From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
 by mx.groups.io with SMTP id smtpd.web11.7530.1586672533069881177
 for <devel@edk2.groups.io>;
 Sat, 11 Apr 2020 23:22:13 -0700
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: dandan.bi@intel.com)
IronPort-SDR: 3QNf1ocz+fmzQ9HhpAe/upFUzQg+han2EMdWy8x+D3BPO1W4JreUJb3cGvhxVwG9tOLDGGHbZh
 EiHon4XC5ITQ==
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
  by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Apr 2020 23:22:12 -0700
IronPort-SDR: 1glUneHridHPsDMguAYnoDI0IvXnKumgeJ9gWzoqA9d9Jmbv31hXuQp24VX2XToKGpxjzg2YRA
 9sXH4cTvAO1A==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.72,373,1580803200"; 
   d="scan'208";a="453901459"
Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206])
  by fmsmga006.fm.intel.com with ESMTP; 11 Apr 2020 23:22:12 -0700
Received: from fmsmsx152.amr.corp.intel.com (10.18.125.5) by
 FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Sat, 11 Apr 2020 23:22:12 -0700
Received: from shsmsx107.ccr.corp.intel.com (10.239.4.96) by
 FMSMSX152.amr.corp.intel.com (10.18.125.5) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Sat, 11 Apr 2020 23:22:12 -0700
Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.225]) by
 SHSMSX107.ccr.corp.intel.com ([169.254.9.191]) with mapi id 14.03.0439.000;
 Sun, 12 Apr 2020 14:22:10 +0800
From: "Dandan Bi" <dandan.bi@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
	"michael.kubacki@outlook.com" <michael.kubacki@outlook.com>
CC: "Wu, Hao A" <hao.a.wu@intel.com>, "Wang, Jian J" <jian.j.wang@intel.com>,
	Kun Qin <Kun.Qin@microsoft.com>, "Gao, Liming" <liming.gao@intel.com>
Subject: Re: [edk2-devel] [PATCH v1 1/1] MdeModulePkg/ReportStatusCodeRouter: Revert end pointer on out of resources
Thread-Topic: [edk2-devel] [PATCH v1 1/1]
 MdeModulePkg/ReportStatusCodeRouter: Revert end pointer on out of resources
Thread-Index: AQHWD3mpsZonb+7EkkWu/BKMl5GKqah1BmAQ
Date: Sun, 12 Apr 2020 06:22:09 +0000
Message-ID: <3C0D5C461C9E904E8F62152F6274C0BB40DB0A30@SHSMSX104.ccr.corp.intel.com>
References: <MWHPR07MB3440614C296DDFD7D4B12CD2E9DE0@MWHPR07MB3440.namprd07.prod.outlook.com>
In-Reply-To: <MWHPR07MB3440614C296DDFD7D4B12CD2E9DE0@MWHPR07MB3440.namprd07.prod.outlook.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Return-Path: dandan.bi@intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Dandan Bi <dandan.bi@intel.com>


Thanks,
Dandan
> -----Original Message-----
> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
> Michael Kubacki
> Sent: Saturday, April 11, 2020 4:50 AM
> To: devel@edk2.groups.io
> Cc: Bi, Dandan <dandan.bi@intel.com>; Wu, Hao A <hao.a.wu@intel.com>;
> Wang, Jian J <jian.j.wang@intel.com>; Kun Qin <Kun.Qin@microsoft.com>;
> Gao, Liming <liming.gao@intel.com>
> Subject: [edk2-devel] [PATCH v1 1/1]
> MdeModulePkg/ReportStatusCodeRouter: Revert end pointer on out of
> resources
>=20
> From: Michael Kubacki <michael.kubacki@microsoft.com>
>=20
> REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D2665
>=20
> ReportDispatcher() is called by a software module to report a status cod=
e.
> The interface is generic and can be called frequently throughout the boo=
t
> under various conditions. A certain set of conditions can cause the curr=
ently
> implemented algorithm for resource exhaustion to fail. A sample
> scenario:
>=20
> 1. ReportStatusCode() is called at a TPL higher than one of the register=
ed
>    status code listeners making the call to the listener deferred until
>    TPL is lowered.
> 2. Additional calls to ReportStatusCode() occur, so the data buffer
>    continues to expand.
> 3. A call to ReportStatusCode() is made from within a memory allocation
>    call (e.g. CoreAllocatePoolPages ()) which is protected from re-
>    entrancy with mPoolMemoryLock. This will cause the ReallocatePool()
>    call in ReportDispatcher() to fail. Because the end pointer was alrea=
dy
>    moved to account for the data size, the end pointer is now moved
>    beyond the buffer and invalid.
>=20
> This commit saves the original end pointer value into a local variable c=
alled
> "FailSafeEndPointer" which tracks a safe end pointer to revert to in the=
 case
> the allocated buffer size (CallbackEntry->EndPointer -
> CallbackEntry->StatusCodeDataBuffer) is still not large enough for the
> data.
>=20
> Cc: Dandan Bi <dandan.bi@intel.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Kun Qin <Kun.Qin@microsoft.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
> ---
>=20
> MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportSt
> atusCodeRouterRuntimeDxe.c | 5 +++++
>  1 file changed, 5 insertions(+)
>=20
> diff --git
> a/MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/Report
> StatusCodeRouterRuntimeDxe.c
> b/MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/Report
> StatusCodeRouterRuntimeDxe.c
> index 6ca7e180ebb3..d7dc0a75ac83 100644
> ---
> a/MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/Report
> StatusCodeRouterRuntimeDxe.c
> +++
> b/MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/Report
> Sta
> +++ tusCodeRouterRuntimeDxe.c
> @@ -3,6 +3,7 @@
>    and Status Code Runtime Protocol.
>=20
>    Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR=
>
> +  Copyright (c) Microsoft Corporation.<BR>
>    SPDX-License-Identifier: BSD-2-Clause-Patent
>=20
>  **/
> @@ -237,6 +238,7 @@ ReportDispatcher (
>    RSC_DATA_ENTRY                *RscData;
>    EFI_STATUS                    Status;
>    VOID                          *NewBuffer;
> +  EFI_PHYSICAL_ADDRESS          FailSafeEndPointer;
>=20
>    //
>    // Use atom operation to avoid the reentant of report.
> @@ -267,6 +269,7 @@ ReportDispatcher (
>      // If callback is registered with TPL lower than TPL_HIGH_LEVEL, ev=
ent
> must be signaled at boot time to possibly wait for
>      // allowed TPL to report status code. Related data should also be s=
tored in
> data buffer.
>      //
> +    FailSafeEndPointer =3D CallbackEntry->EndPointer;
>      CallbackEntry->EndPointer  =3D ALIGN_VARIABLE (CallbackEntry-
> >EndPointer);
>      RscData =3D (RSC_DATA_ENTRY *) (UINTN) CallbackEntry->EndPointer;
>      CallbackEntry->EndPointer +=3D sizeof (RSC_DATA_ENTRY); @@ -285,6
> +288,7 @@ ReportDispatcher (
>                        (VOID *) (UINTN) CallbackEntry->StatusCodeDataBuf=
fer
>                        );
>          if (NewBuffer !=3D NULL) {
> +          FailSafeEndPointer =3D (EFI_PHYSICAL_ADDRESS) (UINTN) NewBuff=
er
> + + (FailSafeEndPointer - CallbackEntry->StatusCodeDataBuffer);
>            CallbackEntry->EndPointer =3D (EFI_PHYSICAL_ADDRESS) (UINTN)
> NewBuffer + (CallbackEntry->EndPointer - CallbackEntry-
> >StatusCodeDataBuffer);
>            CallbackEntry->StatusCodeDataBuffer =3D (EFI_PHYSICAL_ADDRESS=
)
> (UINTN) NewBuffer;
>            CallbackEntry->BufferSize *=3D 2; @@ -296,6 +300,7 @@
> ReportDispatcher (
>      // If data buffer is used up, do not report for this time.
>      //
>      if (CallbackEntry->EndPointer > (CallbackEntry->StatusCodeDataBuffe=
r +
> CallbackEntry->BufferSize)) {
> +      CallbackEntry->EndPointer =3D FailSafeEndPointer;
>        continue;
>      }
>=20
> --
> 2.16.3.windows.1
>=20
>=20
>=20