Commit 1b31acb66c ("MdeModulePkg: Check received packet size before use
it.") introduced a chunk of code under the new "Resume" label, in function
UdpIoOnDgramRcvdDpc(). The new code is supposed to run only when the
received packet has zero-length payload, but a "return" statement was
forgotten, and the code is reached on the normal (nonzero-length payload)
path as well, after the packet has been processed (and possibly freed) by
RxToken->CallBack(). This is a logic bug, with the direct symptom being
use-after-free / General Protection Fault.
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: "Subramanian, Sriram (EG Servers Platform SW)" <sriram-s@hpe.com>
Fixes: 1b31acb66c
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Sriram Subramanian <sriram-s@hpe.com>
Arbitrary length of packet may be received from network, including the
packets with zero payload data or malformed protocol header. So the code
much check the actually received data size before using it. For example, in
current edk2 network stack, an zero payload UDP packet may cause the
platform ASSERT in NetbufFromExt() because of the zero fragment number.
This patch update the IpIoLib and UdpIoLib to check and discard the zero
payload data packet to avoid above assert. Some other network drivers are
also updated to check the packet size to guarantee the minimum length of
protocol header is received from upper layer driver.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Sriram Subramanian <sriram-s@hpe.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
This reverts commit 31ae446b1a.
Changing the receive FIFO depth in Terminal driver Start() is not
recommended.
A new PCD PcdUartDefaultReceiveFifoDepth was added and
MdeModulePkg/SerialDxe driver uses the PCD as the default receive
FIFO depth.
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Ryan Harkin <ryan.harkin@linaro.org>
EndingAddress is calculated incorrectly. Original code calculates it as
(StartingAddress + Size). Correct value should be (StartingAddress +
Size - 1.
Note:
Besides the changes made by Samer, Hao also fixed a similar issue in
RamDiskImpl.c
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Signed-off-by: Tapan Shah <tapandshah@hpe.com>
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Tapan Shah <tapandshah@hpe.com>
Check for NULL from AllocateCopyPool before setting Count to 1. Also
change sizeof (EFI_HANDLE*) to sizeof (EFI_HANDLE). Handles is a
EFI_HANDLE pointer, so the allocated memory must be the size of
EFI_HANDLE.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Thomas Palmer <thomas.palmer@hpe.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
This stack includes:
1. Dxe phase support by:
1) SdMmcPciHcDxe driver to consume PciIo and produce
SdMmcPassThru.
2) SdDxe driver to consume SdMmcPassThru to produce
BlkIo1/BlkIo2.
3) EmmcDxe driver to consume SdMmcPassThru to produce
BlkIo1/BlkIo2/SSP.
2. Pei phase support
1) SdBlockIoPei driver to consume SdMmcHostController
Ppi and produce VirutalBlkIo1&2.
2) EmmcBlockIoPei driver to consume SdMmcHostController
Ppi and produce VirutalBlkIo1&2.
3) SdMmcPciHcPei driver to produce SdMmcHostController
Ppi.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Feng Tian <feng.tian@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
There are scenario when the BindingStop service of PartitionDxe driver be
re-entered.
An example will be ejecting a DVD from a SATA DVDROM and then run
"reconnect -r" under shell. In this specific case, part of the calling
stack will be:
PartitionDriverBindingStop() (PartitionDxe) ->
Stop first child handle (PartitionDxe) ->
ScsiDiskFlushBlocksEx() (ScsiDiskDxe) ->
A media change is detected (ScsiDiskDxe) ->
Reinstall of BlockIO(2) protocols (ScsiDiskDxe) ->
Entering PartitionDriverBindingStop() again (PartitionDxe) ->
Potential risk of referencing already stopped child handle (PartitionDxe)
...
The current code has potential issue of referencing of already stopped
child handle. This commit adds re-entry handling logic to resolve such
issue.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
Set UART receive FIFO depth with PCD instead of fixed number "1".
The default value of PCD is also 1, so it makes no difference for
platforms which do not explicitly set this PCD.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Found an issue that file system cannot be started on a DVD when doing the
following process:
Boot to shell with a DVD inside a SATA DVDROM. Eject the DVD and run
"reconnect -r". Put the DVD inside again and run "reconnect -r".
The cause is that after executing the second reconnect action, DiskIo
immediately returns EFI_NO_MEDIA in function DiskIo2ReadWriteDisk() when
checking the media information. However, at this time, the media
information does not get updated by the ScsiDisk driver. Therefore, DiskIo
driver should left the no media check to ScsiDisk driver.
Generally, the media changed and media write protect check should also be
left to lower-level device driver. Thus, these two checks in function
DiskIo2ReadWriteDisk() are also removed.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
Some ISO images cannot be recognized properly when they are on media whose
block size is not 2048 bytes.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
The 'Reset' function for BlockIO(2) in ScsiDiskDxe should return
EFI_SUCCESS instead of EFI_DEVICE_ERROR when a device does not support
reset feature.
Otherwise, a 'reconnect -r' action when an ISCSI device is attached will
cause system hang.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
Remove variables that are declared, assigned but never referenced. This
fixes a warning emitted by GCC when -Wunused-but-set-variable is in effect.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
When there is no bridge before the HPC (hot plug controller),
the issue cannot be seen.
But when there are bridges before the HPC, the PciBus will only
use the value (= <CurrentBusNumber> + <ReservedBusNumber>) as the
sub-ordinary bus number for HPC.
The correct sub-ordinary bus number should be:
<CurrentBusNumber> + <OccupiedBusNumber>(by earlier bridges) +
<ReservedBusNumber>.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
Xcode clang seems unhappy with both FileExplorerLib.h and
Protocol/FileExplorer.h both defining CHOOSE_HANDLER, now
remove the definition in FileExplorerLib.h.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Andrew Fish <afish@apple.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
The type casting is not necessary and now remove it.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Gary Lin <glin@suse.com>
The BootMaintenanceManagerUiLib use ChooseFile() from FileExplorerLib
to select files. And the third parameter in ChooseFile() is CHOOSE_HANDLER,
per the definition of CHOOSE_HANDLER, it must use EFIAPI as the calling
convention. But the calling convention was not specified for following
handlers: CreateBootOptionFromFile, CreateDriverOptionFromFile,
BootFromFile. Now specifies the calling convention for those functions.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Gary Lin <glin@suse.com>
There is no asynchronous operations to the registered RAM disks link list
maintained within RamDiskDxe driver, therefore, the TPL raise and restore
operations when dealing with the link list are unnecessary.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
Previously, the code uninstalls the DEVICE_PATH_PROTOCOL with the device
path given by caller of the 'RamDiskUnregister' function. The given device
path might be different from the one used to install the
DEVICE_PATH_PROTOCOL.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
The 'DisconnectController' function calls after
'UninstallMultipleProtocolInterfaces' are unnecessary, since
'DisconnectController' is called inside function
'UninstallMultipleProtocolInterfaces'.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
Check for Type AllocateAddress,
if NumberOfPages is 0 or
if (NumberOfPages << EFI_PAGE_SHIFT) is above MAX_ADDRESS or
if (Start + NumberOfBytes) rolls over 0 or
if Start is above MAX_ADDRESS or
if End is above MAX_ADDRESS,
return EFI_NOT_FOUND.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Do not locate VarCheck protocol in Constructor, then the
gEdkiiVarCheckProtocolGuid could be removed from [Depex].
It will be more flexible for the library Consumer to work without VarCheck
protocol installed, for example at recovery boot mode with EmuRuntimeDxe.
The unused UefiLib is also been removed from [LibraryClasses] in *.inf.
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
In UEFI2.6, CapturePtr's in the Captures array returned by MatchString
are to be separatedly allocated so that they can be freed by the
caller.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Cecil Sheng <cecil.sheng@hpe.com>
Reviewed-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
This is an emergency fix for UINT64 multiplications and divisions not
being done with the right BaseLib functions -- they break Ia32 builds.
Fixes: 30ed3422ab
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
ConSplitter's Absolute Pointer should scale virtual device's resolution like what Simple Pointer do.
Before this change, caller will get Virtual device's resolution but physical device's current point.
This change let caller get Virtual device's resolution with virtual device's current point.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Derek Lin <derek.lin2@hpe.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Remove the ASSERT in UI code that may be triggered,
and clean up the useless code.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
In DriverSampleInit, has installed the configAccess protocol to
the DriverHandle[1], but don't uninstall it in DriverSampleUnload.
Now uninstall the configAccess protocol.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Commit 7c50b34343 introduced
PcdMaxPeiPerformanceLogEntries16 to support > 256 PEI performance log
entries, but its PROMPT&HELP STR were forgotten to be added into *.uni.
Commit 7c50b34343 also updated
PcdMaxPeiPerformanceLogEntries HELP STR.
This patch is to add PcdMaxPeiPerformanceLogEntries16 PROMPT&HELP STR and
update PcdMaxPeiPerformanceLogEntries HELP STR in *.uni.
Cc: Shumin Qiu <shumin.qiu@intel.com>
Cc: Cinnamon Shia <cinnamon.shia@hpe.com>
Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Shumin Qiu <shumin.qiu@intel.com>
Reviewed-by: Cinnamon Shia <cinnamon.shia@hpe.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
Since PcdHiiOsRuntimeSupport has added in the MdeModulePkg.dec file,
now add the usage information in the uni file.
Cc: Qiu Shumin <shumin.qiu@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Qiu Shumin <shumin.qiu@intel.com>
There some usefull functions in edk2 private modules that could be used,
so we added them to the httpLib
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ghazi Belaam <Ghazi.belaam@hpe.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Samer EL-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
The maximum number of PEI performance log entries is 255.
Add a new PCD, PcdMaxPeiPerformanceLogEntries16, to increase the maximum
number of PEI performance log entries.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Cinnamon Shia <cinnamon.shia@hpe.com>
Reviewed-by: Samer EL-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Joseph Shifflett <joseph.shifflett@hpe.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Some static scan tool may regard CurrentRsdtEntry to be potentially
referenced to NULL pointer if CurrentRsdtEntry == NULL is used in
the right above if condition judgment.
CopyMem (CurrentRsdtEntry, CurrentRsdtEntry + 1, (*NumberOfTableEntries - Index) * sizeof (UINT32));
It is introduced by commit f9bbb8d9c3.
To avoid it and have same style with
"((Xsdt == NULL) || CurrentTablePointer64 == (UINT64) (UINTN) Table->Table)",
use Rsdt instead of CurrentRsdtEntry to check against NULL.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Shumin Qiu <shumin.qiu@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Shumin Qiu <shumin.qiu@intel.com>
The patch enhances the UefiBootManagerLib to use more user-friendly
network boot option description.
It builds description like below:
"PXEv6 (MAC:112233445566 VLAN1)"
"HTTPv4 (MAC:112233445566)"
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
1. The consumer of Acpi Sdt Protocol may want to use the API after ReadyToLock.
2. The ACPI system configuration table even could be overwritten,
we see little issue in leaving Acpi Sdt Protocol installed.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Failing to set EFI_MEMORY_UC to MMIO aperture is not a fatal error.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Enhance BDS to support booting from a remote file system exposed
by a HTTP boot option.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Sunny Wang <sunnywang@hpe.com>
The patch adds short-form URI boot support to follow
UEFI Spec.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Sunny Wang <sunnywang@hpe.com>
Enhance BDS to wide match the HTTP boot option without matching
the specific device path data in IP device path and URI device
path node.
It's to follow UEFI Spec 2.6.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Sunny Wang <sunnywang@hpe.com>
Change BmGetFileBufferByMemmapFv to BmGetFileBufferByFvFilePath.
The original function gets the file buffer only from memory mapped
FV device path and leaves GUIDed FV device path to the code below;
The new function gets the file buffer from both formats of FV device
paths.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Sunny Wang <sunnywang@hpe.com>