From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@linaro.org header.s=google header.b=UXtHhfdc;
 spf=pass (domain: linaro.org, ip: 209.85.166.65, mailfrom: ard.biesheuvel@linaro.org)
Received: from mail-io1-f65.google.com (mail-io1-f65.google.com [209.85.166.65])
 by groups.io with SMTP; Sat, 20 Apr 2019 03:25:13 -0700
Received: by mail-io1-f65.google.com with SMTP id p23so6105259iol.13
        for <devel@edk2.groups.io>; Sat, 20 Apr 2019 03:25:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=wgPoEGKLZh3WX9pCoBzQxl1VKVQRpXMmXDeZ41GXMKI=;
        b=UXtHhfdcjUBzOqQ3YFWPffcncwr7X0upC4vEez41e2UJCNMUIdxWieJb0PkD+NPk4y
         Y0aHMCGPQ46oxu75/ZHZMYQZa/RhAt6SGqyQ5nsAbRKr8f9lQobxtk/SN+AVcxubTsG0
         uoz3rPv8oHBqrqvmSbxx7OMeSA1W5WuySVzzUDGivcCT4ztfGGGdZ2QMqK3kI4vnY0e0
         pCHd03xYbj1riK94vCzaGosj2MMXRmzhnlHs9hYVGEENNIO6XMEmPNX59hANuyu3Uc4Q
         0fk26aMzMjljpZznfkdzxcbc4TaJg33QZGOZaGy1MUak3EOnUt+gazUvYFvUfILCaPy1
         +rvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=wgPoEGKLZh3WX9pCoBzQxl1VKVQRpXMmXDeZ41GXMKI=;
        b=ZxkHfcTiPCcvoU2xsEC1kIWKoOjD1QFwe7174UCdP57nJKwHMYgIjVn/+DNsU5lwcS
         O1p+0N/P/KeR7a8YilL+qP3cJp12HbMr9pQpP84gfUr7lGQhg9Z2Snxs23rdlQQ4iq2W
         aLGMw9JLr7lmmc37os7th86tRRku36M3pblcDUlvhovDiwvHHgOi9RGLkjlWLEwHNCS2
         IR2yO8JwRu+caxODZzbnnraW8C73/RIYshw07WqbIm5J2Q+/ctgSJYvmbrEm+Eq7r8T7
         dRfOIVZSGLWi3xujyKtw8bC/1qSXdxbTwNJfSZmPR0c5n2vimaJKB/Q5eWwrYhH0GSyy
         ec2g==
X-Gm-Message-State: APjAAAXkMyC34SaBzQSe6dKaMeK7+QPpnaHSe8jCnarGScDbAG/c5MUu
	XzZpJpaW0Or8IzwuJf/HaWSunm6fK1QP0uyAcm7tlA==
X-Google-Smtp-Source: APXvYqzNSDqQ6RH3DyBw/2JFC6zUT88kAJu4cwe5orFqvRCcCCjzmm7TFjPKZamxgWI5J1Ed6S9gdZrInmf9BHl3ONI=
X-Received: by 2002:a5d:8b41:: with SMTP id c1mr5774228iot.173.1555755912961;
 Sat, 20 Apr 2019 03:25:12 -0700 (PDT)
MIME-Version: 1.0
References: <20190419141319.11084-1-ard.biesheuvel@linaro.org>
 <E92EE9817A31E24EB0585FDF735412F5B9C9B56C@ORSMSX113.amr.corp.intel.com>
 <CAKv+Gu_uhyHHDe7bcH=UMcxYLPkvVTBbgM2=f0iK7N6K7uoYZA@mail.gmail.com>
 <CAKv+Gu982PSXmD65ibnU_LWhO-HdgUmZHk9LS374h6o5veYnow@mail.gmail.com>
 <E92EE9817A31E24EB0585FDF735412F5B9C9B687@ORSMSX113.amr.corp.intel.com>
 <CAKv+Gu8eS0vAN=3X8ATFVSJuKemi4sinZmtWbdFWx1L66TnHXw@mail.gmail.com>
 <E92EE9817A31E24EB0585FDF735412F5B9C9B6C0@ORSMSX113.amr.corp.intel.com>
 <CAKv+Gu-hqcEhmiW+J+y9nLqpq6tTpvS7Mi_X2WdDQj9oHAnajA@mail.gmail.com>
 <CAKv+Gu-MKQ57_Uqvcm6JipGvMx9pB_r1RC7dST7FZeBQeaT1Gw@mail.gmail.com>
 <E92EE9817A31E24EB0585FDF735412F5B9C9B70E@ORSMSX113.amr.corp.intel.com> <E92EE9817A31E24EB0585FDF735412F5B9C9B72F@ORSMSX113.amr.corp.intel.com>
In-Reply-To: <E92EE9817A31E24EB0585FDF735412F5B9C9B72F@ORSMSX113.amr.corp.intel.com>
From: "Ard Biesheuvel" <ard.biesheuvel@linaro.org>
Date: Sat, 20 Apr 2019 12:25:00 +0200
Message-ID: <CAKv+Gu9t5WkP9MiymdegkEpjmeCCwo5N6WvFRMpU5vtSVTppxw@mail.gmail.com>
Subject: Re: [edk2-devel] [PATCH resend] MdeModulePkg/EsrtDxe: allocate ESRT table from RtServicesData memory
To: "Kinney, Michael D" <michael.d.kinney@intel.com>
Cc: "devel@edk2.groups.io" <devel@edk2.groups.io>, "ming.huang@linaro.org" <ming.huang@linaro.org>, 
	"Wu, Hao A" <hao.a.wu@intel.com>, "Wang, Jian J" <jian.j.wang@intel.com>
Content-Type: text/plain; charset="UTF-8"

On Fri, 19 Apr 2019 at 22:04, Kinney, Michael D
<michael.d.kinney@intel.com> wrote:
>
> Ard,
>
> Saw your patch to cache the GUID table.  The ESRT Table
> is not that much bigger, so the algorithm may be simpler
> if you just make a copy of the ESRT table with the
> active entries.
>
> * 16+24 bytes per ESRT entry.
> * 16 bytes/entry for just the GUID.
>
> The only advantage of checking against the ESRT GUID at
> RT is to reject capsules that will be rejected when the
> capsule is processed later.  This can prevent extra reboots
> if an OS agent is sending capsules that do not really
> apply to the current system.  I expect OS agent to only
> send capsules that are in the ESRT.
>

Yeah. The only problem is that some capsules have no header at all,
and so without a GUID check, we might end up interpreting random data
as the capsule's HeaderSize field, which would be bad.

In general, I think we should be robust against random junk being
passed into the QueryCapsuleCapabilities() runtime service.