X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=MdeModulePkg%2FUniversal%2FDisk%2FPartitionDxe%2FGpt.c;h=35860515c13b9da3284b2a5f0d5c57cad2032016;hp=cdace18f481a1aad3b960266b397cd27cc65765a;hb=493d8e3a5e86f78ef975e18dfa5754adce9e82de;hpb=ff61847ddc91285a9ef8be00b89304870c493ef8
diff --git a/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c b/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c
index cdace18f48..35860515c1 100644
--- a/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c
+++ b/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c
@@ -2,8 +2,19 @@
Decode a hard disk partitioned with the GPT scheme in the UEFI 2.0
specification.
-Copyright (c) 2006 - 2008, Intel Corporation.
-All rights reserved. This program and the accompanying materials
+ Caution: This file requires additional review when modified.
+ This driver will have external input - disk partition.
+ This external input must be validated carefully to avoid security issue like
+ buffer overflow, integer overflow.
+
+ PartitionInstallGptChildHandles() routine will read disk partition content and
+ do basic validation before PartitionInstallChildHandle().
+
+ PartitionValidGptTable(), PartitionCheckGptEntry() routine will accept disk
+ partition content and validate the GPT table and GPT entry.
+
+Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.
+This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
@@ -16,11 +27,14 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include "Partition.h"
-
/**
Install child handles if the Handle supports GPT partition structure.
- @param[in] BlockIo Parent BlockIo interface
+ Caution: This function may receive untrusted input.
+ The GPT partition table header is external input, so this routine
+ will do basic validation for GPT partition table header before return.
+
+ @param[in] BlockIo Parent BlockIo interface.
@param[in] DiskIo Disk Io protocol.
@param[in] Lba The starting Lba of the Partition Table
@param[out] PartHeader Stores the partition table that is read
@@ -37,7 +51,6 @@ PartitionValidGptTable (
OUT EFI_PARTITION_TABLE_HEADER *PartHeader
);
-
/**
Check if the CRC field in the Partition table header is valid
for Partition entry array.
@@ -60,11 +73,11 @@ PartitionCheckGptEntryArrayCRC (
/**
Restore Partition Table to its alternate place
- (Primary -> Backup or Backup -> Primary)
+ (Primary -> Backup or Backup -> Primary).
- @param[in] BlockIo Parent BlockIo interface
+ @param[in] BlockIo Parent BlockIo interface.
@param[in] DiskIo Disk Io Protocol.
- @param[in] PartHeader Partition table header structure
+ @param[in] PartHeader Partition table header structure.
@retval TRUE Restoring succeeds
@retval FALSE Restoring failed
@@ -79,8 +92,11 @@ PartitionRestoreGptTable (
/**
- Restore Partition Table to its alternate place.
- (Primary -> Backup or Backup -> Primary)
+ This routine will check GPT partition entry and return entry status.
+
+ Caution: This function may receive untrusted input.
+ The GPT partition entry is external input, so this routine
+ will do basic validation for GPT partition entry and report status.
@param[in] PartHeader Partition table header structure
@param[in] PartEntry The partition entry array
@@ -160,15 +176,22 @@ PartitionSetCrc (
/**
Install child handles if the Handle supports GPT partition structure.
- @param[in] This - Calling context.
- @param[in] Handle - Parent Handle
- @param[in] DiskIo - Parent DiskIo interface
- @param[in] BlockIo - Parent BlockIo interface
- @param[in] DevicePath - Parent Device Path
+ Caution: This function may receive untrusted input.
+ The GPT partition table is external input, so this routine
+ will do basic validation for GPT partition table before install
+ child handle for each GPT partition.
+
+ @param[in] This Calling context.
+ @param[in] Handle Parent Handle.
+ @param[in] DiskIo Parent DiskIo interface.
+ @param[in] DiskIo2 Parent DiskIo2 interface.
+ @param[in] BlockIo Parent BlockIo interface.
+ @param[in] BlockIo2 Parent BlockIo2 interface.
+ @param[in] DevicePath Parent Device Path.
- @retval EFI_SUCCESS Valid GPT disk
- @retval EFI_MEDIA_CHANGED Media changed Detected
- @retval other Not a valid GPT disk
+ @retval EFI_SUCCESS Valid GPT disk.
+ @retval EFI_MEDIA_CHANGED Media changed Detected.
+ @retval other Not a valid GPT disk.
**/
EFI_STATUS
@@ -176,7 +199,9 @@ PartitionInstallGptChildHandles (
IN EFI_DRIVER_BINDING_PROTOCOL *This,
IN EFI_HANDLE Handle,
IN EFI_DISK_IO_PROTOCOL *DiskIo,
+ IN EFI_DISK_IO2_PROTOCOL *DiskIo2,
IN EFI_BLOCK_IO_PROTOCOL *BlockIo,
+ IN EFI_BLOCK_IO2_PROTOCOL *BlockIo2,
IN EFI_DEVICE_PATH_PROTOCOL *DevicePath
)
{
@@ -187,10 +212,12 @@ PartitionInstallGptChildHandles (
EFI_PARTITION_TABLE_HEADER *PrimaryHeader;
EFI_PARTITION_TABLE_HEADER *BackupHeader;
EFI_PARTITION_ENTRY *PartEntry;
+ EFI_PARTITION_ENTRY *Entry;
EFI_PARTITION_ENTRY_STATUS *PEntryStatus;
UINTN Index;
EFI_STATUS GptValidStatus;
HARDDRIVE_DEVICE_PATH HdDev;
+ UINT32 MediaId;
ProtectiveMbr = NULL;
PrimaryHeader = NULL;
@@ -200,9 +227,10 @@ PartitionInstallGptChildHandles (
BlockSize = BlockIo->Media->BlockSize;
LastBlock = BlockIo->Media->LastBlock;
+ MediaId = BlockIo->Media->MediaId;
DEBUG ((EFI_D_INFO, " BlockSize : %d \n", BlockSize));
- DEBUG ((EFI_D_INFO, " LastBlock : %x \n", LastBlock));
+ DEBUG ((EFI_D_INFO, " LastBlock : %lx \n", LastBlock));
GptValidStatus = EFI_NOT_FOUND;
@@ -217,24 +245,30 @@ PartitionInstallGptChildHandles (
//
// Read the Protective MBR from LBA #0
//
- Status = BlockIo->ReadBlocks (
- BlockIo,
- BlockIo->Media->MediaId,
- 0,
- BlockIo->Media->BlockSize,
- ProtectiveMbr
- );
+ Status = DiskIo->ReadDisk (
+ DiskIo,
+ MediaId,
+ 0,
+ BlockSize,
+ ProtectiveMbr
+ );
if (EFI_ERROR (Status)) {
GptValidStatus = Status;
goto Done;
}
+
//
// Verify that the Protective MBR is valid
//
- if (ProtectiveMbr->Partition[0].BootIndicator != 0x00 ||
- ProtectiveMbr->Partition[0].OSIndicator != PMBR_GPT_PARTITION ||
- UNPACK_UINT32 (ProtectiveMbr->Partition[0].StartingLBA) != 1
- ) {
+ for (Index = 0; Index < MAX_MBR_PARTITIONS; Index++) {
+ if (ProtectiveMbr->Partition[Index].BootIndicator == 0x00 &&
+ ProtectiveMbr->Partition[Index].OSIndicator == PMBR_GPT_PARTITION &&
+ UNPACK_UINT32 (ProtectiveMbr->Partition[Index].StartingLBA) == 1
+ ) {
+ break;
+ }
+ }
+ if (Index == MAX_MBR_PARTITIONS) {
goto Done;
}
@@ -275,7 +309,7 @@ PartitionInstallGptChildHandles (
DEBUG ((EFI_D_INFO, " Valid primary and !Valid backup partition table\n"));
DEBUG ((EFI_D_INFO, " Restore backup partition table by the primary\n"));
if (!PartitionRestoreGptTable (BlockIo, DiskIo, PrimaryHeader)) {
- DEBUG ((EFI_D_INFO, " Restore backup partition table error\n"));
+ DEBUG ((EFI_D_INFO, " Restore backup partition table error\n"));
}
if (PartitionValidGptTable (BlockIo, DiskIo, PrimaryHeader->AlternateLBA, BackupHeader)) {
@@ -289,22 +323,22 @@ PartitionInstallGptChildHandles (
//
// Read the EFI Partition Entries
//
- PartEntry = AllocatePool (PrimaryHeader->NumberOfPartitionEntries * sizeof (EFI_PARTITION_ENTRY));
+ PartEntry = AllocatePool (PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry);
if (PartEntry == NULL) {
DEBUG ((EFI_D_ERROR, "Allocate pool error\n"));
goto Done;
}
Status = DiskIo->ReadDisk (
- DiskIo,
- BlockIo->Media->MediaId,
- MultU64x32(PrimaryHeader->PartitionEntryLBA, BlockSize),
- PrimaryHeader->NumberOfPartitionEntries * (PrimaryHeader->SizeOfPartitionEntry),
- PartEntry
- );
+ DiskIo,
+ MediaId,
+ MultU64x32(PrimaryHeader->PartitionEntryLBA, BlockSize),
+ PrimaryHeader->NumberOfPartitionEntries * (PrimaryHeader->SizeOfPartitionEntry),
+ PartEntry
+ );
if (EFI_ERROR (Status)) {
GptValidStatus = Status;
- DEBUG ((EFI_D_ERROR, " Partition Entry ReadBlocks error\n"));
+ DEBUG ((EFI_D_ERROR, " Partition Entry ReadDisk error\n"));
goto Done;
}
@@ -332,12 +366,15 @@ PartitionInstallGptChildHandles (
// Create child device handles
//
for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) {
- if (CompareGuid (&PartEntry[Index].PartitionTypeGUID, &gEfiPartTypeUnusedGuid) ||
+ Entry = (EFI_PARTITION_ENTRY *) ((UINT8 *) PartEntry + Index * PrimaryHeader->SizeOfPartitionEntry);
+ if (CompareGuid (&Entry->PartitionTypeGUID, &gEfiPartTypeUnusedGuid) ||
PEntryStatus[Index].OutOfRange ||
- PEntryStatus[Index].Overlap
+ PEntryStatus[Index].Overlap ||
+ PEntryStatus[Index].OsSpecific
) {
//
- // Don't use null EFI Partition Entries or Invalid Partition Entries
+ // Don't use null EFI Partition Entries, Invalid Partition Entries or OS specific
+ // partition Entries
//
continue;
}
@@ -350,29 +387,31 @@ PartitionInstallGptChildHandles (
HdDev.PartitionNumber = (UINT32) Index + 1;
HdDev.MBRType = MBR_TYPE_EFI_PARTITION_TABLE_HEADER;
HdDev.SignatureType = SIGNATURE_TYPE_GUID;
- HdDev.PartitionStart = PartEntry[Index].StartingLBA;
- HdDev.PartitionSize = PartEntry[Index].EndingLBA - PartEntry[Index].StartingLBA + 1;
- CopyMem (HdDev.Signature, &PartEntry[Index].UniquePartitionGUID, sizeof (EFI_GUID));
+ HdDev.PartitionStart = Entry->StartingLBA;
+ HdDev.PartitionSize = Entry->EndingLBA - Entry->StartingLBA + 1;
+ CopyMem (HdDev.Signature, &Entry->UniquePartitionGUID, sizeof (EFI_GUID));
DEBUG ((EFI_D_INFO, " Index : %d\n", (UINT32) Index));
DEBUG ((EFI_D_INFO, " Start LBA : %lx\n", (UINT64) HdDev.PartitionStart));
- DEBUG ((EFI_D_INFO, " End LBA : %lx\n", (UINT64) PartEntry[Index].EndingLBA));
+ DEBUG ((EFI_D_INFO, " End LBA : %lx\n", (UINT64) Entry->EndingLBA));
DEBUG ((EFI_D_INFO, " Partition size: %lx\n", (UINT64) HdDev.PartitionSize));
- DEBUG ((EFI_D_INFO, " Start : %lx", MultU64x32 (PartEntry[Index].StartingLBA, BlockSize)));
- DEBUG ((EFI_D_INFO, " End : %lx\n", MultU64x32 (PartEntry[Index].EndingLBA, BlockSize)));
+ DEBUG ((EFI_D_INFO, " Start : %lx", MultU64x32 (Entry->StartingLBA, BlockSize)));
+ DEBUG ((EFI_D_INFO, " End : %lx\n", MultU64x32 (Entry->EndingLBA, BlockSize)));
Status = PartitionInstallChildHandle (
- This,
- Handle,
- DiskIo,
- BlockIo,
- DevicePath,
- (EFI_DEVICE_PATH_PROTOCOL *) &HdDev,
- PartEntry[Index].StartingLBA,
- PartEntry[Index].EndingLBA,
- BlockSize,
- CompareGuid(&PartEntry[Index].PartitionTypeGUID, &gEfiPartTypeSystemPartGuid)
- );
+ This,
+ Handle,
+ DiskIo,
+ DiskIo2,
+ BlockIo,
+ BlockIo2,
+ DevicePath,
+ (EFI_DEVICE_PATH_PROTOCOL *) &HdDev,
+ Entry->StartingLBA,
+ Entry->EndingLBA,
+ BlockSize,
+ CompareGuid(&Entry->PartitionTypeGUID, &gEfiPartTypeSystemPartGuid)
+ );
}
DEBUG ((EFI_D_INFO, "Prepare to Free Pool\n"));
@@ -397,11 +436,14 @@ Done:
return GptValidStatus;
}
-
/**
- Install child handles if the Handle supports GPT partition structure.
+ This routine will read GPT partition table header and return it.
- @param[in] BlockIo Parent BlockIo interface
+ Caution: This function may receive untrusted input.
+ The GPT partition table header is external input, so this routine
+ will do basic validation for GPT partition table header before return.
+
+ @param[in] BlockIo Parent BlockIo interface.
@param[in] DiskIo Disk Io protocol.
@param[in] Lba The starting Lba of the Partition Table
@param[out] PartHeader Stores the partition table that is read
@@ -421,9 +463,10 @@ PartitionValidGptTable (
EFI_STATUS Status;
UINT32 BlockSize;
EFI_PARTITION_TABLE_HEADER *PartHdr;
+ UINT32 MediaId;
BlockSize = BlockIo->Media->BlockSize;
-
+ MediaId = BlockIo->Media->MediaId;
PartHdr = AllocateZeroPool (BlockSize);
if (PartHdr == NULL) {
@@ -433,13 +476,13 @@ PartitionValidGptTable (
//
// Read the EFI Partition Table Header
//
- Status = BlockIo->ReadBlocks (
- BlockIo,
- BlockIo->Media->MediaId,
- Lba,
- BlockSize,
- PartHdr
- );
+ Status = DiskIo->ReadDisk (
+ DiskIo,
+ MediaId,
+ MultU64x32 (Lba, BlockSize),
+ BlockSize,
+ PartHdr
+ );
if (EFI_ERROR (Status)) {
FreePool (PartHdr);
return FALSE;
@@ -447,13 +490,22 @@ PartitionValidGptTable (
if ((PartHdr->Header.Signature != EFI_PTAB_HEADER_ID) ||
!PartitionCheckCrc (BlockSize, &PartHdr->Header) ||
- PartHdr->MyLBA != Lba
+ PartHdr->MyLBA != Lba ||
+ (PartHdr->SizeOfPartitionEntry < sizeof (EFI_PARTITION_ENTRY))
) {
DEBUG ((EFI_D_INFO, "Invalid efi partition table header\n"));
FreePool (PartHdr);
return FALSE;
}
+ //
+ // Ensure the NumberOfPartitionEntries * SizeOfPartitionEntry doesn't overflow.
+ //
+ if (PartHdr->NumberOfPartitionEntries > DivU64x32 (MAX_UINTN, PartHdr->SizeOfPartitionEntry)) {
+ FreePool (PartHdr);
+ return FALSE;
+ }
+
CopyMem (PartHeader, PartHdr, sizeof (EFI_PARTITION_TABLE_HEADER));
if (!PartitionCheckGptEntryArrayCRC (BlockIo, DiskIo, PartHeader)) {
FreePool (PartHdr);
@@ -465,7 +517,6 @@ PartitionValidGptTable (
return TRUE;
}
-
/**
Check if the CRC field in the Partition table header is valid
for Partition entry array.
@@ -528,11 +579,11 @@ PartitionCheckGptEntryArrayCRC (
/**
Restore Partition Table to its alternate place
- (Primary -> Backup or Backup -> Primary)
+ (Primary -> Backup or Backup -> Primary).
- @param[in] BlockIo Parent BlockIo interface
+ @param[in] BlockIo Parent BlockIo interface.
@param[in] DiskIo Disk Io Protocol.
- @param[in] PartHeader Partition table header structure
+ @param[in] PartHeader Partition table header structure.
@retval TRUE Restoring succeeds
@retval FALSE Restoring failed
@@ -550,11 +601,13 @@ PartitionRestoreGptTable (
EFI_PARTITION_TABLE_HEADER *PartHdr;
EFI_LBA PEntryLBA;
UINT8 *Ptr;
+ UINT32 MediaId;
PartHdr = NULL;
Ptr = NULL;
BlockSize = BlockIo->Media->BlockSize;
+ MediaId = BlockIo->Media->MediaId;
PartHdr = AllocateZeroPool (BlockSize);
@@ -574,22 +627,28 @@ PartitionRestoreGptTable (
PartHdr->PartitionEntryLBA = PEntryLBA;
PartitionSetCrc ((EFI_TABLE_HEADER *) PartHdr);
- Status = BlockIo->WriteBlocks (BlockIo, BlockIo->Media->MediaId, PartHdr->MyLBA, BlockSize, PartHdr);
+ Status = DiskIo->WriteDisk (
+ DiskIo,
+ MediaId,
+ MultU64x32 (PartHdr->MyLBA, (UINT32) BlockSize),
+ BlockSize,
+ PartHdr
+ );
if (EFI_ERROR (Status)) {
goto Done;
}
Ptr = AllocatePool (PartHeader->NumberOfPartitionEntries * PartHeader->SizeOfPartitionEntry);
if (Ptr == NULL) {
- DEBUG ((EFI_D_ERROR, " Allocate pool effor\n"));
+ DEBUG ((EFI_D_ERROR, " Allocate pool error\n"));
Status = EFI_OUT_OF_RESOURCES;
goto Done;
}
Status = DiskIo->ReadDisk (
DiskIo,
- BlockIo->Media->MediaId,
- MultU64x32(PartHeader->PartitionEntryLBA, BlockIo->Media->BlockSize),
+ MediaId,
+ MultU64x32(PartHeader->PartitionEntryLBA, (UINT32) BlockSize),
PartHeader->NumberOfPartitionEntries * PartHeader->SizeOfPartitionEntry,
Ptr
);
@@ -599,8 +658,8 @@ PartitionRestoreGptTable (
Status = DiskIo->WriteDisk (
DiskIo,
- BlockIo->Media->MediaId,
- MultU64x32(PEntryLBA, BlockIo->Media->BlockSize),
+ MediaId,
+ MultU64x32(PEntryLBA, (UINT32) BlockSize),
PartHeader->NumberOfPartitionEntries * PartHeader->SizeOfPartitionEntry,
Ptr
);
@@ -619,10 +678,12 @@ Done:
return TRUE;
}
-
/**
- Restore Partition Table to its alternate place.
- (Primary -> Backup or Backup -> Primary)
+ This routine will check GPT partition entry and return entry status.
+
+ Caution: This function may receive untrusted input.
+ The GPT partition entry is external input, so this routine
+ will do basic validation for GPT partition entry and report status.
@param[in] PartHeader Partition table header structure
@param[in] PartEntry The partition entry array
@@ -637,19 +698,21 @@ PartitionCheckGptEntry (
OUT EFI_PARTITION_ENTRY_STATUS *PEntryStatus
)
{
- EFI_LBA StartingLBA;
- EFI_LBA EndingLBA;
- UINTN Index1;
- UINTN Index2;
+ EFI_LBA StartingLBA;
+ EFI_LBA EndingLBA;
+ EFI_PARTITION_ENTRY *Entry;
+ UINTN Index1;
+ UINTN Index2;
DEBUG ((EFI_D_INFO, " start check partition entries\n"));
for (Index1 = 0; Index1 < PartHeader->NumberOfPartitionEntries; Index1++) {
- if (CompareGuid (&PartEntry[Index1].PartitionTypeGUID, &gEfiPartTypeUnusedGuid)) {
+ Entry = (EFI_PARTITION_ENTRY *) ((UINT8 *) PartEntry + Index1 * PartHeader->SizeOfPartitionEntry);
+ if (CompareGuid (&Entry->PartitionTypeGUID, &gEfiPartTypeUnusedGuid)) {
continue;
}
- StartingLBA = PartEntry[Index1].StartingLBA;
- EndingLBA = PartEntry[Index1].EndingLBA;
+ StartingLBA = Entry->StartingLBA;
+ EndingLBA = Entry->EndingLBA;
if (StartingLBA > EndingLBA ||
StartingLBA < PartHeader->FirstUsableLBA ||
StartingLBA > PartHeader->LastUsableLBA ||
@@ -660,20 +723,26 @@ PartitionCheckGptEntry (
continue;
}
- for (Index2 = Index1 + 1; Index2 < PartHeader->NumberOfPartitionEntries; Index2++) {
+ if ((Entry->Attributes & BIT1) != 0) {
+ //
+ // If Bit 1 is set, this indicate that this is an OS specific GUID partition.
+ //
+ PEntryStatus[Index1].OsSpecific = TRUE;
+ }
- if (CompareGuid (&PartEntry[Index2].PartitionTypeGUID, &gEfiPartTypeUnusedGuid)) {
+ for (Index2 = Index1 + 1; Index2 < PartHeader->NumberOfPartitionEntries; Index2++) {
+ Entry = (EFI_PARTITION_ENTRY *) ((UINT8 *) PartEntry + Index2 * PartHeader->SizeOfPartitionEntry);
+ if (CompareGuid (&Entry->PartitionTypeGUID, &gEfiPartTypeUnusedGuid)) {
continue;
}
- if (PartEntry[Index2].EndingLBA >= StartingLBA && PartEntry[Index2].StartingLBA <= EndingLBA) {
+ if (Entry->EndingLBA >= StartingLBA && Entry->StartingLBA <= EndingLBA) {
//
// This region overlaps with the Index1'th region
//
PEntryStatus[Index1].Overlap = TRUE;
PEntryStatus[Index2].Overlap = TRUE;
continue;
-
}
}
}