To have high confidence in usage for platform, add option (BIT2 of
PcdVTdPolicyPropertyMask) to force no IOMMU access attribute request
recording before DMAR table is installed.
Check PcdVTdPolicyPropertyMask BIT2 before RequestAccessAttribute()
and ProcessRequestedAccessAttribute(), then RequestAccessAttribute(),
ProcessRequestedAccessAttribute() and mAccessRequestXXX variables
could be optimized by compiler when PcdVTdPolicyPropertyMask BIT2 = 1.
Test done:
1: Created case that has IOMMU access attribute request before DMAR
table is installed, ASSERT was triggered after setting
PcdVTdPolicyPropertyMask BIT2 to 1.
2. Confirmed RequestAccessAttribute(), ProcessRequestedAccessAttribute()
and mAccessRequestXXX variables were optimized by compiler after
setting PcdVTdPolicyPropertyMask BIT2 to 1.
Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Rangasai V Chaganty <rangasai.v.chaganty@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
BobCF [Fri, 19 Oct 2018 12:00:09 +0000 (20:00 +0800)]
BaseTool: Filter out unused structure pcds
The current code handle all the structure pcds
even if there is no module or library use them.
This patch is going to filter out the unused structure pcds.
Zhaozh1x [Fri, 19 Oct 2018 12:11:01 +0000 (20:11 +0800)]
BaseTools: Not convert the void* pcd string in command line to array.
For void* type pcd in command line, if its value is string, code should
not convert the void* pcd string in command line to array, otherwise it
will make the pcd value in report not match its real raw value.
Zhaozh1x [Mon, 22 Oct 2018 08:23:18 +0000 (16:23 +0800)]
BaseTools: add ASSERT checker for array buffer in fdf and command line
For structure PCD in fdf file and command line,
1. use compiler time assert to check the array index, report error
if array index exceeds the array number.
2. use compiler time assert to check the array size, report error
if the user declared size in header file is smaller than the user
used in fdf file and command line.
AcpiExp text device path: AcpiExp(HID,CID,UIDSTR)
And according to UEFI spec, the CID parameter is optional
and has a default value of 0. But current implementation
miss to check following cases for the AcpiExp.
FromText:when text device is AcpiExp(HID,,UIDSTR)/AcpiExp(HID,0,UIDSTR)
ToText: when the CID is 0 in the node structure
This commit is to do the enhancement.
Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Dandan Bi <dandan.bi@intel.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
According to UEFI spec,
for the Messaging Device Path with USB Class SubType, some paras
are optional in the text device path.
Take UsbClass(VID,PID,Class,SubClass,Protocol) for example,
The VID is an integer between 0 and 65535 and is optional. The
default value is 0xFFFF.
The PID is an integer between 0 and 65535 and is optional. The
default value is 0xFFFF.
The Class is an integer between 0 and 255 and is optional. The
default value is 0xFF.
The SubClass is an integer between 0 and 255 and is optional. The
default value is 0xFF.
The Protocol is an integer between 0 and 255 and is optional. The
default value is 0xFF.
So if any the optional para is not specified in the text device,
we should set related para in the node structure to default value.
This commit is to do the enhancement for USB Class device path
when optional para is not specified
Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Dandan Bi <dandan.bi@intel.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Sata device path format:Sata(HPN, PMPN, LUN)
According to UEFI Spec, the PMPN is an integer between
0 and 65535 and is optional. If not provided, the default is 0xFFFF.
This commit is to do the enhancement for Sata device path
when optional para is not specified.
Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Dandan Bi <dandan.bi@intel.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
MdePkg-BaseLib: Fix PathCleanUpDirectories() issue with "\\..\\.."
Replace multiple, consecutive "\" characters prior to other processing
involving "\" characters. This fixes an issue where "\\..\\..",
"//..//..", and similar input paths are not cleaned properly.
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jim Dailey <jim_dailey@dell.com> Reviewed-by: Ruiyu Ni <Ruiyu.ni@Intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
This is a fix for a double cluster allocation when the disk is full.
The double allocation happens because FatGrowEof calls
FatAllocateCluster without immediately marking the each returned
cluster as allocated. The fix is to move the FatSetFatEntry call
inside the loop.
I've also include some improvements to the sanity checks that I added
while tracking this down. They are optional.
When "dmem" runs without additional arguments, it dumps the memory
content of EFI_SYSTEM_TABLE. But today's implementation dumps 512
bytes. It's not correct because sizeof (EFI_SYSTEM_TABLE) is less
than 512, the 512-read causes page fault exception in a heap-guard
enabled environment.
The patch changes the implementation to only dump
sizeof (EFI_SYSTEM_TABLE) bytes for gST.
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Jaben Carsey <jaben.carsey@intel.com> Reviewed-by: Jim Dailey <jim_dailey@.com>
Ruiyu Ni [Tue, 23 Oct 2018 02:26:01 +0000 (10:26 +0800)]
MdeModulePkg/UsbMass: Fix USB key write failure
Commit e59db6a732dbbb064b1e39a288a25edc90adac5d
* MdeModulePkg/UsbMass: Merge UsbBoot(Read|Write)Blocks(16)
introduces a bug that causes writing to USB key always fails.
When that patch is verified, only reading was verified.
The root cause is when the writing operation is performed,
the data direction EfiUsbDataIn is wrongly used. Instead, it
should be EfiUsbDataOut.
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
Liming Gao [Tue, 16 Oct 2018 02:06:12 +0000 (10:06 +0800)]
IntelFrameworkModulePkg: Add more checker in UefiTianoDecompressLib (CVE FIX)
Fix CVE-2017-5731,CVE-2017-5732,CVE-2017-5733,CVE-2017-5734,CVE-2017-5735
https://bugzilla.tianocore.org/show_bug.cgi?id=686
To make sure the valid buffer be accessed only.
is reached multiple times during the 'for' loop, freeing the data pointed
by variable 'Data' may potentially lead to variable 'Ad' referencing the
already-freed data.
After calling function GetAllocationDescriptor(), 'Data' and 'Ad' may
point to the same memory (with some possible offset). Hence, this commit
will move the FreePool() call backwards to ensure the data will no longer
be used.
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Paulo Alcantara <palcantara@suse.de> Acked-by: Star Zeng <star.zeng@intel.com>
This commit will add an additional check within function GetPdFromLongAd()
when getting a Partition Descriptor from given a Long Allocation
Descriptor.
According to UDF 2.60 Spec, Section 2.2.13:
> The partition reference numbers used are determined by the order of the
> Partition Maps in the LVD.
(Also the picture comes before the above contents)
And a more detailed explanation of the partition reference numbers is at
https://sites.google.com/site/udfintro/ (seems not a formal documentation
though), Section 5.3.6.
Based on the above findings, the 'PartitionReferenceNumber' field in a
Long Allocation Descriptor is used as an index to access the Partition
Maps data within a Logical Volume Descriptor.
Hence, the new check focuses on the validity of this
'PartitionReferenceNumber' field in a Long Allocation Descriptor. Since
the current implementation of UdfDxe driver supports only one partition on
a Logical Volume, so the value of 'PartitionReferenceNumber' should be 0.
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Paulo Alcantara <palcantara@suse.de> Acked-by: Star Zeng <star.zeng@intel.com>
Calling the 'SetPosition' service of the EFI_FILE_PROTOCOL with 'Position'
equals to 0xFFFFFFFFFFFFFFFF for a file is to set the current position to
the end of the file. But the current implementation of function
UdfSetPosition() is to set it to the last byte (not EOF).
This commit will resolve this issue.
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Paulo Alcantara <palcantara@suse.de> Acked-by: Star Zeng <star.zeng@intel.com>
The boundary check will validate the 'NumberOfPartitions' field of a
Logical Volume Integrity Descriptor matches the data within the relating
Logical Volume Descriptor.
Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Paulo Alcantara <palcantara@suse.de> Acked-by: Star Zeng <star.zeng@intel.com>
The boundary check will validate the 'LengthofComponentIdentifier' field
of a Path Component matches the data within the relating (Extended) File
Entry.
Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Paulo Alcantara <palcantara@suse.de> Acked-by: Star Zeng <star.zeng@intel.com>
Add checks to ensure that when getting the raw data or the Allocation
Descriptors' data from a FE/EFE, it will not consume data beyond the
size of a FE/EFE.
Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Paulo Alcantara <palcantara@suse.de> Acked-by: Star Zeng <star.zeng@intel.com>
The value 5 Port Speed field of PORTSC is new defined in
XHCI 1.1 spec November 2017.
This patch updates XhciDxe and XhciPei to handle it, otherwise
the USB 3.1 device may not be recognized with the XHCI controller
following XHCI 1.1 spec November 2017.
Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Hao Wu <hao.a.wu@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Star Zeng [Sun, 21 Oct 2018 04:12:39 +0000 (12:12 +0800)]
MdeModulePkg XhciDxe: Assign Usb2Hc.XXXRevision based on SBRN
Current hard code Usb2Hc.XXXRevision may be not accurate.
This patch updates code to assign Usb2Hc.XXXRevision based on
SBRN (Serial Bus Release Number, PCI configuration space offset
0x60) although there is no code consuming them.
Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Hao Wu <hao.a.wu@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Yonghong Zhu [Fri, 19 Oct 2018 07:10:30 +0000 (15:10 +0800)]
BaseTools: Fix the *B and *F Flag display for Structure Pcd
Because of we newly add the PcdFieldValueFromComm and
PcdFieldValueFromFdf in early parser phase, so in the report we use
the saved value in this two variables to print it.
Zhaozh1x [Thu, 18 Oct 2018 02:42:34 +0000 (10:42 +0800)]
BaseTools: Convert "Unicode string" to "byte array" if value type diff
V2:
Fixed 3 typo.
Use startswith(('L"',"L'")) to check if a string is Unicode string.
Use a set PcdValueTypeSet instead of a list PcdValueTypeList to save
memory.
V1:
For the same one VOID* pcd, if the default value type of one SKU is
"Unicode string", the other SKUs are "OtherVOID*"(ASCII string or
byte array),Then convert "Unicode string" to "byte array".
Eric Dong [Wed, 17 Oct 2018 01:24:05 +0000 (09:24 +0800)]
UefiCpuPkg/CpuCommonFeaturesLib: Register MSR base on scope Info.
Because MSR has scope attribute, driver has no needs to set
MSR for all APs if MSR scope is core or package type. This patch
updates code to base on the MSR scope value to add MSR to the register
table.
Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Eric Dong [Mon, 15 Oct 2018 02:34:59 +0000 (10:34 +0800)]
UefiCpuPkg/PiSmmCpuDxeSmm: Add logic to support semaphore type.
V4 changes:
1. Serial console log for different threads when program register table.
2. Check the AcpiCpuData before use it to avoid potential ASSERT.
V3 changes:
1. Use global variable instead of internal function to return string for register type
and dependence type.
2. Add comments for some complicated logic.
V1 changes:
Because this driver needs to set MSRs saved in normal boot phase, sync
semaphore logic from RegisterCpuFeaturesLib code which used for normal boot phase.
Detail see below change for RegisterCpuFeaturesLib:
UefiCpuPkg/RegisterCpuFeaturesLib: Add logic to support semaphore type.
Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
Eric Dong [Wed, 17 Oct 2018 01:31:03 +0000 (09:31 +0800)]
UefiCpuPkg/RegisterCpuFeaturesLib: Add logic to support semaphore type.
V4 changes include:
1. Serial debug message for different threads when program the register table.
V3 changes include:
1. Use global variable instead of internal function to return string for register type
and dependence type.
2. Add comments for some complicated logic.
V2 changes include:
1. Add more description for the code part which need easy to understand.
2. Refine some code base on feedback for V1 changes.
V1 changes include:
In a system which has multiple cores, current set register value task costs huge times.
After investigation, current set MSR task costs most of the times. Current logic uses
SpinLock to let set MSR task as an single thread task for all cores. Because MSR has
scope attribute which may cause GP fault if multiple APs set MSR at the same time,
current logic use an easiest solution (use SpinLock) to avoid this issue, but it will
cost huge times.
In order to fix this performance issue, new solution will set MSRs base on their scope
attribute. After this, the SpinLock will not needed. Without SpinLock, new issue raised
which is caused by MSR dependence. For example, MSR A depends on MSR B which means MSR A
must been set after MSR B has been set. Also MSR B is package scope level and MSR A is
thread scope level. If system has multiple threads, Thread 1 needs to set the thread level
MSRs and thread 2 needs to set thread and package level MSRs. Set MSRs task for thread 1
and thread 2 like below:
Thread 1 Thread 2
MSR B N Y
MSR A Y Y
If driver don't control execute MSR order, for thread 1, it will execute MSR A first, but
at this time, MSR B not been executed yet by thread 2. system may trig exception at this
time.
In order to fix the above issue, driver introduces semaphore logic to control the MSR
execute sequence. For the above case, a semaphore will be add between MSR A and B for
all threads. Semaphore has scope info for it. The possible scope value is core or package.
For each thread, when it meets a semaphore during it set registers, it will 1) release
semaphore (+1) for each threads in this core or package(based on the scope info for this
semaphore) 2) acquire semaphore (-1) for all the threads in this core or package(based
on the scope info for this semaphore). With these two steps, driver can control MSR
sequence. Sample code logic like below:
//
// First increase semaphore count by 1 for processors in this package.
//
for (ProcessorIndex = 0; ProcessorIndex < PackageThreadsCount ; ProcessorIndex ++) {
LibReleaseSemaphore ((UINT32 *) &SemaphorePtr[PackageOffset + ProcessorIndex]);
}
//
// Second, check whether the count has reach the check number.
//
for (ProcessorIndex = 0; ProcessorIndex < ValidApCount; ProcessorIndex ++) {
LibWaitForSemaphore (&SemaphorePtr[ApOffset]);
}
Platform Requirement:
1. This change requires register MSR setting base on MSR scope info. If still register MSR
for all threads, exception may raised.
Known limitation:
1. Current CpuFeatures driver supports DXE instance and PEI instance. But semaphore logic
requires Aps execute in async mode which is not supported by PEI driver. So CpuFeature
PEI instance not works after this change. We plan to support async mode for PEI in phase
2 for this task.
Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Eric Dong [Mon, 15 Oct 2018 01:19:18 +0000 (09:19 +0800)]
UefiCpuPkg/Include/AcpiCpuData.h: Add Semaphore related Information.
v3 changes:
1. Move CPU_FEATURE_DEPENDENCE_TYPE definition here from RegisterCpuFeaturesLib.h file.
2. Add Invalid type for REGISTER_TYPE which will be used in code.
v2 changes:
1. Add more description about why we do this change.
2. Change structure field type from pointer to EFI_PHYSICAL_ADDRESS because it will
be share between PEI and DXE.
v1 Changes:
In order to support semaphore related logic, add new definition for it.
In a system which has multiple cores, current set register value task costs huge times.
After investigation, current set MSR task costs most of the times. Current logic uses
SpinLock to let set MSR task as an single thread task for all cores. Because MSR has
scope attribute which may cause GP fault if multiple APs set MSR at the same time,
current logic use an easiest solution (use SpinLock) to avoid this issue, but it will
cost huge times.
In order to fix this performance issue, new solution will set MSRs base on their scope
attribute. After this, the SpinLock will not needed. Without SpinLock, new issue raised
which is caused by MSR dependence. For example, MSR A depends on MSR B which means MSR A
must been set after MSR B has been set. Also MSR B is package scope level and MSR A is
thread scope level. If system has multiple threads, Thread 1 needs to set the thread level
MSRs and thread 2 needs to set thread and package level MSRs. Set MSRs task for thread 1
and thread 2 like below:
Thread 1 Thread 2
MSR B N Y
MSR A Y Y
If driver don't control execute MSR order, for thread 1, it will execute MSR A first, but
at this time, MSR B not been executed yet by thread 2. system may trig exception at this
time.
In order to fix the above issue, driver introduces semaphore logic to control the MSR
execute sequence. For the above case, a semaphore will be add between MSR A and B for
all threads. Semaphore has scope info for it. The possible scope value is core or package.
For each thread, when it meets a semaphore during it set registers, it will 1) release
semaphore (+1) for each threads in this core or package(based on the scope info for this
semaphore) 2) acquire semaphore (-1) for all the threads in this core or package(based
on the scope info for this semaphore). With these two steps, driver can control MSR
sequence. Sample code logic like below:
//
// First increase semaphore count by 1 for processors in this package.
//
for (ProcessorIndex = 0; ProcessorIndex < PackageThreadsCount ; ProcessorIndex ++) {
LibReleaseSemaphore ((UINT32 *) &SemaphorePtr[PackageOffset + ProcessorIndex]);
}
//
// Second, check whether the count has reach the check number.
//
for (ProcessorIndex = 0; ProcessorIndex < ValidApCount; ProcessorIndex ++) {
LibWaitForSemaphore (&SemaphorePtr[ApOffset]);
}
Platform Requirement:
1. This change requires register MSR setting base on MSR scope info. If still register MSR
for all threads, exception may raised.
Known limitation:
1. Current CpuFeatures driver supports DXE instance and PEI instance. But semaphore logic
requires Aps execute in async mode which is not supported by PEI driver. So CpuFeature
PEI instance not works after this change. We plan to support async mode for PEI in phase
2 for this task.
Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
In above commit, it changed the value of IsMatch in Ikev2ChildSaParseSaPayload()
to FALSE. That's correct but it exposed the potential bug in to match the correct
proposal Data, which will cause the issue happen.
Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com>
in the build report, Data = OverrideValues[Keys[0]], but the Keys[0]
is the keyword "DEFAULT", and in this case the "DEFAULT" SKU doesn't
save any value, then it cause the Data is empty, in the next code
when we use the code it cause crash.
Yonghong Zhu [Fri, 19 Oct 2018 07:15:02 +0000 (15:15 +0800)]
BaseTools: Fix the crash issue when Dynamic structure Pcd use in FDF
The case is use Dynamic structure Pcd in the FDF file.
Current code already save the Guid, Name and Filed info for those Pcd,
but it directly use the dict key as [Name, Guid] and cause this crash
issue.
af5e95215928e052445c473f1244412dadea8252 abstracted generic functions
from different modules (IntelVTdDxe, S3SaveStateDxe, PcRtc,
DpDynamicCommand and PiSmmCpuDxeSmm). Some of them (IntelVTdDxe and
PcRtc) checked Table against NULL before accessing Table->Signature,
some (S3SaveStateDxe, DpDynamicCommand and PiSmmCpuDxeSmm did not.
The ScanTableInSDT() in Acpi.c of UefiLib was mainly from
S3SaveStateDxe, so it does not check Table against NULL before
accessing Table->Signature.
This patch updates ScanTableInSDT() to check Table against NULL first
before accessing Table->Signature.
Cc: Liming Gao <liming.gao@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Add support for both API (original mode) and DISPATCH mode:
1. Add FspMode field from reserved byte of Global
Data Structure to tell which mode is selected by boot
loader. If boot loader invoking FSP-M API this field
will remain as default 0 (API mode), otherwise platform
FSP should set this field to 1 (Dispatch mode) when
initializing Global Data Structure.
2. gFspInApiModePpiGuid will be instaled when FSP running in API
mode and modules only for API mode should have this in depex.
3. If it is DISPATCH mode, FSP will return to PEI dispatcher,
not directly return to boot loader.
4. DISPATCH mode supports DXE NotifyPhase drivers so FSP
will not wait for PEI NotifyPhase callbacks, instead it
will install gFspReadyForNotifyPhasePpiGuid PPI for
platform to complete late initialization before transferring
to DXE.
Test: Verified FSP API and DISPATCH modes on 2 internal
platforms and both boot successfully.
Cc: Jiewen Yao <Jiewen.yao@intel.com> Cc: Desimone Nathaniel L <nathaniel.l.desimone@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Chasel Chiu <chasel.chiu@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Sometimes the memory will be contaminated by random data left in last
boot (warm reset). The code should not assume the allocated memory is
always filled with zero. This patch add code to clear data structure
used for stack switch to prevent such problem from happening.
Cc: Eric Dong <eric.dong@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Then build with --pcd TokenSpaceGuid.PcdFlag=TRUE, it report failure,
but if we build without this --pcd option, it could build success.
we found when the --pcd is enabled, the fixedatbuild pcds are not be
collected into expression to calculate.
We found potential dead codes within File.c during the code coverage test.
After manual review, we think the below ones are positive reports:
A. For function GetAllocationDescriptor():
Due to the all the calling places for this function, the input parameter
'RecordingFlags' can only with value 'LongAdsSequence' or
'ShortAdsSequence'. Moreover, this is also mentioned in the function
description comments for GetAllocationDescriptor().
So the below code will never be reached:
return EFI_DEVICE_ERROR;
This commit will add "ASSERT (FALSE);" before the above line to indicate
this and thus matching the function description comments.
B. For function GetAllocationDescriptorLsn():
Due to the all the calling places for this function, the input parameter
'RecordingFlags' can only with value 'LongAdsSequence' or
'ShortAdsSequence'. Moreover, this is also mentioned in the function
description comments for GetAllocationDescriptorLsn().
So the below code will never be reached:
return EFI_UNSUPPORTED;
This commit will add "ASSERT (FALSE);" before the above line to indicate
this and thus matching the function description comments.
Cc: Paulo Alcantara <palcantara@suse.de> Cc: Paulo Alcantara <paulo@paulo.ac> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
We found potential dead codes within File.c during the code coverage test.
After manual review, we think the below ones are positive reports:
A. In function UdfRead():
else if (IS_FID_DELETED_FILE (Parent->FileIdentifierDesc)) {
Status = EFI_DEVICE_ERROR;
}
A File Identifier Descriptor will be get from the UDF media only by
function ReadDirectoryEntry(). And within this function, all the File
Identifier Descriptor with 'DELETED_FILE' characteristics will be skipped
and will not be returned. Hence, the above codes in function UdfRead()
will never be hit.
This commit will add "ASSERT (FALSE);" before the above line to indicate
this.
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Paulo Alcantara <palcantara@suse.de> Reviewed-by: Star Zeng <star.zeng@intel.com>
This commit will refine the ASSERTs in function GetLongAdLsn() and
GetAllocationDescriptorLsn() when the logical sector number cannot be
returned due to unrecognized media format.
Error handling logic will be used for those ASSERTs.
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Paulo Alcantara <palcantara@suse.de> Reviewed-by: Star Zeng <star.zeng@intel.com>
Hao Wu [Tue, 9 Oct 2018 03:03:27 +0000 (11:03 +0800)]
MdeModulePkg/UdfDxe: ASSERT for false positives of NULL ptr deref
This commit adds ASSERTs to address false positive reports of NULL
pointer dereference issues raised from static analysis with regard to
function ReadDirectoryEntry().
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Paulo Alcantara <palcantara@suse.de> Reviewed-by: Star Zeng <star.zeng@intel.com>
The IA32 variant of InternalSyncCompareExchange64() is correct, but we can
simplify it. We don't need to load the lower 32 bits of ExchangeValue into
EBX in two steps (first into a general register, then into EBX); we can
ask GCC to populate EBX like that itself.
Cc: Liming Gao <liming.gao@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1208
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
(This patch is identical to the X64 half of the last one, except for the
InternalSyncCompareExchange32() -> InternalSyncCompareExchange64() and
"cmpxchgl" -> "cmpxchgq" replacements.)
The CMPXCHG instruction has the following operands:
- AX (implicit, CompareValue): input and output
- destination operand (*Value): input and output
- source operand (ExchangeValue): input
The X64 version of InternalSyncCompareExchange64() attempts to mark both
CompareValue and (*Value) as input/output, but it doesn't use the
appropriate constraints for either operand.
Fix these issues. Furthermore, prefer the short "+" constraint for I/O
operands over the <output-operand-number> constraint that can be applied
to the input instances of I/O operands.
Cc: Liming Gao <liming.gao@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1208
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
(This patch is identical to the last one, except for the
InternalSyncCompareExchange16() -> InternalSyncCompareExchange32() and
"cmpxchgw" -> "cmpxchgl" replacements.)
The CMPXCHG instruction has the following operands:
- AX (implicit, CompareValue): input and output
- destination operand (*Value): input and output
- source operand (ExchangeValue): input
The IA32 version of InternalSyncCompareExchange32() correctly marks
CompareValue as input/output, but it marks (*Value) only as input.
The X64 version of InternalSyncCompareExchange32() attempts to mark both
CompareValue and (*Value) as input/output, but it doesn't use the
appropriate constraints for either operand.
Fix these issues. Furthermore, prefer the short "+" constraint for I/O
operands over the <output-operand-number> constraint that can be applied
to the input instances of I/O operands.
Cc: Liming Gao <liming.gao@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1208
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
The CMPXCHG instruction has the following operands:
- AX (implicit, CompareValue): input and output
- destination operand (*Value): input and output
- source operand (ExchangeValue): input
The IA32 version of InternalSyncCompareExchange16() correctly marks
CompareValue as input/output, but it marks (*Value) only as input.
The X64 version of InternalSyncCompareExchange16() attempts to mark both
CompareValue and (*Value) as input/output, but it doesn't use the
appropriate constraints for either operand.
Fix these issues. Furthermore, prefer the short "+" constraint for I/O
operands over the <output-operand-number> constraint that can be applied
to the input instances of I/O operands.
Cc: Liming Gao <liming.gao@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1208
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
When SetVariable() to a time based auth variable with APPEND_WRITE
attribute, and if the EFI_VARIABLE_AUTHENTICATION_2.TimeStamp in
the input Data is earlier than current value, it will cause timestamp
zeroing.
This issue may bring time based auth variable downgrade problem.
For example:
A vendor released three certs at 2014, 2015, and 2016, and system
integrated the 2016 cert. User can SetVariable() with 2015 cert and
APPEND_WRITE attribute to cause timestamp zeroing first, then
SetVariable() with 2014 cert to downgrade the cert.
This patch fixes this issue.
Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Ruiyu Ni [Thu, 13 Sep 2018 08:09:10 +0000 (16:09 +0800)]
MdeModulePkg/UsbMouse: Don't access key codes when length is wrong
Per USB HID spec, the buffer holding key codes should at least 3-byte
long.
Today's code assumes that the key codes buffer length is longer than
3-byte and unconditionally accesses the key codes buffer.
It's incorrect.
The patch fixes the issue by returning Device Error when the
length is less than 3-byte.
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Star Zeng <star.zeng@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Steven Shi <steven.shi@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
Ruiyu Ni [Thu, 13 Sep 2018 08:06:52 +0000 (16:06 +0800)]
MdeModulePkg/AbsPointer: Don't access key codes when length is wrong
Per USB HID spec, the buffer holding key codes should at least 3-byte
long.
Today's code assumes that the key codes buffer length is longer than
3-byte and unconditionally accesses the key codes buffer.
It's incorrect.
The patch fixes the issue by returning Device Error when the
length is less than 3-byte.
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Star Zeng <star.zeng@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Steven Shi <steven.shi@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
Ruiyu Ni [Thu, 13 Sep 2018 07:49:23 +0000 (15:49 +0800)]
MdeModulePkg/UsbKb: Don't access key codes when length is wrong
Per USB HID spec, the buffer holding key codes should be 8-byte
long.
Today's code assumes that the key codes buffer length is 8-byte
long and unconditionally accesses the key codes buffer.
It's incorrect.
The patch fixes the issue by returning Device Error when the
length is less than 8-byte.
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Star Zeng <star.zeng@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Steven Shi <steven.shi@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
Ruiyu Ni [Thu, 27 Sep 2018 08:34:36 +0000 (16:34 +0800)]
MdeModulePkg/UsbBus: Fix out-of-bound read access to descriptors
Today's implementation reads the Type/Length field in the USB
descriptors data without checking whether the offset to read is
beyond the data boundary.
The patch fixes this issue.
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Star Zeng <star.zeng@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
Ruiyu Ni [Tue, 11 Sep 2018 10:13:05 +0000 (18:13 +0800)]
MdeModulePkg/UsbMass: Fix integer overflow when BlockSize is 1
UsbBootReadWriteBlocks() and UsbBootReadWriteBlocks16() use a UINT16
local variable to hold the value of
USB_BOOT_MAX_CARRY_SIZE (=0x10000) / BlockSize.
When BlockSize is 1, the UINT16 local variable is set to 0x10000
but the high-16 bits are truncated resulting the final value be 0.
It causes the while-loop in the two functions accesses 0 block in
each loop, resulting the loop never ends.
The patch fixes the two functions to make sure no integer overflow
happens.
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Star Zeng <star.zeng@intel.com> Cc: Steven Shi <steven.shi@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
Wonkyu Kim [Mon, 15 Oct 2018 22:44:45 +0000 (06:44 +0800)]
CorebootPayloadPkg: don't use serial output for Release build
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Wonkyu Kim <wonkyu.kim@intel.com> Reviewed-by: Maurice Ma <maurice.ma@intel.com> Reviewed-by: Benjamin You <benjamin.you@intel.com>
zhijufan [Mon, 15 Oct 2018 01:02:31 +0000 (09:02 +0800)]
BaseTools: Add check for the string type whether is same
Relational and equality operators require both operands to be of
the same type.
Treat the string 'A' and "A" as same type, but for "A" and L"A"
are not same type since one is general string, another is unicode
string.
The commit 84a52d4d030185a44f2d8736142c6f0b19c6e9b1 will introduce
the new issue "Invalid offset value for Dynamic Vpd PCD". This patch
will fix the new issue, add 'DEFAULT' sku in to the AvailableSkuIdSet
variable.
BaseTools: Convert string value of void* pcd in command line to array.
For void* type pcd in command line, if its value is string, then
convert the string value to array format. For example,
build --pcd gUefiOvmfPkgTokenSpaceGuid.PcdTest="c",
convert the pcd value from "c" to "{0x63,0x00}".
BaseTools: add ASSERT checker for array buffer value assignment.
V3:
Update the error message for array checker.
V2:
1. Add comments for each ASSERT.
2. ASSERT need to skip the case of array size of array as zero. For
example, TestArray[] in struct in header file.
V1:
For structure PCD,
1. use compiler time assert to check the array index, report error
if array index exceeds the array number.
2. use compiler time assert to check the array size, report error
if the user declared size in header file is smaller than the user
defined in DEC/DSC file.
There are five check not necessary in logic ,just for pass static
analysis. More detail please refer to comment in code.
And the rest changes are all accepted by owner, they are reasonable.
projects / mirror_edk2.git / log