Merge branch 'main' into bishop-cstr8-display

Author: phip1611

.github/workflows/qa.yml

@@ -7,4 +7,4 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       # Executes "typos ."
-      - uses: crate-ci/[email protected].7
+      - uses: crate-ci/[email protected].9

Cargo.lock

@@ -17,6 +17,7 @@ pub fn test() {
     info!("Testing events...");
     test_check_event();
     test_callback_with_ctx();
+    test_signal_event();
     info!("Testing watchdog...");
     test_watchdog();
     info!("Testing protocol handler services...");
@@ -92,6 +93,38 @@ fn test_callback_with_ctx() {
     assert_eq!(data, 456);
 }
 
+fn test_signal_event() {
+    let mut data = 123u32;
+
+    extern "efiapi" fn callback(_event: Event, ctx: Option<NonNull<c_void>>) {
+        info!("Inside the signal event callback");
+        // Safety: this callback is run within the parent function's
+        // scope, so the context pointer is still valid.
+        unsafe {
+            let ctx = ctx.unwrap().as_ptr().cast::<u32>();
+            *ctx = 456;
+        }
+    }
+
+    let ctx: *mut u32 = &mut data;
+    let ctx = NonNull::new(ctx.cast::<c_void>()).unwrap();
+
+    let event = unsafe {
+        boot::create_event(
+            EventType::NOTIFY_SIGNAL,
+            Tpl::CALLBACK,
+            Some(callback),
+            Some(ctx),
+        )
+        .expect("Failed to create event with context")
+    };
+
+    boot::signal_event(&event).expect("Failed to signal event");
+
+    // Check that `data` was updated inside the event callback.
+    assert_eq!(data, 456);
+}
+
 fn test_watchdog() {
     // There's no way to check the watchdog timer value, so just test setting it.
 

uefi-test-runner/src/boot/misc.rs

@@ -1,5 +1,8 @@
 # uefi - [Unreleased]
 
+## Added
+- Added `boot::signal_event`.
+
 ## Changed
 - **Breaking:** Removed `BootPolicyError` as `BootPolicy` construction is no
   longer fallible. `BootPolicy` now tightly integrates the new `Boolean` type
@@ -11,6 +14,9 @@
   Previously it incorrectly added the header size to the buffer length, which
   could cause the firmware to read past the end of the buffer.
 - The `Display` impl for `CStr8` now excludes the trailing null character.
+- `boot::allocate_pages` no longer panics if the allocation is at address
+  zero. The allocation is retried instead, and in all failure cases an error is
+  returned rather than panicking.
 
 
 # uefi - 0.34.1 (2025-02-07)

uefi/CHANGELOG.md

@@ -134,15 +134,40 @@ pub fn allocate_pages(ty: AllocateType, mem_ty: MemoryType, count: usize) -> Res
     let bt = boot_services_raw_panicking();
     let bt = unsafe { bt.as_ref() };
 
-    let (ty, mut addr) = match ty {
+    let (ty, initial_addr) = match ty {
         AllocateType::AnyPages => (0, 0),
         AllocateType::MaxAddress(addr) => (1, addr),
         AllocateType::Address(addr) => (2, addr),
     };
-    let addr =
-        unsafe { (bt.allocate_pages)(ty, mem_ty, count, &mut addr) }.to_result_with_val(|| addr)?;
-    let ptr = addr as *mut u8;
-    Ok(NonNull::new(ptr).expect("allocate_pages must not return a null pointer if successful"))
+
+    let mut addr1 = initial_addr;
+    unsafe { (bt.allocate_pages)(ty, mem_ty, count, &mut addr1) }.to_result()?;
+
+    // The UEFI spec allows `allocate_pages` to return a valid allocation at
+    // address zero. Rust does not allow writes through a null pointer (which
+    // Rust defines as address zero), so this is not very useful. Only return
+    // the allocation if the address is non-null.
+    if let Some(ptr) = NonNull::new(addr1 as *mut u8) {
+        return Ok(ptr);
+    }
+
+    // Attempt a second allocation. The first allocation (at address zero) has
+    // not yet been freed, so if this allocation succeeds it should be at a
+    // non-zero address.
+    let mut addr2 = initial_addr;
+    let r = unsafe { (bt.allocate_pages)(ty, mem_ty, count, &mut addr2) }.to_result();
+
+    // Free the original allocation (ignoring errors).
+    let _unused = unsafe { (bt.free_pages)(addr1, count) };
+
+    // Return an error if the second allocation failed, or if it is still at
+    // address zero. Otherwise, return a pointer to the second allocation.
+    r?;
+    if let Some(ptr) = NonNull::new(addr2 as *mut u8) {
+        Ok(ptr)
+    } else {
+        Err(Status::OUT_OF_RESOURCES.into())
+    }
 }
 
 /// Frees memory pages allocated by [`allocate_pages`].
@@ -467,6 +492,31 @@ pub fn check_event(event: Event) -> Result<bool> {
     }
 }
 
+/// Places the supplied `event` in the signaled state. If `event` is already in
+/// the signaled state, the function returns successfully. If `event` is of type
+/// [`NOTIFY_SIGNAL`], the event's notification function is scheduled to be
+/// invoked at the event's notification task priority level.
+///
+/// This function may be invoked from any task priority level.
+///
+/// If `event` is part of an event group, then all of the events in the event
+/// group are also signaled and their notification functions are scheduled.
+///
+/// When signaling an event group, it is possible to create an event in the
+/// group, signal it and then close the event to remove it from the group.
+///
+/// # Errors
+///
+/// The specification does not list any errors.
+///
+/// [`NOTIFY_SIGNAL`]: EventType::NOTIFY_SIGNAL
+pub fn signal_event(event: &Event) -> Result {
+    let bt = boot_services_raw_panicking();
+    let bt = unsafe { bt.as_ref() };
+
+    unsafe { (bt.signal_event)(event.as_ptr()) }.to_result()
+}
+
 /// Removes `event` from any event group to which it belongs and closes it.
 ///
 /// If `event` was registered with [`register_protocol_notify`], then the