Memory allocated with malloc_tmp() (and its variants) is only valid during the POST phase. It can be tricky to find all users of "tmp" memory and failures from getting this wrong can be subtle. So, this series adds a mechanism to try and catch these cases. The idea is to flag global variables that point to "tmp" memory as only being reachable from "init" code. The build can then verify it.
No change of this nature would be complete without uncovering existing errors. The S3 resume code was accessing invalid memory when it called the shadow ram functions and the smm init code. The first two patches fix this up. The remaining two patches add the build time check.
-Kevin
Kevin O'Connor (4): shadow: Don't use PCIDevices list in make_bios_readonly(). smm: Don't use PCIDevices list in smm_setup(). Add VARVERIFY32INIT attribute for variables only available during "init". Use VARVERIFY32INIT on global variables that point to "tmp" memory.
src/boot.c | 4 ++-- src/paravirt.c | 1 + src/pci.c | 2 +- src/pmm.c | 6 +++-- src/romfile.c | 2 +- src/shadow.c | 34 +++++++++++----------------- src/smm.c | 66 +++++++++++++++++++++++++++++------------------------- src/types.h | 4 ++++ src/util.h | 1 + tools/layoutrom.py | 18 +++++++-------- 10 files changed, 71 insertions(+), 67 deletions(-)