mirror_edk2.git
4 years agoIntelFspWrapperPkg: Refine casting expression result to bigger size
Hao Wu [Wed, 15 Feb 2017 08:04:26 +0000 (16:04 +0800)]
IntelFspWrapperPkg: Refine casting expression result to bigger size

There are cases that the operands of an expression are all with rank less
than UINT64/INT64 and the result of the expression is explicitly cast to
UINT64/INT64 to fit the target size.

An example will be:
UINT32 a,b;
// a and b can be any unsigned int type with rank less than UINT64, like
// UINT8, UINT16, etc.
UINT64 c;
c = (UINT64) (a + b);

Some static code checkers may warn that the expression result might
overflow within the rank of "int" (integer promotions) and the result is
then cast to a bigger size.

The commit refines codes by the following rules:
1). When the expression is possible to overflow the range of unsigned int/
int:
c = (UINT64)a + b;

2). When the expression will not overflow within the rank of "int", remove
the explicit type casts:
c = a + b;

3). When the expression will be cast to pointer of possible greater size:
UINT32 a,b;
VOID *c;
c = (VOID *)(UINTN)(a + b); --> c = (VOID *)((UINTN)a + b);

4). When one side of a comparison expression contains only operands with
rank less than UINT32:
UINT8 a;
UINT16 b;
UINTN c;
if ((UINTN)(a + b) > c) {...} --> if (((UINT32)a + b) > c) {...}

For rule 4), if we remove the 'UINTN' type cast like:
if (a + b > c) {...}
The VS compiler will complain with warning C4018 (signed/unsigned
mismatch, level 3 warning) due to promoting 'a + b' to type 'int'.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
4 years agoIntelFsp2WrapperPkg: Refine casting expression result to bigger size
Hao Wu [Wed, 15 Feb 2017 05:51:01 +0000 (13:51 +0800)]
IntelFsp2WrapperPkg: Refine casting expression result to bigger size

There are cases that the operands of an expression are all with rank less
than UINT64/INT64 and the result of the expression is explicitly cast to
UINT64/INT64 to fit the target size.

An example will be:
UINT32 a,b;
// a and b can be any unsigned int type with rank less than UINT64, like
// UINT8, UINT16, etc.
UINT64 c;
c = (UINT64) (a + b);

Some static code checkers may warn that the expression result might
overflow within the rank of "int" (integer promotions) and the result is
then cast to a bigger size.

The commit refines codes by the following rules:
1). When the expression is possible to overflow the range of unsigned int/
int:
c = (UINT64)a + b;

2). When the expression will not overflow within the rank of "int", remove
the explicit type casts:
c = a + b;

3). When the expression will be cast to pointer of possible greater size:
UINT32 a,b;
VOID *c;
c = (VOID *)(UINTN)(a + b); --> c = (VOID *)((UINTN)a + b);

4). When one side of a comparison expression contains only operands with
rank less than UINT32:
UINT8 a;
UINT16 b;
UINTN c;
if ((UINTN)(a + b) > c) {...} --> if (((UINT32)a + b) > c) {...}

For rule 4), if we remove the 'UINTN' type cast like:
if (a + b > c) {...}
The VS compiler will complain with warning C4018 (signed/unsigned
mismatch, level 3 warning) due to promoting 'a + b' to type 'int'.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
4 years agoIntelFrameworkModulePkg: Refine casting expression result to bigger size
Hao Wu [Mon, 23 Jan 2017 03:24:50 +0000 (11:24 +0800)]
IntelFrameworkModulePkg: Refine casting expression result to bigger size

There are cases that the operands of an expression are all with rank less
than UINT64/INT64 and the result of the expression is explicitly cast to
UINT64/INT64 to fit the target size.

An example will be:
UINT32 a,b;
// a and b can be any unsigned int type with rank less than UINT64, like
// UINT8, UINT16, etc.
UINT64 c;
c = (UINT64) (a + b);

Some static code checkers may warn that the expression result might
overflow within the rank of "int" (integer promotions) and the result is
then cast to a bigger size.

The commit refines codes by the following rules:
1). When the expression is possible to overflow the range of unsigned int/
int:
c = (UINT64)a + b;

2). When the expression will not overflow within the rank of "int", remove
the explicit type casts:
c = a + b;

3). When the expression will be cast to pointer of possible greater size:
UINT32 a,b;
VOID *c;
c = (VOID *)(UINTN)(a + b); --> c = (VOID *)((UINTN)a + b);

4). When one side of a comparison expression contains only operands with
rank less than UINT32:
UINT8 a;
UINT16 b;
UINTN c;
if ((UINTN)(a + b) > c) {...} --> if (((UINT32)a + b) > c) {...}

For rule 4), if we remove the 'UINTN' type cast like:
if (a + b > c) {...}
The VS compiler will complain with warning C4018 (signed/unsigned
mismatch, level 3 warning) due to promoting 'a + b' to type 'int'.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
4 years agoFatPkg: Refine casting expression result to bigger size
Hao Wu [Sun, 22 Jan 2017 02:17:52 +0000 (10:17 +0800)]
FatPkg: Refine casting expression result to bigger size

There are cases that the operands of an expression are all with rank less
than UINT64/INT64 and the result of the expression is explicitly cast to
UINT64/INT64 to fit the target size.

An example will be:
UINT32 a,b;
// a and b can be any unsigned int type with rank less than UINT64, like
// UINT8, UINT16, etc.
UINT64 c;
c = (UINT64) (a + b);

Some static code checkers may warn that the expression result might
overflow within the rank of "int" (integer promotions) and the result is
then cast to a bigger size.

The commit refines codes by the following rules:
1). When the expression is possible to overflow the range of unsigned int/
int:
c = (UINT64)a + b;

2). When the expression will not overflow within the rank of "int", remove
the explicit type casts:
c = a + b;

3). When the expression will be cast to pointer of possible greater size:
UINT32 a,b;
VOID *c;
c = (VOID *)(UINTN)(a + b); --> c = (VOID *)((UINTN)a + b);

4). When one side of a comparison expression contains only operands with
rank less than UINT32:
UINT8 a;
UINT16 b;
UINTN c;
if ((UINTN)(a + b) > c) {...} --> if (((UINT32)a + b) > c) {...}

For rule 4), if we remove the 'UINTN' type cast like:
if (a + b > c) {...}
The VS compiler will complain with warning C4018 (signed/unsigned
mismatch, level 3 warning) due to promoting 'a + b' to type 'int'.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
4 years agoMdeModulePkg: Refine casting expression result to bigger size
Hao Wu [Fri, 24 Feb 2017 02:01:34 +0000 (10:01 +0800)]
MdeModulePkg: Refine casting expression result to bigger size

There are cases that the operands of an expression are all with rank less
than UINT64/INT64 and the result of the expression is explicitly cast to
UINT64/INT64 to fit the target size.

An example will be:
UINT32 a,b;
// a and b can be any unsigned int type with rank less than UINT64, like
// UINT8, UINT16, etc.
UINT64 c;
c = (UINT64) (a + b);

Some static code checkers may warn that the expression result might
overflow within the rank of "int" (integer promotions) and the result is
then cast to a bigger size.

The commit refines codes by the following rules:
1). When the expression is possible to overflow the range of unsigned int/
int:
c = (UINT64)a + b;

2). When the expression will not overflow within the rank of "int", remove
the explicit type casts:
c = a + b;

3). When the expression will be cast to pointer of possible greater size:
UINT32 a,b;
VOID *c;
c = (VOID *)(UINTN)(a + b); --> c = (VOID *)((UINTN)a + b);

4). When one side of a comparison expression contains only operands with
rank less than UINT32:
UINT8 a;
UINT16 b;
UINTN c;
if ((UINTN)(a + b) > c) {...} --> if (((UINT32)a + b) > c) {...}

For rule 4), if we remove the 'UINTN' type cast like:
if (a + b > c) {...}
The VS compiler will complain with warning C4018 (signed/unsigned
mismatch, level 3 warning) due to promoting 'a + b' to type 'int'.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
4 years agoMdePkg: Refine casting expression result to bigger size
Hao Wu [Wed, 18 Jan 2017 08:22:15 +0000 (16:22 +0800)]
MdePkg: Refine casting expression result to bigger size

There are cases that the operands of an expression are all with rank less
than UINT64/INT64 and the result of the expression is explicitly cast to
UINT64/INT64 to fit the target size.

An example will be:
UINT32 a,b;
// a and b can be any unsigned int type with rank less than UINT64, like
// UINT8, UINT16, etc.
UINT64 c;
c = (UINT64) (a + b);

Some static code checkers may warn that the expression result might
overflow within the rank of "int" (integer promotions) and the result is
then cast to a bigger size.

The commit refines codes by the following rules:
1). When the expression is possible to overflow the range of unsigned int/
int:
c = (UINT64)a + b;

2). When the expression will not overflow within the rank of "int", remove
the explicit type casts:
c = a + b;

3). When the expression will be cast to pointer of possible greater size:
UINT32 a,b;
VOID *c;
c = (VOID *)(UINTN)(a + b); --> c = (VOID *)((UINTN)a + b);

4). When one side of a comparison expression contains only operands with
rank less than UINT32:
UINT8 a;
UINT16 b;
UINTN c;
if ((UINTN)(a + b) > c) {...} --> if (((UINT32)a + b) > c) {...}

For rule 4), if we remove the 'UINTN' type cast like:
if (a + b > c) {...}
The VS compiler will complain with warning C4018 (signed/unsigned
mismatch, level 3 warning) due to promoting 'a + b' to type 'int'.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
4 years agoShellPkg: Refine type cast for pointer subtraction
Hao Wu [Mon, 23 Jan 2017 06:38:43 +0000 (14:38 +0800)]
ShellPkg: Refine type cast for pointer subtraction

For pointer subtraction, the result is of type "ptrdiff_t". According to
the C11 standard (Committee Draft - April 12, 2011):

"When two pointers are subtracted, both shall point to elements of the
same array object, or one past the last element of the array object; the
result is the difference of the subscripts of the two array elements. The
size of the result is implementation-defined, and its type (a signed
integer type) is ptrdiff_t defined in the <stddef.h> header. If the result
is not representable in an object of that type, the behavior is
undefined."

In our codes, there are cases that the pointer subtraction is not
performed by pointers to elements of the same array object. This might
lead to potential issues, since the behavior is undefined according to C11
standard.

Also, since the size of type "ptrdiff_t" is implementation-defined. Some
static code checkers may warn that the pointer subtraction might underflow
first and then being cast to a bigger size. For example:

UINT8  *Ptr1, *Ptr2;
UINTN  PtrDiff;
...
PtrDiff = (UINTN) (Ptr1 - Ptr2);

The commit will refine the pointer subtraction expressions by casting each
pointer to UINTN first and then perform the subtraction:

PtrDiff = (UINTN) Ptr1 - (UINTN) Ptr2;

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
4 years agoSecurityPkg: Refine type cast for pointer subtraction
Hao Wu [Mon, 23 Jan 2017 01:59:25 +0000 (09:59 +0800)]
SecurityPkg: Refine type cast for pointer subtraction

For pointer subtraction, the result is of type "ptrdiff_t". According to
the C11 standard (Committee Draft - April 12, 2011):

"When two pointers are subtracted, both shall point to elements of the
same array object, or one past the last element of the array object; the
result is the difference of the subscripts of the two array elements. The
size of the result is implementation-defined, and its type (a signed
integer type) is ptrdiff_t defined in the <stddef.h> header. If the result
is not representable in an object of that type, the behavior is
undefined."

In our codes, there are cases that the pointer subtraction is not
performed by pointers to elements of the same array object. This might
lead to potential issues, since the behavior is undefined according to C11
standard.

Also, since the size of type "ptrdiff_t" is implementation-defined. Some
static code checkers may warn that the pointer subtraction might underflow
first and then being cast to a bigger size. For example:

UINT8  *Ptr1, *Ptr2;
UINTN  PtrDiff;
...
PtrDiff = (UINTN) (Ptr1 - Ptr2);

The commit will refine the pointer subtraction expressions by casting each
pointer to UINTN first and then perform the subtraction:

PtrDiff = (UINTN) Ptr1 - (UINTN) Ptr2;

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
4 years agoNetworkPkg: Refine type cast for pointer subtraction
Hao Wu [Mon, 23 Jan 2017 05:55:42 +0000 (13:55 +0800)]
NetworkPkg: Refine type cast for pointer subtraction

For pointer subtraction, the result is of type "ptrdiff_t". According to
the C11 standard (Committee Draft - April 12, 2011):

"When two pointers are subtracted, both shall point to elements of the
same array object, or one past the last element of the array object; the
result is the difference of the subscripts of the two array elements. The
size of the result is implementation-defined, and its type (a signed
integer type) is ptrdiff_t defined in the <stddef.h> header. If the result
is not representable in an object of that type, the behavior is
undefined."

In our codes, there are cases that the pointer subtraction is not
performed by pointers to elements of the same array object. This might
lead to potential issues, since the behavior is undefined according to C11
standard.

Also, since the size of type "ptrdiff_t" is implementation-defined. Some
static code checkers may warn that the pointer subtraction might underflow
first and then being cast to a bigger size. For example:

UINT8  *Ptr1, *Ptr2;
UINTN  PtrDiff;
...
PtrDiff = (UINTN) (Ptr1 - Ptr2);

The commit will refine the pointer subtraction expressions by casting each
pointer to UINTN first and then perform the subtraction:

PtrDiff = (UINTN) Ptr1 - (UINTN) Ptr2;

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
4 years agoIntelFrameworkModulePkg: Refine type cast for pointer subtraction
Hao Wu [Mon, 23 Jan 2017 01:53:45 +0000 (09:53 +0800)]
IntelFrameworkModulePkg: Refine type cast for pointer subtraction

For pointer subtraction, the result is of type "ptrdiff_t". According to
the C11 standard (Committee Draft - April 12, 2011):

"When two pointers are subtracted, both shall point to elements of the
same array object, or one past the last element of the array object; the
result is the difference of the subscripts of the two array elements. The
size of the result is implementation-defined, and its type (a signed
integer type) is ptrdiff_t defined in the <stddef.h> header. If the result
is not representable in an object of that type, the behavior is
undefined."

In our codes, there are cases that the pointer subtraction is not
performed by pointers to elements of the same array object. This might
lead to potential issues, since the behavior is undefined according to C11
standard.

Also, since the size of type "ptrdiff_t" is implementation-defined. Some
static code checkers may warn that the pointer subtraction might underflow
first and then being cast to a bigger size. For example:

UINT8  *Ptr1, *Ptr2;
UINTN  PtrDiff;
...
PtrDiff = (UINTN) (Ptr1 - Ptr2);

The commit will refine the pointer subtraction expressions by casting each
pointer to UINTN first and then perform the subtraction:

PtrDiff = (UINTN) Ptr1 - (UINTN) Ptr2;

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
4 years agoCryptoPkg: Refine type cast for pointer subtraction
Hao Wu [Sun, 22 Jan 2017 02:12:06 +0000 (10:12 +0800)]
CryptoPkg: Refine type cast for pointer subtraction

For pointer subtraction, the result is of type "ptrdiff_t". According to
the C11 standard (Committee Draft - April 12, 2011):

"When two pointers are subtracted, both shall point to elements of the
same array object, or one past the last element of the array object; the
result is the difference of the subscripts of the two array elements. The
size of the result is implementation-defined, and its type (a signed
integer type) is ptrdiff_t defined in the <stddef.h> header. If the result
is not representable in an object of that type, the behavior is
undefined."

In our codes, there are cases that the pointer subtraction is not
performed by pointers to elements of the same array object. This might
lead to potential issues, since the behavior is undefined according to C11
standard.

Also, since the size of type "ptrdiff_t" is implementation-defined. Some
static code checkers may warn that the pointer subtraction might underflow
first and then being cast to a bigger size. For example:

UINT8  *Ptr1, *Ptr2;
UINTN  PtrDiff;
...
PtrDiff = (UINTN) (Ptr1 - Ptr2);

The commit will refine the pointer subtraction expressions by casting each
pointer to UINTN first and then perform the subtraction:

PtrDiff = (UINTN) Ptr1 - (UINTN) Ptr2;

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
4 years agoMdeModulePkg: Refine type cast for pointer subtraction
Hao Wu [Mon, 23 Jan 2017 03:56:05 +0000 (11:56 +0800)]
MdeModulePkg: Refine type cast for pointer subtraction

For pointer subtraction, the result is of type "ptrdiff_t". According to
the C11 standard (Committee Draft - April 12, 2011):

"When two pointers are subtracted, both shall point to elements of the
same array object, or one past the last element of the array object; the
result is the difference of the subscripts of the two array elements. The
size of the result is implementation-defined, and its type (a signed
integer type) is ptrdiff_t defined in the <stddef.h> header. If the result
is not representable in an object of that type, the behavior is
undefined."

In our codes, there are cases that the pointer subtraction is not
performed by pointers to elements of the same array object. This might
lead to potential issues, since the behavior is undefined according to C11
standard.

Also, since the size of type "ptrdiff_t" is implementation-defined. Some
static code checkers may warn that the pointer subtraction might underflow
first and then being cast to a bigger size. For example:

UINT8  *Ptr1, *Ptr2;
UINTN  PtrDiff;
...
PtrDiff = (UINTN) (Ptr1 - Ptr2);

The commit will refine the pointer subtraction expressions by casting each
pointer to UINTN first and then perform the subtraction:

PtrDiff = (UINTN) Ptr1 - (UINTN) Ptr2;

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
4 years agoMdeModulePkg: Variable: Update DBT PCR[7] measure
Zhang, Chao B [Fri, 3 Mar 2017 05:59:57 +0000 (13:59 +0800)]
MdeModulePkg: Variable: Update DBT PCR[7] measure

Measure DBT into PCR[7] when it is updated between initial measure
if present and not empty. by following TCG PC Client PFP 00.49
Previous patch for PCR[7] DBT part is overrode.
dc9bd6ed281fcba5358f3004632bdbda968be1e5

Cc: Star Zeng <star.zeng@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
4 years agoSecurityPkg: Tcg2Dxe: Measure DBT into PCR[7]
Zhang, Chao B [Fri, 3 Mar 2017 05:56:10 +0000 (13:56 +0800)]
SecurityPkg: Tcg2Dxe: Measure DBT into PCR[7]

Measure DBT into PCR[7] in initial measurement phase if present and
not empty by following TCG PC Client PFP 00.49.
The previous patch according to 00.21 is removed
1404e3a1508473643efba89af34bd133ab082dd5

Cc: Star Zeng <star.zeng@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
4 years agoSecurityPkg: Tcg2Dxe: Measure BootOrder, Boot#### to PCR[1]
Zhang, Chao B [Fri, 3 Mar 2017 03:15:01 +0000 (11:15 +0800)]
SecurityPkg: Tcg2Dxe: Measure BootOrder, Boot#### to PCR[1]

Measure BootOrder, Boot#### to PCR[1] according to TCG PC-Client PFP Spec
00.21 Section 2.4.4.2
http://www.trustedcomputinggroup.org/wp-content/uploads/PC-ClientSpecific_Platform_Profile_for_TPM_2p0_Systems_v21.pdf

Cc: Star Zeng <star.zeng@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
4 years agoNetworkPkg/Dhcp6Dxe: Handle the Nil UUID case
Jiaxin Wu [Fri, 24 Feb 2017 03:16:37 +0000 (11:16 +0800)]
NetworkPkg/Dhcp6Dxe: Handle the Nil UUID case

Nil UUID is a special case with all zeros value. This
patch is to handle this case to avoid the invalid DUID.

Cc: Naveen Santhapur <naveens@amiindia.co.in>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
4 years agoArmPlatformPkg/PlatformIntelBdsLib: don't clobber ConSplitter handle
Ard Biesheuvel [Wed, 1 Mar 2017 18:34:33 +0000 (18:34 +0000)]
ArmPlatformPkg/PlatformIntelBdsLib: don't clobber ConSplitter handle

The InitializeConsolePipe() routine takes care to only set its output
argument *Interface if it is not already set, to prevent overwriting
the ConSplitter interface pointer that may have already been assigned.

However, the associated OUT argument 'Handle' is clobbered by the
subsequent unnecessary LocateDevicePath() invocation, which should
similarly be made dependent on whether *Interface has been set
already.

Reported-by: "Lee, Terry Ping-Chung" <terry.lee@hpe.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
4 years agoNetworkPkg/TlsAuthConfigDxe: Use StrToGuid in BaseLib
Jiaxin Wu [Tue, 28 Feb 2017 07:00:37 +0000 (15:00 +0800)]
NetworkPkg/TlsAuthConfigDxe: Use StrToGuid in BaseLib

Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
4 years agoBaseTools/Source/C/Makefiles: Fix NmakeSubdirs.bat always return 0
Hao Wu [Wed, 1 Mar 2017 13:07:34 +0000 (21:07 +0800)]
BaseTools/Source/C/Makefiles: Fix NmakeSubdirs.bat always return 0

In batch script file NmakeSubdirs.bat, the value changes made to the
variable 'TOOL_ERROR' within the 'setlocal...endlocal' block will not be
reflected in the return value of the script. A value of 0 will always be
returned. Thus, the script will not reflect the result of the 'nmake'
command correctly when building BaseTool source codes.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
4 years agoMdePkg/BasePrintLib: Add deprecated flag for APIs [A|U]ValueToString
Hao Wu [Mon, 13 Feb 2017 03:25:20 +0000 (11:25 +0800)]
MdePkg/BasePrintLib: Add deprecated flag for APIs [A|U]ValueToString

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
4 years agoMdeModulePkg/PrintLib: Add deprecated flag for APIs [A|U]ValueToString
Hao Wu [Mon, 13 Feb 2017 03:27:22 +0000 (11:27 +0800)]
MdeModulePkg/PrintLib: Add deprecated flag for APIs [A|U]ValueToString

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
4 years agoMdeModulePkg/PrintDxe: Handle the deprecation of [A|U]ValueToString
Hao Wu [Mon, 13 Feb 2017 03:03:30 +0000 (11:03 +0800)]
MdeModulePkg/PrintDxe: Handle the deprecation of [A|U]ValueToString

To handle the deprecation of PrintLib APIs UnicodeValueToString and
AsciiValueToString by subsequent commits, the commit refines the logic for
the implemetation of the UnicodeValueToString and AsciiValueToString
services in EFI_PRINT2_PROTOCOL.

When the macro DISABLE_NEW_DEPRECATED_INTERFACES is defined (indicating
the deprecation of the PrintLib APIs), the above two services will ASSERT
and will return zero to reflect not being supported.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
4 years agoSignedCapsulePkg: Replace [Ascii|Unicode]ValueToString
Hao Wu [Wed, 18 Jan 2017 05:04:14 +0000 (13:04 +0800)]
SignedCapsulePkg: Replace [Ascii|Unicode]ValueToString

It is the follow up of commits 51f0ceb..9e32e97 to replace
AsciiValueToString/UnicodeValueToString with
AsciiValueToStringS/UnicodeValueToStringS.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
4 years agoNt32Pkg: Replace [Ascii|Unicode]ValueToString
Hao Wu [Wed, 18 Jan 2017 03:12:55 +0000 (11:12 +0800)]
Nt32Pkg: Replace [Ascii|Unicode]ValueToString

It is the follow up of commits 51f0ceb..9e32e97 to replace
AsciiValueToString/UnicodeValueToString with
AsciiValueToStringS/UnicodeValueToStringS.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
4 years agoMdeModulePkg: Replace [Ascii|Unicode]ValueToString
Hao Wu [Wed, 18 Jan 2017 02:31:02 +0000 (10:31 +0800)]
MdeModulePkg: Replace [Ascii|Unicode]ValueToString

It is the follow up of commits 51f0ceb..9e32e97 to replace
AsciiValueToString/UnicodeValueToString with
AsciiValueToStringS/UnicodeValueToStringS.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
4 years agoIntelFrameworkModulePkg: Replace [Ascii|Unicode]ValueToString
Hao Wu [Tue, 17 Jan 2017 01:00:26 +0000 (09:00 +0800)]
IntelFrameworkModulePkg: Replace [Ascii|Unicode]ValueToString

It is the follow up of commits 51f0ceb..9e32e97 to replace
AsciiValueToString/UnicodeValueToString with
AsciiValueToStringS/UnicodeValueToStringS.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
4 years agoShellPkg: Link DxeSmmPerformanceLib to make DP command generic
Star Zeng [Wed, 1 Mar 2017 07:46:09 +0000 (15:46 +0800)]
ShellPkg: Link DxeSmmPerformanceLib to make DP command generic

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=412

Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jaben Carsey <jaben.carsey@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
4 years agoPerformancePkg: Link DxeSmmPerformanceLib to make DP command generic
Star Zeng [Wed, 1 Mar 2017 07:44:52 +0000 (15:44 +0800)]
PerformancePkg: Link DxeSmmPerformanceLib to make DP command generic

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=412

Also remove the unreferenced TimerLib mapping.

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
4 years agoArmVirtPkg AARCH64: enable NX memory protection for all platforms
Ard Biesheuvel [Mon, 27 Feb 2017 14:10:59 +0000 (14:10 +0000)]
ArmVirtPkg AARCH64: enable NX memory protection for all platforms

This sets the recently introduced PCD PcdDxeNxMemoryProtectionPolicy to
a value that protects all memory regions except code regions against
inadvertent execution.

Note that this does not [yet] protect EfiLoaderData regions, due to
compatibility issues with shim and GRUB.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
4 years agoArmVirtPkg: move UefiBootManagerLib resolution to ArmVirt.dsc.inc
Ard Biesheuvel [Wed, 1 Mar 2017 08:05:25 +0000 (08:05 +0000)]
ArmVirtPkg: move UefiBootManagerLib resolution to ArmVirt.dsc.inc

Recent changes to ShellPkg require a resolution for UefiBootManagerLib
for all platforms in ArmVirtPkg. So move the resolution to the shared
include ArmVirt.dsc.inc.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
4 years agoArmVirtPkg/HighMemDxe: preserve non-exec permissions on newly added regions
Ard Biesheuvel [Tue, 28 Feb 2017 13:45:47 +0000 (13:45 +0000)]
ArmVirtPkg/HighMemDxe: preserve non-exec permissions on newly added regions

Using DxeServices::SetMemorySpaceAttributes to set cacheability
attributes has the side effect of stripping permission attributes,
given that those are bits in the same bitfield, and so setting the
Attributes argument to EFI_MEMORY_WB implies not setting EFI_MEMORY_XP
or EFI_MEMORY_RO attributes.

In fact, the situation is even worse, given that the descriptor returned
by DxeServices::GetMemorySpaceDescriptor does not reflect the permission
attributes that may have been set by the preceding call to
DxeServices::AddMemorySpace if PcdDxeNxMemoryProtectionPolicy has been
configured to map EfiConventionalMemory with non-executable permissions.

Note that this applies equally to the non-executable stack and to PE/COFF
sections that may have been mapped with R-X or RW- permissions. This is
due to the ambiguity in the meaning of the EFI_MEMORY_RO/EFI_MEMORY_XP
attributes when used in the GCD memory map, i.e., between signifying
that an underlying RAM region has the controls to be configured as
read-only or non-executable, and signifying that the contents of a
certain UEFI memory region allow them to be mapped with certain
restricted permissions.

So let's check the policy in PcdDxeNxMemoryProtectionPolicy directly,
and set the EFI_MEMORY_XP attribute if appropriate for
EfiConventionalMemory regions.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
4 years agoSecurityPkg: Fix potential bug in Security Boot dxe.
Zhang Lubo [Wed, 22 Feb 2017 09:01:12 +0000 (17:01 +0800)]
SecurityPkg: Fix potential bug in Security Boot dxe.

v2: update hash value in SecureBootConfig.vfr to keep
them consistent with macro definition in SecureBootConfigImpl.h

since we removed the sha-1 definition in Hash table
and related macro, but the macro definition HashAlg index
may be value 4 which is exceed the range of the Hash
table array.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Long Qin <qin.long@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
4 years agoNetworkPkg: Define the prompt and help information for new PCD.
Zhang Lubo [Mon, 27 Feb 2017 07:53:00 +0000 (15:53 +0800)]
NetworkPkg: Define the prompt and help information for new PCD.

Define the prompt and help information for PcdMaxIScsiAttemptNumber.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
4 years agoNetworkPkg: Add check logic for some variable in iSCSI driver.
Zhang Lubo [Mon, 27 Feb 2017 06:46:59 +0000 (14:46 +0800)]
NetworkPkg: Add check logic for some variable in iSCSI driver.

v2: need to check the global variable mPrivate before using it in
the Convert AttemptConfigData To IfrNvData by Keyword function.

Add check logic for some attempt variable to enhance code in iSCSI.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
4 years agoMake [-D Macros] as optional argument for GenCfgOpt
edk2-devel On Behalf Of rthomaiy [Wed, 1 Mar 2017 06:57:58 +0000 (14:57 +0800)]
Make [-D Macros] as optional argument for GenCfgOpt

Cc: Maurice Ma <maurice.ma@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Richard Thomaiyar <richard.marian.thomaiyar@intel.com>
Reviewed-by: Maurice Ma <maurice.ma@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
4 years agoMdeModulePkg: use LShiftU64() instead of "<<" to avoid IA32 build error.
Fu Siyuan [Wed, 1 Mar 2017 04:03:26 +0000 (12:03 +0800)]
MdeModulePkg: use LShiftU64() instead of "<<" to avoid IA32 build error.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
4 years agoShellPkg/bcfg: Add Shell Spec 2.2 modification functionality
Chen A Chen [Thu, 23 Feb 2017 06:03:43 +0000 (14:03 +0800)]
ShellPkg/bcfg: Add Shell Spec 2.2 modification functionality

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chen A Chen <chen.a.chen@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
4 years agoShellPkg/Debug1CommandLib: Use StrToGuid/StrHexToBytes in BaseLib
Ruiyu Ni [Tue, 21 Feb 2017 09:20:54 +0000 (17:20 +0800)]
ShellPkg/Debug1CommandLib: Use StrToGuid/StrHexToBytes in BaseLib

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
4 years agoUefiCpuPkg/PiSmmCpuDxeSmm: Add support for PCD PcdPteMemoryEncryptionAddressOrMask
Leo Duran [Sun, 26 Feb 2017 17:43:07 +0000 (01:43 +0800)]
UefiCpuPkg/PiSmmCpuDxeSmm: Add support for PCD PcdPteMemoryEncryptionAddressOrMask

This PCD holds the address mask for page table entries when memory
encryption is enabled on AMD processors supporting the Secure Encrypted
Virtualization (SEV) feature.

The mask is applied when page tables entriees are created or modified.

CC: Jeff Fan <jeff.fan@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Leo Duran <leo.duran@amd.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
4 years agoMdeModulePkg/Universal/Acpi/BootScriptExecutorDxe: Add support for PCD PcdPteMemoryEn...
Leo Duran [Sun, 26 Feb 2017 17:43:06 +0000 (01:43 +0800)]
MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe: Add support for PCD PcdPteMemoryEncryptionAddressOrMask

This PCD holds the address mask for page table entries when memory
encryption is enabled on AMD processors supporting the Secure Encrypted
Virtualization (SEV) feature.

This module updates the under-4GB page tables configured by the S3-Resume
code in UefiCpuPkg/Universal/Acpi/S3Resume2Pei. The mask is saved at module
start (ScriptExecute.c), and applied when tables are expanded on-demand by
page-faults above 4GB's (SetIdtEntry.c).

CC: Jeff Fan <jeff.fan@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Leo Duran <leo.duran@amd.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
4 years agoUefiCpuPkg/Universal/Acpi/S3Resume2Pei: Add support for PCD PcdPteMemoryEncryptionAdd...
Leo Duran [Sun, 26 Feb 2017 17:43:05 +0000 (01:43 +0800)]
UefiCpuPkg/Universal/Acpi/S3Resume2Pei: Add support for PCD PcdPteMemoryEncryptionAddressOrMask

This PCD holds the address mask for page table entries when memory
encryption is enabled on AMD processors supporting the Secure Encrypted
Virtualization (SEV) feature.

The mask is applied when page tables are created (S3Resume.c).

CC: Jeff Fan <jeff.fan@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Leo Duran <leo.duran@amd.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
4 years agoMdeModulePkg/Universal/CapsulePei: Add support for PCD PcdPteMemoryEncryptionAddressO...
Leo Duran [Sun, 26 Feb 2017 17:43:04 +0000 (01:43 +0800)]
MdeModulePkg/Universal/CapsulePei: Add support for PCD PcdPteMemoryEncryptionAddressOrMask

This PCD holds the address mask for page table entries when memory
encryption is enabled on AMD processors supporting the Secure Encrypted
Virtualization (SEV) feature.

The mask is applied when 4GB tables are created (UefiCapsule.c), and when
the tables are expanded on-demand by page-faults above 4GB's (X64Entry.c).

Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Leo Duran <leo.duran@amd.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
4 years agoMdeModulePkg/Core/DxeIplPeim: Add support for PCD PcdPteMemoryEncryptionAddressOrMask
Leo Duran [Sun, 26 Feb 2017 17:43:03 +0000 (01:43 +0800)]
MdeModulePkg/Core/DxeIplPeim: Add support for PCD PcdPteMemoryEncryptionAddressOrMask

This PCD holds the address mask for page table entries when memory
encryption is enabled on AMD processors supporting the Secure Encrypted
Virtualization (SEV) feature.

The mask is applied when creating page tables.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Leo Duran <leo.duran@amd.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
4 years agoMdeModulePkg: Add PCD PcdPteMemoryEncryptionAddressOrMask
Leo Duran [Sun, 26 Feb 2017 17:43:02 +0000 (01:43 +0800)]
MdeModulePkg: Add PCD PcdPteMemoryEncryptionAddressOrMask

This PCD holds the address mask for page table entries when memory
encryption is enabled on AMD processors supporting the Secure Encrypted
Virtualization (SEV) feature.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Leo Duran <leo.duran@amd.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
4 years agoBaseTools/GenVtf & VolInfo: Fix build fail for 'snprintf' not defined
Hao Wu [Tue, 28 Feb 2017 06:18:53 +0000 (14:18 +0800)]
BaseTools/GenVtf & VolInfo: Fix build fail for 'snprintf' not defined

Function snprintf() is not supported in Visual Studio 2013 or older
version. The commit replaces the use of snprintf() with sprintf() to avoid
build failure for VS compilers.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
4 years agoMdeModulePkg/DxeCore: implement memory protection policy
Ard Biesheuvel [Fri, 24 Feb 2017 14:51:33 +0000 (14:51 +0000)]
MdeModulePkg/DxeCore: implement memory protection policy

This implements a DXE memory protection policy that ensures that regions
that don't require executable permissions are mapped with the non-exec
attribute set.

First of all, it iterates over all entries in the UEFI memory map, and
removes executable permissions according to the configured DXE memory
protection policy, as recorded in PcdDxeNxMemoryProtectionPolicy.

Secondly, it sets or clears the non-executable attribute when allocating
or freeing pages, both for page based or pool based allocations.

Note that this complements the image protection facility, which applies
strict permissions to BootServicesCode/RuntimeServicesCode regions when
the section alignment allows it. The memory protection configured by this
patch operates on non-code regions only.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
4 years agoMdeModulePkg: define PCD for DXE memory protection policy
Ard Biesheuvel [Thu, 23 Feb 2017 10:36:38 +0000 (10:36 +0000)]
MdeModulePkg: define PCD for DXE memory protection policy

Define a new fixed/patchable PCD that sets the DXE memory protection
policy: its primary use is to define which memory types should have
their executable permissions removed. Combined with the image protection
policy, this can be used to implement a strict W^X policy, i.e.. a policy
where no regions exist that are both executable and writable at the same
time.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
4 years agoMdeModulePkg/DxeCore: use separate lock for pool allocations
Ard Biesheuvel [Fri, 24 Feb 2017 14:21:18 +0000 (14:21 +0000)]
MdeModulePkg/DxeCore: use separate lock for pool allocations

In preparation of adding memory permission attribute management to
the pool allocator, split off the locking of the pool metadata into
a separate lock. This is an improvement in itself, given that pool
allocations can only interfere with the page allocation bookkeeping
if pool pages are allocated or released. But it is also required to
ensure that the permission attribute management does not deadlock,
given that it may trigger page table splits leading to additional
page tables being allocated.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
4 years agoMdeModulePkg/EbcDxe: use EfiBootServicesCode memory for thunks
Ard Biesheuvel [Sun, 26 Feb 2017 16:45:24 +0000 (16:45 +0000)]
MdeModulePkg/EbcDxe: use EfiBootServicesCode memory for thunks

The EBC driver emits thunks for native to EBC calls, which are short
instructions sequences that bridge the gap between the native execution
environment and the EBC virtual machine.

Since these thunks are allocated using MemoryAllocationLib::AllocatePool(),
they are emitted into EfiBootServicesData regions, which does not reflect
the nature of these thunks accurately, and interferes with strict memory
protection policies that map data regions non-executable.

So instead, create a new helper EbcAllocatePoolForThunk() that invokes the
AllocatePool() boot service directly to allocate EfiBootServicesCode pool
memory explicitly, and wire up this helper for the various architecture
specific thunk generation routines.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
4 years agoMdeModulePkg/PeiCore: allocate BootServicesCode memory for PE/COFF images
Ard Biesheuvel [Thu, 23 Feb 2017 09:57:03 +0000 (09:57 +0000)]
MdeModulePkg/PeiCore: allocate BootServicesCode memory for PE/COFF images

Ensure that any memory allocated for PE/COFF images is identifiable as
a boot services code region, so that we know it requires its executable
permissions to be preserved when we tighten mapping permissions later on.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
4 years agoArmPkg/CpuDxe: ignore attribute changes during SyncCacheConfig()
Ard Biesheuvel [Fri, 24 Feb 2017 09:58:38 +0000 (09:58 +0000)]
ArmPkg/CpuDxe: ignore attribute changes during SyncCacheConfig()

To prevent the initial MMU->GCD memory space map synchronization from
stripping permissions attributes [which we cannot use in the GCD memory
space map, unfortunately], implement the same approach as x86, and ignore
SetMemoryAttributes() calls during the time SyncCacheConfig() is in
progress. This is a horrible hack, but is currently the only way we can
implement strict permissions on arbitrary memory regions [as opposed to
PE/COFF text/data sections only]

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
4 years agoMdeModulePkg: Fix coding style issues
Dandan Bi [Tue, 28 Feb 2017 08:04:13 +0000 (16:04 +0800)]
MdeModulePkg: Fix coding style issues

1. Make function comments align with the function.
2. Change the FILE_GUID value in SmmSmiHandlerProfileLib.inf
   since it is duplicated with the FILE_GUID value in
   SmiHandlerProfileLibNull.inf
3. Add missing PCD PROMPT&HELP string to uni file.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
4 years agoMdeModulePkg/BMMUiLib: Replace same logic with API in UefiBootManagerLib
Dandan Bi [Mon, 27 Feb 2017 05:33:06 +0000 (13:33 +0800)]
MdeModulePkg/BMMUiLib: Replace same logic with API in UefiBootManagerLib

Use the API EfiBootManagerDeleteLoadOptionVariable in UefiBootManagerLib to
replace the same logic in function Var_DelBootOption/Var_DelDriverOption.
This can make code clean and prevent potential bugs.

https://bugzilla.tianocore.org/show_bug.cgi?id=391

Cc: Eric Dong <eric.dong@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
4 years agoShellPkg/comp: Fix GCC build failure
Ruiyu Ni [Tue, 28 Feb 2017 08:05:10 +0000 (16:05 +0800)]
ShellPkg/comp: Fix GCC build failure

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
4 years agoNt32Pkg: Add build flag to enable or disable IPv6 network stack.
Fu Siyuan [Wed, 22 Feb 2017 08:14:09 +0000 (16:14 +0800)]
Nt32Pkg: Add build flag to enable or disable IPv6 network stack.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
4 years agoMdeModulePkg/NetLib: Use StrToIpv4/6Address in BaseLib
Ruiyu Ni [Tue, 21 Feb 2017 10:12:57 +0000 (18:12 +0800)]
MdeModulePkg/NetLib: Use StrToIpv4/6Address in BaseLib

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
4 years agoSignedCapsulePkg/IniParsingLib: Use AsciiStrToGuid in BaseLib
Ruiyu Ni [Tue, 21 Feb 2017 09:58:45 +0000 (17:58 +0800)]
SignedCapsulePkg/IniParsingLib: Use AsciiStrToGuid in BaseLib

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
4 years agoSecurityPkg/SecureBootConfigDxe: Use StrToGuid in BaseLib
Ruiyu Ni [Tue, 21 Feb 2017 09:13:12 +0000 (17:13 +0800)]
SecurityPkg/SecureBootConfigDxe: Use StrToGuid in BaseLib

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
4 years agoMdeModulePkg/CapsuleApp: Use StrToGuid in BaseLib
Ruiyu Ni [Tue, 21 Feb 2017 09:04:29 +0000 (17:04 +0800)]
MdeModulePkg/CapsuleApp: Use StrToGuid in BaseLib

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
4 years agoMdePkg/UefiDevicePathLib: Use BaseLib string conversion services
Ruiyu Ni [Fri, 17 Feb 2017 08:52:54 +0000 (16:52 +0800)]
MdePkg/UefiDevicePathLib: Use BaseLib string conversion services

Update UefiDevicePathLib to use StrToGuid/StrHexToBytes
/StrToIpv4Address/StrToIpv6Address provided by BaseLib.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
4 years agoMdePkg/BaseLib: Add AsciiStrToGuid/HexToBytes/ToIpv[4/6]Address
Ruiyu Ni [Tue, 21 Feb 2017 09:54:22 +0000 (17:54 +0800)]
MdePkg/BaseLib: Add AsciiStrToGuid/HexToBytes/ToIpv[4/6]Address

The patch adds 4 APIs to convert ASCII string to GUID, bytes
buffer, IP v4 address and IP v6 address.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
4 years agoMdePkg/BaseLib: Add StrToGuid/StrHexToBytes/StrToIpv[4/6]Address
Ruiyu Ni [Fri, 17 Feb 2017 07:02:41 +0000 (15:02 +0800)]
MdePkg/BaseLib: Add StrToGuid/StrHexToBytes/StrToIpv[4/6]Address

The patch adds 4 APIs to convert Unicode string to GUID, bytes
buffer, IP v4 address and IP v6 address.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
4 years agoSignedCapsulePkg/IniParsing: Rename StrToGuid to avoid link failure
Ruiyu Ni [Tue, 21 Feb 2017 09:57:02 +0000 (17:57 +0800)]
SignedCapsulePkg/IniParsing: Rename StrToGuid to avoid link failure

Since the next patch will add AsciiStrToGuid in BaseLib, renaming
the internal function AsciiStrToGuid to IniAsciiStrToGuid to avoid
link failure.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
4 years agoMdePkg/UefiDevicePathLib: Rename StrToGuid to avoid link failure
Ruiyu Ni [Fri, 17 Feb 2017 07:00:43 +0000 (15:00 +0800)]
MdePkg/UefiDevicePathLib: Rename StrToGuid to avoid link failure

Since the next patch will add StrToGuid in BaseLib, renaming the
internal function StrToGuid to DevicePathLibStrToGuid to avoid
link failure.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
4 years agoMdePkg: Define IPv4_ADDRESS and IPv6_ADDRESS in Base.h
Ruiyu Ni [Mon, 13 Feb 2017 10:08:24 +0000 (18:08 +0800)]
MdePkg: Define IPv4_ADDRESS and IPv6_ADDRESS in Base.h

Since the following patch needs to add API converting string
to IP address in BaseLib, define the IP address as base types
in Base.h.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
4 years agoShellPkg/comp: Add "-n <diff-count>"/"-s <diff-byte>" support
Chen A Chen [Thu, 16 Feb 2017 05:22:03 +0000 (13:22 +0800)]
ShellPkg/comp: Add "-n <diff-count>"/"-s <diff-byte>" support

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chen A Chen <chen.a.chen@intel.com>
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
4 years agoShellPkg/comp: Rename variable names to proper ones
Chen A Chen [Wed, 15 Feb 2017 08:19:22 +0000 (16:19 +0800)]
ShellPkg/comp: Rename variable names to proper ones

The change doesn't impact the functionality.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chen A Chen <chen.a.chen@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
4 years agoShellPkg/UefiDpLib: Add check to avoid NULL pointer deference
Hao Wu [Mon, 27 Feb 2017 01:33:00 +0000 (09:33 +0800)]
ShellPkg/UefiDpLib: Add check to avoid NULL pointer deference

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
4 years agoPerformancePkg/Dp_App: Add check to avoid NULL pointer deference
Hao Wu [Mon, 27 Feb 2017 01:26:27 +0000 (09:26 +0800)]
PerformancePkg/Dp_App: Add check to avoid NULL pointer deference

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
4 years agoCryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2k
Qin Long [Mon, 27 Feb 2017 06:46:07 +0000 (14:46 +0800)]
CryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2k

v2:
Re-generate the patch after the new OpensslLibCrypto instance.

OpenSSL 1.0.2k was released with several severity fixes at
26-Jan-2017 (https://www.openssl.org/news/secadv/20170126.txt).
This patch is to upgrade the supported OpenSSL version in
CryptoPkg/OpensslLib to catch the latest release 1.0.2k.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
4 years agoArmPkg: remove unused PcdArmUncachedMemoryMask PCD
Ard Biesheuvel [Fri, 24 Feb 2017 18:38:14 +0000 (18:38 +0000)]
ArmPkg: remove unused PcdArmUncachedMemoryMask PCD

This removes the PCD PcdArmUncachedMemoryMask from ArmPkg, along with
any remaining references to it in various platform .DSC files. It is
no longer used now that we removed the virtual uncached pages protocol
and the associated DebugUncachedMemoryAllocationLib library instance.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
4 years agoArmVirtPkg: clear PcdPerformanceLibraryPropertyMask PCD
Ard Biesheuvel [Fri, 24 Feb 2017 18:01:12 +0000 (18:01 +0000)]
ArmVirtPkg: clear PcdPerformanceLibraryPropertyMask PCD

The only observeable effect of having PcdPerformanceLibraryPropertyMask
set to 1 is that a EfiReservedMemory region of 4 pages is allocated right
below the 4 GB mark. This region is out of bounds for the OS, which means
it is not even allowed to map it, to avoid speculative loads from it.

On Linux, this may prevent the kernel from using a 1 GB block mapping for
this region, and instead it has to carve up the block as follows:

  0xffffffff80000000-0xffffffffbe000000         992M PMD CON BLK
  0xffffffffbe000000-0xffffffffbfe00000          30M PMD     BLK
  0xffffffffbfe00000-0xffffffffbfff0000        1984K PTE CON
  0xffffffffbfff0000-0xffffffffbfffc000          48K PTE

where it would otherwise use a single 1 GB mapping (*), i.e.,

  0xffffffff80000000-0xffffffffc0000000           1G PGD

To clarify, the latter is a single 8 byte entry in the top level page
table, whereas in the former case, we have two additional levels of
paging, requiring two extra 4 KB pages (on a 4 KB pagesize kernel).

The real cost, however, is the TLB footprint, which goes up from a
single entry to a number between 90 and 1020, depending on whether
contiguous hints are honoured by the hardware.

So let's remove PcdPerformanceLibraryPropertyMask until we find a reason
why we need it.

(*) provided that no other allocations were deliberately located right
    below the 4 GB mark, and that we are running with more than 3 GB of
    memory, in which case most allocations will be over 4 GB, given EDK2's
    default top-down allocation policy.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
4 years agoNt32Pkg: exclude libssl functionality from OpensslLib if TLS_ENABLE=FALSE
Laszlo Ersek [Thu, 23 Feb 2017 20:46:06 +0000 (21:46 +0100)]
Nt32Pkg: exclude libssl functionality from OpensslLib if TLS_ENABLE=FALSE

Ease security analysis by excluding libssl functionality from the
OpensslLib instance we use with TLS_ENABLE=FALSE.

Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Tomas Hoger <thoger@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
4 years agoNetworkPkg/Ip6Dxe: Ignore duplicated DNS address check
Jiaxin Wu [Thu, 23 Feb 2017 05:28:57 +0000 (13:28 +0800)]
NetworkPkg/Ip6Dxe: Ignore duplicated DNS address check

Having duplicated DNS server IPs specified is not an ideal
configuration, but not an error condition. This patch is to
remove the duplicated DNS address check to allow the same DNS
address setting in SetData().

Cc: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
Cc: Subramanian Sriram <sriram-s@hpe.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Subramanian Sriram <sriram-s@hpe.com>
Reviewed-by: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
Tested-by: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
4 years agoMdeModulePkg/Ip4Dxe: Ignore duplicated DNS address check
Jiaxin Wu [Thu, 23 Feb 2017 05:27:18 +0000 (13:27 +0800)]
MdeModulePkg/Ip4Dxe: Ignore duplicated DNS address check

Having duplicated DNS server IPs specified is not an ideal
configuration, but not an error condition. This patch is to
remove the duplicated DNS address check to allow the same DNS
address setting in SetData().

Cc: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
Cc: Subramanian Sriram <sriram-s@hpe.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Subramanian Sriram <sriram-s@hpe.com>
Reviewed-by: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
Tested-by: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
4 years agoUefiCpuPkg/CpuDxe: Do not ASSERT on AllocateMemorySpace() error
Jeff Fan [Fri, 24 Feb 2017 05:58:48 +0000 (13:58 +0800)]
UefiCpuPkg/CpuDxe: Do not ASSERT on AllocateMemorySpace() error

Platform PEI may add LOCAL APIC memory mapped space into
EFI_HOB_MEMORY_ALLOCATION. Or platform may allocate this range before.

So, we skip AllocateMemorySpace()'s return status checking. Instead, we add one
DEBUG message for possible trace.

https://bugzilla.tianocore.org/show_bug.cgi?id=390

This updating is suggested by Ersek's comments at
https://www.mail-archive.com/edk2-devel@lists.01.org/msg22585.html

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
4 years agoMdeModulePkg/DxeCore: base code protection on permission attributes
Ard Biesheuvel [Fri, 24 Feb 2017 17:51:04 +0000 (17:51 +0000)]
MdeModulePkg/DxeCore: base code protection on permission attributes

Instead of assuming that a PE/COFF section of type EFI_IMAGE_SCN_CNT_CODE
can always be mapped read-only, classify a section as a code section only
if it has the executable attribute set and the writable attribute cleared.

This adheres more closely to the PE/COFF spec, and avoids issues with
Linux OS loaders that may consist of a single read/write/execute section.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
4 years agoOvmfPkg: exclude libssl functionality from OpensslLib if TLS_ENABLE=FALSE
Laszlo Ersek [Thu, 23 Feb 2017 20:46:06 +0000 (21:46 +0100)]
OvmfPkg: exclude libssl functionality from OpensslLib if TLS_ENABLE=FALSE

The OpensslLibCrypto library instance (which does not contain libssl
functions) is sufficient for the Secure Boot feature.

Ease security analysis by excluding libssl functionality from the
OpensslLib instance we use with TLS_ENABLE=FALSE.

Cc: Gary Lin <glin@suse.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Tomas Hoger <thoger@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Gary Lin <glin@suse.com>
4 years agoArmVirtPkg: resolve OpensslLib to OpensslLibCrypto
Laszlo Ersek [Thu, 23 Feb 2017 20:42:06 +0000 (21:42 +0100)]
ArmVirtPkg: resolve OpensslLib to OpensslLibCrypto

The OpensslLibCrypto library instance (which does not contain libssl
functions) is sufficient for the Secure Boot feature. It would not be
sufficient for HTTPS booting (which requires TLS), but in ArmVirtPkg, we
don't even enable plaintext HTTP booting for the time being.

Ease security analysis by excluding libssl functionality from the
OpensslLib instance we use.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Tomas Hoger <thoger@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
4 years agoCryptoPkg/OpensslLib: introduce OpensslLibCrypto instance
Laszlo Ersek [Thu, 23 Feb 2017 18:35:10 +0000 (19:35 +0100)]
CryptoPkg/OpensslLib: introduce OpensslLibCrypto instance

Commit 32387e0081db ("CryptoPkg: Enable ssl build in OpensslLib directly",
2016-12-14) pulls OpenSSL's libssl files into the "OpensslLib.inf" library
instance unconditionally.

If a platform doesn't include the TLS modules, such as

- CryptoPkg/Library/TlsLib/TlsLib.inf
- NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
- NetworkPkg/TlsDxe/TlsDxe.inf

then the platform never actually uses the libssl functionality that gets
built into "OpensslLib.inf".

Tomas Hoger from Red Hat Product Security tells me that security
evaluation is less demanding if we can actually *exclude* the libssl files
from such OVMF builds that don't specify -D TLS_ENABLE (rather than just
trust modules not to call libssl functions if we don't specify -D
TLS_ENABLE).

This patch introduces a parallel OpensslLib instance called
"OpensslLibCrypto" that is appropriate for platform builds without TLS
enablement. It does not build C source files in vain, and it eases
security review -- all libssl vulnerabilities can be excluded at once.

"OpensslLibCrypto.inf" is created as a copy of "OpensslLib.inf", modifying
the BASE_NAME, MODULE_UNI_FILE and FILE_GUID defines.

"process_files.sh" is extended to auto-generate the list of OpenSSL files
for both library instances accordingly. This list is updated in
"OpensslLibCrypto.inf" at once.

"OpensslLibCrypto.uni" is introduced as a copy of "OpensslLib.uni",
highlighting the difference.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Qin Long <qin.long@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: Tomas Hoger <thoger@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
4 years agoCryptoPkg/OpensslLib: refresh OpensslLib.inf, opensslconf.h after 32387e00
Laszlo Ersek [Thu, 23 Feb 2017 18:47:35 +0000 (19:47 +0100)]
CryptoPkg/OpensslLib: refresh OpensslLib.inf, opensslconf.h after 32387e00

Commit 32387e0081db ("CryptoPkg: Enable ssl build in OpensslLib directly",
2016-12-14) removed the "no-queue" configuration option in
"process_files.sh", plus it enabled "process_files.sh" to place all libssl
source files into "OpensslLib.inf".

However, the patch apparently failed to capture two changes originating
from the above actions:
- the definitions of the OPENSSL_NO_PQUEUE and NO_PQUEUE macros were not
  removed from "opensslconf.h",
- "ssl/ssl_conf.c" was not added to "OpensslLib.inf".

Refresh these files, completing commit 32387e0081db.

I built OVMF with -D SECURE_BOOT_ENABLE -D TLS_ENABLE, and ArmVirtQemu
with -D SECURE_BOOT_ENABLE, after this fix, and experienced no regression.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Qin Long <qin.long@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: Tomas Hoger <thoger@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
4 years agoArmVirtPkg/ArmVirt.dsc.inc: AARCH64: enable DXE image protection feature
Ard Biesheuvel [Wed, 22 Feb 2017 11:51:24 +0000 (11:51 +0000)]
ArmVirtPkg/ArmVirt.dsc.inc: AARCH64: enable DXE image protection feature

Enable the new DXE image protection for all image, i.e., FV images but
also external images that originate from disk or the network, such as
OS loaders.

This complements work that is underway on the arm64/Linux kernel side,
to emit the OS loader with 4 KB section alignment, and a suitable split
between code and data.

http://marc.info/?l=linux-arm-kernel&m=148655557227819

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
4 years agoBaseTools: GCC: move most AutoGen.obj contents back to .data section
Ard Biesheuvel [Thu, 23 Feb 2017 18:30:51 +0000 (18:30 +0000)]
BaseTools: GCC: move most AutoGen.obj contents back to .data section

The generated AutoGen.c files mostly contain read-only data, but due to
lacking annotations, all of it is emitted into the .data section by the
compiler.

Given that GUIDs are UEFI's gaffer tape, having writable GUIDs is a
security hazard, and this was the main rationale for putting AutoGen.obj
in the .text section. However, as it turns out, patchable PCDs are emitted
there as well, which can legally be modified at runtime.

So update the wildcard pattern to only match g...Guid sections, and move
everything else back to .data (Note that this relies on -fdata-sections,
without that option, everything is emitted into .data)

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Fixes: 233bd25b000f92fc4bbe181fa48edcd72808de8e
[lersek@redhat.com: add reference to previous commit being fixed up]
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
4 years agoShellPkg UefiDpLib: Fixed GCC build failure caused by ef22403
Star Zeng [Fri, 24 Feb 2017 02:06:01 +0000 (10:06 +0800)]
ShellPkg UefiDpLib: Fixed GCC build failure caused by ef22403

Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Jaben Carsey <jaben.carsey@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
4 years agoPerformancePkg Dp_App: Fixed GCC build failure caused by 1393510
Star Zeng [Fri, 24 Feb 2017 02:04:19 +0000 (10:04 +0800)]
PerformancePkg Dp_App: Fixed GCC build failure caused by 1393510

Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Jaben Carsey <jaben.carsey@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
4 years agoMdeModulePkg PerformanceLib: Fix GCC build failure caused by cfb0aba
Star Zeng [Fri, 24 Feb 2017 01:51:37 +0000 (09:51 +0800)]
MdeModulePkg PerformanceLib: Fix GCC build failure caused by cfb0aba

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
4 years agoUefiCpuPkg/CpuDxe: Replace EFI_D_xxx with DEBUG_xxx in DEBUG()
Jeff Fan [Wed, 22 Feb 2017 07:53:14 +0000 (15:53 +0800)]
UefiCpuPkg/CpuDxe: Replace EFI_D_xxx with DEBUG_xxx in DEBUG()

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
4 years agoMdeModulePkg SmmSmiHandlerProfileLib: Fix GCC build failure
Star Zeng [Fri, 24 Feb 2017 01:52:58 +0000 (09:52 +0800)]
MdeModulePkg SmmSmiHandlerProfileLib: Fix GCC build failure

Cc: Feng Tian <feng.tian@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
4 years agoArmPkg/CpuDxe: remove VirtualUncachedPages protocol and implementation
Ard Biesheuvel [Thu, 23 Feb 2017 14:43:49 +0000 (14:43 +0000)]
ArmPkg/CpuDxe: remove VirtualUncachedPages protocol and implementation

Virtual uncached pages are simply pages that are aliased using mismatched
attributes, which is not allowed by the ARM architecture. So remove the
protocol and its implementation.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
4 years agoArmPkg: remove DebugUncachedMemoryAllocationLib
Ard Biesheuvel [Thu, 23 Feb 2017 14:38:32 +0000 (14:38 +0000)]
ArmPkg: remove DebugUncachedMemoryAllocationLib

The debug implementation of the UncachedMemoryAllocationLib library
class relies on the creation of an uncached alias of a memory range,
while keeping the original cached mapping, but with read-only attributes
to trap inadvertent write accesses.

This is not a terribly good idea, given that the ARM architecture does
not allow mismatched attributes, and so creating them deliberately is
not something we should encourage by doing it in reference code.

So remove the library, and replace all references to it with a reference
to the non-debug version (unless the platform does not require a resolution
for it in the first place, in which case all UncachedMemoryAllocationLib
references can be removed altogether).

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
4 years agoShellPkg UefiDpLib: Remove TimerLib dependency
Star Zeng [Wed, 8 Jun 2016 07:23:24 +0000 (00:23 -0700)]
ShellPkg UefiDpLib: Remove TimerLib dependency

Current UefiDpLib implementation depends on TimerLib,
as different platforms may implement and use their
own TimerLib, it makes the dp command needs to be built
by platform. The TimerLib dependency can be removed by
using performance property configuration table to make
UefiDpLib to be generic.

Cc: Andrew Fish <afish@apple.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Cinnamon Shia <cinnamon.shia@hpe.com>
Cc: Jaben Carsey <jaben.carsey@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Andrew Fish <afish@apple.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
4 years agoPerformancePkg Dp_App: Remove TimerLib dependency
Star Zeng [Wed, 8 Jun 2016 07:30:22 +0000 (00:30 -0700)]
PerformancePkg Dp_App: Remove TimerLib dependency

Current Dp_App implementation depends on TimerLib,
as different platforms may implement and use their
own TimerLib, it makes the dp application needs to
be built by platform. The TimerLib dependency can
be removed by using performance property configuration
table to make Dp_App to be generic.

Cc: Andrew Fish <afish@apple.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Cinnamon Shia <cinnamon.shia@hpe.com>
Cc: Jaben Carsey <jaben.carsey@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Andrew Fish <afish@apple.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
4 years agoMdeModulePkg: Add performance property configuration table
Star Zeng [Sun, 12 Jun 2016 06:31:58 +0000 (23:31 -0700)]
MdeModulePkg: Add performance property configuration table

Define PERFORMANCE_PROPERTY, and install performance property configuration
table in DxeCorePerformanceLib and SmmCorePerformanceLib.

Cc: Andrew Fish <afish@apple.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Cinnamon Shia <cinnamon.shia@hpe.com>
Cc: Jaben Carsey <jaben.carsey@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Andrew Fish <afish@apple.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
4 years agoOvmfPkg/XenBusDxe: Use EFIAPI for XenStoreVSPrint
Anthony PERARD [Thu, 23 Feb 2017 12:42:08 +0000 (12:42 +0000)]
OvmfPkg/XenBusDxe: Use EFIAPI for XenStoreVSPrint

... because this function use VA_COPY.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
4 years agoNetworkPkg: Update the Ethernet interface name.
Zhang Lubo [Thu, 23 Feb 2017 02:35:48 +0000 (10:35 +0800)]
NetworkPkg: Update the Ethernet interface name.

Update the interface name from ethA ethB to
eth10, eth11 etc if port number more than 9.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Cc: Sriram Subramanian <sriram-s@hpe.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Sriram Subramanian <sriram-s@hpe.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
4 years agoMdeModulePkg: Update the Ethernet interface name.
Zhang Lubo [Thu, 23 Feb 2017 02:37:03 +0000 (10:37 +0800)]
MdeModulePkg: Update the Ethernet interface name.

Update the interface name from ethA ethB to
eth10, eth11 etc if port number more than 9.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Cc: Sriram Subramanian <sriram-s@hpe.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Sriram Subramanian <sriram-s@hpe.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
4 years agoNetworkPkg:Add scriptable configuration to iSCSI driver by leveraging x-UEFI.
Zhang Lubo [Fri, 17 Feb 2017 06:43:41 +0000 (14:43 +0800)]
NetworkPkg:Add scriptable configuration to iSCSI driver by leveraging x-UEFI.

v2:
Add error handling if can not create Attempts in driver entry point.
Since we support to define a macro be a PCD value, we enhance our code
by modifying the structure in IFR_NVDATA. This effect code logic mainly
in Creating Keywords,Convert IFR NvData To AttemptConfigData ByKeyword and
reverse function.
Fix typo errors and sync based on the latest code.

Enable iSCSI keywords configuration based on x-UEFI
name space. we introduce new PCD to control the attempt
numbers which will be created in non activated state, besides
the Attempt name is changed to READ_ONLY attribute in UI.
We can invoke KEYWORD HANDLER Protocol to configure
the related keywords.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Wu Jiaxin jiaxin.wu@intel.com
4 years agoBaseTools: Fix the regression issue caused by commit dc4c77
Yonghong Zhu [Wed, 22 Feb 2017 15:38:01 +0000 (23:38 +0800)]
BaseTools: Fix the regression issue caused by commit dc4c77

In the last commit dc4c77, the _GetHeaderInfo will be called more than
once, which cause the self._ConstructorList.append(Value) append some
duplicate value.

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Liming Gao <liming.gao@intel.com>
4 years agoArmPkg/ArmMmuLib: AARCH64: enable stack alignment checking
Ard Biesheuvel [Wed, 22 Feb 2017 09:38:21 +0000 (09:38 +0000)]
ArmPkg/ArmMmuLib: AARCH64: enable stack alignment checking

Enable the hardware stack alignment check, as mandated by the UEFI spec.
This ensures that the stack pointer is 16 byte aligned at each instance
where it is used as the base address in a load/store operation.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
4 years agoArmPkg/ArmLib: AARCH64: allow the stack aligment (SA) bit to be managed
Ard Biesheuvel [Wed, 22 Feb 2017 09:38:20 +0000 (09:38 +0000)]
ArmPkg/ArmLib: AARCH64: allow the stack aligment (SA) bit to be managed

In preparation of enabling stack alignment checking, which is mandated
by the UEFI spec for AARCH64, add the code to manage this bit to ArmLib.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>