Laszlo Ersek [Wed, 3 May 2017 15:54:49 +0000 (17:54 +0200)]
OvmfPkg: introduce the FD_SIZE_IN_KB macro / build flag
FD_SIZE_xMB defines have existed for flash size selection. They can be
passed as "-D FD_SIZE_xMB" on the command line. Passing multiple of them
at the same time has never been supported; earlier settings on the command
line cannot be overridden.
Introduce the integer valued FD_SIZE_IN_KB macro, which provides the
following improvements:
- several instances of it are permitted on the command line, with the last
one taking effect,
- conditional statements in the DSC and FDF files need only check a single
macro, and multiple values can be checked in a single !if with the ||
operator,
- nested !ifdef / !else ladders can be replaced with flat equality tests,
- in the future, flash sizes can be expressed with a finer than MB
granularity, if necessary.
For now, we're going to preserve the FD_SIZE_xMB defines as convenience
wrappers for FD_SIZE_IN_KB.
FD_SIZE_IN_KB is being added to the DSC files because this way we can
depend on it in both the DSC and FDF files.
Cc: Gary Ching-Pang Lin <glin@suse.com> Cc: Jordan Justen <jordan.l.justen@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
NetworkPkg: Fix PXEv6 boot failure when DhcpBinl offer received.
In case of the DHCP and PXE services on different servers,PXEv6 boot will
failure when DhcpBinl offer received. The issue is caused by the following
reasons:
* PXE Client doesn't append VENDOR_CLASS request parameter, so the
offer replied from DHCP service will not contain VENDOR_CLASS option
(16).
* Once the DhcpBinl offer is selected, the boot discover message should
be sent out to request the bootfile by this offer. Current implementation
always use servers multi-cast address instead of BootFileUrl address in
dhcp6 offer. we should check it first, then decide whether use multi-cast
address or not.
* If DhcpBinl offer is selected, the boot discover message shouldn't
find server ID Option from DhcpBinl offer. That's incorrect because DHCP
service and PXE service on different servers. In such a case, we can ignore
the Server ID Option.
With the above fix in the patch, PXEv6 can boot successfully when DhcpBinl
offer received.
Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com>
NetworkPkg: Fix bug in iSCSI mode ipv6 when enabling target DHCP.
if the server name expressed as a site local address begain with FEC0
when retrieving from dhcpv6 option 59 boot file url, it incorrectly process it
as a dns name.
NetworkPkg: Fix issue the iSCSI client can not send reset packet.
if we already established a iSCSI connection from initiator to target
based on IPv4 stack, after using reconnect -r command, we can not rebuild
the session with the windows target, since the server thought the session
is still exist. This issue is caused by wrong place of acquire ownership of
sock lock which lead the iSCSI can not reset the connection correctly.
MdeModulePkg: Fix issue the iSCSI client can not send reset packet correctly.
if we already established a iSCSI connection from initiator to target
based on IPv4 stack, after using reconnect -r command, we can not rebuild
the session with the windows target, since the server thought the session
is still exist. This issue is caused by wrong place of acquire ownership of
sock lock which lead the iSCSI can not reset the connection correctly.
ShellPkg/Shell: eliminate double-free in RunSplitCommand()
Commit bd3fc8133b2b ("ShellPkg/App: Fix memory leak and save resources.",
2016-05-20) added a FreePool() call for Split->SplitStdIn, near end of the
RunSplitCommand(), right after the same shell file was closed with
CloseFile(). The argument was:
> 1) RunSplitCommand() allocates the initial SplitStdOut via
> CreateFileInterfaceMem(). Free SplitStdIn after the swap to fix
> the memory leak.
There is no memory leak actually, and the FreePool() call in question
constitutes a double-free:
CreateFileInterfaceMem() allocates an EFI_FILE_PROTOCOL_MEM object and
populates it fully. ConvertEfiFileProtocolToShellHandle() allocates
some administrative structures and links the EFI_FILE_PROTOCOL_MEM
object into "mFileHandleList".
(b) EFI_SHELL_PROTOCOL.CloseFile() is required to close the
SHELL_FILE_HANDLE and to release all associated data. Accordingly,
near the end of RunSplitCommand(), we have:
EfiShellClose()
ShellFileHandleRemove()
//
// undoes the effects of ConvertEfiFileProtocolToShellHandle()
//
ConvertShellHandleToEfiFileProtocol()
//
// note that this does not adjust the pointer value; it's a pure
// type cast
//
FileHandleClose()
FileInterfaceMemClose()
//
// tears down EFI_FILE_PROTOCOL_MEM completely, undoing the
// effects of CreateFileInterfaceMem ()
//
The FreePool() call added by bd3fc8133b2b conflicts with
SHELL_FREE_NON_NULL(This);
in FileInterfaceMemClose(), so remove it.
This error can be reproduced for example with:
> Shell> map | more
> 'more' is not recognized as an internal or external command, operable
> program, or script file.
which triggers:
> ASSERT MdeModulePkg/Core/Dxe/Mem/Pool.c(624): CR has Bad Signature
with the following stack dump:
> #0 0x000000007f6dc094 in CpuDeadLoop () at
> MdePkg/Library/BaseLib/CpuDeadLoop.c:37
> #1 0x000000007f6dd1b4 in DebugAssert (FileName=0x7f6ed9f0
> "MdeModulePkg/Core/Dxe/Mem/Pool.c", LineNumber=624,
> Description=0x7f6ed9d8 "CR has Bad Signature") at
> OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c:153
> #2 0x000000007f6d075d in CoreFreePoolI (Buffer=0x7e232c98,
> PoolType=0x7f6bc1c4) at MdeModulePkg/Core/Dxe/Mem/Pool.c:624
> #3 0x000000007f6d060e in CoreInternalFreePool (Buffer=0x7e232c98,
> PoolType=0x7f6bc1c4) at MdeModulePkg/Core/Dxe/Mem/Pool.c:529
> #4 0x000000007f6d0648 in CoreFreePool (Buffer=0x7e232c98) at
> MdeModulePkg/Core/Dxe/Mem/Pool.c:552
> #5 0x000000007d49fbf8 in FreePool (Buffer=0x7e232c98) at
> MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c:818
> #6 0x000000007d4875c3 in RunSplitCommand (CmdLine=0x7d898398,
> StdIn=0x0, StdOut=0x0) at ShellPkg/Application/Shell/Shell.c:1813
> #7 0x000000007d487d59 in ProcessNewSplitCommandLine
> (CmdLine=0x7d898398) at ShellPkg/Application/Shell/Shell.c:2121
> #8 0x000000007d488937 in RunShellCommand (CmdLine=0x7e233018,
> CommandStatus=0x0) at ShellPkg/Application/Shell/Shell.c:2670
> #9 0x000000007d488b0b in RunCommand (CmdLine=0x7e233018) at
> ShellPkg/Application/Shell/Shell.c:2732
> #10 0x000000007d4867c8 in DoShellPrompt () at
> ShellPkg/Application/Shell/Shell.c:1349
> #11 0x000000007d48524d in UefiMain (ImageHandle=0x7e24c898,
> SystemTable=0x7f5b6018) at ShellPkg/Application/Shell/Shell.c:631
ShellPkg/Shell: clean up bogus member types in SPLIT_LIST
The "SPLIT_LIST.SplitStdOut" and "SPLIT_LIST.SplitStdIn" members currently
have type (SHELL_FILE_HANDLE *). This is wrong; SHELL_FILE_HANDLE is
already a pointer, there's no need to store a pointer to a pointer.
The error is obvious if we check where and how these members are used:
- In the RunSplitCommand() function, these members are used (populated)
extensively; this function has to be updated in sync.
ConvertEfiFileProtocolToShellHandle() already returns the temporary
memory file created with CreateFileInterfaceMem() as SHELL_FILE_HANDLE,
not as (SHELL_FILE_HANDLE *).
- In particular, the ConvertShellHandleToEfiFileProtocol() calls need to
be dropped as well in RunSplitCommand(), since
EFI_SHELL_PROTOCOL.SetFilePosition() and EFI_SHELL_PROTOCOL.CloseFile()
take SHELL_FILE_HANDLE parameters, not (EFI_FILE_PROTOCOL *).
Given that ConvertShellHandleToEfiFileProtocol() only performs a
type-cast (it does not adjust any pointer values), *and*
SHELL_FILE_HANDLE -- taken by EFI_SHELL_PROTOCOL member functions -- is
actually a typedef to (VOID *) -- see more on this later --, this
conversion error hasn't been caught by compilers.
- In the ProcessNewSplitCommandLine() function, RunSplitCommand() is
called either initially (passing in NULL / NULL; no update needed), or
recursively (passing in Split->SplitStdIn / Split->SplitStdOut; again no
update is necessary beyond the RunSplitCommand() modification above).
- In the UpdateStdInStdOutStdErr() and RestoreStdInStdOutStdErr()
functions, said structure members are compared and assigned to
"EFI_SHELL_PARAMETERS_PROTOCOL.StdIn" and
"EFI_SHELL_PARAMETERS_PROTOCOL.StdOut", both of which have type
SHELL_FILE_HANDLE, *not* (SHELL_FILE_HANDLE *).
The compiler hasn't caught this error because of the fatally flawed type
definition of SHELL_FILE_HANDLE, namely
typedef VOID *SHELL_FILE_HANDLE;
Pointer-to-void silently converts to and from most other pointer types;
among them, pointer-to-pointer-to-void. That is also why no update is
necessary for UpdateStdInStdOutStdErr() and RestoreStdInStdOutStdErr()
in this fix.
(
Generally speaking, using (VOID *) typedefs for opaque handles is a tragic
mistake in all of the UEFI-related specifications; this practice defeats
any type checking that compilers might help programmers with. The right
way to define an opaque handle is as follows:
//
// Introduce the incomplete structure type, and the derived pointer
// type, in both the specification and the public edk2 headers. Note
// that the derived pointer type itself is a complete type, and it can
// be used freely by client code.
//
typedef struct SHELL_FILE *SHELL_FILE_HANDLE;
//
// Complete the structure type in the edk2 internal C source files.
//
struct SHELL_FILE {
//
// list fields
//
};
This way the structure size and members remain hidden from client code,
but the C compiler can nonetheless catch any invalid conversions between
incompatible XXX_HANDLE types.
Jiewen Yao [Wed, 15 Mar 2017 09:23:46 +0000 (17:23 +0800)]
MdePkg/dsc: add SmmIoLib
Cc: Jeff Fan <jeff.fan@intel.com> Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Jeff Fan <jeff.fan@intel.com>
Jiewen Yao [Wed, 15 Mar 2017 09:24:31 +0000 (17:24 +0800)]
MdePkg/dec: Add SmmIoLib.
Cc: Jeff Fan <jeff.fan@intel.com> Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Jeff Fan <jeff.fan@intel.com>
Jiewen Yao [Wed, 15 Mar 2017 09:23:20 +0000 (17:23 +0800)]
MdePkg/SmmIoLib: Add sample instance.
The sample instance check if IO resource is valid
one defined in GCD.
A platform may choose add more check to exclude some
other IO resource.
Cc: Jeff Fan <jeff.fan@intel.com> Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Jeff Fan <jeff.fan@intel.com>
Jiewen Yao [Wed, 15 Mar 2017 09:23:01 +0000 (17:23 +0800)]
MdePkg/SmmIoLib: Add header file.
This SmmIoLib is used to check if an IO resource
is valid in SMM.
Cc: Jeff Fan <jeff.fan@intel.com> Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Jeff Fan <jeff.fan@intel.com>
Jeff Fan [Fri, 21 Apr 2017 03:00:59 +0000 (11:00 +0800)]
UefiCpuPkg/MpInitLib: needn't to allocate AP reset vector
Because we will always borrow the AP reset vector space for AP waking up. We
needn't allocate such range to prevent other module to use it. It could simply
the code.
Jeff Fan [Wed, 19 Apr 2017 03:16:55 +0000 (11:16 +0800)]
UefiCpuPkg/MpInitLib: save/restore original contents
If APs is in HLT-LOOP mode, we need AP reset vector for waking up APs. This
updating is to save/restore original contents of AP reset vector around waking
up APs always.
Jeff Westfahl [Fri, 21 Apr 2017 21:25:07 +0000 (05:25 +0800)]
ShellPkg SmbiosView: Display Type 0 BIOS segment in hexadecimal
The SMBIOS Type 0 BIOS segment field is currently displayed in decimal.
Since this field is likely to have a value like 0xE800 or 0xF000, using
hexadecimal seems like a better choice.
Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Jaben Carsey <jaben.carsey@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jeff Westfahl <jeff.westfahl@ni.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
MdeModulePkg/NvmExpressDxe: Handling return of write to sq and cq db
In case of an async command if updating the submission queue tail
doorbell fails then the command will not be picked up by device and
no completion response will be created. This scenario has to be handled.
Also if we create an AsyncRequest element and insert in the async queue,
it will never receive a completion so in the timer routine this element
won't be freed, resulting in memory leak. Also in case of blocking calls
we should capture the status of updating completion queue head doorbell
register and return it to caller of PassThru.
MdeModulePkg/DeviceManagerUiLib: Fix the network device MAC display issue
v3:
* Add NULL string check.
v2:
* Define new STR_FORM_NETWORK_DEVICE_TITLE_HEAD for L" Network Device "
instead of hard code in the code.
Network device tile (STR_FORM_NETWORK_DEVICE_TITLE) is dynamic adjusted
according the different MAC value. So, the string value shouldn't be treated
as a constant string (Network Device). Otherwise, the display will be
incorrect.
Reproduce: Device Manager->Network Device List, select to enter MAC, then to
press ESC back to previous page, then re-enter, found each enter/ESC operation,
the MAC address display +1.
Cc: Eric Dong <eric.dong@intel.com> Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com>
NetworkPkg/TlsAuthConfigDxe: Close and free the file related resource
v2:
* Define one new internal function to clean the file content.
TlsAuthConfigDxe open file by FileExplorerLib. It need to close
file handler and free file related resource in some cases.
* User enrolls Cert by escape the Config page.
* The Cert is not X509 type.
* User chooses another file after he selected a file.
Cc: Zhang Chao B <chao.b.zhang@intel.com> Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Chao Zhang<chao.b.zhang@intel.com>
When PXE10/WFM11a offer received, we should only cache
the first PXE10/WFM11a offer, and discard the others. But
Current we discard all PXE10/WFM11a offer. This patch is
to fix this issue.
Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Zhang Lubo <lubo.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com>
Ruiyu Ni [Wed, 19 Apr 2017 09:16:27 +0000 (17:16 +0800)]
MdeModulePkg/UefiBootManagerLib: Avoid buggy USB short-form expanding
When a load option points to a physical UsbIo controller, whose
device path contains UsbClass or UsbWwid node, old logic
unconditionally treats it as a short-form device path and expands
it. But the expanding gets the exactly same device path, and the
device path is passed to BmGetNextLoadOptionDevicePath() which
then passes this device path to BmExpandUsbDevicePath() again.
This causes a infinite recursion.
The patch avoids the USB short-form expanding when the device path
points to a physical UsbIo controller.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Feng Tian <feng.tian@intel.com> Reviewed-by: Jeff Fan <jeff.fan@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Michael Turner <Michael.Turner@microsoft.com>
NetworkPkg: Fix bug related DAD issue in IP6 driver.
If we set PXEv6 as the first boot option and reboot immediately
after the first successful boot, it will assert. the root cause is
when we set the policy from manual to automatic in PXE driver,
the ip6 Configure item size is already set to zero and other
structures are also released, So it is not needed to perform DAD call
back function which is invoked by Ip6ConfigSetMaunualAddress.
Star Zeng [Wed, 19 Apr 2017 03:12:18 +0000 (11:12 +0800)]
MdeModulePkg PiSmmCore: Enhance SMM FreePool to catch buffer overflow
This solution is equivalent to DXE core.
AllocatePool() allocates POOL_TAIL after the buffer.
This POOL_TAIL is checked at FreePool().
If the there is buffer overflow, the issue can be caught at FreePool().
This patch could also handle the eight-byte aligned allocation
requirement. The discussion related to the eight-byte aligned
allocation requirement is at
https://lists.01.org/pipermail/edk2-devel/2017-April/009995.html.
According to the PI spec (Vol 4, Section 3.2 SmmAllocatePool()):
The SmmAllocatePool() function ... All allocations are eight-byte aligned.
Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Hao Wu <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Hao Wu <hao.a.wu@intel.com>
Hao Wu [Tue, 21 Mar 2017 05:22:36 +0000 (13:22 +0800)]
MdeModulePkg/Ufs: Wait fDeviceInit be cleared by devices during init
In the origin codes, the host sets the fDeviceInit flag to initiate device
initialization, but does not check whether the device resets this flag
to indicate the device initialization is completed.
Details can be referred at UFS 2.0 Spec Section 14.2 - Flags.
Ruiyu Ni [Wed, 19 Apr 2017 02:42:01 +0000 (10:42 +0800)]
MdeModulePkg/TerminalDxe: Avoid always append device path to *Dev
When TerminalDxe Start() is called multiple times, the old logic
unconditionally appended the terminal device path candidates to
*Dev (ConInDev/ConOutDev/ErrOutDev), resulting the volatile storage
is full.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
OpenPlatformPkg (https://git.linaro.org/uefi/OpenPlatformPkg.git) holds a
driver for the SMSC LAN91x, used (among other places) in several ARM Ltd.
software system models.
Import it to EDK2 EmbeddedPkg in preparation for migrating those model
platforms to edk2-platforms.
On the way, update the files to pass PatchCheck.py without warnings
(EFI_D_ -> DEBUG_ and purging tab characters).
Also update .inf file to current version (and sort entries within
sections).
And update copyright dates to reflect this.
EmbeddedPkg/AndroidFastbootApp: remove dependency on deprecated BdsLib
One of the last remaining modules with a dependency on the deprecated
BdsLib implementation from ArmPkg is the Android fastboot application.
Its only dependency on BdsLib is BdsStartEfiApplication(), which is
used in the most peculiar way: the fastboot app loads the kernel image
into memory, and creates a MemoryMapped() device path for it. It then
proceeds and calls BdsStartEfiApplication(), which explicitly loads the
contents of the devicepath into memory, creating a second in-memory copy
of the kernel image, after which it invokes gBS->LoadImage() with a
buffer address and size (while it is perfectly capable of loading from
a devicepath directly)
Since we know the device path is fully qualified and connected, and does
not require any of the additional processing that BdsStartEfiApplication()
does when dereferencing a device path, we should be able to pass this
devicepath into LoadImage() directly.
So create a simplified local clone of BdsStartEfiApplication(), and drop
the dependency on BdsLib.
Dandan Bi [Wed, 12 Apr 2017 03:21:52 +0000 (11:21 +0800)]
MdeModulePkg/HiiDB: Avoid incorrect results of multiplication
An example:
The codes in function Output8bitPixel in Image.c:
OffsetY = BITMAP_LEN_8_BIT ((UINT32) Image->Width, Ypos);
Both Image->Width and Ypos are of type UINT16. They will be promoted to
int (signed) first, and then perform the multiplication defined by macro
BITMAP_LEN_8_BIT. If the result of multiplication between Image->Width and
Ypos exceeds the range of type int, a potential incorrect results
will be assigned to OffsetY.
This commit adds explicit UINT32 type cast for 'Image->Width' to avoid
possible overflow in the int range. And also fix similar issues in
HiiDatabase.
Dandan Bi [Mon, 17 Apr 2017 08:12:48 +0000 (16:12 +0800)]
MdeModulePkg/BMMUiLib: Update codes of initializing ConsoleXXXCheck array
When initializing ConsoleOutCheck/ConsoleInCheck/ConsoleErrCheck array in
BMM_FAKE_NV_DATA structure, also need to consider whether the terminal
device is ConOut/ConIn/ConErr or not.
Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi <dandan.bi@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com>
Ruiyu Ni [Tue, 11 Apr 2017 02:07:43 +0000 (10:07 +0800)]
MdeModulePkg/BootManagerMenu: Add assertion to indicate no DIV by 0
BootMenuSelectItem() contains code to DIV BootMenuData->ItemCount.
When BootMenuData->ItemCount can be 0, the DIV operation may
trigger CPU exception.
But in logic, this case won't happen. So add assertion to indicate
it.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
Long Qin [Fri, 14 Apr 2017 08:31:51 +0000 (16:31 +0800)]
CryptoPkg: Correct some minor issues in function comments
Correct some minor comment issues in BaseCryptLib.h and
CryptPkcs7Verify.c, including:
- missed "out" in parameter property for ARC4 interfaces;
- Wrong Comment tail in Pkcs7GetAttachedContent function
Cc: Ting Ye <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com>
Star Zeng [Tue, 11 Apr 2017 01:55:51 +0000 (09:55 +0800)]
MdeModulePkg CapsuleApp: Add directory support
Current CapsuleApp only supports input/output file from rootdirectory.
If the CapsuleApp and related file are put into subdirectory,
below message will be shown when running the CapsuleApp in shell.
"CapsuleApp: capsule image (Capsule image file name) is not found."
This patch is to add directory support for CapsuleApp
by using shell protocol.
Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
The commit also adds an explicit UINT32 type cast for 'Blt->Width' to
avoid possible overflow in the int range for:
Blt->Width * Blt->Height
Since both Blt->Width and Blt->Height are of type UINT16. They will be
promoted to int (signed) first, and then perform the multiplication
operation. If the result of multiplication between Blt->Width and
Blt->Height exceeds the range of type int, a potential incorrect size will
be passed into function AllocateZeroPool().
The commit also adds an explicit UINT32 type cast for 'Blt->Width' to
avoid possible overflow in the int range for:
Blt->Width * Blt->Height
Since both Blt->Width and Blt->Height are of type UINT16. They will be
promoted to int (signed) first, and then perform the multiplication
operation. If the result of multiplication between Blt->Width and
Blt->Height exceeds the range of type int, a potential incorrect size will
be passed into function AllocateZeroPool().
Hao Wu [Wed, 22 Mar 2017 02:08:55 +0000 (10:08 +0800)]
MdeModulePkg/DxeCore: Add ASSERT to ensure no subtract underflow
For function SplitRecord() in file PropertiesTable.c, there is a
potential subtract underflow case for line:
return TotalNewRecordCount - 1;
However, such case will not happen since the logic in function
SplitTable() ensure that when calling SplitRecord(), the variable
'TotalNewRecordCount' will not be zero when performing the subtraction.
It will be handled in the previous if statement:
MdeModulePkg BrotliLib: Fix the regression logic issue in loop
In V2, change logic to avoid use mtf[-1] style to get value.
Roll back to previous logic, and use point + offset to get byte value.
Cc: Bell Song <binx.song@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Bell Song <binx.song@intel.com>
ArmPkg: copy/paste fixes in ARM ArmHvcLib/ArmSmcLib
ARM ArmHvcLib looks like it was created from copy of ArmSmcLib which
looks like it was created from a copy of the AArch64 version.
Both of these files include AsmMacroIoLibV8.h instead of
AsmMacroIoLib.h, although since they only use macros that are identical
between the two, there was no functional issue caused by this.
Leo Duran [Wed, 12 Apr 2017 14:55:23 +0000 (22:55 +0800)]
MdePkg: BaseIoLibIntrinsic (IoLib class) library
This patch adds an SEV-specific .INF and corresponding assembly
files, to unroll REP INSx/OUTSx on IoRead/WriteFifo#() routines
when the SEV feature is enabled under a hypervisor environment.
The new .INF only supports the IA32 and X64 architectures.
Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by: Leo Duran <leo.duran@amd.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
IntelFrameworkModulePkg/IdeBusDxe: Fix undefined behavior in signed left shift
In function AtapiReadCapacity(), the following expression:
IdeDev->BlkIo.Media->LastBlock = (Data.LastLba3 << 24) |
(Data.LastLba2 << 16) |
(Data.LastLba1 << 8) |
Data.LastLba0;
(There is also a similar case in this function.)
will involve undefined behavior in signed left shift operations.
Since Data.LastLbaX is of type UINT8, and
IdeDev->BlkIo.Media->LastBlock is of type UINT64. Therefore,
Data.LastLbaX will be promoted to int (32 bits, signed) first,
and then perform the left shift operation.
According to the C11 spec, Section 6.5.7:
4 The result of E1 << E2 is E1 left-shifted E2 bit positions; vacated
bits are filled with zeros. If E1 has an unsigned type, the value
of the result is E1 * 2^E2 , reduced modulo one more than the
maximum value representable in the result type. If E1 has a signed
type and nonnegative value, and E1 * 2^E2 is representable in the
result type, then that is the resulting value; otherwise, the
behavior is undefined.
So if bit 7 of Data.LastLba3 is 1, (Data.LastLba3 << 24) will be out of
the range within int type. The undefined behavior of the signed left shift
will lead to a potential of setting the high 32 bits of
IdeDev->BlkIo.Media->LastBlock to 1 during the cast from type int to type
UINT64.
This commit will add an explicit UINT32 type cast for Data.LastLba3 to
resolve this issue.
MdeModulePkg/UsbBotPei: Fix undefined behavior in signed left shift
In function PeiUsbReadCapacity(), the following expression:
LastBlock = (Data.LastLba3 << 24) |
(Data.LastLba2 << 16) |
(Data.LastLba1 << 8) |
Data.LastLba0;
(There is also a similar case in function PeiUsbReadFormattedCapacity().)
will involve undefined behavior in signed left shift operations.
Since Data.LastLbaX is of type UINT8, they will be promoted to int (32
bits, signed) first, and then perform the left shift operation.
According to the C11 spec, Section 6.5.7:
4 The result of E1 << E2 is E1 left-shifted E2 bit positions; vacated
bits are filled with zeros. If E1 has an unsigned type, the value
of the result is E1 * 2^E2 , reduced modulo one more than the
maximum value representable in the result type. If E1 has a signed
type and nonnegative value, and E1 * 2^E2 is representable in the
result type, then that is the resulting value; otherwise, the
behavior is undefined.
So if bit 7 of Data.LastLba3 is 1, (Data.LastLba3 << 24) will be out of
the range within int type. The undefined behavior of the signed left shift
might incur potential issues.
This commit will add an explicit UINT32 type cast for Data.LastLba3 to
refine the codes.
MdeModulePkg/UfsBlkIoPei: Fix undefined behavior in signed left shift
In function UfsBlockIoPeimGetMediaInfo(), the following expression:
Private->Media[DeviceIndex].LastBlock = (Capacity16.LastLba3 << 24) |
(Capacity16.LastLba2 << 16) |
(Capacity16.LastLba1 << 8) |
Capacity16.LastLba0;
(There is also a similar case in this function.)
will involve undefined behavior in signed left shift operations.
Since Capacity16.LastLbaX is of type UINT8, and
Private->Media[DeviceIndex].LastBlock is of type UINT64. Therefore,
Capacity16.LastLbaX will be promoted to int (32 bits, signed) first, and
then perform the left shift operation.
According to the C11 spec, Section 6.5.7:
4 The result of E1 << E2 is E1 left-shifted E2 bit positions; vacated
bits are filled with zeros. If E1 has an unsigned type, the value
of the result is E1 * 2^E2 , reduced modulo one more than the
maximum value representable in the result type. If E1 has a signed
type and nonnegative value, and E1 * 2^E2 is representable in the
result type, then that is the resulting value; otherwise, the
behavior is undefined.
So if bit 7 of Capacity16.LastLba3 is 1, (Capacity16.LastLba3 << 24) will
be out of the range within int type. The undefined behavior of the signed
left shift will lead to a potential of setting the high 32 bits of
Private->Media[DeviceIndex].LastBlock to 1 during the cast from type int
to type UINT64.
This commit will add an explicit UINT32 type cast for Capacity16.LastLba3
to resolve this issue.
MdeModulePkg/IdeBusPei: Fix undefined behavior in signed left shift
In function ReadCapacity(), the following expression:
MediaInfo->LastBlock = (Data.LastLba3 << 24) |
(Data.LastLba2 << 16) |
(Data.LastLba1 << 8) |
Data.LastLba0;
(There is also a similar case in this function.)
will involve undefined behavior in signed left shift operations.
Since Data.LastLbaX is of type UINT8, and MediaInfo->LastBlock is of type
UINTN. Therefore, Data.LastLbaX will be promoted to int (32 bits, signed)
first, and then perform the left shift operation.
According to the C11 spec, Section 6.5.7:
4 The result of E1 << E2 is E1 left-shifted E2 bit positions; vacated
bits are filled with zeros. If E1 has an unsigned type, the value
of the result is E1 * 2^E2 , reduced modulo one more than the
maximum value representable in the result type. If E1 has a signed
type and nonnegative value, and E1 * 2^E2 is representable in the
result type, then that is the resulting value; otherwise, the
behavior is undefined.
So if bit 7 of Data.LastLba3 is 1, (Data.LastLba3 << 24) will be out of
the range within int type. The undefined behavior of the signed left shift
will lead to a potential of setting the high 32 bits of
MediaInfo->LastBlock to 1 during the cast from type int to type UINT64
for X64 builds.
This commit will add an explicit UINT32 type cast for Data.LastLba3 to
resolve this issue.
Hao Wu [Mon, 20 Mar 2017 07:17:36 +0000 (15:17 +0800)]
MdeModulePkg/ScsiDiskDxe: Fix undefined behavior in signed left shift
In function GetMediaInfo(), the following expression:
ScsiDiskDevice->BlkIo.Media->LastBlock = (Capacity10->LastLba3 << 24) |
(Capacity10->LastLba2 << 16) |
(Capacity10->LastLba1 << 8) |
Capacity10->LastLba0;
will involve undefined behavior in signed left shift operations.
Since Capacity10->LastLbaX is of type UINT8, and
ScsiDiskDevice->BlkIo.Media->LastBlock is of type UINT64. Therefore,
Capacity10->LastLbaX will be promoted to int (32 bits, signed) first,
and then perform the left shift operation.
According to the C11 spec, Section 6.5.7:
4 The result of E1 << E2 is E1 left-shifted E2 bit positions; vacated
bits are filled with zeros. If E1 has an unsigned type, the value
of the result is E1 * 2^E2 , reduced modulo one more than the
maximum value representable in the result type. If E1 has a signed
type and nonnegative value, and E1 * 2^E2 is representable in the
result type, then that is the resulting value; otherwise, the
behavior is undefined.
So if bit 7 of Capacity10->LastLba3 is 1, (Capacity10->LastLba3 << 24)
will be out of the range within int type. The undefined behavior of the
signed left shift will lead to a potential of setting the high 32 bits
of ScsiDiskDevice->BlkIo.Media->LastBlock to 1 during the cast from type
int to type UINT64.
This commit will add an explicit UINT32 type cast for
Capacity10->LastLba3 to resolve this issue.
Hao Wu [Mon, 20 Mar 2017 08:24:09 +0000 (16:24 +0800)]
MdeModulePkg/Dxe/Image: Restore mCurrentImage on all paths
This commit makes sure that in function CoreStartImage(), module
variable 'mCurrentImage' is restored to the current start image context
on all code paths.
This patch updates the PcdPkcs7CertBuffer PCD to use the new
generated test certificate data for PKCS7 verification. This
was used as sample trusted certificate in the verification of
Signed Capsule Update.
(The updated value is still only for test purpose.)
Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Long Qin <qin.long@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Long Qin [Tue, 11 Apr 2017 07:36:54 +0000 (15:36 +0800)]
BaseTools/Pkcs7Sign: Update the test certificates & Readme.md
The old TestRoot certificate used for Pkcs7Sign is not compliant to
Root CA certificate requirement with incorrect basic constraints and
key usage setting.
When OpenSSL in CryptoPkg was updated from 1.0.2xx to the latest
1.1.0xx, the CA certificate checking was enforced for more extension
validations, which will raise the verification failure when stilling
using the old sample certificates.
This patch re-generated one set of test certificates used in
Pkcs7Sign demo, and updated the corresponding Readme.md to describe
how to set the options in openssl configuration file.
Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Long Qin <qin.long@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Jeff Fan [Mon, 10 Apr 2017 06:01:47 +0000 (14:01 +0800)]
SecurityPkg: Error Level is not used correctly
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jeff Fan <jeff.fan@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Ard Biesheuvel [Wed, 29 Mar 2017 12:58:42 +0000 (13:58 +0100)]
ArmPlatformPkg/ArmVExpressDxe: remove FDT handling from ArmFvpDxe
Replace the elaborate but awkward handling of FDT images using device
paths and string PCDs initialized to 128 spaces with a simple scheme
involving a set of builtin DTBs and a bit of runtime logic to select
between them.
This is sufficient for ordinary use, which makes it more suitable as
reference code. Note that overriding the DTB presented to the OS can
easily be done with a UEFI application that simply installs a new DTB
image under the existing FDT configuration table GUID.
For this module, this simply involves removing all code that is involved
in deciding which platform we are running on, and for reasoning about
FDT device paths.
ArmPlatformPkg/EblCmdLib: remove dependency on deprecated ARM BdsLib
The EBL alternative shell depends indirectly on the deprecated ARM
BdsLib via EblCmdLib, which only uses a single helper function that
can easily be cloned. So clone it, and remove the dependency.