sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MdeModulePkg/PeiCore: Enable T-RAM evacuation in PeiCore (CVE-2019-11098)

Browse Source 
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1614

Introduces new changes to PeiCore to move the contents of temporary
RAM visible to the PeiCore to permanent memory. This expands on
pre-existing shadowing support in the PeiCore to perform the following
additional actions:

 1. Migrate pointers in PPIs installed in PeiCore to the permanent
    memory copy of PeiCore.

 2. Copy all installed firmware volumes to permanent memory.

 3. Relocate and fix up the PEIMs within the firmware volumes.

 4. Convert all PPIs into the migrated firmware volume to the corresponding
    PPI address in the permanent memory location.

    This applies to PPIs and PEI notifications.

 5. Convert all status code callbacks in the migrated firmware volume to
    the corresponding address in the permanent memory location.

 6. Update the FV HOB to the corresponding firmware volume in permanent
    memory.

 7. Use PcdMigrateTemporaryRamFirmwareVolumes to control if enable the
    feature or not. when disable the PCD, the EvacuateTempRam() will
    never be called.

The function control flow as below:
  PeiCore()
    DumpPpiList()
    EvacuateTempRam()
      ConvertPeiCorePpiPointers()
        ConvertPpiPointersFv()
      MigratePeimsInFv()
        MigratePeim()
          PeiGetPe32Data()
          LoadAndRelocatePeCoffImageInPlace()
      MigrateSecModulesInFv()
      ConvertPpiPointersFv()
      ConvertStatusCodeCallbacks()
      ConvertFvHob()
      RemoveFvHobsInTemporaryMemory()
    DumpPpiList()

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Debkumar De <debkumar.de@intel.com>
Cc: Harry Han <harry.han@intel.com>
Cc: Catharine West <catharine.west@intel.com>
Signed-off-by: Michael Kubacki <michael.a.kubacki@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
This commit is contained in:
Michael Kubacki
2019-04-12 06:46:02 +08:00
committed by mergify[bot]
parent 1facb8fdef
commit 9bedaec05b
7 changed files with 1099 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

169
MdeModulePkg/Core/Pei/PeiMain.h
View File

@@ -394,6 +394,41 @@ PeimDispatchReadiness (
IN VOID *DependencyExpression
);
/**
Migrate a PEIM from temporary RAM to permanent memory.
@param PeimFileHandle Pointer to the FFS file header of the image.
@param MigratedFileHandle Pointer to the FFS file header of the migrated image.
@retval EFI_SUCCESS Sucessfully migrated the PEIM to permanent memory.
**/
EFI_STATUS
EFIAPI
MigratePeim (
IN EFI_PEI_FILE_HANDLE FileHandle,
IN EFI_PEI_FILE_HANDLE MigratedFileHandle
);
/**
Migrate FVs out of temporary RAM before the cache is flushed.
@param Private PeiCore's private data structure
@param SecCoreData Points to a data structure containing information about the PEI core's operating
environment, such as the size and location of temporary RAM, the stack location and
the BFV location.
@retval EFI_SUCCESS Succesfully migrated installed FVs from temporary RAM to permanent memory.
@retval EFI_OUT_OF_RESOURCES Insufficient memory exists to allocate needed pages.
**/
EFI_STATUS
EFIAPI
EvacuateTempRam (
IN PEI_CORE_INSTANCE *Private,
IN CONST EFI_SEC_PEI_HAND_OFF *SecCoreData
);
/**
Conduct PEIM dispatch.
@@ -477,6 +512,50 @@ ConvertPpiPointers (
IN PEI_CORE_INSTANCE *PrivateData
);
/**
Migrate Notify Pointers inside an FV from temporary memory to permanent memory.
@param PrivateData Pointer to PeiCore's private data structure.
@param OrgFvHandle Address of FV Handle in temporary memory.
@param FvHandle Address of FV Handle in permanent memory.
@param FvSize Size of the FV.
**/
VOID
ConvertPpiPointersFv (
IN PEI_CORE_INSTANCE *PrivateData,
IN UINTN OrgFvHandle,
IN UINTN FvHandle,
IN UINTN FvSize
);
/**
Migrate PPI Pointers of PEI_CORE from temporary memory to permanent memory.
@param PrivateData Pointer to PeiCore's private data structure.
@param CoreFvHandle Address of PEI_CORE FV Handle in temporary memory.
**/
VOID
ConvertPeiCorePpiPointers (
IN PEI_CORE_INSTANCE *PrivateData,
PEI_CORE_FV_HANDLE CoreFvHandle
);
/**
Dumps the PPI lists to debug output.
@param PrivateData Points to PeiCore's private instance data.
**/
VOID
DumpPpiList (
IN PEI_CORE_INSTANCE *PrivateData
);
/**
Install PPI services. It is implementation of EFI_PEI_SERVICE.InstallPpi.
@@ -808,6 +887,37 @@ PeiFfsFindNextFile (
IN OUT EFI_PEI_FILE_HANDLE *FileHandle
);
/**
Go through the file to search SectionType section.
Search within encapsulation sections (compression and GUIDed) recursively,
until the match section is found.
@param PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.
@param SectionType Filter to find only section of this type.
@param SectionInstance Pointer to the filter to find the specific instance of section.
@param Section From where to search.
@param SectionSize The file size to search.
@param OutputBuffer A pointer to the discovered section, if successful.
NULL if section not found.
@param AuthenticationStatus Updated upon return to point to the authentication status for this section.
@param IsFfs3Fv Indicates the FV format.
@return EFI_NOT_FOUND The match section is not found.
@return EFI_SUCCESS The match section is found.
**/
EFI_STATUS
ProcessSection (
IN CONST EFI_PEI_SERVICES **PeiServices,
IN EFI_SECTION_TYPE SectionType,
IN OUT UINTN *SectionInstance,
IN EFI_COMMON_SECTION_HEADER *Section,
IN UINTN SectionSize,
OUT VOID **OutputBuffer,
OUT UINT32 *AuthenticationStatus,
IN BOOLEAN IsFfs3Fv
);
/**
Searches for the next matching section within the specified file.
@@ -931,6 +1041,33 @@ MigrateMemoryPages (
IN BOOLEAN TemporaryRamMigrated
);
/**
Removes any FV HOBs whose base address is not in PEI installed memory.
@param[in] Private Pointer to PeiCore's private data structure.
**/
VOID
RemoveFvHobsInTemporaryMemory (
IN PEI_CORE_INSTANCE *Private
);
/**
Migrate the base address in firmware volume allocation HOBs
from temporary memory to PEI installed memory.
@param[in] PrivateData Pointer to PeiCore's private data structure.
@param[in] OrgFvHandle Address of FV Handle in temporary memory.
@param[in] FvHandle Address of FV Handle in permanent memory.
**/
VOID
ConvertFvHob (
IN PEI_CORE_INSTANCE *PrivateData,
IN UINTN OrgFvHandle,
IN UINTN FvHandle
);
/**
Migrate MemoryBaseAddress in memory allocation HOBs
from the temporary memory to PEI installed memory.
@@ -1249,6 +1386,38 @@ InitializeImageServices (
IN PEI_CORE_INSTANCE *OldCoreData
);
/**
Loads and relocates a PE/COFF image in place.
@param Pe32Data The base address of the PE/COFF file that is to be loaded and relocated
@param ImageAddress The base address of the relocated PE/COFF image
@retval EFI_SUCCESS The file was loaded and relocated
@retval Others The file not be loaded and error occurred.
**/
EFI_STATUS
LoadAndRelocatePeCoffImageInPlace (
IN VOID *Pe32Data,
IN VOID *ImageAddress
);
/**
Find the PE32 Data for an FFS file.
@param FileHandle Pointer to the FFS file header of the image.
@param Pe32Data Pointer to a (VOID *) PE32 Data pointer.
@retval EFI_SUCCESS Image is successfully loaded.
@retval EFI_NOT_FOUND Fail to locate PE32 Data.
**/
EFI_STATUS
PeiGetPe32Data (
IN EFI_PEI_FILE_HANDLE FileHandle,
OUT VOID **Pe32Data
);
/**
The wrapper function of PeiLoadImageLoadImage().