| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The scratch buffer (EfiBootServicesData) is assigned to extract DXE FVs
that are compressed. The matching decompression library returns the buffer
size as below. The buffer is no longer used after completing extraction.
Need to free the buffer to optimize memory allocation and usage.
BaseUefiDecompressLib : sizeof (SCRATCH_DATA)
LzmaCustomDecompressLib : SCRATCH_BUFFER_REQUEST_SIZE (64KB)
BrotliCustomDecompressLib : From EncodeData header (usually, xxMB checked)
In case of Brotli decompression, it is found that a big chunk of memory is
required, based on EncodeData header. (e.g. a 4MB compressed FV reports
about 39MB scratch size)
Signed-off-by: Phil Noh <Phil.Noh@amd.com>
|
|
The issue with locating the expected interface and endpoint descriptors
arises because `configDesc` (USB_CONFIG_DESCRIPTOR) and `IfDesc`
(USB_INTERFACE_DESCRIPTOR) are incremented by structure size rather than
by actual descriptor length.
Specifically:
- `configDesc` should be incremented by its actual length.
- `IfDesc` should be incremented by its actual length.
This incorrect increment causes misalignment, preventing access to the
subsequent interface and endpoint descriptors.
[Suggested Solution]
Update the code to increment the pointers by the actual descriptor lengths,
ensuring proper access to all descriptors in the USB configuration.
Signed-off-by: Aniket Surekar <Aniket.Surekar@Dell.com>
|
|
According to UEFI spec 2.10 errata A section 7.4.6
"All events from the EFI_EVENT_GROUP_BEFORE_EXIT_BOOT_SERVICES and
EFI_EVENT_GROUP_EXIT_BOOT_SERVICES event notification groups as well
as events of type EVT_SIGNAL_EXIT_BOOT_SERVICES must be signaled
before ExitBootServices() returns EFI_SUCCESS. The events are only
signaled once even if ExitBootServices() is called multiple times."
So keep track of whether ExitBootServices() has been called, and signal
the event group EFI_EVENT_GROUP_BEFORE_EXIT_BOOT_SERVICES only the first
time around.
EFI_EVENT_GROUP_EXIT_BOOT_SERVICES will only be signalled if
ExitBootServices() is going to run to [successful] completion, after
which calling it a second time is not possible anyway. So for this case,
no special handling is needed.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
|
|
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4874
Question CheckBox, OneOf and Numeric can refer to Bit EFI VarStore.
CheckBox: data type is Boolean (1 byte),
Numeric/Oneof: data type is always UNIT32 for BIT VarStore,
When get default value for BIT VarStore, should return default value
with sizeof (UINT32) rather than the byte the bit width occupied.
Or incorrect default value will be used due to the size mismatch.
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
|
|
gEfiHobMemoryAllocModuleGuid is referenced in the HobPrintLib,
but it is not defined in the INF file, causing an unresolved
external error when the module is consumed by code.
Signed-off-by: Aaron Pop <aaronpop@microsoft.com>
|
|
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4873
Currently the function does not cover the 5 level paging case. it will
casued pagetable protection region set incorrectly. This patch do the
enhancemant and with the patch protection region has been set correctly.
Signed-off-by: Ning Feng <ning.feng@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
|
|
Now that the ResetVectors are USER_DEFINED modules, they will not
be linked against StackCheckLibNull, which were the only modules
causing issues. So, we can now remove the kludge we had before
and the requirement for every DSC to include StackCheckLibNull
for SEC modules and just apply StackCheckLibNull globally.
This also changes every DSC to drop the SEC definition of
StackCheckLibNull.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
|
|
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4858
Ph52a PCIE to SATA card inserted on Intel MTL/ARL causes system hanged.
Root cause of this issue is because Ph52a's driver only uses DevicePath
protocol alone and EDK2 driver only uses PciIo protocol alone. Both
drivers start and try to manage SATA controller.
Signed-off-by: Paul Chang <paulchang@ami.com>
|
|
storage data format
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4857
NVS needs to support both authenticated and non-authenticated
header for NV region. PcdNvStoreDefaultValueBuffer can have
variables with data format of the type Authenticated variable storage
and this change provides the support to differentiate between
the normal variable storage and authenticated variable storage
for the hii database to consume and update the setup variables
accordingly
Signed-off-by: nikhil p sheshagiri <nikhil.p.sheshagiri@intel.com>
|
|
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4490
Added PPI support in UFS PEI driver to link the platform specific code
as same as UFS DXE driver.
Signed-off-by: Kanagavel S <kanagavels@ami.com>
|
|
Some serial device may not support SetControl. Ignore the error from
SetControl if EFI_UNSUPPORTED is return.
Signed-off-by: Hua Ma <hua.ma@intel.com>
|
|
On AARCH64, there is no ordering guarantee between configuration
space (ECAM) writes and memory space reads (MMIO). ARM AMBA CHI
only guarantees ordering for reads and writes within a single address
region, however, on some systems MMIO and ECAM may be split into
separateaddress regions.
A problem may arise when an ECAM write is issued a completion before a
subsequent MMIO read is issued and receives a completion.
For example, a typical PCI software flow is the following:
1. ECAM write to device command register to enable memory space
2. MMIO read from device memory space for which access was enabled
in step 1.
There is no guarantee that step 2. will not begin before the completion
of step 1.
on systems where ECAM/MMIO are specified as separate address regions,
even
if both spaces have the memory attributes device-nGnRnE.
- Add a barrier after the final PCI Configuration space write
in RootBridgeIoPciAccess. Configuration space reads should not have
side-efects.
- When configuration space is strongly ordered, this ensures
that program execution cannot continue until the completion
is received for the previous Cfg-Write, which may have side-effects.
- Risk of reading a "write-only" register and causing a CA which leaves
the device unresponsive. The expectation based on the PCI Base Spec
v6.1 section 7.4 is that all PCI Spec-defined registers will be readable,
however, there may exist design-specific registers that fall into
this category.
Signed-off-by: Aaron Pop <aaronpop@microsoft.com>
Co-authored-by: Ard Biesheuvel <ardb@kernel.org>
|
|
- Class specific types for interface and endpoint are generic
- Definitions are in IndustryStandard/Usb.h
- Remove type redefinitions
- Update references to the descriptor types
Signed-off-by: Oleg Ilyasov <olegi@ami.com>
|
|
Instead of using bit shift operations, it is preferable to use BaseLib
bit shift functions to prevent compilers from inserting intrinsics.
Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
|
|
I recently ran into an AllocatePages() hang. It turns out that
AllocatePages() does not account for the Memory Allocation HOB when it
makes the decision of allocating out of free memory.
Here is the scenario:
FreeMemoryTop - 0x71C03000
FreeMemoryBottom - 0x71BDBFD8
=> We have 159,784 bytes left => ~39.0098 pages left.
We attempt to allocate 39 pages. There are enough pages left but
allocating those pages requires to allocate a Memory Allocation HOB
which needs an extra 48 bytes. But once the pages are allocated,
there are only 40 bytes left.
In addition to taking into account the Memory Allocation HOB size,
this commit reverses the condition to keep it simple.
Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
|
|
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4496
This change adds a check for PEI dispatcher to continue dispatching when
there are still pending delayed dispatch requests, to be compatible with
newly integrated Delayed Dispatcher PPI interface.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Debkumar De <debkumar.de@intel.com>
Cc: Catharine West <catharine.west@intel.com>
Co-authored-by: John Schock <joschock@microsoft.com>
Signed-off-by: Kun Qin <kuqin12@gmail.com>
|
|
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4496
This change adds the implementation that fits the needs and description
of PI spec defined Delayed Dispatch PPI in Pei Core.
The PPI would allow minimal delay for registered callbacks. As well as
allowing other functions to wait for GUIDed delayed dispatch callbacks.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Debkumar De <debkumar.de@intel.com>
Cc: Catharine West <catharine.west@intel.com>
Co-authored-by: Mike Turner <mikeyt@pobox.com>
Co-authored-by: Sachin Ganesh <sachinganesh@ami.com>
Signed-off-by: Kun Qin <kuqin12@gmail.com>
|
|
This generates boot descriptions for SD/MMC devices in the form of:
- "UEFI SanDisk SC128 2A2B1E4F SD Device"
- "UEFI Samsung BJTD4R 7AB3A8DE eMMC User Data"
The manufacturer ID tables are a best-effort, collected from various
places and personal testing. They're not complete and may be inaccurate
for rebranded cards.
Signed-off-by: Mario Bălănică <mariobalanica02@gmail.com>
|
|
Without this change we get:
error: equality comparison with extraneous parentheses
when building on XCODE5.
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
|
|
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4848
This patch is to support VTUTF8 type for Putty function key map.
In Putty, it is required for translating a stream of Unicode characters
for function keys on UTF8 correctly.
Signed-off-by: Phil Noh <Phil.Noh@amd.com>
|
|
Check that the next map entry is valid before dereferencing to merge the
guard pages. If the final entry is at the end of a page with no valid page
following it, then this can cause an access violation.
Signed-off-by: Kenneth Lautner <kenlautner3@gmail.com>
|
|
Remove the old stack check lib now that MdeLibs.inc includes
the new one.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
|
|
As per the emailed RFC in
https://edk2.groups.io/g/devel/topic/rfc_move/107675828,
this patch moves CompilerIntrinsicsLib from ArmPkg to
MdePkg as this library provides compiler intrinsics, which
are industry standard.
This aligns with the goal of integrating ArmPkg into existing
packages: https://bugzilla.tianocore.org/show_bug.cgi?id=4121.
The newly placed CompilerIntrinsicsLib is added to MdeLibs.dsc.inc
as every DSC that builds ARM/AARCH64 needs this library added. The
old location is removed from every DSC in edk2 in this commit also
to not break bisectability with minimal hoop jumping.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
|
|
When a Serial device resets, the Modem Control Register Data Terminal
Ready and Request to Send need to be cleared also. Otherwise the
registers will be left in their previous state, and the connected device
will not be able to transmit data.
Signed-off-by: Kenneth Lautner <kenlautner3@gmail.com>
|
|
- In c36414b131dfd0a1ca51f10f87a18955bc110ff2 change, it was introduced
the ReadyToBoot event check to prevent the boot service got called
in runtime to cause the issue.
- In this patch introduced the ExitBootService event to replace it.
It would be better to base on the BootService status to decide
the source of ESRT table.
- Based on the BootService availability to decide,
- Exit : Use cache ESRT table in IF-condition
- Not Exit: Use boot service to locate protocol in ELSE-condition
Co-authored-by: Dakota Chiang <dakota.chiang@intel.com>
Signed-off-by: Jason1 Lin <jason1.lin@intel.com>
|
|
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4831
In this patch introduced the below changes,
[1] Add the event of system resource table installed callback.
- Register the event in DxeRuntimeCapsuleLibConstructor ()
- Unregister the event in DxeRuntimeCapsuleLibDestructor ()
[2] Migrate the event to update the module variable to cache ESRT table
from ReadyToBoot to system resource table installed.
[3] Add the condition to free the pool of buffer when the "mEsrtTable"
is not NULL.
Co-authored-by: Dakota Chiang <dakota.chiang@intel.com>
Signed-off-by: Jason1 Lin <jason1.lin@intel.com>
|
|
If we search the codebase for &gEdkiiVariablePolicyProtocolGuid
we can find two drivers which install this policy:
VariableRuntimeDxe (installed in VariableDxe.c) and
VariableSmmRuntimeDxe (installed in VariablePolicySmmDxe.c).
The .inf file for VariableRuntimeDxe incorrectly lists the protocol
as CONSUMES in the comment, so change this to PRODUCES.
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
|
|
This patch breaks the section processing loop if an invalid section with zero SectionLength is encountered.
Signed-off-by: Ragavarshini B <ragavarshinib@ami.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Dhanaraj V <vdhanaraj@ami.com>
Cc: Sachin Ganesh <sachinganesh@ami.com>
|
|
In BmFindBootOptionInVariable() we prevent passing a NULL pointer to
EfiBootManagerFindLoadOption(). However, it can accept a NULL pointer as
the second argument as long as count is zero. This change updates the
assert condtion to only assert if the pointer is NULL and the count is
non-zero.
Signed-off-by: Kenneth Lautner <kenlautner3@gmail.com>
|
|
Add missing error checking for malfunctioning XHCI controllers.
Signed-off-by: Rebecca Cran <rebecca@os.amperecomputing.com>
|
|
Comments out a redundant call to RestoreTpl(). While this does not
technically violate spec on raise/restore TPL, TPL should already be at
the specified level. This extra call introduces an asymmetry between
RaiseTpl and RestoreTpl calls, which makes analysis of TPL correctness
more difficult and hampers certain non-standard TPL usages that some
platforms require. Additionally, the two TPL variables were renamed to
provide context for each of them.
Signed-off-by: Kenneth Lautner <kenlautner3@gmail.com>
|
|
Adds a call to RestoreTpl() in DiskIo2ReadWriteDisk(). While the current
implementation does not technically violate spec on raise/restore TPL,
this extra call ensures symmetry between RaiseTpl and RestoreTpl calls,
which makes analysis of TPL correctness simpler and permits certain
non-standard TPL usages that some platforms require.
Signed-off-by: Kenneth Lautner <kenlautner3@gmail.com>
|
|
- This PR aims to prevent a buffer overrun issue found in FtwGetLastWriteHeader
function.As per the current code, when there is a malformed blocks (with all bytes as 0s)
then `Offset += FTW_WRITE_TOTAL_SIZE (FtwHeader->NumberOfWrites,
FtwHeader->PrivateDataSize)` would access beyond FtwWorkSpaceSize.
- Also added the signature check to validate work space
Signed-off-by: Sureshkumar Ponnusamy <sponnusamy@microsoft.com>
|
|
Enable VarCheckHiiLibStandaloneMm.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
|
|
This library is designed for handling variable HII checks within the
Standalone MMm environment. It includes the functions
dedicated to registering handlers that process information received
from VarCheckHiiLibMmDependency.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
|
|
No functional changes.
Move DUMP_VAR_CHECK_HII in common file
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
|
|
Move VarCheckHiiInternalDumpHex and VarCheckHiiQuestion to the common
file.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
|
|
Rename SetVariableCheckHandlerHii and wrap it as a common API to
facilitate the usage in the following patches.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
|
|
No functional changes.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
|
|
Change the Size parameter of BuildVarCheckHiiBin from OUT to an
input-output parameter.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
|
|
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
|
|
VarCheckHiiLibMmDependency retrieve data (mVarCheckHiiBin) at the end
of the DXE phase, and pass the acquired data to the
VarCheckHiiLibStandaloneMm through a communication protocol.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
|
|
Relocate the declaration of mVarCheckHiiBin to support for standalone
MM modules utilizing the same mVarCheckHiiBin.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
|
|
In Standalone MM, there is no notification to MM drivers that variable
write is ready. Install gSmmVariableWriteGuid into MM handle database
for the notification.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Ray Ni <ray.ni@intel.com>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
|
|
According to TCG's Platform Reset Attack Mitigation spec, the OS should
never create the MOR variable, only read and write it.
But some OSes (Fedora 24 and 25) don't follow the TCG's Platform Reset
Attack Mitigation spec and unintentionally create MOR variable.
The commit fda8f631edbbf3823760542a06f12bd60fd39181 added function
VariableHaveTcgProtocols() to check against Tcg/Tcg2 protocol to infer
whether the MOR variable is created by platform firmware or not. If not,
delete the variable created by OS and lock the variable to avoid OS to
create it.
But in VariableStandaloneMm, VariableHaveTcgProtocols() always returns
FALSE, it causes TCG MOR secure feature does not work in standalone MM
environment.
As Fedora 24 and 25 are EOL today, directly returns TRUE in the function
VariableHaveTcgProtocols() for VariableStandaloneMm, and rename the
function to VariableIsMorVariableLegitimate() to make it more obvious
what the narrow use-case is for which it exists.
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
|
|
REF : https://bugzilla.tianocore.org/show_bug.cgi?id=4817
Before entering BIOS setup, CoreValidateHandle function executed
over 600,000 times during BDS phase on latest 8S server platform.
In CoreValidateHandle function, current implementation will go
through the doubly-linked list handle database in each call, and
this will have big impact on boot performance.
The optimization is using Red-black tree to store the EFI handle
address when insert each EFI handle into the handle database, and
remove the handle from Red-black tree if the handle is removed
from the handle database. CoreValidateHandle function changed to
go through the Red-black tree.
After verification on latest 8S server platform, BDS boot time can
save 20s+ after this change.
Cc: Ray Ni <ray.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Andrew Fish <afish@apple.com>
Tested-by: Xiaoqiang Zhang <xiaoqiang.zhang@intel.com>
|
|
Implementation of MEDIA_SANITIZE_PROTOCOL for NIST
purge/clear actions with mapping to NVM Express native
commands.
Signed-off-by: Aaron Pop <aaronpop@microsoft.com>
|
|
When allocating memory for a non-discoverable PCI device's IO, the
current core code removes the XP attribute, allowing code to execute
from that region. This is a security vulnerability and unneeded. This
change updates to mark the region as XP when allocating memory for the
non-discoverable PCI device.
These allocations in this function are limited to `EfiBootServicesData`
and `EfiRuntimeServicesData`, which we expect to be XP.
Signed-off-by: Aaron Pop <aaronpop@microsoft.com>
|
|
Currently whenever gDS->SetMemorySpaceCapabilities() is called, it
attempts to set the corresponding attributes in the gMemoryMap
descriptor. However, gMemoryMap only contains entries from GCD types
EfiGcdMemoryTypeSystemMemory and EfiGcdMemoryTypeMoreReliable, so
for all other types a failure is reported in the code. This is a
failure that is expected, so it does not provide value and can
lead to real failures being ignored.
This patch updates the gDS->SetMemorySpaceCapabilities() code to
only call into updating gMemoryMap if the GCD type is SystemMemory
or MoreReliable, to avoid spurious errors being reported. This
also avoids the expensive operation of searching through gMemoryMap
for entries we know we will fail to find.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
|
|
The Memory Attributes Table is generated by fetching the EFI memory map
and splitting entries which contain loaded images so DATA and CODE
sections have separate descriptors. The splitting is done via a call to
SplitTable() which
marks image DATA sections with the EFI_MEMORY_XP attribute and CODE
sections with the EFI_MEMORY_RO attribute when
splitting. After this process, there may still be EfiRuntimeServicesCode
regions which did not have their attributes set because they are not
part of loaded images.
This patch updates the MAT EnforceMemoryMapAttribute logic to set the
access attributes of runtime memory regions which are not part of loaded
images (have not had their access attributes set). The attributes of the
code regions will be read-only and no-execute because the UEFI spec
dictates that runtime code regions should only contain loaded EFI
modules.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4832
Refs:
1.
https://edk2.groups.io/g/devel/topic/patch_v1_mdemodulepkg/105570114?p=,,,20,0,0,0::recentpostdate/sticky,,,20,2,0,105570114
2.
https://edk2.groups.io/g/devel/topic/mdemodulepkg_fix_mat/105477564?p=,,,20,0,0,0::recentpostdate/sticky,,,20,2,0,105477564
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
|
