]> git.proxmox.com Git - mirror_edk2.git/blob - MdeModulePkg/Universal/Disk/PartitionDxe/Mbr.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
MdeModulePkg/PartitionDxe: Ensure blocksize holds MBR (CVE-2018-12180)
[mirror_edk2.git] / MdeModulePkg / Universal / Disk / PartitionDxe / Mbr.c
1 /** @file
2 Decode a hard disk partitioned with the legacy MBR found on most PC's
3
4 MBR - Master Boot Record is in the first sector of a partitioned hard disk.
5 The MBR supports four partitions per disk. The MBR also contains legacy
6 code that is not run on an EFI system. The legacy code reads the
7 first sector of the active partition into memory and
8
9 BPB - BIOS Parameter Block is in the first sector of a FAT file system.
10 The BPB contains information about the FAT file system. The BPB is
11 always on the first sector of a media. The first sector also contains
12 the legacy boot strap code.
13
14 Copyright (c) 2018 Qualcomm Datacenter Technologies, Inc.
15 Copyright (c) 2014, Hewlett-Packard Development Company, L.P.<BR>
16 Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
17 This program and the accompanying materials
18 are licensed and made available under the terms and conditions of the BSD License
19 which accompanies this distribution. The full text of the license may be found at
20 http://opensource.org/licenses/bsd-license.php
21
22 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
23 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
24
25 **/
26
27 #include "Partition.h"
28
29 /**
30 Test to see if the Mbr buffer is a valid MBR.
31
32 @param Mbr Parent Handle.
33 @param LastLba Last Lba address on the device.
34
35 @retval TRUE Mbr is a Valid MBR.
36 @retval FALSE Mbr is not a Valid MBR.
37
38 **/
39 BOOLEAN
40 PartitionValidMbr (
41 IN MASTER_BOOT_RECORD *Mbr,
42 IN EFI_LBA LastLba
43 )
44 {
45 UINT32 StartingLBA;
46 UINT32 EndingLBA;
47 UINT32 NewEndingLBA;
48 INTN Index1;
49 INTN Index2;
50 BOOLEAN MbrValid;
51
52 if (Mbr->Signature != MBR_SIGNATURE) {
53 return FALSE;
54 }
55 //
56 // The BPB also has this signature, so it can not be used alone.
57 //
58 MbrValid = FALSE;
59 for (Index1 = 0; Index1 < MAX_MBR_PARTITIONS; Index1++) {
60 if (Mbr->Partition[Index1].OSIndicator == 0x00 || UNPACK_UINT32 (Mbr->Partition[Index1].SizeInLBA) == 0) {
61 continue;
62 }
63
64 MbrValid = TRUE;
65 StartingLBA = UNPACK_UINT32 (Mbr->Partition[Index1].StartingLBA);
66 EndingLBA = StartingLBA + UNPACK_UINT32 (Mbr->Partition[Index1].SizeInLBA) - 1;
67 if (EndingLBA > LastLba) {
68 //
69 // Compatibility Errata:
70 // Some systems try to hide drive space with their INT 13h driver
71 // This does not hide space from the OS driver. This means the MBR
72 // that gets created from DOS is smaller than the MBR created from
73 // a real OS (NT & Win98). This leads to BlockIo->LastBlock being
74 // wrong on some systems FDISKed by the OS.
75 //
76 // return FALSE since no block devices on a system are implemented
77 // with INT 13h
78 //
79
80 DEBUG((EFI_D_INFO, "PartitionValidMbr: Bad MBR partition size EndingLBA(%1x) > LastLBA(%1x)\n", EndingLBA, LastLba));
81
82 return FALSE;
83 }
84
85 for (Index2 = Index1 + 1; Index2 < MAX_MBR_PARTITIONS; Index2++) {
86 if (Mbr->Partition[Index2].OSIndicator == 0x00 || UNPACK_UINT32 (Mbr->Partition[Index2].SizeInLBA) == 0) {
87 continue;
88 }
89
90 NewEndingLBA = UNPACK_UINT32 (Mbr->Partition[Index2].StartingLBA) + UNPACK_UINT32 (Mbr->Partition[Index2].SizeInLBA) - 1;
91 if (NewEndingLBA >= StartingLBA && UNPACK_UINT32 (Mbr->Partition[Index2].StartingLBA) <= EndingLBA) {
92 //
93 // This region overlaps with the Index1'th region
94 //
95 return FALSE;
96 }
97 }
98 }
99 //
100 // None of the regions overlapped so MBR is O.K.
101 //
102 return MbrValid;
103 }
104
105
106 /**
107 Install child handles if the Handle supports MBR format.
108
109 @param[in] This Calling context.
110 @param[in] Handle Parent Handle.
111 @param[in] DiskIo Parent DiskIo interface.
112 @param[in] DiskIo2 Parent DiskIo2 interface.
113 @param[in] BlockIo Parent BlockIo interface.
114 @param[in] BlockIo2 Parent BlockIo2 interface.
115 @param[in] DevicePath Parent Device Path.
116
117 @retval EFI_SUCCESS A child handle was added.
118 @retval EFI_MEDIA_CHANGED Media change was detected.
119 @retval Others MBR partition was not found.
120
121 **/
122 EFI_STATUS
123 PartitionInstallMbrChildHandles (
124 IN EFI_DRIVER_BINDING_PROTOCOL *This,
125 IN EFI_HANDLE Handle,
126 IN EFI_DISK_IO_PROTOCOL *DiskIo,
127 IN EFI_DISK_IO2_PROTOCOL *DiskIo2,
128 IN EFI_BLOCK_IO_PROTOCOL *BlockIo,
129 IN EFI_BLOCK_IO2_PROTOCOL *BlockIo2,
130 IN EFI_DEVICE_PATH_PROTOCOL *DevicePath
131 )
132 {
133 EFI_STATUS Status;
134 MASTER_BOOT_RECORD *Mbr;
135 UINT32 ExtMbrStartingLba;
136 UINT32 Index;
137 HARDDRIVE_DEVICE_PATH HdDev;
138 HARDDRIVE_DEVICE_PATH ParentHdDev;
139 EFI_STATUS Found;
140 EFI_DEVICE_PATH_PROTOCOL *DevicePathNode;
141 EFI_DEVICE_PATH_PROTOCOL *LastDevicePathNode;
142 UINT32 BlockSize;
143 UINT32 MediaId;
144 EFI_LBA LastBlock;
145 EFI_PARTITION_INFO_PROTOCOL PartitionInfo;
146
147 Found = EFI_NOT_FOUND;
148
149 BlockSize = BlockIo->Media->BlockSize;
150 MediaId = BlockIo->Media->MediaId;
151 LastBlock = BlockIo->Media->LastBlock;
152
153 //
154 // Ensure the block size can hold the MBR
155 //
156 if (BlockSize < sizeof (MASTER_BOOT_RECORD)) {
157 return EFI_NOT_FOUND;
158 }
159
160 Mbr = AllocatePool (BlockSize);
161 if (Mbr == NULL) {
162 return Found;
163 }
164
165 Status = DiskIo->ReadDisk (
166 DiskIo,
167 MediaId,
168 0,
169 BlockSize,
170 Mbr
171 );
172 if (EFI_ERROR (Status)) {
173 Found = Status;
174 goto Done;
175 }
176 if (!PartitionValidMbr (Mbr, LastBlock)) {
177 goto Done;
178 }
179 //
180 // We have a valid mbr - add each partition
181 //
182 //
183 // Get starting and ending LBA of the parent block device.
184 //
185 LastDevicePathNode = NULL;
186 ZeroMem (&ParentHdDev, sizeof (ParentHdDev));
187 DevicePathNode = DevicePath;
188 while (!IsDevicePathEnd (DevicePathNode)) {
189 LastDevicePathNode = DevicePathNode;
190 DevicePathNode = NextDevicePathNode (DevicePathNode);
191 }
192
193 if (LastDevicePathNode != NULL) {
194 if (DevicePathType (LastDevicePathNode) == MEDIA_DEVICE_PATH &&
195 DevicePathSubType (LastDevicePathNode) == MEDIA_HARDDRIVE_DP
196 ) {
197 CopyMem (&ParentHdDev, LastDevicePathNode, sizeof (ParentHdDev));
198 } else {
199 LastDevicePathNode = NULL;
200 }
201 }
202
203 ZeroMem (&HdDev, sizeof (HdDev));
204 HdDev.Header.Type = MEDIA_DEVICE_PATH;
205 HdDev.Header.SubType = MEDIA_HARDDRIVE_DP;
206 SetDevicePathNodeLength (&HdDev.Header, sizeof (HdDev));
207 HdDev.MBRType = MBR_TYPE_PCAT;
208 HdDev.SignatureType = SIGNATURE_TYPE_MBR;
209
210 if (LastDevicePathNode == NULL) {
211 //
212 // This is a MBR, add each partition
213 //
214 for (Index = 0; Index < MAX_MBR_PARTITIONS; Index++) {
215 if (Mbr->Partition[Index].OSIndicator == 0x00 || UNPACK_UINT32 (Mbr->Partition[Index].SizeInLBA) == 0) {
216 //
217 // Don't use null MBR entries
218 //
219 continue;
220 }
221
222 if (Mbr->Partition[Index].OSIndicator == PMBR_GPT_PARTITION) {
223 //
224 // This is the guard MBR for the GPT. If you ever see a GPT disk with zero partitions you can get here.
225 // We can not produce an MBR BlockIo for this device as the MBR spans the GPT headers. So formating
226 // this BlockIo would corrupt the GPT structures and require a recovery that would corrupt the format
227 // that corrupted the GPT partition.
228 //
229 continue;
230 }
231
232 HdDev.PartitionNumber = Index + 1;
233 HdDev.PartitionStart = UNPACK_UINT32 (Mbr->Partition[Index].StartingLBA);
234 HdDev.PartitionSize = UNPACK_UINT32 (Mbr->Partition[Index].SizeInLBA);
235 CopyMem (HdDev.Signature, &(Mbr->UniqueMbrSignature[0]), sizeof (Mbr->UniqueMbrSignature));
236
237 ZeroMem (&PartitionInfo, sizeof (EFI_PARTITION_INFO_PROTOCOL));
238 PartitionInfo.Revision = EFI_PARTITION_INFO_PROTOCOL_REVISION;
239 PartitionInfo.Type = PARTITION_TYPE_MBR;
240 if (Mbr->Partition[Index].OSIndicator == EFI_PARTITION) {
241 PartitionInfo.System = 1;
242 }
243 CopyMem (&PartitionInfo.Info.Mbr, &Mbr->Partition[Index], sizeof (MBR_PARTITION_RECORD));
244
245 Status = PartitionInstallChildHandle (
246 This,
247 Handle,
248 DiskIo,
249 DiskIo2,
250 BlockIo,
251 BlockIo2,
252 DevicePath,
253 (EFI_DEVICE_PATH_PROTOCOL *) &HdDev,
254 &PartitionInfo,
255 HdDev.PartitionStart,
256 HdDev.PartitionStart + HdDev.PartitionSize - 1,
257 MBR_SIZE,
258 ((Mbr->Partition[Index].OSIndicator == EFI_PARTITION) ? &gEfiPartTypeSystemPartGuid: NULL)
259 );
260
261 if (!EFI_ERROR (Status)) {
262 Found = EFI_SUCCESS;
263 }
264 }
265 } else {
266 //
267 // It's an extended partition. Follow the extended partition
268 // chain to get all the logical drives
269 //
270 Index = 0;
271 ExtMbrStartingLba = 0;
272
273 do {
274
275 Status = DiskIo->ReadDisk (
276 DiskIo,
277 MediaId,
278 MultU64x32 (ExtMbrStartingLba, BlockSize),
279 BlockSize,
280 Mbr
281 );
282 if (EFI_ERROR (Status)) {
283 Found = Status;
284 goto Done;
285 }
286
287 if (UNPACK_UINT32 (Mbr->Partition[0].SizeInLBA) == 0) {
288 break;
289 }
290
291 if ((Mbr->Partition[0].OSIndicator == EXTENDED_DOS_PARTITION) ||
292 (Mbr->Partition[0].OSIndicator == EXTENDED_WINDOWS_PARTITION)) {
293 ExtMbrStartingLba = UNPACK_UINT32 (Mbr->Partition[0].StartingLBA);
294 continue;
295 }
296 HdDev.PartitionNumber = ++Index;
297 HdDev.PartitionStart = UNPACK_UINT32 (Mbr->Partition[0].StartingLBA) + ExtMbrStartingLba + ParentHdDev.PartitionStart;
298 HdDev.PartitionSize = UNPACK_UINT32 (Mbr->Partition[0].SizeInLBA);
299 if ((HdDev.PartitionStart + HdDev.PartitionSize - 1 >= ParentHdDev.PartitionStart + ParentHdDev.PartitionSize) ||
300 (HdDev.PartitionStart <= ParentHdDev.PartitionStart)) {
301 break;
302 }
303
304 //
305 // The signature in EBR(Extended Boot Record) should always be 0.
306 //
307 *((UINT32 *) &HdDev.Signature[0]) = 0;
308
309 ZeroMem (&PartitionInfo, sizeof (EFI_PARTITION_INFO_PROTOCOL));
310 PartitionInfo.Revision = EFI_PARTITION_INFO_PROTOCOL_REVISION;
311 PartitionInfo.Type = PARTITION_TYPE_MBR;
312 if (Mbr->Partition[0].OSIndicator == EFI_PARTITION) {
313 PartitionInfo.System = 1;
314 }
315 CopyMem (&PartitionInfo.Info.Mbr, &Mbr->Partition[0], sizeof (MBR_PARTITION_RECORD));
316
317 Status = PartitionInstallChildHandle (
318 This,
319 Handle,
320 DiskIo,
321 DiskIo2,
322 BlockIo,
323 BlockIo2,
324 DevicePath,
325 (EFI_DEVICE_PATH_PROTOCOL *) &HdDev,
326 &PartitionInfo,
327 HdDev.PartitionStart - ParentHdDev.PartitionStart,
328 HdDev.PartitionStart - ParentHdDev.PartitionStart + HdDev.PartitionSize - 1,
329 MBR_SIZE,
330 ((Mbr->Partition[0].OSIndicator == EFI_PARTITION) ? &gEfiPartTypeSystemPartGuid: NULL)
331 );
332 if (!EFI_ERROR (Status)) {
333 Found = EFI_SUCCESS;
334 }
335
336 if ((Mbr->Partition[1].OSIndicator != EXTENDED_DOS_PARTITION) &&
337 (Mbr->Partition[1].OSIndicator != EXTENDED_WINDOWS_PARTITION)
338 ) {
339 break;
340 }
341
342 ExtMbrStartingLba = UNPACK_UINT32 (Mbr->Partition[1].StartingLBA);
343 //
344 // Don't allow partition to be self referencing
345 //
346 if (ExtMbrStartingLba == 0) {
347 break;
348 }
349 } while (ExtMbrStartingLba < ParentHdDev.PartitionSize);
350 }
351
352 Done:
353 FreePool (Mbr);
354
355 return Found;
356 }
EFI Development Kit II mirror for PVE