From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: Paulo Alcantara <paulo@paulo.ac>,
"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: Laszlo Ersek <lersek@redhat.com>, "Dong, Eric" <eric.dong@intel.com>
Subject: Re: [RFC v4 5/6] UefiCpuPkg/CpuExceptionHandlerLib: Ensure valid frame/stack pointers
Date: Thu, 4 Jan 2018 01:07:12 +0000 [thread overview]
Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503AA6F907@shsmsx102.ccr.corp.intel.com> (raw)
In-Reply-To: <836f7f2205e91c16d7c427c5b6e127f4a4dfa62e.1514517573.git.paulo@paulo.ac>
Some suggestion:
1) Would you please use meaning definition for BIT2?
if ((SegmentSelector & BIT2) == 0) {
2) Can we just use (SegmentSelector & ~0x7) for below?
((SegmentSelector >> 3) * 8)
3) Below calculation seems wrong. Should it be: SegDescLimitInBytes = (UINTN)SegDescLimit * SIZE_4KB + (SIZE_4KB - 1) ?
if (SegmentDescriptor->Bits.G == 1) {
SegDescLimitInBytes = (UINTN)SegDescLimit * SIZE_4KB;
Thank you
Yao Jiewen
> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Paulo
> Alcantara
> Sent: Friday, December 29, 2017 12:40 PM
> To: edk2-devel@lists.01.org
> Cc: Laszlo Ersek <lersek@redhat.com>; Dong, Eric <eric.dong@intel.com>
> Subject: [edk2] [RFC v4 5/6] UefiCpuPkg/CpuExceptionHandlerLib: Ensure valid
> frame/stack pointers
>
> Validate all possible memory dereferences during stack traces in IA32
> and X64 CPU exceptions.
>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Requested-by: Brian Johnson <brian.johnson@hpe.com>
> Requested-by: Jiewen Yao <jiewen.yao@intel.com>
> Signed-off-by: Paulo Alcantara <paulo@paulo.ac>
> ---
> UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c |
> 143 +++++++++++++++++++-
> UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c |
> 75 +++++++++-
> 2 files changed, 210 insertions(+), 8 deletions(-)
>
> diff --git
> a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
> b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
> index 25e02fbbc1..9b52d4f6d2 100644
> --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
> +++
> b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
> @@ -398,6 +398,96 @@ DumpCpuContext (
> );
> }
>
> +/**
> + Check if a logical address is valid.
> +
> + @param[in] SystemContext Pointer to EFI_SYSTEM_CONTEXT.
> + @param[in] SegmentSelector Segment selector.
> + @param[in] Offset Offset or logical address.
> +**/
> +STATIC
> +BOOLEAN
> +IsLogicalAddressValid (
> + IN EFI_SYSTEM_CONTEXT SystemContext,
> + IN UINT16 SegmentSelector,
> + IN UINTN Offset
> + )
> +{
> + IA32_SEGMENT_DESCRIPTOR *SegmentDescriptor;
> + UINT32 SegDescBase;
> + UINT32 SegDescLimit;
> + UINTN SegDescLimitInBytes;
> +
> + //
> + // Check for valid input parameters
> + //
> + if (SegmentSelector == 0 || Offset == 0) {
> + return FALSE;
> + }
> +
> + //
> + // Check whether to look for a segment descriptor in GDT or LDT table
> + //
> + if ((SegmentSelector & BIT2) == 0) {
> + //
> + // Get segment descriptor from GDT table
> + //
> + SegmentDescriptor =
> + (IA32_SEGMENT_DESCRIPTOR *)(
> + (UINTN)SystemContext.SystemContextIa32->Gdtr[0] +
> + ((SegmentSelector >> 3) * 8)
> + );
> + } else {
> + //
> + // Get segment descriptor from LDT table
> + //
> + SegmentDescriptor =
> + (IA32_SEGMENT_DESCRIPTOR *)(
> + (UINTN)SystemContext.SystemContextIa32->Ldtr +
> + ((SegmentSelector >> 3) * 8)
> + );
> + }
> +
> + //
> + // Get segment descriptor's base address
> + //
> + SegDescBase = SegmentDescriptor->Bits.BaseLow |
> + (SegmentDescriptor->Bits.BaseMid << 16) |
> + (SegmentDescriptor->Bits.BaseHigh << 24);
> +
> + //
> + // Get segment descriptor's limit
> + //
> + SegDescLimit = SegmentDescriptor->Bits.LimitLow |
> + (SegmentDescriptor->Bits.LimitHigh << 16);
> +
> + //
> + // Calculate segment descriptor's limit in bytes
> + //
> + if (SegmentDescriptor->Bits.G == 1) {
> + SegDescLimitInBytes = (UINTN)SegDescLimit * SIZE_4KB;
> + } else {
> + SegDescLimitInBytes = SegDescLimit;
> + }
> +
> + //
> + // Make sure to not access beyond a segment limit boundary
> + //
> + if (Offset + SegDescBase > SegDescLimitInBytes) {
> + return FALSE;
> + }
> +
> + //
> + // Check if the translated logical address (or linear address) is valid
> + //
> + return IsLinearAddressValid (
> + SystemContext.SystemContextIa32->Cr0,
> + SystemContext.SystemContextIa32->Cr3,
> + SystemContext.SystemContextIa32->Cr4,
> + Offset + SegDescBase
> + );
> +}
> +
> /**
> Dump stack trace.
>
> @@ -459,6 +549,20 @@ DumpStackTrace (
> InternalPrintMessage ("\nCall trace:\n");
>
> for (;;) {
> + //
> + // Check for valid frame pointer
> + //
> + if (!IsLogicalAddressValid (SystemContext,
> + SystemContext.SystemContextIa32->Ss,
> + (UINTN)Ebp + 4) ||
> + !IsLogicalAddressValid (SystemContext,
> + SystemContext.SystemContextIa32->Ss,
> + (UINTN)Ebp)) {
> + InternalPrintMessage ("%a: attempted to dereference an invalid frame "
> + "pointer at 0x%08x\n", __FUNCTION__, Ebp);
> + break;
> + }
> +
> //
> // Print stack frame in the following format:
> //
> @@ -588,6 +692,16 @@ DumpImageModuleNames (
> // Walk through call stack and find next module names
> //
> for (;;) {
> + if (!IsLogicalAddressValid (SystemContext,
> + SystemContext.SystemContextIa32->Ss,
> + (UINTN)Ebp) ||
> + !IsLogicalAddressValid (SystemContext,
> + SystemContext.SystemContextIa32->Ss,
> + (UINTN)Ebp + 4)) {
> + InternalPrintMessage ("%a: attempted to dereference an invalid frame "
> + "pointer at 0x%08x\n", __FUNCTION__, Ebp);
> + }
> +
> //
> // Set EIP with return address from current stack frame
> //
> @@ -651,16 +765,23 @@ DumpImageModuleNames (
> /**
> Dump stack contents.
>
> - @param[in] CurrentEsp Current stack pointer address.
> + @param[in] SystemContext Pointer to EFI_SYSTEM_CONTEXT.
> @param[in] UnwoundStacksCount Count of unwound stack frames.
> **/
> STATIC
> VOID
> DumpStackContents (
> - IN UINT32 CurrentEsp,
> - IN INTN UnwoundStacksCount
> + IN EFI_SYSTEM_CONTEXT SystemContext,
> + IN INTN UnwoundStacksCount
> )
> {
> + UINT32 CurrentEsp;
> +
> + //
> + // Get current stack pointer
> + //
> + CurrentEsp = SystemContext.SystemContextIa32->Esp;
> +
> //
> // Check for proper stack alignment
> //
> @@ -674,6 +795,20 @@ DumpStackContents (
> //
> InternalPrintMessage ("\nStack dump:\n");
> while (UnwoundStacksCount-- > 0) {
> + //
> + // Check for a valid stack pointer address
> + //
> + if (!IsLogicalAddressValid (SystemContext,
> + SystemContext.SystemContextIa32->Ss,
> + (UINTN)CurrentEsp) ||
> + !IsLogicalAddressValid (SystemContext,
> + SystemContext.SystemContextIa32->Ss,
> + (UINTN)CurrentEsp + 4)) {
> + InternalPrintMessage ("%a: attempted to dereference an invalid stack "
> + "pointer at 0x%08x\n", __FUNCTION__,
> CurrentEsp);
> + break;
> + }
> +
> InternalPrintMessage (
> "0x%08x: %08x %08x\n",
> CurrentEsp,
> @@ -720,5 +855,5 @@ DumpImageAndCpuContent (
> //
> // Dump stack contents
> //
> - DumpStackContents (SystemContext.SystemContextIa32->Esp,
> UnwoundStacksCount);
> + DumpStackContents (SystemContext, UnwoundStacksCount);
> }
> diff --git
> a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c
> b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c
> index d3a3878b3d..8067c34122 100644
> --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c
> +++
> b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c
> @@ -401,16 +401,26 @@ DumpCpuContext (
> /**
> Dump stack contents.
>
> - @param[in] CurrentRsp Current stack pointer address.
> + @param[in] SystemContext Pointer to EFI_SYSTEM_CONTEXT.
> @param[in] UnwoundStacksCount Count of unwound stack frames.
> **/
> STATIC
> VOID
> DumpStackContents (
> - IN UINT64 CurrentRsp,
> - IN INTN UnwoundStacksCount
> + IN EFI_SYSTEM_CONTEXT SystemContext,
> + IN INTN UnwoundStacksCount
> )
> {
> + UINT64 CurrentRsp;
> + UINTN Cr0;
> + UINTN Cr3;
> + UINTN Cr4;
> +
> + //
> + // Get current stack pointer
> + //
> + CurrentRsp = SystemContext.SystemContextX64->Rsp;
> +
> //
> // Check for proper stack pointer alignment
> //
> @@ -419,11 +429,28 @@ DumpStackContents (
> return;
> }
>
> + //
> + // Get system control registers
> + //
> + Cr0 = SystemContext.SystemContextX64->Cr0;
> + Cr3 = SystemContext.SystemContextX64->Cr3;
> + Cr4 = SystemContext.SystemContextX64->Cr4;
> +
> //
> // Dump out stack contents
> //
> InternalPrintMessage ("\nStack dump:\n");
> while (UnwoundStacksCount-- > 0) {
> + //
> + // Check for a valid stack pointer address
> + //
> + if (!IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)CurrentRsp) ||
> + !IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)CurrentRsp + 8)) {
> + InternalPrintMessage ("%a: attempted to dereference an invalid stack "
> + "pointer at 0x%016lx\n", __FUNCTION__,
> CurrentRsp);
> + break;
> + }
> +
> InternalPrintMessage (
> "0x%016lx: %016lx %016lx\n",
> CurrentRsp,
> @@ -457,6 +484,9 @@ DumpImageModuleNames (
> CHAR8 *PdbFileName;
> UINT64 Rbp;
> UINTN LastImageBase;
> + UINTN Cr0;
> + UINTN Cr3;
> + UINTN Cr4;
>
> //
> // Set current RIP address
> @@ -516,10 +546,27 @@ DumpImageModuleNames (
> InternalPrintMessage ("%a\n", PdbAbsoluteFilePath);
> }
>
> + //
> + // Get system control registers
> + //
> + Cr0 = SystemContext.SystemContextX64->Cr0;
> + Cr3 = SystemContext.SystemContextX64->Cr3;
> + Cr4 = SystemContext.SystemContextX64->Cr4;
> +
> //
> // Walk through call stack and find next module names
> //
> for (;;) {
> + //
> + // Check for a valid frame pointer
> + //
> + if (!IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)Rbp + 8) ||
> + !IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)Rbp)) {
> + InternalPrintMessage ("%a: attempted to dereference an invalid frame "
> + "pointer at 0x%016lx\n", __FUNCTION__,
> Rbp);
> + break;
> + }
> +
> //
> // Set RIP with return address from current stack frame
> //
> @@ -604,6 +651,9 @@ DumpStackTrace (
> UINT64 Rbp;
> UINTN ImageBase;
> CHAR8 *PdbFileName;
> + UINTN Cr0;
> + UINTN Cr3;
> + UINTN Cr4;
>
> //
> // Set current RIP address
> @@ -634,12 +684,29 @@ DumpStackTrace (
> //
> *UnwoundStacksCount = 1;
>
> + //
> + // Get system control registers
> + //
> + Cr0 = SystemContext.SystemContextX64->Cr0;
> + Cr3 = SystemContext.SystemContextX64->Cr3;
> + Cr4 = SystemContext.SystemContextX64->Cr4;
> +
> //
> // Print out back trace
> //
> InternalPrintMessage ("\nCall trace:\n");
>
> for (;;) {
> + //
> + // Check for valid frame pointer
> + //
> + if (!IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)Rbp + 8) ||
> + !IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)Rbp)) {
> + InternalPrintMessage ("%a: attempted to dereference an invalid frame "
> + "pointer at 0x%016lx\n", __FUNCTION__,
> Rbp);
> + break;
> + }
> +
> //
> // Print stack frame in the following format:
> //
> @@ -727,5 +794,5 @@ DumpImageAndCpuContent (
> //
> // Dump stack contents
> //
> - DumpStackContents (SystemContext.SystemContextX64->Rsp,
> UnwoundStacksCount);
> + DumpStackContents (SystemContext, UnwoundStacksCount);
> }
> --
> 2.14.3
>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
next prev parent reply other threads:[~2018-01-04 1:02 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-14 12:47 [RFC 0/1] Stack trace support in X64 exception handling Paulo Alcantara
2017-11-14 12:47 ` [RFC 1/1] UefiCpuPkg/CpuExceptionHandlerLib/X64: Add stack trace support Paulo Alcantara
2017-11-14 14:01 ` Andrew Fish
2017-11-14 14:26 ` 答复: " Fan Jeff
2017-11-14 14:38 ` Andrew Fish
2017-11-14 15:30 ` Paulo Alcantara
2017-11-14 16:51 ` Brian J. Johnson
2017-12-29 3:48 ` [RFC v4 0/6] Stack trace support in X64 exception handling Paulo Alcantara
2017-12-29 4:39 ` [RFC v4 1/6] UefiCpuPkg/CpuExceptionHandlerLib/X64: Add stack trace support Paulo Alcantara
2018-01-03 8:53 ` 答复: " Fan Jeff
2018-01-03 14:51 ` Paulo Alcantara
2017-12-29 4:39 ` [RFC v4 2/6] UefiCpuPkg/CpuExceptionHandlerLib: Export GetPdbFileName() Paulo Alcantara
2017-12-29 4:39 ` [RFC v4 3/6] UefiCpuPkg/CpuExceptionHandlerLib/Ia32: Add stack trace support Paulo Alcantara
2017-12-29 4:39 ` [RFC v4 4/6] UefiCpuPkg/CpuExceptionHandlerLib: Add helper to valid memory addresses Paulo Alcantara
2018-01-03 8:42 ` 答复: " Fan Jeff
2018-01-03 14:45 ` Paulo Alcantara
2018-01-03 16:59 ` Brian J. Johnson
2018-01-04 13:03 ` Paulo Alcantara
2018-01-04 1:36 ` Yao, Jiewen
2018-01-04 1:58 ` Yao, Jiewen
2018-01-04 13:29 ` Paulo Alcantara
2018-01-04 14:35 ` Yao, Jiewen
2018-01-04 15:15 ` Paulo Alcantara
2018-01-04 13:18 ` Paulo Alcantara
2017-12-29 4:39 ` [RFC v4 5/6] UefiCpuPkg/CpuExceptionHandlerLib: Ensure valid frame/stack pointers Paulo Alcantara
2018-01-03 8:45 ` 答复: " Fan Jeff
2018-01-03 14:48 ` Paulo Alcantara
2018-01-04 1:07 ` Yao, Jiewen [this message]
2017-12-29 4:39 ` [RFC v4 6/6] UefiCpuPkg/CpuExceptionHandlerLib: Correctly print IP addresses Paulo Alcantara
2018-01-03 8:46 ` 答复: " Fan Jeff
2018-01-04 0:59 ` [RFC v4 0/6] Stack trace support in X64 exception handling Yao, Jiewen
2018-01-04 13:36 ` Paulo Alcantara
2018-01-15 0:23 ` [RFC v5 0/8] " Paulo Alcantara
2018-01-15 0:23 ` [RFC v5 1/8] UefiCpuPkg/CpuExceptionHandlerLib/X64: Add stack trace support Paulo Alcantara
2018-01-15 0:23 ` [RFC v5 2/8] UefiCpuPkg/CpuExceptionHandlerLib: Export GetPdbFileName() Paulo Alcantara
2018-01-15 0:23 ` [RFC v5 3/8] UefiCpuPkg/CpuExceptionHandlerLib/Ia32: Add stack trace support Paulo Alcantara
2018-01-15 0:23 ` [RFC v5 4/8] UefiCpuPkg/CpuExceptionHandlerLib: Add helper to validate memory addresses Paulo Alcantara
2018-01-15 0:23 ` [RFC v5 5/8] UefiCpuPkg/CpuExceptionHandlerLib: Ensure valid frame/stack pointers Paulo Alcantara
2018-01-15 0:23 ` [RFC v5 6/8] UefiCpuPkg/CpuExceptionHandlerLib: Correctly print IP addresses Paulo Alcantara
2018-01-15 0:23 ` [RFC v5 7/8] UefiCpuPkg/CpuExceptionHandlerLib: Validate memory address ranges Paulo Alcantara
2018-01-15 0:23 ` [RFC v5 8/8] UefiCpuPkg/CpuExceptionHandlerLib: Add early check in DumpStackContents Paulo Alcantara
2018-01-17 12:57 ` [RFC v5 0/8] Stack trace support in X64 exception handling Yao, Jiewen
2018-01-17 22:48 ` Yao, Jiewen
2018-01-19 0:09 ` Paulo Alcantara
2018-01-19 0:02 ` Paulo Alcantara
2018-01-19 0:15 ` Paulo Alcantara
2018-01-29 13:38 ` Paulo Alcantara
2018-01-31 5:56 ` Yao, Jiewen
2018-01-31 19:05 ` Paulo Alcantara
2017-11-14 13:21 ` [RFC 0/1] " Paulo Alcantara
2017-11-14 14:03 ` 答复: " Fan Jeff
2017-11-14 14:12 ` 答复: " Fan Jeff
2017-11-14 15:37 ` Paulo Alcantara
2017-11-14 16:33 ` Brian J. Johnson
2017-11-14 17:23 ` Andrew Fish
2017-11-14 17:41 ` Brian J. Johnson
2017-11-14 17:56 ` Paulo Alcantara
2017-11-15 13:21 ` 答复: 答复: " Fan Jeff
2017-11-15 14:41 ` Paulo Alcantara
2017-11-15 14:52 ` 答复: " Fan Jeff
2017-11-16 1:18 ` [RFC v2 0/3] " Paulo Alcantara
2017-11-16 1:18 ` [RFC v2 1/3] UefiCpuPkg/CpuExceptionHandlerLib/X64: Add stack trace support Paulo Alcantara
2017-11-16 1:57 ` Yao, Jiewen
2017-11-16 22:13 ` Paulo Alcantara
2017-11-17 3:43 ` Yao, Jiewen
2017-11-20 14:51 ` Paulo Alcantara
2017-11-16 15:43 ` Brian J. Johnson
2017-11-16 22:19 ` Paulo Alcantara
2017-11-16 1:18 ` [RFC v2 2/3] UefiCpuPkg/CpuExceptionHandlerLib: Export GetPdbFileName() Paulo Alcantara
2017-11-16 1:18 ` [RFC v2 3/3] UefiCpuPkg/CpuExceptionHandlerLib/Ia32: Add stack trace support Paulo Alcantara
2017-11-16 1:46 ` [RFC v2 0/3] Stack trace support in X64 exception handling Paulo Alcantara
2017-11-16 5:01 ` Andrew Fish
2017-11-16 22:02 ` Paulo Alcantara
2017-11-16 21:56 ` [RFC v3 " Paulo Alcantara
2017-11-16 21:56 ` [RFC v3 1/3] UefiCpuPkg/CpuExceptionHandlerLib/X64: Add stack trace support Paulo Alcantara
2017-11-17 7:24 ` 答复: " Fan Jeff
2017-11-20 14:59 ` Paulo Alcantara
2017-11-23 14:27 ` 答复: " Fan Jeff
2017-11-23 18:34 ` Andrew Fish
2017-11-23 19:49 ` Fan Jeff
2017-11-16 21:56 ` [RFC v3 2/3] UefiCpuPkg/CpuExceptionHandlerLib: Export GetPdbFileName() Paulo Alcantara
2017-11-16 21:56 ` [RFC v3 3/3] UefiCpuPkg/CpuExceptionHandlerLib/Ia32: Add stack trace support Paulo Alcantara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=74D8A39837DF1E4DA445A8C0B3885C503AA6F907@shsmsx102.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox