Retire all implementations of the ArmGicLib library class, which are no
longer used. For now, retain the library header and library class
declaration: the header file only contains pre-processor defines derived
from the GIC architecture spec, and so this code should probably move
into MdePkg at a later moment.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Makes changes to comply with alerts raised by CodeQL.
Most of the issues here fall into the following two categories:
1. Potential use of uninitialized pointer.
2. Inconsistent integer width in comparison.
Co-authored-by: Taylor Beebe <taylor.d.beebe@gmail.com>
Co-authored-by: Ken Lautner <kenlautner3@gmail.com>
Co-authored-by: Bret Barkelew <bret@corthon.com>
Signed-off-by: Vineel Kovvuri[MSFT] <vineelko@microsoft.com>
FindNextMemoryNodeReg prints "ignoring disabled memory node" for all
top-level disabled nodes in the tree, not just the ones with the
"device_type" property set to "memory". Rework the loop to only print
the message for the relevant nodes.
Signed-off-by: Oleksandr Tymoshenko <ovt@google.com>
The "Found ACPI table" messages are informative and don't indicate an
error, so reduce the debug level from DEBUG_ERROR to DEBUG_INFO.
Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
Now that the ResetVectors are USER_DEFINED modules, they will not
be linked against StackCheckLibNull, which were the only modules
causing issues. So, we can now remove the kludge we had before
and the requirement for every DSC to include StackCheckLibNull
for SEC modules and just apply StackCheckLibNull globally.
This also changes every DSC to drop the SEC definition of
StackCheckLibNull.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Removes the following types from the memory type information HOB
produced:
- `EfiBootServicesCode`
- `EfiBootServicesData`
- `EfiLoaderCode`
- `EfiLoaderData`
This follows the guidance in the whitepaper "A Tour Beyond BIOS
Memory Map and Practices in UEFI BIOS".
https://github.com/tianocore-docs/Docs/raw/master/White_Papers/A_Tour_Beyond_BIOS_Memory_Map_And_Practices_in_UEFI_BIOS_V2.pdf
"NOTE: We recommend a platform only define the ReservedMemory,
ACPINvs, ACPIReclaim, RuntimeCode, RuntimeData in Memory Type
Information table, because OSes only request these regions to be
consistent. There is no need to add BootServicesCode,
BootServicesData, LoaderCode, LoaderData in memory type information
table, because these regions will not be reserved during S4 resume."
Since these memory types are not tracked in memory type information
any longer it also reduces the number of resets that may need to
occur to update memory type buckets that are not needed.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Although EmbeddedPkg normally provides components to other
packages, it is less surprising if its own build defines
MDEPKG_NDEBUG when consuming packages normally would.
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
Remove small amount of MDEPKG_NDEBUG dependent code which
is no longer needed, given update of 'null' debug macros
in ae83c6b7fd to explicitly
mark debug-only code as discarded.
Additionally, correctly mark as STATIC the two arrays
within the updated code block.
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
Add missing includes of BaseMemoryLib.h and declaration of
BaseLib/BaseMemoryLib dependencies hidden by use of EmbeddedPkg
FdtLib, which is being deleted.
Signed-off-by: Leif Lindholm <quic_llindhol@quicinc.com>
As per the emailed RFC in
https://edk2.groups.io/g/devel/topic/rfc_move/107675828,
this patch moves CompilerIntrinsicsLib from ArmPkg to
MdePkg as this library provides compiler intrinsics, which
are industry standard.
This aligns with the goal of integrating ArmPkg into existing
packages: https://bugzilla.tianocore.org/show_bug.cgi?id=4121.
The newly placed CompilerIntrinsicsLib is added to MdeLibs.dsc.inc
as every DSC that builds ARM/AARCH64 needs this library added. The
old location is removed from every DSC in edk2 in this commit also
to not break bisectability with minimal hoop jumping.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
After updating Doxygen, we can see that SetBootMode returns the BootMode
instead of status code as it should, fix it to return status.
Signed-off-by: Vishal Oliyil Kunnil <quic_vishalo@quicinc.com>
The Doxygen comment for SetBootMode and GetBootMode in PrePiHobLib/Hob.c
does not match declaration in PrePiLib.h. The C file has it wrong. Align
the text to match the header.
Signed-off-by: Vishal Oliyil Kunnil <quic_vishalo@quicinc.com>
LocateAndInstallAcpiFromFvConditional was always returning EFI_SUCCESS
even when it failed to find `AcpiFile`. Fix that, and improve the layout
by checking if an error occurred and breaking earlier.
Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
When cspell is installed (via `npm install cspell`), CI checks for
spelling mistakes. There are currently a very large number of them: some
are genuine mistakes while others are words or acryonyms that cspell
doesn't know.
Fix a few of the misspellings in EmbeddedPkg.
Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
Retire the ancient reset runtime DXE in EmbeddedPkg, and the associated
EfiResetSystemLib library class and template implementation. These are
incomplete and have been superseded by a generic implementation in
MdeModulePkg.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Commit 8984fba2f2 added setting the
EFI_MEMORY_XP attribute on DMA buffers. However, it did not ensure
that the XP capability was set on that region.
This patch adds setting the XP capability before attempting to set
the attribute. If setting the capability fails, it defaults to the
old behavior of not setting the XP bit.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
When allocating memory for a non-coherent DMA device, the current core
code removes the XP attribute, allowing code to execute from that
region. This is a security vulnerability and unneeded. This change
updates to mark the region as XP when allocating memory for the
non-coherent DMA device.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Introduce a driver that allows users to disable the EFI Memory Attribute
protocol through an HII setup option, in order to work around a broken
version of rhboot's shim used in some distros (e.g. CentOS Stream 9)
which incorrectly invokes the protocol and results in a Synchronous
Exception.
Default is enabled, which can also be overridden at build time by
changing `gEmbeddedTokenSpaceGuid.PcdMemoryAttributeEnabledDefault`.
It is only applicable to ARM64 and there isn't any other technical
reason for disabling this security feature.
See:
- https://github.com/microsoft/mu_silicon_arm_tiano/issues/124
- https://edk2.groups.io/g/devel/topic/99631663
- https://github.com/tianocore/edk2/pull/5840
Signed-off-by: Mario Bălănică <mariobalanica02@gmail.com>
RISC-V ovmf used VirtualRealTimeClockLib but the default epoch is a
compilation time. It causes that the RISC-V ovmf binary image is NOT
reproducible.
This patch added the support of SOURCE_DATE_EPOCH by printenv command.
If SOURCE_DATE_EPOCH be found then we use it as BUILD_EPOCH. Otherwise
we run date command for setting BUILD_EPOCH.
For distributions want a reproducible RISC-V ovmf image, they should
export SOURCE_DATE_EPOCH environment variable before building ovmf.
References: https://reproducible-builds.org/docs/source-date-epoch/
Cc: Pete Batard <pete@akeo.ie>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
A new contributor has a name not describable by the character set
developed for 1960s US teleprinters, causing the CI to object and
blocking their code from being merged due to the copyright statement.
While we do want to keep the code clean from characters other
contributors cannot trivially reproduce, this should not extend to
requiring intentionally misstating legal claims.
Until we figure out the long-term fix, add an exception for the surname
triggering the failure.
Signed-off-by: Leif Lindholm <quic_llindhol@quicinc.com>
NonCoherentIoMmuSetAttribute() does nothing except return
EFI_UNSUPPORTED. This was fine when it was introduced, but now, the PCI
bus driver will fail a PCI I/O Map() operation if the call to
SetAttributes() fails.
So return EFI_SUCCESS instead.
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Abner Chang <abner.chang@amd.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>
There have been many changes since EfiLoadDxe.cmm was last updated in
2011. The EFI_SYSTEM_TABLE can no longer be found by scanning memory on
4KB boundaries, so require users pass in its address instead. Update
various offsets so that the debug information can be found and loaded
with a recent version of TRACE32.
Signed-off-by: Rebecca Cran <rebecca@os.amperecomputing.com>
Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>
RealTimeClock is used to back the runtime services time functions,
so align the description of the function return values with the
defined values for these services as described in UEFI Spec 2.10.
REF: UEFI spec 2.10 section 8 Services ? Runtime Services
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Abner Chang <abner.chang@amd.com>
Signed-off-by: Suqiang Ren <suqiangx.ren@intel.com>
Reviewed-by: Abner Chang <abner.chang@amd.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4668
This commit fixes the issue reported in the BZ4668.
The EmbeddedPkg fails to compile with a compiler error
generated due to invalid/illegal arithmetic operation
on void pointers. It has been fixed by using explicit
type conversion of the void pointer to UINTN.
Cc: Rebecca Cran <rebecca@bsdio.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Abner Chang <abner.chang@amd.com>
Cc: Jayaprakash N <n.jayaprakash@intel.com>
Signed-off-by: Jayaprakash N <n.jayaprakash@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ardb+tianocore@kernel.org>
Acked-by: Michael D Kinney <michael.d.kinney@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4166
Fix integer overflow in various CreateHob instances.
Fixes: CVE-2022-36765
The CreateHob() function aligns the requested size to 8
performing the following operation:
```
HobLength = (UINT16)((HobLength + 0x7) & (~0x7));
```
No checks are performed to ensure this value doesn't
overflow, and could lead to CreateHob() returning a smaller
HOB than requested, which could lead to OOB HOB accesses.
Reported-by: Marc Beatove <mbeatove@google.com>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Reviewed-by: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Abner Chang <abner.chang@amd.com>
Cc: John Mathew <john.mathews@intel.com>
Authored-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Gua Guo <gua.guo@intel.com>
Add implementation of ReallocatePool which is defined in the
MemoryAllocationLib header file to allow components to not
need special handling for PrePi module types.
Signed-off-by: Jeff Brasen <jbrasen@nvidia.com>
AndroidBootImgLib allows for platforms to append to kernel command
line but does not allow for the overall kernel command line to go
beyond the limit set by the image header. Address this limitation
by adding a pcd where platform can tell how many extra characters
they expect on their platform in addition to what the image header
specifies.
Signed-off-by: Ashish Singhal <ashishsingha@nvidia.com>
Reviewed-by: Abner Chang <abner.chang@amd.com>
Curently, AndroidBootImgLib expects input kernel command line
to never exceed 256 unicode characters where the image header
allows for 512 ascii characters. If image header allows 512
ascii characters, similar number of unicode characters should be
allowed at the minimum.
Signed-off-by: Ashish Singhal <ashishsingha@nvidia.com>
Reviewed-by: Abner Chang <abner.chang@amd.com>
Adds a PrEval entry to the package's ci.yaml file which is used to
verify if the package uses a particular library instance when that
library instance file (INF) is updated.
When a library instance file (INF) is updated, PrEval will review each
package's DSC as described in the ci.yaml file to determine if the
package uses said library instance. If the package does use the library
instance, it will be built and tested to ensure the package is not
broken from the change.
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Abner Chang <abner.chang@amd.com>
Cc: Daniel Schaefer <git@danielschaefer.me>
Signed-off-by: Joey Vagedes <joeyvagedes@gmail.com>
Reviewed-by: Abner Chang <abner.chang@amd.com>
The RealTimeClockLib class header in edk2 mistakenly declares a function
called LibRtcVirtualNotifyEvent(). No component ever calls this function
crossing module boundaries; all RealTimeClockLib instances in edk2 and
edk2-platforms are supposed to register (and do register) their
SetVirtualAddressMap() notification functions.
At this point, the word "LibRtcVirtualNotifyEvent" no longer occurs in any
of edk2, edk2-platforms, even edk2-non-osi, except the library class
header proper. Remove the LibRtcVirtualNotifyEvent() function declaration.
Build-tested only (with "EmbeddedPkg.dsc").
Cc: Abner Chang <abner.chang@amd.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Daniel Schaefer <git@danielschaefer.me>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=4564
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20231012091057.108728-6-lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
The RealTimeClockLib class header in edk2 mistakenly declares a function
called LibRtcVirtualNotifyEvent(). No component ever calls this function
crossing module boundaries; all RealTimeClockLib instances in edk2 and
edk2-platforms are supposed to register (and do register) their
SetVirtualAddressMap() notification functions.
In particular, VirtualRealTimeClockLib *itself* doesn't even use
LibRtcVirtualNotifyEvent() -- the function is defined with an empty body,
clearly in an understandable, but misguided, attempt, to conform to the
(bogus) library interface. Remove the function.
Build-tested only (with "RiscVVirtQemu.dsc").
Cc: Abner Chang <abner.chang@amd.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Daniel Schaefer <git@danielschaefer.me>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=4564
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20231012091057.108728-5-lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
The RealTimeClockLib class header in edk2 mistakenly declares a function
called LibRtcVirtualNotifyEvent(). No component ever calls this function
crossing module boundaries; all RealTimeClockLib instances in edk2 and
edk2-platforms are supposed to register (and do register) their
SetVirtualAddressMap() notification functions.
In particular, TemplateRealTimeClockLib *itself* doesn't even use
LibRtcVirtualNotifyEvent() -- the function is defined with an empty body,
clearly in an understandable, but misguided, attempt, to conform to the
(bogus) library interface. Remove the function.
Build-tested only (with "EmbeddedPkg.dsc").
Cc: Abner Chang <abner.chang@amd.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Daniel Schaefer <git@danielschaefer.me>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=4564
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20231012091057.108728-4-lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
__FUNCTION__ is a pre-standard extension that gcc and Visual C++ among
others support, while __func__ was standardized in C99.
Since it's more standard, replace __FUNCTION__ with __func__ throughout
EmbeddedPkg.
Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Abner Chang <abner.chang@amd.com>
The code never references the PCD so the INF should not reference it
either. The last reference was moved to PrePiHobLib in commit
05e48e0083 (dated 2011!) and dropped from there as well in
commit 9710639195.
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Abner Chang <abner.chang@amd.com>
Cc: Daniel Schaefer <git@danielschaefer.me>
Reported-by: Sunil V L <sunilvl@ventanamicro.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Sunil V L <sunilvl@ventanamicro.com>
Mikhail Krichanov
Marvin Häuser
Ard Biesheuvel
Vineel Kovvuri[MSFT]
Oleksandr Tymoshenko
Rebecca Cran
Oliver Smith-Denny
Michael Kubacki
Mike Beaton
Leif Lindholm
Oliver Smith-Denny
Vishal Oliyil Kunnil
Mario Bălănică
Chun-Yi Lee
Qingyu
Rebecca Cran
Suqiang Ren
Jayaprakash N
Chao Li
Gua Guo
Jeff Brasen via groups.io
Ashish Singhal
Joey Vagedes
John Chew
Laszlo Ersek