All of lore.kernel.org
 help / color / mirror / Atom feed
From: Rob Clark <robdclark@gmail.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 2/3] efi_loader: add checking for incorrect use of EFI_ENTRY/EXIT
Date: Wed, 26 Jul 2017 16:55:59 -0400	[thread overview]
Message-ID: <CAF6AEGvnsQNt2Pv=p2Vwq0Sq57=HOX-pjWZW5gR0+4_1=ycM1w@mail.gmail.com> (raw)
In-Reply-To: <2117e686-554d-b865-4072-536094fc572d@suse.de>

On Wed, Jul 26, 2017 at 4:12 PM, Alexander Graf <agraf@suse.de> wrote:
>
>
> On 26.07.17 18:41, Rob Clark wrote:
>>
>> On Wed, Jul 26, 2017 at 11:25 AM, Alexander Graf <agraf@suse.de> wrote:
>>>
>>>
>>>
>>> On 26.07.17 15:55, Rob Clark wrote:
>>>>
>>>>
>>>> Missing an EFI_ENTRY() or doubling up EFI_EXIT() leads to non-obvious
>>>> crashes.  Let's add some error checking.
>>>>
>>>> Signed-off-by: Rob Clark <robdclark@gmail.com>
>>>> ---
>>>>    include/efi_loader.h          |  5 +++++
>>>>    lib/efi_loader/efi_boottime.c | 13 +++++++++++++
>>>>    2 files changed, 18 insertions(+)
>>>>
>>>> diff --git a/include/efi_loader.h b/include/efi_loader.h
>>>> index 09bab7dbc6..4b49fac84b 100644
>>>> --- a/include/efi_loader.h
>>>> +++ b/include/efi_loader.h
>>>> @@ -15,11 +15,13 @@
>>>>      #include <linux/list.h>
>>>>    +int __efi_check_nesting(int delta);
>>>>    /*
>>>>     * Enter the u-boot world from UEFI:
>>>>     */
>>>>    #define EFI_ENTRY(format, ...) do { \
>>>>          efi_restore_gd(); \
>>>> +       assert(__efi_check_nesting(+1)); \
>>>>          debug("EFI: Entry %s(" format ")\n", __func__, ##__VA_ARGS__);
>>>> \
>>>>          } while(0)
>>>>    @@ -28,6 +30,7 @@
>>>>     */
>>>>    #define EFI_EXIT(ret) ({ \
>>>>          debug("EFI: Exit: %s: %u\n", __func__, (u32)((ret) &
>>>> ~EFI_ERROR_MASK)); \
>>>> +       assert(__efi_check_nesting(-1)); \
>>>>          efi_exit_func(ret); \
>>>>          })
>>>>    @@ -36,10 +39,12 @@
>>>>     */
>>>>    #define EFI_CALL(exp) do { \
>>>>          debug("EFI: Call: %s\n", #exp); \
>>>> +       assert(__efi_check_nesting(-1)); \
>>>>          efi_exit_func(EFI_SUCCESS); \
>>>>          exp; \
>>>>          efi_restore_gd(); \
>>>>          debug("EFI: Return From: %s\n", #exp); \
>>>> +       assert(__efi_check_nesting(+1)); \
>>>>          } while(0)
>>>>      extern struct efi_runtime_services efi_runtime_services;
>>>> diff --git a/lib/efi_loader/efi_boottime.c
>>>> b/lib/efi_loader/efi_boottime.c
>>>> index 76cafffc1d..b21df7bd5d 100644
>>>> --- a/lib/efi_loader/efi_boottime.c
>>>> +++ b/lib/efi_loader/efi_boottime.c
>>>> @@ -57,6 +57,17 @@ void efi_save_gd(void)
>>>>    #endif
>>>>    }
>>>>    +/* Check for incorrect use of EFI_ENTRY() / EFI_EXIT() */
>>>> +int __efi_check_nesting(int delta)
>>>> +{
>>>> +       static int entry_count;
>>>
>>>
>>>
>>> I'd prefer if we marked globals as such (read: somewhere at the top of a
>>> .c
>>> file).
>>
>>
>> hmm, well that does increase the scope unnecessarily, which is why I
>> made it static inside the fxn.  But if you can prefer I guess I can
>> put it just above __efi_check_nesting().
>
>
> It's a matter of taste, but in general I find it very useful to know at a
> glimpse where .bss, .rodata and .data come from.
>
>>
>>> Also I think this function would be better off as a static inline in a
>>> header, as it should get compressed quite well.
>>
>>
>> That would mean making entry_count also non-static (ie. broader than
>
>
> Ah, no, entry_count would still be in efi_boottime.c, but the function using
> it would be in a .h file. That way we don't need to do the register
> save/restore dance we need to do for full remote function calls.

Ok.. I'm thinking about just moving these calls into
efi_restore_gd()/efi_exit_func() but leaving the asserts in the macro
(so the assert reflects the proper file/line).  Minor downside is the
assert would come before the debug() print, but since it has file/line
I guess that isn't really important.

Fortunately the one place we need to special-case call the
check_nesting() (ie. efi_start_image()) is in the same object file.

I'll give that a go this evening and see how it turns out.

BR,
-R

  reply	other threads:[~2017-07-26 20:55 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-07-26 13:55 [U-Boot] [PATCH 1/3] efi_loader: Add an EFI_CALL() macro Rob Clark
2017-07-26 13:55 ` [U-Boot] [PATCH 2/3] efi_loader: add checking for incorrect use of EFI_ENTRY/EXIT Rob Clark
2017-07-26 15:25   ` Alexander Graf
2017-07-26 16:41     ` Rob Clark
2017-07-26 20:12       ` Alexander Graf
2017-07-26 20:55         ` Rob Clark [this message]
2017-07-26 20:16   ` Heinrich Schuchardt
2017-07-26 13:55 ` [U-Boot] [PATCH 3/3] efi_loader: indent entry/exit prints to show nesting level Rob Clark
2017-07-26 15:36   ` Alexander Graf
2017-07-26 20:16   ` Heinrich Schuchardt
2017-07-26 20:15 ` [U-Boot] [PATCH 1/3] efi_loader: Add an EFI_CALL() macro Heinrich Schuchardt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAF6AEGvnsQNt2Pv=p2Vwq0Sq57=HOX-pjWZW5gR0+4_1=ycM1w@mail.gmail.com' \
    --to=robdclark@gmail.com \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.