Includes changes across the repo for the following CodeQL rules:
- cpp/comparison-with-wider-type
- cpp/overflow-buffer
- cpp/redundant-null-check-param
- cpp/uselesstest
Co-authored-by: Taylor Beebe <tabeebe@microsoft.com>
Co-authored-by: kenlautner <85201046+kenlautner@users.noreply.github.com>
Signed-off-by: Aaron Pop <aaronpop@microsoft.com>
In order to support a platform overriding StackCheckLibNull
provided by MdeLibs.dsc.inc, the CUSTOM_STACK_CHECK_LIB macro
is introduced. If this macro is defined, MdeLibs.dsc.inc will
not link StackCheckLibNull and it is expected that the platform
will link the version(s) of StackCheckLib that it requires.
The StackCheckLib README is also updated in this patch to
document the new macro and provide additional information.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
This change adds parantheses to the if condition detecting overflow in
the PeCoffLoaderRelocateImage function to improve readability.
Follow on change for:
REF!: https://github.com/tianocore/edk2/pull/6249
Signed-off-by: Doug Flick <dougflick@microsoft.com>
FdtLib.h uses CONST FDT_PROPERTY * return values for some wrapper
functions, but the implementation in FdtLib.c used to original
CONST struct fdt_property * instead of the exported typedef.
Import LibFdt.h in the implementation file and make the
implementation consistent with the declaration.
Signed-off-by: Leif Lindholm <quic_llindhol@quicinc.com>
Add a wrapper for fdt_strerror () and add the currently supported error
code defines from submodule.
Signed-off-by: Leif Lindholm <quic_llindhol@quicinc.com>
There is currently a mix on functions named as Prop or Property.
The latter is in majority, and the better fit for tianocore coding style,
so rename FdtNodeOffsetByPropValue () and FdtSetProp () for consistency.
To avoid breaking bisect, change existing users in UefiPayloadPkg.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Leif Lindholm <quic_llindhol@quicinc.com>
FdtNumRsv and FdtGetMemRsv were added for the benefit of UefiPayloadPkg,
but their naming matches neither upstream libfdt nor tianocore coding
style rules. And there was scope for improvement of the doxygen
descriptions as well.
These functions currently have only one in-tree user, UefiPayloadPkg
FdtParserLib. So rename them more conformant
FdtGetNumberOfReserveMapEntries
and
FdtGetReserveMapEntry
and update the description comment blocks, at the same time as
updating the existing user.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Leif Lindholm <quic_llindhol@quicinc.com>
The RelocDir->Size is a UINT32 value, and RelocDir->VirtualAddress is
also a UINT32 value. The current code does not check for overflow when
adding RelocDir->Size to RelocDir->VirtualAddress. This patch adds a
check to ensure that the addition does not overflow.
Signed-off-by: Doug Flick <dougflick@microsoft.com>
Authored-by: sriraamx gobichettipalayam <sri..@intel.com>
Devicetree defines a short hand way of defining reserved memory
ranges. Add APIs to access such nodes
Signed-off-by: Dhaval Sharma <dhaval@rivosinc.com>
DxeRngLib iterates over a list of secure algorithms before trying
to use the default algorithm provided by the Rng protocol. Add
gEfiRngAlgorithmArmRndr to this list. The algorithm represented by
this GUID is a secure DRBG of an unknown type, implemented by the
aarch64 RNDR instruction.
On AARCH64 platform, use the RNDR instruction as the first option
if it is available.
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Use PcdEnforceSecureRngAlgorithms to allow using the Rng protocol
with the default algorithm. All previous call to the Rng protocol
are requesting a secure Rng algorithm.
Not specifying the Rng algorithm GUID to use is considered unsecure.
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Add a library constructor which:
- locate the RNG prototocol and keep a reference to it in order to avoid
locating it multiple times (for each random number generation)
- check which secure algorithm is available on the platform.
This avoids to try each secure algorithm until finding one
available for each random number generation call.
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Now that the new stack check lib implementation is being used
everywhere, remove the old one.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
StackCheckLib contains the required functionality for initializing
the stack cookie value, checking the value, and triggering an interrupt
when a mismatch occurs. The stack cookie is a random value placed on the
stack between the stack variables and the return address so that
continuously writing past the stack variables will cause the stack cookie
to be overwritten. Before the function returns, the stack cookie value
will be checked and if there is a mismatch then StackCheckLib handles the
failure.
Because UEFI doesn't use the C runtime libraries provided by MSVC, the
stack check code is written in assembly within this library. GCC and
Clang compilers have built-in support for stack cookie checking, so this
library only handles failures.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Add Null libs for Stack Check and Stack Check Failure Hook Lib that
allow a platform to opt out of stack checks and the stack check failure
hook lib.
StackCheckLib allows implementation (or in this case null implementation)
of stack checks on binaries. There is a Host Application specific version
of this null lib because MSVC host applications must not be linked against
our lib (so the file here is a no-op but that doesn't cause the build
system to fail the build for not building a file for MSVC) as it links
against the MSVC C runtime lib that provides the stack cookie definitions.
GCC host applications do not link against such a C runtime lib and must
be linked against our version.
StackCheckFailureHookLib lets a platform do custom functionality when a
stack check failure occurs (such as log it to a platform defined
mechanism). The null lib simply returns.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
As per the emailed RFC in
https://edk2.groups.io/g/devel/topic/rfc_move/107675828,
this patch moves CompilerIntrinsicsLib from ArmPkg to
MdePkg as this library provides compiler intrinsics, which
are industry standard.
This aligns with the goal of integrating ArmPkg into existing
packages: https://bugzilla.tianocore.org/show_bug.cgi?id=4121.
The newly placed CompilerIntrinsicsLib is added to MdeLibs.dsc.inc
as every DSC that builds ARM/AARCH64 needs this library added. The
old location is removed from every DSC in edk2 in this commit also
to not break bisectability with minimal hoop jumping.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Moved SetMemN API to a separate file to eliminate unnecessary inclusion
of InternalMemSetMem64 and InternalMemSetMem32 APIs in driver binary.
When the compiler linking the Object files it may not remove all the
unused from NASM OBJs. This change is to reorganize the C files to
minimize the impact of the NASM behavior resulting is code size
reduction.
Signed-off-by: Ashraf Ali <ashraf.ali.s@intel.com>
Currently, the NULL version Tdx functions are only built for Ia32.
In BaseLib, the others architectures also need such NULL version
Tdx functions.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
DevPathToTextUsbWWID allocates a separate copy of the SerialNumber
string to append a null terminator if the original string is not null
terminated. However, by using AllocateCopyPool, it tries to copy
'Length + 1' words from the existing string containing 'Length'
characters into the target string. Split the copy out to only copy
'Length' characters instead.
This was reported by GCC's -Wstringop-overread when compiling a copy
of this routine included in a library on FreeBSD.
Signed-off-by: John Baldwin <jhb@FreeBSD.org>
Added a new name for CSR 0x20 because LoongArch SPEC has adjustd the CSR
0x20 register name.
Ref: LoongArch Reference Manual Vol 1, Seciton 7.1.
https://loongson.github.io/LoongArch-Documentation/LoongArch-Vol1-EN.html#control-and-status-registers
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
FVP Base Revc doesn't support Trng.
ASSERT (FALSE) is causing the boot to stall.
Replacing ASSERT with ERROR log.
Signed-off-by: Prachotan Reddy Bathi <Prachotan.Bathi@arm.com>
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4786
Disable some compiling warnings caused by submodule code.
Those can be removed later once issues fixed by submodule owner.
Signed-off-by: Linus Liu <linus.liu@intel.com>
This adds FdtNodeOffsetByCompatible() to support finding the offset of
the first node with a given 'compatible' value after an offset.
Signed-off-by: Nhi Pham <nhi@os.amperecomputing.com>
This change is added to incorporate basic implementation for
CRC16-CCITT-FALSE algorithm.
This function is useful for providing CRC16 value used in other data
structures that requires CRC16 value that complies with JEDEC SPD
requirements, i.e. BDAT table.
The lookup table is inherited from `https://crccalc.com/` and the result
values are also compared against this site.
Signed-off-by: Aaron Pop <aaronpop@microsoft.com>
When cspell is installed (via `npm install cspell`), CI checks for
spelling mistakes. There are currently a very large number of them: some
are genuine mistakes while others are words or acryonyms that cspell
doesn't know.
Fix a few of the misspellings in MdePkg.
Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
A ArmReadIdAA64Isar0Reg() function was recently added
to BaseLib. Use it instead of its ArmReadIdIsar0() equivalent,
which was private to the BaseRngLib library.
This also allows to avoid the confusion between the following
registers:
- ID_ISAR0_EL1: allows to probe for Divide instructions, Debug
instructions, ...
- ID_AA64ISAR0_EL1: AARCH64 specific register allowing to probe
for AESE, RNDR, ... instructions
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
To enable AARCH64 native instruction support for Openssl,
some interfaces must be implemented. OPENSSL_cpuid_setup()
allows to probe the supported features of the platform.
Add ArmReadIdAA64Isar0Reg() to read the AA64Isar0, containing
Arm64 instruction capabilities.
A similar ArmReadIdAA64Isar0() function is available in the ArmPkg,
but the CryptoPkg where OPENSSL_cpuid_setup will reside cannot rely
on the ArmPkg.
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
To enable AARCH64 native instruction support for Openssl,
some interfaces must be implemented. OPENSSL_rdtsc() requests
an access to a counter to get some non-trusted entropy.
Add ArmReadCntPctReg() to read system count.
A similar ArmReadCntPct() function is available in the ArmPkg,
but the CryptoPkg where OPENSSL_rdtsc will reside cannot rely
on the ArmPkg.
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4812
When the Select is out of support, use method break exception
instead of method return -1, avoid unknown errors caused by untimely
detection.
Cc: Chao Li <lichao@loongson.cn>
Signed-off-by: Dongyan Qian <qiandongyan@loongson.cn>
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3083
Since this is a library, make the function ExitBootServicesCallback()
STATIC to prevent the likelihood that it collides with other symbols.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
The ratified RISC-V crypto scalar extensions provide entropy bits via the
seed CSR, as exposed by the Zkr extension. The Zkr extension is ratified
and provides 16 bits of entropy seed when reading the SEED CSR.
Guarded by a RISCV64 Feature PCD, 64-bit random numbers can be
accumulated from the `seed` CSR. This driver is based on the driver in
the Linux kernel.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Signed-off-by: Dhaval Sharma <dhaval@rivosinc.com>
Co-authored-by: Tim Wawrzynczak <tim@rivosinc.com>
Cpucfg fetch is a 32-bit register, and AsmCpucfg's function
declaration is a 32-bit address storage operation in BaseLib.h,
So, fix it by replacing stptr.d with stptr.w instrcution.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4797
Cc: Chao Li <lichao@loongson.cn>
Signed-off-by: Dongyan Qian <qiandongyan@loongson.cn>
Co-authored-by: Chao Li <lichao@loongson.cn>
Set the rdrand feature bit when faking cpuid for host test cases.
Needed to make the CryptoPkg test cases work.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
RDRAND has notoriously been broken many times over its lifespan.
Add a smoketest to RDRAND, in order to better sniff out potential
security concerns.
Also add a proper CPUID test in order to support older CPUs which may
not have it; it was previously being tested but then promptly ignored.
Testing algorithm inspired by linux's arch/x86/kernel/cpu/rdrand.c
:x86_init_rdrand() per commit 049f9ae9..
Many thanks to Jason Donenfeld for relicensing his linux RDRAND detection
code to MIT and the public domain.
>On Tue, Nov 22, 2022 at 2:21 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
<..>
> I (re)wrote that function in Linux. I hereby relicense it as MIT, and
> also place it into public domain. Do with it what you will now.
>
> Jason
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4163
Signed-off-by: Pedro Falcato <pedro.falcato@gmail.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Starting from certain version of Visual Studio C compiler (I don’t
have the exact version. I am using VS2019), CpuDeadLoop is optimized
quite well by compiler.
The compiler does not generate instructions that jump out of the loop
when the "Index" is non-zero.
It becomes harder/impossible for developers to break out of the dead-loop
in debugger.
The new version of CpuDeadLoop() compares a volatile global to a volatile
local. This forces 2 reads and a comparison on every loop iteration.
The local variable can be set to 1 to exit the loop without modifying the
global variable.
Using VS2019 with max opt enabled, The dead-loop can be exit by setting
Index to 1 in a debugger.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
BaseRngLib on AARCH64 will discover whether or not RNDR instructions are
supported, by inspecting the ISAR0 identification register, and setting
a global boolean accordingly. This boolean is used in subsequent
execution to decide whether or not to issue the instruction.
The same discovery code also ASSERT()s that RNDR instructions are
implemented, which is unnecessary, and breaks execution on systems that
incorporate the library but don't implement the instruction (or fail to
expose it to the exception level that the firmware executes at).
So drop the ASSERT().
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Committed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The SVSM specification relies on a specific register calling convention to
hold the parameters that are associated with the SVSM request. The SVSM is
invoked by requesting the hypervisor to run the VMPL0 VMSA of the guest
using the GHCB MSR Protocol or a GHCB NAE event.
Create a new version of the VMGEXIT instruction that will adhere to this
calling convention and load the SVSM function arguments into the proper
register before invoking the VMGEXIT instruction. On return, perform the
atomic exchange on the SVSM call pending value as specified in the SVSM
specification.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Refer to Uefi spec 2.10 section 11.11.2, add a new retval
EFI_NOT_FOUND to EFI_ADAPTER_INFORMATION_PROTOCOL.GetInformation().
Reference: [mantis #1866] - GetInfo() of Adapter Information
Protocol should have a provision for IHV to return no data.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Signed-off-by: Qingyu <qingyu.shang@intel.com>
Signed-off-by: Gahan Saraiya <gahan.saraiya@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4696
Refer to the [GHCI] spec, TDVF should clear the BIT5 for RBP in the mask.
Reference:
[GHCI]: TDX Guest-Host-Communication Interface v1.5
https://cdrdv2.intel.com/v1/dl/getContent/726792
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Isaku Yamahata <isaku.yamahata@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
According to UEFI Spec 2.10 page 206, if any EFI_RUNTIME_SERVICES* calls
are not supported for use by the OS at runtime, an EFI_RT_PROPERTIES_TABLE
configuration table should be published describing which runtime services
are supported at runtime. So need to add EFI_UNSUPPORTED return for some
Runtime Service functions.
REF: UEFI spec 2.10 section 8 Services ? Runtime Services
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Signed-off-by: Suqiang Ren <suqiangx.ren@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Adding PeiServicesTablePointerLibKs0 for LoongArch64, which provides
setting and getting the PEI service table pointer through the CSR KS0
register.
The idea of this library is derived from
ArmPkg/Library/PeiServicesTablePointerLib/
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4584
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Add IoCsrRead8, IoCsrRead16, IoCsrRead32, IoCsrRead64, IoCsrWrite8,
IoCsrWrite16, IoCsrWrite32, IoCsrWrite64 to operate the IOCSR registers
of LoongArch architecture.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4584
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
Acked-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Add CsrRead, CsrWrite and CsrXChg functions for LoongArch, and use them
to operate the CSR register of LoongArch architecture.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4584
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
Co-authored-by: Bibo Mao <maobibo@loongson.cn>
Acked-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Michael Kubacki
Oliver Smith-Denny
Doug Flick
Leif Lindholm
Dhaval
Pierre Gondois
Oliver Smith-Denny
Taylor Beebe
Ashraf Ali
Ceping Sun
John Baldwin
Chao Li
Prachotan Reddy Bathi
Linus Liu
Nhi Pham
kuqin12
Rebecca Cran
Dongyan Qian
Jiaxin Wu
Dongyan Qian
Gerd Hoffmann
Pedro Falcato
Ray Ni
Ard Biesheuvel
Shun Cheng Liu
Tom Lendacky
Qingyu
Suqiang Ren