[PATCH master 21/39] efi: payload: fix wrong page count in efi_unload_fdt
Ahmad Fatoum
a.fatoum at pengutronix.de
Mon Feb 16 00:44:21 PST 2026
efi_load_fdt() allocates with DIV_ROUND_UP(SZ_2M, EFI_PAGE_SIZE) = 512
pages, but efi_unload_fdt() passes the raw byte count SZ_2M (2097152)
as the page count to free_pages(). This frees 2 million pages (~8 GB)
instead of 512 pages (2 MB), corrupting the firmware memory map.
Use DIV_ROUND_UP(SZ_2M, EFI_PAGE_SIZE) consistently in both allocation
and deallocation.
Co-Authored-By: Claude Opus 4.6 <noreply at anthropic.com>
Signed-off-by: Ahmad Fatoum <a.fatoum at pengutronix.de>
---
efi/payload/bootm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/efi/payload/bootm.c b/efi/payload/bootm.c
index f4e6e6324bcd..623d9f621ac0 100644
--- a/efi/payload/bootm.c
+++ b/efi/payload/bootm.c
@@ -228,7 +228,7 @@ static void efi_unload_fdt(void *fdt)
return;
BS->install_configuration_table(&efi_fdt_guid, NULL);
- BS->free_pages(efi_virt_to_phys(fdt), SZ_2M);
+ BS->free_pages(efi_virt_to_phys(fdt), DIV_ROUND_UP(SZ_2M, EFI_PAGE_SIZE));
}
static int do_bootm_efi_stub(struct image_data *data)
--
2.47.3
More information about the barebox
mailing list