In the current code search_net_devices() uses the "alloc-mem" command
from the IEEE1275 User Interface for allocation of the transmit buffer
for the case when GRUB_IEEE1275_FLAG_VIRT_TO_REAL_BROKEN is set.

I don't have hardware where this flag is set to verify if this
workaround is still needed. However, further changes to ofnet will
require to execute this workaround one more time. Therefore, to
avoid possible duplication of code I'm moving this piece of
code into a function.

Signed-off-by: Stanislav Kholmanskikh <***@oracle.com>
---
grub-core/net/drivers/ieee1275/ofnet.c | 71 ++++++++++++++++++++------------
1 files changed, 44 insertions(+), 27 deletions(-)

diff --git a/grub-core/net/drivers/ieee1275/ofnet.c b/grub-core/net/drivers/ieee1275/ofnet.c
index 8332d34..25559c8 100644
--- a/grub-core/net/drivers/ieee1275/ofnet.c
+++ b/grub-core/net/drivers/ieee1275/ofnet.c
@@ -298,6 +298,48 @@ grub_ieee1275_net_config_real (const char *devpath, char **device, char **path,
}
}

+/* Allocate memory with alloc-mem */
+static void *
+grub_ieee1275_alloc_mem (grub_size_t len)
+{
+ struct alloc_args
+ {
+ struct grub_ieee1275_common_hdr common;
+ grub_ieee1275_cell_t method;
+ grub_ieee1275_cell_t len;
+ grub_ieee1275_cell_t catch;
+ grub_ieee1275_cell_t result;
+ }
+ args;
+
+ if (grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_CANNOT_INTERPRET))
+ {
+ grub_error (GRUB_ERR_UNKNOWN_COMMAND, N_("interpret is not supported"));
+ return NULL;
+ }
+
+ INIT_IEEE1275_COMMON (&args.common, "interpret", 2, 2);
+ args.len = len;
+ args.method = (grub_ieee1275_cell_t) "alloc-mem";
+
+ if (IEEE1275_CALL_ENTRY_FN (&args) == -1 || args.catch)
+ {
+ grub_error (GRUB_ERR_INVALID_COMMAND, N_("alloc-mem failed"));
+ return NULL;
+ }
+ else
+ return (void *)args.result;
+}
+
+static void *
+ofnet_alloc_netbuf (grub_size_t len)
+{
+ if (grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_VIRT_TO_REAL_BROKEN))
+ return grub_ieee1275_alloc_mem (len);
+ else
+ return grub_zalloc (len);
+}
+
static int
search_net_devices (struct grub_ieee1275_devalias *alias)
{
@@ -414,39 +456,14 @@ search_net_devices (struct grub_ieee1275_devalias *alias)

card->txbufsize = ALIGN_UP (card->mtu, 64) + 256;

- if (grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_VIRT_TO_REAL_BROKEN))
- {
- struct alloc_args
- {
- struct grub_ieee1275_common_hdr common;
- grub_ieee1275_cell_t method;
- grub_ieee1275_cell_t len;
- grub_ieee1275_cell_t catch;
- grub_ieee1275_cell_t result;
- }
- args;
- INIT_IEEE1275_COMMON (&args.common, "interpret", 2, 2);
- args.len = card->txbufsize;
- args.method = (grub_ieee1275_cell_t) "alloc-mem";
-
- if (IEEE1275_CALL_ENTRY_FN (&args) == -1
- || args.catch)
- {
- card->txbuf = 0;
- grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
- }
- else
- card->txbuf = (void *) args.result;
- }
- else
- card->txbuf = grub_zalloc (card->txbufsize);
+ card->txbuf = ofnet_alloc_netbuf (card->txbufsize);
if (!card->txbuf)
{
grub_free (ofdata->path);
grub_free (ofdata);
grub_free (card);
grub_print_error ();
- return 0;
+ return 1;
}
card->driver = NULL;
card->data = ofdata;

Signed-off-by: Stanislav Kholmanskikh <***@oracle.com>
---
grub-core/net/drivers/ieee1275/ofnet.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/grub-core/net/drivers/ieee1275/ofnet.c b/grub-core/net/drivers/ieee1275/ofnet.c
index 6bd3b92..8332d34 100644
--- a/grub-core/net/drivers/ieee1275/ofnet.c
+++ b/grub-core/net/drivers/ieee1275/ofnet.c
@@ -90,7 +90,11 @@ get_card_packet (struct grub_net_card *dev)
return NULL;
/* Reserve 2 bytes so that 2 + 14/18 bytes of ethernet header is divisible
by 4. So that IP header is aligned on 4 bytes. */
- grub_netbuff_reserve (nb, 2);
+ if (grub_netbuff_reserve (nb, 2))
+ {
+ grub_netbuff_free (nb);
+ return NULL;
+ }

start_time = grub_get_time_ms ();
do

get_card_packet() from ofnet.c allocates a netbuff based on the device's MTU:

nb = grub_netbuff_alloc (dev->mtu + 64 + 2);

In the case when the MTU is large, and the received packet is
relatively small, this leads to allocation of significantly more memory,
than it's required. An example could be transmission of TFTP packets
with 0x400 blksize via a network card with 0x10000 MTU.

This patch implements a per-card receive buffer in a way similar to efinet.c,
and makes get_card_packet() allocate a netbuff of the received data size.

Signed-off-by: Stanislav Kholmanskikh <***@oracle.com>
---
grub-core/net/drivers/ieee1275/ofnet.c | 50 ++++++++++++++++++++++---------
1 files changed, 35 insertions(+), 15 deletions(-)

diff --git a/grub-core/net/drivers/ieee1275/ofnet.c b/grub-core/net/drivers/ieee1275/ofnet.c
index 1f8ac9a..471b87b 100644
--- a/grub-core/net/drivers/ieee1275/ofnet.c
+++ b/grub-core/net/drivers/ieee1275/ofnet.c
@@ -85,9 +85,18 @@ get_card_packet (struct grub_net_card *dev)
grub_uint64_t start_time;
struct grub_net_buff *nb;

- nb = grub_netbuff_alloc (dev->mtu + 64 + 2);
+ start_time = grub_get_time_ms ();
+ do
+ rc = grub_ieee1275_read (data->handle, dev->rcvbuf, dev->rcvbufsize, &actual);
+ while ((actual <= 0 || rc < 0) && (grub_get_time_ms () - start_time < 200));
+
+ if (actual <= 0)
+ return NULL;
+
+ nb = grub_netbuff_alloc (actual + 2);
if (!nb)
return NULL;
+
/* Reserve 2 bytes so that 2 + 14/18 bytes of ethernet header is divisible
by 4. So that IP header is aligned on 4 bytes. */
if (grub_netbuff_reserve (nb, 2))
@@ -96,17 +105,15 @@ get_card_packet (struct grub_net_card *dev)
return NULL;
}

- start_time = grub_get_time_ms ();
- do
- rc = grub_ieee1275_read (data->handle, nb->data, dev->mtu + 64, &actual);
- while ((actual <= 0 || rc < 0) && (grub_get_time_ms () - start_time < 200));
- if (actual > 0)
+ grub_memcpy (nb->data, dev->rcvbuf, actual);
+
+ if (grub_netbuff_put (nb, actual))
{
- grub_netbuff_put (nb, actual);
- return nb;
+ grub_netbuff_free (nb);
+ return NULL;
}
- grub_netbuff_free (nb);
- return NULL;
+
+ return nb;
}

static struct grub_net_card_driver ofdriver =
@@ -498,16 +505,21 @@ search_net_devices (struct grub_ieee1275_devalias *alias)
card->default_address = lla;

card->txbufsize = ALIGN_UP (card->mtu, 64) + 256;
+ card->rcvbufsize = ALIGN_UP (card->mtu, 64) + 256;

card->txbuf = ofnet_alloc_netbuf (card->txbufsize);
if (!card->txbuf)
+ goto fail_netbuf;
+
+ card->rcvbuf = ofnet_alloc_netbuf (card->rcvbufsize);
+ if (!card->rcvbuf)
{
- grub_free (ofdata->path);
- grub_free (ofdata);
- grub_free (card);
- grub_print_error ();
- return 1;
+ grub_error_push ();
+ ofnet_free_netbuf(card->txbuf, card->txbufsize);
+ grub_error_pop ();
+ goto fail_netbuf;
}
+
card->driver = NULL;
card->data = ofdata;
card->flags = 0;
@@ -519,6 +531,13 @@ search_net_devices (struct grub_ieee1275_devalias *alias)
card->driver = &ofdriver;
grub_net_card_register (card);
return 0;
+
+fail_netbuf:
+ grub_free (ofdata->path);
+ grub_free (ofdata);
+ grub_free (card);
+ grub_print_error ();
+ return 1;
}

static void
@@ -553,6 +572,7 @@ GRUB_MOD_FINI(ofnet)
grub_free (ofdata);

ofnet_free_netbuf (card->txbuf, card->txbufsize);
+ ofnet_free_netbuf (card->rcvbuf, card->rcvbufsize);

grub_free ((void *) card->name);
grub_free (card);

Reviewed-by: Daniel Kiper <***@oracle.com>

Daniel

No, it's not safe to do. I plunged into it in efinet and reverted. We
may have dangling references to card left, so you cannot free it (at
least, please not at this point before release and not without prior
audit). See

commit cc699535e57e0d0f099090e64a63037c7834f104
Author: Andrei Borzenkov <***@gmail.com>
Date: Mon May 4 09:13:53 2015 +0300

Revert "efinet: memory leak on module removal"