sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MdeModulePkg CapsulePei: Validate capsule integrity by memory resource hob

Browse Source 
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
This commit is contained in:
Star Zeng
2016-04-26 12:52:42 +08:00
parent ed3ff1acb4
commit 359cb1a3b9
6 changed files with 241 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

125
MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c
View File

@@ -59,20 +59,6 @@ FindFreeMem (
UINTN DataSize
);
/**
Check the integrity of the capsule descriptors.
@param BlockList Pointer to the capsule descriptors
@retval NULL BlockList is not valid.
@retval LastBlockDesc Last one Block in BlockList
**/
EFI_CAPSULE_BLOCK_DESCRIPTOR *
ValidateCapsuleIntegrity (
IN EFI_CAPSULE_BLOCK_DESCRIPTOR *BlockList
);
/**
The capsule block descriptors may be fragmented and spread all over memory.
To simplify the coalescing of capsule blocks, first coalesce all the
@@ -247,10 +233,69 @@ FindFreeMem (
return MemBase;
}
/**
Validate capsule by MemoryResource.
@param MemoryResource Pointer to the buffer of memory resource descriptor.
@param Address Address to be validated.
@param Size Size to be validated.
@retval TRUE No memory resource descriptor reported in HOB list before capsule Coalesce,
or it is valid in one MemoryResource.
FALSE It is not in any MemoryResource.
**/
BOOLEAN
ValidateCapsuleByMemoryResource (
IN MEMORY_RESOURCE_DESCRIPTOR *MemoryResource,
IN EFI_PHYSICAL_ADDRESS Address,
IN UINT64 Size
)
{
UINTN Index;
//
// Sanity Check
//
if (Size > MAX_ADDRESS) {
DEBUG ((EFI_D_ERROR, "ERROR: Size(0x%lx) > MAX_ADDRESS\n", Size));
return FALSE;
}
//
// Sanity Check
//
if (Address > (MAX_ADDRESS - Size)) {
DEBUG ((EFI_D_ERROR, "ERROR: Address(0x%lx) > (MAX_ADDRESS - Size(0x%lx))\n", Address, Size));
return FALSE;
}
if (MemoryResource == NULL) {
//
// No memory resource descriptor reported in HOB list before capsule Coalesce.
//
return TRUE;
}
for (Index = 0; MemoryResource[Index].ResourceLength != 0; Index++) {
if ((Address >= MemoryResource[Index].PhysicalStart) &&
((Address + Size) <= (MemoryResource[Index].PhysicalStart + MemoryResource[Index].ResourceLength))) {
DEBUG ((EFI_D_INFO, "Address(0x%lx) Size(0x%lx) in MemoryResource[0x%x] - Start(0x%lx) Length(0x%lx)\n",
Address, Size,
Index, MemoryResource[Index].PhysicalStart, MemoryResource[Index].ResourceLength));
return TRUE;
}
}
DEBUG ((EFI_D_ERROR, "ERROR: Address(0x%lx) Size(0x%lx) not in any MemoryResource\n", Address, Size));
return FALSE;
}
/**
Check the integrity of the capsule descriptors.
@param BlockList Pointer to the capsule descriptors
@param BlockList Pointer to the capsule descriptors
@param MemoryResource Pointer to the buffer of memory resource descriptor.
@retval NULL BlockList is not valid.
@retval LastBlockDesc Last one Block in BlockList
@@ -258,7 +303,8 @@ FindFreeMem (
**/
EFI_CAPSULE_BLOCK_DESCRIPTOR *
ValidateCapsuleIntegrity (
IN EFI_CAPSULE_BLOCK_DESCRIPTOR *BlockList
IN EFI_CAPSULE_BLOCK_DESCRIPTOR *BlockList,
IN MEMORY_RESOURCE_DESCRIPTOR *MemoryResource
)
{
EFI_CAPSULE_HEADER *CapsuleHeader;
@@ -274,14 +320,19 @@ ValidateCapsuleIntegrity (
// * The first capsule header guid
// * The first capsule header flag
// * The first capsule header HeaderSize
// * Length > MAX_ADDRESS
// * ContinuationPointer > MAX_ADDRESS
// * DataBlock + Length > MAX_ADDRESS
// * Below check will be done in ValidateCapsuleByMemoryResource()
// Length > MAX_ADDRESS
// Ptr + sizeof (EFI_CAPSULE_BLOCK_DESCRIPTOR) > MAX_ADDRESS
// DataBlock + Length > MAX_ADDRESS
//
CapsuleSize = 0;
CapsuleCount = 0;
Ptr = BlockList;
if (!ValidateCapsuleByMemoryResource (MemoryResource, (EFI_PHYSICAL_ADDRESS) (UINTN) Ptr, sizeof (EFI_CAPSULE_BLOCK_DESCRIPTOR))) {
return NULL;
}
DEBUG ((EFI_D_INFO, "Ptr - 0x%x\n", Ptr));
DEBUG ((EFI_D_INFO, "Ptr->Length - 0x%x\n", Ptr->Length));
DEBUG ((EFI_D_INFO, "Ptr->Union - 0x%x\n", Ptr->Union.ContinuationPointer));
@@ -293,36 +344,21 @@ ValidateCapsuleIntegrity (
DEBUG ((EFI_D_ERROR, "ERROR: BlockList address failed alignment check\n"));
return NULL;
}
//
// Sanity Check
//
if (Ptr->Length > MAX_ADDRESS) {
DEBUG ((EFI_D_ERROR, "ERROR: Ptr->Length(0x%lx) > MAX_ADDRESS\n", Ptr->Length));
return NULL;
}
if (Ptr->Length == 0) {
//
// Sanity Check
//
if (Ptr->Union.ContinuationPointer > MAX_ADDRESS) {
DEBUG ((EFI_D_ERROR, "ERROR: Ptr->Union.ContinuationPointer(0x%lx) > MAX_ADDRESS\n", Ptr->Union.ContinuationPointer));
return NULL;
}
//
// Descriptor points to another list of block descriptors somewhere
// else.
//
Ptr = (EFI_CAPSULE_BLOCK_DESCRIPTOR *) (UINTN) Ptr->Union.ContinuationPointer;
if (!ValidateCapsuleByMemoryResource (MemoryResource, (EFI_PHYSICAL_ADDRESS) (UINTN) Ptr, sizeof (EFI_CAPSULE_BLOCK_DESCRIPTOR))) {
return NULL;
}
DEBUG ((EFI_D_INFO, "Ptr(C) - 0x%x\n", Ptr));
DEBUG ((EFI_D_INFO, "Ptr->Length - 0x%x\n", Ptr->Length));
DEBUG ((EFI_D_INFO, "Ptr->Union - 0x%x\n", Ptr->Union.ContinuationPointer));
} else {
//
// Sanity Check
//
if (Ptr->Union.DataBlock > (MAX_ADDRESS - (UINTN)Ptr->Length)) {
DEBUG ((EFI_D_ERROR, "ERROR: Ptr->Union.DataBlock(0x%lx) > (MAX_ADDRESS - (UINTN)Ptr->Length(0x%lx))\n", Ptr->Union.DataBlock, Ptr->Length));
if (!ValidateCapsuleByMemoryResource (MemoryResource, Ptr->Union.DataBlock, Ptr->Length)) {
return NULL;
}
@@ -370,6 +406,9 @@ ValidateCapsuleIntegrity (
// Move to next BLOCK descriptor
//
Ptr++;
if (!ValidateCapsuleByMemoryResource (MemoryResource, (EFI_PHYSICAL_ADDRESS) (UINTN) Ptr, sizeof (EFI_CAPSULE_BLOCK_DESCRIPTOR))) {
return NULL;
}
DEBUG ((EFI_D_INFO, "Ptr(B) - 0x%x\n", Ptr));
DEBUG ((EFI_D_INFO, "Ptr->Length - 0x%x\n", Ptr->Length));
DEBUG ((EFI_D_INFO, "Ptr->Union - 0x%x\n", Ptr->Union.ContinuationPointer));
@@ -816,6 +855,7 @@ CapsuleTestPatternPreCoalesce (
Get capsule descriptors from variable CapsuleUpdateData, CapsuleUpdateData1, CapsuleUpdateData2...
@param BlockListBuffer Pointer to the buffer of capsule descriptors variables
@param MemoryResource Pointer to the buffer of memory resource descriptor.
@param BlockDescriptorList Pointer to the capsule descriptors list
@retval EFI_SUCCESS a valid capsule is present
@@ -824,6 +864,7 @@ CapsuleTestPatternPreCoalesce (
EFI_STATUS
BuildCapsuleDescriptors (
IN EFI_PHYSICAL_ADDRESS *BlockListBuffer,
IN MEMORY_RESOURCE_DESCRIPTOR *MemoryResource,
OUT EFI_CAPSULE_BLOCK_DESCRIPTOR **BlockDescriptorList
)
{
@@ -844,7 +885,7 @@ BuildCapsuleDescriptors (
// Test integrity of descriptors.
//
if (BlockListBuffer[Index] < MAX_ADDRESS) {
TempBlock = ValidateCapsuleIntegrity ((EFI_CAPSULE_BLOCK_DESCRIPTOR *)(UINTN)BlockListBuffer[Index]);
TempBlock = ValidateCapsuleIntegrity ((EFI_CAPSULE_BLOCK_DESCRIPTOR *)(UINTN)BlockListBuffer[Index], MemoryResource);
if (TempBlock != NULL) {
if (LastBlock == NULL) {
LastBlock = TempBlock;
@@ -928,7 +969,8 @@ CapsuleImageBase-->+---------------------------+
coalesce capsule data into memory.
@param PeiServices General purpose services available to every PEIM.
@param BlockListBuffer Point to the buffer of Capsule Descriptor Variables.
@param BlockListBuffer Pointer to the buffer of Capsule Descriptor Variables.
@param MemoryResource Pointer to the buffer of memory resource descriptor.
@param MemoryBase Pointer to the base of a block of memory that we can walk
all over while trying to coalesce our buffers.
On output, this variable will hold the base address of
@@ -950,6 +992,7 @@ EFIAPI
CapsuleDataCoalesce (
IN EFI_PEI_SERVICES **PeiServices,
IN EFI_PHYSICAL_ADDRESS *BlockListBuffer,
IN MEMORY_RESOURCE_DESCRIPTOR *MemoryResource,
IN OUT VOID **MemoryBase,
IN OUT UINTN *MemorySize
)
@@ -994,7 +1037,7 @@ CapsuleDataCoalesce (
//
// Build capsule descriptors list
//
Status = BuildCapsuleDescriptors (BlockListBuffer, &BlockList);
Status = BuildCapsuleDescriptors (BlockListBuffer, MemoryResource, &BlockList);
if (EFI_ERROR (Status)) {
return Status;
}

18
MdeModulePkg/Universal/CapsulePei/Common/CommonHeader.h
View File

@@ -1,7 +1,7 @@
/** @file
Common header file.
Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -35,6 +35,17 @@ typedef struct {
} EFI_CAPSULE_PEIM_PRIVATE_DATA;
#pragma pack()
typedef struct {
///
/// The physical start address of the resource region.
///
EFI_PHYSICAL_ADDRESS PhysicalStart;
///
/// The number of bytes of the resource region.
///
UINT64 ResourceLength;
} MEMORY_RESOURCE_DESCRIPTOR;
#define CAPSULE_TEST_SIGNATURE SIGNATURE_32('T', 'E', 'S', 'T')
#if defined (MDE_CPU_IA32) || defined (MDE_CPU_X64)
@@ -45,6 +56,7 @@ typedef struct {
UINT64 StackBufferLength;
EFI_PHYSICAL_ADDRESS JumpBuffer;
EFI_PHYSICAL_ADDRESS BlockListAddr;
EFI_PHYSICAL_ADDRESS MemoryResource;
EFI_PHYSICAL_ADDRESS MemoryBase64Ptr;
EFI_PHYSICAL_ADDRESS MemorySize64Ptr;
BOOLEAN Page1GSupport;
@@ -71,6 +83,7 @@ typedef struct {
@param PeiServices General purpose services available to every PEIM.
@param BlockListBuffer Point to the buffer of Capsule Descriptor Variables.
@param MemoryResource Pointer to the buffer of memory resource descriptor.
@param MemoryBase Pointer to the base of a block of memory that we can walk
all over while trying to coalesce our buffers.
On output, this variable will hold the base address of
@@ -94,7 +107,8 @@ EFI_STATUS
EFIAPI
CapsuleDataCoalesce (
IN EFI_PEI_SERVICES **PeiServices,
IN IN EFI_PHYSICAL_ADDRESS *BlockListBuffer,
IN EFI_PHYSICAL_ADDRESS *BlockListBuffer,
IN MEMORY_RESOURCE_DESCRIPTOR *MemoryResource,
IN OUT VOID **MemoryBase,
IN OUT UINTN *MemorySize
);