Edward O'Callaghan has uploaded this change for review.

View Change

cbtable.c: don't assume high addresses can fully map 1 MiB

Forward port the downstream `commit b17e9e41838`.

When using a forwarding table entry for finding the coreboot table
don't assume one has access to a full 1 MiB where the forwarding
table entry points to. The reason is that the 1 MiB may cover address
regions that have differing cacheability type. As such the kernel will
complain and the mapping will fail. Instead, check the header first then
map in the bytes that it indicates after sanity validation. That way
there is no attempt at requesting an invalid mapping that spans different
memory cacheability attributes.

BUG=b:66681446
BRANCH=None
TEST=Can successfully run 'flashrom -p host --wp-status' on kahlee
without generating PAT errors.

Original-Change-Id: Ic6c5832b069300cced66e11f4ca4a0bbc6e496de
Original-Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/685608
Original-Reviewed-by: Martin Roth <martinroth@chromium.org>
Original-Reviewed-by: Justin TerAvest <teravest@chromium.org>

Change-Id: I43705c19dd7c816098d03f528bde6f180c4c8f24
Signed-off-by: Edward O'Callaghan <quasisec@chromium.org>
---
M cbtable.c
1 file changed, 61 insertions(+), 8 deletions(-)

git pull ssh://review.coreboot.org:29418/flashrom refs/changes/40/37240/1
diff --git a/cbtable.c b/cbtable.c
index e566840..38a9f11 100644
--- a/cbtable.c
+++ b/cbtable.c
@@ -210,6 +210,66 @@
return NULL;
}

+static struct lb_header *find_lb_table_remap(unsigned long start_addr,
+ uint8_t **table_area)
+{
+ size_t offset;
+ unsigned long addr, end;
+ size_t mapping_size;
+ void *base;
+
+ mapping_size = getpagesize();
+ offset = start_addr % getpagesize();
+ start_addr -= offset;
+
+ base = physmap_ro("high tables", start_addr, mapping_size);
+ if (ERROR_PTR == base) {
+ msg_perr("Failed getting access to coreboot high tables.\n");
+ return NULL;
+ }
+
+ for (addr = offset, end = getpagesize(); addr < end; addr += 16) {
+ struct lb_record *recs;
+ struct lb_header *head;
+
+ /* No more headers to check. */
+ if (end - addr < sizeof(*head))
+ return NULL;
+
+ head = (struct lb_header *)(((char *)base) + addr);
+
+ if (!lb_header_valid(head, addr))
+ continue;
+
+ if (mapping_size - addr < head->table_bytes + sizeof(*head)) {
+ size_t prev_mapping_size = mapping_size;
+ mapping_size = head->table_bytes + sizeof(*head);
+ mapping_size += addr;
+ mapping_size += getpagesize() -
+ (mapping_size % getpagesize());
+ physunmap(base, prev_mapping_size);
+ base = physmap_ro("high tables", start_addr,
+ mapping_size);
+ if (ERROR_PTR == base) {
+ msg_perr("Failed getting access to coreboot high tables.\n");
+ return NULL;
+ }
+ }
+
+ head = (struct lb_header *)(((char *)base) + addr);
+ recs =
+ (struct lb_record *)(((char *)base) + addr + sizeof(*head));
+ if (!lb_table_valid(head, recs))
+ continue;
+ msg_pdbg("Found coreboot table at 0x%08lx.\n", addr);
+ *table_area = base;
+ return head;
+ }
+
+ physunmap(base, mapping_size);
+ return NULL;
+}
+
static void find_mainboard(struct lb_record *ptr, unsigned long addr)
{
struct lb_mainboard *rec;
@@ -283,15 +343,8 @@
(((char *)lb_table) + lb_table->header_bytes);
if (forward->tag == LB_TAG_FORWARD) {
start = forward->forward;
- start &= ~(getpagesize() - 1);
physunmap_unaligned(table_area, BYTES_TO_MAP);
- // FIXME: table_area is never unmapped below, nor is it unmapped above in the no-forward case
- table_area = physmap_ro_unaligned("high tables", start, BYTES_TO_MAP);
- if (ERROR_PTR == table_area) {
- msg_perr("Failed getting access to coreboot high tables.\n");
- return -1;
- }
- lb_table = find_lb_table(table_area, 0x00000, 0x1000);
+ lb_table = find_lb_table_remap(start, &table_area);
}
}


To view, visit change 37240. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: flashrom
Gerrit-Branch: master
Gerrit-Change-Id: I43705c19dd7c816098d03f528bde6f180c4c8f24
Gerrit-Change-Number: 37240
Gerrit-PatchSet: 1
Gerrit-Owner: Edward O'Callaghan <quasisec@chromium.org>
Gerrit-MessageType: newchange