This hole will cause page fault randomly. The root cause is that Guard
page, which is just freed back to page pool but not yet cleared not-
present attribute, will be allocated right away by internal function
CoreFreeMemoryMapStack(). The solution to this issue is to clear the
not-present attribute for freed Guard page before doing any free
operation, instead of after those operation.
The reason we didn't do this before is due to the fact that manipulating
page attributes might cause memory allocation action which would cause a
dead lock inside a memory allocation/free operation. So we always set or
unset Guard page outside the memory lock. After a thorough analysis, we
believe clearing a Guard page will not cause memory allocation because
memory we're to manipulate was already manipulated before for sure.
Therefore there should be no memory allocation occurring in this
situation.
Since we cleared Guard page not-present attribute before freeing instead
of after freeing, the debug code to clear freed memory can now be restored
to its original way (aka no checking and bypassing Guard page).
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Section data alignment should be made in the build generation.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Section data alignment should be made in the build generation.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Section data alignment should be made in the build generation.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
If PcdDxeNxMemoryProtectionPolicy is set to enable protection for memory
of EfiReservedMemoryType, the BIOS will hang at a page fault exception
triggered by BootScriptExecutorDxe.
The root cause is that this driver will allocate memory of
EfiReservedMemoryType and relocate itself into this new memory. Since
EfiReservedMemoryType of memory is marked non-executable, re-start this
driver after relocation will cause exception. The fix is removing the NX
attribute after memory allocation.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
If PcdDxeNxMemoryProtectionPolicy is set to enable protection for memory
of EfiReservedMemoryType, the BIOS will hang at a page fault exception
during starting SMM driver.
The root cause is that SMM RAM is type of EfiReservedMemoryType and
marked as non-executable. The fix is simply removing NX attribute for
those memory.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
* In DxeIpIo, an ASSERT check is incorrectly used in IpIoAddIp(), which result
debug image hang when this API is called, this patch is to fix this issue.
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wang Fan <fan.wang@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
XCODE5 doesn't support absolute addressing in the assembly code.
This change uses lea instruction to get the address.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Andrew Fish <afish@apple.com>
Cc: Star Zeng <star.zeng@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Reported-by: Christian Ehrhardt <ehrhardt@genua.de>
Signed-off-by: Christian Ehrhardt <ehrhardt@genua.de>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Tested-by: Christian Ehrhardt <ehrhardt@genua.de>
The Graphics Output Protocol's mode information specifies the
PixelsPerScanLine property. Most of the time this is identical to
HorizontalResolution. However, due to alignment requirements etc. it
may be slightly larger. I.e. each scan line will have some "pixels"
that are not visible on the screen but consume space in the frame
buffer.
If the graphics output protocol correctly initializes
HorizontalResolution to 1366 and PixelsPerScanLine to 1376. As a
result the graphics output is broken.
If setting HorizontalResolution to 1376 instead, the output is fine
(except for 10 invisible pixels on the right of the screen).
The patch fixes this bug by using PixelsPerScanLine when calculating
the line width.
Contributed-under: TianoCore Contribution Agreement 1.1
Reported-by: Christian Ehrhardt <ehrhardt@genua.de>
Signed-off-by: Christian Ehrhardt <ehrhardt@genua.de>
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Christian Ehrhardt <ehrhardt@genua.de>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Tested-by: Christian Ehrhardt <ehrhardt@genua.de>
* In DxeIpIo, there are several places use ASSERT() to check input
parameters without and descriptions or error handling. This patch
fixed this issue.
* Fixed some incorrect descriptions in code commence.
* Remove unneeded Exit tag in function IpIoOpen and IpIoConfigIp.
* Add EFIAPI tag for function IpIoRefreshNeighbor.
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wang Fan <fan.wang@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
* When the packet is not normal packet or icmp error packet, the code
does not recycle it by signal RecycleSignal event, and this will
result some memory leak. This patch is to fix this issue.
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wang Fan <fan.wang@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
It didn't cause big issues when VT-d was disabled.
But in VT-d enabled platform, lack of EhcFreeUrb call caused
the DMA data was not moved back to user's buffer.
It caused the correct data cannot be got through sync interrupt
transfer.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Today's implementation prints nothing when the format string cannot
fit in the report status extended data buffer.
It confuses user.
The patch changes to print partial message by truncating the format
string when it's too long.
The missing enhancement is the extended data buffer only reserves 96
bytes for the var-args. When the format string is not very long but
contains 13 %lx or %p, the var-args buffer is too small. Today's
implementation prints nothing for this case.
This patch doesn't change such behavior.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
* Since wireless network can switch at very short time, the time interval
of reconfig event checking is too long for this case. To achieve better
performance and scalability, separate this task from Ip4 tick timer.
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wang Fan <fan.wang@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
* The library API use array elements without any index range check, this
patch is to fix this issue to avoid null pointer reference.
V2
* Added an ASSERT check for the case PrefixLength equals to IP6_PREFIX_MAX.
* Synced some code descriptions to head file.
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Hao Wu <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wang Fan <fan.wang@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
* When build a DHCP message in function DhcpSendMessage() or DhcpRetransmit(),
a new NET_BUF is created by the library of NetbufFromExt, but it's not freed
after it is sent out. This patch is to fix this memory leak issue.
V2:
* Since packet has already been referred by DhcpSb->LastPacket, and will be
freed when sending another packet or clean up, there is no need to add an
extra free function in NetbufFromExt.
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wang Fan <fan.wang@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
In some case the ArrayIndex with UINT16 may be not large enough to
hold the multiplication result of HiiQuestion->VarOffset * 8;
So this patch update the data type to fix this potential issue.
Cc: Star Zeng <star.zeng@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
EBC compiler doesn't treat EFI_xxx as constant due to these macros
are UINT64 type in 64bit env and UINT32 type in 32bit env.
So it reports error when "case EFI_xxx" is used.
The patch changes to use if-else to fix EBC build failure.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
v2:
* Refine the commit log.
There are two place to close the ISCSI ExitBootServiceEvent:
#1.IScsiOnExitBootService(), which is the callback function of
ExitBootServiceEvent.
#2.IScsiCleanDriverData(), which will be invoked by ISCSI driver
binding stop().
So, the ExitBootServiceEvent will be closed and freed when exit boot
server is triggered. But it may be closed and freed again in ISCSI driver
binding stop(), which will result in the issue recorded at
https://bugzilla.tianocore.org/show_bug.cgi?id=742.
This patch is to resolve the issue.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
* In function Mtftp4WrqSendBlock(), when packet is not needed, function
returns EFI_ABORTED but not freed the packet buffer. It results some
memory leak and this patch is to fix this issue.
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wang Fan <fan.wang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
* This function sets returned status as token status and signal token
when error occurs, and it results token status not compliance with
spec definition. This patch fixed this issue.
* This function restore Tpl twice when Mtftp4WrqStart() returns an
error, this patch fixed this issue.
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wang Fan <fan.wang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
* Added some ASSERT descriptions for library APIs.
* Added "Optional" option for Context parameter in UdpIoCancelDgrams().
* Added function return status check for UdpIoFreeIo().
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wang Fan <fan.wang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
* In old implementation, the operation len-- assumes AsciiSPrint()
has counted NULL terminator, and it's not correct. This patch is
to fix this issue.
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wang Fan <fan.wang@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
* Library API should check the input parameters before use, or
ASSERT to tell it has to meet some requirements. But in DxeNetLib,
not all functions follows this rule.
* ASSERT shouldn't be used as error handling, add some handling code
for errors.
* Add some ASSERT commence in function notes.
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wang Fan <fan.wang@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
The NIC_ITEM_CONFIG_SIZE macro in DxeNetLib is defined as:
sizeof (NIC_IP4_CONFIG_INFO) + sizeof (EFI_IP4_ROUTE_TABLE) *
MAX_IP4_CONFIG_IN_VARIABLE. This macro should be surrounded
with parenthesis to avoid being incorrectly used.
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wang Fan <fan.wang@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
The Dhcp4.TransmitReceive() API should be able to use at any time according
to UEFI spec. While in classless addressing network, the netmask must be
explicitly provided together with the station address.
But if the DHCP instance haven't be configured with a valid netmask, we need
compute it according to the classful addressing rule. In such case, if the
user configures with class E IP address, ASSERT will happen, we need to handle
this case and return error status code.
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wang Fan <fan.wang@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
This is caused by a previous patch which tried to fix string over-read.
It's found that that patch for PrintLib in MdePkg will cause premature
terminating of loop used to traversing format string and cause incomplete
string output. Because this library uses similar code to do the same
job, it has the same issue too. So the fix is also the same.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
According to UEFI/PI spec, the AllocateXXXPool() interfaces should
return eight-byte aligned buffer that satisfies the required
HEADER_ALIGNMENT which is 4.
This patch adds ASSERT to make sure the bin at required alignment,
that can help catch the issue earlier about incorrect aligned buffer
returned from AllocateXXXPool().
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
According to UEFI/PI spec, the AllocateXXXPool() interfaces should
return eight-byte aligned buffer that satisfies the required
HEADER_ALIGNMENT which is 4.
This patch adds ASSERT to make sure the bin at required alignment,
that can help catch the issue earlier about incorrect aligned buffer
returned from AllocateXXXPool().
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
BfvHeader->FvLength is UINT64. Now, it prints with %x. It will cause the
late FvHandle to be as zero. So, its type is converted to UINT32.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Due to a potential hole in the stop condition of loop, the two continuous
access to ArgumentString (index, index+1) inside the loop might cause the
string ending character ('\0') and the byte after it to be read.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
This change is the additional fix of commit
14b351e2ed.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wang Fan <fan.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wang Fan <fan.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wang Fan <fan.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wang Fan <fan.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
v2:
* Fix GCC the build error.
This patch is to add the boundary condition check to make sure
the accessed buffer is valid.
Cc: Gary Lin <glin@suse.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wang Fan <fan.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Tested-by: Gary Lin <glin@suse.com>
Three issues addressed here:
a. Make NX memory protection and heap guard to be compatible
The solution is to check PcdDxeNxMemoryProtectionPolicy in Heap Guard to
see if the free memory should be set to NX, and set the Guard page to NX
before it's freed back to memory pool. This can solve the issue which NX
setting would be overwritten by Heap Guard feature in certain
configuration.
b. Returned pool address was not 8-byte aligned sometimes
This happened only when BIT7 is not set in PcdHeapGuardPropertyMask. Since
8-byte alignment is UEFI spec required, letting allocated pool adjacent to
tail guard page cannot be guaranteed.
c. NULL address handling due to allocation failure
When allocation failure, normally a NULL will be returned. But Heap Guard
code will still try to adjust the starting address of it, which will cause
a non-NULL pointer returned.
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Jian J Wang
Liming Gao
Wang Fan
Ruiyu Ni
Bi, Dandan
Jiaxin Wu
Star Zeng