tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-25 22:54:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

SysCall: Added checks of user variables.

Browse Source
This commit is contained in:
Mikhail Krichanov 2024-03-05 16:21:52 +03:00
parent f3ce095edb
commit eb0a233529
1 changed files with 106 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

107
MdeModulePkg/Core/Dxe/SysCall/BootServices.c
View File

@ -174,7 +174,7 @@ CallBootService (
EFI_DRIVER_BINDING_PROTOCOL *CoreDriverBinding; EFI_DRIVER_BINDING_PROTOCOL *CoreDriverBinding;
EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *CoreSimpleFileSystem; EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *CoreSimpleFileSystem;
// //
// TODO: Check User variables. // Check User variables.
// //
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)UserRsp, &Attributes); gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)UserRsp, &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0); ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
@ -186,6 +186,15 @@ CallBootService (
// Argument 2: VOID *CoreRegistration // Argument 2: VOID *CoreRegistration
// Argument 3: VOID **Interface // Argument 3: VOID **Interface
// //
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)CoreRbp->Argument1, &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)(CoreRbp->Argument1 + sizeof (EFI_GUID) - 1), &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)CoreRbp->Argument3, &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)(CoreRbp->Argument3 + sizeof (VOID *) - 1), &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
DisableSMAP (); DisableSMAP ();
Status = FindGuid ((EFI_GUID *)CoreRbp->Argument1, &CoreProtocol, &MemoryCoreSize); Status = FindGuid ((EFI_GUID *)CoreRbp->Argument1, &CoreProtocol, &MemoryCoreSize);
EnableSMAP (); EnableSMAP ();
@ -218,6 +227,17 @@ CallBootService (
// Argument 5: EFI_HANDLE CoreControllerHandle // Argument 5: EFI_HANDLE CoreControllerHandle
// Argument 6: UINT32 Attributes // Argument 6: UINT32 Attributes
// //
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)CoreRbp->Argument2, &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)(CoreRbp->Argument2 + sizeof (EFI_GUID) - 1), &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)CoreRbp->Argument3, &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)(CoreRbp->Argument3 + sizeof (VOID *) - 1), &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)((UINTN)UserRsp + 8 * sizeof (UINTN) - 1), &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
DisableSMAP (); DisableSMAP ();
Status = FindGuid ((EFI_GUID *)CoreRbp->Argument2, &CoreProtocol, &MemoryCoreSize); Status = FindGuid ((EFI_GUID *)CoreRbp->Argument2, &CoreProtocol, &MemoryCoreSize);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
@ -254,11 +274,27 @@ CallBootService (
// Argument 1: EFI_HANDLE *Handle // Argument 1: EFI_HANDLE *Handle
// ... // ...
// //
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)CoreRbp->Argument1, &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)(CoreRbp->Argument1 + sizeof (EFI_HANDLE *) - 1), &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)CoreRbp->Argument2, &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)(CoreRbp->Argument2 + sizeof (VOID **) - 1), &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
DisableSMAP (); DisableSMAP ();
CoreHandle = *(EFI_HANDLE *)CoreRbp->Argument1; CoreHandle = *(EFI_HANDLE *)CoreRbp->Argument1;
UserArgList = (VOID **)CoreRbp->Argument2; UserArgList = (VOID **)CoreRbp->Argument2;
for (Index = 0; UserArgList[Index] != NULL; Index += 2) { for (Index = 0; UserArgList[Index] != NULL; Index += 2) {
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)((UINTN)&UserArgList[Index + 2] - 1), &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)UserArgList[Index], &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)((UINTN)UserArgList[Index] + sizeof (EFI_GUID) - 1), &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
Status = FindGuid ((EFI_GUID *)UserArgList[Index], (EFI_GUID **)&CoreArgList[Index], &MemoryCoreSize); Status = FindGuid ((EFI_GUID *)UserArgList[Index], (EFI_GUID **)&CoreArgList[Index], &MemoryCoreSize);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
EnableSMAP (); EnableSMAP ();
@ -271,7 +307,15 @@ CallBootService (
return Status; return Status;
} }
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)UserArgList[Index + 1], &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)((UINTN)UserArgList[Index + 1] + MemoryCoreSize - 1), &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
CoreArgList[Index + 1] = AllocateCopyPool (MemoryCoreSize, (VOID *)UserArgList[Index + 1]); CoreArgList[Index + 1] = AllocateCopyPool (MemoryCoreSize, (VOID *)UserArgList[Index + 1]);
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)((UINTN)&UserArgList[Index + 2] + sizeof (VOID *) - 1), &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
} }
EnableSMAP (); EnableSMAP ();
@ -318,6 +362,13 @@ CallBootService (
// Argument 3: EFI_HANDLE CoreAgentHandle // Argument 3: EFI_HANDLE CoreAgentHandle
// Argument 4: EFI_HANDLE CoreControllerHandle // Argument 4: EFI_HANDLE CoreControllerHandle
// //
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)CoreRbp->Argument2, &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)(CoreRbp->Argument2 + sizeof (EFI_GUID) - 1), &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)((UINTN)UserRsp + 6 * sizeof (UINTN) - 1), &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
DisableSMAP (); DisableSMAP ();
Status = FindGuid ((EFI_GUID *)CoreRbp->Argument2, &CoreProtocol, &MemoryCoreSize); Status = FindGuid ((EFI_GUID *)CoreRbp->Argument2, &CoreProtocol, &MemoryCoreSize);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
@ -343,6 +394,15 @@ CallBootService (
// Argument 2: EFI_GUID *Protocol // Argument 2: EFI_GUID *Protocol
// Argument 3: VOID **Interface // Argument 3: VOID **Interface
// //
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)CoreRbp->Argument2, &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)(CoreRbp->Argument2 + sizeof (EFI_GUID) - 1), &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)CoreRbp->Argument3, &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)(CoreRbp->Argument3 + sizeof (VOID *) - 1), &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
DisableSMAP (); DisableSMAP ();
Status = FindGuid ((EFI_GUID *)CoreRbp->Argument2, &CoreProtocol, &MemoryCoreSize); Status = FindGuid ((EFI_GUID *)CoreRbp->Argument2, &CoreProtocol, &MemoryCoreSize);
EnableSMAP (); EnableSMAP ();
@ -373,6 +433,9 @@ CallBootService (
// Argument 3: UINTN NumberOfPages // Argument 3: UINTN NumberOfPages
// Argument 4: EFI_PHYSICAL_ADDRESS *Memory // Argument 4: EFI_PHYSICAL_ADDRESS *Memory
// //
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)((UINTN)UserRsp + 6 * sizeof (UINTN) - 1), &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
Status = gBS->AllocatePages ( Status = gBS->AllocatePages (
(EFI_ALLOCATE_TYPE)CoreRbp->Argument1, (EFI_ALLOCATE_TYPE)CoreRbp->Argument1,
(EFI_MEMORY_TYPE)CoreRbp->Argument2, (EFI_MEMORY_TYPE)CoreRbp->Argument2,
@ -381,6 +444,11 @@ CallBootService (
); );
DisableSMAP (); DisableSMAP ();
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)UserRsp->Arguments[4], &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)((UINTN)UserRsp->Arguments[4] + sizeof (EFI_PHYSICAL_ADDRESS) - 1), &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
*(EFI_PHYSICAL_ADDRESS *)UserRsp->Arguments[4] = (EFI_PHYSICAL_ADDRESS)Argument4; *(EFI_PHYSICAL_ADDRESS *)UserRsp->Arguments[4] = (EFI_PHYSICAL_ADDRESS)Argument4;
EnableSMAP (); EnableSMAP ();
@ -391,6 +459,11 @@ CallBootService (
// Argument 1: EFI_PHYSICAL_ADDRESS Memory // Argument 1: EFI_PHYSICAL_ADDRESS Memory
// Argument 2: UINTN NumberOfPages // Argument 2: UINTN NumberOfPages
// //
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)CoreRbp->Argument1, &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)(CoreRbp->Argument1 + CoreRbp->Argument2 * EFI_PAGE_SIZE - 1), &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
return gBS->FreePages ( return gBS->FreePages (
(EFI_PHYSICAL_ADDRESS)CoreRbp->Argument1, (EFI_PHYSICAL_ADDRESS)CoreRbp->Argument1,
CoreRbp->Argument2 CoreRbp->Argument2
@ -430,6 +503,9 @@ CallBootService (
// Argument 4: UINTN BufferSize // Argument 4: UINTN BufferSize
// Argument 5: VOID *Buffer // Argument 5: VOID *Buffer
// //
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)((UINTN)UserRsp + 7 * sizeof (UINTN) - 1), &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
DisableSMAP (); DisableSMAP ();
Argument4 = UserRsp->Arguments[4]; Argument4 = UserRsp->Arguments[4];
EnableSMAP (); EnableSMAP ();
@ -447,6 +523,11 @@ CallBootService (
(VOID *)Argument5 (VOID *)Argument5
); );
DisableSMAP (); DisableSMAP ();
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)UserRsp->Arguments[5], &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)((UINTN)UserRsp->Arguments[5] + Argument4 - 1), &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
CopyMem ((VOID *)UserRsp->Arguments[5], (VOID *)Argument5, Argument4); CopyMem ((VOID *)UserRsp->Arguments[5], (VOID *)Argument5, Argument4);
EnableSMAP (); EnableSMAP ();
@ -462,6 +543,9 @@ CallBootService (
// Argument 4: UINTN BufferSize // Argument 4: UINTN BufferSize
// Argument 5: VOID *Buffer // Argument 5: VOID *Buffer
// //
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)((UINTN)UserRsp + 7 * sizeof (UINTN) - 1), &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
DisableSMAP (); DisableSMAP ();
Argument4 = UserRsp->Arguments[4]; Argument4 = UserRsp->Arguments[4];
EnableSMAP (); EnableSMAP ();
@ -472,6 +556,11 @@ CallBootService (
} }
DisableSMAP (); DisableSMAP ();
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)UserRsp->Arguments[5], &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)((UINTN)UserRsp->Arguments[5] + Argument4 - 1), &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
CopyMem ((VOID *)Argument5,(VOID *)UserRsp->Arguments[5], Argument4); CopyMem ((VOID *)Argument5,(VOID *)UserRsp->Arguments[5], Argument4);
EnableSMAP (); EnableSMAP ();
@ -503,6 +592,9 @@ CallBootService (
// Argument 4: UINTN BufferSize // Argument 4: UINTN BufferSize
// Argument 5: VOID *Buffer // Argument 5: VOID *Buffer
// //
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)((UINTN)UserRsp + 7 * sizeof (UINTN) - 1), &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
DisableSMAP (); DisableSMAP ();
Argument4 = UserRsp->Arguments[4]; Argument4 = UserRsp->Arguments[4];
EnableSMAP (); EnableSMAP ();
@ -520,6 +612,11 @@ CallBootService (
(VOID *)Argument5 (VOID *)Argument5
); );
DisableSMAP (); DisableSMAP ();
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)UserRsp->Arguments[5], &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)((UINTN)UserRsp->Arguments[5] + Argument4 - 1), &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
CopyMem ((VOID *)UserRsp->Arguments[5], (VOID *)Argument5, Argument4); CopyMem ((VOID *)UserRsp->Arguments[5], (VOID *)Argument5, Argument4);
EnableSMAP (); EnableSMAP ();
@ -535,6 +632,9 @@ CallBootService (
// Argument 4: UINTN BufferSize // Argument 4: UINTN BufferSize
// Argument 5: VOID *Buffer // Argument 5: VOID *Buffer
// //
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)((UINTN)UserRsp + 7 * sizeof (UINTN) - 1), &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
DisableSMAP (); DisableSMAP ();
Argument4 = UserRsp->Arguments[4]; Argument4 = UserRsp->Arguments[4];
EnableSMAP (); EnableSMAP ();
@ -545,6 +645,11 @@ CallBootService (
} }
DisableSMAP (); DisableSMAP ();
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)UserRsp->Arguments[5], &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
gCpu->GetMemoryAttributes (gCpu, (EFI_PHYSICAL_ADDRESS)((UINTN)UserRsp->Arguments[5] + Argument4 - 1), &Attributes);
ASSERT ((Attributes & EFI_MEMORY_USER) != 0);
CopyMem ((VOID *)Argument5, (VOID *)UserRsp->Arguments[5], Argument4); CopyMem ((VOID *)Argument5, (VOID *)UserRsp->Arguments[5], Argument4);
EnableSMAP (); EnableSMAP ();