From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 064CE7803CC for ; Thu, 9 May 2024 07:23:45 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=p8+o68EIazkRnAqG1iZNmLfkuokf5hK5A6UR5kGLrR8=; c=relaxed/simple; d=groups.io; h=From:To:Cc:References:In-Reply-To:Subject:Date:Message-ID:MIME-Version:Thread-Index:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Transfer-Encoding:Content-Language; s=20240206; t=1715239424; v=1; b=y/+XBrg7mFkHYlNPN4/nfZjITmkLWuyQE602TFX1dTNYPZHYIPGvqR3GqRdq0dKDw0Py2y8a ls1r7zuk3GvAQtSKwBd/vPs1wE+gc1goDivsIMRfH6VO+bQbYwOZL5uaRUiD1W3iNQsCV08cSfc GNzDVRH/4Ga5d3dm0BdDmK/2+o2nQlGp2gmzEWMlggiTdBbfpZ47UbivzW6drU/PcXWmDpZhWEt M+ueBKEAin6rCv4+xJOXaq6U2MPhSR30Cj60p8Bm3PrVY/e+UcfCY6DYTNncKVY28bTSxgVDGpD G3JOAEAgYabhEjc9xyayvEHDqusAf/OcQI7q9NU6RpLNA== X-Received: by 127.0.0.2 with SMTP id LhviYY7687511x5We9XjFZ6Y; Thu, 09 May 2024 00:23:44 -0700 X-Received: from cxsh.intel-email.com (cxsh.intel-email.com [121.46.250.151]) by mx.groups.io with SMTP id smtpd.web11.4519.1715239423654749669 for ; Thu, 09 May 2024 00:23:43 -0700 X-Received: from cxsh.intel-email.com (localhost [127.0.0.1]) by cxsh.intel-email.com (Postfix) with ESMTP id 78A6CDDA7BB for ; Thu, 9 May 2024 15:23:41 +0800 (CST) X-Received: from localhost (localhost [127.0.0.1]) by cxsh.intel-email.com (Postfix) with ESMTP id 748E7DDA793 for ; Thu, 9 May 2024 15:23:41 +0800 (CST) X-Received: from mail.byosoft.com.cn (mail.byosoft.com.cn [58.240.74.242]) by cxsh.intel-email.com (Postfix) with SMTP id D67CFDDA7CC for ; Thu, 9 May 2024 15:23:38 +0800 (CST) X-Received: from DESKTOPS6D0PVI ([58.246.60.130]) (envelope-sender ) by 192.168.6.13 with ESMTP(SSL) for ; Thu, 09 May 2024 15:23:30 +0800 X-WM-Sender: gaoliming@byosoft.com.cn X-Originating-IP: 58.246.60.130 X-WM-AuthFlag: YES X-WM-AuthUser: gaoliming@byosoft.com.cn From: "gaoliming via groups.io" To: , Cc: "'Zhiguang Liu'" , "'Dandan Bi'" , "'Leif Lindholm'" , "'Andrew Fish'" , "'Michael Kinney'" References: <20240506095309.842-1-shanmugavelx.pakkirisamy@intel.com> In-Reply-To: <20240506095309.842-1-shanmugavelx.pakkirisamy@intel.com> Subject: =?UTF-8?B?5Zue5aSNOiBbZWRrMi1kZXZlbF1bZWRrMi1zdGFibGUyMDI0MDVdW1BBVENIXSBNZGVNb2R1bGVQa2c6IFBvdGVudGlhbCBVSU5UMzIgb3ZlcmZsb3cgaW4gUzMgUmVzdW1lQ291bnQ=?= Date: Thu, 9 May 2024 15:23:33 +0800 Message-ID: <00f801daa1e1$cd045e20$670d1a60$@byosoft.com.cn> MIME-Version: 1.0 Thread-Index: Adqh4cntlMr0QhvGRfehwZqOezv6NQ== Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Thu, 09 May 2024 00:23:44 -0700 Resent-From: gaoliming@byosoft.com.cn Reply-To: devel@edk2.groups.io,gaoliming@byosoft.com.cn List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: LFjpMkt2yIJ1AwKNydTC0S3vx7686176AA= Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: quoted-printable Content-Language: zh-cn X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b="y/+XBrg7"; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io Reviewed-by: Liming Gao This is a security fix. So, I think it should catch this stable tag 202405 Thanks Liming > -----=D3=CA=BC=FE=D4=AD=BC=FE----- > =B7=A2=BC=FE=C8=CB: devel@edk2.groups.io =B4=FA=B1= =ED Pakkirisamy > ShanmugavelX > =B7=A2=CB=CD=CA=B1=BC=E4: 2024=C4=EA5=D4=C26=C8=D5 17:53 > =CA=D5=BC=FE=C8=CB: devel@edk2.groups.io > =B3=AD=CB=CD: Shanmugavel Pakkirisamy ; > Zhiguang Liu ; Dandan Bi ; > Liming Gao > =D6=F7=CC=E2: [edk2-devel] [PATCH] MdeModulePkg: Potential UINT32 overflo= w in S3 > ResumeCount >=20 > From: Shanmugavel Pakkirisamy >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4677 >=20 > Attacker able to modify physical memory and ResumeCount. > System will crash/DoS when ResumeCount reaches its MAX_UINT32. >=20 > Cc: Zhiguang Liu > Cc: Dandan Bi > Cc: Liming Gao >=20 > Signed-off-by: Pakkirisamy ShanmugavelX > > --- >=20 > MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePe > rformancePei.c | 14 +++++++++----- > 1 file changed, 9 insertions(+), 5 deletions(-) >=20 > diff --git > a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/Firmware > PerformancePei.c > b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/Firmware > PerformancePei.c > index 2f2b2a80b2..1035ed8640 100644 > --- > a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/Firmware > PerformancePei.c > +++ > b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/Firmware > PerformancePei.c > @@ -112,11 +112,15 @@ FpdtStatusCodeListenerPei ( > // > S3ResumeTotal =3D MultU64x32 (AcpiS3ResumeRecord->AverageResume, > AcpiS3ResumeRecord->ResumeCount); > AcpiS3ResumeRecord->ResumeCount++; > - AcpiS3ResumeRecord->AverageResume =3D DivU64x32 (S3ResumeTotal + > AcpiS3ResumeRecord->FullResume, AcpiS3ResumeRecord->ResumeCount); > - > - DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - ResumeCount > =3D %d\n", AcpiS3ResumeRecord->ResumeCount)); > - DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - FullResume > =3D %ld\n", AcpiS3ResumeRecord->FullResume)); > - DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - AverageResume > =3D %ld\n", AcpiS3ResumeRecord->AverageResume)); > + if (AcpiS3ResumeRecord->ResumeCount > 0) { > + AcpiS3ResumeRecord->AverageResume =3D DivU64x32 (S3ResumeTotal + > AcpiS3ResumeRecord->FullResume, AcpiS3ResumeRecord->ResumeCount); > + DEBUG ((DEBUG_INFO, "\nFPDT: S3 Resume Performance - > AverageResume =3D 0x%x\n", AcpiS3ResumeRecord->AverageResume)); > + } > + else { > + DEBUG ((DEBUG_ERROR, "\nFPDT: S3 ResumeCount reaches the > MAX_UINT32 value. S3 ResumeCount record reset to Zero.")); > + } > + DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - ResumeCount =3D > 0x%x\n", AcpiS3ResumeRecord->ResumeCount)); > + DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - FullResume =3D > 0x%x\n", AcpiS3ResumeRecord->FullResume)); >=20 > // > // Update S3 Suspend Performance Record. > -- > 2.45.0.windows.1 >=20 >=20 >=20 >=20 >=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118745): https://edk2.groups.io/g/devel/message/118745 Mute This Topic: https://groups.io/mt/105997183/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-