Long Qin [Wed, 1 Nov 2017 08:10:04 +0000 (16:10 +0800)]
CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper
There is one long-standing problem in CRT realloc wrapper, which will
cause the obvious buffer overflow issue when re-allocating one bigger
memory block:
void *realloc (void *ptr, size_t size)
{
//
// BUG: hardcode OldSize == size! We have no any knowledge about
// memory size of original pointer ptr.
//
return ReallocatePool ((UINTN) size, (UINTN) size, ptr);
}
This patch introduces one extra header to record the memory buffer size
information when allocating memory block from malloc routine, and re-wrap
the realloc() and free() routines to remove this BUG.
Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ting Ye <ting.ye@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Validated-by: Jian J Wang <jian.j.wang@intel.com>
Star Zeng [Wed, 25 Oct 2017 09:23:03 +0000 (17:23 +0800)]
IntelSiliconPkg IntelVTdDxe: Use ACPI table event to get DMAR table
Use ACPI table event to get DMAR table instead of using ACPI SDT
notification as ACPI SDT is optional and the default value of
PcdInstallAcpiSdtProtocol is FALSE in MdeModulePkg.dec.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Ard Biesheuvel [Wed, 1 Nov 2017 12:57:26 +0000 (12:57 +0000)]
ArmPlatformPkg/PlatformPeim: allow PlatformPeiLib to set the boot mode
The current interdepencies between the PrePeiCore SEC module, the
platform PEIM and ArmPlatformLib is a bit awkward: due to the fact
that ArmPlatformLib is also used by SEC modules, we cannot use PEI
specific facilities in the implementation of ArmPlatformGetBootMode.
However, given that we call that library function /after/ invoking
PlatformPeiLib, there is no way for that library to set the boot mode
other than resorting to tricks like notification callbacks on arbitrary
unrelated events.
ArmPlatformLib should probably be phased out anyway, given its quirky
nature, but for now, let's fix this particular issue by deferring the
call to PlatformPeim() to after the point where we set the boot mode
by calling ArmPlatformGetBootMode ().
While we're at it, clean up the code slightly by using PeiServicesLib
instead of doing double pointer dereferencing.
Ard Biesheuvel [Wed, 1 Nov 2017 12:54:39 +0000 (12:54 +0000)]
EmbeddedPkg: introduce GPIO PPI
Introduce a PPI counterpart of the existing 'embedded GPIO' protocol,
so we can manipulate GPIOs from PEI modules. This allows things like
setting the boot mode based on a DIP switch setting.
Note that the naming is slightly awkward, as there is nothing 'embedded'
about a GPIO, but given that the DXE protocol already resides here and
has the 'embedded' prefix, it makes sense to retain uniformity.
Dandan Bi [Wed, 1 Nov 2017 08:11:47 +0000 (16:11 +0800)]
BaseTools/VfrCompile: Add check to avoid using NULL pointer
Question value are stored in one specified storage, but the Data type
of the storage is not specified or there is no sub fields in the Data
type sometimes, so we need to add check before using related pointers.
Here list some NULL cases:
(1)For an efivastore which doesn't specify a data structure or a
data type(UINT8,UINT16...)as the storage, just has VarName and
VarSize instead, we can not get its data type before parsing
its VarSize.
(2)For efivastore which just specifies the data type(UINT8,UINT16...)
not a structure as the storage,this data type doesn't have sub-fields.
Benjamin You [Tue, 31 Oct 2017 05:41:50 +0000 (13:41 +0800)]
Add one maintainer to CorebootModulePkg and CorebootPayloadPkg
Add one maintainer (Benjamin You) to CorebootModulePkg and CorebootPayloadPkg
Cc: Maurice Ma <maurice.ma@intel.com> Cc: Prince Agyeman <prince.agyeman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Benjamin You <benjamin.you@intel.com> Reviewed-by: Maurice Ma <maurice.ma@intel.com>
Ruiyu Ni [Wed, 1 Nov 2017 10:12:53 +0000 (18:12 +0800)]
ShellPkg/hexeditor: Use CpuIo for memory access
The original code uses PciRootBridgeIo for memory access.
It worked before MdeModulePkg/PciHostBridgeDxe driver was checked in.
But MdeModulePkg/PciHostBridgeDxe adds checks to ensure the MMIO
access request is in the scope of the current RootBridgeIo instance.
It causes "hexeditor -m 0 2" reports error because memory address 0
surely is not in the scope of any RootBridgeIo instance.
In fact only accessing the MMIO space occupied by the RootBridgeIo
can work.
The patch changes hexeditor to use CpuIo for memory access.
Ard Biesheuvel [Wed, 1 Nov 2017 14:58:42 +0000 (14:58 +0000)]
BaseTools/tools_def AARCH64 ARM: disable PIE linking for .aslc sources
Commit 1894a7c64c0a ("BaseTools/tools_def AARCH64 ARM: disable PIE
linking") works around an issue that was caught due to the fact that
PIE linking produces broken .acpi files. However, v2 of that fix
inadvertently only applied the workaround to the normal linker command
line, and not to the ASLD one, so the issue still persists.
So add the missing -no-pie options for ASLD on ARM and AARCH64.
Mark EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS as deprecated.
1. Make SetVariable/QueryVariableInfo return EFI_UNSUPPORTED with this
attribute
2. No change to GetVariable/GetNextVariableName
Also update several function descriptors accordingly
Cc: Long Qin <qin.long@intel.com> Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Long Qin <qin.long@intel.com>
When PciBus driver fails to load the Option ROM, it doesn't produce
BusOverride protocol. It was a correct behavior before the above
commit. But due to the above commit, BusOverride protocol never is
produced by PciBus driver.
The patch fixes this issue using the following solution:
1. PciBus records the image device path when LoadImage fails.
2. Override.GetDriver() tries to look for the image handle using
the stored image device path.
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
The patch doesn't impact real functionality.
It only renames EFI_PCI_ROM_IMAGE_MAPPING to PCI_ROM_IMAGE,
and changes prototype of PciRomAddImageMapping so that
no explicit type cast is needed when calling this function.
It also removes unused field RomBase from PCI_IO_DEVICE structure.
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
Jiewen Yao [Thu, 21 Sep 2017 07:07:50 +0000 (15:07 +0800)]
IntelSiliconPkg/VtdPeiSample: Add premem support.
Before memory is ready, this sample produces one VTd engine.
After memory and silicon is initialized, this sample produces
both IGD VTd engine and all-rest VTd engine by reinstall the
FV_INFO_PPI.
This update is to demonstrate how to support pre-mem VTd usage.
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
Jiewen Yao [Sat, 23 Sep 2017 08:27:50 +0000 (16:27 +0800)]
IntelSiliconPkg/VtdPmrPei: Add premem support.
Remove memory discovered dependency to support both premem
VTD_INFO_PPI and postmem VTD_INFO_PPI.
If VTD_INFO_PPI is installed before memory is ready, this
driver protects all memory region.
If VTD_INFO_PPI is installed or reinstalled after memory
is ready, this driver allocates DMA buffer and protect rest.
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Laszlo Ersek [Thu, 26 Oct 2017 13:48:31 +0000 (15:48 +0200)]
MdeModulePkg/AtaAtapiPassThru: disable only BM-DMA at ExitBootServices()
Clearing I/O port decoding in the PCI command register at
ExitBootServices() breaks IDE boot in Windows, on QEMU's "pc" (i440fx)
machine type. (AHCI boot on "q35" is unaffected.) Windows seems repeatedly
stuck, apparently waiting for a timeout of sorts.
This is arguably a Windows bug; a native OS driver should not expect the
firmware to leave the PCI command register in any particular state.
Strictly speaking, we only need to disable BM-DMA at ExitBootServices(),
in order to abort pending transfers to/from RAM, which is soon to be owned
by the OS. BM-DMA is also the only bit that's explicitly named by the UEFI
Driver Writers' Guide, for clearing at ExitBootServices().
I've verified that clearing only BM-DMA fixes the issue (boot time) on
i440fx, and does not regress q35/AHCI.
Cc: Aleksei Kovura <alex3kov@zoho.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Dann Frazier <dannf@ubuntu.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Star Zeng <star.zeng@intel.com> Reported-by: Aleksei Kovura <alex3kov@zoho.com> Reported-by: Dann Frazier <dannf@ubuntu.com> Reported-by: https://launchpad.net/~cjkrupp Bisected-by: Dann Frazier <dannf@ubuntu.com> Bisected-by: https://launchpad.net/~cjkrupp Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Suggested-by: Star Zeng <star.zeng@intel.com>
Ref: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/1725560 Fixes: 6fb8ddd36bde45614b0a069528cdc97077835a74
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Tested-by: dann frazier <dann.frazier@canonical.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Tested-by: Aleksei Kovura <alex3kov@zoho.com>
Daniil Egranov [Fri, 27 Oct 2017 05:33:23 +0000 (00:33 -0500)]
Drivers/SataSiI3132Dxe: Fixed PCI IO read and write operations
The ATA pass through read should use PCI IO bus master write operation
and ATA pass through write should use PCI IO bus master read operation
as the read and write operations are executed from the bus master's
point of view.
This causes a property like 'linux,code' to be converted into '1,code'
which is obviously wrong. So let's get rid of all the predefined macros
by passing -undef to the preprocessor command line.
Ard Biesheuvel [Wed, 25 Oct 2017 09:52:17 +0000 (10:52 +0100)]
BaseTools/tools_def AARCH64 ARM: disable PIE linking
Some prebuilt GCC toolchains targeting aarch64 (e.g., the Debian Stretch
one) will default to building PIE executables. This has been observed to
corrupt ACPI tables built from .aslc sources, so disable PIE linking
altogether when using the GCC toolchain to build for AARCH64 or ARM.
Eric Dong [Thu, 26 Oct 2017 05:55:21 +0000 (13:55 +0800)]
UefiCpuPkg/MpInitLib: Keep compatible with former AP counting solution.
For some special platforms (such as Ovmf), it is possible
that, some APs start up *and finish* before the remaining
APs start up *at all*. In this case, the enhance
solution by changes 0594ec41 not works as expected.
This change remove check CpuMpData->CpuCount logic to let old
solution still workable if platform owner still set a long
time for PcdCpuApInitTimeOutInMicroSeconds. It's platform
owner's response to decide which solution to use.
Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Jeff Fan <vanjeff_919@hotmail.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jeff Fan <vanjeff_919@hotmail.com>
Eric Dong [Thu, 26 Oct 2017 02:28:23 +0000 (10:28 +0800)]
UefiCpuPkg/CpuFeatures: Export HOB if CPU initialized in PEI
In current implementation, CPU initialized can be done in PEI
or DXE phase. PEI uses CpuFeaturesPei and Dxe uses CpuFeaturesDxe.
If CPU initialized in PEI phase, CpuFeaturesDxe driver will
not be used. This driver will install gEdkiiCpuFeaturesInitDoneGuid
protocol after it initializes the CPU.
Some drivers depend on this protocol to dispatch themselves. If
CpuFeaturesDxe not been used, these drivers will not be dispatched.
This patch fix the above issue. If Cpu initialized in PEI
phase, it also report a guid HOB for CpuFeaturesDxe.
CpuFeaturesDxe will check this HOB first. If it found this
HOB, it just install gEdkiiCpuFeaturesInitDoneGuid protocol,
else it will also do the CPU initialization.
Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Laszlo Ersek [Tue, 24 Oct 2017 10:20:57 +0000 (12:20 +0200)]
Maintainers.txt: add Laszlo Ersek as UefiCpuPkg reviewer
UefiCpuPkg hosts a number of modules (SMM infrastructure,
MP-initialization) that may behave differently enough between
virtualization guests and physical boards that they merit regression
testing and review specifically from a virtualization perspective.
Add Laszlo as a UefiCpuPkg reviewer (not maintainer) so that he be CC'd on
all UefiCpuPkg patches.
> R: Package Reviewer: Cc address for patches and questions. Reviewers
> help maintainers review code, but don't have push access.
Cc: Andrew Fish <afish@apple.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Jeff Fan <vanjeff_919@hotmail.com> Cc: Leif Lindholm <leif.lindholm@linaro.org> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Star Zeng [Wed, 25 Oct 2017 08:55:46 +0000 (16:55 +0800)]
IntelSiliconPkg IntelVTdDxe: use gEfiAcpi10TableGuid for ACPI 1.0
According to definition (Acpi.h and MdePkg.dec),
gEfiAcpiTableGuid = gEfiAcpi20TableGuid, and the code is trying
to parse ACPI 2.0 first and then ACPI 1.0, but it uses
gEfiAcpiTableGuid wrongly for ACPI 1.0, this patch is to fix it.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Jiaxin Wu [Fri, 20 Oct 2017 06:46:31 +0000 (14:46 +0800)]
MdeModulePkg/Ip4Dxe: Trigger Ip4Config2 to retrieve the default address.
According the UEFI spec 2.7 A:
In section 28.3.2 for the IpConfigData.UseDefaultAddress, "While set to
TRUE, Configure() will trigger the EFI_IP4_CONFIG2_PROTOCOL to retrieve
the default IPv4 address if it is not available yet."
In section 28.5 for the Ip4Config2PolicyDhcp, "...All of these configurations
are retrieved from DHCP server or other auto-configuration mechanism."
This patch is to align with the above description. When the default IPv4
address is not available and IpConfigData.UseDefaultAddress is set to TRUE,
Ip4Config2 protocol will be called to retrieve the default address by setting
the policy to Ip4Config2PolicyDhcp.
Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Jiaxin Wu [Mon, 16 Oct 2017 06:53:09 +0000 (14:53 +0800)]
NetworkPkg/IScsiDxe: Fix the incorrect/needless DHCP process.
The existing attempt should not trigger the DHCP process if it
doesn't associates with the current NIC. That's incorrect when
displaying the initiator info in attempt page.
Cc: Karunakar P <karunakarp@amiindia.co.in> Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Karunakar p <karunakarp@amiindia.co.in>
Laszlo Ersek [Tue, 10 Oct 2017 11:44:16 +0000 (13:44 +0200)]
MdeModulePkg/Variable/RuntimeDxe: delete & lock MOR in the absence of SMM
VariableRuntimeDxe deletes and locks the MorLock variable in
MorLockInit(), with the argument that any protection provided by MorLock
can be circumvented if MorLock can be overwritten by unprivileged code
(i.e., outside of SMM).
Extend the argument and the logic to the MOR variable, which is supposed
to be protected by MorLock. Pass Attributes=0 when deleting MorLock and
MOR both.
This change was suggested by Star; it is inspired by earlier VariableSmm
commit fda8f631edbb ("MdeModulePkg/Variable/RuntimeDxe: delete and lock
OS-created MOR variable", 2017-10-03).
Cc: Eric Dong <eric.dong@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Star Zeng <star.zeng@intel.com> Suggested-by: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
Eric Dong [Mon, 23 Oct 2017 07:02:36 +0000 (15:02 +0800)]
UefiCpuPkg/MpInitLib: Enhance waiting for AP initialization logic.
Current logic always waiting for a specific value to collect all APs
count. This logic may caused some platforms cost too much time to
wait for time out.
This patch add new logic to collect APs count. It adds new variable
NumApsExecuting to detect whether all APs have finished initialization.
Each AP let NumApsExecuting++ when begin to initialize itself and let
NumApsExecuting-- when it finish the initialization. BSP base on whether
NumApsExecuting == 0 to finished the collect AP process.
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Jeff Fan <vanjeff_919@hotmail.com>
Eric Dong [Mon, 23 Oct 2017 06:45:44 +0000 (14:45 +0800)]
UefiCpuPkg/MpInitLib: Change AP Index variable name.
Original AP index variable name not well express the meaning
of the variable. Also this name is better used in later patch.
So change the variable name for better understanding.
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Jeff Fan <vanjeff_919@hotmail.com>
Peter Jones [Fri, 20 Oct 2017 15:10:18 +0000 (23:10 +0800)]
CryptoPkg/BaseCryptLib: remove some duplicate initializations.
clang-analyzer noticed this:
Pk/CryptPkcs7Verify.c:600:5: warning: Value stored to 'OldSize' is never read
OldSize = BufferSize;
^ ~~~~~~~~~~
Pk/CryptPkcs7Verify.c:644:5: warning: Value stored to 'OldSize' is never read
OldSize = BufferSize;
^ ~~~~~~~~~~
2 warnings generated.
These are each immediately followed by a loop that initializes them (to
the same values) a second time, and are otherwise only referenced inside
that loop, so there's just no point to these assignments at all.
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Peter Jones <pjones@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Long Qin <qin.long@intel.com>
Ard Biesheuvel [Fri, 20 Oct 2017 13:30:11 +0000 (14:30 +0100)]
EmbeddedPkg: add driver to set graphical/serial console preference
Linux on ARM/arm64 will infer from the presence of a /chosen/stdout-path
DT property or of a SPCR ACPI table that the primary console is the serial
port, even if a graphical console is available as well.
So let's introduce a driver that allows the user to set a preference
between graphical and serial if both are available. If the preference
is set to 'Graphical', and any GOP protocol instances have been installed
by the time the ReadyToBoot event is signalled, remove the DT property
and/or the SPCR table entirely.
The patch firstly updated the Bridge->Alignment to the maximum
alignment of all devices under the bridge, then aligned the
Bridge->Length to Bridge->Alignment.
It caused too much resources were claimed.
The new patch firstly aligns Bridge->Length to Bridge->Alignment,
then updates the Bridge->Alignment to the maximum alignment of all
devices under the bridge.
Because the step to update the Bridge->Alignment is to make sure
the resource allocated to the bus under the Bridge meets all
devices alignment. But the Bridge->Length doesn't have to align
to the maximum alignment.
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com>
Ruiyu Ni [Mon, 23 Oct 2017 05:11:40 +0000 (13:11 +0800)]
UefiCpuPkg/MtrrLib: Use SetMem instead of SetMem64 to fix hang
ClearMasks and OrMasks are not 8-byte aligned.
But SetMem64 requires the input address is 8-byte aligned.
If the input is not 8-byte aligned, assertion is hit.
Use SetMem instead.
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com>
Ruiyu Ni [Thu, 19 Oct 2017 06:14:33 +0000 (14:14 +0800)]
ShellPkg/editor: Fix system hang when console max column > 200
EditorClearLine() assumes the console max column is less than 200.
When the max column is bigger than 200, the code incorrectly
modifies the content out side of Line buffer.
It may cause system hang or reset.
The patch changes the function to print several times when
the max column is bigger than 200.
Fu Siyuan [Tue, 17 Oct 2017 13:05:59 +0000 (21:05 +0800)]
NetworkPkg: Remove ping6 and ifconfig shell application.
Edk2 has duplicated ping6/ifconfig6 implementation in NetworkPkg and ShellPkg.
The usage and parameter format of these 2 versions are exactly same. These two
commands have been added to Shell specification so the copy under
ShellPkg\Library\UefiShellNetwork2CommandsLib\
will be actively maintained in future.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com>
Ruiyu Ni [Thu, 19 Oct 2017 02:43:08 +0000 (10:43 +0800)]
UefiCpuPkg/MtrrLib: Fix bug that may incorrectly set <1MB attribute
MtrrLibSetBelow1MBMemoryAttribute() may be called multiple times.
It's possible that in a 2nd call, Modified[0] is set to TRUE in
1st call but ClearMasks[0] and OrMasks[0] is uninitialized in
2nd call. It causes FixedSettings->Mtrr[0] be set to random
data.
The patch fixes this issue by introducing a local Modified[]
array and only updates FixedSettings->Mtrr[] when LocalModified[i]
is TRUE.
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
Eric Dong [Thu, 19 Oct 2017 02:40:16 +0000 (10:40 +0800)]
UefiCpuPkg/MpInitLib: Avoid call PcdGet* in Ap & Bsp.
MicrocodeDetect function will run by every threads, and it will
use PcdGet to get PcdCpuMicrocodePatchAddress and
PcdCpuMicrocodePatchRegionSize, if change both PCD default to dynamic,
system will in non-deterministic behavior.
By design, UEFI/PI services are single threaded and not re-entrant
so Multi processor code should not use UEFI/PI services. Here, Pcd
protocol/PPI is used to access dynamic PCDs so it would result in
non-deterministic behavior.
This code get PCD value in BSP and save them in CPU_MP_DATA for Ap.
chenc2 [Wed, 18 Oct 2017 06:23:45 +0000 (14:23 +0800)]
SecurityPkg/SecureBootConfigDxe: Handle lack of STR_SIGNATURE_* tokens
Add check to avoid NULL ptr dereference. The function HiiGetString
will return NULL pointer when the platform does not install the
appropriate string or call HiiGetString fail.(For example, HII not
support specified language.)
Laszlo Ersek [Tue, 17 Oct 2017 21:29:33 +0000 (23:29 +0200)]
OvmfPkg: fix dynamic default for oprom verification policy PCD without SB
I missed the following, both while reviewing and while testing commit 6041ac65ae87 ("OvmfPkg/PlatformPei: DENY_EXECUTE_ON_SECURITY_VIOLATION
when SEV is active", 2017-10-05):
If "-D SECURE_BOOT_ENABLE" is not passed on the "build" command line, then
OVMF has no dynamic default at all for
"PcdOptionRomImageVerificationPolicy". This means that the PcdSet32S()
call added in the subject commit doesn't even compile:
> OvmfPkg/PlatformPei/AmdSev.c: In function 'AmdSevInitialize':
> OvmfPkg/PlatformPei/AmdSev.c:67:3: error: implicit declaration of
> function '_PCD_SET_MODE_32_S_PcdOptionRomImageVerificationPolicy'
> [-Werror=implicit-function-declaration]
> PcdStatus = PcdSet32S (PcdOptionRomImageVerificationPolicy, 0x4);
> ^
> cc1: all warnings being treated as errors
Make the current, SB-only, 0x00 dynamic default unconditional.
This is the simplest approach, and it reflects the intent of original
commit 1fea9ddb4e3f ("OvmfPkg: execute option ROM images regardless of
Secure Boot", 2016-01-07). Without SECURE_BOOT_ENABLE,
"SecurityPkg/Library/DxeImageVerificationLib" is not used anyway, so the
PCD is never read.
This issue was first caught and reported by Gerd Hoffmann
<kraxel@redhat.com>'s Jenkins CI. Later it was also reported in
<https://bugzilla.tianocore.org/show_bug.cgi?id=737>.
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Fixes: 6041ac65ae879389f3ab5c0699f916d3e71c97fe
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com>
[lersek@redhat.com: trim commit message as suggested by Jordan] Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
[lersek@redhat.com: add reference to TianoCore BZ#737]
Long Qin [Thu, 12 Oct 2017 01:12:42 +0000 (09:12 +0800)]
SecurityPkg/Pkcs7Verify: Add the comments to address security problem
Add the comments to address security problems in the Pkcs7Verify Protocol
per UEFI 2.7 updates.
The Pkcs7Verifier function VerifySignature() has problematic use cases
where it might be used to unwittingly bypass security checks. The specific
problem is that if the supplied hash is a different algorithm from the
blacklist hash, the hash will be approved even if it should have been
denied. The added comments place a strong warning about the problem.
It is possible to use the protocol reliably, either by agreeing a hash to
use for all time (like sha256) or by looping over all supported hashes when
using the protocol.
BaseTools/BuildEnv: override "set -C" (noclobber) in sourcing shell env
The BuildEnv utility is sourced (executed by the user's interactive shell)
when the user sets up the build session. Some users like to set -C
(noclobber) for some additional safety in their shells, which trips up
BuildEnv. Update the redirection operator so that it overrides noclobber.
Laszlo Ersek [Tue, 17 Oct 2017 18:54:00 +0000 (20:54 +0200)]
SecurityPkg/AuthVariableLib: fix GCC build error
Commit 53c6ff180327 ("SecurityPkg:AuthVariableLib:Implement ECR1707 for
Private Auth Variable", 2017-09-12) introduced the following build
failure under several GCC toolchain versions:
> SecurityPkg/Library/AuthVariableLib/AuthService.c: In function
> 'CalculatePrivAuthVarSignChainSHA256Digest':
> SecurityPkg/Library/AuthVariableLib/AuthService.c:1567:58: error:
> pointer targets in passing argument 3 of 'X509GetCommonName' differ in
> signedness [-Werror=pointer-sign]
> Status = X509GetCommonName(SignerCert, SignerCertSize, CertCommonName, &CertCommonNameSize);
> ^~~~~~~~~~~~~~
> In file included from
> SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h:34:0,
> from
> SecurityPkg/Library/AuthVariableLib/AuthService.c:32:
> CryptoPkg/Include/Library/BaseCryptLib.h:2202:1: note: expected 'CHAR8 *
> {aka char *}' but argument is of type 'UINT8 * {aka unsigned char *}'
> X509GetCommonName (
> ^~~~~~~~~~~~~~~~~
> cc1: all warnings being treated as errors
Fix it by changing the type of "CertCommonName" to array-of-CHAR8.
Locations where "CertCommonName" is used in the
CalculatePrivAuthVarSignChainSHA256Digest() function:
- it is taken the size of -- not impacted by this patch;
- passed to X509GetCommonName() as an argument -- the patch fixes the
build error;
- passed to Sha256Update() as argument for "IN CONST VOID *Data" -- not
impacted by the patch;
- passed to AsciiStrLen() as argument -- drop the now-superfluous explicit
cast.
Since we are touching the Sha256Update() function call, fix the coding
style too:
- the line is overlong, so break each argument to its own line;
- insert a space between "AsciiStrLen" and the opening paren "(".
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Gary Lin <glin@suse.com> Cc: Leif Lindholm <leif.lindholm@linaro.org> Cc: Long Qin <qin.long@intel.com> Reported-by: Gary Lin <glin@suse.com> Suggested-by: Gary Lin <glin@suse.com> Suggested-by: Long Qin <qin.long@intel.com> Fixes: 53c6ff18032737fabb644a9e0c781d91a6830248
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Brijesh Singh [Thu, 5 Oct 2017 20:16:42 +0000 (15:16 -0500)]
OvmfPkg/PlatformPei: DENY_EXECUTE_ON_SECURITY_VIOLATION when SEV is active
The following commit:
1fea9ddb4e3f OvmfPkg: execute option ROM images regardless of Secure Boot
sets the OptionRomImageVerificationPolicy to ALWAYS_EXECUTE the expansion
ROMs attached to the emulated PCI devices. A expansion ROM constitute
another channel through which a cloud provider (i.e hypervisor) can
inject a code in guest boot flow to compromise it.
When SEV is enabled, the bios code has been verified by the guest owner
via the SEV guest launch sequence before its executed. When secure boot,
is enabled, lets make sure that we do not allow guest bios to execute a
code which is not signed by the guest owner.
Brijesh Singh [Thu, 5 Oct 2017 20:16:41 +0000 (15:16 -0500)]
SecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic
By default the image verification policy for option ROM images is 0x4
(DENY_EXECUTE_ON_SECURITY_VIOLATION) but the following OvmfPkg commit:
1fea9ddb4e3f OvmfPkg: execute option ROM images regardless of Secure Boot
set it to 0x0 (ALWAYS_EXECUTE). This is fine because typically option
ROMs comes from host-side and most of the time cloud provider (i.e
hypervisor) have full access over a guest anyway. But when secure boot
is enabled, we would like to deny the execution of option ROM when
SEV is active. Having dynamic Pcd will give us flexibility to set the
security policy at the runtime.
Fixes: https://bugzilla.tianocore.org/show_bug.cgi?id=728 Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Tom Lendacky <thomas.lendacky@amd.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Long Qin <qin.long@intel.com>
chenc2 [Tue, 17 Oct 2017 08:45:06 +0000 (16:45 +0800)]
SecurityPkg/SecureBootConfigDxe: Change the declaring of buffer.
The change doesn't impact the functionality.
To avoid magic code is helpful for maintaining the codes.
Use stack variable for known max length variable is more
clear and safe than heap buffer.
Dandan Bi [Mon, 16 Oct 2017 03:37:08 +0000 (11:37 +0800)]
Security/OpalHii.c: Handle NULL Request or Request with no elements
According to UEFI spec, for the ExtractConfig function in
EFI_HII_CONFIG_ACCESS_PROTOCOL,If a NULL is passed in for the Request
field or if a ConfigHdr is passed in with no request elements, all of
the settings being abstracted by this function will be returned in the
Results field.
The implementation of ExtractConfig function in OpalHii.c misses to
handle above cases.This patch is to do the enhancements.
Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Dandan Bi <dandan.bi@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com>
Ruiyu Ni [Tue, 17 Oct 2017 01:46:27 +0000 (09:46 +0800)]
UefiCpuPkg/MtrrLib: Fix MtrrDebugPrintAllMtrrsWorker to avoid hang
ARRAY_SIZE(Mtrrs->Variables.Mtrr) was used in
MtrrDebugPrintAllMtrrsWorker() to parse the MTRR registers.
Instead, the actual variable MTRR count should be used.
Otherwise, the uninitialized random data in MtrrSetting may cause
MtrrLibSetMemoryType() hang.
Steven Shi found this bug in QEMU when using Q35 chip.
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Steven Shi <steven.shi@intel.com> Cc: Laszlo Ersek <lersek@redhat.com>
Ruiyu Ni [Mon, 16 Oct 2017 07:30:23 +0000 (15:30 +0800)]
ShellPkg/UefiShellLib: Use a more bright blue/green color
Some developers/QAs complain the color of directory or executable
files is hard to see and suggest to use a more bright color.
I agree with this suggestion so make this patch.
The look and feel is much better now.
Yonghong Zhu [Fri, 13 Oct 2017 02:47:24 +0000 (10:47 +0800)]
BaseTools: Fix a bug Build directory should relative to WORKSPACE
The bug is for build output files it still use mws.join function, it
cause maybe we will get the build output files in the PACKAGES_PATH
because mws.join will try WORKSPACE first, if the file doesn't exist
then try PACKAGES_PATH. But for build output, we expected it should
relative to WORKSPACE.
Ruiyu Ni [Wed, 27 Sep 2017 09:56:41 +0000 (17:56 +0800)]
UefiCpuPkg/MtrrLib: Update algorithm to calculate optimal settings
The new algorithm converts the problem calculating optimal
MTRR settings (using least MTRR registers) to the problem finding
the shortest path in a graph.
The memory required in extreme but rare case can be up to 256KB,
so using local stack buffer is impossible considering current
DxeIpl only allocates 128KB stack.
The patch changes existing MtrrSetMemoryAttributeInMtrrSettings() and
MtrrSetMemoryAttribute() to use the 4-page stack buffer for
calculation. The two APIs return BUFFER_TOO_SMALL when the buffer
is too small for calculation.
The patch adds a new API MtrrSetMemoryAttribute*s*InMtrrSettings() to
set multiple-range attributes in one function call.
Since every call to MtrrSetMemoryAttributeInMtrrSettings (without-s)
or MtrrSetMemoryAttribute() requires to calculate the MTRRs for the
whole physical memory, combining multiple calls in one API can
significantly reduce the calculation time.
In theory, if N times of call to without-s API costs N seconds,
the new API only costs 1 second.
The new API uses the buffer supplied from caller to calculate
MTRRs and returns BUFFER_TOO_SMALL when the buffer is too small for
calculation.
Test performed:
1. Random test
a. Generate random memory settings, use the new algorithm to
calculate the MTRRs.
b. Read back the MTRRs and check the memory settings match
the desired memory settings.
c. Repeat the above #1 and #2 100000 times.
2. OVMF 32PEI + 64DXE boot to shell.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Eric Dong <eric.dong@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
The patch changes MtrrLibLeastAlignment() to
MtrrLibBiggestAlignment() and optimizes the implementation
to be more efficient.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Eric Dong <eric.dong@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
The patch replaces some if-checks with assertions because
they are impossible to happen.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Eric Dong <eric.dong@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
1. Leverage Pre-Hashed FV PPI to reduce duplicated hash
2. Only measure BFV at the beginning. Other FVs are measured in FVinfo callback with nested
FV check. https://bugzilla.tianocore.org/show_bug.cgi?id=662
Cc: Long Qin <qin.long@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Cc: Sean Brogan <sean.brogan@microsoft.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Long Qin <qin.long@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
SecurityPkg:AuthVariableLib:Implement ECR1707 for Private Auth Variable
ECR1707 for UEFI2.7 clarified certificate management rule for private time-based
AuthVariable.Trusted cert rule changed from whole signer's certificate stack to
top-level issuer cert tbscertificate + SignerCert CN for better management compatibility.
Hash is used to reduce storage overhead.
Ifconfig : Fixed False information about Media State.
Issue : We were setting MediaPresent as TRUE (default) and
not checking return status of NetLibDetectMedia().
NetLibDetectMedia() sets MediaPresent FLAG in case of success
only and dont change flag on error.
So, Media State will display as 'Media Present', in case of
error also.
Fix : Check return value of NetLibDetectMedia(), if error then
print "Media State Unknown"
Eric Dong [Thu, 12 Oct 2017 08:31:58 +0000 (16:31 +0800)]
UefiCpuPkg/S3Resume2Pei: Handle Communicate Ppi not exist issue.
Current code assume Communicate Ppi always existed, so it adds
ASSERT to confirm it. Ovmf platform happened not has this Ppi, so
the ASSERT been trig. This patch handle Ppi not existed case.
Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Eric Dong <eric.dong@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Eric Dong [Wed, 11 Oct 2017 01:29:52 +0000 (09:29 +0800)]
MdeModulePkg/PiSmmCore: Install Protocol when S3 resume finished.
Install EdkiiSmmEndOfS3ResumeProtocol when S3 resume finished.
S3ResumePei will send S3 resume finished event to SmmCore through
communication buffer.
V2 change:
None.
V3 change:
1. Uninstall the protocol right after install it to avoid run out of memory.
Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Eric Dong [Wed, 11 Oct 2017 01:25:07 +0000 (09:25 +0800)]
UefiCpuPkg/S3Resume2Pei: Send S3 resume finished event to SmmCore.
Driver will send S3 resume finished event to SmmCore through communicate
buffer after it signals EndOfPei event.
V2 Changes:
1. Change structures name to avoid they start with EFI_.
2. Base on DXE phase bits to provide communication buffer, current implement
check both PEI and DXE phase.
V3 Changes:
1. Change structure name for better understanding.
2. Enhance communication buffer calculate logic to more accurate.
Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Eric Dong [Wed, 11 Oct 2017 01:21:00 +0000 (09:21 +0800)]
MdeModulePkg/SmmEndOfS3Resume.h: Add new protocol definition.
Add gEdkiiSmmEndOfS3ResumeProtocolGuid which used by SmmCore to
notify smm drives that S3 resume has finished.
Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Ruiyu Ni [Tue, 10 Oct 2017 08:57:38 +0000 (16:57 +0800)]
MdeModulePkg/Bds: Check variable name even *if* OptionNumber is NULL
Current implementation skips to check whether the last four
characters are digits when the OptionNumber is NULL.
Even worse, it may incorrectly return FALSE when OptionNumber is
NULL.
The patch fixes it to always check the variable name even
OptionNumber is NULL.
Ruiyu Ni [Tue, 10 Oct 2017 08:39:12 +0000 (16:39 +0800)]
MdeModulePkg/Bds: Remove assertion in BmCharToUint
BmCharToUint() could be called using external data and it
already contains logic to return -1 when data is invalid,
so removing unnecessary assertion to avoid system hang.
Jian J Wang [Mon, 9 Oct 2017 14:02:27 +0000 (22:02 +0800)]
OvmfPkg/QemuVideoDxe: Bypass NULL pointer detection during VBE SHIM installing
QemuVideoDxe driver will link VBE SHIM into page 0. If NULL pointer
detection is enabled, this driver will fail to load. NULL pointer detection
bypassing code is added to prevent such problem during boot.
Please note that Windows 7 will try to access VBE SHIM during boot if it's
installed, and then cause boot failure. This can be fixed by setting BIT7
of PcdNullPointerDetectionPropertyMask to disable NULL pointer detection
after EndOfDxe. As far as we know, there's no other OSs has such issue.
Cc: Laszlo Ersek <lersek@redhat.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Michael Kinney <michael.d.kinney@intel.com> Cc: Ayellet Wolman <ayellet.wolman@intel.com> Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Jian J Wang [Mon, 9 Oct 2017 14:01:49 +0000 (22:01 +0800)]
IntelFrameworkModulePkg/Csm: Add code to bypass NULL pointer detection
Legacy has to access interrupt vector, BDA, etc. located in memory between
0-4095. To allow as much code as possible to be monitored by NULL pointer
detection, we add code to temporarily disable this feature right before
those memory access and enable it again afterwards.
Cc: Star Zeng <star.zeng@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Michael Kinney <michael.d.kinney@intel.com> Cc: Ayellet Wolman <ayellet.wolman@intel.com> Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
Jian J Wang [Mon, 9 Oct 2017 14:00:39 +0000 (22:00 +0800)]
UefiCpuPkg/PiSmmCpuDxeSmm: Implement NULL pointer detection for SMM code
The mechanism behind is the same as NULL pointer detection enabled in EDK-II
core. SMM has its own page table and we have to disable page 0 again in SMM
mode.
Cc: Star Zeng <star.zeng@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Michael Kinney <michael.d.kinney@intel.com> Cc: Ayellet Wolman <ayellet.wolman@intel.com> Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com>
Jian J Wang [Mon, 9 Oct 2017 13:58:55 +0000 (21:58 +0800)]
MdeModulePkg/Core/Dxe: Add EndOfDxe workaround for NULL pointer detection
One of issue caused by enabling NULL pointer detection is that some PCI
device OptionROM, binary drivers and binary OS boot loaders may have NULL
pointer access bugs, which will prevent BIOS from booting and is almost
impossible to fix. BIT7 of PCD PcdNullPointerDetectionPropertyMask is used
as a workaround to indicate BIOS to disable NULL pointer detection right
after event gEfiEndOfDxeEventGroupGuid, and then let boot continue.
Cc: Star Zeng <star.zeng@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Michael Kinney <michael.d.kinney@intel.com> Cc: Ayellet Wolman <ayellet.wolman@intel.com> Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
NULL pointer detection is done by making use of paging mechanism of CPU.
During page table setup, if enabled, the first 4-K page (0-4095) will be
marked as NOT PRESENT. Any code which unintentionally access memory between
0-4095 will trigger a Page Fault exception which warns users that there's
potential illegal code in BIOS.
This also means that legacy code which has to access memory between 0-4095
should be cautious to temporarily disable this feature before the access
and re-enable it afterwards; or disalbe this feature at all.
Cc: Star Zeng <star.zeng@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Michael Kinney <michael.d.kinney@intel.com> Cc: Ayellet Wolman <ayellet.wolman@intel.com> Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
PCD PcdNullPointerDetectionPropertyMask is a bitmask used to control the
NULL address detection functionality in code for different phases.
If enabled, accessing NULL address in UEFI or SMM code can be caught
as a page fault exception.
BIT0 - Enable NULL pointer detection for UEFI.
BIT1 - Enable NULL pointer detection for SMM.
BIT2..6 - Reserved for future uses.
BIT7 - Disable NULL pointer detection just after EndOfDxe. This is a
workaround for those unsolvable NULL access issues in
OptionROM, boot loader, etc. It can also help to avoid
unnecessary exception caused by legacy memory (0-4095) access
after EndOfDxe, such as Windows 7 boot on Qemu.
Cc: Star Zeng <star.zeng@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Michael Kinney <michael.d.kinney@intel.com> Cc: Ayellet Wolman <ayellet.wolman@intel.com> Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Yonghong Zhu [Mon, 9 Oct 2017 13:21:56 +0000 (21:21 +0800)]
BaseTools: Fix the Keyword error for <ExtendedFvEntry> in FDF File
current in FDF spec 3.6 [FV] section it use "FV_EXT_ENTRY_TYPE" as
Keyword for <ExtendedFvEntry>, while in the code it use "FV_EXT_ENTRY".
To keep compatibility, this patch support both keyword in the code
first.
projects / mirror_edk2.git / log