@@ -247,6 +247,10 @@ pub(crate) fn memory_map_size() -> MemoryMapMeta {
247247/// Stores the current UEFI memory map in an UEFI-heap allocated buffer
248248/// and returns a [`MemoryMapOwned`].
249249///
250+ /// The implementation tries to mitigate some UEFI pitfalls, such as getting
251+ /// the right allocation size for the memory map to prevent
252+ /// [`Status::BUFFER_TOO_SMALL`].
253+ ///
250254/// # Parameters
251255///
252256/// - `mt`: The memory type for the backing memory on the UEFI heap.
@@ -255,12 +259,30 @@ pub(crate) fn memory_map_size() -> MemoryMapMeta {
255259///
256260/// # Errors
257261///
258- /// * [`Status::BUFFER_TOO_SMALL`]
259- /// * [`Status::INVALID_PARAMETER`]
262+ /// * [`Status::INVALID_PARAMETER`]: Invalid [`MemoryType`]
263+ /// * [`Status::OUT_OF_RESOURCES`]: allocation failed.
264+ ///
265+ /// # Panics
266+ ///
267+ /// Panics if the memory map can't be retrieved because of
268+ /// [`Status::BUFFER_TOO_SMALL`]. This behaviour was chosen explicitly as
269+ /// callers can't do anything about it anyway.
260270pub fn memory_map ( mt : MemoryType ) -> Result < MemoryMapOwned > {
261271 let mut buffer = MemoryMapBackingMemory :: new ( mt) ?;
262272
263- let meta = get_memory_map ( buffer. as_mut_slice ( ) ) ?;
273+ let meta = get_memory_map ( buffer. as_mut_slice ( ) ) ;
274+
275+ if let Err ( e) = & meta {
276+ // We don't want to confuse users and let them think they should handle
277+ // this, as they can't do anything about it anyway.
278+ //
279+ // This path won't be taken in OOM situations, but only if for unknown
280+ // reasons, we failed to properly allocate the memory map.
281+ if e. status ( ) == Status :: BUFFER_TOO_SMALL {
282+ panic ! ( "Failed to get a proper allocation for the memory map" ) ;
283+ }
284+ }
285+ let meta = meta?;
264286
265287 Ok ( MemoryMapOwned :: from_initialized_mem ( buffer, meta) )
266288}
0 commit comments