UpdateVariableInfo () currently accepts parameters regarding updates
to be made to a global variable of type VARIABLE_INFO_ENTRY. This
change passes the structure by pointer to UpdateVariableInfo ()
so structures other than the fixed global variable can be updated.
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Michael Kubacki <michael.a.kubacki@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
The majority of logic related to GetNextVariableName () is currently
implemented in VariableServiceGetNextVariableInternal (). The list
of variable stores to search for the given variable name and variable
GUID is defined in the function body. This change adds a new parameter
so that the caller must pass in the list of variable stores to be used
in the variable search.
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Michael Kubacki <michael.a.kubacki@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
This change moves the following functions into a dedicated file
so they may be used in other variable files as needed. These are
commonly needed for basic variable data structure parsing
operations. The functions are grouped together in VariableParsing.c
to support cohesiveness for these operations in the file.
Furthermore, it reduces the overall size of the common Variable.c
file.
* DataSizeOfVariable ()
* FindVariableEx ()
* GetEndPointer ()
* GetNextVariablePtr ()
* GetStartPointer ()
* GetVariableDataOffset ()
* GetVariableDataPtr ()
* GetVariableHeaderSize ()
* GetVariableNamePtr ()
* GetVariableStoreStatus ()
* GetVendorGuidPtr ()
* IsValidVariableHeader ()
* NameSizeOfVariable ()
* SetDataSizeOfVariable ()
* SetNameSizeOfVariable ()
* UpdateVariableInfo ()
* VariableCompareTimeStampInternal ()
* VariableServiceGetNextVariableInternal ()
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Michael Kubacki <michael.a.kubacki@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
Entry and RetEntry might be NULL before used.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
Before called by GetBufferForValue(), Value has already been called
function IsTypeInBuffer to make sure the value must be buffer type.
So GetBufferForValue can not return NULL.
This commit adds ASSERT to assume (GetBufferForValue (&Value) is not
NULL.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
EsrtRepository might be NULL. So return EFI_OUT_OF_RESOURCES
when it is NULL.
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
The caller of CompareAndMergeDefaultString has checked that
AltCfgResp must contain AltConfigHdr. So we add ASSERT to assume
StringPtr is not NULL.
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Upgrade openssl from 1.1.1b to 1.1.1d.
Something needs to be noticed is that, there is a bug existing in the
released 1_1_1d version(894da2fb7ed5d314ee5c2fc9fd2d9b8b74111596),
which causes build failure. So we switch the code base to a usable
version, which is 2 commits later than the stable tag.
Now we use the version c3656cc594daac8167721dde7220f0e59ae146fc.
This log is to fix the build failure.
https://bugzilla.tianocore.org/show_bug.cgi?id=2226
Besides, the absense of "DSO_NONE" in dso_conf.h causes build failure
in OvmfPkg. So update process_files.pl to generate information from
"crypto/include/internal/dso_conf.h.in".
shm.h and utsname.h are added to avoid GCC build failure.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
MpInitLib sets X2ApicEnable in two places.
1. CollectProcessorCount()
This function is called when MpInitLibInitialize() hasn't been
called before.
It sets X2ApicEnable and later in the same function it configures
all CPUs to operate in X2 APIC mode.
2. MpInitLibInitialize()
The X2ApicEnable setting happens when this function is called in
second time. But after that setting, no code consumes that flag.
With the above analysis and with the purpose of simplifying the code,
the X2ApicEnable in #1 is changed to local variable and the #2 can be
changed to remove the setting of X2ApicEnable.
Signed-off-by: Ray Ni <ray.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Today's logic sets X2ApicEnable flag in each AP's initialization
path when InitFlag == ApInitConfig.
Since all CPUs update the same global data, a spin-lock is used
to avoid modifications from multiple CPUs happen at the same time.
The spin-lock causes two problems:
1. Potential performance downgrade.
2. Undefined behavior when improper timer lib is used.
For example we saw certain platforms used AcpiTimerLib from
PcAtChipsetPkg and that library depends on retrieving PeiServices
from idtr. But in fact AP's (idtr - 4) doesn't point to
PeiServices.
The patch simplifies the code to let BSP set the X2ApicEnable flag so
the spin-lock acquisition from AP is not needed any more.
Signed-off-by: Ray Ni <ray.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2296
Currently, when 'ls' is run on an entirely empty directory (this
includes not having '.' and '..'), the output is always 'File not
found'. For when not filtering its children, this patch rather
displays the usual header and footer.
Cc: Ray Ni <ray.ni@intel.com>
Cc: Zhichao Gao <zhichao.gao@intel.com>
Signed-off-by: Marvin Haeuser <mhaeuser@outlook.de>
Reviewed-by: Zhichao Gao <zhichao.gao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2294
EFI_RUNTIME_SERVICES.GetTime() might return an unspecified Timezone,
such as when SetTime() has not been called after the RTC was cut off
power. Consider this case by not attempting Timezone translations for
when it is invalid.
Cc: Ray Ni <ray.ni@intel.com>
Cc: Zhichao Gao <zhichao.gao@intel.com>
Signed-off-by: Marvin Haeuser <mhaeuser@outlook.de>
Reviewed-by: Zhichao Gao <zhichao.gao@intel.com>
MapMemory is not initialized by FindGuardedMemoryMap
or CoreInternalAllocatePages which calls MapMemory.
So we give a 0 to it.
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
RequestMap is used but not Initialized.
RequestMap is called by UhciMapUserRequest, in which RequestMap(Map)
is called by IoMmuMap, and is finally called by IoMmu->Map.
We can not assume RequestMap is given an initial value at any step.
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
Map is used but not Initialized.
Map is called by IoMmuMap, in which Mapping(Map) is called by IoMmu->Map.
We can not assume Map is given an initial value at any step.
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
DeviceIndex is used as index in Slot[]. The max size of Slot[]
is SD_PEIM_MAX_SLOTS. So DeviceIndex should be checked before used.
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
Foreground and background color are saved in a single byte.
Bits 0..3 are the foreground color and bits 4..6 are the background color.
If the Private->Attribute defined correctly, (Private->Attribute >> 4)
must be less than 8.
This commit uses ASSERT to assume "Attribute >> 4" is less than 8.
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
IndexTable->Length is used as index in array IndexTable->Index[].
So IndexTable->Length needs to be checked, which should be less than
the array size.
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
The if statement is not necessary, so keep it to edk2 style.
And this change has been merged to onigruma.
REF:https://github.com/kkos/oniguruma/pull/158
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
The ACPI specification, version 6.3, January 2019,
defines the Named Object Encoding for ExternalOp
in section '20.2.5.2 Named Objects Encoding'.
This patch adds the definition for ExternalOp to
the list of Primary Opcode definitions.
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2295
The current implementation of the FileHandleGetFileName() function
assumes that the Root directory always has the FileName '\0'.
However, the only requirement the UEFI specification defines is that
a prepended '\\' must be supported to access files and folders
relative to the Root directory.
This patch removes this assumption and supports constructing valid
paths for any value of FileName for the Root Directory.
In practice, this fixes compatibility issues with File System drivers
that report '\\' as the FileName of the Root directory, which
currently is both generating an invalid path ("\\\\") and resulting
in an EFI_NOT_FOUND result from the CurrentHandle->Open() call.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Marvin Haeuser <mhaeuser@outlook.de>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Zhichao Gao <zhichao.gao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2293
Move the NULL check in FileHandleGetInfo() to directly after the
allocation to prevent potential NULL dereferences.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Marvin Haeuser <mhaeuser@outlook.de>
Reviewed-by: Liming Gao <liming.gao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2302
The second argument of "UnicodeVSPrintAsciiFormat" is "BufferSize",
which takes the size of the buffer in bytes. Replace the currently
used MAX_DEBUG_MESSAGE_LENGTH usage, which is the buffer's length,
with the actual buffer size.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Marvin Haeuser <mhaeuser@outlook.de>
Reviewed-by: Liming Gao <liming.gao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2302
The second argument of "UnicodeVSPrintAsciiFormat" is "BufferSize",
which takes the size of the buffer in bytes. Replace the currently
used MAX_DEBUG_MESSAGE_LENGTH usage, which is the buffer's length,
with the actual buffer size.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Marvin Haeuser <mhaeuser@outlook.de>
Reviewed-by: Liming Gao <liming.gao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960
CVE: CVE-2019-14553
Set the HostName by consuming TLS protocol to enable the host name
check so as to avoid the potential Man-In-The-Middle attack.
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20190927034441.3096-5-Jiaxin.wu@intel.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960
CVE: CVE-2019-14553
The new data type named "EfiTlsVerifyHost" and the
EFI_TLS_VERIFY_HOST_FLAG are supported in TLS protocol.
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20190927034441.3096-4-Jiaxin.wu@intel.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Using the inet_pton() function that we imported in the previous patches,
recognize if "HostName" is an IP address literal, and then parse it into
binary representation. Passing the latter to OpenSSL for server
certificate validation is important, per RFC-2818
<https://tools.ietf.org/html/rfc2818#section-3.1>:
> In some cases, the URI is specified as an IP address rather than a
> hostname. In this case, the iPAddress subjectAltName must be present in
> the certificate and must exactly match the IP in the URI.
Note: we cannot use X509_VERIFY_PARAM_set1_ip_asc() because in the OpenSSL
version that is currently consumed by edk2, said function depends on
sscanf() for parsing IPv4 literals. In
"CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c", we only provide an
empty -- always failing -- stub for sscanf(), however.
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960
CVE: CVE-2019-14553
Suggested-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
For TianoCore BZ#1734, StdLib has been moved from the edk2 project to the
edk2-libc project, in commit 964f432b9b ("edk2: Remove AppPkg, StdLib,
StdLibPrivateInternalFiles", 2019-04-29).
We'd like to use the inet_pton() function in CryptoPkg. Resurrect the
"inet_pton.c" file from just before the StdLib removal, as follows:
$ git show \
964f432b9b0a^:StdLib/BsdSocketLib/inet_pton.c \
> CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c
The inet_pton() function is only intended for the DXE phase at this time,
therefore only the "BaseCryptLib" instance INF file receives the new file.
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960
CVE: CVE-2019-14553
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
In a later patch in this series, we're going to resurrect "inet_pton.c"
(originally from the StdLib package). That source file has a number of
standard C and BSD socket dependencies. Provide those dependencies here:
- The header files below will simply #include <CrtLibSupport.h>:
- arpa/inet.h
- arpa/nameser.h
- netinet/in.h
- sys/param.h
- sys/socket.h
- EAFNOSUPPORT comes from "StdLib/Include/errno.h", at commit
e2d3a25f1a31; which is the commit immediately preceding the removal of
StdLib from edk2 (964f432b9b).
Note that the other error macro, which we alread #define, namely EINVAL,
has a value (22) that also matches "StdLib/Include/errno.h".
- The AF_INET and AF_INET6 address family macros come from
"StdLib/Include/sys/socket.h".
- The NS_INT16SZ, NS_INADDRSZ and NS_IN6ADDRSZ macros come from
"StdLib/Include/arpa/nameser.h".
- The "u_int" and "u_char" types come from "StdLib/Include/sys/types.h".
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960
CVE: CVE-2019-14553
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
According to the ISO C standard, strchr() is a function. We #define it as
a macro. Unfortunately, our macro evaluates the first argument ("str")
twice. If the expression passed for "str" has side effects, the behavior
may be undefined.
In a later patch in this series, we're going to resurrect "inet_pton.c"
(originally from the StdLib package), which calls strchr() just like that:
strchr((xdigits = xdigits_l), ch)
strchr((xdigits = xdigits_u), ch)
To enable this kind of function call, turn strchr() into a function.
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960
CVE: CVE-2019-14553
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960
CVE: CVE-2019-14553
In the patch, we add the new API "TlsSetVerifyHost" for the TLS
protocol to set the specified host name that need to be verified.
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20190927034441.3096-3-Jiaxin.wu@intel.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960
CVE: CVE-2019-14553
In the patch, we add the new data type named "EfiTlsVerifyHost" and
the EFI_TLS_VERIFY_HOST_FLAG for the TLS protocol consumer (HTTP)
to enable the host name check so as to avoid the potential
Man-In-The-Middle attack.
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20190927034441.3096-2-Jiaxin.wu@intel.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
For now, PlatformRecovery doesn't work if OsIndications variable
doesn't exist, which is wrong.
According to the UEFI specification section 3.4.1 and 3.4.2, if
processing of BootOrder does not result in success, the OsRecovery
and PlatformRecovery options should still be processed regardless of
the existence of the OsIndications variable.
Therefore, update the code to check PcdPlatformRecoverySupport instead
of the value of OsIndications variable (PlatformRecovery) to fix
this issue.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao Wu <hao.a.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Zhichao Gao <zhichao.gao@intel.com>
Cc: Walon Li <walon.li@hpe.com>
Signed-off-by: Sunny Wang <sunnywang@hpe.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
Reviewed-by: Zhichao Gao <zhichao.gao@intel.com>
Acked-by: Jian J Wang <jian.j.wang@intel.com>
There are missing headers added into INF files at 8906f076de35b222a..
They are now manually added but not auto-generated. So we update the
perl script to enable this feature.
Meanwhile, update the order of the .h files in INF files, which are
auto-generated now.
https://bugzilla.tianocore.org/show_bug.cgi?id=2085
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=2312
This patch is for fixing unexpected system hang during S3 unlock process.
FatPei driver maintained and updated internal BlockIo devices list
when there is new BlockIo PPI has installed, and it relied on BlockIo PPI
service to get data from devices. Because BlockIo Ppi leverage
NvmExpressPei Ppi to transit Nvm command to device, we should make sure
NvmePassThruPpi installed before BlockIo PPI.
Signed-off-by: Maggie Chu <maggie.chu@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
This patch fixes a problem introduced by commit
61bb6eeb4d.
The PcdSnpCreateExitBootServicesEvent is not guaranteed to be FixedAtBuild,
so use PcdGetBool() to supports both fixed and patchable PCD.
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Signed-off-by: Siyuan Fu <siyuan.fu@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
I will soon lose access to my Arm e-mail address. Update it to my
xen.org one.
Signed-off-by: Julien Grall <julien.grall@arm.com>
Message-Id: <20191028103406.10253-1-julien.grall@arm.com>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Change Siyuan Fu from Maintainer to Reviewer.
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Signed-off-by: Siyuan Fu <siyuan.fu@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2310
When target FV 99% used and only few bytes space left,
SplitFspBin.py may crash with below error:
File "SplitFspBin.py", line 457, in ParseFv
ffshdr = EFI_FFS_FILE_HEADER.from_buffer (self.FvData, offset)
ValueError: Buffer size too small
(40960 instead of at least 40968 bytes)
It was because the offset used by FFS_HEADER parser out of bounds.
It should stop parsing when offset equal or larger than
(buffer size - FFS_HEADER size).
This patch also fixed another crash issue when running script with
Python 3.x and no input parameter given:
File "SplitFspBin.py", line 868, in main
if args.which in ['rebase', 'split', 'genhdr', 'info']:
AttributeError: 'Namespace' object has no attribute 'which'
Test:
1. Ran script with both py2 and py3 with no input and no crash observed.
2. Compare the script result before and after the patch are identical.
Cc: Maurice Ma <maurice.ma@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Signed-off-by: Chasel Chiu <chasel.chiu@intel.com>
Reviewed-by: Nate DeSimone <nathaniel.l.desimone@intel.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=2259
Update DSC file to build all libraries and modules in
the NetworkPkg.
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1603
1. Add WIN_HOST_BUILD macro check for CLANG9 tool chain
build -p EmulatorPkg\EmulatorPkg.dsc -a IA32 -DWIN_HOST_BUILD=TRUE -t CLANG9
build -p EmulatorPkg\EmulatorPkg.dsc -a X64 -DWIN_HOST_BUILD=TRUE -t CLANG9
2. Append CLANG CC and LINK flags to generate windows HOST.
3. Fix WinHost issue to call GetProcessAffinityMask() API.
The input parameter should be UINTN pointer instead of UINT32 pointer.
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Andrew Fish <afish@apple.com>
Cc: Ray Ni <ray.ni@intel.com>
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1603
With this change, global variable _fltused will not be removed by LTO
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1603
Define the same macro in the different OS. It can make CLANG generate the same
image in the different host OS.
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1603
__inline__ has no functional difference effect with the GCC48 / GCC49 / GCC5
toolchains, but it breaks the build with CLANG9. Remove __inline__.
Signed-off-by: Liming Gao <liming.gao@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1603
CLANG9 tool chain defines __clang__ macro only,
doesn't define __GNUC__ macro. But, it uses some same definitions with GCC.
So, update base definition for CLANG9 tool chain.
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Michael Kubacki
Shenglei Zhang
Ray Ni
Marvin Haeuser
Huang, Qing
Pierre Gondois
Wu, Jiaxin
Laszlo Ersek
Sunny Wang
Maggie Chu
Siyuan, Fu
Julien Grall
Chasel Chiu
Sean Brogan
Liming Gao