From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=YNjZvMUN; spf=pass (domain: arm.com, ip: 40.107.8.78, mailfrom: krzysztof.koch@arm.com) Received: from EUR04-VI1-obe.outbound.protection.outlook.com (EUR04-VI1-obe.outbound.protection.outlook.com [40.107.8.78]) by groups.io with SMTP; Thu, 11 Jul 2019 23:54:15 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RcKj4pUxZEtZ0GlpheUSWkdOm/eZfaDvWP94FT5K/gs=; b=YNjZvMUNWFGehuPyjf7GEbCJhp4b4wsYeC/SViPr4K82gSKuXofb7ZaSg7eWvd9CsOxvPtkgd5PlTZVmM6bZYojvdMGnKsvLohj4K5XZ9/1130nw6GB+z74iKJ2arqBGXnb7HzRKIhMkGgToiVLMqBYkWzfCuL2jKgPaIQbUH1M= Received: from VI1PR0802CA0041.eurprd08.prod.outlook.com (2603:10a6:800:a9::27) by VI1PR0802MB2605.eurprd08.prod.outlook.com (2603:10a6:800:b0::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.19; Fri, 12 Jul 2019 06:54:11 +0000 Received: from DB5EUR03FT029.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e0a::207) by VI1PR0802CA0041.outlook.office365.com (2603:10a6:800:a9::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2073.10 via Frontend Transport; Fri, 12 Jul 2019 06:54:11 +0000 Authentication-Results: spf=temperror (sender IP is 40.67.248.234) smtp.mailfrom=arm.com; edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=temperror action=none header.from=arm.com; Received-SPF: TempError (protection.outlook.com: error in processing during lookup of arm.com: DNS Timeout) Received: from nebula.arm.com (40.67.248.234) by DB5EUR03FT029.mail.protection.outlook.com (10.152.20.131) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.20.2052.18 via Frontend Transport; Fri, 12 Jul 2019 06:54:10 +0000 Received: from AZ-NEU-EX03.Arm.com (10.251.24.31) by AZ-NEU-EX04.Arm.com (10.251.24.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1415.2; Fri, 12 Jul 2019 06:53:20 +0000 Received: from E119924.Arm.com (10.37.8.167) by mail.arm.com (10.251.24.31) with Microsoft SMTP Server id 15.1.1415.2 via Frontend Transport; Fri, 12 Jul 2019 06:53:19 +0000 From: "Krzysztof Koch" To: CC: , , , , , Subject: [PATCH v1 06/11] ShellPkg: acpiview: SRAT: Add error-checking in the parsing logic Date: Fri, 12 Jul 2019 07:52:38 +0100 Message-ID: <20190712065243.3812-7-krzysztof.koch@arm.com> X-Mailer: git-send-email 2.16.2.windows.1 In-Reply-To: <20190712065243.3812-1-krzysztof.koch@arm.com> References: <20190712065243.3812-1-krzysztof.koch@arm.com> Return-Path: Krzysztof.Koch@arm.com MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:40.67.248.234;IPV:NLI;CTRY:IE;EFV:NLI;SFV:NSPM;SFS:(10009020)(4636009)(396003)(376002)(346002)(39860400002)(136003)(2980300002)(199004)(189003)(11346002)(70206006)(53936002)(44832011)(68736007)(70586007)(6916009)(7696005)(63350400001)(356004)(6306002)(51416003)(53416004)(63370400001)(966005)(4326008)(1076003)(446003)(6666004)(478600001)(476003)(2906002)(486006)(86362001)(26005)(50226002)(126002)(2616005)(76176011)(36756003)(5660300002)(186003)(47776003)(16586007)(426003)(81156014)(305945005)(50466002)(8936002)(81166006)(8676002)(316002)(2351001)(54906003)(336012)(48376002);DIR:OUT;SFP:1101;SCL:1;SRVR:VI1PR0802MB2605;H:nebula.arm.com;FPR:;SPF:TempError;LANG:en;PTR:InfoDomainNonexistent;A:1;MX:1; X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 5abbb643-a4fc-4e46-ac03-08d70695bdcc X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328);SRVR:VI1PR0802MB2605; X-MS-TrafficTypeDiagnostic: VI1PR0802MB2605: X-MS-Exchange-PUrlCount: 1 X-Microsoft-Antispam-PRVS: NoDisclaimer: True X-MS-Oob-TLC-OOBClassifiers: OLM:4125; X-Forefront-PRVS: 00963989E5 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: kLHu5uG23wzB979VfqttVVQwZNA1zQzbLWN9Ipao1mg1VZJV8PqfdWuRS9DnECnxKQvmmdVOxRwm7v4zsxXJKrGJCXAVEz7NEl17pzqbK93EU4A+2yTd0yALIOgG1wh0h/ddyAEcQ4yNwIMg2WfgauHjIJHecSTH47UUDolnLg0csk0V9zz6jaVLdEuW/eoofbEpNxCkB2rd2RikD0uQfXwhtBLwFTX7kUb12aH2Sp7GOPcMfujgXwvUrBWcANLNIvpubnBE8DXa61qQQHmggHVFlJB766OSUN0T5tnH+V7qq1R+R9KYj6xM/kB6eD29Lx+CFEzd6Q9MWNJHFo6dnjbjMwNRG0inHmTTBNckSfTfC0zrZKWvfdiSOI3ssCVDdrajcya2M3pNMDjoiy2xd0RvCTkckxxK5k7t02CTuoU= X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Jul 2019 06:54:10.0295 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 5abbb643-a4fc-4e46-ac03-08d70695bdcc X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[40.67.248.234];Helo=[nebula.arm.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0802MB2605 Content-Type: text/plain 1. Check if the global pointers (in the scope of this ACPI table parser) have been successfully updated before they are later used to control the parsing logic. 2. Give forward progress guarantee when parsing the SRAT table. Report an error if a SRAT structure is too small to be valid. Without this check, there is a possibility for the parser to enter an ifninite loop. 3. Test against buffer overruns. 4. Remove redundant forward function declarations by repositioning blocks of code. 5. Allow silencing ACPI table content validation errors which do not cause table parsing to fail. Signed-off-by: Krzysztof Koch --- Changes can be seen at: https://github.com/KrzysztofKoch1/edk2/commit/d46d682d28654b1c6263be2f4fd961c35e80e5cb Notes: v1: - improve the logic in the SRAT parser [Krzysztof] ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Srat/SratParser.c | 113 +++++++++++--------- 1 file changed, 63 insertions(+), 50 deletions(-) diff --git a/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Srat/SratParser.c b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Srat/SratParser.c index 075ff2a141a82b522e8aaedb7ad79249aaf5eaac..a12aceb70d273a628387b72437819dc05ad7301e 100644 --- a/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Srat/SratParser.c +++ b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Srat/SratParser.c @@ -1,7 +1,7 @@ /** @file SRAT table parser - Copyright (c) 2016 - 2018, ARM Limited. All rights reserved. + Copyright (c) 2016 - 2019, ARM Limited. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent @par Reference(s): @@ -13,6 +13,7 @@ #include #include "AcpiParser.h" #include "AcpiTableParser.h" +#include "AcpiView.h" // Local Variables STATIC CONST UINT8* SratRAType; @@ -32,7 +33,13 @@ EFIAPI ValidateSratReserved ( IN UINT8* Ptr, IN VOID* Context - ); + ) +{ + if (*(UINT32*)Ptr != 1) { + IncrementErrorCount (); + Print (L"\nERROR: Reserved should be 1 for backward compatibility.\n"); + } +} /** This function traces the APIC Proximity Domain field. @@ -44,9 +51,16 @@ STATIC VOID EFIAPI DumpSratApicProximity ( - IN CONST CHAR16* Format, - IN UINT8* Ptr - ); + IN CONST CHAR16* Format, + IN UINT8* Ptr + ) +{ + UINT32 ProximityDomain; + + ProximityDomain = Ptr[0] | (Ptr[1] << 8) | (Ptr[2] << 16); + + Print (Format, ProximityDomain); +} /** An ACPI_PARSER array describing the SRAT Table. @@ -139,47 +153,6 @@ STATIC CONST ACPI_PARSER SratX2ApciAffinityParser[] = { {L"Reserved", 4, 20, L"0x%x", NULL, NULL, NULL, NULL} }; -/** This function validates the Reserved field in the SRAT table header. - - @param [in] Ptr Pointer to the start of the field data. - @param [in] Context Pointer to context specific information e.g. this - could be a pointer to the ACPI table header. -**/ -STATIC -VOID -EFIAPI -ValidateSratReserved ( - IN UINT8* Ptr, - IN VOID* Context - ) -{ - if (*(UINT32*)Ptr != 1) { - IncrementErrorCount (); - Print (L"\nERROR: Reserved should be 1 for backward compatibility.\n"); - } -} - -/** - This function traces the APIC Proximity Domain field. - - @param [in] Format Format string for tracing the data. - @param [in] Ptr Pointer to the start of the buffer. -**/ -STATIC -VOID -EFIAPI -DumpSratApicProximity ( - IN CONST CHAR16* Format, - IN UINT8* Ptr - ) -{ - UINT32 ProximityDomain; - - ProximityDomain = Ptr[0] | (Ptr[1] << 8) | (Ptr[2] << 16); - - Print (Format, ProximityDomain); -} - /** This function parses the ACPI SRAT table. When trace is enabled this function parses the SRAT table and @@ -234,6 +207,7 @@ ParseAcpiSrat ( AcpiTableLength, PARSER_PARAMS (SratParser) ); + ResourcePtr = Ptr + Offset; while (Offset < AcpiTableLength) { @@ -242,10 +216,47 @@ ParseAcpiSrat ( 0, NULL, ResourcePtr, - 2, // The length is 1 byte at offset 1 + AcpiTableLength - Offset, PARSER_PARAMS (SratResourceAllocationParser) ); + // Check if the values used to control the parsing logic have been + // successfully read. + if ((SratRAType == NULL) || + (SratRALength == NULL)) { + IncrementErrorCount (); + Print ( + L"ERROR: Insufficient remaining table buffer length to read the " \ + L"Static Resource Allocation structure header. Length = %d.\n", + AcpiTableLength - Offset + ); + return; + } + + // Make sure forward progress is made. + if (*SratRALength < 2) { + IncrementErrorCount (); + Print ( + L"ERROR: Structure length is too small: SratRALength = %d. " \ + L"SratRAType = %d. SRAT parsing aborted.\n", + *SratRALength, + *SratRAType + ); + return; + } + + // Make sure the SRAT structure lies inside the table + if ((Offset + *SratRALength) > AcpiTableLength) { + IncrementErrorCount (); + Print ( + L"ERROR: Invalid SRAT structure length. SratRALength = %d. " \ + L"RemainingTableBufferLength = %d. SRAT parsing aborted.\n", + *SratRALength, + AcpiTableLength - Offset + ); + return; + } + switch (*SratRAType) { case EFI_ACPI_6_2_GICC_AFFINITY: AsciiSPrint ( @@ -278,7 +289,7 @@ ParseAcpiSrat ( ResourcePtr, *SratRALength, PARSER_PARAMS (SratGicITSAffinityParser) - ); + ); break; case EFI_ACPI_6_2_MEMORY_AFFINITY: @@ -333,8 +344,10 @@ ParseAcpiSrat ( break; default: - IncrementErrorCount (); - Print (L"ERROR: Unknown SRAT Affinity type = 0x%x\n", *SratRAType); + if (GetConsistencyChecking ()) { + IncrementErrorCount (); + Print (L"ERROR: Unknown SRAT Affinity type = 0x%x\n", *SratRAType); + } break; } -- 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'