From mboxrd@z Thu Jan 1 00:00:00 1970 Subject: Re: [edk2-devel] [PATCH v2] UefiPayloadPkg: Add support for logging to CBMEM console To: Sean Rhodes ,devel@edk2.groups.io From: "Benjamin Doron" X-Originating-Location: Richmond Hill, Ontario, CA (24.52.200.135) X-Originating-Platform: Linux Firefox 100 User-Agent: GROUPS.IO Web Poster MIME-Version: 1.0 Date: Thu, 26 May 2022 10:08:00 -0700 References: In-Reply-To: Message-ID: <4723.1653584880248481246@groups.io> Content-Type: multipart/alternative; boundary="7pRsm9yRdeAzVCCwuvCP" --7pRsm9yRdeAzVCCwuvCP Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable There actually is a possibility that even one message would overflow the bu= ffer. Unlike the other debug library stack I wrote (which I might work on u= pstreaming during GSoC), where buffers are specified in kilobyte multiples,= the user specifies CBMEM console size as a number of bytes. Some of this c= ode, such as the comment "So, no chance that one message could overflow eve= n the smallest buffer", is based on my work there. If the user sets the siz= e to less than 512 (the size of the largest message that DebugLib instances= might route here), the buffer will overflow. Is another sanity check neede= d, or is this possibility so much of an edge-case that it's unnecessary? I know that UefiPayloadPkg gained SMM support recently, but we're actually = safe from confused-deputy attacks because SMM uses the null instance of Rep= ortStatusCodeLib, so no messages are routed here. (Aside: While SMM debug i= s desirable and could possibly be implemented safely, I don't consider it p= roduction-ready.) --7pRsm9yRdeAzVCCwuvCP Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable There actually is a possibility that even one message would overflow the bu= ffer. Unlike the other debug library stack I wrote (which I might work on u= pstreaming during GSoC), where buffers are specified in kilobyte multiples,= the user specifies CBMEM console size as a number of bytes. Some of this c= ode, such as the comment "So, no chance that one message could overflow eve= n the smallest buffer", is based on my work there. If the user sets the siz= e to less than 512 (the size of the largest message that DebugLib instances= might route here), the buffer will overflow. Is another sanity check neede= d, or is this possibility so much of an edge-case that it's unnecessary?
I know that UefiPayloadPkg gained SMM support recently, but we're = actually safe from confused-deputy attacks because SMM uses the null instan= ce of ReportStatusCodeLib, so no messages are routed here. (Aside: While SM= M debug is desirable and could possibly be implemented safely, I don't cons= ider it production-ready.) --7pRsm9yRdeAzVCCwuvCP--