From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web11.7530.1586672533069881177 for ; Sat, 11 Apr 2020 23:22:13 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: dandan.bi@intel.com) IronPort-SDR: 3QNf1ocz+fmzQ9HhpAe/upFUzQg+han2EMdWy8x+D3BPO1W4JreUJb3cGvhxVwG9tOLDGGHbZh EiHon4XC5ITQ== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Apr 2020 23:22:12 -0700 IronPort-SDR: 1glUneHridHPsDMguAYnoDI0IvXnKumgeJ9gWzoqA9d9Jmbv31hXuQp24VX2XToKGpxjzg2YRA 9sXH4cTvAO1A== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,373,1580803200"; d="scan'208";a="453901459" Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206]) by fmsmga006.fm.intel.com with ESMTP; 11 Apr 2020 23:22:12 -0700 Received: from fmsmsx152.amr.corp.intel.com (10.18.125.5) by FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS) id 14.3.439.0; Sat, 11 Apr 2020 23:22:12 -0700 Received: from shsmsx107.ccr.corp.intel.com (10.239.4.96) by FMSMSX152.amr.corp.intel.com (10.18.125.5) with Microsoft SMTP Server (TLS) id 14.3.439.0; Sat, 11 Apr 2020 23:22:12 -0700 Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.225]) by SHSMSX107.ccr.corp.intel.com ([169.254.9.191]) with mapi id 14.03.0439.000; Sun, 12 Apr 2020 14:22:10 +0800 From: "Dandan Bi" To: "devel@edk2.groups.io" , "michael.kubacki@outlook.com" CC: "Wu, Hao A" , "Wang, Jian J" , Kun Qin , "Gao, Liming" Subject: Re: [edk2-devel] [PATCH v1 1/1] MdeModulePkg/ReportStatusCodeRouter: Revert end pointer on out of resources Thread-Topic: [edk2-devel] [PATCH v1 1/1] MdeModulePkg/ReportStatusCodeRouter: Revert end pointer on out of resources Thread-Index: AQHWD3mpsZonb+7EkkWu/BKMl5GKqah1BmAQ Date: Sun, 12 Apr 2020 06:22:09 +0000 Message-ID: <3C0D5C461C9E904E8F62152F6274C0BB40DB0A30@SHSMSX104.ccr.corp.intel.com> References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: dandan.bi@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Dandan Bi Thanks, Dandan > -----Original Message----- > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > Michael Kubacki > Sent: Saturday, April 11, 2020 4:50 AM > To: devel@edk2.groups.io > Cc: Bi, Dandan ; Wu, Hao A ; > Wang, Jian J ; Kun Qin ; > Gao, Liming > Subject: [edk2-devel] [PATCH v1 1/1] > MdeModulePkg/ReportStatusCodeRouter: Revert end pointer on out of > resources >=20 > From: Michael Kubacki >=20 > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D2665 >=20 > ReportDispatcher() is called by a software module to report a status cod= e. > The interface is generic and can be called frequently throughout the boo= t > under various conditions. A certain set of conditions can cause the curr= ently > implemented algorithm for resource exhaustion to fail. A sample > scenario: >=20 > 1. ReportStatusCode() is called at a TPL higher than one of the register= ed > status code listeners making the call to the listener deferred until > TPL is lowered. > 2. Additional calls to ReportStatusCode() occur, so the data buffer > continues to expand. > 3. A call to ReportStatusCode() is made from within a memory allocation > call (e.g. CoreAllocatePoolPages ()) which is protected from re- > entrancy with mPoolMemoryLock. This will cause the ReallocatePool() > call in ReportDispatcher() to fail. Because the end pointer was alrea= dy > moved to account for the data size, the end pointer is now moved > beyond the buffer and invalid. >=20 > This commit saves the original end pointer value into a local variable c= alled > "FailSafeEndPointer" which tracks a safe end pointer to revert to in the= case > the allocated buffer size (CallbackEntry->EndPointer - > CallbackEntry->StatusCodeDataBuffer) is still not large enough for the > data. >=20 > Cc: Dandan Bi > Cc: Hao A Wu > Cc: Jian J Wang > Cc: Kun Qin > Cc: Liming Gao > Signed-off-by: Michael Kubacki > --- >=20 > MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportSt > atusCodeRouterRuntimeDxe.c | 5 +++++ > 1 file changed, 5 insertions(+) >=20 > diff --git > a/MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/Report > StatusCodeRouterRuntimeDxe.c > b/MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/Report > StatusCodeRouterRuntimeDxe.c > index 6ca7e180ebb3..d7dc0a75ac83 100644 > --- > a/MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/Report > StatusCodeRouterRuntimeDxe.c > +++ > b/MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/Report > Sta > +++ tusCodeRouterRuntimeDxe.c > @@ -3,6 +3,7 @@ > and Status Code Runtime Protocol. >=20 > Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved. > + Copyright (c) Microsoft Corporation.
> SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > **/ > @@ -237,6 +238,7 @@ ReportDispatcher ( > RSC_DATA_ENTRY *RscData; > EFI_STATUS Status; > VOID *NewBuffer; > + EFI_PHYSICAL_ADDRESS FailSafeEndPointer; >=20 > // > // Use atom operation to avoid the reentant of report. > @@ -267,6 +269,7 @@ ReportDispatcher ( > // If callback is registered with TPL lower than TPL_HIGH_LEVEL, ev= ent > must be signaled at boot time to possibly wait for > // allowed TPL to report status code. Related data should also be s= tored in > data buffer. > // > + FailSafeEndPointer =3D CallbackEntry->EndPointer; > CallbackEntry->EndPointer =3D ALIGN_VARIABLE (CallbackEntry- > >EndPointer); > RscData =3D (RSC_DATA_ENTRY *) (UINTN) CallbackEntry->EndPointer; > CallbackEntry->EndPointer +=3D sizeof (RSC_DATA_ENTRY); @@ -285,6 > +288,7 @@ ReportDispatcher ( > (VOID *) (UINTN) CallbackEntry->StatusCodeDataBuf= fer > ); > if (NewBuffer !=3D NULL) { > + FailSafeEndPointer =3D (EFI_PHYSICAL_ADDRESS) (UINTN) NewBuff= er > + + (FailSafeEndPointer - CallbackEntry->StatusCodeDataBuffer); > CallbackEntry->EndPointer =3D (EFI_PHYSICAL_ADDRESS) (UINTN) > NewBuffer + (CallbackEntry->EndPointer - CallbackEntry- > >StatusCodeDataBuffer); > CallbackEntry->StatusCodeDataBuffer =3D (EFI_PHYSICAL_ADDRESS= ) > (UINTN) NewBuffer; > CallbackEntry->BufferSize *=3D 2; @@ -296,6 +300,7 @@ > ReportDispatcher ( > // If data buffer is used up, do not report for this time. > // > if (CallbackEntry->EndPointer > (CallbackEntry->StatusCodeDataBuffe= r + > CallbackEntry->BufferSize)) { > + CallbackEntry->EndPointer =3D FailSafeEndPointer; > continue; > } >=20 > -- > 2.16.3.windows.1 >=20 >=20 >=20