* Called on every callback entry */
+int __efi_entry_check(void)
+{
+ int ret = entry_count++ == 0;
+#ifdef CONFIG_ARM
+ assert(efi_gd);
+ assert(gd != efi_gd);
+ gd = efi_gd;
+#endif
+ return ret;
+}
+
+/* Called on every callback exit */
+int __efi_exit_check(void)
+{
+ int ret = --entry_count == 0;
+#ifdef CONFIG_ARM
+ gd = app_gd;
+#endif
+ return ret;
+}
+
/* Called from do_bootefi_exec() */
void efi_save_gd(void)
{
@@ -57,30 +81,21 @@ void efi_save_gd(void)
#endif
}
-/* Called on every callback entry */
+/*
+ * Special case handler for error/abort that just forces things back
+ * to u-boot world so we can dump out an abort msg, without any care
+ * about returning back to UEFI world.
+ */
void efi_restore_gd(void)
{
#ifdef CONFIG_ARM
/* Only restore if we're already in EFI context */
if (!efi_gd)
return;
-
- if (gd != efi_gd)
- app_gd = gd;
gd = efi_gd;
#endif
}
-/* Called on every callback exit */
-efi_status_t efi_exit_func(efi_status_t ret)
-{
-#ifdef CONFIG_ARM
- gd = app_gd;
-#endif
-
- return ret;
-}
-
/* Low 32 bit */
#define EFI_LOW32(a) (a & 0xFFFFFFFFULL)
/* High 32 bit */
@@ -733,7 +748,9 @@ static efi_status_t EFIAPI efi_start_image(efi_handle_t image_handle,
return EFI_EXIT(info->exit_status);
}
+ __efi_exit_check();
entry(image_handle, &systab);
+ __efi_entry_check();
/* Should usually never get here */
return EFI_EXIT(EFI_SUCCESS);
--
2.13.0
next prev parent reply other threads:[~2017-07-27 12:04 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-27 12:04 [U-Boot] [PATCH 1/4] efi_loader: only evaluate EFI_EXIT()'s ret once Rob Clark
2017-07-27 12:04 ` [U-Boot] [PATCH 2/4] efi_loader: Add an EFI_CALL() macro Rob Clark
2017-07-28 22:29 ` [U-Boot] [U-Boot,2/4] " Alexander Graf
2017-07-27 12:04 ` Rob Clark [this message]
2017-07-28 22:27 ` [U-Boot] [U-Boot, 3/4] efi_loader: add checking for incorrect use of EFI_ENTRY/EXIT Alexander Graf
2017-07-27 12:04 ` [U-Boot] [PATCH 4/4] efi_loader: indent entry/exit prints to show nesting level Rob Clark
2017-07-28 7:24 ` Alexander Graf
2017-07-28 9:19 ` Rob Clark
2017-07-28 9:25 ` Alexander Graf
2017-07-28 9:34 ` Rob Clark
2017-07-28 9:36 ` Alexander Graf
2017-07-28 10:11 ` Rob Clark
2017-07-28 10:22 ` Alexander Graf
2017-07-28 11:54 ` Rob Clark
2017-07-28 22:25 ` [U-Boot] [U-Boot, " Alexander Graf
2017-07-28 22:28 ` [U-Boot] [U-Boot, 1/4] efi_loader: only evaluate EFI_EXIT()'s ret once Alexander Graf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170727120419.32186-3-robdclark@gmail.com \
--to=robdclark@gmail.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox