Commit Graph

1844 Commits

Author SHA1 Message Date
Ruiyu Ni d0196be1e3 MdePkg/DevicePathFromText: Fix byte orders of iSCSI.Lun
Per UEFI spec, iSCSI.Lun is a 8-byte array with byte #0 in the left.
It means "0102030405060708" should be converted to:
    UINT8[8] = {01, 02, 03, 04, 05, 06, 07, 08}
or  UINT64 = {0807060504030201}

Today's implementation wrongly uses the reversed order.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jie Lin <jie.lin@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
2018-03-03 15:12:50 +08:00
Ruiyu Ni e6c80aea71 MdePkg/DevicePathFromText: Fix bug when converting iSCSI node
If protocol string is not specified, default TCP(0) should be used.
Today's implementation wrongly sets to 1 for this case.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2018-03-03 15:12:49 +08:00
Dandan Bi dc9b2a5740 MdePkg/BaseSafeIntLib: Fix VS2015 IA32 NOOPT build failure
v2: Add [LibraryClasses] section in INF file and refine coding style.

There are VS2015 NOOPT IA32 build failure like below in BaseSafeIntLib.
XXX.lib(XXX.obj): error LNK2001: unresolved external symbol __allmul
XXX.lib(XXX.obj): error LNK2001: unresolved external symbol __allshl
XXX.lib(XXX.obj): error LNK2001: unresolved external symbol __aullshr

This patch replaces direct shift/multiplication of 64-bit integer
with related function call to fix these failure.

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2018-02-28 11:44:14 +08:00
Liming Gao a4e754fcc9 MdePkg BaseCpuLib: Make it pass VS ARM build
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Pete Batard <pete@akeo.ie>
2018-02-26 13:18:49 +08:00
Ard Biesheuvel 7f029e1b31 MdePkg: introduce DxeRuntimeDebugLibSerialPort
Introduce a variant of BaseDebugLibSerialPort that behaves correctly with
regards to the use of the serial port after ExitBootServices(). At boot
time, all DEBUG() prints and ASSERT() invocations are executed normally.
At runtime, DEBUG() prints are dropped entirely, and ASSERT()s omit the
serial output as well, and only perform the configured post-ASSERT()
action, i.e., issue a CPU breakpoint or enter a deadloop.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
2018-02-24 13:58:53 +00:00
Laszlo Ersek 75505d1611 MdePkg/BaseSafeIntLib: fix undefined behavior in SafeInt64Mult()
If we have to negate UnsignedResult (due to exactly one of Multiplicand
and Multiplier being negative), and UnsignedResult is exactly
MIN_INT64_MAGNITUDE (value 2^63), then the statement

        *Result = - ((INT64)UnsignedResult);

invokes both implementation-defined behavior and undefined behavior.

First, MIN_INT64_MAGNITUDE is not representable as INT64, therefore the
result of the (inner) conversion

  (INT64)MIN_INT64_MAGNITUDE

is implementation-defined, or an implementation-defined signal is raised,
according to ISO C99 6.3.1.3p3.

Second, if we assume that the C language implementation defines the
conversion to INT64 simply as reinterpreting the bit pattern
0x8000_0000_0000_0000 as a signed integer in two's complement
representation, then the conversion immediately produces the negative
value MIN_INT64 (value -(2^63)). In turn, the (outer) negation

  -(MIN_INT64)

invokes undefined behavior, because the mathematical result of the
negation, namely 2^63, cannot be represented in an INT64 object. (Not even
mentioning the fact that the mathematical result would be incorrect.) In
practice, the undefined negation of MIN_INT64 happens to produce an
unchanged, valid-looking result on x86, i.e. (-(MIN_INT64)) == MIN_INT64.

We can summarize this as the undefined -- effectless -- negation canceling
out the botched -- auto-negating -- implementation-defined conversion.
Instead of relying on such behavior, dedicate a branch to this situation:
assign MIN_INT64 directly. The branch can be triggered e.g. by multiplying
(2^62) by (-2).

Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Michael D Kinney <michael.d.kinney@intel.com>
2018-02-21 11:57:39 +01:00
Laszlo Ersek 8c33cc0ec9 MdePkg/BaseSafeIntLib: clean up parentheses in MIN_INT64_MAGNITUDE
The definition of the MIN_INT64_MAGNITUDE macro is correct, but it's
harder to read than necessary: the sub-expression

      (( (UINT64) - (MIN_INT64 + 1) ))

is doubly parenthesized. Reusing one pair of the outer parens, rewrite the
sub-expression (without change in meaning) so that the minus sign cannot
be mistaken for subtraction:

      ( (UINT64)(- (MIN_INT64 + 1)) )

The resultant macro definition matches the following expressions in
SafeInt64Mult():

>     //
>     // Avoid negating the most negative number.
>     //
>     UnsignedMultiplicand = ((UINT64)(- (Multiplicand + 1))) + 1;

and

>     //
>     // Avoid negating the most negative number.
>     //
>     UnsignedMultiplier = ((UINT64)(- (Multiplier + 1))) + 1;

Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Michael D Kinney <michael.d.kinney@intel.com>
2018-02-21 11:57:36 +01:00
Laszlo Ersek 41bfaffd13 MdePkg/BaseSafeIntLib: fix undefined behavior in SafeInt64Add()
The addition in the assignment

  SignedResult = Augend + Addend;

is performed with unchecked INT64 operands. According to ISO C, if the
mathematical result of signed integer addition cannot be represented in
the result type, the behavior is undefined. (Refer to ISO C99 6.5p5.
6.2.5p9 only exempts unsigned integers, and 6.3.1.3p3 does not apply
because it treats the conversion of integers that have been successfully
evaluated first.)

Replace the after-the-fact result checking with checks on the operands,
and only perform the addition if it is safe.

Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Michael D Kinney <michael.d.kinney@intel.com>
2018-02-21 11:57:33 +01:00
Laszlo Ersek 54c7728a04 MdePkg/BaseSafeIntLib: fix undefined behavior in SafeInt64Sub()
The subtraction in the assignment

  SignedResult = Minuend - Subtrahend;

is performed with unchecked INT64 operands. According to ISO C, if the
mathematical result of signed integer subtraction cannot be represented in
the result type, the behavior is undefined. (Refer to ISO C99 6.5p5.
6.2.5p9 only exempts unsigned integers, and 6.3.1.3p3 does not apply
because it treats the conversion of integers that have been successfully
evaluated first.)

Replace the after-the-fact result checking with checks on the operands,
and only perform the subtraction if it is safe.

Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Michael D Kinney <michael.d.kinney@intel.com>
2018-02-21 11:57:30 +01:00
Michael D Kinney 40070a186a MdePkg/UefiLib: Add EfiLocateProtocolBuffer()
https://bugzilla.tianocore.org/show_bug.cgi?id=838

Add new API to the UefiLib that locates and returns
an array of protocols instances that match a given
protocol.

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Bret Barkelew <Bret.Barkelew@microsoft.com>
2018-02-11 15:10:03 -08:00
Ruiyu Ni 97511979b4 MdePkg/UefiRuntimeLib: Support more module types.
Because DxeResetSystemLib links to this library to provide
reset system services, change UefiRuntimeLib to support
the same set of module types as what DxeResetSystemLib does.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
2018-02-09 15:29:59 +08:00
Michael D Kinney dacf87e885 MdePkg/PeiServicesLib: Add PeiServicesResetSystem2()
Add the PeiServicesResetSytstem2() function to the PeiServiesLib
to call the ResetSystem2() services in the PEI Services Table.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
2018-02-09 15:29:48 +08:00
Pete Batard 30939ff2bc MdePkg/Library/BaseLib: Enable VS2017/ARM builds
Most of the RVCT assembly can be reused as is for MSFT except
for CpuBreakpoint.asm, which we need to force to Arm mode.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Pete Batard <pete@akeo.ie>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2018-02-07 09:49:21 +08:00
Pete Batard 751053d6f1 MdePkg/Library/BaseStackCheckLib: Add Null handler for VS2017/ARM
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Pete Batard <pete@akeo.ie>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2018-02-07 09:49:20 +08:00
Ruiyu Ni 56658c22a6 MdePkg/SafeString: Fix potential out-of-bound memory access
Today's implementation of [Ascii]StrnCpyS/[Ascii]StrnCatS calls
StrnLenS () to get the length of source string but supplies the
destination buffer size as max size.
It's a bug that may cause out-of-bound memory access.
For example:
  StrnCpyS (Dest[10], 10, "hello", 6)
  -> StrnLenS ("hello", 10) //< cause out-of bound memory access

In a pool guard enabled environment, when using shell to edit an
existing file which contains empty line, the page fault is met.

The patch fixes the four library functions to avoid such
out-of-bound memory access.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
2018-02-06 17:31:08 +08:00
Sean Brogan d7a09cb86a MdePkg/BaseSafeIntLib: Add SafeIntLib class and instance
https://bugzilla.tianocore.org/show_bug.cgi?id=798

SafeIntLib provides helper functions to prevent integer overflow
during type conversion, addition, subtraction, and multiplication.

Conversion Functions
====================
* Converting from a signed type to an unsigned type of the same
  size, or vice-versa.
* Converting to a smaller type that could possibly overflow.
* Converting from a signed type to a larger unsigned type.

Unsigned Addition, Subtraction, Multiplication
===============================================
* Unsigned integer math functions protect from overflow and
  underflow (in case of subtraction).

Signed Addition, Subtraction, Multiplication
============================================
* Strongly consider using unsigned numbers.
* Signed numbers are often used where unsigned numbers should
  be used. For example file sizes and array indices should always
  be unsigned. Subtracting a larger positive signed number from a
  smaller positive signed number with SafeInt32Sub() will succeed,
  producing a negative number, that then must not be used as an
  array index (but can occasionally be used as a pointer index.)
  Similarly for adding a larger magnitude negative number to a
  smaller magnitude positive number.
* SafeIntLib does not protect you from such errors. It tells you
  if your integer operations overflowed, not if you are doing the
  right thing with your non-overflowed integers.
* Likewise you can overflow a buffer with a non-overflowed
  unsigned index.

Based on content from the following branch/commits:
https://github.com/Microsoft/MS_UEFI/tree/share/MsCapsuleSupport
21ef3a321c
ca516b1a61
33bab4031a

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2018-01-25 09:42:20 -08:00
M1cha 2117989c26 MdePkg/BaseLib: add attribute 'RETURNS_TWICE' to SetJump
When compiling with any ARM toolchain and Os, registers can get
trashed when returning for the second time from SetJump because GCC
only handles this correctly when using standard names like 'setjmp' or
'getcontext'. When different names are used you have to use the
attribute 'returns_twice' to tell gcc to be extra careful.

example:
extern int  FN_NAME(void*);

void jmp_buf_set(void *jmpb, void (*f)(void))
{
  if (!FN_NAME(jmpb))
    f();
}

this code produces this wrong code with Os:
00000000 <jmp_buf_set>:
   0: e92d4010 push {r4, lr}
   4: e1a04001 mov r4, r1
   8: ebfffffe bl 0 <nonstandard_setjmp>
   c: e3500000 cmp r0, #0
  10: 01a03004 moveq r3, r4
  14: 08bd4010 popeq {r4, lr}
  18: 012fff13 bxeq r3
  1c: e8bd4010 pop {r4, lr}
  20: e12fff1e bx lr

The generated code pushes backups of r4 and lr to the stack and then
saves all registers using nonstandard_setjmp.
Then it pops the stack and jumps to the function in r3 which is the
main problem because now the function can overwrite our register
backups on the stack.
When we return a second time from the call to nonstandard_setjmp, the
stack pointer has it's original(pushed) position and when the code
pops r4 and lr from the stack the values are not guaranteed to be the
same.

When using a standard name like setjmp or getcontext or adding
'__attribute__((returns_twice))' to nonstandard_setjmp's declaration
the code looks different:

00000000 <jmp_buf_set>:
   0: e92d4007 push {r0, r1, r2, lr}
   4: e58d1004 str r1, [sp, #4]
   8: ebfffffe bl 0 <setjmp>
   c: e3500000 cmp r0, #0
  10: 059d3004 ldreq r3, [sp, #4]
  14: 01a0e00f moveq lr, pc
  18: 012fff13 bxeq r3
  1c: e28dd00c add sp, sp, #12
  20: e49de004 pop {lr} ; (ldr lr, [sp], #4)
  24: e12fff1e bx lr

Here the problem is being solved by restoring r3 from the stack
without popping it.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael Zimmermann <sigmaepsilon92@gmail.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2018-01-10 11:42:17 +08:00
Wang, Jian J 701e8cc29a MdePkg/BasePrintLib: Fix incomplete print output
This is caused by previous patch which tried to fix string over-read,
which breaks UEFI menu rendering: the following

/------------------------------------------------------------------------------\
|                               Device Manager                                 |
\------------------------------------------------------------------------------/

is rendered as

/\
|                               Device Manager                                 |
\/.0                                                 2.00 GHz

(the spurious digits are SMBIOS data from the home screen)

The problem appears to be that the CHAR16 value of BOXDRAW_HORIZONTAL
equals 0x2500, which means that testing ArgumentString[] != '\0'
(which tests the low byte only) will yield FALSE and terminate the
loop prematurely.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2018-01-02 16:31:19 +08:00
Jian J Wang 6805854a73 MdePkg/BasePrintLib: Fix error in Precision position calculation
Due to a potential hole in the stop condition of loop, the two continuous
access to ArgumentString (index, index+1) inside the loop might cause the
string ending character ('\0') and the byte after it to be read.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2017-12-28 11:12:07 +08:00
Jian J Wang 364a54742f MdePkg/BaseLib: Add stack switch related definitions for IA32
The new definitions include two structures

  IA32_TASK_STATE_SEGMENT
  IA32_TSS_DESCRIPTOR

two macros

  IA32_GDT_TYPE_TSS
  IA32_GDT_ALIGNMENT

and one API

  VOID
  EFIAPI
  AsmWriteTr (
    IN UINT16 Selector
    );

They're needed to setup task gate and interrupt stack table for stack switch.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jeff Fan <vanjeff_919@hotmail.com>
Reviewed-by: Jiewen.yao@intel.com
2017-12-08 14:38:48 +08:00
Song, BinX 50de6bfb30 MdePkg: Fix MSFT C4255 warning
V2:
Fix MSFT C4255 warning
V1:
Enable MSFT C4255 warning.

From MSDN:
Compiler Warning (level 4) C4255
function' : no function prototype given: converting '()' to '(void)'
The compiler did not find an explicit list of arguments to a function.
This warning is for the C compiler only.

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Bell Song <binx.song@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2017-11-14 18:18:48 +08:00
Zhang, Chao B 403170bbef MdePkg: Deprecate EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
Mark EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS as deprecated. Also update
some function descriptors accordingly.

Cc: Long Qin <qin.long@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
2017-11-01 22:25:18 +08:00
Star Zeng 5450086c52 MdePkg HobLib: Add BuildFv3Hob API
Add BuildFv3Hob API in HobLib.h and implement the API
in HobLib instances PeiHobLib, DxeHobLib and DxeCoreHobLib.

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2017-10-10 20:54:32 +08:00
Liming Gao 4008463de3 MdePkg: Correct BaseS3PciSegmentLib module name to match its uni file
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
2017-10-10 18:10:17 +08:00
Liming Gao 0a8e6f7971 MdePkg BaseLib: Add new API CalculateCrc32()
CalculateCrc32() bases on the initialized mCrcTable. When CalculateCrc32()
is used, mCrcTable will take 1KB size in the image. When CalculateCrc32()
is not used, mCrcTable will not be built in the image, and no size impact.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
2017-10-10 18:10:15 +08:00
Hao Wu ea0b15067c MdePkg/PrintLib: Fix possible negative value left shift
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=702

Within function InternalPrintLibSPrintMarker(), possible left shift of a
negative value is found in:
"(*(ArgumentString + 1) << 8)"

which involves undefined behavior.

Since '*(ArgumentString + 1)' is of type CONST CHAR8 (signed), it will be
promoted to type int (signed) during the left shift operation. If
'*(ArgumentString + 1)' is a negative value, the behavior will be
undefined.

According to the C11 spec, Section 6.5.7:
> 4 The result of E1 << E2 is E1 left-shifted E2 bit positions; vacated
>   bits are filled with zeros. If E1 has an unsigned type, the value
>   of the result is E1 * 2^E2 , reduced modulo one more than the
>   maximum value representable in the result type. If E1 has a signed
>   type and nonnegative value, and E1 * 2^E2 is representable in the
>   result type, then that is the resulting value; otherwise, the
>   behavior is undefined.

This commit explicitly cast '*(ArgumentString + 1)' with UINT8 to resolve
this issue.

Cc: Steven Shi <steven.shi@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2017-09-29 16:14:17 +08:00
Hao Wu 9fdf31789a MdePkg/BaseLib: Avoid reading content beyond string boundary
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=705

As mentioned in the above Bugzilla link by Steven, within the function
PathCleanUpDirectories(), when executing command:
"cd ."

under Shell, the input parameter 'Path' string will have string length
less than 2. Hence, it is possible for the below statement:
"if (StrCmp (Path + StrLen (Path) - 2, L"\\.") == 0) {"

to read contents before the string boundary.

This commit adds additional checks to avoid this.

Cc: Steven Shi <steven.shi@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
2017-09-21 14:06:28 +08:00
Laszlo Ersek 98a4d04e8f MdePkg/BaseIoLibIntrinsic: fix SEV (=unrolled) variants of IoWriteFifoXX()
In commit b6d11d7c46 ("MdePkg: BaseIoLibIntrinsic (IoLib class)
library", 2017-04-12), the MOV instructions in the write loops were
probably copied from the read loops. However, the operand order was not
adjusted.

As a result, the IoWriteFifoXX() routines, when invoked in SEV guests, now
overwrite the source buffer with value 0x01 / 0x0001 / 0x00000001 -- the
SevNoRepIo() function returns value 1 in EAX, in SEV guests --, and write
the same value to the target IO port.

Fix this by putting the target operand (AL / AX / EAX) first, and the
source operand (BYTE / WORD / DWORD [ESI/RSI]) second.

Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Fixes: b6d11d7c46
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>
2017-09-11 22:28:05 +02:00
Ruiyu Ni 7d8e8474f9 MdePkg/PciSegmentLibSegmentInfo: fix typo in PciSegmentBitFieldAnd*()
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2017-09-06 10:43:53 +08:00
Star Zeng c2ab95806b MdePkg PeiMemoryAllocationLib: Update InternalAllocateAlignedPages
Update InternalAllocateAlignedPages to use PeiServicesFreePages.

Let the InternalAllocateAlignedPages in PeiMemoryAllocationLib use
same algorithm with InternalAllocateAlignedPages in
UefiMemoryAllocationLib.

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2017-09-04 13:45:47 +08:00
Star Zeng 2132ef05c4 MdePkg PeiMemoryAllocationLib: Update Free(Aligned)Pages
Update Free(Aligned)Pages to use PeiServicesFreePages.

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2017-09-04 13:45:47 +08:00
Star Zeng 3f315ecd9a MdePkg PeiServicesLib: Add PeiServicesFreePages
Add PeiServicesFreePages and update
comments for PeiServicesAllocatePages.

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2017-09-04 13:45:46 +08:00
Ruiyu Ni a2285a8963 MdePkg/S3PciSegmentLib: Add S3PciSegmentLib class and instance.
The patch adds the new library class S3PciSegmentLib to carry out
PCI configuration and enable the PCI operations to be replayed during
an S3 resume. This library class maps directly on top of the
PciSegmentLib class.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2017-08-28 16:47:05 +08:00
Ruiyu Ni 5c9bb86f17 MdePkg/PciSegmentLib: Add instances that consumes PciSegmentInfoLib
The patch adds two PciSegmentLib instances that consumes
PciSegmentInfoLib to provide multiple segments PCI configuration
access.

BasePciSegmentLibSegmentInfo instance is a BASE library.
DxeRuntimePciSegmentLibSegmentInfo instance is to be linked with
runtime drivers to provide not only boot time but also runtime
PCI configuration access.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2017-08-28 16:47:04 +08:00
Ruiyu Ni e457c1f65d MdePkg/PciSegmentInfoLib: Add PciSegmentInfoLib class and instance.
The patch adds PciSegmentInfoLib library class which is used
by PciSegmentLib (commit in next patch) to support multiple
segment PCI configuration access.

BasePciSegmentInfoLibNull instance is added but it shouldn't be
used by any real platform.
Any single segment platform that wants to use PciSegmentLib could
use BasePciSegmentLibPci instance.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2017-08-28 16:47:04 +08:00
Ruiyu Ni ebdde8ff26 MdePkg/PciSegmentLib: Fix typo in function header comments
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2017-08-28 16:47:03 +08:00
Marvin.Haeuser@outlook.com 9062381a8c MdePkg/BaseLib: Update internal LinkedList verifications.
1) Replace InternalBaseLibIsNodeInList() with
   InternalBaseLibIsListValid().
   - The verification whether Node is within the doubly-linked List
     is now done by IsNodeInList().
   - Whether the list is valid is returned.

2) The comments within InsertHeadList() and InsertTailList() stated
   that it is checked whether Entry is not part of the doubly-linked
   list. This was not done as argument 3 of
   InternalBaseLibIsNodeInList() indicated whether the check is done,
   not whether to check if the node is or is not in the list. This
   has been fixed by using IsNodeInList() for the ASSERTs.

V2:
  - Fix IsListEmpty() to ASSERT when the passed list is invalid.
  - Introduce the VERIFY_IS_NODE_IN_LIST() macro to only verify whether the
    passed node is part of the list when PcdVerifyNodeInList is TRUE.

V3:
  - Introduce the ASSERT_VERIFY_NODE_IN_VALID_LIST() macro which,
    depending on the value of PcdVerifyNodeInList, verifies whether
    SecondEntry is or is not part of the same doubly-linked list as
    FirstEntry and unconditionally verifies whether the doubly-linked
    list FirstEntry is part of is valid. This prevents
    InternalBaseLibIsListValid() from being called twice when a
    function ASSERTs via the result of IsNodeInList(), as it calls
    InternalBaseLibIsListValid() already.
  - Remove the VERIFY_IS_NODE_IN_LIST() macro in favor of
    ASSERT_VERIFY_NODE_IN_VALID_LIST().

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Marvin Haeuser <Marvin.Haeuser@outlook.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2017-08-16 16:55:32 +08:00
Marvin.Haeuser@outlook.com d0aef615ac MdePkg/BaseLib: Add IsNodeInList() function.
This patch adds IsNodeInList() to BaseLib, which verifies the given
Node is part of the doubly-linked List provided.

V2:
  - Rename "List" to "FirstEntry" and "Node" to "SecondEntry" to clarify that
    "FirstEntry" does not need to be the doubly-linked list's head node.

V3:
  - Remove ASSERTs from IsNodeInList() which are present in
    InternalBaseLibIsListValid().

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Marvin Haeuser <Marvin.Haeuser@outlook.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2017-08-16 16:55:30 +08:00
Jiaxin Wu 9b9d0655c1 MdePkg/UefiDevicePathLib: Add DevPathFromTextDns and DevPathToTextDns libraries
V3:
* Fix the bug in DevPathFromTextDns()

V2:
* Add no IP instance case check.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
2017-08-14 13:18:23 +08:00
Andrew Fish 9169c6e818 MdePkg: Fix Xcode 9 Beta treating 32-bit left shift as undefined
Bug: https://bugzilla.tianocore.org/show_bug.cgi?id=635

Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Andrew Fish <afish@apple.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2017-08-11 08:47:00 +08:00
Star Zeng 357c48258e MdePkg DxeHstiLib: Fix memory leak issue
The Hsti returned from InternalHstiFindAip() and temporally
allocated NewHsti need to be freed after used.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2017-07-18 10:35:36 +08:00
Ruiyu Ni ff5623e990 MdePkg/DevicePath: Add BluetoothLe device path node support
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
2017-06-07 08:46:20 +08:00
Star Zeng 7b5d848dbf MdePkg SmmIoLib: Use NULL pointer check instead of useless Status check
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=587

The Status check in "if (!EFI_ERROR (Status))" condition is useless,
it should be NULL pointer check. And this patch also fixes a typo
"continous" to "continuous".

Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2017-06-06 09:07:10 +08:00
Star Zeng 1a0ad70ee1 MdePkg SmmMemLib: Remove ASSERT in SmmIsBufferOutsideSmmValid
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=577

Currently the SmmIsBufferOutsideSmmValid() function in SmmMemLib.c will
ASSERT in certain conditions. Since this function is a "test" function,
it should not be making decisions on how to handle a failure.
Handling a failure should be left to the caller.

This patch is to remove ASSERT(FALSE) at line 178 of SmmMemLib.c.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Bret Barkelew <bret.barkelew@microsoft.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2017-06-06 09:07:09 +08:00
Hao Wu b1d4b9651e MdePkg/BasePrintLib: Avoid reading content beyond the format string
https://bugzilla.tianocore.org/show_bug.cgi?id=567

In function BasePrintLibSPrintMarker(), when processing ASCII format
strings, if the format string walker pointer 'Format' is pointing at the
end of the format string (i.e. '\0'), the following expression:
*(Format + 1)
will read an undefined value.

Though this value won't affect the functionality, since it will be masked
by variable 'FormatMask':
(*(Format + 1) << 8)) & FormatMask
(FormatMask is 0xff for ASCII format string)

This commit adds additional logic to avoid reading undefined content.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2017-06-01 08:46:31 +08:00
Hao Wu 4fc8277133 MdePkg/DevicePathLib: Reverse the byte order of BD_ADDR for Bluetooth
For the following two functions:
DevPathFromTextBluetooth()
DevPathToTextBluetooth()

The Bluetooth device address "UINT8  Address[6]" is displayed with the
order from Address[5] to Address[0]. This commit reverses the order.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
2017-05-31 10:28:41 +08:00
Star Zeng d7b96017cc MdePkg DxeServicesLib: Handle potential NULL FvHandle
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=514

The FvHandle input to InternalGetSectionFromFv() may be NULL,
then ASSERT will appear. It is because the LoadedImage->DeviceHandle
returned from InternalImageHandleToFvHandle() may be NULL.
For example for DxeCore, there is LoadedImage protocol installed
for it, but the LoadedImage->DeviceHandle could not be initialized
before the FV2 (contain DxeCore) protocol is installed.

This patch is to update InternalGetSectionFromFv() to return
EFI_NOT_FOUND directly for NULL FvHandle.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Michael Turner <Michael.Turner@microsoft.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2017-05-08 08:57:03 +08:00
Jiewen Yao f932073831 MdePkg/SmmIoLib: Add sample instance.
The sample instance check if IO resource is valid
one defined in GCD.
A platform may choose add more check to exclude some
other IO resource.

Cc: Jeff Fan <jeff.fan@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
2017-04-26 09:22:20 +08:00
Jeff Fan 9e981317be PeCoffGetEntryPointLib: Fix spelling issue
*Serach* should be *Search*

Cc: Liming Gao <liming.gao@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2017-04-26 08:58:18 +08:00
Hao Wu 458cd568b6 MdePkg/UefiLib: Avoid mis-calculate of graphic console size
The commit adds check in function InternalPrintGraphic() to ensure that
the expression:

Blt->Width * Blt->Height * sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL)

will not overflow in the UINTN range.

The commit also adds an explicit UINT32 type cast for 'Blt->Width' to
avoid possible overflow in the int range for:

Blt->Width * Blt->Height

Since both Blt->Width and Blt->Height are of type UINT16. They will be
promoted to int (signed) first, and then perform the multiplication
operation. If the result of multiplication between Blt->Width and
Blt->Height exceeds the range of type int, a potential incorrect size will
be passed into function AllocateZeroPool().

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2017-04-14 13:16:05 +08:00