into memory.\r
\r
(C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>\r
-Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
@param MemSize The size of the block of memory pointed to by MemBase\r
@param DataSize How big a free block we want to find\r
\r
- @return A pointer to a memory block of at least DataSize that lies somewhere \r
+ @return A pointer to a memory block of at least DataSize that lies somewhere\r
between MemBase and (MemBase + MemSize). The memory pointed to does not\r
contain any of the capsule block descriptors or capsule blocks pointed to\r
by the BlockList.\r
UINTN DataSize\r
);\r
\r
-/**\r
- Check the integrity of the capsule descriptors.\r
-\r
- @param BlockList Pointer to the capsule descriptors\r
-\r
- @retval NULL BlockList is not valid.\r
- @retval LastBlockDesc Last one Block in BlockList\r
-\r
-**/\r
-EFI_CAPSULE_BLOCK_DESCRIPTOR *\r
-ValidateCapsuleIntegrity (\r
- IN EFI_CAPSULE_BLOCK_DESCRIPTOR *BlockList\r
- );\r
-\r
/**\r
The capsule block descriptors may be fragmented and spread all over memory.\r
To simplify the coalescing of capsule blocks, first coalesce all the\r
@param MemSize size of the system memory pointed to by MemBase\r
\r
@retval NULL could not relocate the descriptors\r
- @retval Pointer to the base of the successfully-relocated block descriptors. \r
+ @retval Pointer to the base of the successfully-relocated block descriptors.\r
\r
**/\r
EFI_CAPSULE_BLOCK_DESCRIPTOR *\r
@param CapsuleHeader The pointer to EFI_CAPSULE_HEADER\r
\r
@retval FALSE Capsule is OK\r
- @retval TRUE Capsule is corrupted \r
+ @retval TRUE Capsule is corrupted\r
\r
**/\r
BOOLEAN\r
@param MemSize The size of the block of memory pointed to by MemBase\r
@param DataSize How big a free block we want to find\r
\r
- @return A pointer to a memory block of at least DataSize that lies somewhere \r
+ @return A pointer to a memory block of at least DataSize that lies somewhere\r
between MemBase and (MemBase + MemSize). The memory pointed to does not\r
contain any of the capsule block descriptors or capsule blocks pointed to\r
by the BlockList.\r
return MemBase;\r
}\r
\r
+/**\r
+ Validate capsule by MemoryResource.\r
+\r
+ @param MemoryResource Pointer to the buffer of memory resource descriptor.\r
+ @param Address Address to be validated.\r
+ @param Size Size to be validated.\r
+\r
+ @retval TRUE No memory resource descriptor reported in HOB list before capsule Coalesce,\r
+ or it is valid in one MemoryResource.\r
+ FALSE It is not in any MemoryResource.\r
+\r
+**/\r
+BOOLEAN\r
+ValidateCapsuleByMemoryResource (\r
+ IN MEMORY_RESOURCE_DESCRIPTOR *MemoryResource,\r
+ IN EFI_PHYSICAL_ADDRESS Address,\r
+ IN UINT64 Size\r
+ )\r
+{\r
+ UINTN Index;\r
+\r
+ //\r
+ // Sanity Check\r
+ //\r
+ if (Size > MAX_ADDRESS) {\r
+ DEBUG ((EFI_D_ERROR, "ERROR: Size(0x%lx) > MAX_ADDRESS\n", Size));\r
+ return FALSE;\r
+ }\r
+\r
+ //\r
+ // Sanity Check\r
+ //\r
+ if (Address > (MAX_ADDRESS - Size)) {\r
+ DEBUG ((EFI_D_ERROR, "ERROR: Address(0x%lx) > (MAX_ADDRESS - Size(0x%lx))\n", Address, Size));\r
+ return FALSE;\r
+ }\r
+\r
+ if (MemoryResource == NULL) {\r
+ //\r
+ // No memory resource descriptor reported in HOB list before capsule Coalesce.\r
+ //\r
+ return TRUE;\r
+ }\r
+\r
+ for (Index = 0; MemoryResource[Index].ResourceLength != 0; Index++) {\r
+ if ((Address >= MemoryResource[Index].PhysicalStart) &&\r
+ ((Address + Size) <= (MemoryResource[Index].PhysicalStart + MemoryResource[Index].ResourceLength))) {\r
+ DEBUG ((EFI_D_INFO, "Address(0x%lx) Size(0x%lx) in MemoryResource[0x%x] - Start(0x%lx) Length(0x%lx)\n",\r
+ Address, Size,\r
+ Index, MemoryResource[Index].PhysicalStart, MemoryResource[Index].ResourceLength));\r
+ return TRUE;\r
+ }\r
+ }\r
+\r
+ DEBUG ((EFI_D_ERROR, "ERROR: Address(0x%lx) Size(0x%lx) not in any MemoryResource\n", Address, Size));\r
+ return FALSE;\r
+}\r
+\r
/**\r
Check the integrity of the capsule descriptors.\r
\r
- @param BlockList Pointer to the capsule descriptors\r
+ @param BlockList Pointer to the capsule descriptors\r
+ @param MemoryResource Pointer to the buffer of memory resource descriptor.\r
\r
@retval NULL BlockList is not valid.\r
@retval LastBlockDesc Last one Block in BlockList\r
**/\r
EFI_CAPSULE_BLOCK_DESCRIPTOR *\r
ValidateCapsuleIntegrity (\r
- IN EFI_CAPSULE_BLOCK_DESCRIPTOR *BlockList\r
+ IN EFI_CAPSULE_BLOCK_DESCRIPTOR *BlockList,\r
+ IN MEMORY_RESOURCE_DESCRIPTOR *MemoryResource\r
)\r
{\r
EFI_CAPSULE_HEADER *CapsuleHeader;\r
// * The first capsule header guid\r
// * The first capsule header flag\r
// * The first capsule header HeaderSize\r
- // * Length > MAX_ADDRESS\r
- // * ContinuationPointer > MAX_ADDRESS\r
- // * DataBlock + Length > MAX_ADDRESS\r
+ // * Below check will be done in ValidateCapsuleByMemoryResource()\r
+ // Length > MAX_ADDRESS\r
+ // Ptr + sizeof (EFI_CAPSULE_BLOCK_DESCRIPTOR) > MAX_ADDRESS\r
+ // DataBlock + Length > MAX_ADDRESS\r
//\r
CapsuleSize = 0;\r
CapsuleCount = 0;\r
Ptr = BlockList;\r
\r
+ if (!ValidateCapsuleByMemoryResource (MemoryResource, (EFI_PHYSICAL_ADDRESS) (UINTN) Ptr, sizeof (EFI_CAPSULE_BLOCK_DESCRIPTOR))) {\r
+ return NULL;\r
+ }\r
+\r
DEBUG ((EFI_D_INFO, "Ptr - 0x%x\n", Ptr));\r
DEBUG ((EFI_D_INFO, "Ptr->Length - 0x%x\n", Ptr->Length));\r
DEBUG ((EFI_D_INFO, "Ptr->Union - 0x%x\n", Ptr->Union.ContinuationPointer));\r
DEBUG ((EFI_D_ERROR, "ERROR: BlockList address failed alignment check\n"));\r
return NULL;\r
}\r
- //\r
- // Sanity Check\r
- //\r
- if (Ptr->Length > MAX_ADDRESS) {\r
- DEBUG ((EFI_D_ERROR, "ERROR: Ptr->Length(0x%lx) > MAX_ADDRESS\n", Ptr->Length));\r
- return NULL;\r
- }\r
\r
if (Ptr->Length == 0) {\r
- //\r
- // Sanity Check\r
- //\r
- if (Ptr->Union.ContinuationPointer > MAX_ADDRESS) {\r
- DEBUG ((EFI_D_ERROR, "ERROR: Ptr->Union.ContinuationPointer(0x%lx) > MAX_ADDRESS\n", Ptr->Union.ContinuationPointer));\r
- return NULL;\r
- }\r
//\r
// Descriptor points to another list of block descriptors somewhere\r
// else.\r
//\r
Ptr = (EFI_CAPSULE_BLOCK_DESCRIPTOR *) (UINTN) Ptr->Union.ContinuationPointer;\r
+ if (!ValidateCapsuleByMemoryResource (MemoryResource, (EFI_PHYSICAL_ADDRESS) (UINTN) Ptr, sizeof (EFI_CAPSULE_BLOCK_DESCRIPTOR))) {\r
+ return NULL;\r
+ }\r
DEBUG ((EFI_D_INFO, "Ptr(C) - 0x%x\n", Ptr));\r
DEBUG ((EFI_D_INFO, "Ptr->Length - 0x%x\n", Ptr->Length));\r
DEBUG ((EFI_D_INFO, "Ptr->Union - 0x%x\n", Ptr->Union.ContinuationPointer));\r
} else {\r
- //\r
- // Sanity Check\r
- //\r
- if (Ptr->Union.DataBlock > (MAX_ADDRESS - (UINTN)Ptr->Length)) {\r
- DEBUG ((EFI_D_ERROR, "ERROR: Ptr->Union.DataBlock(0x%lx) > (MAX_ADDRESS - (UINTN)Ptr->Length(0x%lx))\n", Ptr->Union.DataBlock, Ptr->Length));\r
+ if (!ValidateCapsuleByMemoryResource (MemoryResource, Ptr->Union.DataBlock, Ptr->Length)) {\r
return NULL;\r
}\r
\r
// Move to next BLOCK descriptor\r
//\r
Ptr++;\r
+ if (!ValidateCapsuleByMemoryResource (MemoryResource, (EFI_PHYSICAL_ADDRESS) (UINTN) Ptr, sizeof (EFI_CAPSULE_BLOCK_DESCRIPTOR))) {\r
+ return NULL;\r
+ }\r
DEBUG ((EFI_D_INFO, "Ptr(B) - 0x%x\n", Ptr));\r
DEBUG ((EFI_D_INFO, "Ptr->Length - 0x%x\n", Ptr->Length));\r
DEBUG ((EFI_D_INFO, "Ptr->Union - 0x%x\n", Ptr->Union.ContinuationPointer));\r
@param MemSize size of the system memory pointed to by MemBase\r
\r
@retval NULL could not relocate the descriptors\r
- @retval Pointer to the base of the successfully-relocated block descriptors. \r
+ @retval Pointer to the base of the successfully-relocated block descriptors.\r
\r
**/\r
EFI_CAPSULE_BLOCK_DESCRIPTOR *\r
@param CapsuleHeader The pointer to EFI_CAPSULE_HEADER\r
\r
@retval FALSE Capsule is OK\r
- @retval TRUE Capsule is corrupted \r
+ @retval TRUE Capsule is corrupted\r
\r
**/\r
BOOLEAN\r
capsule gets coalesced. This can be useful in narrowing down\r
where capsule data corruption occurs.\r
\r
- The test pattern mode fills in memory with a counting UINT32 value. \r
+ The test pattern mode fills in memory with a counting UINT32 value.\r
If the capsule is not divided up in a multiple of 4-byte blocks, then\r
things get messy doing the check. Therefore there are some cases\r
here where we just give up and skip the pre-coalesce check.\r
Get capsule descriptors from variable CapsuleUpdateData, CapsuleUpdateData1, CapsuleUpdateData2...\r
\r
@param BlockListBuffer Pointer to the buffer of capsule descriptors variables\r
+ @param MemoryResource Pointer to the buffer of memory resource descriptor.\r
@param BlockDescriptorList Pointer to the capsule descriptors list\r
\r
@retval EFI_SUCCESS a valid capsule is present\r
EFI_STATUS\r
BuildCapsuleDescriptors (\r
IN EFI_PHYSICAL_ADDRESS *BlockListBuffer,\r
- OUT EFI_CAPSULE_BLOCK_DESCRIPTOR **BlockDescriptorList \r
+ IN MEMORY_RESOURCE_DESCRIPTOR *MemoryResource,\r
+ OUT EFI_CAPSULE_BLOCK_DESCRIPTOR **BlockDescriptorList\r
)\r
{\r
UINTN Index;\r
// Test integrity of descriptors.\r
//\r
if (BlockListBuffer[Index] < MAX_ADDRESS) {\r
- TempBlock = ValidateCapsuleIntegrity ((EFI_CAPSULE_BLOCK_DESCRIPTOR *)(UINTN)BlockListBuffer[Index]);\r
+ TempBlock = ValidateCapsuleIntegrity ((EFI_CAPSULE_BLOCK_DESCRIPTOR *)(UINTN)BlockListBuffer[Index], MemoryResource);\r
if (TempBlock != NULL) {\r
if (LastBlock == NULL) {\r
LastBlock = TempBlock;\r
}\r
Index ++;\r
}\r
- \r
+\r
if (HeadBlock != NULL) {\r
*BlockDescriptorList = HeadBlock;\r
return EFI_SUCCESS;\r
| ------------------------- | |\r
| | Capsule [0] | | |\r
| ------------------------- | |\r
- | Capsule Image | | \r
+ | Capsule Image | |\r
CapsuleImageBase-->+---------------------------+\r
| ------------------------- | |\r
| | CapsuleOffset[Num-1] | | |\r
coalesce capsule data into memory.\r
\r
@param PeiServices General purpose services available to every PEIM.\r
- @param BlockListBuffer Point to the buffer of Capsule Descriptor Variables.\r
+ @param BlockListBuffer Pointer to the buffer of Capsule Descriptor Variables.\r
+ @param MemoryResource Pointer to the buffer of memory resource descriptor.\r
@param MemoryBase Pointer to the base of a block of memory that we can walk\r
all over while trying to coalesce our buffers.\r
On output, this variable will hold the base address of\r
CapsuleDataCoalesce (\r
IN EFI_PEI_SERVICES **PeiServices,\r
IN EFI_PHYSICAL_ADDRESS *BlockListBuffer,\r
+ IN MEMORY_RESOURCE_DESCRIPTOR *MemoryResource,\r
IN OUT VOID **MemoryBase,\r
IN OUT UINTN *MemorySize\r
)\r
UINT8 *DestPtr;\r
UINTN DestLength;\r
UINT8 *RelocPtr;\r
- UINTN CapsuleTimes; \r
- UINT64 SizeLeft; \r
- UINT64 CapsuleImageSize; \r
+ UINTN CapsuleTimes;\r
+ UINT64 SizeLeft;\r
+ UINT64 CapsuleImageSize;\r
UINTN CapsuleSize;\r
UINTN CapsuleNumber;\r
UINTN DescriptorsSize;\r
//\r
// Build capsule descriptors list\r
//\r
- Status = BuildCapsuleDescriptors (BlockListBuffer, &BlockList);\r
+ Status = BuildCapsuleDescriptors (BlockListBuffer, MemoryResource, &BlockList);\r
if (EFI_ERROR (Status)) {\r
return Status;\r
}\r
//\r
ASSERT (PrivateDataPtr->Signature == EFI_CAPSULE_PEIM_PRIVATE_DATA_SIGNATURE);\r
ASSERT ((UINTN)DestPtr >= (UINTN)CapsuleImageBase);\r
- PrivateDataPtr->CapsuleOffset[CapsuleIndex++] = (UINT64)((UINTN)DestPtr - (UINTN)CapsuleImageBase);\r
+ PrivateDataPtr->CapsuleOffset[CapsuleIndex++] = (UINTN)DestPtr - (UINTN)CapsuleImageBase;\r
}\r
\r
//\r
//\r
//Here is the end of the current capsule image.\r
//\r
- CapsuleBeginFlag = TRUE; \r
+ CapsuleBeginFlag = TRUE;\r
}\r
} else {\r
//\r