]> git.proxmox.com Git - mirror_edk2.git/blame - MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
MdeModulePkg: Refine casting expression result to bigger size
[mirror_edk2.git] / MdeModulePkg / Universal / CapsulePei / Common / CapsuleCoalesce.c
CommitLineData
ab7017fe 1/** @file\r
2 The logic to process capsule.\r
3\r
dc204d5a
JY		 4 Caution: This module requires additional review when modified.\r
5 This driver will have external input - capsule image.\r
6 This external input must be validated carefully to avoid security issue like\r
7 buffer overflow, integer overflow.\r
8\r
9 CapsuleDataCoalesce() will do basic validation before coalesce capsule data\r
10 into memory.\r
11\r
35f910f0 12(C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>\r
16f69227 13Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR>\r
ab7017fe 14This program and the accompanying materials\r
15are licensed and made available under the terms and conditions of the BSD License\r
16which accompanies this distribution. The full text of the license may be found at\r
17http://opensource.org/licenses/bsd-license.php\r
18\r
19THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
20WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
21\r
22**/\r
23\r
24#include <Uefi.h>\r
25#include <PiPei.h>\r
26\r
27#include <Guid/CapsuleVendor.h>\r
28\r
29#include <Library/BaseMemoryLib.h>\r
30#include <Library/DebugLib.h>\r
31#include <Library/PrintLib.h>\r
32#include <Library/BaseLib.h>\r
33\r
ff284c56 34#include "CommonHeader.h"\r
ab7017fe 35\r
ff284c56 36#define MIN_COALESCE_ADDR (1024 * 1024)\r
ab7017fe 37\r
38/**\r
39 Given a pointer to the capsule block list, info on the available system\r
40 memory, and the size of a buffer, find a free block of memory where a\r
41 buffer of the given size can be copied to safely.\r
42\r
43 @param BlockList Pointer to head of capsule block descriptors\r
44 @param MemBase Pointer to the base of memory in which we want to find free space\r
45 @param MemSize The size of the block of memory pointed to by MemBase\r
46 @param DataSize How big a free block we want to find\r
47\r
48 @return A pointer to a memory block of at least DataSize that lies somewhere \r
49 between MemBase and (MemBase + MemSize). The memory pointed to does not\r
50 contain any of the capsule block descriptors or capsule blocks pointed to\r
51 by the BlockList.\r
52\r
53**/\r
54UINT8 *\r
55FindFreeMem (\r
56 EFI_CAPSULE_BLOCK_DESCRIPTOR *BlockList,\r
57 UINT8 *MemBase,\r
58 UINTN MemSize,\r
59 UINTN DataSize\r
60 );\r
61\r
ab7017fe 62/**\r
63 The capsule block descriptors may be fragmented and spread all over memory.\r
64 To simplify the coalescing of capsule blocks, first coalesce all the\r
65 capsule block descriptors low in memory.\r
66\r
67 The descriptors passed in can be fragmented throughout memory. Here\r
68 they are relocated into memory to turn them into a contiguous (null\r
69 terminated) array.\r
70\r
ff284c56
JY		 71 @param PeiServices pointer to PEI services table\r
72 @param BlockList pointer to the capsule block descriptors\r
73 @param NumDescriptors number of capsule data block descriptors, whose Length is non-zero.\r
74 @param MemBase base of system memory in which we can work\r
75 @param MemSize size of the system memory pointed to by MemBase\r
ab7017fe 76\r
77 @retval NULL could not relocate the descriptors\r
78 @retval Pointer to the base of the successfully-relocated block descriptors. \r
79\r
80**/\r
81EFI_CAPSULE_BLOCK_DESCRIPTOR *\r
82RelocateBlockDescriptors (\r
83 IN EFI_PEI_SERVICES **PeiServices,\r
84 IN EFI_CAPSULE_BLOCK_DESCRIPTOR *BlockList,\r
ff284c56 85 IN UINTN NumDescriptors,\r
ab7017fe 86 IN UINT8 *MemBase,\r
87 IN UINTN MemSize\r
88 );\r
89\r
90/**\r
91 Check every capsule header.\r
92\r
93 @param CapsuleHeader The pointer to EFI_CAPSULE_HEADER\r
94\r
95 @retval FALSE Capsule is OK\r
96 @retval TRUE Capsule is corrupted \r
97\r
98**/\r
99BOOLEAN\r
100IsCapsuleCorrupted (\r
101 IN EFI_CAPSULE_HEADER *CapsuleHeader\r
102 );\r
103\r
104/**\r
105 Determine if two buffers overlap in memory.\r
106\r
107 @param Buff1 pointer to first buffer\r
108 @param Size1 size of Buff1\r
109 @param Buff2 pointer to second buffer\r
110 @param Size2 size of Buff2\r
111\r
112 @retval TRUE Buffers overlap in memory.\r
113 @retval FALSE Buffer doesn't overlap.\r
114\r
115**/\r
116BOOLEAN\r
117IsOverlapped (\r
118 UINT8 *Buff1,\r
119 UINTN Size1,\r
120 UINT8 *Buff2,\r
121 UINTN Size2\r
122 );\r
123\r
124/**\r
125 Given a pointer to a capsule block descriptor, traverse the list to figure\r
126 out how many legitimate descriptors there are, and how big the capsule it\r
127 refers to is.\r
128\r
129 @param Desc Pointer to the capsule block descriptors\r
ff284c56
JY		 130 @param NumDescriptors Optional pointer to where to return the number of capsule data descriptors, whose Length is non-zero.\r
131 @param CapsuleSize Optional pointer to where to return the capsule image size\r
132 @param CapsuleNumber Optional pointer to where to return the number of capsule\r
ab7017fe 133\r
134 @retval EFI_NOT_FOUND No descriptors containing data in the list\r
135 @retval EFI_SUCCESS Return data is valid\r
136\r
137**/\r
138EFI_STATUS\r
139GetCapsuleInfo (\r
140 IN EFI_CAPSULE_BLOCK_DESCRIPTOR *Desc,\r
141 IN OUT UINTN *NumDescriptors OPTIONAL,\r
ff284c56
JY		 142 IN OUT UINTN *CapsuleSize OPTIONAL,\r
143 IN OUT UINTN *CapsuleNumber OPTIONAL\r
ab7017fe 144 );\r
145\r
146/**\r
147 Given a pointer to the capsule block list, info on the available system\r
148 memory, and the size of a buffer, find a free block of memory where a\r
149 buffer of the given size can be copied to safely.\r
150\r
151 @param BlockList Pointer to head of capsule block descriptors\r
152 @param MemBase Pointer to the base of memory in which we want to find free space\r
153 @param MemSize The size of the block of memory pointed to by MemBase\r
154 @param DataSize How big a free block we want to find\r
155\r
156 @return A pointer to a memory block of at least DataSize that lies somewhere \r
157 between MemBase and (MemBase + MemSize). The memory pointed to does not\r
158 contain any of the capsule block descriptors or capsule blocks pointed to\r
159 by the BlockList.\r
160\r
161**/\r
162UINT8 *\r
163FindFreeMem (\r
164 EFI_CAPSULE_BLOCK_DESCRIPTOR *BlockList,\r
165 UINT8 *MemBase,\r
166 UINTN MemSize,\r
167 UINTN DataSize\r
168 )\r
169{\r
170 UINTN Size;\r
171 EFI_CAPSULE_BLOCK_DESCRIPTOR *CurrDesc;\r
172 EFI_CAPSULE_BLOCK_DESCRIPTOR *TempDesc;\r
173 UINT8 *MemEnd;\r
174 BOOLEAN Failed;\r
175\r
176 //\r
177 // Need at least enough to copy the data to at the end of the buffer, so\r
178 // say the end is less the data size for easy comparisons here.\r
179 //\r
180 MemEnd = MemBase + MemSize - DataSize;\r
181 CurrDesc = BlockList;\r
182 //\r
183 // Go through all the descriptor blocks and see if any obstruct the range\r
184 //\r
185 while (CurrDesc != NULL) {\r
186 //\r
187 // Get the size of this block list and see if it's in the way\r
188 //\r
189 Failed = FALSE;\r
190 TempDesc = CurrDesc;\r
191 Size = sizeof (EFI_CAPSULE_BLOCK_DESCRIPTOR);\r
192 while (TempDesc->Length != 0) {\r
193 Size += sizeof (EFI_CAPSULE_BLOCK_DESCRIPTOR);\r
194 TempDesc++;\r
195 }\r
196\r
197 if (IsOverlapped (MemBase, DataSize, (UINT8 *) CurrDesc, Size)) {\r
198 //\r
199 // Set our new base to the end of this block list and start all over\r
200 //\r
201 MemBase = (UINT8 *) CurrDesc + Size;\r
202 CurrDesc = BlockList;\r
203 if (MemBase > MemEnd) {\r
204 return NULL;\r
205 }\r
206\r
207 Failed = TRUE;\r
208 }\r
209 //\r
210 // Now go through all the blocks and make sure none are in the way\r
211 //\r
212 while ((CurrDesc->Length != 0) && (!Failed)) {\r
213 if (IsOverlapped (MemBase, DataSize, (UINT8 *) (UINTN) CurrDesc->Union.DataBlock, (UINTN) CurrDesc->Length)) {\r
214 //\r
215 // Set our new base to the end of this block and start all over\r
216 //\r
217 Failed = TRUE;\r
218 MemBase = (UINT8 *) ((UINTN) CurrDesc->Union.DataBlock) + CurrDesc->Length;\r
219 CurrDesc = BlockList;\r
220 if (MemBase > MemEnd) {\r
221 return NULL;\r
222 }\r
223 }\r
224 CurrDesc++;\r
225 }\r
226 //\r
227 // Normal continuation -- jump to next block descriptor list\r
228 //\r
229 if (!Failed) {\r
230 CurrDesc = (EFI_CAPSULE_BLOCK_DESCRIPTOR *) (UINTN) CurrDesc->Union.ContinuationPointer;\r
231 }\r
232 }\r
233 return MemBase;\r
234}\r
235\r
359cb1a3
SZ		 236/**\r
237 Validate capsule by MemoryResource.\r
238\r
239 @param MemoryResource Pointer to the buffer of memory resource descriptor.\r
240 @param Address Address to be validated.\r
241 @param Size Size to be validated.\r
242\r
243 @retval TRUE No memory resource descriptor reported in HOB list before capsule Coalesce,\r
244 or it is valid in one MemoryResource.\r
245 FALSE It is not in any MemoryResource.\r
246\r
247**/\r
248BOOLEAN\r
249ValidateCapsuleByMemoryResource (\r
250 IN MEMORY_RESOURCE_DESCRIPTOR *MemoryResource,\r
251 IN EFI_PHYSICAL_ADDRESS Address,\r
252 IN UINT64 Size\r
253 )\r
254{\r
255 UINTN Index;\r
256\r
257 //\r
258 // Sanity Check\r
259 //\r
260 if (Size > MAX_ADDRESS) {\r
261 DEBUG ((EFI_D_ERROR, "ERROR: Size(0x%lx) > MAX_ADDRESS\n", Size));\r
262 return FALSE;\r
263 }\r
264\r
265 //\r
266 // Sanity Check\r
267 //\r
268 if (Address > (MAX_ADDRESS - Size)) {\r
269 DEBUG ((EFI_D_ERROR, "ERROR: Address(0x%lx) > (MAX_ADDRESS - Size(0x%lx))\n", Address, Size));\r
270 return FALSE;\r
271 }\r
272\r
273 if (MemoryResource == NULL) {\r
274 //\r
275 // No memory resource descriptor reported in HOB list before capsule Coalesce.\r
276 //\r
277 return TRUE;\r
278 }\r
279\r
280 for (Index = 0; MemoryResource[Index].ResourceLength != 0; Index++) {\r
281 if ((Address >= MemoryResource[Index].PhysicalStart) &&\r
282 ((Address + Size) <= (MemoryResource[Index].PhysicalStart + MemoryResource[Index].ResourceLength))) {\r
283 DEBUG ((EFI_D_INFO, "Address(0x%lx) Size(0x%lx) in MemoryResource[0x%x] - Start(0x%lx) Length(0x%lx)\n",\r
284 Address, Size,\r
285 Index, MemoryResource[Index].PhysicalStart, MemoryResource[Index].ResourceLength));\r
286 return TRUE;\r
287 }\r
288 }\r
289\r
290 DEBUG ((EFI_D_ERROR, "ERROR: Address(0x%lx) Size(0x%lx) not in any MemoryResource\n", Address, Size));\r
291 return FALSE;\r
292}\r
293\r
ab7017fe 294/**\r
295 Check the integrity of the capsule descriptors.\r
296\r
359cb1a3
SZ		 297 @param BlockList Pointer to the capsule descriptors\r
298 @param MemoryResource Pointer to the buffer of memory resource descriptor.\r
ab7017fe 299\r
300 @retval NULL BlockList is not valid.\r
301 @retval LastBlockDesc Last one Block in BlockList\r
302\r
303**/\r
304EFI_CAPSULE_BLOCK_DESCRIPTOR *\r
305ValidateCapsuleIntegrity (\r
359cb1a3
SZ		 306 IN EFI_CAPSULE_BLOCK_DESCRIPTOR *BlockList,\r
307 IN MEMORY_RESOURCE_DESCRIPTOR *MemoryResource\r
ab7017fe 308 )\r
309{\r
310 EFI_CAPSULE_HEADER *CapsuleHeader;\r
311 UINT64 CapsuleSize;\r
ff284c56 312 UINTN CapsuleCount;\r
ab7017fe 313 EFI_CAPSULE_BLOCK_DESCRIPTOR *Ptr;\r
314\r
ff284c56
JY		 315 DEBUG ((EFI_D_INFO, "ValidateCapsuleIntegrity\n"));\r
316\r
ab7017fe 317 //\r
318 // Go through the list to look for inconsistencies. Check for:\r
319 // * misaligned block descriptors.\r
320 // * The first capsule header guid\r
321 // * The first capsule header flag\r
ff284c56 322 // * The first capsule header HeaderSize\r
359cb1a3
SZ		 323 // * Below check will be done in ValidateCapsuleByMemoryResource()\r
324 // Length > MAX_ADDRESS \r
325 // Ptr + sizeof (EFI_CAPSULE_BLOCK_DESCRIPTOR) > MAX_ADDRESS\r
326 // DataBlock + Length > MAX_ADDRESS\r
ff284c56 327 //\r
ab7017fe 328 CapsuleSize = 0;\r
329 CapsuleCount = 0;\r
330 Ptr = BlockList;\r
ff284c56 331\r
359cb1a3
SZ		 332 if (!ValidateCapsuleByMemoryResource (MemoryResource, (EFI_PHYSICAL_ADDRESS) (UINTN) Ptr, sizeof (EFI_CAPSULE_BLOCK_DESCRIPTOR))) {\r
333 return NULL;\r
334 }\r
335\r
ff284c56
JY		 336 DEBUG ((EFI_D_INFO, "Ptr - 0x%x\n", Ptr));\r
337 DEBUG ((EFI_D_INFO, "Ptr->Length - 0x%x\n", Ptr->Length));\r
338 DEBUG ((EFI_D_INFO, "Ptr->Union - 0x%x\n", Ptr->Union.ContinuationPointer));\r
ab7017fe 339 while ((Ptr->Length != 0) || (Ptr->Union.ContinuationPointer != (EFI_PHYSICAL_ADDRESS) (UINTN) NULL)) {\r
340 //\r
341 // Make sure the descriptor is aligned at UINT64 in memory\r
342 //\r
ff284c56
JY		 343 if ((UINTN) Ptr & (sizeof(UINT64) - 1)) {\r
344 DEBUG ((EFI_D_ERROR, "ERROR: BlockList address failed alignment check\n"));\r
345 return NULL;\r
346 }\r
ab7017fe 347\r
348 if (Ptr->Length == 0) {\r
349 //\r
350 // Descriptor points to another list of block descriptors somewhere\r
351 // else.\r
352 //\r
353 Ptr = (EFI_CAPSULE_BLOCK_DESCRIPTOR *) (UINTN) Ptr->Union.ContinuationPointer;\r
359cb1a3
SZ		 354 if (!ValidateCapsuleByMemoryResource (MemoryResource, (EFI_PHYSICAL_ADDRESS) (UINTN) Ptr, sizeof (EFI_CAPSULE_BLOCK_DESCRIPTOR))) {\r
355 return NULL;\r
356 }\r
ff284c56
JY		 357 DEBUG ((EFI_D_INFO, "Ptr(C) - 0x%x\n", Ptr));\r
358 DEBUG ((EFI_D_INFO, "Ptr->Length - 0x%x\n", Ptr->Length));\r
359 DEBUG ((EFI_D_INFO, "Ptr->Union - 0x%x\n", Ptr->Union.ContinuationPointer));\r
ab7017fe 360 } else {\r
359cb1a3 361 if (!ValidateCapsuleByMemoryResource (MemoryResource, Ptr->Union.DataBlock, Ptr->Length)) {\r
ff284c56
JY		 362 return NULL;\r
363 }\r
364\r
ab7017fe 365 //\r
366 //To enhance the reliability of check-up, the first capsule's header is checked here.\r
367 //More reliabilities check-up will do later.\r
368 //\r
369 if (CapsuleSize == 0) {\r
370 //\r
371 //Move to the first capsule to check its header.\r
372 //\r
373 CapsuleHeader = (EFI_CAPSULE_HEADER*)((UINTN)Ptr->Union.DataBlock);\r
ff284c56
JY		 374 //\r
375 // Sanity check\r
376 //\r
377 if (Ptr->Length < sizeof(EFI_CAPSULE_HEADER)) {\r
378 DEBUG ((EFI_D_ERROR, "ERROR: Ptr->Length(0x%lx) < sizeof(EFI_CAPSULE_HEADER)\n", Ptr->Length));\r
379 return NULL;\r
380 }\r
381 //\r
382 // Make sure HeaderSize field is valid\r
383 //\r
384 if (CapsuleHeader->HeaderSize > CapsuleHeader->CapsuleImageSize) {\r
385 DEBUG ((EFI_D_ERROR, "ERROR: CapsuleHeader->HeaderSize(0x%x) > CapsuleHeader->CapsuleImageSize(0x%x)\n", CapsuleHeader->HeaderSize, CapsuleHeader->CapsuleImageSize));\r
386 return NULL;\r
387 }\r
ab7017fe 388 if (IsCapsuleCorrupted (CapsuleHeader)) {\r
389 return NULL;\r
390 }\r
391 CapsuleCount ++;\r
392 CapsuleSize = CapsuleHeader->CapsuleImageSize;\r
240bc4ee
SZ		 393 }\r
394\r
395 if (CapsuleSize >= Ptr->Length) {\r
396 CapsuleSize = CapsuleSize - Ptr->Length;\r
ab7017fe 397 } else {\r
ff284c56
JY		 398 DEBUG ((EFI_D_ERROR, "ERROR: CapsuleSize(0x%lx) < Ptr->Length(0x%lx)\n", CapsuleSize, Ptr->Length));\r
399 //\r
400 // Sanity check\r
401 //\r
402 return NULL;\r
ab7017fe 403 }\r
240bc4ee 404\r
ab7017fe 405 //\r
406 // Move to next BLOCK descriptor\r
407 //\r
408 Ptr++;\r
359cb1a3
SZ		 409 if (!ValidateCapsuleByMemoryResource (MemoryResource, (EFI_PHYSICAL_ADDRESS) (UINTN) Ptr, sizeof (EFI_CAPSULE_BLOCK_DESCRIPTOR))) {\r
410 return NULL;\r
411 }\r
ff284c56
JY		 412 DEBUG ((EFI_D_INFO, "Ptr(B) - 0x%x\n", Ptr));\r
413 DEBUG ((EFI_D_INFO, "Ptr->Length - 0x%x\n", Ptr->Length));\r
414 DEBUG ((EFI_D_INFO, "Ptr->Union - 0x%x\n", Ptr->Union.ContinuationPointer));\r
ab7017fe 415 }\r
416 }\r
417\r
ff284c56 418 if (CapsuleCount == 0) {\r
ab7017fe 419 //\r
ff284c56 420 // No any capsule is found in BlockList\r
ab7017fe 421 //\r
ff284c56
JY		 422 DEBUG ((EFI_D_ERROR, "ERROR: CapsuleCount(0x%x) == 0\n", CapsuleCount));\r
423 return NULL;\r
424 }\r
425\r
426 if (CapsuleSize != 0) {\r
427 //\r
428 // Capsule data is incomplete.\r
429 //\r
430 DEBUG ((EFI_D_ERROR, "ERROR: CapsuleSize(0x%lx) != 0\n", CapsuleSize));\r
ab7017fe 431 return NULL;\r
432 }\r
433\r
434 return Ptr;\r
435}\r
436\r
437/**\r
438 The capsule block descriptors may be fragmented and spread all over memory.\r
439 To simplify the coalescing of capsule blocks, first coalesce all the\r
440 capsule block descriptors low in memory.\r
441\r
442 The descriptors passed in can be fragmented throughout memory. Here\r
443 they are relocated into memory to turn them into a contiguous (null\r
444 terminated) array.\r
445\r
ff284c56
JY		 446 @param PeiServices pointer to PEI services table\r
447 @param BlockList pointer to the capsule block descriptors\r
448 @param NumDescriptors number of capsule data block descriptors, whose Length is non-zero.\r
449 @param MemBase base of system memory in which we can work\r
450 @param MemSize size of the system memory pointed to by MemBase\r
ab7017fe 451\r
452 @retval NULL could not relocate the descriptors\r
453 @retval Pointer to the base of the successfully-relocated block descriptors. \r
454\r
455**/\r
456EFI_CAPSULE_BLOCK_DESCRIPTOR *\r
457RelocateBlockDescriptors (\r
458 IN EFI_PEI_SERVICES **PeiServices,\r
459 IN EFI_CAPSULE_BLOCK_DESCRIPTOR *BlockList,\r
ff284c56 460 IN UINTN NumDescriptors,\r
ab7017fe 461 IN UINT8 *MemBase,\r
462 IN UINTN MemSize\r
463 )\r
464{\r
465 EFI_CAPSULE_BLOCK_DESCRIPTOR *NewBlockList;\r
466 EFI_CAPSULE_BLOCK_DESCRIPTOR *CurrBlockDescHead;\r
467 EFI_CAPSULE_BLOCK_DESCRIPTOR *TempBlockDesc;\r
468 EFI_CAPSULE_BLOCK_DESCRIPTOR *PrevBlockDescTail;\r
ab7017fe 469 UINTN BufferSize;\r
470 UINT8 *RelocBuffer;\r
471 UINTN BlockListSize;\r
ff284c56 472\r
ab7017fe 473 //\r
474 // Get the info on the blocks and descriptors. Since we're going to move\r
475 // the descriptors low in memory, adjust the base/size values accordingly here.\r
ff284c56
JY		 476 // NumDescriptors is the number of legit data descriptors, so add one for\r
477 // a terminator. (Already done by caller, no check is needed.)\r
ab7017fe 478 //\r
ab7017fe 479\r
ab7017fe 480 BufferSize = NumDescriptors * sizeof (EFI_CAPSULE_BLOCK_DESCRIPTOR);\r
481 NewBlockList = (EFI_CAPSULE_BLOCK_DESCRIPTOR *) MemBase;\r
482 if (MemSize < BufferSize) {\r
483 return NULL;\r
484 }\r
485\r
486 MemSize -= BufferSize;\r
487 MemBase += BufferSize;\r
488 //\r
489 // Go through all the blocks and make sure none are in the way\r
490 //\r
491 TempBlockDesc = BlockList;\r
492 while (TempBlockDesc->Union.ContinuationPointer != (EFI_PHYSICAL_ADDRESS) (UINTN) NULL) {\r
493 if (TempBlockDesc->Length == 0) {\r
494 //\r
495 // Next block of descriptors\r
496 //\r
497 TempBlockDesc = (EFI_CAPSULE_BLOCK_DESCRIPTOR *) (UINTN) TempBlockDesc->Union.ContinuationPointer;\r
498 } else {\r
499 //\r
500 // If the capsule data pointed to by this descriptor is in the way,\r
501 // move it.\r
502 //\r
503 if (IsOverlapped (\r
504 (UINT8 *) NewBlockList,\r
505 BufferSize,\r
506 (UINT8 *) (UINTN) TempBlockDesc->Union.DataBlock,\r
507 (UINTN) TempBlockDesc->Length\r
508 )) {\r
509 //\r
510 // Relocate the block\r
511 //\r
512 RelocBuffer = FindFreeMem (BlockList, MemBase, MemSize, (UINTN) TempBlockDesc->Length);\r
513 if (RelocBuffer == NULL) {\r
514 return NULL;\r
515 }\r
516\r
517 CopyMem ((VOID *) RelocBuffer, (VOID *) (UINTN) TempBlockDesc->Union.DataBlock, (UINTN) TempBlockDesc->Length);\r
ff284c56 518 DEBUG ((EFI_D_INFO, "Capsule relocate descriptors from/to/size 0x%lX 0x%lX 0x%lX\n", TempBlockDesc->Union.DataBlock, (UINT64)(UINTN)RelocBuffer, TempBlockDesc->Length));\r
5d4f8cf3 519 TempBlockDesc->Union.DataBlock = (EFI_PHYSICAL_ADDRESS) (UINTN) RelocBuffer;\r
ab7017fe 520 }\r
5d4f8cf3 521 TempBlockDesc++;\r
ab7017fe 522 }\r
ab7017fe 523 }\r
524 //\r
525 // Now go through all the block descriptors to make sure that they're not\r
526 // in the memory region we want to copy them to.\r
527 //\r
528 CurrBlockDescHead = BlockList;\r
529 PrevBlockDescTail = NULL;\r
530 while ((CurrBlockDescHead != NULL) && (CurrBlockDescHead->Union.ContinuationPointer != (EFI_PHYSICAL_ADDRESS) (UINTN) NULL)) {\r
531 //\r
532 // Get the size of this list then see if it overlaps our low region\r
533 //\r
534 TempBlockDesc = CurrBlockDescHead;\r
535 BlockListSize = sizeof (EFI_CAPSULE_BLOCK_DESCRIPTOR);\r
536 while (TempBlockDesc->Length != 0) {\r
537 BlockListSize += sizeof (EFI_CAPSULE_BLOCK_DESCRIPTOR);\r
538 TempBlockDesc++;\r
539 }\r
540\r
541 if (IsOverlapped (\r
542 (UINT8 *) NewBlockList,\r
543 BufferSize,\r
544 (UINT8 *) CurrBlockDescHead,\r
545 BlockListSize\r
546 )) {\r
547 //\r
548 // Overlaps, so move it out of the way\r
549 //\r
550 RelocBuffer = FindFreeMem (BlockList, MemBase, MemSize, BlockListSize);\r
551 if (RelocBuffer == NULL) {\r
552 return NULL;\r
553 }\r
554 CopyMem ((VOID *) RelocBuffer, (VOID *) CurrBlockDescHead, BlockListSize);\r
555 DEBUG ((EFI_D_INFO, "Capsule reloc descriptor block #2\n"));\r
556 //\r
557 // Point the previous block's next point to this copied version. If\r
558 // the tail pointer is null, then this is the first descriptor block.\r
559 //\r
560 if (PrevBlockDescTail == NULL) {\r
561 BlockList = (EFI_CAPSULE_BLOCK_DESCRIPTOR *) RelocBuffer;\r
562 } else {\r
563 PrevBlockDescTail->Union.DataBlock = (EFI_PHYSICAL_ADDRESS) (UINTN) RelocBuffer;\r
564 }\r
565 }\r
566 //\r
567 // Save our new tail and jump to the next block list\r
568 //\r
569 PrevBlockDescTail = TempBlockDesc;\r
570 CurrBlockDescHead = (EFI_CAPSULE_BLOCK_DESCRIPTOR *) (UINTN) TempBlockDesc->Union.ContinuationPointer;\r
571 }\r
572 //\r
573 // Cleared out low memory. Now copy the descriptors down there.\r
574 //\r
575 TempBlockDesc = BlockList;\r
576 CurrBlockDescHead = NewBlockList;\r
577 while ((TempBlockDesc != NULL) && (TempBlockDesc->Union.ContinuationPointer != (EFI_PHYSICAL_ADDRESS) (UINTN) NULL)) {\r
578 if (TempBlockDesc->Length != 0) {\r
579 CurrBlockDescHead->Union.DataBlock = TempBlockDesc->Union.DataBlock;\r
580 CurrBlockDescHead->Length = TempBlockDesc->Length;\r
581 CurrBlockDescHead++;\r
582 TempBlockDesc++;\r
583 } else {\r
584 TempBlockDesc = (EFI_CAPSULE_BLOCK_DESCRIPTOR *) (UINTN) TempBlockDesc->Union.ContinuationPointer;\r
585 }\r
586 }\r
587 //\r
588 // Null terminate\r
589 //\r
590 CurrBlockDescHead->Union.ContinuationPointer = (EFI_PHYSICAL_ADDRESS) (UINTN) NULL;\r
591 CurrBlockDescHead->Length = 0;\r
592 return NewBlockList;\r
593}\r
594\r
595/**\r
596 Determine if two buffers overlap in memory.\r
597\r
598 @param Buff1 pointer to first buffer\r
599 @param Size1 size of Buff1\r
600 @param Buff2 pointer to second buffer\r
601 @param Size2 size of Buff2\r
602\r
603 @retval TRUE Buffers overlap in memory.\r
604 @retval FALSE Buffer doesn't overlap.\r
605\r
606**/\r
607BOOLEAN\r
608IsOverlapped (\r
609 UINT8 *Buff1,\r
610 UINTN Size1,\r
611 UINT8 *Buff2,\r
612 UINTN Size2\r
613 )\r
614{\r
615 //\r
616 // If buff1's end is less than the start of buff2, then it's ok.\r
617 // Also, if buff1's start is beyond buff2's end, then it's ok.\r
618 //\r
619 if (((Buff1 + Size1) <= Buff2) || (Buff1 >= (Buff2 + Size2))) {\r
620 return FALSE;\r
621 }\r
622\r
623 return TRUE;\r
624}\r
625\r
626/**\r
627 Given a pointer to a capsule block descriptor, traverse the list to figure\r
628 out how many legitimate descriptors there are, and how big the capsule it\r
629 refers to is.\r
630\r
631 @param Desc Pointer to the capsule block descriptors\r
ff284c56
JY		 632 @param NumDescriptors Optional pointer to where to return the number of capsule data descriptors, whose Length is non-zero.\r
633 @param CapsuleSize Optional pointer to where to return the capsule image size\r
634 @param CapsuleNumber Optional pointer to where to return the number of capsule\r
ab7017fe 635\r
636 @retval EFI_NOT_FOUND No descriptors containing data in the list\r
637 @retval EFI_SUCCESS Return data is valid\r
638\r
639**/\r
640EFI_STATUS\r
641GetCapsuleInfo (\r
642 IN EFI_CAPSULE_BLOCK_DESCRIPTOR *Desc,\r
643 IN OUT UINTN *NumDescriptors OPTIONAL,\r
ff284c56
JY		 644 IN OUT UINTN *CapsuleSize OPTIONAL,\r
645 IN OUT UINTN *CapsuleNumber OPTIONAL\r
ab7017fe 646 )\r
647{\r
ff284c56
JY		 648 UINTN Count;\r
649 UINTN Size;\r
650 UINTN Number;\r
651 UINTN ThisCapsuleImageSize;\r
652 EFI_CAPSULE_HEADER *CapsuleHeader;\r
653\r
654 DEBUG ((EFI_D_INFO, "GetCapsuleInfo enter\n"));\r
ab7017fe 655\r
f63085f5 656 ASSERT (Desc != NULL);\r
657\r
ab7017fe 658 Count = 0;\r
659 Size = 0;\r
ff284c56
JY		 660 Number = 0;\r
661 ThisCapsuleImageSize = 0;\r
ab7017fe 662\r
663 while (Desc->Union.ContinuationPointer != (EFI_PHYSICAL_ADDRESS) (UINTN) NULL) {\r
664 if (Desc->Length == 0) {\r
665 //\r
666 // Descriptor points to another list of block descriptors somewhere\r
667 //\r
668 Desc = (EFI_CAPSULE_BLOCK_DESCRIPTOR *) (UINTN) Desc->Union.ContinuationPointer;\r
669 } else {\r
ff284c56
JY		 670 //\r
671 // Sanity Check\r
672 // It is needed, because ValidateCapsuleIntegrity() only validate one individual capsule Size.\r
673 // While here we need check all capsules size.\r
674 //\r
675 if (Desc->Length >= (MAX_ADDRESS - Size)) {\r
676 DEBUG ((EFI_D_ERROR, "ERROR: Desc->Length(0x%lx) >= (MAX_ADDRESS - Size(0x%x))\n", Desc->Length, Size));\r
677 return EFI_OUT_OF_RESOURCES;\r
678 }\r
ab7017fe 679 Size += (UINTN) Desc->Length;\r
680 Count++;\r
ff284c56
JY		 681\r
682 //\r
683 // See if this is first capsule's header\r
684 //\r
685 if (ThisCapsuleImageSize == 0) {\r
686 CapsuleHeader = (EFI_CAPSULE_HEADER*)((UINTN)Desc->Union.DataBlock);\r
687 //\r
688 // This has been checked in ValidateCapsuleIntegrity()\r
689 //\r
690 Number ++;\r
691 ThisCapsuleImageSize = CapsuleHeader->CapsuleImageSize;\r
692 }\r
693\r
694 //\r
695 // This has been checked in ValidateCapsuleIntegrity()\r
696 //\r
697 ASSERT (ThisCapsuleImageSize >= Desc->Length);\r
698 ThisCapsuleImageSize = (UINTN)(ThisCapsuleImageSize - Desc->Length);\r
699\r
700 //\r
701 // Move to next\r
702 //\r
ab7017fe 703 Desc++;\r
704 }\r
705 }\r
706 //\r
707 // If no descriptors, then fail\r
708 //\r
709 if (Count == 0) {\r
ff284c56 710 DEBUG ((EFI_D_ERROR, "ERROR: Count == 0\n"));\r
ab7017fe 711 return EFI_NOT_FOUND;\r
712 }\r
713\r
ff284c56
JY		 714 //\r
715 // checked in ValidateCapsuleIntegrity()\r
716 //\r
717 ASSERT (ThisCapsuleImageSize == 0);\r
718\r
ab7017fe 719 if (NumDescriptors != NULL) {\r
720 *NumDescriptors = Count;\r
721 }\r
722\r
723 if (CapsuleSize != NULL) {\r
724 *CapsuleSize = Size;\r
725 }\r
726\r
ff284c56
JY		 727 if (CapsuleNumber != NULL) {\r
728 *CapsuleNumber = Number;\r
729 }\r
730\r
ab7017fe 731 return EFI_SUCCESS;\r
732}\r
733\r
734/**\r
735 Check every capsule header.\r
736\r
737 @param CapsuleHeader The pointer to EFI_CAPSULE_HEADER\r
738\r
739 @retval FALSE Capsule is OK\r
740 @retval TRUE Capsule is corrupted \r
741\r
742**/\r
743BOOLEAN\r
744IsCapsuleCorrupted (\r
745 IN EFI_CAPSULE_HEADER *CapsuleHeader\r
746 )\r
747{\r
748 //\r
749 //A capsule to be updated across a system reset should contain CAPSULE_FLAGS_PERSIST_ACROSS_RESET.\r
750 //\r
751 if ((CapsuleHeader->Flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET) == 0) {\r
752 return TRUE;\r
753 }\r
754 //\r
755 //Make sure the flags combination is supported by the platform.\r
756 //\r
757 if ((CapsuleHeader->Flags & (CAPSULE_FLAGS_PERSIST_ACROSS_RESET | CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE)) == CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE) {\r
758 return TRUE;\r
759 }\r
760 if ((CapsuleHeader->Flags & (CAPSULE_FLAGS_PERSIST_ACROSS_RESET | CAPSULE_FLAGS_INITIATE_RESET)) == CAPSULE_FLAGS_INITIATE_RESET) {\r
761 return TRUE;\r
762 }\r
763\r
764 return FALSE;\r
765}\r
766\r
767/**\r
768 Try to verify the integrity of a capsule test pattern before the\r
769 capsule gets coalesced. This can be useful in narrowing down\r
770 where capsule data corruption occurs.\r
771\r
772 The test pattern mode fills in memory with a counting UINT32 value. \r
773 If the capsule is not divided up in a multiple of 4-byte blocks, then\r
774 things get messy doing the check. Therefore there are some cases\r
775 here where we just give up and skip the pre-coalesce check.\r
776\r
777 @param PeiServices PEI services table\r
778 @param Desc Pointer to capsule descriptors\r
779**/\r
780VOID\r
781CapsuleTestPatternPreCoalesce (\r
782 IN EFI_PEI_SERVICES **PeiServices,\r
783 IN EFI_CAPSULE_BLOCK_DESCRIPTOR *Desc\r
784 )\r
785{\r
786 UINT32 *TestPtr;\r
787 UINT32 TestCounter;\r
788 UINT32 TestSize;\r
ff284c56
JY		 789\r
790 DEBUG ((EFI_D_INFO, "CapsuleTestPatternPreCoalesce\n"));\r
791\r
ab7017fe 792 //\r
793 // Find first data descriptor\r
794 //\r
795 while ((Desc->Length == 0) && (Desc->Union.ContinuationPointer != (EFI_PHYSICAL_ADDRESS) (UINTN) NULL)) {\r
796 Desc = (EFI_CAPSULE_BLOCK_DESCRIPTOR *) (UINTN) Desc->Union.ContinuationPointer;\r
797 }\r
798\r
799 if (Desc->Union.ContinuationPointer == 0) {\r
800 return ;\r
801 }\r
802 //\r
803 // First one better be long enough to at least hold the test signature\r
804 //\r
805 if (Desc->Length < sizeof (UINT32)) {\r
806 DEBUG ((EFI_D_INFO, "Capsule test pattern pre-coalesce punted #1\n"));\r
807 return ;\r
808 }\r
809\r
810 TestPtr = (UINT32 *) (UINTN) Desc->Union.DataBlock;\r
811 //\r
812 // 0x54534554 "TEST"\r
813 //\r
814 if (*TestPtr != 0x54534554) {\r
815 return ;\r
816 }\r
817\r
818 TestCounter = 0;\r
819 TestSize = (UINT32) Desc->Length - 2 * sizeof (UINT32);\r
820 //\r
821 // Skip over the signature and the size fields in the pattern data header\r
822 //\r
823 TestPtr += 2;\r
824 while (1) {\r
825 if ((TestSize & 0x03) != 0) {\r
826 DEBUG ((EFI_D_INFO, "Capsule test pattern pre-coalesce punted #2\n"));\r
827 return ;\r
828 }\r
829\r
830 while (TestSize > 0) {\r
831 if (*TestPtr != TestCounter) {\r
832 DEBUG ((EFI_D_INFO, "Capsule test pattern pre-coalesce failed data corruption check\n"));\r
833 return ;\r
834 }\r
835\r
836 TestSize -= sizeof (UINT32);\r
837 TestCounter++;\r
838 TestPtr++;\r
839 }\r
840 Desc++;\r
841 while ((Desc->Length == 0) && (Desc->Union.ContinuationPointer != (EFI_PHYSICAL_ADDRESS) (UINTN) NULL)) {\r
842 Desc = (EFI_CAPSULE_BLOCK_DESCRIPTOR *) (UINTN) Desc->Union.ContinuationPointer;\r
843 }\r
844\r
845 if (Desc->Union.ContinuationPointer == (EFI_PHYSICAL_ADDRESS) (UINTN) NULL) {\r
846 return ;\r
847 }\r
848 TestSize = (UINT32) Desc->Length;\r
849 TestPtr = (UINT32 *) (UINTN) Desc->Union.DataBlock;\r
850 }\r
851}\r
852\r
853/**\r
854 Checks for the presence of capsule descriptors.\r
855 Get capsule descriptors from variable CapsuleUpdateData, CapsuleUpdateData1, CapsuleUpdateData2...\r
856\r
857 @param BlockListBuffer Pointer to the buffer of capsule descriptors variables\r
359cb1a3 858 @param MemoryResource Pointer to the buffer of memory resource descriptor.\r
ab7017fe 859 @param BlockDescriptorList Pointer to the capsule descriptors list\r
860\r
861 @retval EFI_SUCCESS a valid capsule is present\r
862 @retval EFI_NOT_FOUND if a valid capsule is not present\r
863**/\r
864EFI_STATUS\r
865BuildCapsuleDescriptors (\r
866 IN EFI_PHYSICAL_ADDRESS *BlockListBuffer,\r
359cb1a3 867 IN MEMORY_RESOURCE_DESCRIPTOR *MemoryResource,\r
ab7017fe 868 OUT EFI_CAPSULE_BLOCK_DESCRIPTOR **BlockDescriptorList \r
869 )\r
870{\r
871 UINTN Index;\r
872 EFI_CAPSULE_BLOCK_DESCRIPTOR *LastBlock;\r
873 EFI_CAPSULE_BLOCK_DESCRIPTOR *TempBlock;\r
874 EFI_CAPSULE_BLOCK_DESCRIPTOR *HeadBlock;\r
875\r
ff284c56
JY		 876 DEBUG ((EFI_D_INFO, "BuildCapsuleDescriptors enter\n"));\r
877\r
ab7017fe 878 LastBlock = NULL;\r
879 HeadBlock = NULL;\r
880 TempBlock = NULL;\r
881 Index = 0;\r
882\r
883 while (BlockListBuffer[Index] != 0) {\r
31abeada
SZ		 884 //\r
885 // Test integrity of descriptors.\r
886 //\r
ff284c56 887 if (BlockListBuffer[Index] < MAX_ADDRESS) {\r
359cb1a3 888 TempBlock = ValidateCapsuleIntegrity ((EFI_CAPSULE_BLOCK_DESCRIPTOR *)(UINTN)BlockListBuffer[Index], MemoryResource);\r
ff284c56
JY		 889 if (TempBlock != NULL) {\r
890 if (LastBlock == NULL) {\r
891 LastBlock = TempBlock;\r
31abeada 892\r
ff284c56
JY		 893 //\r
894 // Return the base of the block descriptors\r
895 //\r
896 HeadBlock = (EFI_CAPSULE_BLOCK_DESCRIPTOR *)(UINTN)BlockListBuffer[Index];\r
897 } else {\r
898 //\r
899 // Combine the different BlockList into single BlockList.\r
900 //\r
901 LastBlock->Union.DataBlock = (EFI_PHYSICAL_ADDRESS)(UINTN)BlockListBuffer[Index];\r
902 LastBlock->Length = 0;\r
903 LastBlock = TempBlock;\r
904 }\r
ab7017fe 905 }\r
ff284c56
JY		 906 } else {\r
907 DEBUG ((EFI_D_ERROR, "ERROR: BlockListBuffer[Index](0x%lx) < MAX_ADDRESS\n", BlockListBuffer[Index]));\r
ab7017fe 908 }\r
909 Index ++;\r
910 }\r
911 \r
912 if (HeadBlock != NULL) {\r
913 *BlockDescriptorList = HeadBlock;\r
914 return EFI_SUCCESS;\r
915 }\r
916 return EFI_NOT_FOUND;\r
917}\r
918\r
919/**\r
920 The function to coalesce a fragmented capsule in memory.\r
921\r
922 Memory Map for coalesced capsule:\r
923 MemBase + ---->+---------------------------+<-----------+\r
ff284c56
JY		 924 MemSize | ------------------------- | |\r
925 | | Capsule [Num-1] | | |\r
926 | ------------------------- | |\r
927 | | ................ | | |\r
928 | ------------------------- | |\r
929 | | Capsule [1] | | |\r
930 | ------------------------- | |\r
931 | | Capsule [0] | | |\r
932 | ------------------------- | |\r
ab7017fe 933 | Capsule Image | | \r
ff284c56
JY		 934CapsuleImageBase-->+---------------------------+\r
935 | ------------------------- | |\r
936 | | CapsuleOffset[Num-1] | | |\r
937 | ------------------------- | |\r
938 | | ................ | | CapsuleSize\r
939 | ------------------------- | |\r
940 | | CapsuleOffset[1] | | |\r
941 | ------------------------- | |\r
942 | | CapsuleOffset[0] | | |\r
943 |---------------------------| |\r
944 | | CapsuleNumber | | |\r
945 | ------------------------- | |\r
946 | | CapsuleAllImageSize | | |\r
947 | ------------------------- | |\r
ab7017fe 948 | PrivateData | |\r
ff284c56 949 DestPtr ---->+---------------------------+<-----------+\r
ab7017fe 950 | | |\r
951 | FreeMem | FreeMemSize\r
952 | | |\r
953 FreeMemBase --->+---------------------------+<-----------+\r
954 | Terminator |\r
955 +---------------------------+\r
956 | BlockDescriptor n |\r
957 +---------------------------+\r
958 | ................. |\r
959 +---------------------------+\r
960 | BlockDescriptor 1 |\r
961 +---------------------------+\r
962 | BlockDescriptor 0 |\r
963 +---------------------------+\r
964 | PrivateDataDesc 0 |\r
965 MemBase ---->+---------------------------+<----- BlockList\r
966\r
dc204d5a
JY		 967 Caution: This function may receive untrusted input.\r
968 The capsule data is external input, so this routine will do basic validation before\r
969 coalesce capsule data into memory.\r
970\r
ab7017fe 971 @param PeiServices General purpose services available to every PEIM.\r
359cb1a3
SZ		 972 @param BlockListBuffer Pointer to the buffer of Capsule Descriptor Variables.\r
973 @param MemoryResource Pointer to the buffer of memory resource descriptor.\r
ab7017fe 974 @param MemoryBase Pointer to the base of a block of memory that we can walk\r
975 all over while trying to coalesce our buffers.\r
976 On output, this variable will hold the base address of\r
977 a coalesced capsule.\r
978 @param MemorySize Size of the memory region pointed to by MemoryBase.\r
979 On output, this variable will contain the size of the\r
980 coalesced capsule.\r
981\r
982 @retval EFI_NOT_FOUND If we could not find the capsule descriptors.\r
983\r
984 @retval EFI_BUFFER_TOO_SMALL\r
985 If we could not coalesce the capsule in the memory\r
986 region provided to us.\r
987\r
988 @retval EFI_SUCCESS Processed the capsule successfully.\r
989**/\r
990EFI_STATUS\r
991EFIAPI\r
992CapsuleDataCoalesce (\r
993 IN EFI_PEI_SERVICES **PeiServices,\r
994 IN EFI_PHYSICAL_ADDRESS *BlockListBuffer,\r
359cb1a3 995 IN MEMORY_RESOURCE_DESCRIPTOR *MemoryResource,\r
ab7017fe 996 IN OUT VOID **MemoryBase,\r
997 IN OUT UINTN *MemorySize\r
998 )\r
999{\r
1000 VOID *NewCapsuleBase;\r
ff284c56
JY		 1001 VOID *CapsuleImageBase;\r
1002 UINTN CapsuleIndex;\r
ab7017fe 1003 UINT8 *FreeMemBase;\r
1004 UINT8 *DestPtr;\r
ff284c56 1005 UINTN DestLength;\r
ab7017fe 1006 UINT8 *RelocPtr;\r
ff284c56 1007 UINTN CapsuleTimes; \r
ab7017fe 1008 UINT64 SizeLeft; \r
1009 UINT64 CapsuleImageSize; \r
1010 UINTN CapsuleSize;\r
ff284c56 1011 UINTN CapsuleNumber;\r
ab7017fe 1012 UINTN DescriptorsSize;\r
1013 UINTN FreeMemSize;\r
1014 UINTN NumDescriptors;\r
ab7017fe 1015 BOOLEAN CapsuleBeginFlag;\r
1016 EFI_STATUS Status;\r
1017 EFI_CAPSULE_HEADER *CapsuleHeader;\r
1018 EFI_CAPSULE_PEIM_PRIVATE_DATA PrivateData;\r
1019 EFI_CAPSULE_PEIM_PRIVATE_DATA *PrivateDataPtr;\r
1020 EFI_CAPSULE_BLOCK_DESCRIPTOR *BlockList;\r
1021 EFI_CAPSULE_BLOCK_DESCRIPTOR *CurrentBlockDesc;\r
1022 EFI_CAPSULE_BLOCK_DESCRIPTOR *TempBlockDesc;\r
1023 EFI_CAPSULE_BLOCK_DESCRIPTOR PrivateDataDesc[2];\r
1024\r
ff284c56
JY		 1025 DEBUG ((EFI_D_INFO, "CapsuleDataCoalesce enter\n"));\r
1026\r
ab7017fe 1027 CapsuleIndex = 0;\r
1028 SizeLeft = 0;\r
1029 CapsuleTimes = 0;\r
1030 CapsuleImageSize = 0;\r
1031 PrivateDataPtr = NULL;\r
ab7017fe 1032 CapsuleHeader = NULL;\r
1033 CapsuleBeginFlag = TRUE;\r
ab7017fe 1034 CapsuleSize = 0;\r
1035 NumDescriptors = 0;\r
ff284c56 1036\r
ab7017fe 1037 //\r
1038 // Build capsule descriptors list\r
1039 //\r
359cb1a3 1040 Status = BuildCapsuleDescriptors (BlockListBuffer, MemoryResource, &BlockList);\r
ab7017fe 1041 if (EFI_ERROR (Status)) {\r
1042 return Status;\r
1043 }\r
1044\r
1045 DEBUG_CODE (\r
1046 CapsuleTestPatternPreCoalesce (PeiServices, BlockList);\r
1047 );\r
1048\r
1049 //\r
1050 // Get the size of our descriptors and the capsule size. GetCapsuleInfo()\r
1051 // returns the number of descriptors that actually point to data, so add\r
1052 // one for a terminator. Do that below.\r
1053 //\r
ff284c56
JY		 1054 Status = GetCapsuleInfo (BlockList, &NumDescriptors, &CapsuleSize, &CapsuleNumber);\r
1055 if (EFI_ERROR (Status)) {\r
1056 return Status;\r
1057 }\r
1058 DEBUG ((EFI_D_INFO, "CapsuleSize - 0x%x\n", CapsuleSize));\r
1059 DEBUG ((EFI_D_INFO, "CapsuleNumber - 0x%x\n", CapsuleNumber));\r
1060 DEBUG ((EFI_D_INFO, "NumDescriptors - 0x%x\n", NumDescriptors));\r
1061 if ((CapsuleSize == 0) || (NumDescriptors == 0) || (CapsuleNumber == 0)) {\r
ab7017fe 1062 return EFI_NOT_FOUND;\r
1063 }\r
1064\r
ff284c56
JY		 1065 if (CapsuleNumber - 1 >= (MAX_ADDRESS - (sizeof (EFI_CAPSULE_PEIM_PRIVATE_DATA) + sizeof(UINT64))) / sizeof(UINT64)) {\r
1066 DEBUG ((EFI_D_ERROR, "ERROR: CapsuleNumber - 0x%x\n", CapsuleNumber));\r
1067 return EFI_BUFFER_TOO_SMALL;\r
1068 }\r
1069\r
ab7017fe 1070 //\r
1071 // Initialize our local copy of private data. When we're done, we'll create a\r
1072 // descriptor for it as well so that it can be put into free memory without\r
1073 // trashing anything.\r
1074 //\r
ff284c56
JY		 1075 PrivateData.Signature = EFI_CAPSULE_PEIM_PRIVATE_DATA_SIGNATURE;\r
1076 PrivateData.CapsuleAllImageSize = (UINT64) CapsuleSize;\r
1077 PrivateData.CapsuleNumber = (UINT64) CapsuleNumber;\r
1078 PrivateData.CapsuleOffset[0] = 0;\r
1079 //\r
ed3ff1ac 1080 // NOTE: Only data in sizeof (EFI_CAPSULE_PEIM_PRIVATE_DATA) is valid, CapsuleOffset field is uninitialized at this moment.\r
ff284c56
JY		 1081 // The code sets partial length here for Descriptor.Length check, but later it will use full length to reserve those PrivateData region.\r
1082 //\r
ab7017fe 1083 PrivateDataDesc[0].Union.DataBlock = (EFI_PHYSICAL_ADDRESS) (UINTN) &PrivateData;\r
1084 PrivateDataDesc[0].Length = sizeof (EFI_CAPSULE_PEIM_PRIVATE_DATA);\r
1085 PrivateDataDesc[1].Union.DataBlock = (EFI_PHYSICAL_ADDRESS) (UINTN) BlockList;\r
1086 PrivateDataDesc[1].Length = 0;\r
1087 //\r
ed3ff1ac 1088 // Add PrivateDataDesc[0] in beginning, as it is new descriptor. PrivateDataDesc[1] is NOT needed.\r
ff284c56
JY		 1089 // In addition, one NULL terminator is added in the end. See RelocateBlockDescriptors().\r
1090 //\r
1091 NumDescriptors += 2;\r
ab7017fe 1092 //\r
ed3ff1ac 1093 // Sanity check\r
ff284c56
JY		 1094 //\r
1095 if (CapsuleSize >= (MAX_ADDRESS - (sizeof (EFI_CAPSULE_PEIM_PRIVATE_DATA) + (CapsuleNumber - 1) * sizeof(UINT64) + sizeof(UINT64)))) {\r
1096 DEBUG ((EFI_D_ERROR, "ERROR: CapsuleSize - 0x%x\n", CapsuleSize));\r
1097 return EFI_BUFFER_TOO_SMALL;\r
1098 }\r
1099 //\r
1100 // Need add sizeof(UINT64) for PrivateData alignment\r
1101 //\r
1102 CapsuleSize += sizeof (EFI_CAPSULE_PEIM_PRIVATE_DATA) + (CapsuleNumber - 1) * sizeof(UINT64) + sizeof(UINT64);\r
ab7017fe 1103 BlockList = PrivateDataDesc;\r
ff284c56 1104 //\r
ed3ff1ac 1105 // Sanity check\r
ff284c56
JY		 1106 //\r
1107 if (NumDescriptors >= (MAX_ADDRESS / sizeof(EFI_CAPSULE_BLOCK_DESCRIPTOR))) {\r
1108 DEBUG ((EFI_D_ERROR, "ERROR: NumDescriptors - 0x%x\n", NumDescriptors));\r
1109 return EFI_BUFFER_TOO_SMALL;\r
1110 }\r
ab7017fe 1111 DescriptorsSize = NumDescriptors * sizeof (EFI_CAPSULE_BLOCK_DESCRIPTOR);\r
ff284c56 1112 //\r
ed3ff1ac 1113 // Sanity check\r
ff284c56
JY		 1114 //\r
1115 if (DescriptorsSize >= (MAX_ADDRESS - CapsuleSize)) {\r
1116 DEBUG ((EFI_D_ERROR, "ERROR: DescriptorsSize - 0x%lx, CapsuleSize - 0x%lx\n", (UINT64)DescriptorsSize, (UINT64)CapsuleSize));\r
1117 return EFI_BUFFER_TOO_SMALL;\r
1118 }\r
ab7017fe 1119\r
1120 //\r
1121 // Don't go below some min address. If the base is below it,\r
1122 // then move it up and adjust the size accordingly.\r
1123 //\r
1124 DEBUG ((EFI_D_INFO, "Capsule Memory range from 0x%8X to 0x%8X\n", (UINTN) *MemoryBase, (UINTN)*MemoryBase + *MemorySize));\r
1125 if ((UINTN)*MemoryBase < (UINTN) MIN_COALESCE_ADDR) {\r
1126 if (((UINTN)*MemoryBase + *MemorySize) < (UINTN) MIN_COALESCE_ADDR) {\r
ff284c56 1127 DEBUG ((EFI_D_ERROR, "ERROR: *MemoryBase + *MemorySize - 0x%x\n", (UINTN)*MemoryBase + *MemorySize));\r
ab7017fe 1128 return EFI_BUFFER_TOO_SMALL;\r
1129 } else {\r
1130 *MemorySize = *MemorySize - ((UINTN) MIN_COALESCE_ADDR - (UINTN) *MemoryBase);\r
1131 *MemoryBase = (VOID *) (UINTN) MIN_COALESCE_ADDR;\r
1132 }\r
1133 }\r
1134\r
1135 if (*MemorySize <= (CapsuleSize + DescriptorsSize)) {\r
ff284c56 1136 DEBUG ((EFI_D_ERROR, "ERROR: CapsuleSize + DescriptorsSize - 0x%x\n", CapsuleSize + DescriptorsSize));\r
ab7017fe 1137 return EFI_BUFFER_TOO_SMALL;\r
1138 }\r
1139\r
1140 FreeMemBase = *MemoryBase;\r
1141 FreeMemSize = *MemorySize;\r
1142 DEBUG ((EFI_D_INFO, "Capsule Free Memory from 0x%8X to 0x%8X\n", (UINTN) FreeMemBase, (UINTN) FreeMemBase + FreeMemSize));\r
1143\r
1144 //\r
1145 // Relocate all the block descriptors to low memory to make further\r
1146 // processing easier.\r
1147 //\r
ff284c56 1148 BlockList = RelocateBlockDescriptors (PeiServices, BlockList, NumDescriptors, FreeMemBase, FreeMemSize);\r
ab7017fe 1149 if (BlockList == NULL) {\r
1150 //\r
1151 // Not enough room to relocate the descriptors\r
1152 //\r
1153 return EFI_BUFFER_TOO_SMALL;\r
1154 }\r
1155\r
1156 //\r
ff284c56 1157 // Take the top of memory for the capsule. UINT64 align up.\r
ab7017fe 1158 //\r
1159 DestPtr = FreeMemBase + FreeMemSize - CapsuleSize;\r
ff284c56 1160 DestPtr = (UINT8 *) (((UINTN)DestPtr + sizeof (UINT64) - 1) & ~(sizeof (UINT64) - 1));\r
ab7017fe 1161 FreeMemBase = (UINT8 *) BlockList + DescriptorsSize;\r
4694dd1b 1162 FreeMemSize = (UINTN) DestPtr - (UINTN) FreeMemBase;\r
ab7017fe 1163 NewCapsuleBase = (VOID *) DestPtr;\r
ff284c56
JY		 1164 CapsuleImageBase = (UINT8 *)NewCapsuleBase + sizeof(EFI_CAPSULE_PEIM_PRIVATE_DATA) + (CapsuleNumber - 1) * sizeof(UINT64);\r
1165\r
1166 PrivateDataPtr = (EFI_CAPSULE_PEIM_PRIVATE_DATA *) NewCapsuleBase;\r
ab7017fe 1167\r
1168 //\r
1169 // Move all the blocks to the top (high) of memory.\r
1170 // Relocate all the obstructing blocks. Note that the block descriptors\r
1171 // were coalesced when they were relocated, so we can just ++ the pointer.\r
1172 //\r
1173 CurrentBlockDesc = BlockList;\r
1174 while ((CurrentBlockDesc->Length != 0) || (CurrentBlockDesc->Union.ContinuationPointer != (EFI_PHYSICAL_ADDRESS) (UINTN) NULL)) {\r
ff284c56
JY		 1175 if (CapsuleTimes == 0) {\r
1176 //\r
1177 // The first entry is the block descriptor for EFI_CAPSULE_PEIM_PRIVATE_DATA.\r
1178 // CapsuleOffset field is uninitialized at this time. No need copy it, but need to reserve for future use.\r
1179 //\r
1180 ASSERT (CurrentBlockDesc->Union.DataBlock == (UINT64)(UINTN)&PrivateData);\r
1181 DestLength = sizeof (EFI_CAPSULE_PEIM_PRIVATE_DATA) + (CapsuleNumber - 1) * sizeof(UINT64);\r
1182 } else {\r
1183 DestLength = (UINTN)CurrentBlockDesc->Length;\r
1184 }\r
ab7017fe 1185 //\r
1186 // See if any of the remaining capsule blocks are in the way\r
1187 //\r
1188 TempBlockDesc = CurrentBlockDesc;\r
1189 while (TempBlockDesc->Length != 0) {\r
1190 //\r
1191 // Is this block in the way of where we want to copy the current descriptor to?\r
1192 //\r
1193 if (IsOverlapped (\r
1194 (UINT8 *) DestPtr,\r
ff284c56 1195 (UINTN) DestLength,\r
ab7017fe 1196 (UINT8 *) (UINTN) TempBlockDesc->Union.DataBlock,\r
1197 (UINTN) TempBlockDesc->Length\r
1198 )) {\r
1199 //\r
1200 // Relocate the block\r
1201 //\r
1202 RelocPtr = FindFreeMem (BlockList, FreeMemBase, FreeMemSize, (UINTN) TempBlockDesc->Length);\r
1203 if (RelocPtr == NULL) {\r
1204 return EFI_BUFFER_TOO_SMALL;\r
1205 }\r
1206\r
1207 CopyMem ((VOID *) RelocPtr, (VOID *) (UINTN) TempBlockDesc->Union.DataBlock, (UINTN) TempBlockDesc->Length);\r
1208 DEBUG ((EFI_D_INFO, "Capsule reloc data block from 0x%8X to 0x%8X with size 0x%8X\n",\r
1209 (UINTN) TempBlockDesc->Union.DataBlock, (UINTN) RelocPtr, (UINTN) TempBlockDesc->Length));\r
1210\r
1211 TempBlockDesc->Union.DataBlock = (EFI_PHYSICAL_ADDRESS) (UINTN) RelocPtr;\r
1212 }\r
1213 //\r
1214 // Next descriptor\r
1215 //\r
1216 TempBlockDesc++;\r
1217 }\r
1218 //\r
1219 // Ok, we made it through. Copy the block.\r
1220 // we just support greping one capsule from the lists of block descs list.\r
1221 //\r
1222 CapsuleTimes ++;\r
1223 //\r
1224 //Skip the first block descriptor that filled with EFI_CAPSULE_PEIM_PRIVATE_DATA\r
1225 //\r
1226 if (CapsuleTimes > 1) {\r
1227 //\r
1228 //For every capsule entry point, check its header to determine whether to relocate it.\r
1229 //If it is invalid, skip it and move on to the next capsule. If it is valid, relocate it.\r
1230 //\r
1231 if (CapsuleBeginFlag) {\r
1232 CapsuleBeginFlag = FALSE;\r
1233 CapsuleHeader = (EFI_CAPSULE_HEADER*)(UINTN)CurrentBlockDesc->Union.DataBlock;\r
1234 SizeLeft = CapsuleHeader->CapsuleImageSize;\r
ab7017fe 1235\r
ff284c56
JY		 1236 //\r
1237 // No more check here is needed, because IsCapsuleCorrupted() already in ValidateCapsuleIntegrity()\r
1238 //\r
1239 ASSERT (CapsuleIndex < CapsuleNumber);\r
ab7017fe 1240\r
ff284c56
JY		 1241 //\r
1242 // Relocate this capsule\r
1243 //\r
1244 CapsuleImageSize += SizeLeft;\r
1245 //\r
1246 // Cache the begin offset of this capsule\r
1247 //\r
1248 ASSERT (PrivateDataPtr->Signature == EFI_CAPSULE_PEIM_PRIVATE_DATA_SIGNATURE);\r
1249 ASSERT ((UINTN)DestPtr >= (UINTN)CapsuleImageBase);\r
16f69227 1250 PrivateDataPtr->CapsuleOffset[CapsuleIndex++] = (UINTN)DestPtr - (UINTN)CapsuleImageBase;\r
240bc4ee
SZ		 1251 }\r
1252\r
ff284c56
JY		 1253 //\r
1254 // Below ASSERT is checked in ValidateCapsuleIntegrity()\r
1255 //\r
1256 ASSERT (CurrentBlockDesc->Length <= SizeLeft);\r
1257\r
1258 CopyMem ((VOID *) DestPtr, (VOID *) (UINTN) (CurrentBlockDesc->Union.DataBlock), (UINTN)CurrentBlockDesc->Length);\r
1259 DEBUG ((EFI_D_INFO, "Capsule coalesce block no.0x%lX from 0x%lX to 0x%lX with size 0x%lX\n",(UINT64)CapsuleTimes,\r
1260 CurrentBlockDesc->Union.DataBlock, (UINT64)(UINTN)DestPtr, CurrentBlockDesc->Length));\r
1261 DestPtr += CurrentBlockDesc->Length;\r
1262 SizeLeft -= CurrentBlockDesc->Length;\r
1263\r
1264 if (SizeLeft == 0) {\r
ab7017fe 1265 //\r
240bc4ee 1266 //Here is the end of the current capsule image.\r
ab7017fe 1267 //\r
240bc4ee 1268 CapsuleBeginFlag = TRUE; \r
ab7017fe 1269 }\r
1270 } else {\r
1271 //\r
ff284c56
JY		 1272 // The first entry is the block descriptor for EFI_CAPSULE_PEIM_PRIVATE_DATA.\r
1273 // CapsuleOffset field is uninitialized at this time. No need copy it, but need to reserve for future use.\r
ab7017fe 1274 //\r
ff284c56
JY		 1275 ASSERT (CurrentBlockDesc->Length == sizeof (EFI_CAPSULE_PEIM_PRIVATE_DATA));\r
1276 ASSERT ((UINTN)DestPtr == (UINTN)NewCapsuleBase);\r
ab7017fe 1277 CopyMem ((VOID *) DestPtr, (VOID *) (UINTN) CurrentBlockDesc->Union.DataBlock, (UINTN) CurrentBlockDesc->Length);\r
ff284c56 1278 DestPtr += sizeof (EFI_CAPSULE_PEIM_PRIVATE_DATA) + (CapsuleNumber - 1) * sizeof(UINT64);\r
ab7017fe 1279 }\r
1280 //\r
1281 //Walk through the block descriptor list.\r
1282 //\r
1283 CurrentBlockDesc++;\r
1284 }\r
1285 //\r
1286 // We return the base of memory we want reserved, and the size.\r
1287 // The memory peim should handle it appropriately from there.\r
1288 //\r
2e4c9e01 1289 *MemorySize = (UINTN) CapsuleSize;\r
ab7017fe 1290 *MemoryBase = (VOID *) NewCapsuleBase;\r
1291\r
ff284c56
JY		 1292 ASSERT (PrivateDataPtr->Signature == EFI_CAPSULE_PEIM_PRIVATE_DATA_SIGNATURE);\r
1293 ASSERT (PrivateDataPtr->CapsuleAllImageSize == CapsuleImageSize);\r
1294 ASSERT (PrivateDataPtr->CapsuleNumber == CapsuleIndex);\r
ab7017fe 1295\r
1296 return EFI_SUCCESS;\r
1297}\r
EFI Development Kit II mirror for PVE