From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 33F7FD80442 for ; Wed, 14 Feb 2024 13:08:55 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=phrfNAKuvv5C/561yvNrEcA24WD2H8gyxGYbnfzwaiY=; c=relaxed/simple; d=groups.io; h=Message-ID:Date:MIME-Version:User-Agent:Subject:To:CC:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1707916133; v=1; b=h3HdcY9EGXaDJTGUzge02cNo1LC2slsFP/bedoQVSIY7QX/W14pf/CojIfS+Oy8SqsrKD7g5 ofUjKqNpFZ++qVOppA0qItTjc1stMTg7DAa/QOkVcjIT6PLJaog+QCbtH+Y8z/RgkY0teDPFxBA dMfiHQd+Et67dsStpM0GNnAQ= X-Received: by 127.0.0.2 with SMTP id C9EdYY7687511xDbtZ3RR1om; Wed, 14 Feb 2024 05:08:53 -0800 X-Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) by mx.groups.io with SMTP id smtpd.web10.40609.1707916132947477273 for ; Wed, 14 Feb 2024 05:08:53 -0800 X-Received: from pps.filterd (m0279868.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 41ECS7Iw027242; Wed, 14 Feb 2024 13:08:27 GMT X-Received: from nasanppmta05.qualcomm.com (i-global254.qualcomm.com [199.106.103.254]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3w8n36h20g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 14 Feb 2024 13:08:26 +0000 (GMT) X-Received: from nasanex01c.na.qualcomm.com (nasanex01c.na.qualcomm.com [10.45.79.139]) by NASANPPMTA05.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 41ED8Pa5025259 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 14 Feb 2024 13:08:25 GMT X-Received: from [10.111.132.144] (10.80.80.8) by nasanex01c.na.qualcomm.com (10.45.79.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.40; Wed, 14 Feb 2024 05:08:23 -0800 Message-ID: <8b4bffe9-2ac2-4a9f-873a-13a90f887b4a@quicinc.com> Date: Wed, 14 Feb 2024 13:08:21 +0000 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [edk2-devel] [edk2-stable202402 PATCH 1/2] UefiCpuPkg/PiSmmCpuDxeSmm: distinguish GetSmBase() failure modes To: , , "lersek@redhat.com" , Leif Lindholm , "Andrew Fish (afish@apple.com)" , "Gao, Liming" CC: "Tan, Dun" , Gerd Hoffmann , "Kumar, Rahul R" , "Ni, Ray" References: <20240213210918.16372-1-lersek@redhat.com> <20240213210918.16372-2-lersek@redhat.com> <5f807038-3e4b-0d82-6fee-37b81fd8e9f6@redhat.com> From: "Leif Lindholm" In-Reply-To: X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To nasanex01c.na.qualcomm.com (10.45.79.139) X-QCInternal: smtphost X-Proofpoint-ORIG-GUID: LJOZaooyGWn_NKQhy0qBcP-Si-Sd38bi X-Proofpoint-GUID: LJOZaooyGWn_NKQhy0qBcP-Si-Sd38bi Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,quic_llindhol@quicinc.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: cjcerped8LXLzjQI28zfeSFSx7686176AA= Content-Language: en-GB Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=h3HdcY9E; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=quicinc.com (policy=none) On 2024-02-14 03:43, Michael D Kinney wrote: > Hi Laszlo, >=20 > Thank you for the quick fix. >=20 > I have reviewed the changes. I agree they fix the issue at hand. >=20 > Reviewed-by: Michael D Kinney >=20 > I have adjusted the commit message with your suggested changes in > the PR I have prepared: >=20 > https://github.com/tianocore/edk2/pull/5373 >=20 > There may be better ways to organize this code in general to make > it easier to understand and maintain in the future, but we can > let Ray review that when he returns. That will also likely be a > much bugger change that can be accepted just before a release. >=20 > I also approve this as a critical fix for edk2-stable202402 >=20 > I will wait till tomorrow morning my time to see if Gerd and > Rahul and Leif can also provide their reviews/approvals and > to give me some time to run some tests. For the series: Reviewed-by: Leif Lindholm I'm happy for this to go into the stable tag. / Leif > I do not expect Ray Ni or Dun Tan to be available this week. >=20 > Best regards, >=20 > Mike >=20 >> -----Original Message----- >> From: devel@edk2.groups.io On Behalf Of Laszlo >> Ersek >> Sent: Tuesday, February 13, 2024 1:36 PM >> To: devel@edk2.groups.io >> Cc: Tan, Dun ; Gerd Hoffmann ; >> Kumar, Rahul R ; Ni, Ray >> Subject: Re: [edk2-devel] [edk2-stable202402 PATCH 1/2] >> UefiCpuPkg/PiSmmCpuDxeSmm: distinguish GetSmBase() failure modes >> >> On 2/13/24 22:09, Laszlo Ersek wrote: >>> Commit 725acd0b9cc0 ("UefiCpuPkg: Avoid assuming only one >> smmbasehob", >>> 2023-12-12) introduced a helper function called GetSmBase(), >> replacing the >>> lookup of the first and only "gSmmBaseHobGuid" GUID HOB, with >> iterated >>> lookups plus memory allocation. >>> >>> This introduced a new failure mode for setting >> "mCpuHotPlugData.SmBase". >>> Namely, before commit 725acd0b9cc0, "mCpuHotPlugData.SmBase" would be >> set >>> to NULL if and only if the GUID HOB was absent. After the commit, a >> NULL >>> assignment would be possible if the GUID HOB was absent, *or* one of >> the >>> memory allocations inside GetSmBase() failed. >> >> Sorry, these two paragraphs are not precise. A better version: >> >> ---------- >> Commit 725acd0b9cc0 ("UefiCpuPkg: Avoid assuming only one smmbasehob", >> 2023-12-12) introduced a helper function called GetSmBase(), replacing >> the lookup of the first and only "gSmmBaseHobGuid" GUID HOB and >> unconditional "mCpuHotPlugData.SmBase" allocation, with iterated >> lookups >> plus conditional memory allocation. >> >> This introduced a new failure mode for setting >> "mCpuHotPlugData.SmBase". >> Namely, before commit 725acd0b9cc0, "mCpuHotPlugData.SmBase" would be >> allocated regardless of the GUID HOB being absent. After the commit, >> "mCpuHotPlugData.SmBase" could remain NULL if the GUID HOB was absent, >> *or* one of the memory allocations inside GetSmBase() failed; and in >> the >> former case, we'd even proceed to the rest of PiCpuSmmEntry(). >> ---------- >> >> Sorry, it's late. >> >> If this patch set is accepted otherwise, then Mike or Liming, can you >> please update the first two paragraphs of the commit message upon >> merge? >> >> Thanks >> Laszlo >> >>> >>> In relation to this conflation of distinct failure modes, commit >>> 725acd0b9cc0 actually introduced a NULL pointer dereference. Namely, >> a >>> NULL "mCpuHotPlugData.SmBase" is not handled properly at all now. >> We're >>> going to fix that NULL pointer dereference in a subsequent patch; >> however, >>> as a pre-requisite for that we need to tell apart the failure modes >> of >>> GetSmBase(). >>> >>> For memory allocation failures, return EFI_OUT_OF_RESOURCES. Move the >>> "assertion" that SMRAM cannot be exhausted happen out to the caller >>> (PiCpuSmmEntry()). Strengthen the assertion by adding an explicit >>> CpuDeadLoop() call. (Note: GetSmBase() *already* calls CpuDeadLoop() >> if >>> (NumberOfProcessors !=3D MaxNumberOfCpus).) >>> >>> For the absence of the GUID HOB, return EFI_NOT_FOUND. >>> >>> For good measure, make GetSmBase() STATIC (it should have been STATIC >> from >>> the start). >>> >>> This is just a refactoring, no behavioral difference is intended >> (beyond >>> the explicit CpuDeadLoop() upon SMRAM exhaustion). >>> >>> Cc: Dun Tan >>> Cc: Gerd Hoffmann >>> Cc: Rahul Kumar >>> Cc: Ray Ni >>> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4682 >>> Signed-off-by: Laszlo Ersek >>> --- >>> >>> Notes: >>> context:-U4 >>> >>> UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 40 ++++++++++++++------ >>> 1 file changed, 28 insertions(+), 12 deletions(-) >>> >>> diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c >> b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c >>> index cd394826ffcf..09382945ddb4 100644 >>> --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c >>> +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c >>> @@ -619,16 +619,23 @@ SmBaseHobCompare ( >>> >>> /** >>> Extract SmBase for all CPU from SmmBase HOB. >>> >>> - @param[in] MaxNumberOfCpus Max NumberOfCpus. >>> + @param[in] MaxNumberOfCpus Max NumberOfCpus. >>> >>> - @retval SmBaseBuffer Pointer to SmBase Buffer. >>> - @retval NULL gSmmBaseHobGuid was not been >> created. >>> + @param[out] AllocatedSmBaseBuffer Pointer to SmBase Buffer >> allocated >>> + by this function. Only set if >> the >>> + function returns EFI_SUCCESS. >>> + >>> + @retval EFI_SUCCESS SmBase Buffer output successfully. >>> + @retval EFI_OUT_OF_RESOURCES Memory allocation failed. >>> + @retval EFI_NOT_FOUND gSmmBaseHobGuid was never created. >>> **/ >>> -UINTN * >>> +STATIC >>> +EFI_STATUS >>> GetSmBase ( >>> - IN UINTN MaxNumberOfCpus >>> + IN UINTN MaxNumberOfCpus, >>> + OUT UINTN **AllocatedSmBaseBuffer >>> ) >>> { >>> UINTN HobCount; >>> EFI_HOB_GUID_TYPE *GuidHob; >>> @@ -649,9 +656,9 @@ GetSmBase ( >>> NumberOfProcessors =3D 0; >>> >>> FirstSmmBaseGuidHob =3D GetFirstGuidHob (&gSmmBaseHobGuid); >>> if (FirstSmmBaseGuidHob =3D=3D NULL) { >>> - return NULL; >>> + return EFI_NOT_FOUND; >>> } >>> >>> GuidHob =3D FirstSmmBaseGuidHob; >>> while (GuidHob !=3D NULL) { >>> @@ -671,11 +678,10 @@ GetSmBase ( >>> CpuDeadLoop (); >>> } >>> >>> SmBaseHobs =3D AllocatePool (sizeof (SMM_BASE_HOB_DATA *) * >> HobCount); >>> - ASSERT (SmBaseHobs !=3D NULL); >>> if (SmBaseHobs =3D=3D NULL) { >>> - return NULL; >>> + return EFI_OUT_OF_RESOURCES; >>> } >>> >>> // >>> // Record each SmmBaseHob pointer in the SmBaseHobs. >>> @@ -691,9 +697,9 @@ GetSmBase ( >>> SmBaseBuffer =3D (UINTN *)AllocatePool (sizeof (UINTN) * >> (MaxNumberOfCpus)); >>> ASSERT (SmBaseBuffer !=3D NULL); >>> if (SmBaseBuffer =3D=3D NULL) { >>> FreePool (SmBaseHobs); >>> - return NULL; >>> + return EFI_OUT_OF_RESOURCES; >>> } >>> >>> QuickSort (SmBaseHobs, HobCount, sizeof (SMM_BASE_HOB_DATA *), >> (BASE_SORT_COMPARE)SmBaseHobCompare, &SortBuffer); >>> PrevProcessorIndex =3D 0; >>> @@ -713,9 +719,10 @@ GetSmBase ( >>> PrevProcessorIndex +=3D SmBaseHobs[HobIndex]->NumberOfProcessors; >>> } >>> >>> FreePool (SmBaseHobs); >>> - return SmBaseBuffer; >>> + *AllocatedSmBaseBuffer =3D SmBaseBuffer; >>> + return EFI_SUCCESS; >>> } >>> >>> /** >>> Function to compare 2 MP_INFORMATION2_HOB_DATA pointer based on >> ProcessorIndex. >>> @@ -1110,10 +1117,17 @@ PiCpuSmmEntry ( >>> // >>> // Retrive the allocated SmmBase from gSmmBaseHobGuid. If found, >>> // means the SmBase relocation has been done. >>> // >>> - mCpuHotPlugData.SmBase =3D GetSmBase (mMaxNumberOfCpus); >>> - if (mCpuHotPlugData.SmBase !=3D NULL) { >>> + mCpuHotPlugData.SmBase =3D NULL; >>> + Status =3D GetSmBase (mMaxNumberOfCpus, >> &mCpuHotPlugData.SmBase); >>> + if (Status =3D=3D EFI_OUT_OF_RESOURCES) { >>> + ASSERT (Status !=3D EFI_OUT_OF_RESOURCES); >>> + CpuDeadLoop (); >>> + } >>> + >>> + if (!EFI_ERROR (Status)) { >>> + ASSERT (mCpuHotPlugData.SmBase !=3D NULL); >>> // >>> // Check whether the Required TileSize is enough. >>> // >>> if (TileSize > SIZE_8KB) { >>> @@ -1125,8 +1139,10 @@ PiCpuSmmEntry ( >>> } >>> >>> mSmmRelocated =3D TRUE; >>> } else { >>> + ASSERT (Status =3D=3D EFI_NOT_FOUND); >>> + ASSERT (mCpuHotPlugData.SmBase =3D=3D NULL); >>> // >>> // When the HOB doesn't exist, allocate new SMBASE itself. >>> // >>> DEBUG ((DEBUG_INFO, "PiCpuSmmEntry: gSmmBaseHobGuid not >> found!\n")); >>> >>> >>> >>> >>> >>> >> >> >> >> >> >=20 >=20 >=20 >=20 >=20 >=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#115453): https://edk2.groups.io/g/devel/message/115453 Mute This Topic: https://groups.io/mt/104341342/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-