tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-27 15:44:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

SysCall: Fixed memory corruption in IA32.

Browse Source
This commit is contained in:
Mikhail Krichanov 2024-03-18 16:43:42 +03:00
parent 276d098b43
commit 89a87a3ae4
3 changed files with 64 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
MdeModulePkg/Core/Dxe/SysCall/BootServices.c
View File

@ -251,21 +251,21 @@ CallBootService (
IN RING3_STACK *UserRsp IN RING3_STACK *UserRsp
) )
{ {
EFI_STATUS Status; EFI_STATUS Status;
EFI_STATUS StatusBS; EFI_STATUS StatusBS;
UINT64 Attributes; UINT64 Attributes;
VOID *Interface; VOID *Interface;
EFI_GUID *CoreProtocol; EFI_GUID *CoreProtocol;
UINT32 MemoryCoreSize; UINT32 MemoryCoreSize;
UINTN Argument4; UINTN Argument4;
UINTN Argument5; UINTN Argument5;
UINTN Argument6; UINTN Argument6;
UINT32 Index; UINT32 Index;
VOID **UserArgList; VOID **UserArgList;
VOID *CoreArgList[MAX_LIST]; VOID *CoreArgList[MAX_LIST];
EFI_HANDLE CoreHandle; EFI_HANDLE CoreHandle;
VOID *Ring3Pages; UINT32 PagesNumber;
UINT32 PagesNumber; EFI_PHYSICAL_ADDRESS Ring3Pages;
EFI_DRIVER_BINDING_PROTOCOL *CoreDriverBinding; EFI_DRIVER_BINDING_PROTOCOL *CoreDriverBinding;
EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *CoreSimpleFileSystem; EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *CoreSimpleFileSystem;
@ -649,17 +649,17 @@ CallBootService (
AllocateAnyPages, AllocateAnyPages,
EfiRing3MemoryType, EfiRing3MemoryType,
PagesNumber, PagesNumber,
(EFI_PHYSICAL_ADDRESS *)&Ring3Pages &Ring3Pages
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
CopyMem (Ring3Pages, (VOID *)Argument5, Argument4 * sizeof (EFI_HANDLE *)); CopyMem ((VOID *)(UINTN)Ring3Pages, (VOID *)Argument5, Argument4 * sizeof (EFI_HANDLE *));
FreePool ((VOID *)Argument5); FreePool ((VOID *)Argument5);
*(EFI_HANDLE **)UserRsp->Arguments[5] = (EFI_HANDLE *)Ring3Pages; *(EFI_HANDLE **)UserRsp->Arguments[5] = (EFI_HANDLE *)(UINTN)Ring3Pages;
} }
EnableSMAP (); EnableSMAP ();

9
MdeModulePkg/Core/Dxe/SysCall/Initialization.c
View File

@ -31,6 +31,7 @@ InitializeRing3 (
EFI_STATUS Status; EFI_STATUS Status;
VOID *TopOfStack; VOID *TopOfStack;
UINTN SizeOfStack; UINTN SizeOfStack;
EFI_PHYSICAL_ADDRESS Physical;
// //
// Set Ring3 EntryPoint and BootServices. // Set Ring3 EntryPoint and BootServices.
@ -39,13 +40,15 @@ InitializeRing3 (
AllocateAnyPages, AllocateAnyPages,
EfiRing3MemoryType, EfiRing3MemoryType,
EFI_SIZE_TO_PAGES (sizeof (RING3_DATA)), EFI_SIZE_TO_PAGES (sizeof (RING3_DATA)),
(EFI_PHYSICAL_ADDRESS *)&gRing3Data &Physical
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Core: Failed to allocate memory for Ring3Data.\n")); DEBUG ((DEBUG_ERROR, "Core: Failed to allocate memory for Ring3Data.\n"));
return Status; return Status;
} }
gRing3Data = (RING3_DATA *)(UINTN)Physical;
CopyMem ((VOID *)gRing3Data, (VOID *)Image->Info.SystemTable, sizeof (EFI_SYSTEM_TABLE)); CopyMem ((VOID *)gRing3Data, (VOID *)Image->Info.SystemTable, sizeof (EFI_SYSTEM_TABLE));
Status = Image->EntryPoint (ImageHandle, (EFI_SYSTEM_TABLE *)gRing3Data); Status = Image->EntryPoint (ImageHandle, (EFI_SYSTEM_TABLE *)gRing3Data);
@ -59,7 +62,7 @@ InitializeRing3 (
AllocateAnyPages, AllocateAnyPages,
EfiRing3MemoryType, EfiRing3MemoryType,
RING3_INTERFACES_PAGES, RING3_INTERFACES_PAGES,
(EFI_PHYSICAL_ADDRESS *)&gRing3Interfaces &Physical
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Core: Failed to allocate memory for Ring3Interfaces.\n")); DEBUG ((DEBUG_ERROR, "Core: Failed to allocate memory for Ring3Interfaces.\n"));
@ -70,6 +73,8 @@ InitializeRing3 (
return Status; return Status;
} }
gRing3Interfaces = (VOID *)(UINTN)Physical;
SizeOfStack = EFI_SIZE_TO_PAGES (USER_STACK_SIZE) * EFI_PAGE_SIZE; SizeOfStack = EFI_SIZE_TO_PAGES (USER_STACK_SIZE) * EFI_PAGE_SIZE;
// //

75
MdeModulePkg/Core/Dxe/SysCall/SupportedProtocols.c
View File

@ -85,24 +85,24 @@ Ring3Copy (
IN UINT32 Size IN UINT32 Size
) )
{ {
EFI_STATUS Status; EFI_STATUS Status;
VOID *Ring3; EFI_PHYSICAL_ADDRESS Ring3;
Status = CoreAllocatePages ( Status = CoreAllocatePages (
AllocateAnyPages, AllocateAnyPages,
EfiRing3MemoryType, EfiRing3MemoryType,
1, 1,
(EFI_PHYSICAL_ADDRESS *)&Ring3 &Ring3
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return NULL; return NULL;
} }
DisableSMAP (); DisableSMAP ();
CopyMem (Ring3, Core, Size); CopyMem ((VOID *)(UINTN)Ring3, Core, Size);
EnableSMAP (); EnableSMAP ();
return Ring3; return (VOID *)(UINTN)Ring3;
} }
EFI_STATUS EFI_STATUS
@ -237,7 +237,7 @@ CoreFileRead (
RING3_EFI_FILE_PROTOCOL *File; RING3_EFI_FILE_PROTOCOL *File;
UINTN *Ring3BufferSize; UINTN *Ring3BufferSize;
VOID *Ring3Buffer; VOID *Ring3Buffer;
VOID *Ring3Pages; EFI_PHYSICAL_ADDRESS Ring3Pages;
UINT32 PagesNumber; UINT32 PagesNumber;
if ((This == NULL) || (BufferSize == NULL)) { if ((This == NULL) || (BufferSize == NULL)) {
@ -246,7 +246,7 @@ CoreFileRead (
File = (RING3_EFI_FILE_PROTOCOL *)This; File = (RING3_EFI_FILE_PROTOCOL *)This;
Ring3Buffer = NULL; Ring3Buffer = NULL;
Ring3Pages = NULL; Ring3Pages = 0;
PagesNumber = (UINT32)EFI_SIZE_TO_PAGES (sizeof (UINTN *) + *BufferSize); PagesNumber = (UINT32)EFI_SIZE_TO_PAGES (sizeof (UINTN *) + *BufferSize);
@ -254,20 +254,20 @@ CoreFileRead (
AllocateAnyPages, AllocateAnyPages,
EfiRing3MemoryType, EfiRing3MemoryType,
PagesNumber, PagesNumber,
(EFI_PHYSICAL_ADDRESS *)&Ring3Pages &Ring3Pages
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
Ring3BufferSize = (UINTN *)Ring3Pages; Ring3BufferSize = (UINTN *)(UINTN)Ring3Pages;
DisableSMAP (); DisableSMAP ();
*Ring3BufferSize = *BufferSize; *Ring3BufferSize = *BufferSize;
EnableSMAP (); EnableSMAP ();
if (Buffer != NULL) { if (Buffer != NULL) {
Ring3Buffer = (VOID *)((UINTN *)Ring3Pages + 1); Ring3Buffer = (VOID *)((UINTN *)(UINTN)Ring3Pages + 1);
} }
Status = GoToRing3 ( Status = GoToRing3 (
@ -286,7 +286,7 @@ CoreFileRead (
*BufferSize = *Ring3BufferSize; *BufferSize = *Ring3BufferSize;
EnableSMAP (); EnableSMAP ();
CoreFreePages ((EFI_PHYSICAL_ADDRESS)(UINTN)Ring3Pages, PagesNumber); CoreFreePages (Ring3Pages, PagesNumber);
return Status; return Status;
} }
@ -333,27 +333,27 @@ CoreFileGetPosition (
{ {
EFI_STATUS Status; EFI_STATUS Status;
RING3_EFI_FILE_PROTOCOL *File; RING3_EFI_FILE_PROTOCOL *File;
UINT64 *Ring3Position; EFI_PHYSICAL_ADDRESS Ring3Position;
if ((This == NULL) || (Position == NULL)) { if ((This == NULL) || (Position == NULL)) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
File = (RING3_EFI_FILE_PROTOCOL *)This; File = (RING3_EFI_FILE_PROTOCOL *)This;
Ring3Position = NULL; Ring3Position = 0;
Status = CoreAllocatePages ( Status = CoreAllocatePages (
AllocateAnyPages, AllocateAnyPages,
EfiRing3MemoryType, EfiRing3MemoryType,
1, 1,
(EFI_PHYSICAL_ADDRESS *)&Ring3Position &Ring3Position
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
DisableSMAP (); DisableSMAP ();
*Ring3Position = *Position; *(UINT64 *)(UINTN)Ring3Position = *Position;
EnableSMAP (); EnableSMAP ();
Status = GoToRing3 ( Status = GoToRing3 (
@ -364,10 +364,10 @@ CoreFileGetPosition (
); );
DisableSMAP (); DisableSMAP ();
*Position = *Ring3Position; *Position = *(UINT64 *)(UINTN)Ring3Position;
EnableSMAP (); EnableSMAP ();
CoreFreePages ((EFI_PHYSICAL_ADDRESS)(UINTN)Ring3Position, 1); CoreFreePages (Ring3Position, 1);
return Status; return Status;
} }
@ -387,7 +387,7 @@ CoreFileGetInfo (
EFI_GUID *Ring3InformationType; EFI_GUID *Ring3InformationType;
UINTN *Ring3BufferSize; UINTN *Ring3BufferSize;
VOID *Ring3Buffer; VOID *Ring3Buffer;
VOID *Ring3Pages; EFI_PHYSICAL_ADDRESS Ring3Pages;
UINT32 PagesNumber; UINT32 PagesNumber;
if ((This == NULL) || (BufferSize == NULL)) { if ((This == NULL) || (BufferSize == NULL)) {
@ -397,7 +397,7 @@ CoreFileGetInfo (
File = (RING3_EFI_FILE_PROTOCOL *)This; File = (RING3_EFI_FILE_PROTOCOL *)This;
Ring3Buffer = NULL; Ring3Buffer = NULL;
Ring3InformationType = NULL; Ring3InformationType = NULL;
Ring3Pages = NULL; Ring3Pages = 0;
PagesNumber = (UINT32)EFI_SIZE_TO_PAGES (sizeof (UINTN *) + *BufferSize + sizeof (EFI_GUID)); PagesNumber = (UINT32)EFI_SIZE_TO_PAGES (sizeof (UINTN *) + *BufferSize + sizeof (EFI_GUID));
@ -405,20 +405,20 @@ CoreFileGetInfo (
AllocateAnyPages, AllocateAnyPages,
EfiRing3MemoryType, EfiRing3MemoryType,
PagesNumber, PagesNumber,
(EFI_PHYSICAL_ADDRESS *)&Ring3Pages &Ring3Pages
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
Ring3BufferSize = (UINTN *)Ring3Pages; Ring3BufferSize = (UINTN *)(UINTN)Ring3Pages;
DisableSMAP (); DisableSMAP ();
*Ring3BufferSize = *BufferSize; *Ring3BufferSize = *BufferSize;
EnableSMAP (); EnableSMAP ();
if (Buffer != NULL) { if (Buffer != NULL) {
Ring3Buffer = (VOID *)((UINTN *)Ring3Pages + 1); Ring3Buffer = (VOID *)((UINTN *)(UINTN)Ring3Pages + 1);
} }
if (InformationType != NULL) { if (InformationType != NULL) {
@ -446,7 +446,7 @@ CoreFileGetInfo (
*BufferSize = *Ring3BufferSize; *BufferSize = *Ring3BufferSize;
EnableSMAP (); EnableSMAP ();
CoreFreePages ((EFI_PHYSICAL_ADDRESS)(UINTN)Ring3Pages, PagesNumber); CoreFreePages (Ring3Pages, PagesNumber);
return Status; return Status;
} }
@ -538,7 +538,7 @@ CoreFileOpen (
RING3_EFI_FILE_PROTOCOL *NewFile; RING3_EFI_FILE_PROTOCOL *NewFile;
EFI_FILE_PROTOCOL **Ring3NewHandle; EFI_FILE_PROTOCOL **Ring3NewHandle;
CHAR16 *Ring3FileName; CHAR16 *Ring3FileName;
VOID *Ring3Pages; EFI_PHYSICAL_ADDRESS Ring3Pages;
UINT32 PagesNumber; UINT32 PagesNumber;
if ((This == NULL) || (NewHandle == NULL) || (FileName == NULL)) { if ((This == NULL) || (NewHandle == NULL) || (FileName == NULL)) {
@ -548,7 +548,7 @@ CoreFileOpen (
File = (RING3_EFI_FILE_PROTOCOL *)This; File = (RING3_EFI_FILE_PROTOCOL *)This;
Ring3NewHandle = NULL; Ring3NewHandle = NULL;
Ring3FileName = NULL; Ring3FileName = NULL;
Ring3Pages = NULL; Ring3Pages = 0;
PagesNumber = (UINT32)EFI_SIZE_TO_PAGES (sizeof (EFI_FILE_PROTOCOL *) + StrSize (FileName)); PagesNumber = (UINT32)EFI_SIZE_TO_PAGES (sizeof (EFI_FILE_PROTOCOL *) + StrSize (FileName));
@ -556,22 +556,22 @@ CoreFileOpen (
AllocateAnyPages, AllocateAnyPages,
EfiRing3MemoryType, EfiRing3MemoryType,
PagesNumber, PagesNumber,
(EFI_PHYSICAL_ADDRESS *)&Ring3Pages &Ring3Pages
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
*NewHandle = NULL; *NewHandle = NULL;
return Status; return Status;
} }
Ring3NewHandle = (EFI_FILE_PROTOCOL **)Ring3Pages; Ring3NewHandle = (EFI_FILE_PROTOCOL **)(UINTN)Ring3Pages;
Ring3FileName = (CHAR16 *)((EFI_FILE_PROTOCOL **)Ring3Pages + 1); Ring3FileName = (CHAR16 *)((EFI_FILE_PROTOCOL **)(UINTN)Ring3Pages + 1);
DisableSMAP (); DisableSMAP ();
Status = StrCpyS (Ring3FileName, StrLen (FileName) + 1, FileName); Status = StrCpyS (Ring3FileName, StrLen (FileName) + 1, FileName);
EnableSMAP (); EnableSMAP ();
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
*NewHandle = NULL; *NewHandle = NULL;
CoreFreePages ((EFI_PHYSICAL_ADDRESS)(UINTN)Ring3Pages, PagesNumber); CoreFreePages (Ring3Pages, PagesNumber);
return Status; return Status;
} }
@ -586,14 +586,14 @@ CoreFileOpen (
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
*NewHandle = NULL; *NewHandle = NULL;
CoreFreePages ((EFI_PHYSICAL_ADDRESS)(UINTN)Ring3Pages, PagesNumber); CoreFreePages (Ring3Pages, PagesNumber);
return Status; return Status;
} }
NewFile = AllocatePool (sizeof (RING3_EFI_FILE_PROTOCOL)); NewFile = AllocatePool (sizeof (RING3_EFI_FILE_PROTOCOL));
if (NewFile == NULL) { if (NewFile == NULL) {
*NewHandle = NULL; *NewHandle = NULL;
CoreFreePages ((EFI_PHYSICAL_ADDRESS)(UINTN)Ring3Pages, PagesNumber); CoreFreePages (Ring3Pages, PagesNumber);
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
@ -619,7 +619,7 @@ CoreFileOpen (
*NewHandle = (EFI_FILE_PROTOCOL *)NewFile; *NewHandle = (EFI_FILE_PROTOCOL *)NewFile;
CoreFreePages ((EFI_PHYSICAL_ADDRESS)(UINTN)Ring3Pages, PagesNumber); CoreFreePages (Ring3Pages, PagesNumber);
return Status; return Status;
} }
@ -634,6 +634,7 @@ CoreOpenVolume (
EFI_STATUS Status; EFI_STATUS Status;
EFI_FILE_PROTOCOL **Ring3Root; EFI_FILE_PROTOCOL **Ring3Root;
RING3_EFI_FILE_PROTOCOL *File; RING3_EFI_FILE_PROTOCOL *File;
EFI_PHYSICAL_ADDRESS Physical;
if (Root == NULL) { if (Root == NULL) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
@ -643,13 +644,15 @@ CoreOpenVolume (
AllocateAnyPages, AllocateAnyPages,
EfiRing3MemoryType, EfiRing3MemoryType,
1, 1,
(EFI_PHYSICAL_ADDRESS *)&Ring3Root &Physical
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
*Root = NULL; *Root = NULL;
return Status; return Status;
} }
Ring3Root = (EFI_FILE_PROTOCOL **)(UINTN)Physical;
Status = GoToRing3 ( Status = GoToRing3 (
2, 2,
(VOID *)mRing3SimpleFileSystemProtocol.OpenVolume, (VOID *)mRing3SimpleFileSystemProtocol.OpenVolume,
@ -658,14 +661,14 @@ CoreOpenVolume (
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
*Root = NULL; *Root = NULL;
CoreFreePages ((EFI_PHYSICAL_ADDRESS)(UINTN)Ring3Root, 1); CoreFreePages (Physical, 1);
return Status; return Status;
} }
File = AllocatePool (sizeof (RING3_EFI_FILE_PROTOCOL)); File = AllocatePool (sizeof (RING3_EFI_FILE_PROTOCOL));
if (File == NULL) { if (File == NULL) {
*Root = NULL; *Root = NULL;
CoreFreePages ((EFI_PHYSICAL_ADDRESS)(UINTN)Ring3Root, 1); CoreFreePages (Physical, 1);
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
@ -707,7 +710,7 @@ CoreOpenVolume (
*Root = (EFI_FILE_PROTOCOL *)File; *Root = (EFI_FILE_PROTOCOL *)File;
CoreFreePages ((EFI_PHYSICAL_ADDRESS)(UINTN)Ring3Root, 1); CoreFreePages (Physical, 1);
return Status; return Status;
} }