GetSize routines should return zero size when checking Token existence
Signed-off-by: Savva Mitrofanov <savvamtr@gmail.com>
Reviewed-by: Vitaly Cheptsov <vit9696@protonmail.com>
SEC, PEI_CORE and PEIM type modules generally execute in place from
memory that is not writable. This means that it is not generally
possible to use an entrypoint implementation that stores a dynamically
generated stack cookie into a global variable. For PEIMs in particular,
there may be other options, such as a DEPEX on the permanent memory PPI,
but the current dynamic implementations of the stack checking library
entrypoints for PEI_CORE and PEIM modules must not be used as-is.
So remove them, and update the readme accordingly.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Remove some source files that were part of an earlier incarnation of
DynamicStackCookieEntryPointLib but are no longer actually in use.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Adds dynamic stack cookies in the form of copies of the entry
point libraries that use shared logic to update stack cookies
at runtime.
This relies on RDRAND on IA32/X64 and RNDR on AARCH64 to get a
random number to apply to the stack cookie on module entry point.
This simplifies the logic a platform must do to include stack
check functionality.
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
This commit oves StackCheckLib from a NULL lib to an instance of
StackCheckLib. This requires every entry point to add a library
dependency on StackCheckLib. It also requires every SEC module
to have a dependency on StackCheckLib because there is no
standard SEC entry point.
It allows for greater flexibility for a platform to apply stack
cookies and simplifies DSC logic.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
Moves StandaloneMmCoreEntryPoint for X64 to MdePkg to live with
the other entry point libs. It does not move the ARM64 version,
as this was just moved to ArmPkg due to its heavy coupling with
ArmPkg code. This will need to be revisited when dynamic stack
cookie support is added to ARM64 StMM.
This commit just adds the library in MdePkg, a separate commit
will remove it from StandaloneMmPkg to make it easier to consume.
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
StackCheckLib defines the interface between a compiler
and the stack checking code. It is being converted from
a NULL library class to an actual library class to make
it easier to use for a platform and be easier to define
the expected interface with a compiler, so if there is
a compiler change it can be tracked and caught.
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
RNDR is a standard register defined in the ARM ARM for
AARCH64. Move the definition from BaseRngLib to AArch64.h.
Furthermore, move the inclusion of this register definition
to the ARM specific header file.
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
REF:https://github.com/tianocore/edk2/issues/10529
Adds a new PEI library instance for RngLib that uses the RNG services
provided by the RNG PPI.
This library instance will add a DEPEX on gEfiRngPpiGuid on modules
it links against. It can be used to allow PEIMs to get RNG support
over a dynamic interface.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
gcc 15 switched to use the new ISO C23 standard by default.
'bool', 'true' and 'false' are keywords in C23, so do not
try to define them.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
PeCoffLoaderRelocateImageForRuntime() executes after boot services, and
so it should not use DEBUG() prints at all, given that these may rely on
MMIO mappings or other boot time facilities that are no longer
available.
So revert the changes in aedcaa3df8a2 ("MdePkg: Fix overflow issue in
PeCoffLoaderRelocateImageForRuntime") that replaced code comments with
DBEUG() statements.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
RelocDir->Size is a UINT32 value, and RelocDir->VirtualAddress is
also a UINT32 value. The current code in
PeCoffLoaderRelocateImageForRuntime does not check for overflow when
adding RelocDir->Size to RelocDir->VirtualAddress. This patch uses
SafeIntLib to ensure that the addition does not overflow.
Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
If USB device reports class specific descriptors, it is currently the job of
device driver to parse the configuration to find the class specific data.
The new library functions parse the configuration descriptor and return class
specific interface and class specific endpoint descriptors.
Also, these new functions allow to retrieve the data from non-default alternate
settings without performing a switch to this setting. Switching to the
alternate setting currently implies the execution of UsbSetInterface function
that performs USB control trnasfer.
In some cases this switch is not desirable so the new functions
UsbGetInterfaceDescriptorSetting and UsbGetEndpointDescriptorSetting come
in handy.
Signed-off-by: Oleg Ilyasov <olegi@ami.com>
Enable foreign images loading on LoongArch64 if the
EDKII_PECOFF_IMAGE_EMULATOR_PROTOCOL is present.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
Co-Authored-by: Dongyan Qian <qiandongyan@loongson.cn>
The GetRandomNumber functions in DxeRngLib can return success without
actually generating a random number. This occurs because there are code
paths through `GenerateRandomNumberViaNist800Algorithm` that do not
initialize the `Status` variable.
- Assume mFirstAlgo == MAX_UINTN (no secure algorithms available)
- Assume none of the secure algorithms have `Available` set.
- Assume PcdEnforceSecureRngAlgorithms is TRUE.
In this condition, the `Status` variable is never initialized, `Buffer`
data is never touched. It is fairly likely that Status is 0, so we can
return EFI_SUCCESS without writing anything to Buffer.
Fix is to set `Status = error_code` in this code path.
`EFI_SECURITY_VIOLATION` seems appropriate.
Signed-off-by: Doug Cook <idigdoug@gmail.com>
With mSecureHashAlgorithms being static this should not be
needed any more.
Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
As a BASE type library, some PEI drivers could link and use it.
Tcg2Pei.inf is an example. On edk2-stable202408 version, PEI drivers
that link the library include the global variable of mRdRandSupported.
The previous commit (c3a8ca7) that refers to the global variable actually
is found to influence the link status. Updating the global variable
in PEI drivers could affect the following issues.
PEI ROM Boot : Global variable is not updated
PEI RAM Boot : PEI FV integration/security check is failed
To address these issues, remove the global variable usage.
Signed-off-by: Phil Noh <Phil.Noh@amd.com>
The PCD token, PcdPciExpressBaseAddress is referred in the constructor.
If the token is defined as PcdsDynamic type, the PCD function that gets
the token value uses the gBS service to locate PCD protocol internally.
In this case, it is possible for the function to be called before
initializing gBS variable, then cause a system hang due to gBS variable.
Need to ensure the availability of gBS variable.
Signed-off-by: Phil Noh <Phil.Noh@amd.com>
Includes changes across the repo for the following CodeQL rules:
- cpp/comparison-with-wider-type
- cpp/overflow-buffer
- cpp/redundant-null-check-param
- cpp/uselesstest
Co-authored-by: Taylor Beebe <tabeebe@microsoft.com>
Co-authored-by: kenlautner <85201046+kenlautner@users.noreply.github.com>
Signed-off-by: Aaron Pop <aaronpop@microsoft.com>
In order to support a platform overriding StackCheckLibNull
provided by MdeLibs.dsc.inc, the CUSTOM_STACK_CHECK_LIB macro
is introduced. If this macro is defined, MdeLibs.dsc.inc will
not link StackCheckLibNull and it is expected that the platform
will link the version(s) of StackCheckLib that it requires.
The StackCheckLib README is also updated in this patch to
document the new macro and provide additional information.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
This change adds parantheses to the if condition detecting overflow in
the PeCoffLoaderRelocateImage function to improve readability.
Follow on change for:
REF!: https://github.com/tianocore/edk2/pull/6249
Signed-off-by: Doug Flick <dougflick@microsoft.com>
FdtLib.h uses CONST FDT_PROPERTY * return values for some wrapper
functions, but the implementation in FdtLib.c used to original
CONST struct fdt_property * instead of the exported typedef.
Import LibFdt.h in the implementation file and make the
implementation consistent with the declaration.
Signed-off-by: Leif Lindholm <quic_llindhol@quicinc.com>
Add a wrapper for fdt_strerror () and add the currently supported error
code defines from submodule.
Signed-off-by: Leif Lindholm <quic_llindhol@quicinc.com>
There is currently a mix on functions named as Prop or Property.
The latter is in majority, and the better fit for tianocore coding style,
so rename FdtNodeOffsetByPropValue () and FdtSetProp () for consistency.
To avoid breaking bisect, change existing users in UefiPayloadPkg.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Leif Lindholm <quic_llindhol@quicinc.com>
FdtNumRsv and FdtGetMemRsv were added for the benefit of UefiPayloadPkg,
but their naming matches neither upstream libfdt nor tianocore coding
style rules. And there was scope for improvement of the doxygen
descriptions as well.
These functions currently have only one in-tree user, UefiPayloadPkg
FdtParserLib. So rename them more conformant
FdtGetNumberOfReserveMapEntries
and
FdtGetReserveMapEntry
and update the description comment blocks, at the same time as
updating the existing user.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Leif Lindholm <quic_llindhol@quicinc.com>
The RelocDir->Size is a UINT32 value, and RelocDir->VirtualAddress is
also a UINT32 value. The current code does not check for overflow when
adding RelocDir->Size to RelocDir->VirtualAddress. This patch adds a
check to ensure that the addition does not overflow.
Signed-off-by: Doug Flick <dougflick@microsoft.com>
Authored-by: sriraamx gobichettipalayam <sri..@intel.com>
