From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.109]) by mx.groups.io with SMTP id smtpd.web10.499.1586561773450972488 for ; Fri, 10 Apr 2020 16:36:13 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@microsoft.com header.s=selector2 header.b=El5v94KO; spf=pass (domain: microsoft.com, ip: 40.107.244.109, mailfrom: bret.barkelew@microsoft.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nc1E6VffCHH7DfdAhfof+EMO3nX0WdnZz/K8dpJ2ow0K0uihP28kLHks2fKD+TlD965edK5jEzg6agr+QYzttvtBBc1Mp0BY0oYSUHNaBaa8cO40HFYIwy8IMwzZ8KdulvxOhDyzdh4i22uYzfaVc4DI+ufrdacWjcdcOXGPeZNtvvcBL2HqJdIb72e4UesQD9o2D6SNw8u9pDEGITR993tUL8lAgQbOgnb2iliJCpvkfPvARmpP+AGQk1vnsgZI13Vxr4MysnZbj12N927RP4jXSNfQgx0bZKfKbQtMXVMyRO1Ox1Sj5n3+uTVXvWW7/eyxZiHv+HemY86PEXZ/Ig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IIaclqc6UNrnvNmklHwaUJt+v7q4znPSgiY3BjxrB28=; b=dJR35Oh+HV/ljKgYeGTK0PIgGR+cIJG7iBHpzkOE/ucUF96yd3O9hR98iQLddzluwrEPhbAp6tBb4ICoMdGxyX+a5FMY8N2VzccwTgBGUEcsmALUVU660tnSXOCqUqiHvj58UOMVCN32xQCZXAPoxHroQIhmt/1/EyJnLZjNHotUpvmUhpLY8bWnlpyzj0Ra/Z0LAa+kmKnSxWKTFB/bDRjSIwO4PZMrIo006un5x25MzEvz9j4RUhsWl2MncfoyY6b4z7mEXlNuPMgSL464Kdu2htd8j1VQ79RaN1Rz+Y5uSf4Z6QbwHH1J5LIzCoAGQmkwGx37/9Bm+DQif+KVzA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IIaclqc6UNrnvNmklHwaUJt+v7q4znPSgiY3BjxrB28=; b=El5v94KO9q/om3NwLpqkqtoIV/U3+GuRbrafuDszrACsXMgTn+G6nVC0TAVmYfiqXNOVFoA/FFzMgcyuRxRU+DOx8WRMt8QqjujAeKOB+PzzIYlUb2Z0pZlB7mEyMealfe28Us7FMq3eijCXmaEYzw7sDsBCdOlcLoNxsVLplkw= Received: from CY4PR21MB0743.namprd21.prod.outlook.com (2603:10b6:903:b2::9) by CY4PR21MB0790.namprd21.prod.outlook.com (2603:10b6:903:13b::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.2; Fri, 10 Apr 2020 23:36:11 +0000 Received: from CY4PR21MB0743.namprd21.prod.outlook.com ([fe80::90d:10d9:c5bc:5318]) by CY4PR21MB0743.namprd21.prod.outlook.com ([fe80::90d:10d9:c5bc:5318%12]) with mapi id 15.20.2921.009; Fri, 10 Apr 2020 23:36:11 +0000 From: "Bret Barkelew" To: "devel@edk2.groups.io" , "michael.kubacki@outlook.com" CC: Dandan Bi , Hao A Wu , Jian J Wang , Kun Qin , Liming Gao Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] MdeModulePkg/ReportStatusCodeRouter: Revert end pointer on out of resources Thread-Topic: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] MdeModulePkg/ReportStatusCodeRouter: Revert end pointer on out of resources Thread-Index: AQHWD3mjz0L5Nm1tHEy1jOqmdqUzVqhzApyV Date: Fri, 10 Apr 2020 23:36:11 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-04-10T23:35:55.7405292Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Privileged authentication-results: spf=none (sender IP is ) smtp.mailfrom=Bret.Barkelew@microsoft.com; x-originating-ip: [71.212.145.195] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 9c63a938-5358-4727-7639-08d7dda7f3b0 x-ms-traffictypediagnostic: CY4PR21MB0790:|CY4PR21MB0790: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:3276; x-forefront-prvs: 0369E8196C x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR21MB0743.namprd21.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(10019020)(4636009)(136003)(39860400002)(376002)(396003)(366004)(346002)(7696005)(8990500004)(76116006)(66946007)(8676002)(26005)(186003)(82950400001)(33656002)(91956017)(8936002)(53546011)(82960400001)(6506007)(71200400001)(66476007)(4326008)(52536014)(478600001)(5660300002)(54906003)(966005)(10290500003)(2906002)(316002)(66446008)(81156014)(66556008)(55016002)(64756008)(86362001)(110136005)(9686003);DIR:OUT;SFP:1102; received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: mw4nxAUATbKADcpf7iHGyYvcXiBYxbZjjymjWrE3eTIIZq4s8akyZRg+lrQcEpR0TusS8Br5Og46MZVtR3DQPKew9pPX7zE04l1a8i9mefWzkY0HwZNNKCGTGajYLbaFYEu4t/pqN+NE4+Orjh6DUybUomAM25IW3JDBoJoQ+m7QdDThegttsIkUz4pwRrLA6n6Ni06vRGSyCl6VikSjsBwME+ZJB8b0ruVQkfzX2XmB8N+6+yv9NaSgCDUh2ui6uXxF9lhknhZveuSeOOPOKZ/d+o7WVo88JNMnkSmUw6uPQ2NW2TUjBP2qcDvkpa7cPRDawy3u03RisHl9omv7X6AySyOoNSz6axB+zsw7UQ/U8PEjl7g79JLlZ02vlliuMRitnhMLT69Kc+ipwAgXEXskk3qDMD8oMo5W6liMVJJLYvSwTvjsajsGfdBKMabrekfG1IEDrpzBHTKaiaYx9D/yzB04KvtmV7O/c8br827qN7nEUAWUNRejaOAip7hT1Djhb2oRZ0HwS8WBmJa4wA== x-ms-exchange-antispam-messagedata: M6BT+upft4wu2muF58tk9US2usM7I3g+zPOl5y5ewxHiNmbMU6t6zoJ2SomclWrrB1xjDQp6feJE3JwXHMaN1rkgDR2ju1BHKkA0sAZhcAbdzFhytPFt0V9lOeC6cWAYpFo6+fzpNjI5dJHxIDGqVQ== MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9c63a938-5358-4727-7639-08d7dda7f3b0 X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Apr 2020 23:36:11.2230 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: SkSyAchNkM+Xjj1JkihY4Mqeio33AwJRa9vZJcBRSnB1WsnJmh5iLT8n6f+81AxPMr/shWM3jqy6Tg8pZxnIdA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0790 Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_CY4PR21MB07435BDF61691F0EBC9F6E65EFDE0CY4PR21MB0743namp_" --_000_CY4PR21MB07435BDF61691F0EBC9F6E65EFDE0CY4PR21MB0743namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Bret Barkelew - Bret ________________________________ From: devel@edk2.groups.io on behalf of Michael Kub= acki via groups.io Sent: Friday, April 10, 2020 1:49:43 PM To: devel@edk2.groups.io Cc: Dandan Bi ; Hao A Wu ; Jian J= Wang ; Kun Qin ; Liming Gao = Subject: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] MdeModulePkg/ReportStatusC= odeRouter: Revert end pointer on out of resources From: Michael Kubacki REF:https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fbu= gzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2665&data=3D02%7C01%7CBret.B= arkelew%40microsoft.com%7C8988b636b43e4995d80e08d7dd90c4c3%7C72f988bf86f141= af91ab2d7cd011db47%7C1%7C0%7C637221486155078843&sdata=3DKThR4bmsvAUPu%2= BZctos953V2986BbpZxumnlWWcyGnY%3D&reserved=3D0 ReportDispatcher() is called by a software module to report a status code. The interface is generic and can be called frequently throughout the boot under various conditions. A certain set of conditions can cause the currently implemented algorithm for resource exhaustion to fail. A sample scenario: 1. ReportStatusCode() is called at a TPL higher than one of the registered status code listeners making the call to the listener deferred until TPL is lowered. 2. Additional calls to ReportStatusCode() occur, so the data buffer continues to expand. 3. A call to ReportStatusCode() is made from within a memory allocation call (e.g. CoreAllocatePoolPages ()) which is protected from re- entrancy with mPoolMemoryLock. This will cause the ReallocatePool() call in ReportDispatcher() to fail. Because the end pointer was already moved to account for the data size, the end pointer is now moved beyond the buffer and invalid. This commit saves the original end pointer value into a local variable called "FailSafeEndPointer" which tracks a safe end pointer to revert to in the case the allocated buffer size (CallbackEntry->EndPointer - CallbackEntry->StatusCodeDataBuffer) is still not large enough for the data. Cc: Dandan Bi Cc: Hao A Wu Cc: Jian J Wang Cc: Kun Qin Cc: Liming Gao Signed-off-by: Michael Kubacki --- MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCode= RouterRuntimeDxe.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/Repo= rtStatusCodeRouterRuntimeDxe.c b/MdeModulePkg/Universal/ReportStatusCodeRou= ter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.c index 6ca7e180ebb3..d7dc0a75ac83 100644 --- a/MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatu= sCodeRouterRuntimeDxe.c +++ b/MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatu= sCodeRouterRuntimeDxe.c @@ -3,6 +3,7 @@ and Status Code Runtime Protocol. Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+ Copyright (c) Microsoft Corporation.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -237,6 +238,7 @@ ReportDispatcher ( RSC_DATA_ENTRY *RscData; EFI_STATUS Status; VOID *NewBuffer; + EFI_PHYSICAL_ADDRESS FailSafeEndPointer; // // Use atom operation to avoid the reentant of report. @@ -267,6 +269,7 @@ ReportDispatcher ( // If callback is registered with TPL lower than TPL_HIGH_LEVEL, even= t must be signaled at boot time to possibly wait for // allowed TPL to report status code. Related data should also be sto= red in data buffer. // + FailSafeEndPointer =3D CallbackEntry->EndPointer; CallbackEntry->EndPointer =3D ALIGN_VARIABLE (CallbackEntry->EndPoin= ter); RscData =3D (RSC_DATA_ENTRY *) (UINTN) CallbackEntry->EndPointer; CallbackEntry->EndPointer +=3D sizeof (RSC_DATA_ENTRY); @@ -285,6 +288,7 @@ ReportDispatcher ( (VOID *) (UINTN) CallbackEntry->StatusCodeDataBuffe= r ); if (NewBuffer !=3D NULL) { + FailSafeEndPointer =3D (EFI_PHYSICAL_ADDRESS) (UINTN) NewBuffer= + (FailSafeEndPointer - CallbackEntry->StatusCodeDataBuffer); CallbackEntry->EndPointer =3D (EFI_PHYSICAL_ADDRESS) (UINTN) Ne= wBuffer + (CallbackEntry->EndPointer - CallbackEntry->StatusCodeDataBuffer)= ; CallbackEntry->StatusCodeDataBuffer =3D (EFI_PHYSICAL_ADDRESS) = (UINTN) NewBuffer; CallbackEntry->BufferSize *=3D 2; @@ -296,6 +300,7 @@ ReportDispatcher ( // If data buffer is used up, do not report for this time. // if (CallbackEntry->EndPointer > (CallbackEntry->StatusCodeDataBuffer = + CallbackEntry->BufferSize)) { + CallbackEntry->EndPointer =3D FailSafeEndPointer; continue; } -- 2.16.3.windows.1 --_000_CY4PR21MB07435BDF61691F0EBC9F6E65EFDE0CY4PR21MB0743namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Reviewed-by: Bret Barkelew <bret.barkelew@micros= oft.com>

 

- Bret

 

From: devel@edk2.groups.io= <devel@edk2.groups.io> on behalf of Michael Kubacki via groups.io &l= t;michael.kubacki=3Doutlook.com@groups.io>
Sent: Friday, April 10, 2020 1:49:43 PM
To: devel@edk2.groups.io <devel@edk2.groups.io>
Cc: Dandan Bi <dandan.bi@intel.com>; Hao A Wu <hao.a.wu@in= tel.com>; Jian J Wang <jian.j.wang@intel.com>; Kun Qin <Kun.Qin= @microsoft.com>; Liming Gao <liming.gao@intel.com>
Subject: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] MdeModulePkg/Report= StatusCodeRouter: Revert end pointer on out of resources
 
From: Michael Kubacki <michael.kubacki@microso= ft.com>

REF:https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fbu= gzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2665&amp;data=3D02%7C01%7CBr= et.Barkelew%40microsoft.com%7C8988b636b43e4995d80e08d7dd90c4c3%7C72f988bf86= f141af91ab2d7cd011db47%7C1%7C0%7C637221486155078843&amp;sdata=3DKThR4bm= svAUPu%2BZctos953V2986BbpZxumnlWWcyGnY%3D&amp;reserved=3D0

ReportDispatcher() is called by a software module to report a status code.=
The interface is generic and can be called frequently throughout the boot<= br> under various conditions. A certain set of conditions can cause the
currently implemented algorithm for resource exhaustion to fail. A sample<= br> scenario:

1. ReportStatusCode() is called at a TPL higher than one of the registered=
   status code listeners making the call to the listener deferre= d until
   TPL is lowered.
2. Additional calls to ReportStatusCode() occur, so the data buffer
   continues to expand.
3. A call to ReportStatusCode() is made from within a memory allocation    call (e.g. CoreAllocatePoolPages ()) which is protected from = re-
   entrancy with mPoolMemoryLock. This will cause the Reallocate= Pool()
   call in ReportDispatcher() to fail. Because the end pointer w= as already
   moved to account for the data size, the end pointer is now mo= ved
   beyond the buffer and invalid.

This commit saves the original end pointer value into a local variable
called "FailSafeEndPointer" which tracks a safe end pointer to r= evert to
in the case the allocated buffer size (CallbackEntry->EndPointer -
CallbackEntry->StatusCodeDataBuffer) is still not large enough for the<= br> data.

Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Kun Qin <Kun.Qin@microsoft.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
---
 MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatu= sCodeRouterRuntimeDxe.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/Repo= rtStatusCodeRouterRuntimeDxe.c b/MdeModulePkg/Universal/ReportStatusCodeRou= ter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.c
index 6ca7e180ebb3..d7dc0a75ac83 100644
--- a/MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatu= sCodeRouterRuntimeDxe.c
+++ b/MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe= /ReportStatusCodeRouterRuntimeDxe.c
@@ -3,6 +3,7 @@
   and Status Code Runtime Protocol.
 
   Copyright (c) 2009 - 2018, Intel Corporation. All rights rese= rved.<BR>
+  Copyright (c) Microsoft Corporation.<BR>
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -237,6 +238,7 @@ ReportDispatcher (
   RSC_DATA_ENTRY        = ;        *RscData;
   EFI_STATUS        &nb= sp;           Status;
   VOID         &nb= sp;            =     *NewBuffer;
+  EFI_PHYSICAL_ADDRESS       =    FailSafeEndPointer;
 
   //
   // Use atom operation to avoid the reentant of report.
@@ -267,6 +269,7 @@ ReportDispatcher (
     // If callback is registered with TPL lower than = TPL_HIGH_LEVEL, event must be signaled at boot time to possibly wait for      // allowed TPL to report status code. Related dat= a should also be stored in data buffer.
     //
+    FailSafeEndPointer =3D CallbackEntry->EndPointe= r;
     CallbackEntry->EndPointer  =3D ALIGN_VARI= ABLE (CallbackEntry->EndPointer);
     RscData =3D (RSC_DATA_ENTRY *) (UINTN) CallbackEn= try->EndPointer;
     CallbackEntry->EndPointer +=3D sizeof (RSC= _DATA_ENTRY);
@@ -285,6 +288,7 @@ ReportDispatcher (
            &n= bsp;          (VOID *) (UINTN)= CallbackEntry->StatusCodeDataBuffer
            &n= bsp;          );
         if (NewBuffer !=3D NULL) = {
+          FailSafeEndPoi= nter =3D (EFI_PHYSICAL_ADDRESS) (UINTN) NewBuffer + (FailSafeEndPointer= - CallbackEntry->StatusCodeDataBuffer);
           CallbackEntry= ->EndPointer =3D (EFI_PHYSICAL_ADDRESS) (UINTN) NewBuffer + (Callbac= kEntry->EndPointer - CallbackEntry->StatusCodeDataBuffer);
           CallbackEntry= ->StatusCodeDataBuffer =3D (EFI_PHYSICAL_ADDRESS) (UINTN) NewBuffer;
           CallbackEntry= ->BufferSize *=3D 2;
@@ -296,6 +300,7 @@ ReportDispatcher (
     // If data buffer is used up, do not report for t= his time.
     //
     if (CallbackEntry->EndPointer > (CallbackEn= try->StatusCodeDataBuffer + CallbackEntry->BufferSize)) {
+      CallbackEntry->EndPointer =3D FailS= afeEndPointer;
       continue;
     }
 
--
2.16.3.windows.1




--_000_CY4PR21MB07435BDF61691F0EBC9F6E65EFDE0CY4PR21MB0743namp_--