]> git.proxmox.com Git - mirror_edk2.git/blob - MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add comment for modules which have external input.
[mirror_edk2.git] / MdeModulePkg / Universal / CapsulePei / Common / CapsuleCoalesce.c
1 /** @file
2 The logic to process capsule.
3
4 Caution: This module requires additional review when modified.
5 This driver will have external input - capsule image.
6 This external input must be validated carefully to avoid security issue like
7 buffer overflow, integer overflow.
8
9 CapsuleDataCoalesce() will do basic validation before coalesce capsule data
10 into memory.
11
12 Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
13 This program and the accompanying materials
14 are licensed and made available under the terms and conditions of the BSD License
15 which accompanies this distribution. The full text of the license may be found at
16 http://opensource.org/licenses/bsd-license.php
17
18 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
19 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
20
21 **/
22
23 #include <Uefi.h>
24 #include <PiPei.h>
25
26 #include <Guid/CapsuleVendor.h>
27
28 #include <Library/BaseMemoryLib.h>
29 #include <Library/DebugLib.h>
30 #include <Library/PrintLib.h>
31 #include <Library/BaseLib.h>
32
33 #define MIN_COALESCE_ADDR (1024 * 1024)
34 #define MAX_SUPPORT_CAPSULE_NUM 50
35
36 #define EFI_CAPSULE_PEIM_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('C', 'a', 'p', 'D')
37
38 typedef struct {
39 UINT32 Signature;
40 UINT32 CapsuleSize;
41 } EFI_CAPSULE_PEIM_PRIVATE_DATA;
42
43 /**
44 Given a pointer to the capsule block list, info on the available system
45 memory, and the size of a buffer, find a free block of memory where a
46 buffer of the given size can be copied to safely.
47
48 @param BlockList Pointer to head of capsule block descriptors
49 @param MemBase Pointer to the base of memory in which we want to find free space
50 @param MemSize The size of the block of memory pointed to by MemBase
51 @param DataSize How big a free block we want to find
52
53 @return A pointer to a memory block of at least DataSize that lies somewhere
54 between MemBase and (MemBase + MemSize). The memory pointed to does not
55 contain any of the capsule block descriptors or capsule blocks pointed to
56 by the BlockList.
57
58 **/
59 UINT8 *
60 FindFreeMem (
61 EFI_CAPSULE_BLOCK_DESCRIPTOR *BlockList,
62 UINT8 *MemBase,
63 UINTN MemSize,
64 UINTN DataSize
65 );
66
67 /**
68 Check the integrity of the capsule descriptors.
69
70 @param BlockList Pointer to the capsule descriptors
71
72 @retval NULL BlockList is not valid.
73 @retval LastBlockDesc Last one Block in BlockList
74
75 **/
76 EFI_CAPSULE_BLOCK_DESCRIPTOR *
77 ValidateCapsuleIntegrity (
78 IN EFI_CAPSULE_BLOCK_DESCRIPTOR *BlockList
79 );
80
81 /**
82 The capsule block descriptors may be fragmented and spread all over memory.
83 To simplify the coalescing of capsule blocks, first coalesce all the
84 capsule block descriptors low in memory.
85
86 The descriptors passed in can be fragmented throughout memory. Here
87 they are relocated into memory to turn them into a contiguous (null
88 terminated) array.
89
90 @param PeiServices pointer to PEI services table
91 @param BlockList pointer to the capsule block descriptors
92 @param MemBase base of system memory in which we can work
93 @param MemSize size of the system memory pointed to by MemBase
94
95 @retval NULL could not relocate the descriptors
96 @retval Pointer to the base of the successfully-relocated block descriptors.
97
98 **/
99 EFI_CAPSULE_BLOCK_DESCRIPTOR *
100 RelocateBlockDescriptors (
101 IN EFI_PEI_SERVICES **PeiServices,
102 IN EFI_CAPSULE_BLOCK_DESCRIPTOR *BlockList,
103 IN UINT8 *MemBase,
104 IN UINTN MemSize
105 );
106
107 /**
108 Check every capsule header.
109
110 @param CapsuleHeader The pointer to EFI_CAPSULE_HEADER
111
112 @retval FALSE Capsule is OK
113 @retval TRUE Capsule is corrupted
114
115 **/
116 BOOLEAN
117 IsCapsuleCorrupted (
118 IN EFI_CAPSULE_HEADER *CapsuleHeader
119 );
120
121 /**
122 Determine if two buffers overlap in memory.
123
124 @param Buff1 pointer to first buffer
125 @param Size1 size of Buff1
126 @param Buff2 pointer to second buffer
127 @param Size2 size of Buff2
128
129 @retval TRUE Buffers overlap in memory.
130 @retval FALSE Buffer doesn't overlap.
131
132 **/
133 BOOLEAN
134 IsOverlapped (
135 UINT8 *Buff1,
136 UINTN Size1,
137 UINT8 *Buff2,
138 UINTN Size2
139 );
140
141 /**
142 Given a pointer to a capsule block descriptor, traverse the list to figure
143 out how many legitimate descriptors there are, and how big the capsule it
144 refers to is.
145
146 @param Desc Pointer to the capsule block descriptors
147 NumDescriptors - optional pointer to where to return the number of descriptors
148 CapsuleSize - optional pointer to where to return the capsule size
149 @param NumDescriptors Optional pointer to where to return the number of descriptors
150 @param CapsuleSize Optional pointer to where to return the capsule size
151
152 @retval EFI_NOT_FOUND No descriptors containing data in the list
153 @retval EFI_SUCCESS Return data is valid
154
155 **/
156 EFI_STATUS
157 GetCapsuleInfo (
158 IN EFI_CAPSULE_BLOCK_DESCRIPTOR *Desc,
159 IN OUT UINTN *NumDescriptors OPTIONAL,
160 IN OUT UINTN *CapsuleSize OPTIONAL
161 );
162
163 /**
164 Given a pointer to the capsule block list, info on the available system
165 memory, and the size of a buffer, find a free block of memory where a
166 buffer of the given size can be copied to safely.
167
168 @param BlockList Pointer to head of capsule block descriptors
169 @param MemBase Pointer to the base of memory in which we want to find free space
170 @param MemSize The size of the block of memory pointed to by MemBase
171 @param DataSize How big a free block we want to find
172
173 @return A pointer to a memory block of at least DataSize that lies somewhere
174 between MemBase and (MemBase + MemSize). The memory pointed to does not
175 contain any of the capsule block descriptors or capsule blocks pointed to
176 by the BlockList.
177
178 **/
179 UINT8 *
180 FindFreeMem (
181 EFI_CAPSULE_BLOCK_DESCRIPTOR *BlockList,
182 UINT8 *MemBase,
183 UINTN MemSize,
184 UINTN DataSize
185 )
186 {
187 UINTN Size;
188 EFI_CAPSULE_BLOCK_DESCRIPTOR *CurrDesc;
189 EFI_CAPSULE_BLOCK_DESCRIPTOR *TempDesc;
190 UINT8 *MemEnd;
191 BOOLEAN Failed;
192
193 //
194 // Need at least enough to copy the data to at the end of the buffer, so
195 // say the end is less the data size for easy comparisons here.
196 //
197 MemEnd = MemBase + MemSize - DataSize;
198 CurrDesc = BlockList;
199 //
200 // Go through all the descriptor blocks and see if any obstruct the range
201 //
202 while (CurrDesc != NULL) {
203 //
204 // Get the size of this block list and see if it's in the way
205 //
206 Failed = FALSE;
207 TempDesc = CurrDesc;
208 Size = sizeof (EFI_CAPSULE_BLOCK_DESCRIPTOR);
209 while (TempDesc->Length != 0) {
210 Size += sizeof (EFI_CAPSULE_BLOCK_DESCRIPTOR);
211 TempDesc++;
212 }
213
214 if (IsOverlapped (MemBase, DataSize, (UINT8 *) CurrDesc, Size)) {
215 //
216 // Set our new base to the end of this block list and start all over
217 //
218 MemBase = (UINT8 *) CurrDesc + Size;
219 CurrDesc = BlockList;
220 if (MemBase > MemEnd) {
221 return NULL;
222 }
223
224 Failed = TRUE;
225 }
226 //
227 // Now go through all the blocks and make sure none are in the way
228 //
229 while ((CurrDesc->Length != 0) && (!Failed)) {
230 if (IsOverlapped (MemBase, DataSize, (UINT8 *) (UINTN) CurrDesc->Union.DataBlock, (UINTN) CurrDesc->Length)) {
231 //
232 // Set our new base to the end of this block and start all over
233 //
234 Failed = TRUE;
235 MemBase = (UINT8 *) ((UINTN) CurrDesc->Union.DataBlock) + CurrDesc->Length;
236 CurrDesc = BlockList;
237 if (MemBase > MemEnd) {
238 return NULL;
239 }
240 }
241 CurrDesc++;
242 }
243 //
244 // Normal continuation -- jump to next block descriptor list
245 //
246 if (!Failed) {
247 CurrDesc = (EFI_CAPSULE_BLOCK_DESCRIPTOR *) (UINTN) CurrDesc->Union.ContinuationPointer;
248 }
249 }
250 return MemBase;
251 }
252
253 /**
254 Check the integrity of the capsule descriptors.
255
256 @param BlockList Pointer to the capsule descriptors
257
258 @retval NULL BlockList is not valid.
259 @retval LastBlockDesc Last one Block in BlockList
260
261 **/
262 EFI_CAPSULE_BLOCK_DESCRIPTOR *
263 ValidateCapsuleIntegrity (
264 IN EFI_CAPSULE_BLOCK_DESCRIPTOR *BlockList
265 )
266 {
267 EFI_CAPSULE_HEADER *CapsuleHeader;
268 UINT64 CapsuleSize;
269 UINT32 CapsuleCount;
270 EFI_CAPSULE_BLOCK_DESCRIPTOR *Ptr;
271
272 //
273 // Go through the list to look for inconsistencies. Check for:
274 // * misaligned block descriptors.
275 // * The first capsule header guid
276 // * The first capsule header flag
277 // * Data + Length < Data (wrap)
278 CapsuleSize = 0;
279 CapsuleCount = 0;
280 Ptr = BlockList;
281 while ((Ptr->Length != 0) || (Ptr->Union.ContinuationPointer != (EFI_PHYSICAL_ADDRESS) (UINTN) NULL)) {
282 //
283 // Make sure the descriptor is aligned at UINT64 in memory
284 //
285 if ((UINTN) Ptr & 0x07) {
286 DEBUG ((EFI_D_ERROR, "BlockList address failed alignment check\n"));
287 return NULL;
288 }
289
290 if (Ptr->Length == 0) {
291 //
292 // Descriptor points to another list of block descriptors somewhere
293 // else.
294 //
295 Ptr = (EFI_CAPSULE_BLOCK_DESCRIPTOR *) (UINTN) Ptr->Union.ContinuationPointer;
296 } else {
297 //
298 //To enhance the reliability of check-up, the first capsule's header is checked here.
299 //More reliabilities check-up will do later.
300 //
301 if (CapsuleSize == 0) {
302 //
303 //Move to the first capsule to check its header.
304 //
305 CapsuleHeader = (EFI_CAPSULE_HEADER*)((UINTN)Ptr->Union.DataBlock);
306 if (IsCapsuleCorrupted (CapsuleHeader)) {
307 return NULL;
308 }
309 CapsuleCount ++;
310 CapsuleSize = CapsuleHeader->CapsuleImageSize;
311 }
312
313 if (CapsuleSize >= Ptr->Length) {
314 CapsuleSize = CapsuleSize - Ptr->Length;
315 } else {
316 CapsuleSize = 0;
317 }
318
319 //
320 // Move to next BLOCK descriptor
321 //
322 Ptr++;
323 }
324 }
325
326 if ((CapsuleCount == 0) || (CapsuleSize != 0)) {
327 //
328 // No any capsule is found in BlockList or capsule data is corrupted.
329 //
330 return NULL;
331 }
332
333 return Ptr;
334 }
335
336 /**
337 The capsule block descriptors may be fragmented and spread all over memory.
338 To simplify the coalescing of capsule blocks, first coalesce all the
339 capsule block descriptors low in memory.
340
341 The descriptors passed in can be fragmented throughout memory. Here
342 they are relocated into memory to turn them into a contiguous (null
343 terminated) array.
344
345 @param PeiServices pointer to PEI services table
346 @param BlockList pointer to the capsule block descriptors
347 @param MemBase base of system memory in which we can work
348 @param MemSize size of the system memory pointed to by MemBase
349
350 @retval NULL could not relocate the descriptors
351 @retval Pointer to the base of the successfully-relocated block descriptors.
352
353 **/
354 EFI_CAPSULE_BLOCK_DESCRIPTOR *
355 RelocateBlockDescriptors (
356 IN EFI_PEI_SERVICES **PeiServices,
357 IN EFI_CAPSULE_BLOCK_DESCRIPTOR *BlockList,
358 IN UINT8 *MemBase,
359 IN UINTN MemSize
360 )
361 {
362 EFI_CAPSULE_BLOCK_DESCRIPTOR *NewBlockList;
363 EFI_CAPSULE_BLOCK_DESCRIPTOR *CurrBlockDescHead;
364 EFI_CAPSULE_BLOCK_DESCRIPTOR *TempBlockDesc;
365 EFI_CAPSULE_BLOCK_DESCRIPTOR *PrevBlockDescTail;
366 UINTN NumDescriptors;
367 UINTN BufferSize;
368 UINT8 *RelocBuffer;
369 UINTN BlockListSize;
370 //
371 // Get the info on the blocks and descriptors. Since we're going to move
372 // the descriptors low in memory, adjust the base/size values accordingly here.
373 // GetCapsuleInfo() returns the number of legit descriptors, so add one for
374 // a terminator.
375 //
376 if (GetCapsuleInfo (BlockList, &NumDescriptors, NULL) != EFI_SUCCESS) {
377 return NULL;
378 }
379
380 NumDescriptors++;
381 BufferSize = NumDescriptors * sizeof (EFI_CAPSULE_BLOCK_DESCRIPTOR);
382 NewBlockList = (EFI_CAPSULE_BLOCK_DESCRIPTOR *) MemBase;
383 if (MemSize < BufferSize) {
384 return NULL;
385 }
386
387 MemSize -= BufferSize;
388 MemBase += BufferSize;
389 //
390 // Go through all the blocks and make sure none are in the way
391 //
392 TempBlockDesc = BlockList;
393 while (TempBlockDesc->Union.ContinuationPointer != (EFI_PHYSICAL_ADDRESS) (UINTN) NULL) {
394 if (TempBlockDesc->Length == 0) {
395 //
396 // Next block of descriptors
397 //
398 TempBlockDesc = (EFI_CAPSULE_BLOCK_DESCRIPTOR *) (UINTN) TempBlockDesc->Union.ContinuationPointer;
399 } else {
400 //
401 // If the capsule data pointed to by this descriptor is in the way,
402 // move it.
403 //
404 if (IsOverlapped (
405 (UINT8 *) NewBlockList,
406 BufferSize,
407 (UINT8 *) (UINTN) TempBlockDesc->Union.DataBlock,
408 (UINTN) TempBlockDesc->Length
409 )) {
410 //
411 // Relocate the block
412 //
413 RelocBuffer = FindFreeMem (BlockList, MemBase, MemSize, (UINTN) TempBlockDesc->Length);
414 if (RelocBuffer == NULL) {
415 return NULL;
416 }
417
418 CopyMem ((VOID *) RelocBuffer, (VOID *) (UINTN) TempBlockDesc->Union.DataBlock, (UINTN) TempBlockDesc->Length);
419 DEBUG ((EFI_D_INFO, "Capsule relocate descriptors from/to/size 0x%X 0x%X 0x%X\n", (UINT32)(UINTN)TempBlockDesc->Union.DataBlock, (UINT32)(UINTN)RelocBuffer, (UINT32)(UINTN)TempBlockDesc->Length));
420 TempBlockDesc->Union.DataBlock = (EFI_PHYSICAL_ADDRESS) (UINTN) RelocBuffer;
421 }
422 TempBlockDesc++;
423 }
424 }
425 //
426 // Now go through all the block descriptors to make sure that they're not
427 // in the memory region we want to copy them to.
428 //
429 CurrBlockDescHead = BlockList;
430 PrevBlockDescTail = NULL;
431 while ((CurrBlockDescHead != NULL) && (CurrBlockDescHead->Union.ContinuationPointer != (EFI_PHYSICAL_ADDRESS) (UINTN) NULL)) {
432 //
433 // Get the size of this list then see if it overlaps our low region
434 //
435 TempBlockDesc = CurrBlockDescHead;
436 BlockListSize = sizeof (EFI_CAPSULE_BLOCK_DESCRIPTOR);
437 while (TempBlockDesc->Length != 0) {
438 BlockListSize += sizeof (EFI_CAPSULE_BLOCK_DESCRIPTOR);
439 TempBlockDesc++;
440 }
441
442 if (IsOverlapped (
443 (UINT8 *) NewBlockList,
444 BufferSize,
445 (UINT8 *) CurrBlockDescHead,
446 BlockListSize
447 )) {
448 //
449 // Overlaps, so move it out of the way
450 //
451 RelocBuffer = FindFreeMem (BlockList, MemBase, MemSize, BlockListSize);
452 if (RelocBuffer == NULL) {
453 return NULL;
454 }
455 CopyMem ((VOID *) RelocBuffer, (VOID *) CurrBlockDescHead, BlockListSize);
456 DEBUG ((EFI_D_INFO, "Capsule reloc descriptor block #2\n"));
457 //
458 // Point the previous block's next point to this copied version. If
459 // the tail pointer is null, then this is the first descriptor block.
460 //
461 if (PrevBlockDescTail == NULL) {
462 BlockList = (EFI_CAPSULE_BLOCK_DESCRIPTOR *) RelocBuffer;
463 } else {
464 PrevBlockDescTail->Union.DataBlock = (EFI_PHYSICAL_ADDRESS) (UINTN) RelocBuffer;
465 }
466 }
467 //
468 // Save our new tail and jump to the next block list
469 //
470 PrevBlockDescTail = TempBlockDesc;
471 CurrBlockDescHead = (EFI_CAPSULE_BLOCK_DESCRIPTOR *) (UINTN) TempBlockDesc->Union.ContinuationPointer;
472 }
473 //
474 // Cleared out low memory. Now copy the descriptors down there.
475 //
476 TempBlockDesc = BlockList;
477 CurrBlockDescHead = NewBlockList;
478 while ((TempBlockDesc != NULL) && (TempBlockDesc->Union.ContinuationPointer != (EFI_PHYSICAL_ADDRESS) (UINTN) NULL)) {
479 if (TempBlockDesc->Length != 0) {
480 CurrBlockDescHead->Union.DataBlock = TempBlockDesc->Union.DataBlock;
481 CurrBlockDescHead->Length = TempBlockDesc->Length;
482 CurrBlockDescHead++;
483 TempBlockDesc++;
484 } else {
485 TempBlockDesc = (EFI_CAPSULE_BLOCK_DESCRIPTOR *) (UINTN) TempBlockDesc->Union.ContinuationPointer;
486 }
487 }
488 //
489 // Null terminate
490 //
491 CurrBlockDescHead->Union.ContinuationPointer = (EFI_PHYSICAL_ADDRESS) (UINTN) NULL;
492 CurrBlockDescHead->Length = 0;
493 return NewBlockList;
494 }
495
496 /**
497 Determine if two buffers overlap in memory.
498
499 @param Buff1 pointer to first buffer
500 @param Size1 size of Buff1
501 @param Buff2 pointer to second buffer
502 @param Size2 size of Buff2
503
504 @retval TRUE Buffers overlap in memory.
505 @retval FALSE Buffer doesn't overlap.
506
507 **/
508 BOOLEAN
509 IsOverlapped (
510 UINT8 *Buff1,
511 UINTN Size1,
512 UINT8 *Buff2,
513 UINTN Size2
514 )
515 {
516 //
517 // If buff1's end is less than the start of buff2, then it's ok.
518 // Also, if buff1's start is beyond buff2's end, then it's ok.
519 //
520 if (((Buff1 + Size1) <= Buff2) || (Buff1 >= (Buff2 + Size2))) {
521 return FALSE;
522 }
523
524 return TRUE;
525 }
526
527 /**
528 Given a pointer to a capsule block descriptor, traverse the list to figure
529 out how many legitimate descriptors there are, and how big the capsule it
530 refers to is.
531
532 @param Desc Pointer to the capsule block descriptors
533 NumDescriptors - optional pointer to where to return the number of descriptors
534 CapsuleSize - optional pointer to where to return the capsule size
535 @param NumDescriptors Optional pointer to where to return the number of descriptors
536 @param CapsuleSize Optional pointer to where to return the capsule size
537
538 @retval EFI_NOT_FOUND No descriptors containing data in the list
539 @retval EFI_SUCCESS Return data is valid
540
541 **/
542 EFI_STATUS
543 GetCapsuleInfo (
544 IN EFI_CAPSULE_BLOCK_DESCRIPTOR *Desc,
545 IN OUT UINTN *NumDescriptors OPTIONAL,
546 IN OUT UINTN *CapsuleSize OPTIONAL
547 )
548 {
549 UINTN Count;
550 UINTN Size;
551
552 ASSERT (Desc != NULL);
553
554 Count = 0;
555 Size = 0;
556
557 while (Desc->Union.ContinuationPointer != (EFI_PHYSICAL_ADDRESS) (UINTN) NULL) {
558 if (Desc->Length == 0) {
559 //
560 // Descriptor points to another list of block descriptors somewhere
561 //
562 Desc = (EFI_CAPSULE_BLOCK_DESCRIPTOR *) (UINTN) Desc->Union.ContinuationPointer;
563 } else {
564 Size += (UINTN) Desc->Length;
565 Count++;
566 Desc++;
567 }
568 }
569 //
570 // If no descriptors, then fail
571 //
572 if (Count == 0) {
573 return EFI_NOT_FOUND;
574 }
575
576 if (NumDescriptors != NULL) {
577 *NumDescriptors = Count;
578 }
579
580 if (CapsuleSize != NULL) {
581 *CapsuleSize = Size;
582 }
583
584 return EFI_SUCCESS;
585 }
586
587 /**
588 Check every capsule header.
589
590 @param CapsuleHeader The pointer to EFI_CAPSULE_HEADER
591
592 @retval FALSE Capsule is OK
593 @retval TRUE Capsule is corrupted
594
595 **/
596 BOOLEAN
597 IsCapsuleCorrupted (
598 IN EFI_CAPSULE_HEADER *CapsuleHeader
599 )
600 {
601 //
602 //A capsule to be updated across a system reset should contain CAPSULE_FLAGS_PERSIST_ACROSS_RESET.
603 //
604 if ((CapsuleHeader->Flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET) == 0) {
605 return TRUE;
606 }
607 //
608 //Make sure the flags combination is supported by the platform.
609 //
610 if ((CapsuleHeader->Flags & (CAPSULE_FLAGS_PERSIST_ACROSS_RESET | CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE)) == CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE) {
611 return TRUE;
612 }
613 if ((CapsuleHeader->Flags & (CAPSULE_FLAGS_PERSIST_ACROSS_RESET | CAPSULE_FLAGS_INITIATE_RESET)) == CAPSULE_FLAGS_INITIATE_RESET) {
614 return TRUE;
615 }
616
617 return FALSE;
618 }
619
620 /**
621 Try to verify the integrity of a capsule test pattern before the
622 capsule gets coalesced. This can be useful in narrowing down
623 where capsule data corruption occurs.
624
625 The test pattern mode fills in memory with a counting UINT32 value.
626 If the capsule is not divided up in a multiple of 4-byte blocks, then
627 things get messy doing the check. Therefore there are some cases
628 here where we just give up and skip the pre-coalesce check.
629
630 @param PeiServices PEI services table
631 @param Desc Pointer to capsule descriptors
632 **/
633 VOID
634 CapsuleTestPatternPreCoalesce (
635 IN EFI_PEI_SERVICES **PeiServices,
636 IN EFI_CAPSULE_BLOCK_DESCRIPTOR *Desc
637 )
638 {
639 UINT32 *TestPtr;
640 UINT32 TestCounter;
641 UINT32 TestSize;
642 //
643 // Find first data descriptor
644 //
645 while ((Desc->Length == 0) && (Desc->Union.ContinuationPointer != (EFI_PHYSICAL_ADDRESS) (UINTN) NULL)) {
646 Desc = (EFI_CAPSULE_BLOCK_DESCRIPTOR *) (UINTN) Desc->Union.ContinuationPointer;
647 }
648
649 if (Desc->Union.ContinuationPointer == 0) {
650 return ;
651 }
652 //
653 // First one better be long enough to at least hold the test signature
654 //
655 if (Desc->Length < sizeof (UINT32)) {
656 DEBUG ((EFI_D_INFO, "Capsule test pattern pre-coalesce punted #1\n"));
657 return ;
658 }
659
660 TestPtr = (UINT32 *) (UINTN) Desc->Union.DataBlock;
661 //
662 // 0x54534554 "TEST"
663 //
664 if (*TestPtr != 0x54534554) {
665 return ;
666 }
667
668 TestCounter = 0;
669 TestSize = (UINT32) Desc->Length - 2 * sizeof (UINT32);
670 //
671 // Skip over the signature and the size fields in the pattern data header
672 //
673 TestPtr += 2;
674 while (1) {
675 if ((TestSize & 0x03) != 0) {
676 DEBUG ((EFI_D_INFO, "Capsule test pattern pre-coalesce punted #2\n"));
677 return ;
678 }
679
680 while (TestSize > 0) {
681 if (*TestPtr != TestCounter) {
682 DEBUG ((EFI_D_INFO, "Capsule test pattern pre-coalesce failed data corruption check\n"));
683 return ;
684 }
685
686 TestSize -= sizeof (UINT32);
687 TestCounter++;
688 TestPtr++;
689 }
690 Desc++;
691 while ((Desc->Length == 0) && (Desc->Union.ContinuationPointer != (EFI_PHYSICAL_ADDRESS) (UINTN) NULL)) {
692 Desc = (EFI_CAPSULE_BLOCK_DESCRIPTOR *) (UINTN) Desc->Union.ContinuationPointer;
693 }
694
695 if (Desc->Union.ContinuationPointer == (EFI_PHYSICAL_ADDRESS) (UINTN) NULL) {
696 return ;
697 }
698 TestSize = (UINT32) Desc->Length;
699 TestPtr = (UINT32 *) (UINTN) Desc->Union.DataBlock;
700 }
701 }
702
703 /**
704 Checks for the presence of capsule descriptors.
705 Get capsule descriptors from variable CapsuleUpdateData, CapsuleUpdateData1, CapsuleUpdateData2...
706
707 @param BlockListBuffer Pointer to the buffer of capsule descriptors variables
708 @param BlockDescriptorList Pointer to the capsule descriptors list
709
710 @retval EFI_SUCCESS a valid capsule is present
711 @retval EFI_NOT_FOUND if a valid capsule is not present
712 **/
713 EFI_STATUS
714 BuildCapsuleDescriptors (
715 IN EFI_PHYSICAL_ADDRESS *BlockListBuffer,
716 OUT EFI_CAPSULE_BLOCK_DESCRIPTOR **BlockDescriptorList
717 )
718 {
719 UINTN Index;
720 EFI_CAPSULE_BLOCK_DESCRIPTOR *LastBlock;
721 EFI_CAPSULE_BLOCK_DESCRIPTOR *TempBlock;
722 EFI_CAPSULE_BLOCK_DESCRIPTOR *HeadBlock;
723
724 LastBlock = NULL;
725 HeadBlock = NULL;
726 TempBlock = NULL;
727 Index = 0;
728
729 while (BlockListBuffer[Index] != 0) {
730 //
731 // Test integrity of descriptors.
732 //
733 TempBlock = ValidateCapsuleIntegrity ((EFI_CAPSULE_BLOCK_DESCRIPTOR *)(UINTN)BlockListBuffer[Index]);
734 if (TempBlock != NULL) {
735 if (LastBlock == NULL) {
736 LastBlock = TempBlock;
737
738 //
739 // Return the base of the block descriptors
740 //
741 HeadBlock = (EFI_CAPSULE_BLOCK_DESCRIPTOR *)(UINTN)BlockListBuffer[Index];
742 } else {
743 //
744 // Combine the different BlockList into single BlockList.
745 //
746 LastBlock->Union.DataBlock = (EFI_PHYSICAL_ADDRESS)(UINTN)BlockListBuffer[Index];
747 LastBlock->Length = 0;
748 LastBlock = TempBlock;
749 }
750 }
751 Index ++;
752 }
753
754 if (HeadBlock != NULL) {
755 *BlockDescriptorList = HeadBlock;
756 return EFI_SUCCESS;
757 }
758 return EFI_NOT_FOUND;
759 }
760
761 /**
762 The function to coalesce a fragmented capsule in memory.
763
764 Memory Map for coalesced capsule:
765 MemBase + ---->+---------------------------+<-----------+
766 MemSize | CapsuleOffset[49] | |
767 +---------------------------+ |
768 | ................ | |
769 +---------------------------+ |
770 | CapsuleOffset[2] | |
771 +---------------------------+ |
772 | CapsuleOffset[1] | |
773 +---------------------------+ |
774 | CapsuleOffset[0] | CapsuleSize
775 +---------------------------+ |
776 | CapsuleNumber | |
777 +---------------------------+ |
778 | | |
779 | | |
780 | Capsule Image | |
781 | | |
782 | | |
783 +---------------------------+ |
784 | PrivateData | |
785 DestPtr ----> +---------------------------+<-----------+
786 | | |
787 | FreeMem | FreeMemSize
788 | | |
789 FreeMemBase --->+---------------------------+<-----------+
790 | Terminator |
791 +---------------------------+
792 | BlockDescriptor n |
793 +---------------------------+
794 | ................. |
795 +---------------------------+
796 | BlockDescriptor 1 |
797 +---------------------------+
798 | BlockDescriptor 0 |
799 +---------------------------+
800 | PrivateDataDesc 0 |
801 MemBase ---->+---------------------------+<----- BlockList
802
803 Caution: This function may receive untrusted input.
804 The capsule data is external input, so this routine will do basic validation before
805 coalesce capsule data into memory.
806
807 @param PeiServices General purpose services available to every PEIM.
808 @param BlockListBuffer Point to the buffer of Capsule Descriptor Variables.
809 @param MemoryBase Pointer to the base of a block of memory that we can walk
810 all over while trying to coalesce our buffers.
811 On output, this variable will hold the base address of
812 a coalesced capsule.
813 @param MemorySize Size of the memory region pointed to by MemoryBase.
814 On output, this variable will contain the size of the
815 coalesced capsule.
816
817 @retval EFI_NOT_FOUND If we could not find the capsule descriptors.
818
819 @retval EFI_BUFFER_TOO_SMALL
820 If we could not coalesce the capsule in the memory
821 region provided to us.
822
823 @retval EFI_SUCCESS Processed the capsule successfully.
824 **/
825 EFI_STATUS
826 EFIAPI
827 CapsuleDataCoalesce (
828 IN EFI_PEI_SERVICES **PeiServices,
829 IN EFI_PHYSICAL_ADDRESS *BlockListBuffer,
830 IN OUT VOID **MemoryBase,
831 IN OUT UINTN *MemorySize
832 )
833 {
834 VOID *NewCapsuleBase;
835 VOID *DataPtr;
836 UINT8 CapsuleIndex;
837 UINT8 *FreeMemBase;
838 UINT8 *DestPtr;
839 UINT8 *RelocPtr;
840 UINT32 CapsuleOffset[MAX_SUPPORT_CAPSULE_NUM];
841 UINT32 *AddDataPtr;
842 UINT32 CapsuleTimes;
843 UINT64 SizeLeft;
844 UINT64 CapsuleImageSize;
845 UINTN CapsuleSize;
846 UINTN DescriptorsSize;
847 UINTN FreeMemSize;
848 UINTN NumDescriptors;
849 BOOLEAN IsCorrupted;
850 BOOLEAN CapsuleBeginFlag;
851 EFI_STATUS Status;
852 EFI_CAPSULE_HEADER *CapsuleHeader;
853 EFI_CAPSULE_PEIM_PRIVATE_DATA PrivateData;
854 EFI_CAPSULE_PEIM_PRIVATE_DATA *PrivateDataPtr;
855 EFI_CAPSULE_BLOCK_DESCRIPTOR *BlockList;
856 EFI_CAPSULE_BLOCK_DESCRIPTOR *CurrentBlockDesc;
857 EFI_CAPSULE_BLOCK_DESCRIPTOR *TempBlockDesc;
858 EFI_CAPSULE_BLOCK_DESCRIPTOR PrivateDataDesc[2];
859
860 CapsuleIndex = 0;
861 SizeLeft = 0;
862 CapsuleTimes = 0;
863 CapsuleImageSize = 0;
864 PrivateDataPtr = NULL;
865 AddDataPtr = NULL;
866 CapsuleHeader = NULL;
867 CapsuleBeginFlag = TRUE;
868 IsCorrupted = TRUE;
869 CapsuleSize = 0;
870 NumDescriptors = 0;
871
872 //
873 // Build capsule descriptors list
874 //
875 Status = BuildCapsuleDescriptors (BlockListBuffer, &BlockList);
876 if (EFI_ERROR (Status)) {
877 return Status;
878 }
879
880 DEBUG_CODE (
881 CapsuleTestPatternPreCoalesce (PeiServices, BlockList);
882 );
883
884 //
885 // Get the size of our descriptors and the capsule size. GetCapsuleInfo()
886 // returns the number of descriptors that actually point to data, so add
887 // one for a terminator. Do that below.
888 //
889 GetCapsuleInfo (BlockList, &NumDescriptors, &CapsuleSize);
890 if ((CapsuleSize == 0) || (NumDescriptors == 0)) {
891 return EFI_NOT_FOUND;
892 }
893
894 //
895 // Initialize our local copy of private data. When we're done, we'll create a
896 // descriptor for it as well so that it can be put into free memory without
897 // trashing anything.
898 //
899 PrivateData.Signature = EFI_CAPSULE_PEIM_PRIVATE_DATA_SIGNATURE;
900 PrivateData.CapsuleSize = (UINT32) CapsuleSize;
901 PrivateDataDesc[0].Union.DataBlock = (EFI_PHYSICAL_ADDRESS) (UINTN) &PrivateData;
902 PrivateDataDesc[0].Length = sizeof (EFI_CAPSULE_PEIM_PRIVATE_DATA);
903 PrivateDataDesc[1].Union.DataBlock = (EFI_PHYSICAL_ADDRESS) (UINTN) BlockList;
904 PrivateDataDesc[1].Length = 0;
905 //
906 // In addition to PrivateDataDesc[1:0], one terminator is added
907 // See below RelocateBlockDescriptors()
908 //
909 NumDescriptors += 3;
910 CapsuleSize += sizeof (EFI_CAPSULE_PEIM_PRIVATE_DATA) + sizeof(CapsuleOffset) + sizeof(UINT32);
911 BlockList = PrivateDataDesc;
912 DescriptorsSize = NumDescriptors * sizeof (EFI_CAPSULE_BLOCK_DESCRIPTOR);
913
914 //
915 // Don't go below some min address. If the base is below it,
916 // then move it up and adjust the size accordingly.
917 //
918 DEBUG ((EFI_D_INFO, "Capsule Memory range from 0x%8X to 0x%8X\n", (UINTN) *MemoryBase, (UINTN)*MemoryBase + *MemorySize));
919 if ((UINTN)*MemoryBase < (UINTN) MIN_COALESCE_ADDR) {
920 if (((UINTN)*MemoryBase + *MemorySize) < (UINTN) MIN_COALESCE_ADDR) {
921 return EFI_BUFFER_TOO_SMALL;
922 } else {
923 *MemorySize = *MemorySize - ((UINTN) MIN_COALESCE_ADDR - (UINTN) *MemoryBase);
924 *MemoryBase = (VOID *) (UINTN) MIN_COALESCE_ADDR;
925 }
926 }
927
928 if (*MemorySize <= (CapsuleSize + DescriptorsSize)) {
929 return EFI_BUFFER_TOO_SMALL;
930 }
931
932 FreeMemBase = *MemoryBase;
933 FreeMemSize = *MemorySize;
934 DEBUG ((EFI_D_INFO, "Capsule Free Memory from 0x%8X to 0x%8X\n", (UINTN) FreeMemBase, (UINTN) FreeMemBase + FreeMemSize));
935
936 //
937 // Relocate all the block descriptors to low memory to make further
938 // processing easier.
939 //
940 BlockList = RelocateBlockDescriptors (PeiServices, BlockList, FreeMemBase, FreeMemSize);
941 if (BlockList == NULL) {
942 //
943 // Not enough room to relocate the descriptors
944 //
945 return EFI_BUFFER_TOO_SMALL;
946 }
947
948 //
949 // Take the top of memory for the capsule. Naturally align.
950 //
951 DestPtr = FreeMemBase + FreeMemSize - CapsuleSize;
952 DestPtr = (UINT8 *) ((UINTN) DestPtr &~ (UINTN) (sizeof (UINTN) - 1));
953 FreeMemBase = (UINT8 *) BlockList + DescriptorsSize;
954 FreeMemSize = (UINTN) DestPtr - (UINTN) FreeMemBase;
955 NewCapsuleBase = (VOID *) DestPtr;
956
957 //
958 // Move all the blocks to the top (high) of memory.
959 // Relocate all the obstructing blocks. Note that the block descriptors
960 // were coalesced when they were relocated, so we can just ++ the pointer.
961 //
962 CurrentBlockDesc = BlockList;
963 while ((CurrentBlockDesc->Length != 0) || (CurrentBlockDesc->Union.ContinuationPointer != (EFI_PHYSICAL_ADDRESS) (UINTN) NULL)) {
964 //
965 // See if any of the remaining capsule blocks are in the way
966 //
967 TempBlockDesc = CurrentBlockDesc;
968 while (TempBlockDesc->Length != 0) {
969 //
970 // Is this block in the way of where we want to copy the current descriptor to?
971 //
972 if (IsOverlapped (
973 (UINT8 *) DestPtr,
974 (UINTN) CurrentBlockDesc->Length,
975 (UINT8 *) (UINTN) TempBlockDesc->Union.DataBlock,
976 (UINTN) TempBlockDesc->Length
977 )) {
978 //
979 // Relocate the block
980 //
981 RelocPtr = FindFreeMem (BlockList, FreeMemBase, FreeMemSize, (UINTN) TempBlockDesc->Length);
982 if (RelocPtr == NULL) {
983 return EFI_BUFFER_TOO_SMALL;
984 }
985
986 CopyMem ((VOID *) RelocPtr, (VOID *) (UINTN) TempBlockDesc->Union.DataBlock, (UINTN) TempBlockDesc->Length);
987 DEBUG ((EFI_D_INFO, "Capsule reloc data block from 0x%8X to 0x%8X with size 0x%8X\n",
988 (UINTN) TempBlockDesc->Union.DataBlock, (UINTN) RelocPtr, (UINTN) TempBlockDesc->Length));
989
990 TempBlockDesc->Union.DataBlock = (EFI_PHYSICAL_ADDRESS) (UINTN) RelocPtr;
991 }
992 //
993 // Next descriptor
994 //
995 TempBlockDesc++;
996 }
997 //
998 // Ok, we made it through. Copy the block.
999 // we just support greping one capsule from the lists of block descs list.
1000 //
1001 CapsuleTimes ++;
1002 //
1003 //Skip the first block descriptor that filled with EFI_CAPSULE_PEIM_PRIVATE_DATA
1004 //
1005 if (CapsuleTimes > 1) {
1006 //
1007 //For every capsule entry point, check its header to determine whether to relocate it.
1008 //If it is invalid, skip it and move on to the next capsule. If it is valid, relocate it.
1009 //
1010 if (CapsuleBeginFlag) {
1011 CapsuleBeginFlag = FALSE;
1012 CapsuleHeader = (EFI_CAPSULE_HEADER*)(UINTN)CurrentBlockDesc->Union.DataBlock;
1013 SizeLeft = CapsuleHeader->CapsuleImageSize;
1014 if (!IsCapsuleCorrupted (CapsuleHeader)) {
1015
1016 if (CapsuleIndex > (MAX_SUPPORT_CAPSULE_NUM - 1)) {
1017 DEBUG ((EFI_D_ERROR, "Capsule number exceeds the max number of %d!\n", MAX_SUPPORT_CAPSULE_NUM));
1018 return EFI_BUFFER_TOO_SMALL;
1019 }
1020
1021 //
1022 // Relocate this valid capsule
1023 //
1024 IsCorrupted = FALSE;
1025 CapsuleImageSize += SizeLeft;
1026 //
1027 // Cache the begin offset of this capsule
1028 //
1029 CapsuleOffset[CapsuleIndex++] = (UINT32) (UINTN) DestPtr - (UINT32)(UINTN)NewCapsuleBase - (UINT32)sizeof(EFI_CAPSULE_PEIM_PRIVATE_DATA);
1030 }
1031 }
1032
1033 if (CurrentBlockDesc->Length < SizeLeft) {
1034 if (!IsCorrupted) {
1035 CopyMem ((VOID *) DestPtr, (VOID *) (UINTN) (CurrentBlockDesc->Union.DataBlock), (UINTN)CurrentBlockDesc->Length);
1036 DEBUG ((EFI_D_INFO, "Capsule coalesce block no.0x%8X from 0x%8lX to 0x%8lX with size 0x%8X\n",CapsuleTimes,
1037 (UINTN)CurrentBlockDesc->Union.DataBlock, (UINTN)DestPtr, (UINTN)CurrentBlockDesc->Length));
1038 DestPtr += CurrentBlockDesc->Length;
1039 }
1040 SizeLeft -= CurrentBlockDesc->Length;
1041 } else {
1042 //
1043 //Here is the end of the current capsule image.
1044 //
1045 if (!IsCorrupted) {
1046 CopyMem ((VOID *) DestPtr, (VOID *)(UINTN)(CurrentBlockDesc->Union.DataBlock), (UINTN) SizeLeft);
1047 DEBUG ((EFI_D_INFO, "Capsule coalesce block no.0x%8X from 0x%8lX to 0x%8lX with size 0x%8X\n",CapsuleTimes,
1048 (UINTN)CurrentBlockDesc->Union.DataBlock, (UINTN)DestPtr, (UINTN) SizeLeft));
1049 DestPtr += SizeLeft;
1050 }
1051 //
1052 // Start the next cycle
1053 //
1054 SizeLeft = 0;
1055 IsCorrupted = TRUE;
1056 CapsuleBeginFlag = TRUE;
1057 }
1058 } else {
1059 //
1060 //The first entry is the block descriptor for EFI_CAPSULE_PEIM_PRIVATE_DATA.
1061 //
1062 CopyMem ((VOID *) DestPtr, (VOID *) (UINTN) CurrentBlockDesc->Union.DataBlock, (UINTN) CurrentBlockDesc->Length);
1063 DestPtr += CurrentBlockDesc->Length;
1064 }
1065 //
1066 //Walk through the block descriptor list.
1067 //
1068 CurrentBlockDesc++;
1069 }
1070 //
1071 // We return the base of memory we want reserved, and the size.
1072 // The memory peim should handle it appropriately from there.
1073 //
1074 *MemorySize = (UINTN) CapsuleSize;
1075 *MemoryBase = (VOID *) NewCapsuleBase;
1076
1077 //
1078 //Append the offsets of mutiply capsules to the continous buffer
1079 //
1080 DataPtr = (VOID*)((UINTN)NewCapsuleBase + sizeof(EFI_CAPSULE_PEIM_PRIVATE_DATA) + (UINTN)CapsuleImageSize);
1081 AddDataPtr = (UINT32*)(((UINTN) DataPtr + sizeof(UINT32) - 1) &~ (UINT32) (sizeof (UINT32) - 1));
1082
1083 *AddDataPtr++ = CapsuleIndex;
1084
1085 CopyMem (AddDataPtr, &CapsuleOffset[0], sizeof (UINT32) * CapsuleIndex);
1086
1087 PrivateDataPtr = (EFI_CAPSULE_PEIM_PRIVATE_DATA *) NewCapsuleBase;
1088 PrivateDataPtr->CapsuleSize = (UINT32) CapsuleImageSize;
1089
1090 return EFI_SUCCESS;
1091 }
EFI Development Kit II mirror for PVE