In preparation of adding memory permission attribute management to
the pool allocator, split off the locking of the pool metadata into
a separate lock. This is an improvement in itself, given that pool
allocations can only interfere with the page allocation bookkeeping
if pool pages are allocated or released. But it is also required to
ensure that the permission attribute management does not deadlock,
given that it may trigger page table splits leading to additional
page tables being allocated.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
The EBC driver emits thunks for native to EBC calls, which are short
instructions sequences that bridge the gap between the native execution
environment and the EBC virtual machine.
Since these thunks are allocated using MemoryAllocationLib::AllocatePool(),
they are emitted into EfiBootServicesData regions, which does not reflect
the nature of these thunks accurately, and interferes with strict memory
protection policies that map data regions non-executable.
So instead, create a new helper EbcAllocatePoolForThunk() that invokes the
AllocatePool() boot service directly to allocate EfiBootServicesCode pool
memory explicitly, and wire up this helper for the various architecture
specific thunk generation routines.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Ensure that any memory allocated for PE/COFF images is identifiable as
a boot services code region, so that we know it requires its executable
permissions to be preserved when we tighten mapping permissions later on.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
1. Make function comments align with the function.
2. Change the FILE_GUID value in SmmSmiHandlerProfileLib.inf
since it is duplicated with the FILE_GUID value in
SmiHandlerProfileLibNull.inf
3. Add missing PCD PROMPT&HELP string to uni file.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Having duplicated DNS server IPs specified is not an ideal
configuration, but not an error condition. This patch is to
remove the duplicated DNS address check to allow the same DNS
address setting in SetData().
Cc: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
Cc: Subramanian Sriram <sriram-s@hpe.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Subramanian Sriram <sriram-s@hpe.com>
Reviewed-by: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
Tested-by: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
Instead of assuming that a PE/COFF section of type EFI_IMAGE_SCN_CNT_CODE
can always be mapped read-only, classify a section as a code section only
if it has the executable attribute set and the writable attribute cleared.
This adheres more closely to the PE/COFF spec, and avoids issues with
Linux OS loaders that may consist of a single read/write/execute section.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
1) SmmCore maintains the root SMI handler and NULL SMI handler
database.
2) SmmCore consumes PcdSmiHandlerProfilePropertyMask to decide
if SmmCore need support SMI handler profile.
If SMI handler profile is supported, the SmmCore installs
SMI handler profile protocol and SMI handler profile
communication handler.
3) SMI handler profile protocol will record the hardware SMI
handler profile registered by SmmChildDispatcher.
4) SMI handler profile communication handler will return all
SMI handler profile info (NULL SMI handler, GUID SMI handler,
and hardware SMI handler)
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
This header file defines:
1) An SMI handler profile protocol. So that SmmChildDispatch
module can register the hardware SMI handler information.
2) The SMI handler profile communication buffer. So that
a shell application can use SMM communication to get the
SMI handler profile info.
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
If the UEFI image is page aligned, the image code section is set to read
only and the image data section is set to non-executable.
1) This policy is applied for all UEFI image including boot service driver,
runtime driver or application.
2) This policy is applied only if the UEFI image meets the page alignment
requirement.
3) This policy is applied only if the Source UEFI image matches the
PcdImageProtectionPolicy definition.
4) This policy is not applied to the non-PE image region.
The DxeCore calls CpuArchProtocol->SetMemoryAttributes() to protect
the image. If the CpuArch protocol is not installed yet, the DxeCore
enqueues the protection request. Once the CpuArch is installed, the
DxeCore dequeues the protection request and applies policy.
Once the image is unloaded, the protection is removed automatically.
The UEFI runtime image protection is teared down at ExitBootServices(),
the runtime image code relocation need write code segment at
SetVirtualAddressMap(). We cannot assume OS/Loader has taken over
page table at that time.
NOTE: It is per-requisite that code section and data section
should not be not merged. That is same criteria for SMM/runtime driver.
We are not able to detect during BIOS boot, because
we can only get LINK warning below:
"LINK : warning LNK4254: section '.data' (C0000040) merged into
'.text' (60000020) with different attributes"
But final attribute in PE code section is same.
Cc: Star Zeng <star.zeng@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Add the following 2 APIs:
UnicodeValueToStringS
AsciiValueToStringS
These safe version APIs are used to enhance their counterpart (APIs
without trailing 'S' in function names).
They perform checks to the input parameters and will return relative
status to reflect the check result.
Return RETURN_INVALID_PARAMETER when:
1). The input Buffer is NULL.
2). The input BufferSize is greater than (PcdMaximumUnicodeStringLength *
sizeof (CHAR16) + 1) for UnicodeValueToStringS or greater than
PcdMaximumAsciiStringLength for AsciiValueToStringS.
3). The input Flags is not set properly.
4). The input Width is not smaller than MAXIMUM_VALUE_CHARACTERS.
Return RETURN_BUFFER_TOO_SMALL when:
1). The input BufferSize cannot hold the converted value.
These APIs in the MdeModulePkg/DxePrintLibPrint2Protocol instance
follow the same rules with MdePkg/BasePrintLib.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
The commit updates the PrintLib instance
MdeModulePkg/Library/DxePrintLibPrint2Protocol to use EFI_PRINT2S_PROTOCOL
to implement the APIs.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Add the EFI_PRINT2S_PROTOCOL as a safe version of the EFI_PRINT2_PROTOCOL,
the EFI_PRINT2S_PROTOCOL replaces the following 2 services in
EFI_PRINT2_PROTOCOL:
UNICODE_VALUE_TO_STRING
ASCII_VALUE_TO_STRING
with:
UNICODE_VALUE_TO_STRING_S
ASCII_VALUE_TO_STRING_S
The 2 new services perform checks to the input parameters and will return
relative status to reflect the check result.
Return RETURN_INVALID_PARAMETER when:
1). The input Buffer is NULL.
2). The input BufferSize is greater than (PcdMaximumUnicodeStringLength *
sizeof (CHAR16) + 1) for UnicodeValueToStringS or greater than
PcdMaximumAsciiStringLength for AsciiValueToStringS.
3). The input Flags is not set properly.
4). The input Width is not smaller than MAXIMUM_VALUE_CHARACTERS.
Return RETURN_BUFFER_TOO_SMALL when:
1). The input BufferSize cannot hold the converted value.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
For the following 8 services in EFI_PRINT2_PROTOCOL:
UNICODE_BS_PRINT
UNICODE_S_PRINT
UNICODE_BS_PRINT_ASCII_FORMAT
UNICODE_S_PRINT_ASCII_FORMAT
ASCII_BS_PRINT
ASCII_S_PRINT
ASCII_BS_PRINT_UNICODE_FORMAT
ASCII_S_PRINT_UNICODE_FORMAT
They will ASSERT when:
1) The input parameter 'StartOfBuffer' is NULL if 'BufferSize' indicates
at least 1 Ascii/Unicode character can be held.
2) The input parameter 'FormatString' is NULL if 'BufferSize' indicates at
least 1 Ascii/Unicode character can be held.
3) The input parameter 'FormatString' contains more than
PcdMaximum[Ascii|Unicode]StringLength Ascii/Unicode characters.
4) The produced string contains more than
PcdMaximum[Ascii|Unicode]StringLength Ascii/Unicode characters.
This commits removes the ASSERT case 4) and add the following new ASSERT
case:
4) The input parameter 'BufferSize' is greater than
(PcdMaximumAsciiStringLength * sizeof (CHAR8)) for Ascii format string or
(PcdMaximumUnicodeStringLength * sizeof (CHAR16) + 1) for Unicode format
string.
And for those ASSERT cases, 0 will be returned by those services.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
For the following 12 APIs in MdeModulePkg/DxePrintLibPrint2Protocol:
UnicodeVSPrint
UnicodeBSPrint
UnicodeSPrint
UnicodeVSPrintAsciiFormat
UnicodeBSPrintAsciiFormat
UnicodeSPrintAsciiFormat
AsciiVSPrint
AsciiBSPrint
AsciiSPrint
AsciiVSPrintUnicodeFormat
AsciiBSPrintUnicodeFormat
AsciiSPrintUnicodeFormat
They will ASSERT when:
1) The input parameter 'StartOfBuffer' is NULL if 'BufferSize' indicates
at least 1 Ascii/Unicode character can be held.
2) The input parameter 'FormatString' is NULL if 'BufferSize' indicates at
least 1 Ascii/Unicode character can be held.
3) The input parameter 'FormatString' contains more than
PcdMaximum[Ascii|Unicode]StringLength Ascii/Unicode characters.
4) The produced string contains more than
PcdMaximum[Ascii|Unicode]StringLength Ascii/Unicode characters.
This commits removes the ASSERT case 4) and add the following new ASSERT
case:
4) The input parameter 'BufferSize' is greater than
(PcdMaximumAsciiStringLength * sizeof (CHAR8)) for Ascii format string or
(PcdMaximumUnicodeStringLength * sizeof (CHAR16) + 1) for Unicode format
string.
And for those ASSERT cases, 0 will be returned by those 12 APIs.
For the following 2 APIs in MdeModulePkg/DxePrintLibPrint2Protocol:
SPrintLength
SPrintLengthAsciiFormat
They will ASSERT when:
1) The input parameter 'FormatString' is NULL.
2) The input parameter 'FormatString' contains more than
PcdMaximum[Ascii|Unicode]StringLength Ascii/Unicode characters.
And for those ASSERT cases, 0 will be returned by those 2 APIs.
Now these APIs in the MdeModulePkg/DxePrintLibPrint2Protocol instance
follow the same rules with MdePkg/BasePrintLib.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Compiler calculates the PciBar[BarIndex] using
sizeof (PciBar[0]) * BarIndex, when BarIndex is type of UINT64,
the above calculation generates assembly code using _allmul.
Change BarIndex to UINTN to avoid the build failure.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
When the VendorId/DeviceId/RevisionId/SubsystemVendorId
/SubsystemDeviceId is MAX_UINTN, IncompatiblePciDeviceSupport
driver doesn't use it to match any IDs.
The patch fixes this bug.
Since PciBus driver always calls IncompatiblePciDeviceSupport
using IDs read from HW, MAX_UINTN is never passed to this
driver.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
The patch replaces the following macros:
DEVICE_ID_NOCARE (0xFF) --> MAX_UINT64
PCI_ACPI_UNUSED (0) --> 0
PCI_BAR_ALL (0xFF) --> MAX_UINT64
PCI_BAR_NOCHANGE (0) --> 0
PCI_BAR_EVEN_ALIGN --> EVEN_ALIGN (local definition)
Since the PciBus driver was updated to accept Spec defined values
in previous commit, the above replacements don't impact
functionality.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
PI spec IncompatiblePciSupport part defines (UINT64)-1 as all BARs
and 0 to use existing alignment. PciBus driver didn't accept these
values. It treated 0xFF as all BARs and 0xFFFFFFFFFFFFFFFFULL to use
existing alignment.
The patch changes the code to still accept old values while also
accept values defined in PI spec. So that the driver can provide
backward compatibility and follow spec.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
When BarIndex equals to 0xFF, default value 0 is used as the BAR
index. Though PCI_BAR_ALL and MAX_UINT8 shares the same value,
using PCI_BAR_ALL is like to match any BAR not BAR 0, it's more
proper to use MAX_UINT8 here.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
If GUIDED section authentication has EFI_AUTH_STATUS_NOT_TESTED, its
matched extraction ppi may not be installed. So, don't cache its data.
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
When PEIM is security violation, its matched extraction ppi may not be
installed. So, its PeimNeedingDispatch will still reset to TRUE.
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Replace AsciiStrDecimalToUintn with AsciiStrDecimalToUintnS to
return the correct status for the HTTP Port/ContentLength.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
BmExpandMediaDevicePath contains a bug that it uses the
uninitialized Handle.
Since the function is called when the Handle supports BlockIo
or SimpleFileSystem, when there is no SimpleFileSystem installed
on the Handle, BlockIo is *guaranteed* to be installed on the Handle.
The fix initializes the Handle by locating the BlockIo protocol
from the device path.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Sunny Wang <sunnywang@hpe.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=339
The patch refines ConfigurePixelBitMaskFormat() to prepare the
enhancement in next commit: Enhance this library to use dynamic
allocated line buffer to reduce memory usage of frame buffer
configure.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
