efi_allocate_pages() increments the map key on every allocation, but
efi_free_pages() did not.

A payload that calls FreePages() before ExitBootServices() may thus
pass a stale memory map under a key that barebox still accepts.

Fix this by incrementing the key after a successful free.

Fixes: b880bfb8ed85 ("efi: loader: add memory accounting")
Signed-off-by: Ahmad Fatoum <[email protected]>
---
 efi/loader/memory.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/efi/loader/memory.c b/efi/loader/memory.c
index e8dfd59ee8ca..8931cd1bab52 100644
--- a/efi/loader/memory.c
+++ b/efi/loader/memory.c
@@ -301,6 +301,8 @@ efi_status_t efi_free_pages(uint64_t memory, size_t pages)
        if (nfreed <= 0)
                return EFI_INVALID_PARAMETER;
 
+       ++efi_memory_map_key;
+
        return EFI_SUCCESS;
 }
 
-- 
2.47.3


Reply via email to