gEfiHobMemoryAllocModuleGuid is referenced in the HobPrintLib,
but it is not defined in the INF file, causing an unresolved
external error when the module is consumed by code.
Signed-off-by: Aaron Pop <aaronpop@microsoft.com>
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4873
Currently the function does not cover the 5 level paging case. it will
casued pagetable protection region set incorrectly. This patch do the
enhancemant and with the patch protection region has been set correctly.
Signed-off-by: Ning Feng <ning.feng@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Now that the ResetVectors are USER_DEFINED modules, they will not
be linked against StackCheckLibNull, which were the only modules
causing issues. So, we can now remove the kludge we had before
and the requirement for every DSC to include StackCheckLibNull
for SEC modules and just apply StackCheckLibNull globally.
This also changes every DSC to drop the SEC definition of
StackCheckLibNull.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4858
Ph52a PCIE to SATA card inserted on Intel MTL/ARL causes system hanged.
Root cause of this issue is because Ph52a's driver only uses DevicePath
protocol alone and EDK2 driver only uses PciIo protocol alone. Both
drivers start and try to manage SATA controller.
Signed-off-by: Paul Chang <paulchang@ami.com>
storage data format
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4857
NVS needs to support both authenticated and non-authenticated
header for NV region. PcdNvStoreDefaultValueBuffer can have
variables with data format of the type Authenticated variable storage
and this change provides the support to differentiate between
the normal variable storage and authenticated variable storage
for the hii database to consume and update the setup variables
accordingly
Signed-off-by: nikhil p sheshagiri <nikhil.p.sheshagiri@intel.com>
On AARCH64, there is no ordering guarantee between configuration
space (ECAM) writes and memory space reads (MMIO). ARM AMBA CHI
only guarantees ordering for reads and writes within a single address
region, however, on some systems MMIO and ECAM may be split into
separateaddress regions.
A problem may arise when an ECAM write is issued a completion before a
subsequent MMIO read is issued and receives a completion.
For example, a typical PCI software flow is the following:
1. ECAM write to device command register to enable memory space
2. MMIO read from device memory space for which access was enabled
in step 1.
There is no guarantee that step 2. will not begin before the completion
of step 1.
on systems where ECAM/MMIO are specified as separate address regions,
even
if both spaces have the memory attributes device-nGnRnE.
- Add a barrier after the final PCI Configuration space write
in RootBridgeIoPciAccess. Configuration space reads should not have
side-efects.
- When configuration space is strongly ordered, this ensures
that program execution cannot continue until the completion
is received for the previous Cfg-Write, which may have side-effects.
- Risk of reading a "write-only" register and causing a CA which leaves
the device unresponsive. The expectation based on the PCI Base Spec
v6.1 section 7.4 is that all PCI Spec-defined registers will be readable,
however, there may exist design-specific registers that fall into
this category.
Signed-off-by: Aaron Pop <aaronpop@microsoft.com>
Co-authored-by: Ard Biesheuvel <ardb@kernel.org>
- Class specific types for interface and endpoint are generic
- Definitions are in IndustryStandard/Usb.h
- Remove type redefinitions
- Update references to the descriptor types
Signed-off-by: Oleg Ilyasov <olegi@ami.com>
Instead of using bit shift operations, it is preferable to use BaseLib
bit shift functions to prevent compilers from inserting intrinsics.
Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
I recently ran into an AllocatePages() hang. It turns out that
AllocatePages() does not account for the Memory Allocation HOB when it
makes the decision of allocating out of free memory.
Here is the scenario:
FreeMemoryTop - 0x71C03000
FreeMemoryBottom - 0x71BDBFD8
=> We have 159,784 bytes left => ~39.0098 pages left.
We attempt to allocate 39 pages. There are enough pages left but
allocating those pages requires to allocate a Memory Allocation HOB
which needs an extra 48 bytes. But once the pages are allocated,
there are only 40 bytes left.
In addition to taking into account the Memory Allocation HOB size,
this commit reverses the condition to keep it simple.
Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4496
This change adds a check for PEI dispatcher to continue dispatching when
there are still pending delayed dispatch requests, to be compatible with
newly integrated Delayed Dispatcher PPI interface.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Debkumar De <debkumar.de@intel.com>
Cc: Catharine West <catharine.west@intel.com>
Co-authored-by: John Schock <joschock@microsoft.com>
Signed-off-by: Kun Qin <kuqin12@gmail.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4496
This change adds the implementation that fits the needs and description
of PI spec defined Delayed Dispatch PPI in Pei Core.
The PPI would allow minimal delay for registered callbacks. As well as
allowing other functions to wait for GUIDed delayed dispatch callbacks.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Debkumar De <debkumar.de@intel.com>
Cc: Catharine West <catharine.west@intel.com>
Co-authored-by: Mike Turner <mikeyt@pobox.com>
Co-authored-by: Sachin Ganesh <sachinganesh@ami.com>
Signed-off-by: Kun Qin <kuqin12@gmail.com>
This generates boot descriptions for SD/MMC devices in the form of:
- "UEFI SanDisk SC128 2A2B1E4F SD Device"
- "UEFI Samsung BJTD4R 7AB3A8DE eMMC User Data"
The manufacturer ID tables are a best-effort, collected from various
places and personal testing. They're not complete and may be inaccurate
for rebranded cards.
Signed-off-by: Mario Bălănică <mariobalanica02@gmail.com>
Without this change we get:
error: equality comparison with extraneous parentheses
when building on XCODE5.
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4848
This patch is to support VTUTF8 type for Putty function key map.
In Putty, it is required for translating a stream of Unicode characters
for function keys on UTF8 correctly.
Signed-off-by: Phil Noh <Phil.Noh@amd.com>
Check that the next map entry is valid before dereferencing to merge the
guard pages. If the final entry is at the end of a page with no valid page
following it, then this can cause an access violation.
Signed-off-by: Kenneth Lautner <kenlautner3@gmail.com>
As per the emailed RFC in
https://edk2.groups.io/g/devel/topic/rfc_move/107675828,
this patch moves CompilerIntrinsicsLib from ArmPkg to
MdePkg as this library provides compiler intrinsics, which
are industry standard.
This aligns with the goal of integrating ArmPkg into existing
packages: https://bugzilla.tianocore.org/show_bug.cgi?id=4121.
The newly placed CompilerIntrinsicsLib is added to MdeLibs.dsc.inc
as every DSC that builds ARM/AARCH64 needs this library added. The
old location is removed from every DSC in edk2 in this commit also
to not break bisectability with minimal hoop jumping.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
When a Serial device resets, the Modem Control Register Data Terminal
Ready and Request to Send need to be cleared also. Otherwise the
registers will be left in their previous state, and the connected device
will not be able to transmit data.
Signed-off-by: Kenneth Lautner <kenlautner3@gmail.com>
- In c36414b131 change, it was introduced
the ReadyToBoot event check to prevent the boot service got called
in runtime to cause the issue.
- In this patch introduced the ExitBootService event to replace it.
It would be better to base on the BootService status to decide
the source of ESRT table.
- Based on the BootService availability to decide,
- Exit : Use cache ESRT table in IF-condition
- Not Exit: Use boot service to locate protocol in ELSE-condition
Co-authored-by: Dakota Chiang <dakota.chiang@intel.com>
Signed-off-by: Jason1 Lin <jason1.lin@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4831
In this patch introduced the below changes,
[1] Add the event of system resource table installed callback.
- Register the event in DxeRuntimeCapsuleLibConstructor ()
- Unregister the event in DxeRuntimeCapsuleLibDestructor ()
[2] Migrate the event to update the module variable to cache ESRT table
from ReadyToBoot to system resource table installed.
[3] Add the condition to free the pool of buffer when the "mEsrtTable"
is not NULL.
Co-authored-by: Dakota Chiang <dakota.chiang@intel.com>
Signed-off-by: Jason1 Lin <jason1.lin@intel.com>
If we search the codebase for &gEdkiiVariablePolicyProtocolGuid
we can find two drivers which install this policy:
VariableRuntimeDxe (installed in VariableDxe.c) and
VariableSmmRuntimeDxe (installed in VariablePolicySmmDxe.c).
The .inf file for VariableRuntimeDxe incorrectly lists the protocol
as CONSUMES in the comment, so change this to PRODUCES.
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
This patch breaks the section processing loop if an invalid section with zero SectionLength is encountered.
Signed-off-by: Ragavarshini B <ragavarshinib@ami.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Dhanaraj V <vdhanaraj@ami.com>
Cc: Sachin Ganesh <sachinganesh@ami.com>
In BmFindBootOptionInVariable() we prevent passing a NULL pointer to
EfiBootManagerFindLoadOption(). However, it can accept a NULL pointer as
the second argument as long as count is zero. This change updates the
assert condtion to only assert if the pointer is NULL and the count is
non-zero.
Signed-off-by: Kenneth Lautner <kenlautner3@gmail.com>
Comments out a redundant call to RestoreTpl(). While this does not
technically violate spec on raise/restore TPL, TPL should already be at
the specified level. This extra call introduces an asymmetry between
RaiseTpl and RestoreTpl calls, which makes analysis of TPL correctness
more difficult and hampers certain non-standard TPL usages that some
platforms require. Additionally, the two TPL variables were renamed to
provide context for each of them.
Signed-off-by: Kenneth Lautner <kenlautner3@gmail.com>
Adds a call to RestoreTpl() in DiskIo2ReadWriteDisk(). While the current
implementation does not technically violate spec on raise/restore TPL,
this extra call ensures symmetry between RaiseTpl and RestoreTpl calls,
which makes analysis of TPL correctness simpler and permits certain
non-standard TPL usages that some platforms require.
Signed-off-by: Kenneth Lautner <kenlautner3@gmail.com>
- This PR aims to prevent a buffer overrun issue found in FtwGetLastWriteHeader
function.As per the current code, when there is a malformed blocks (with all bytes as 0s)
then `Offset += FTW_WRITE_TOTAL_SIZE (FtwHeader->NumberOfWrites,
FtwHeader->PrivateDataSize)` would access beyond FtwWorkSpaceSize.
- Also added the signature check to validate work space
Signed-off-by: Sureshkumar Ponnusamy <sponnusamy@microsoft.com>
This library is designed for handling variable HII checks within the
Standalone MMm environment. It includes the functions
dedicated to registering handlers that process information received
from VarCheckHiiLibMmDependency.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
Rename SetVariableCheckHandlerHii and wrap it as a common API to
facilitate the usage in the following patches.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
Change the Size parameter of BuildVarCheckHiiBin from OUT to an
input-output parameter.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
VarCheckHiiLibMmDependency retrieve data (mVarCheckHiiBin) at the end
of the DXE phase, and pass the acquired data to the
VarCheckHiiLibStandaloneMm through a communication protocol.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
Relocate the declaration of mVarCheckHiiBin to support for standalone
MM modules utilizing the same mVarCheckHiiBin.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
In Standalone MM, there is no notification to MM drivers that variable
write is ready. Install gSmmVariableWriteGuid into MM handle database
for the notification.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Ray Ni <ray.ni@intel.com>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
According to TCG's Platform Reset Attack Mitigation spec, the OS should
never create the MOR variable, only read and write it.
But some OSes (Fedora 24 and 25) don't follow the TCG's Platform Reset
Attack Mitigation spec and unintentionally create MOR variable.
The commit fda8f631ed added function
VariableHaveTcgProtocols() to check against Tcg/Tcg2 protocol to infer
whether the MOR variable is created by platform firmware or not. If not,
delete the variable created by OS and lock the variable to avoid OS to
create it.
But in VariableStandaloneMm, VariableHaveTcgProtocols() always returns
FALSE, it causes TCG MOR secure feature does not work in standalone MM
environment.
As Fedora 24 and 25 are EOL today, directly returns TRUE in the function
VariableHaveTcgProtocols() for VariableStandaloneMm, and rename the
function to VariableIsMorVariableLegitimate() to make it more obvious
what the narrow use-case is for which it exists.
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
REF : https://bugzilla.tianocore.org/show_bug.cgi?id=4817
Before entering BIOS setup, CoreValidateHandle function executed
over 600,000 times during BDS phase on latest 8S server platform.
In CoreValidateHandle function, current implementation will go
through the doubly-linked list handle database in each call, and
this will have big impact on boot performance.
The optimization is using Red-black tree to store the EFI handle
address when insert each EFI handle into the handle database, and
remove the handle from Red-black tree if the handle is removed
from the handle database. CoreValidateHandle function changed to
go through the Red-black tree.
After verification on latest 8S server platform, BDS boot time can
save 20s+ after this change.
Cc: Ray Ni <ray.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Andrew Fish <afish@apple.com>
Tested-by: Xiaoqiang Zhang <xiaoqiang.zhang@intel.com>
Implementation of MEDIA_SANITIZE_PROTOCOL for NIST
purge/clear actions with mapping to NVM Express native
commands.
Signed-off-by: Aaron Pop <aaronpop@microsoft.com>
When allocating memory for a non-discoverable PCI device's IO, the
current core code removes the XP attribute, allowing code to execute
from that region. This is a security vulnerability and unneeded. This
change updates to mark the region as XP when allocating memory for the
non-discoverable PCI device.
These allocations in this function are limited to `EfiBootServicesData`
and `EfiRuntimeServicesData`, which we expect to be XP.
Signed-off-by: Aaron Pop <aaronpop@microsoft.com>
Currently whenever gDS->SetMemorySpaceCapabilities() is called, it
attempts to set the corresponding attributes in the gMemoryMap
descriptor. However, gMemoryMap only contains entries from GCD types
EfiGcdMemoryTypeSystemMemory and EfiGcdMemoryTypeMoreReliable, so
for all other types a failure is reported in the code. This is a
failure that is expected, so it does not provide value and can
lead to real failures being ignored.
This patch updates the gDS->SetMemorySpaceCapabilities() code to
only call into updating gMemoryMap if the GCD type is SystemMemory
or MoreReliable, to avoid spurious errors being reported. This
also avoids the expensive operation of searching through gMemoryMap
for entries we know we will fail to find.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
The Memory Attributes Table is generated by fetching the EFI memory map
and splitting entries which contain loaded images so DATA and CODE
sections have separate descriptors. The splitting is done via a call to
SplitTable() which
marks image DATA sections with the EFI_MEMORY_XP attribute and CODE
sections with the EFI_MEMORY_RO attribute when
splitting. After this process, there may still be EfiRuntimeServicesCode
regions which did not have their attributes set because they are not
part of loaded images.
This patch updates the MAT EnforceMemoryMapAttribute logic to set the
access attributes of runtime memory regions which are not part of loaded
images (have not had their access attributes set). The attributes of the
code regions will be read-only and no-execute because the UEFI spec
dictates that runtime code regions should only contain loaded EFI
modules.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4832
Refs:
1.
https://edk2.groups.io/g/devel/topic/patch_v1_mdemodulepkg/105570114?p=,,,20,0,0,0::recentpostdate/sticky,,,20,2,0,105570114
2.
https://edk2.groups.io/g/devel/topic/mdemodulepkg_fix_mat/105477564?p=,,,20,0,0,0::recentpostdate/sticky,,,20,2,0,105477564
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Per UEFI spec 2.10 section 4.6.3 EFI_MEMORY_ATTRIBUTES_TABLE,
"The Memory Attributes Table is currently used to describe memory
protections that may be applied to the EFI Runtime code and data
by an operating system or hypervisor. Consumers of this table must
currently ignore entries containing any values for Type except for
EfiRuntimeServicesData and EfiRuntimeServicesCode to ensure
compatibility with future uses of this table."
However, the current MAT code also enforces attributes for
EfiMemoryMappedIo and EfiMemoryMappedIoPortSpace, which it should
not be. Per
https://edk2.groups.io/g/devel/topic/patch_v1_mdemodulepkg/105570114?p=,,,20,0,0,0::recentpostdate/sticky,,,20,2,0,105570114,
it was suggested to remove these types from the MAT logic.
This patch removes EfiMemoryMappedIo and EfiMemoryMappedIoPortSpace
from the MAT logic in accordance with the UEFI spec.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
SmmCommunicationBufferDxe need to re-use FixedCommBuffer from
MmCommBuffer HOB which created under PEI stage.
Signed-off-by: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
PcdMmCommBufferPages is to specify the page count allocated for
the MM communication buffer.
Signed-off-by: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Co-authored-by: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Co-authored-by: Ray Ni <ray.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Yuanhao Xie <yuanhao.xie@intel.com>
The MM communicate buffer facilitates data sharing between non-MM
and MM code.
The MM IPL code allocates a "fixed" runtime type memory as the MM
communication buffer, and communicates its address and size to MM
Core via MmCommBuffer GUIDed HOB.
Here, "fixed" implies that the buffer's location remains constant
throughout the boot process.
Data is exchanged between the MM Communication PPI/Protocol and a
software MMI handler using this fixed MM communication buffer.
Signed-off-by: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Co-authored-by: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Co-authored-by: Ray Ni <ray.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Yuanhao Xie <yuanhao.xie@intel.com>
Aaron Pop
Ning Feng
Oliver Smith-Denny
Paul Chang
nikhil p sheshagiri
INDIA\kanagavels
Hua Ma
joe
Oleg Ilyasov
Jeremy Compostella
Kun Qin
Kun Qin
Mario Bălănică
Mike Beaton
Phil Noh
Ken Lautner
Oliver Smith-Denny
Jason1 Lin
ragavarshinib
Rebecca Cran
Sureshkumar Ponnusamy
xieyuanh
Wei6 Xu
Xiaoqiang Zhang
Ray Robles
Zhang Hongbin