Leo Duran [Tue, 31 Oct 2017 17:54:52 +0000 (01:54 +0800)]
PcAtChipsetPkg: Define FixePCD's for RTC register values
Define FixedPCD's to replace macros in RTC driver, to allow
for platform-specific configurations.
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Leo Duran <leo.duran@amd.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Done:
if (EFI_ERROR (Status)) {
if (PciIo != NULL && Enabled) {
PciIo->Attributes (
PciIo,
EfiPciIoAttributeOperationSet,
OriginalAttributes,
NULL
);
}
}
In above codes, VS2012/VS2010 will report that "OriginalAttributes"
will be used without initialization. But in fact, when the if expression
is true(if (PciIo != NULL && Enabled)), the "OriginalAttributes" must be
initialized. In order to fix this false positive issue, we initialize the
"OriginalAttributes" after declaration.
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Dandan Bi <dandan.bi@intel.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Star Zeng [Mon, 20 Nov 2017 07:44:24 +0000 (15:44 +0800)]
MdeModulePkg EhciPei: Minor refinement about IOMMU
This patch is following 2c656af04d7f.
1. Fix typo "XHC" to "EHC".
2. Reinitialize Request(Phy/Map) and Data(Phy/Map)
in Urb, otherwise the last time value of them may
be used in error handling when error happens.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
We met some compatibility issues when doing Windows S4 resume.
Reverting the BME disabling patches to fix the S4 resume issue.
Signed-off-by: Ruiyu Ni <Ruiyu.ni@intel.com> Signed-off-by: Michael Turner <michael.turner@microsoft.com> Cc: Michael D Kinney <Michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
We met some compatibility issues when doing Windows S4 resume.
Reverting the BME disabling patches to fix the S4 resume issue.
Signed-off-by: Ruiyu Ni <Ruiyu.ni@intel.com> Signed-off-by: Michael Turner <michael.turner@microsoft.com> Cc: Michael D Kinney <Michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Ruiyu Ni [Mon, 20 Nov 2017 05:13:25 +0000 (13:13 +0800)]
MdeModulePkg/UefiBootManagerLib: Remove assertion
EfiBootManagerStartHotkeyService() asserts when "BootOptionSupport"
variable doesn't exist.
In fact, though "BootOptionSupport" variable is set in BdsDxe
module, it's possible that the variable is deleted by
PlatformBootManagerBeforeConsole().
The patch removes the assertion and adds code to handle the case.
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
If a USB Mass Storage device does not support the Get
Max LUN command, then the USB I/O Protocol ControlTransfer()
service may return an error. If an error is returned for
this command, then assume that the device does not support
multiple LUNs and return a maximum LUN value of 0.
The USB Mass Storage Class Specification states that a
maximum LUN value larger than 0x0F is invalid. Add
a check to make sure this maximum LUN value is in this
valid range, and if it is not, then assume that the
device does not support multiple LUNs and return a
maximum LUN value of 0.
This change improves compatibility with USB FLASH drives
that do not support the Get Max LUN command or return
an invalid maximum LUN value.
Cc: Star Zeng <star.zeng@intel.com> Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
The USB I/O Protocol function ControlTransfer() has a DataLength
parameter that specifies the size of the Data buffer. The
UsbBusDxe module implements the USB I/O Protocol using the
services of the USB2 Host Controller Protocol. The DataLength
parameter in the USB2 Host Controller Protocol ControlTransfer()
service is an IN OUT parameter so the number of bytes actually
transferred is returned. Since the USB I/O Protocol
ControlTransfer() service can not return the number of bytes
actually transferred, the only option if the number of bytes
actually transferred is less than the number of bytes requested
is to return EFI_DEVICE_ERROR.
The change fixes an issue with a USB mass storage device that
responds with 0 bytes to the Get MAX LUN command.
Cc: Star Zeng <star.zeng@intel.com> Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
Yonghong Zhu [Fri, 17 Nov 2017 03:29:19 +0000 (11:29 +0800)]
BaseTools: Fix a bug for single module build with GenC/GenMake option
when build a single module with GenC/GenMake option, currently it will
direct return after create Autogen code files, then it cause MaList is
empty, which cause an incorrect error message is reported.
The Visual Studio older than 2015 doesn't support constant integer
in binary format (0bxxx). This patch changes them to BIT macro to
fix it. This patch also cleans up coding style about unmatched
comment for return value.
Cc: Star Zeng <star.zeng@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Bi Dandan <dandan.bi@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
This issue is caused by assigning incorrect value to PoolHdr.Size
if the requested size is more than MAX_POOL_SIZE, because the SMM
core will actually allocate page memory instead of pool memory in
this situation.
Cc: Star Zeng <star.zeng@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Wu Hao <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Wu Hao <hao.a.wu@intel.com> Tested-by: Wu Hao <hao.a.wu@intel.com>
Yonghong Zhu [Mon, 13 Nov 2017 07:24:17 +0000 (15:24 +0800)]
BaseTools: Fix the bug to collect source files per build rule family
when collect source files list we should also consider build rule
family. BuildRuleFamily may be set to the different one. It will
impact BuildRule and source files in INF file.
Hao Wu [Tue, 14 Nov 2017 03:33:10 +0000 (11:33 +0800)]
MdeModulePkg/UdfDxe: Avoid possible loss track of allocated buffer
In function FindFileEntry():
Instead of using the function parameter 'FileEntry', use a local
variable to store the buffer allocated for disk read operation.
For the below calling stack:
UdfOpenVolume() -> FindRootDirectory() -> FindFileEntry()
In FindFileEntry(), the call to 'DiskIo->ReadDisk()' is possible (e.g.
media change for a CD/DVD ROM device) to trigger a re-install of the
BlockIO(2) protocol which will further lead to a call of the BindingStop()
& BingdingStart() of the UdfDxe driver.
Meanwhile, for the above listed calling stack, the '**FileEntry'
parameter passed into FindFileEntry() is '&PrivFsData->Root'. 'PrivFsData'
is a driver-managed private data, it will be freed in BindingStop() and
re-allocate in BingdingStart().
In such case, if '*FileEntry' is used to store the allocated buffer, the
information will be lost if 'DiskIo->ReadDisk()' triggers a re-install of
the BlockIO(2) protocol. The subsequent call of the FreePool API:
FreePool (*FileEntry);
will cause issues.
This commit uses a local variable to store the allocated buffer.
Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Star Zeng <star.zeng@intel.com> Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Paulo Alcantara <pcacjr@zytor.com>
Hao Wu [Fri, 13 Oct 2017 07:14:51 +0000 (15:14 +0800)]
MdeModulePkg/PartitionDxe: Merge the discovery of ElTorito into UDF
In order to create all of the children (El Torito standard and UDF) for
a CD/DVD media in an entry of the PartitionDriverBindingStart(), this
commit merges the discovery of the El Torito feature
(PartitionInstallElToritoChildHandles) into function
PartitionInstallUdfChildHandles.
Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Star Zeng <star.zeng@intel.com> Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Paulo Alcantara <pcacjr@zytor.com>
Remove dependencies on gArmTokenSpaceGuid.PcdSystemMemoryBase and
gArmTokenSpaceGuid.PcdSystemMemorySize, the presence of which in
a [FixedPcd] section makes this module unusable for ArmVirtQemu.
Update the Request Sense check for the Request Sense Key of
USB_BOOT_SENSE_UNIT_ATTENTION. For this Sense Key, the
Additional Sense Key to EFI_STATUS mappings are:
A USB flash drive is returning Request Sense Key of
USB_BOOT_SENSE_UNIT_ATTENTION and an Additional Sense Key of
USB_BOOT_ASC_NO_MEDIA for a few seconds before returning an
Additional Sense Key of USB_BOOT_ASC_MEDIA_CHANGE.
The current logic treats this initial Request Sense info as an
error and reties the command 5 times before failing completely.
With this change the USB Flash Drive works correctly.
Cc: Star Zeng <star.zeng@intel.com> Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
Paolo Bonzini [Thu, 16 Nov 2017 20:31:00 +0000 (21:31 +0100)]
OvmfPkg: save on I/O port accesses when the debug port is not in use
When SEV is enabled, every debug message printed by OVMF to the
QEMU debug port traps from the guest to QEMU character by character
because "REP OUTSB" cannot be used by IoWriteFifo8. Furthermore,
when OVMF is built with the DEBUG_VERBOSE bit (value 0x00400000)
enabled in "gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel", then the
OvmfPkg/IoMmuDxe driver, and the OvmfPkg/Library/BaseMemEncryptSevLib
library instance that is built into it, produce a huge amount of
log messages. Therefore, in SEV guests, the boot time impact is huge
(about 45 seconds _additional_ time spent writing to the debug port).
While these messages are very useful for analyzing guest behavior,
most of the time the user won't be capturing the OVMF debug log.
In fact libvirt does not provide a method for configuring log capture;
users that wish to do this (or are instructed to do this) have to resort
to <qemu:arg>.
The debug console device provides a handy detection mechanism; when read,
it returns 0xE9 (which is very much unlike the 0xFF that is returned by
an unused port). Use it to skip the possibly expensive OUT instructions
when the debug I/O port isn't plugged anywhere.
For SEC, the debug port has to be read before each full message.
However:
- if the debug port is available, then reading one byte before writing
a full message isn't tragic, especially because SEC doesn't print many
messages
- if the debug port is not available, then reading one byte instead of
writing a full message is still a win.
Paolo Bonzini [Thu, 16 Nov 2017 20:30:59 +0000 (21:30 +0100)]
OvmfPkg: create a separate PlatformDebugLibIoPort instance for SEC
The next patch will want to add a global variable to
PlatformDebugLibIoPort, but this is not suitable for the SEC
phase, because SEC runs from read-only flash. The solution is
to have two library instances, one for SEC and another
for all other firmware phases. This patch adds the "plumbing"
for the SEC library instance, separating the INF files and
moving the constructor to a separate C source file.
Laszlo Ersek [Tue, 24 Oct 2017 15:21:25 +0000 (17:21 +0200)]
OvmfPkg: restore temporary SEC/PEI RAM size to 64KB
(1) In the PEI phase, the PCD database is maintained in a GUID HOB. In
OVMF, we load the PCD PEIM before any other PEIMs (using APRIORI PEI),
so that all other PEIMs can use dynamic PCDs. Consequently,
- the PCD GUID HOB is initially allocated from the temporary SEC/PEI
heap,
- whenever we introduce a dynamic PCD to a PEIM built into OVMF such
that the PCD is new to OVMF's whole PEI phase, the PCD GUID HOB (and
its temporary heap footprint) grow.
I've noticed that, if we add just one more dynamic PCD to the PEI
phase, then in the X64 build,
- we get very close to the half of the temporary heap (i.e., 8192
bytes),
- obscure PEI phase hangs or DXE core initialization failures
(ASSERTs) occur. The symptoms vary between the FD_SIZE_2MB and
FD_SIZE_4MB builds of X64 OVMF.
(2) I've found that commit
2bbd7e2fbd4b ("UefiCpuPkg/MtrrLib: Update algorithm to calculate
optimal settings", 2017-09-27)
introduced a large (16KB) stack allocation:
> The patch changes existing MtrrSetMemoryAttributeInMtrrSettings() and
> MtrrSetMemoryAttribute() to use the 4-page stack buffer for calculation.
> ...
> +#define SCRATCH_BUFFER_SIZE (4 * SIZE_4KB)
> ...
> @@ -2207,17 +2462,66 @@ MtrrSetMemoryAttributeInMtrrSettings (
> ...
> + UINT8 Scratch[SCRATCH_BUFFER_SIZE];
(3) OVMF's temp SEC/PEI RAM size has been 32KB ever since commit
7cb6b0e06809 ("OvmfPkg: Move SEC/PEI Temporary RAM from 0x70000 to
0x810000", 2014-01-21)
Of that, the upper 16KB half is stack (growing down), and the lower
16KB half is heap.
Thus, OvmfPkg/PlatformPei's calls to "UefiCpuPkg/Library/MtrrLib", in
QemuInitializeRam(), cause the Scratch array to overflow the entire
stack (heading towards lower addresses), and corrupt the heap below
the stack. It turns out that the total stack demand is about 24KB, so
the overflow is able to corrupt the upper 8KB of the heap. If that
part of the heap is actually used (for example because we grow the PCD
GUID HOB sufficiently), mayhem ensues.
(4) Right after commit 7cb6b0e06809 (see above), there would be no room
left above the 32KB temp SEC/PEI RAM. However, given more recent
commits
45d870815156 ("OvmfPkg/PlatformPei: rebase and resize the permanent
PEI memory for S3", 2016-07-13)
we can now restore the temp SEC/PEI RAM size to the original
(pre-7cb6b0e06809) 64KB. This will allow for a 32KB temp SEC/PEI
stack, which accommodates the ~24KB demand mentioned in (3).
(Prior patches in this series will let us monitor the stack usage in
the future.)
Laszlo Ersek [Wed, 8 Nov 2017 19:32:30 +0000 (20:32 +0100)]
OvmfPkg/Sec/X64: seed the temporary RAM with PcdInitValueInTempStack
This allows the PEI core to report the maximum temporary SEC/PEI stack
usage on the DEBUG_INFO level, in the PeiCheckAndSwitchStack() function
[MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c]:
I unit-tested this change by transitorily adding an infinite loop right
after the "rep stosq", and dumping the guest's temp SEC/PEI RAM (32KB
currently) while the guest was stuck in the loop. The dump includes one
dword from before and after the temp SEC/PEI RAM:
Laszlo Ersek [Wed, 8 Nov 2017 18:43:21 +0000 (19:43 +0100)]
OvmfPkg/Sec/Ia32: seed the temporary RAM with PcdInitValueInTempStack
This allows the PEI core to report the maximum temporary SEC/PEI stack
usage on the DEBUG_INFO level, in the PeiCheckAndSwitchStack() function
[MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c]:
I unit-tested this change by transitorily adding an infinite loop right
after the "rep stosd", and dumping the guest's temp SEC/PEI RAM (32KB
currently) while the guest was stuck in the loop. The dump includes one
dword from before and after the temp SEC/PEI RAM:
"Main.asm" calls TransitionFromReal16To32BitFlat (and does some other
things) before it jumps to the platform's SEC entry point.
TransitionFromReal16To32BitFlat enters big real mode, and sets the DS, ES,
FS, GS, and SS registers to offset ("selector") LINEAR_SEL in the GDT
(defined in "UefiCpuPkg/ResetVector/Vtf0/Ia16/Real16ToFlat32.asm"). The
GDT entry ("segment descriptor") at LINEAR_SEL defines a segment covering
the full 32-bit address space, meant for "read/write data".
Document this fact for all the affected segment registers, as output
parameters for TransitionFromReal16To32BitFlat, saying "Selector allowing
flat access to all addresses".
For 64-bit SEC, "Main.asm" calls Transition32FlatTo64Flat in addition,
between calling TransitionFromReal16To32BitFlat and jumping to the SEC
entry point. Transition32FlatTo64Flat enters long mode. In long mode,
segmentation is largely ignored:
- all segments are considered flat (covering the whole 64-bit address
space),
- with the (possible) exception of FS and GS, whose bases can still be
changed, albeit with new methods, not through the GDT. (Through the
IA32_FS_BASE and IA32_GS_BASE Model Specific Registers, and/or the
WRFSBASE, WRGSBASE and SWAPGS instructions.)
Thus, document the segment registers with the same "Selector allowing flat
access to all addresses" language on the "Main.asm" level too, since that
is valid for both 32-bit and 64-bit modes.
(Technically, "Main.asm" does not return, but RBP/EBP, passed similarly to
the SEC entry point, is already documented as an output parameter.)
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Eric Dong <eric.dong@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Suggested-by: Jordan Justen <jordan.l.justen@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Ard Biesheuvel [Thu, 16 Nov 2017 17:08:08 +0000 (17:08 +0000)]
ArmPlatformPkg: reorganize PL011 code
The PL011 code in ArmPlatformPkg is organized in a weird way: there is
a single PL011Uart.h header file under Include/Drivers containing both
register definitions and function entry points. The PL011Uart library
itself is in Drivers/ but it is actually a library.
So let's clean this up: add a new PL011UartLib library class and associated
header file containing only the library prototypes, and move the library
itself under Library/ using a new GUID, with the register definitions moved
into a local header file.
Ard Biesheuvel [Thu, 16 Nov 2017 16:51:49 +0000 (16:51 +0000)]
OvmfPkg/XenHypercallLib: enable virt extensions for ARM
XenHypercallLib uses the 'hvc' instruction, which is not implemented
on all ARMv7 CPUs, and so we need to explicitly specify a CPU that
has the virtualization extensions.
This override used to be set at the platform level, but this was removed
in commit 0d36a219c7bdbb27d775b50837823b2a9928147c
('ArmPlatformPkg/PL031RealTimeClockLib: drop ArmPlatformSysConfigLib
reference), under the assumption that all users of the 'hvc' instruction
had already been fixed.
So fix this for GNU binutils by adding the 'virt' arch extension
directive, and for RVCT by setting the --cpu command line option to a
CPU that is virt capable.
Jian J Wang [Tue, 14 Nov 2017 02:56:37 +0000 (10:56 +0800)]
MdeModulePkg/PiSmmCore: Implement heap guard feature for SMM mode
This feature makes use of paging mechanism to add a hidden (not present)
page just before and after the allocated memory block. If the code tries
to access memory outside of the allocated part, page fault exception will
be triggered.
BIT2 and BIT3 of PcdHeapGuardPropertyMask can be used to enable or disable
memory guard for SMM page and pool respectively. PcdHeapGuardPoolType and/or
PcdHeapGuardPageType are used to enable or disable guard for specific type
of memory. For example, we can turn on guard only for EfiRuntimeServicesCode
and EfiRuntimeServicesData by setting the PCD with value 0x60.
Pool memory is not ususally integer multiple of one page, and is more likely
less than a page. There's no way to monitor the overflow at both top and
bottom of pool memory. BIT7 of PcdHeapGuardPropertyMask is used to control
how to position the head of pool memory so that it's easier to catch memory
overflow in memory growing direction or in decreasing direction.
Cc: Eric Dong <eric.dong@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
Heap guard makes use of paging mechanism to implement its functionality. But
there's no protocol or library available to change page attribute in SMM mode.
A new protocol gEdkiiSmmMemoryAttributeProtocolGuid is introduced to make it
happen. This protocol provide three interfaces
Since heap guard feature need to update page attributes. The page table
should not set to be read-only if heap guard feature is enabled for SMM
mode. Otherwise this feature cannot work.
Cc: Eric Dong <eric.dong@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
Jian J Wang [Tue, 14 Nov 2017 02:55:26 +0000 (10:55 +0800)]
MdeModulePkg/DxeCore: Implement heap guard feature for UEFI
This feature makes use of paging mechanism to add a hidden (not present)
page just before and after the allocated memory block. If the code tries
to access memory outside of the allocated part, page fault exception will
be triggered.
BIT0 and BIT1 of PcdHeapGuardPropertyMask can be used to enable or disable
memory guard for page and pool respectively. PcdHeapGuardPoolType and/or
PcdHeapGuardPageType are used to enable or disable guard for specific type
of memory. For example, we can turn on guard only for EfiBootServicesData
and EfiRuntimeServicesData by setting the PCD with value 0x50.
Pool memory is not ususally integer multiple of one page, and is more likely
less than a page. There's no way to monitor the overflow at both top and
bottom of pool memory. BIT7 of PcdHeapGuardPropertyMask is used to control
how to position the head of pool memory so that it's easier to catch memory
overflow in memory growing direction or in decreasing direction.
Note1: Turning on heap guard, especially pool guard, will introduce too many
memory fragments. Windows 10 has a limitation in its boot loader, which
accepts at most 512 memory descriptors passed from BIOS. This will prevent
Windows 10 from booting if heap guard is enabled. The latest Linux
distribution with grub boot loader has no such issue. Normally it's not
recommended to enable this feature in production build of BIOS.
Note2: Don't enable this feature for NT32 emulation platform which doesn't
support paging.
Cc: Star Zeng <star.zeng@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Michael Kinney <michael.d.kinney@intel.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
Jian J Wang [Tue, 14 Nov 2017 02:53:28 +0000 (10:53 +0800)]
MdeModulePkg/DxeIpl: Enable paging for heap guard
Heap guard feature needs paging to work properly. 64-bit BIOS uses
PcdDxeIplBuildPageTables to control the page table setup. 32-bit BIOS
has to check heap guard feature to decide enabling paging or not.
Cc: Star Zeng <star.zeng@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
Jian J Wang [Tue, 14 Nov 2017 02:52:31 +0000 (10:52 +0800)]
UefiCpuPkg/CpuDxe: Reduce debug message
Heap guard feature will frequently update page attributes. The debug message
in CpuDxe driver will slow down the boot performance noticeably. Changing the
debug level to DEBUG_VERBOSE to reduce the message output for normal debug
configuration.
Cc: Eric Dong <eric.dong@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
Jian J Wang [Tue, 14 Nov 2017 02:51:50 +0000 (10:51 +0800)]
MdeModulePkg/SmmMemoryAttribute.h: Add new protocol definitions
The new protocol gEdkiiSmmMemoryAttributeProtocolGuid is intended for
PiSmmCore to be able to change memory page attributes for the sake of
heap guard feature.
This protocol provides three interfaces to get/set/clear page attribute.
Now that the PL031 RTC driver library no longer depends on the ARM
platform specific ArmPlatformSysConfigLib, we no longer need to
implement ArmPlatform.h or have a resolution for that library.
This allows us to get rid of a rather dodgy practice of including
platform headers using compiler flags, which is a bad idea at various
levels.
Ard Biesheuvel [Wed, 15 Nov 2017 13:04:46 +0000 (13:04 +0000)]
ArmPlatformPkg/PL031RealTimeClockLib: drop ArmPlatformSysConfigLib reference
The PL031 driver implements a VExpress/Juno specific hack to set the
battery backed clock in addition to the PL031. However, none of the
remaining VExpress based hardware we support in EDK2 actuall implements
this feature so we can just remove it, and get rid of the cumbersome
dependency on ArmPlatform.h.
Ard Biesheuvel [Thu, 16 Nov 2017 14:26:27 +0000 (14:26 +0000)]
ArmPkg: move RVCT PLATFORM_FLAGS override into ArmHvcLib/ArmSmcLib
Currently, each ARM platform built with RVCT that uses ArmHvcLib
or ArmSmcLib needs to specify a CPU target that implements both the
security and virtualization extensions, so that the assembler does
not choke on the 'hvc' and 'smc' instructions in ArmHvcLib/ArmSvcLib.
Let's move these overrides into the module .INFs so we can lift this
requirement at the platform side.
Ard Biesheuvel [Tue, 14 Nov 2017 10:13:03 +0000 (10:13 +0000)]
ArmVirtPkg/ArmVirtQemu: use non-accelerated CopyMem for VariableRuntimeDxe
The VariableRuntimeDxe driver may use CopyMem () on NOR flash regions,
assuming such regions always have full memory semantics. Given that
those regions cannot be mapped as ordinary memory on ARM (due to the
fact that the NOR flash requires device semantics while in write mode)
this prevents us from using BaseMemoryLibOptDxe in VariableRuntimeDxe,
since it may use unaligned accesses and/or DC ZVA instructions, both
of which are incompatible with mappings using device semantics.
Note that there is no way we can work around this by changing the
mapping type between 'memory' and 'device' when switching from read to
write mode and back, because the runtime mapping is created by the OS,
and cannot be changed at will.
So let's just switch to the unaccelerated version of BaseMemoryLib which
does not have the same problem.
Fu Siyuan [Wed, 15 Nov 2017 03:11:20 +0000 (11:11 +0800)]
MdeModulePkg/SNP: remove redundant DEBUG print in SNP Transmit.c
This patch is to remove some redundant DEBUG output in SNP transmit function.
In case of return EFI_NOT_READY in PxeTransmit, the SNP driver is indicate
the caller that the transmit queue is full, it's a very common situation druing
transmit, not a critical error. So the patch move the DEBUG lever to EFI_D_NET.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com>
Benjamin You [Tue, 14 Nov 2017 08:41:13 +0000 (16:41 +0800)]
CorebootModulePkg/CbSupportDxe: Remove duplicated IO Space addition
Since UefiCpuPkg's CpuDxe Driver already adds Local Apic's MMIO space to
GCD, CorebootModulePkg's CbSupportDxe should not do this again. Doing this
again causes error return status from GCD service, and ASSERT (FALSE) with
debug build, so the duplicated addition is removed.
Cc: Maurice Ma <maurice.ma@intel.com> Cc: Prince Agyeman <prince.agyeman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Benjamin You <benjamin.you@intel.com> Reviewed-by: Maurice Ma <maurice.ma@intel.com>
The return status of the call to SimpleFileSystem->OpenVolume should be
checked.
It is possible that there is a media change in the device (like CD/DVD
ROM). In such case, the volume root opened and/or the device path opened
previously (also within EfiShellOpenRootByHandle) may be invalid.
This commit adds a check for the result of OpenVolume before subsequently
calling functions like EfiShellGetMapFromDevicePath() &
ConvertEfiFileProtocolToShellHandle().
Historically many drives or medias do not correctly return their value
for block N - which is also referred as last addressable/recorded block.
When they do so, there is still a problem when relying on last recorded
block number returned by SCSI commands READ CAPACITY and READ TRACK
INFORMATION - that is, between block 0 and block N there may be
unwritten blocks which are located outside any track.
That said, the Partition driver was unable to find AVDP at block N on
certain medias that do not either return or report their last recorded
block number correctly.
Apparently there is no official or correct way to find the correct block
number, however tools like the Philips UDF Conformance Tool (udf_test)
apply a correction by searching for an AVDP or VAT in blocks N through
N-456 -- this can be observed by looking at the log reported by udf_test
on those CD/DVD medias. So, if the AVDP or VAT is found, then it sets
the last recorded block number to where AVDP or VAT was located.
With the below setence in UDF 2.60, 6.13.2.2 Background Physical
Formatting:
"... the second AVDP must be recorded after the Background physical
Formatting has been finished..."
Implies that the last recorded block is the one where second AVDP was
recorded.
This patch implements a similar way to correct the last recorded block
number by searching for last AVDP in blocks N-1 through N-512 on those
certain medias, as well as ensure a minimum number of 2 AVDPs found as
specified by ECMA 167 and UDF 2.60 specifications.
Cc: Hao Wu <hao.a.wu@intel.com> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Star Zeng <star.zeng@intel.com> Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Reported-by: Hao Wu <hao.a.wu@intel.com> Signed-off-by: Paulo Alcantara <pcacjr@zytor.com> Reviewed-by: Hao Wu <hao.a.wu@intel.com>
Cc: Kelly Steele <kelly.steele@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Kelly Steele <kelly.steele@intel.com>
Remove extra carriage return that causes formatting
issues.
Cc: Kelly Steele <kelly.steele@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Kelly Steele <kelly.steele@intel.com>
Update logic to not return an error from UsbBootRequestSense()
if a Request Sense command responds with no sense information.
It is legal for a USB mass storage device to respond to a
Request Sense command with a SenseKey of
USB_BOOT_SENSE_NO_SENSE and an Additional Sense
Code of USB_BOOT_ASC_NO_ADDITIONAL_SENSE_INFORMATION.
This is described in Section 3.3 of the Universal Serial
Bus Mass Storage Specification For Bootability:
The previous logic returned an error of EFI_NO_RESPONSE
and this caused USB mass storage devices such as a USB
floppy drive to not be detected.
Cc: Star Zeng <star.zeng@intel.com> Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
From MSDN:
Compiler Warning (level 4) C4255
function' : no function prototype given: converting '()' to '(void)'
The compiler did not find an explicit list of arguments to a function.
This warning is for the C compiler only.
From MSDN:
Compiler Warning (level 4) C4255
function' : no function prototype given: converting '()' to '(void)'
The compiler did not find an explicit list of arguments to a function.
This warning is for the C compiler only.
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Bell Song <binx.song@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
From MSDN:
Compiler Warning (level 4) C4255
function' : no function prototype given: converting '()' to '(void)'
The compiler did not find an explicit list of arguments to a function.
This warning is for the C compiler only.
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Bell Song <binx.song@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
From MSDN:
Compiler Warning (level 4) C4255
function' : no function prototype given: converting '()' to '(void)'
The compiler did not find an explicit list of arguments to a function.
This warning is for the C compiler only.
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Bell Song <binx.song@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
From MSDN:
Compiler Warning (level 4) C4255
function' : no function prototype given: converting '()' to '(void)'
The compiler did not find an explicit list of arguments to a function.
This warning is for the C compiler only.
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Bell Song <binx.song@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
Yonghong Zhu [Mon, 13 Nov 2017 02:50:49 +0000 (10:50 +0800)]
BaseTools: Fix the bug to re-build uni file for Library
The root cause is Module's self.CanSkip() is before LibraryAutoGen,
then when a uni file of library is changed, Module's self.CanSkip() is
still true which cause the library is not regenerated.
This patch change Module's self.CanSkip() after LibraryAutoGen.
The UEFI Specification Boot Services chapter, StartImage() service,
EFF 1.10 Extension requires extra calls to ConnectController()
if a UEFI Driver produces handles. The DXE Core is performing these
extra calls to ConnectController() without evaluating the ImageType.
A filter is added to not make extra calls to ConnectController()
if the ImageType is EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION.
Without this filter, extra calls to ConnectController() may be
performed by UEFI Applications or a UEFI Shell Applications that
also call ConnectController().
Cc: Star Zeng <star.zeng@intel.com> Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
When a TerminalType is set to PCANSI, characters in the range 0x00
to 0x1F are control characters. The mapping table for PCANSI maps
TRIANGLE glyphs, ARROW_UP glyph, and ARROW_DOWN glyph into this
control character range and that causes no characters to be
displayed by PCANSI compatible terminal emulators.
The mappings are updated so these glyphs are mapped to ANSI
characters in the range 0x20 to 0x7E.
Cc: Star Zeng <star.zeng@intel.com> Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Ruiyu Ni <Ruiyu.ni@intel.com>
Remove unused variables and turn nsdispatch macro into a function. This
is not what is recommended in the bug ticket but avoid heavier
modification of the code (and deviation from upsteam).
Ard Biesheuvel [Mon, 6 Nov 2017 18:08:15 +0000 (18:08 +0000)]
ArmPlatformPkg/PL031RealTimeClockLib: ignore DST setting when timezone is set
According to the UEFI spec, the timezone setting which the platform needs
to record in addition to the actual date and time already reflects the
current DST setting. In other words, moving the clock from standard time
to daylight saving time also involves adding or subtracting 60 minutes
from the timezone setting, as well as flicking the EFI_TIME_IN_DAYLIGHT
bit in the DST setting.
This means we need to disregard the DST setting if the timezone is
specified, and only add or subtract the additional hour if we are on
local time.
Ard Biesheuvel [Sun, 5 Nov 2017 16:31:23 +0000 (16:31 +0000)]
ArmPlatformPkg/PL031RealTimeClockLib: remove validation and DST handling
This library, which is intended to encapsulate the hardware specifics
of the ARM PL031 RTC, also implements its own input validation routines
and record the timezone and DST settings in its own set of EFI variables.
This functionality has recently been added to the core driver, so let's
remove it here.
Ard Biesheuvel [Sun, 5 Nov 2017 16:06:17 +0000 (16:06 +0000)]
EmbeddedPkg/RealTimeClockRuntimeDxe: move common functionality into core
RealTimeClockRuntimeDxe defers the hardware/platform specific handling
of reading/setting the hardware clock to RealTimeClockLib, but for
unknown reasons, it also defers common functionality such as input
validation and recording the timezone and DST settings (which are
informational only and not managed by hardware)
This has led to a lot of duplication in implementations of RealTimeClockLib
as well as TimeBaseLib, to the point where each library implementation
has its own set of UEFI variables to record the timezone and DST settings.
This makes little sense, and so let's update RealTimeClockRuntimeDxe now
to allow future implementations to rely on the core driver to take care of
these things.
Note that reading the timezone and DST settings occurs before calling into
the library, so we can phase out this behavior gradually from library
implementations in EDK2, edk2-platforms or out of tree.
Fu Siyuan [Wed, 18 Oct 2017 02:13:39 +0000 (10:13 +0800)]
MdeModulePkg: Update IP4 stack to support point-to-point link with 31-bit mask.
V2 update: Directly use NetIp4IsUnicast() to check station address in IP driver.
This patch is to follow RFC3021 which allows to use 31-bit mask
in point-to-point link.
If a 31-bit subnet mask is assigned to a point-to-point link, it
leaves the <Host-number> with only 1 bit. Consequently, only two
possible addresses may result:
{<Network-number>, 0} and {<Network-number>, -1}
These addresses have historically been associated with network and
broadcast addresses (see Section 2.2). In a point-to-point link with
a 31-bit subnet mask, the two addresses above MUST be interpreted as
host addresses.
MdePkg: Add definitions for the SPI protocols introduced in PI 1.6.
This commit adds header files for the SPI protocols introduced in the
UEFI PI 1.6 specification, as well as their GUIDs to MdePkg.dec.
EFI_SPI_TRANSACTION_TYPE assumes an enum with its members ordered the
way they are listed in the specification, as there are no values given
explicitely.
EFI_LEGACY_SPI_CONTROLLER_GUID assumes the character 'l' used in the
specification was meant to be '1'.
V2:
- Fixed LegacySpiFlash.h's header guard.
- Fixed LegacySpiSmmController's GUID name.
- Removed EFI_SPI_NOR_FLASH_PROTOCOL_LF_READ_DATA as it's unused.
- Added the missing SpiSmmNorFlash header.
- Fixed all file endings to be CRLF.
- Removed trailing whitespaces.
Ard Biesheuvel [Fri, 20 Oct 2017 10:44:04 +0000 (11:44 +0100)]
ArmPlatformPkg/PrePeiCore: seed temporary stack before entering PEI core
DEBUG builds of PEI code will print a diagnostic message regarding
the utilization of temporary RAM before switching to permanent RAM.
For example,
Total temporary memory: 16352 bytes.
temporary memory stack ever used: 4820 bytes.
temporary memory heap used for HobList: 4720 bytes.
Tracking stack utilization like this requires the stack to be seeded
with a known magic value, and this needs to occur before entering C
code, given that it uses the stack. Currently, only Nt32Pkg appears
to implement this feature, but it is useful nonetheless, so let's
wire it up for PrePeiCore.
BTT definitions are defined in UEFI spec 2.7, to defines
a layout and set of rules for doing block I/O that provide
powerfail write atomicity of a single block in NVDIMM.
Star Zeng [Fri, 27 Oct 2017 03:14:11 +0000 (11:14 +0800)]
MdeModulePkg SerialDxe: Handle Timeout change more robustly
https://lists.01.org/pipermail/edk2-devel/2017-October/016479.html
reported "Xen Console input very slow in recent UEFI" that appears
after 4cf3f37c87ba1f9d58072444bd735e40e4779e70 "MdeModulePkg
SerialDxe: Process timeout consistently in SerialRead".
Julien did more debugging and find out the following is happening in
TerminalConInTimerHandler (MdeModulePkg/Universal/Console/TerminalDxe)
when a character is received:
1) GetControl will return EFI_SERIAL_INPUT_BUFFER_EMPTY unset
=> Entering in the loop to fetch character from the serial
2) GetOneKeyFromSerial()
=> Return directly with the character read
3) Looping as the fifo is not full and no error
4) GetOneKeyFromSerial() -> SerialRead()
=> No more character so SerialPortPoll() will return FALSE and loop
until timeout
=> Return EFI_TIMEOUT
5) Exiting the loop from TerminalConInTimerHandler
6) Characters are printed
After some investigation, I found it is related to the Timeout value.
The Timeout is 1000000 (1s) by default to follow UEFI spec.
And the Terminal driver will recalculate and set the Timeout value
based on the properties of UART in TerminalDriverBindingStart()/
TerminalConInTimerHandler().
SerialInTimeOut = 0;
if (Mode->BaudRate != 0) {
//
// According to BAUD rate to calculate the timeout value.
//
SerialInTimeOut = (1 + Mode->DataBits + Mode->StopBits) *
2 * 1000000 / (UINTN) Mode->BaudRate;
}
For example, based on the PCD values of PcdUartDefaultBaudRate,
PcdUartDefaultDataBits and PcdUartDefaultStopBits, SerialInTimeOut =
(1 + 8 + 1) * 2 * 1000000 / (UINTN) 115200 = 173 (us).
When SerialDxe is used,
TerminalDriverBindingStart()/TerminalConInTimerHandler() ->
SerialIo->SetAttributes() ->
SerialSetAttributes() ->
SerialPortSetAttributes()
Some implementations of SerialPortSetAttributes() could handle the
input parameters and return RETURN_SUCCESS, for example
BaseSerialPortLib16550, then Timeout value will be changed to 173 (us),
no "slow down" will be observed.
But some implementations of SerialPortSetAttributes() just return
RETURN_UNSUPPORTED, for example XenConsoleSerialPortLib, then Timeout
value will be not changed and kept 1000000 (1s), "slow down" will be
observed.
SerialPortLib instance can be enhanced to
1. Handle the input parameters and return status accordingly instead of
just returning RETURN_UNSUPPORTED in SerialPortSetAttributes().
2. Just return RETURN_SUCCESS instead of RETURN_UNSUPPORTED in
SerialPortSetAttributes() if the instance does not care the input
parameters at all.
And SerialDxe can also be enhanced like this patch to be more robust
to handle Timeout change.
Cc: Julien Grall <julien.grall@linaro.org> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Compare against the original parameters Suggested-by: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Julien Grall <julien.grall@linaro.org>
Chasel, Chiu [Wed, 8 Nov 2017 12:35:26 +0000 (20:35 +0800)]
IntelFsp2Pkg-Tools: GenCfgOpt.py shouldn't include specific UPD name
PcdSerialIoUartDebugEnable UPD is platform specific and should not
be included in generic GenCfgOpt.py script. Remove this and platform
DSC should control the default value instead.
Cc: Jiewen Yao <Jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Chasel Chiu <chasel.chiu@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Jian J Wang [Wed, 8 Nov 2017 02:09:54 +0000 (10:09 +0800)]
IntelFrameworkModulePkg: Fix misuses of AllocateCopyPool
AllocateCopyPool(AllocationSize, *Buffer) will copy "AllocationSize" bytes of
memory from old "Buffer" to new allocated one. If "AllocationSize" is bigger
than size of "Buffer", heap memory overflow occurs during copy.
One solution is to allocate pool first then copy the necessary bytes to new
memory. Another is using ReallocatePool instead if old buffer will be freed
on spot.
Cc: Liming Gao <liming.gao@intel.com> Cc: Bi Dandan <dandan.bi@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Bi Dandan <dandan.bi@intel.com>
Jian J Wang [Wed, 8 Nov 2017 02:09:19 +0000 (10:09 +0800)]
ShellPkg: Fix misuses of AllocateCopyPool
AllocateCopyPool(AllocationSize, *Buffer) will copy "AllocationSize" bytes of
memory from old "Buffer" to new allocated one. If "AllocationSize" is bigger
than size of "Buffer", heap memory overflow occurs during copy.
One solution is to allocate pool first then copy the necessary bytes to new
memory. Another is using ReallocatePool instead if old buffer will be freed
on spot.
Cc: Jaben Carsey <jaben.carsey@intel.com> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Bi Dandan <dandan.bi@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Jian J Wang [Wed, 1 Nov 2017 15:18:34 +0000 (23:18 +0800)]
MdeModulePkg: Fix misuses of AllocateCopyPool
AllocateCopyPool(AllocationSize, *Buffer) will copy "AllocationSize" bytes of
memory from old "Buffer" to new allocated one. If "AllocationSize" is bigger
than size of "Buffer", heap memory overflow occurs during copy.
One solution is to allocate pool first then copy the necessary bytes to new
memory. Another is using ReallocatePool instead if old buffer will be freed
on spot.
Cc: Star Zeng <star.zeng@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Bi Dandan <dandan.bi@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Bi Dandan <dandan.bi@intel.com>
For PciIoPciRead interface, memory prior to Buffer would be written
with zeros if Offset was larger than sizeof (Dev->ConfigSpace), which
would cause serious system exception.
So we add a pre-check branch to avoid memory override.
Cc: Star Zeng <star.zeng@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Heyi Guo <heyi.guo@linaro.org> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Ruiyu Ni [Thu, 26 Oct 2017 08:06:56 +0000 (16:06 +0800)]
MdePkg/PciExpress21.h: Fix typo in PCI_REG_PCIE_SLOT_CONTROL
PCI_REG_PCIE_SLOT_CONTROL contains a typo. It is defined as:
typedef union {
struct {
UINT32 AttentionButtonPressed : 1;
UINT32 ...
...
} Bits;
UINT16 Uint16;
} PCI_REG_PCIE_SLOT_CONTROL;
The bit field data type should be UINT16 instead of UINT32,
results sizeof (PCI_REG_PCIE_SLOT_CONTROL) equals to 4 instead of 2.
Because this structure is used in PCI_CAPABILITY_PCIEXP as below:
typedef struct {
...
PCI_REG_PCIE_SLOT_CONTROL SlotControl;
PCI_REG_PCIE_SLOT_STATUS SlotStatus;
} PCI_CAPABILITY_PCIEXP;
It cause the OFFSET_OF (PCI_CAPABILITY_PCIEXP, SlotStatus) equal
to a wrong value.
Marcin Wojtas [Fri, 3 Nov 2017 17:55:17 +0000 (18:55 +0100)]
EmbeddedPkg: Implement NorFlashInfoLib
The SPI NOR flash drivers which base on ArmPlatformPkg's
NorFlashDxe usually make use of static declarations of the
flash instances with their type and parameters. As a result
it implies hardcoding the exact way of flash handling, not to
mention the code does not look very nice. Much better solution
would be obtaining the flash ID and hence its description
in runtime.
JEDEC compliant SPI NOR devices allow to obtain their IDs with
READ_ID command (0x9f), which should return the vendor ID byte,
followed by 2 to 4 following device ID bytes. Use this capability
for implementing a NorFlashInfoLib that gives an access to the
NOR flash description data, such as name, page size, sector
(block) size and others, of more than 50 different models.
The new library user should pass an output array from issuing
READ_ID command to the NorFlashGetInfo () routine - if the
match is found, an allocated (optionally for RT) pool with
the flash description copy will be returned.
chenc2 [Tue, 7 Nov 2017 01:01:26 +0000 (09:01 +0800)]
SecurityPkg/AuthVariableLib: Use EFI_CERT_DATA to parse certificate
The function Pkcs7GetSigners return certificate stack as binary buffer.
Use EFI_CERT_DATA to parsing certificate stack more clearly, and access
certificate by the field of EFI_CERT_DATA structure.
chenc2 [Tue, 7 Nov 2017 00:56:56 +0000 (08:56 +0800)]
CryptoPkg/BaseCryptLib: Add C-structure to matching certificate stack
The parameter CertStack of Pkcs7GetSigners will return all embedded X.509
certificate in one given PKCS7 signature. The format is:
//
// UINT8 CertNumber;
// UINT32 Cert1Length;
// UINT8 Cert1[];
// UINT32 Cert2Length;
// UINT8 Cert2[];
// ...
// UINT32 CertnLength;
// UINT8 Certn[];
//
Add EFI_CERT_STACK and EFI_CERT_DATA structure, these two C-structure are
used for parsing CertStack more clearly.
Peicong Li [Tue, 7 Nov 2017 12:56:51 +0000 (20:56 +0800)]
ArmPkg/ArmMmuLib: Add new attribute WRITE_BACK_NONSHAREABLE
Flash region needs to be set as cacheable (write back) to increase
performance, if PEI is still XIP on flash or DXE FV is decompressed
from flash FV. However some ARM platforms do not support to set flash
as inner shareable since flash is not normal DDR memory and it will
not respond to cache snoop request, which will causes system hang
after MMU is enabled.
So we need a new ARM memory region attribute WRITE_BACK_NONSHAREABLE
for flash region on these platforms specifically. This attribute will
set the region as write back but not inner shared.
Ruiyu Ni [Tue, 31 Oct 2017 07:53:18 +0000 (15:53 +0800)]
MdeModulePkg/PciBus: Disable BME of all devices when entering RT
The patch ensures all DMA transactions are blocked after
ExitBootService.
If a platform enables IOMMU before and needs disable IOMMU after
ExitBootService, the IOMMU should be disabled after PCI bus driver
disables BME.
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael Turner <michael.turner@microsoft.com> Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Cc: Jeff Fan <vanjeff_919@hotmail.com>
Dandan Bi [Fri, 3 Nov 2017 08:34:25 +0000 (16:34 +0800)]
MdeModulePkg/VarCheckHii: Enhance VarCheckHiiLib to support bit check
V3:
(1) Reset QuestionStoredInBitField to FALSE at end opcode(EFI_IFR_END_OP)
(2) Fix typo and format issues(line alignment for debug print message
and value assignment...)
V2:
(1)Remove the VarOffsetBitLevel/StorageWidthBitLevel to reduce the final
VarCheckBinSize and update the implementation accordingly.
(2)Update the VAR_CHECK_HII_REVISION
(3)Refine the Debug message and function comments,like update oneof",
"checkbox", "numeric" to "OneOf", "CheckBox", "Numeric".
VarCheckHiiLib check the value set to storage based on the possible value
listed in the vfr file. Since we have enhanced vfr to support Question
value stored in bit field, so now enhance VarCheckHiiLib to support bit
field check.
Cc: Star Zeng <star.zeng@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Dandan Bi <dandan.bi@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
Ard Biesheuvel [Sat, 4 Nov 2017 21:32:37 +0000 (21:32 +0000)]
MdeModulePkg/SdMmcPciHcDxe: call SdMmcFreeTrb() to complete sync operation
Currently, we complete a synchronous operation without unmapping the
DMA mappings, and free the pages using FreePages () rather than calling
EFI_PCI_IO_PROTOCOL::FreeBuffer. This is simply incorrect, but it also
breaks non-coherent DMA as well as DMA protection and/or memory encryption
so let's do it correctly and call SdMmcFreeTrb() instead.
The malloc/free (instead of AllocatePool/FreePool) were used directly
in some wrapper implementations, which was designed to leverage the
light-weight memory management routines at Runtime phase.
The malloc/free and AllocatePool/FreePool usages are required to be
matched, after extra memory size info header was introduced in malloc
wrapper.
This patch corrects two memory allocation cases, which requires the
caller to free the buffer with FreePool() outside the function call.
And some comments were also added to clarify the correct memory
release functions if it's the caller's responsibility to free the
memory buffer.
Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ting Ye <ting.ye@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Long Qin [Wed, 1 Nov 2017 08:10:04 +0000 (16:10 +0800)]
CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper
There is one long-standing problem in CRT realloc wrapper, which will
cause the obvious buffer overflow issue when re-allocating one bigger
memory block:
void *realloc (void *ptr, size_t size)
{
//
// BUG: hardcode OldSize == size! We have no any knowledge about
// memory size of original pointer ptr.
//
return ReallocatePool ((UINTN) size, (UINTN) size, ptr);
}
This patch introduces one extra header to record the memory buffer size
information when allocating memory block from malloc routine, and re-wrap
the realloc() and free() routines to remove this BUG.
Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ting Ye <ting.ye@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Validated-by: Jian J Wang <jian.j.wang@intel.com>
Star Zeng [Wed, 25 Oct 2017 09:23:03 +0000 (17:23 +0800)]
IntelSiliconPkg IntelVTdDxe: Use ACPI table event to get DMAR table
Use ACPI table event to get DMAR table instead of using ACPI SDT
notification as ACPI SDT is optional and the default value of
PcdInstallAcpiSdtProtocol is FALSE in MdeModulePkg.dec.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Ard Biesheuvel [Wed, 1 Nov 2017 12:57:26 +0000 (12:57 +0000)]
ArmPlatformPkg/PlatformPeim: allow PlatformPeiLib to set the boot mode
The current interdepencies between the PrePeiCore SEC module, the
platform PEIM and ArmPlatformLib is a bit awkward: due to the fact
that ArmPlatformLib is also used by SEC modules, we cannot use PEI
specific facilities in the implementation of ArmPlatformGetBootMode.
However, given that we call that library function /after/ invoking
PlatformPeiLib, there is no way for that library to set the boot mode
other than resorting to tricks like notification callbacks on arbitrary
unrelated events.
ArmPlatformLib should probably be phased out anyway, given its quirky
nature, but for now, let's fix this particular issue by deferring the
call to PlatformPeim() to after the point where we set the boot mode
by calling ArmPlatformGetBootMode ().
While we're at it, clean up the code slightly by using PeiServicesLib
instead of doing double pointer dereferencing.
Ard Biesheuvel [Wed, 1 Nov 2017 12:54:39 +0000 (12:54 +0000)]
EmbeddedPkg: introduce GPIO PPI
Introduce a PPI counterpart of the existing 'embedded GPIO' protocol,
so we can manipulate GPIOs from PEI modules. This allows things like
setting the boot mode based on a DIP switch setting.
Note that the naming is slightly awkward, as there is nothing 'embedded'
about a GPIO, but given that the DXE protocol already resides here and
has the 'embedded' prefix, it makes sense to retain uniformity.