From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jian.j.wang@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.120; helo=mga04.intel.com;
 envelope-from=jian.j.wang@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga04.intel.com (mga04.intel.com [192.55.52.120])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id B574B21140803
 for <edk2-devel@lists.01.org>; Tue, 18 Sep 2018 02:04:59 -0700 (PDT)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga002.jf.intel.com ([10.7.209.21])
 by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 18 Sep 2018 02:04:59 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.53,389,1531810800"; d="scan'208";a="92703675"
Received: from shwdeopenpsi777.ccr.corp.intel.com ([10.239.158.27])
 by orsmga002.jf.intel.com with ESMTP; 18 Sep 2018 02:04:50 -0700
From: Jian J Wang <jian.j.wang@intel.com>
To: edk2-devel@lists.01.org
Cc: Dandan Bi <dandan.bi@intel.com>, Hao A Wu <hao.a.wu@intel.com>,
 Eric Dong <eric.dong@intel.com>, Laszlo Ersek <lersek@redhat.com>
Date: Tue, 18 Sep 2018 17:04:48 +0800
Message-Id: <20180918090448.7324-1-jian.j.wang@intel.com>
X-Mailer: git-send-email 2.16.2.windows.1
Subject: [PATCH] UefiCpuPkg/CpuMpPei: fix unsafe way to get stack pointer
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Sep 2018 09:04:59 -0000

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1186

This patch uses SetJump() to get the stack pointer from esp/rsp
register to replace local variable way, which was marked by static
code checker as an unsafe way.

Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
---
 UefiCpuPkg/CpuMpPei/CpuMpPei.h  | 8 ++++++++
 UefiCpuPkg/CpuMpPei/CpuPaging.c | 9 +++++++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.h b/UefiCpuPkg/CpuMpPei/CpuMpPei.h
index d097a66aa8..fe61f5e3bc 100644
--- a/UefiCpuPkg/CpuMpPei/CpuMpPei.h
+++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.h
@@ -35,6 +35,14 @@
 
 extern EFI_PEI_PPI_DESCRIPTOR   mPeiCpuMpPpiDesc;
 
+#if   defined (MDE_CPU_IA32)
+#define CPU_STACK_POINTER(Context)  ((Context).Esp)
+#elif defined (MDE_CPU_X64)
+#define CPU_STACK_POINTER(Context)  ((Context).Rsp)
+#else
+#error CPU type not supported!
+#endif
+
 /**
   This service retrieves the number of logical processor in the platform
   and the number of those logical processors that are enabled on this boot.
diff --git a/UefiCpuPkg/CpuMpPei/CpuPaging.c b/UefiCpuPkg/CpuMpPei/CpuPaging.c
index c7e0822452..997c20c26e 100644
--- a/UefiCpuPkg/CpuMpPei/CpuPaging.c
+++ b/UefiCpuPkg/CpuMpPei/CpuPaging.c
@@ -517,9 +517,14 @@ GetStackBase (
   IN OUT VOID *Buffer
   )
 {
-  EFI_PHYSICAL_ADDRESS    StackBase;
+  EFI_PHYSICAL_ADDRESS      StackBase;
+  BASE_LIBRARY_JUMP_BUFFER  Context;
 
-  StackBase = (EFI_PHYSICAL_ADDRESS)(UINTN)&StackBase;
+  //
+  // Retrieve stack pointer from current processor context.
+  //
+  SetJump (&Context);
+  StackBase = (EFI_PHYSICAL_ADDRESS)CPU_STACK_POINTER (Context);
   StackBase += BASE_4KB;
   StackBase &= ~((EFI_PHYSICAL_ADDRESS)BASE_4KB - 1);
   StackBase -= PcdGet32(PcdCpuApStackSize);
-- 
2.16.2.windows.1