From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id B051CD80C7F for ; Fri, 8 Mar 2024 21:26:22 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=VNIGcKWFBr00pO498uJxgIfo3XzmABRaHjKpbB2w5Mk=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1709933181; v=1; b=ecAm85Mxe7Zdkqa4EOy5oAx2cDL0oxZ9Y1MDYc1lL9gQzO/q8VLbEYyPAG8gCrURoNzm7T07 U3ehQpJB0/cwDbREmHGJ//5ZwrDtvkkPPn6E1S/gSQuSWWT6g5l6JVbzLo3KX/B8gTCjhwuVTWr MbaVlXyfBnK9RRYGdtId8QJPcgf+ZrzJ/kI9IE1nzS6H5367XA5YbKmIGUsr0wFp4lqlDsSX1TT CgosZ0lT12/J9t2yfdi64tZAfNQT+QEUPLONPEG9R9eATDXNEXp4yBeqysX1UuyfeGV7D15HxV2 SayIFvbqOidf3k7KwE3KFHaIdNzJjuTRp+S4oO+23GYfw== X-Received: by 127.0.0.2 with SMTP id WYAzYY7687511xYOCHRvn888; Fri, 08 Mar 2024 13:26:21 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.11]) by mx.groups.io with SMTP id smtpd.web11.5088.1709933180816008167 for ; Fri, 08 Mar 2024 13:26:20 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,11007"; a="15314064" X-IronPort-AV: E=Sophos;i="6.07,110,1708416000"; d="scan'208,223";a="15314064" X-Received: from orviesa006.jf.intel.com ([10.64.159.146]) by fmvoesa105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Mar 2024 13:26:20 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,110,1708416000"; d="scan'208,223";a="10974062" X-Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by orviesa006.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 08 Mar 2024 13:26:20 -0800 X-Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Fri, 8 Mar 2024 13:26:19 -0800 X-Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Fri, 8 Mar 2024 13:26:19 -0800 X-Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.168) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Fri, 8 Mar 2024 13:26:19 -0800 X-Received: from CO1PR11MB4929.namprd11.prod.outlook.com (2603:10b6:303:6d::19) by SN7PR11MB7419.namprd11.prod.outlook.com (2603:10b6:806:34d::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.10; Fri, 8 Mar 2024 21:26:17 +0000 X-Received: from CO1PR11MB4929.namprd11.prod.outlook.com ([fe80::e34e:4d18:b93e:c368]) by CO1PR11MB4929.namprd11.prod.outlook.com ([fe80::e34e:4d18:b93e:c368%5]) with mapi id 15.20.7386.005; Fri, 8 Mar 2024 21:26:16 +0000 From: "Michael D Kinney" To: "devel@edk2.groups.io" , "Kinney, Michael D" , "Kasbekar, Saloni" , Santhosh Kumar V CC: Sivaraman Nainar , Raj V Akilan , "Mathews, John" , "Clark-williams, Zachary" , "Kinney, Michael D" Subject: Re: [edk2-devel] [PATCH] NetworkPkg Update Security Patch Thread-Topic: [edk2-devel] [PATCH] NetworkPkg Update Security Patch Thread-Index: AQHaVolWIo0Mt0+mc02F8U5R/d8I8LD/hOQggC8ISECAAAP5EA== Date: Fri, 08 Mar 2024 13:26:20 -0800 Message-ID: References: <20240203101119.2167-1-santhoshkumarv@ami.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: CO1PR11MB4929:EE_|SN7PR11MB7419:EE_ x-ms-office365-filtering-correlation-id: 0b5220fb-dfb3-43bb-d66f-08dc3fb66398 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: cYo+o2by4zElFuii+bURjcMA4ohQ7Dlff9xeyPMBIArDWLggNMuLt5LsAYgl33/SytYQFoSKBYGYIoPmsndoACuBm9zQFFuAyOWqetvmhiFHq7JZcjs8bvX6GBuobvCkITs9eXvHwOuCbw0e42xvqwsp8+9NJBE/ocoeAEGFOIc5chSxByvykFUGqdZj7vj6CNtE8+WBGpnmTvyiCPdx/asU4HtM359WCaAXyMD65vCaqkseEWD5JRMjx6P2S54dz0dyjrEkRzlMFxTJjCxdrt282kyJ4uwxjUgG3vKTx37Lk5PW5heyrewNh4juynC83VxfGO4lTbAFvwFooVmgw9mHp6QYTq/TvJl6fCoPzsSkokhhvByeVnDhJaKZ+VaEYhBlKGTgLmsIMkmDX1afUcHZoBi5E/UaSv2FTgDl5LkIOZyighZNlHzjxcMaPSz2230uAz/KKp0kbqg3q/jPV2MFPMz82+NdfbzuSV54BtM/qSbgKxKMBzCXazrqsbspp/71UYRsGrP8j7j7pSJfSgly1IO8wXIwBaQ70EYQLegT2iLDZQ/3JF0LhY3Vl9LTWE7h6Zc1wRGnTYsd8aTLZQx4GsAs94L+oz8/vtLW87DYDpapUpfnQOehMAgJpzilthCQBLGLzwRfH0vCI1yiIlXYoF6YM0t1a5LpEfb2kPO3OegSddh83TSUdEJ2FUOF x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?nqWPhOaVudtZqNh5Sp/o/i3leKQBGKLR2bY0sy3XcPOx0t7RvL7pLI2wCZrQ?= =?us-ascii?Q?jEKZi8TzLUklTsLSbnY82G2qWj8AleOP/kaYQy2IRptY9HoL0R/uKGJNfxyH?= =?us-ascii?Q?Bpa6jM37UlVlInI7LpM4XGLzXcnsNXWtAta44siwnkRPXs1R0Erl/ylUZOsw?= =?us-ascii?Q?b63tFjYxrObZIUJgtmYuYaOJuWX2nWkHVF5+5/jBPTS+1GIO+EuXqWn3Uw93?= =?us-ascii?Q?iWsh5Ip9Jo+QnreyouJi0WLgNsNNZSgHf1g3lotBYzx3yqY/t/FwQM/pwJ4r?= =?us-ascii?Q?N8es3J3xE1z4wUpWDiMbDkcqYqYDNuqatCqS1biC0O4cE0gKr0dyNyK+js90?= =?us-ascii?Q?fJQ4zV9k8loP0nUgreU6RMxX98BddnfhVlpe2QLdl3oJpCJDnrgjtXqPrivY?= =?us-ascii?Q?gq4y+yJW4/aKlMiHoS7sLbvZfmhUQDBdLKrjt2Q6OTBvOvzjoLGRVYGOKUpR?= =?us-ascii?Q?UswlwrVwJdQdFoAGSqLF2X2e/bG/RolGUhFT4vjr8N2omETV1kJvw8nTWjFX?= =?us-ascii?Q?Mton7iqjiL7gcW0ch/3HzyD+J9TTY1DrjRHIGz7TvKX7UtF+z5zbAJqyyRxF?= =?us-ascii?Q?kDV9gZo/12BEnDKcuO7Ktb2RwjoGlCnWWye0nmEpjVUf+NJQQpN83HCH56FW?= =?us-ascii?Q?FXwXPIAvKr47WuiCQN/3HHQzuILuPK8VnJ0x+PTngkQR3qJTyM558jlQNTlr?= =?us-ascii?Q?vZMX3Pr2uO5vbk2INha1qCn+2Xpowi7Chpk26rL0dJdrcoWw90midNEJhE9r?= =?us-ascii?Q?tlE5O82sLUmhglmXpQsXAKtV59/MajLBxUNOy+GbZ13ot92OneU6o4tpXr4+?= =?us-ascii?Q?50VLoctiwM0514Wkp6aD9Idm6aLg3p7QxVPnDU/VzKmtVfPMgwLyaeh+P1mz?= =?us-ascii?Q?6T50kmPduTx1GjT8Gs6foFef6jETd8LmuT+EkP0ymDwevoq0ZYSHwFz+eqGm?= =?us-ascii?Q?UJXqqJWVEfasa+sYrA4+NkmzyRMc3+kc/HkPB/nhDk5ngkdErWwKqNsZT3xI?= =?us-ascii?Q?llHMzaY32ze3eCDg+3tF5VEY9OZIOjxyNf+7sbNCNls6I6lQeTDLDoGSbW7D?= =?us-ascii?Q?nT4kNZtd6BQPtXYXHVi/xtQkszls11M93ileETMXwrRo5J3yv2MMg2lX0OPg?= =?us-ascii?Q?8BlylawHPkNnNog5eGXyb7lejAy5tMa19cmrDc5EgRekmTkeTjCubWEkU08R?= =?us-ascii?Q?OlNEpewgrGyIghNvPs15OvP7FJ3sRg3QVAClzNfrH2i4bJrx9Pp8mOwVwFNv?= =?us-ascii?Q?eZgKe8yk1AhtgHAIzeoG3DzEl+TK0w14sijz/effg9d1Mptvp3Rc26AYcAul?= =?us-ascii?Q?+73zBBQkYppYGvASTt6qnuVa/6VvRw4FmKrEv9runrmRt3VONZ1bezPueWRe?= =?us-ascii?Q?JvIQaE2/NX+e3yZwASTYmQumRpJdrUVkfmgoi/npYu7K8do02z1m3eBhKZPo?= =?us-ascii?Q?SJIL1BDQXavPeFKLzGljfb49IZO9arsF6gpEu/U02zvCWwe9DyXsbeI/yttJ?= =?us-ascii?Q?sj+/a4+dTH0yOmSM18nK1eZAir1i/b0NVwrFa7O1Ztr4j/4rczX3vV+NodCa?= =?us-ascii?Q?E5vH/tXRA3buh9Tyff0ihKcgHf7sdXbT/K5VOBsfldWhw/ziMgyhsJCQNjcI?= =?us-ascii?Q?aA=3D=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4929.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0b5220fb-dfb3-43bb-d66f-08dc3fb66398 X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Mar 2024 21:26:16.7276 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: bLbOnIDuyyW8ANUd6EA+XEX0FTJ3zidoGH1wALNsnaE/D3L+5AZECsdWnq7vOM9DqcbXuNxQXxg8GfJzazFZdFWyS8e6TbtwpG24TlEbikU= X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR11MB7419 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,michael.d.kinney@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: M5uNEGZWf1qkAj1b6s1VlcV0x7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=ecAm85Mx; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none) >From this CI run, you can see there are other packages impacted by this change. Missing RngLib mappings. Is this expected? https://dev.azure.com/tianocore/edk2-ci/_build/results?buildId=3D120372&vie= w=3Dlogs&jobId=3D56079008-74ef-5d1a-7db6-78cd637f5fd1&j=3D56079008-74ef-5d1= a-7db6-78cd637f5fd1&t=3D717a0b6b-5e6c-5b81-aea3-d574ed7b6a91 Please update patches to address all these failures and resend to mailing l= ist. Thanks, Mike > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Michael > D Kinney > Sent: Friday, March 8, 2024 1:12 PM > To: Kasbekar, Saloni ; Santhosh Kumar V > ; devel@edk2.groups.io > Cc: Sivaraman Nainar ; Raj V Akilan > ; Mathews, John ; Clark- > williams, Zachary ; Kinney, Michael D > > Subject: Re: [edk2-devel] [PATCH] NetworkPkg Update Security Patch >=20 > Acked-by: Michael D Kinney >=20 > > -----Original Message----- > > From: Kasbekar, Saloni > > Sent: Wednesday, February 7, 2024 2:58 PM > > To: Santhosh Kumar V ; devel@edk2.groups.io > > Cc: Sivaraman Nainar ; Raj V Akilan > > ; Kinney, Michael D ; > > Mathews, John ; Clark-williams, Zachary > > > > Subject: RE: [PATCH] NetworkPkg Update Security Patch > > > > Reviewed-by: Saloni Kasbekar > > > > -----Original Message----- > > From: Santhosh Kumar V > > Sent: Saturday, February 3, 2024 2:11 AM > > To: devel@edk2.groups.io; Santhosh Kumar V > > Cc: Sivaraman Nainar ; Raj V Akilan > > ; Kinney, Michael D ; > > Kasbekar, Saloni ; Mathews, John > > ; Clark-williams, Zachary > williams@intel.com> > > Subject: [PATCH] NetworkPkg Update Security Patch > > > > Update Security patch for Bug 4541 (Predictable TCP ISNs) > > > > Cc: Saloni Kasbekar > > Cc: Zachary Clark-williams > > > > Signed-off-by: SanthoshKumar > > --- > > NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 21 ++++++++++++++------ > - > > NetworkPkg/Library/DxeNetLib/DxeNetLib.inf | 2 +- > > NetworkPkg/TcpDxe/TcpDxe.inf | 1 + > > NetworkPkg/TcpDxe/TcpMain.h | 1 + > > NetworkPkg/TcpDxe/TcpMisc.c | 7 ++++++- > > NetworkPkg/TcpDxe/TcpTimer.c | 8 +++++--- > > 6 files changed, 28 insertions(+), 12 deletions(-) > > > > diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c > > b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c > > index fd4a9e15a8..d3cc8a59d4 100644 > > --- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c > > +++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c > > @@ -31,6 +31,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > #include > > > > #include > > > > #include > > > > +#include > > > > > > > > #define NIC_ITEM_CONFIG_SIZE (sizeof (NIC_IP4_CONFIG_INFO) + sizeof > > (EFI_IP4_ROUTE_TABLE) * MAX_IP4_CONFIG_IN_VARIABLE) > > > > #define DEFAULT_ZERO_START ((UINTN) ~0) > > > > @@ -902,14 +903,20 @@ NetRandomInitSeed ( > > EFI_TIME Time; > > > > UINT32 Seed; > > > > UINT64 MonotonicCount; > > > > + UINT32 RandomVal; > > > > + > > > > + if ( TRUE =3D=3D GetRandomNumber32(&RandomVal)) > > > > + Seed =3D RandomVal; > > > > + else > > > > + { > > > > + gRT->GetTime (&Time, NULL); > > > > + Seed =3D (Time.Hour << 24 | Time.Day << 16 | Time.Minute << 8 | > > + Time.Second); > > > > + Seed ^=3D Time.Nanosecond; > > > > + Seed ^=3D Time.Year << 7; > > > > > > > > - gRT->GetTime (&Time, NULL); > > > > - Seed =3D (Time.Hour << 24 | Time.Day << 16 | Time.Minute << 8 | > > Time.Second); > > > > - Seed ^=3D Time.Nanosecond; > > > > - Seed ^=3D Time.Year << 7; > > > > - > > > > - gBS->GetNextMonotonicCount (&MonotonicCount); > > > > - Seed +=3D (UINT32)MonotonicCount; > > > > + gBS->GetNextMonotonicCount (&MonotonicCount); > > > > + Seed +=3D (UINT32)MonotonicCount; > > > > + } > > > > > > > > return Seed; > > > > } > > > > diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf > > b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf > > index 8145d256ec..2c800b7c00 100644 > > --- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf > > +++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf > > @@ -43,7 +43,7 @@ > > MemoryAllocationLib > > > > DevicePathLib > > > > PrintLib > > > > - > > > > + RngLib > > > > > > > > [Guids] > > > > gEfiSmbiosTableGuid ## > SOMETIMES_CONSUMES > > ## SystemTable > > > > diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf > > b/NetworkPkg/TcpDxe/TcpDxe.inf index c0acbdca57..99c093600f 100644 > > --- a/NetworkPkg/TcpDxe/TcpDxe.inf > > +++ b/NetworkPkg/TcpDxe/TcpDxe.inf > > @@ -67,6 +67,7 @@ > > DpcLib > > > > NetLib > > > > IpIoLib > > > > + RngLib > > > > > > > > > > > > [Protocols] > > > > diff --git a/NetworkPkg/TcpDxe/TcpMain.h > b/NetworkPkg/TcpDxe/TcpMain.h > > index c0c9b7f46e..f94598b6ba 100644 > > --- a/NetworkPkg/TcpDxe/TcpMain.h > > +++ b/NetworkPkg/TcpDxe/TcpMain.h > > @@ -16,6 +16,7 @@ > > #include > > > > #include > > > > #include > > > > +#include > > > > > > > > #include "Socket.h" > > > > #include "TcpProto.h" > > > > diff --git a/NetworkPkg/TcpDxe/TcpMisc.c > b/NetworkPkg/TcpDxe/TcpMisc.c > > index c93212d47d..4d33dd6ad6 100644 > > --- a/NetworkPkg/TcpDxe/TcpMisc.c > > +++ b/NetworkPkg/TcpDxe/TcpMisc.c > > @@ -516,7 +516,12 @@ TcpGetIss ( > > VOID > > > > ) > > > > { > > > > - mTcpGlobalIss +=3D TCP_ISS_INCREMENT_1; > > > > + UINT32 RandomVal; > > > > + if ( TRUE =3D=3D GetRandomNumber32(&RandomVal)) > > > > + mTcpGlobalIss +=3D RandomVal; > > > > + else > > > > + mTcpGlobalIss +=3D TCP_ISS_INCREMENT_1; > > > > + > > > > return mTcpGlobalIss; > > > > } > > > > > > > > diff --git a/NetworkPkg/TcpDxe/TcpTimer.c > > b/NetworkPkg/TcpDxe/TcpTimer.c index 5d2e124977..3370e6b264 100644 > > --- a/NetworkPkg/TcpDxe/TcpTimer.c > > +++ b/NetworkPkg/TcpDxe/TcpTimer.c > > @@ -481,10 +481,12 @@ TcpTickingDpc ( > > LIST_ENTRY *Next; > > > > TCP_CB *Tcb; > > > > INT16 Index; > > > > - > > > > + UINT32 RandomVal; > > > > mTcpTick++; > > > > - mTcpGlobalIss +=3D TCP_ISS_INCREMENT_2; > > > > - > > > > + if ( TRUE =3D=3D GetRandomNumber32(&RandomVal)) > > > > + mTcpGlobalIss +=3D RandomVal > > > > + else > > > > + mTcpGlobalIss +=3D TCP_ISS_INCREMENT_2; > > > > // > > > > // Don't use LIST_FOR_EACH, which isn't delete safe. > > > > // > > > > -- > > 2.42.0.windows.2 > > -The information contained in this message may be confidential and > > proprietary to American Megatrends (AMI). This communication is > > intended to be read only by the individual or entity to whom it is > > addressed or by their designee. If the reader of this message is not > > the intended recipient, you are on notice that any distribution of > this > > message, in any form, is strictly prohibited. Please promptly notify > > the sender by reply e-mail or by telephone at 770-246-8600, and then > > delete or destroy all copies of the transmission. >=20 >=20 >=20 >=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116553): https://edk2.groups.io/g/devel/message/116553 Mute This Topic: https://groups.io/mt/104167647/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-