From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web11.3043.1688692470875791072 for ; Thu, 06 Jul 2023 18:14:31 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=jyJdGtzj; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: isaac.w.oram@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1688692470; x=1720228470; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=2cDx7WRaKzXIEOA4IcjSiHROYR6HvekyV1MmoDYACo8=; b=jyJdGtzjOBx9iAK/hPFbEPaiMKKBTTEXVrGZUGxQK/vmfB12VK+PlVVf YoU2PY6qnjiK/1rMgodV3JYSCXQdNcELcvunIrx2urSY0GuOSJGUvH79+ GKqt08k1Lo39OVAnAe1h8FWdIscz+AqKDxfEvNcg4I9W8wNdo1DdW+aog DQw5CRqS+qTi6la4IygoIVeO+sT29mQ9VUzgr/Ey6hpZnFxKyUoP7iT0D kLtgUrltyQNis/hlWLbiEsmcjZtUl3IioVIOP6NVR6HYex70MZPzcB06k d9gmqn7jonBgq+pdwd/SIyAoipD/jly2YIsbQbQ8MO8Sob7M7vUYlvnrL A==; X-IronPort-AV: E=McAfee;i="6600,9927,10763"; a="427449479" X-IronPort-AV: E=Sophos;i="6.01,187,1684825200"; d="scan'208";a="427449479" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Jul 2023 18:14:27 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10763"; a="1050326828" X-IronPort-AV: E=Sophos;i="6.01,187,1684825200"; d="scan'208";a="1050326828" Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by fmsmga005.fm.intel.com with ESMTP; 06 Jul 2023 18:14:27 -0700 Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Thu, 6 Jul 2023 18:14:26 -0700 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27 via Frontend Transport; Thu, 6 Jul 2023 18:14:26 -0700 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.177) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.27; Thu, 6 Jul 2023 18:14:26 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=a49FCwsTZ18ScwARSu6vxrYPSAestnTdF8PL3JgNdzgLsu9ML7hguvHcfvOmkgMTdcSf8OFICn2aYaflz5kyTysh7JrmCTtnGJsQroHTRgjujEGfM5OJXg6p+N4JxaIJB4OMfn2A5edUs1UEBvxIUFI3Y9mhY8+/Brd+pm7huSZX5arIQDiph+wU8VeUboQrba1lq68S/lye4H3980dDr9A/GYrfim2h6xUyPnN9vJLgIBokzls9m7090qwjaVQ/4p+TVM82D6SEU7oNw865YekGiTEpO5Bahw0cJ708jf0Uv70OYQzFlFsve7XEx0e2taLu+kt9vcA6B75ZMci+Tg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rSg08GJLlZfpIxT4Auk6zWZnGlpgsEKsRNdZMTRPl9o=; b=T56oyJ6urLw9A+l5ycFAU5wL9O9aZXdwildFiRvF4ooLzHfMEEiZ8liLCCIOxWfB8pfhZBkt4C9+Eq/A8PCrbEbyK3RjkB3LAnviq2MSpi1DPvSfqrkwye81mKVgp/SPOZUOO01QZxFrPUFZFiqcj3EHlpInbIGTUFm1xRGSTs+8ISuoSt0SFx8uvMA9w5tdoQtpT73YIN75qZSIL/nHLNF11XrfZnBP58YQ3wkCHq4HR1MH6WVWqrYEeRQ/6gIgRbglxjSIN4VCJSFgYschUF7rQ3muqzfRaw4ihzItGPgp+dNoY+xOXRK7xPQd3NUg9k9EOEH0ivXUm1iBXHAxDw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from SA1PR11MB5801.namprd11.prod.outlook.com (2603:10b6:806:23d::13) by MN0PR11MB6012.namprd11.prod.outlook.com (2603:10b6:208:373::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6565.17; Fri, 7 Jul 2023 01:14:23 +0000 Received: from SA1PR11MB5801.namprd11.prod.outlook.com ([fe80::ba9b:b98b:c9f2:b32]) by SA1PR11MB5801.namprd11.prod.outlook.com ([fe80::ba9b:b98b:c9f2:b32%7]) with mapi id 15.20.6565.016; Fri, 7 Jul 2023 01:14:23 +0000 From: "Isaac Oram" To: "devel@edk2.groups.io" , "Oram, Isaac W" , "mikuback@linux.microsoft.com" CC: "Chiu, Chasel" , "Desimone, Nathaniel L" , "Gao, Liming" , "Dong, Eric" , "Lautner, Kenneth" Subject: Re: [edk2-devel] [edk2-platforms][PATCH v1 1/1] MinPlatformPkg: Add Mem Type Info variable validity checks Thread-Topic: [edk2-devel] [edk2-platforms][PATCH v1 1/1] MinPlatformPkg: Add Mem Type Info variable validity checks Thread-Index: AQHZr61MfedgLkOczUeFlhSCPDXCza+sC5jwgAF1vtA= Date: Fri, 7 Jul 2023 01:14:23 +0000 Message-ID: References: <20230706015726.269-1-mikuback@linux.microsoft.com> <176F27E11435C093.24383@groups.io> In-Reply-To: <176F27E11435C093.24383@groups.io> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SA1PR11MB5801:EE_|MN0PR11MB6012:EE_ x-ms-office365-filtering-correlation-id: 6eeb5722-fd49-435d-280c-08db7e87800a x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 5pgKde1vONoxL4xtpWDUvlAwNrKza/zcWFaBJPtDGY8Fl4fMUtizOWGu4I9usrHJ2iCnayzJXYrUvBy8BKOZbdEZNI3lonIPTlPJlBB9+70m6/JxfLxZi4ASUwFti9FYqhsJd37gAo7Qm5oUjI13GwjdtGaPGsThJhqPx02HWTnv83D0RwYoud0Tcvmb9bRjzNWbekX5EdXjXzk8iEwHkCgll+KKF8qJzKGnBGN+FMaDJGoNkmCaX3SZRCGs6yu1Mnv4CciZ74VWs5tvriwAnJjMtsnf1DH4PoQX7YR338zJ4LLlW/ruRvsSEigCsnK1B9Ap6U2IQbUh8ITSwEmLA2ZodqjQ7tNj1AoElYDIsw/SP6mNj0oMX4G4j4Da755OPqY1YL1ACHkKpi+i7+86DIG+sJGrC05OMKAtqxofeZT6Pz/E8S9lkkoRvvJGAeDGn7rDYb54w8FKpmDHeowNFHnJXgJ6TYmEsAY/jV2m3jtvD/mcY6ermEEiVoV4NckvL5UwikbiWqaRBbCT0zebx/RLNbwjN3cyKUe+xHGApgZuFvjZheOPFkXPmmIX8TC3OxJVUF9MhJbY3CLdTpf+kTAjVIv7mmyih8OJ892L4g48dZ0zGTOflvKHGaR+LwAK9NP+aq7+lEXVVogwIKqWCA== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SA1PR11MB5801.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(346002)(39860400002)(136003)(376002)(366004)(396003)(451199021)(38070700005)(86362001)(33656002)(2906002)(5660300002)(52536014)(66899021)(55016003)(38100700002)(966005)(9686003)(83380400001)(186003)(53546011)(6506007)(7696005)(54906003)(122000001)(66476007)(478600001)(66946007)(110136005)(82960400001)(76116006)(316002)(4326008)(26005)(64756008)(66446008)(71200400001)(66556008)(8936002)(8676002)(41300700001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?WplW587ArMi6VkmbDKfPxv+TF9J3gHws+wi/xj4uwTP1TGK1jL7naWHtUkjY?= =?us-ascii?Q?KiYJa5815hTpexgct5GFyVZVGR76B57JsKmmdlKa98vDyXN4ZLnCgsSBMvxn?= =?us-ascii?Q?bfplR3VkZMcT5UuVYdBU5exRHj0FRI6S6VLwiwM9LWGqVGJLI5Roh0DbLfIf?= =?us-ascii?Q?510/k8N45EjwlCVReduoowrGCwczKU3Ht2hPkMajknFbRs8UJmuDojB7ktCW?= =?us-ascii?Q?jiWV1bPdOe40npbXN4RRIByCrkAhM5TF9bvIF36/iqIB4gtko0VHNG+w5IMF?= =?us-ascii?Q?SiT1zyxehavhaoGhXLFEY//vw6o/I729Hs6Ki1fy5n4LrpB+eqPyAQ31dHIT?= =?us-ascii?Q?gfOrbhMylLnEewHvm6pKeEqqe/vdz0t24DwGHowg9CgVJGIMffa2ij7F+ile?= =?us-ascii?Q?uJijXfFWSMooNvN9HRAEGvpiAAX2tTnRZ4SB7mLyLxLX8epnmul2xtWFFT5v?= =?us-ascii?Q?pGfkhESmmytEMvPcBJxnENrLGWI+Q5nnZe3CpdGA2wzvDL0XeL4/gl886J2V?= =?us-ascii?Q?SVViF96XUZvyXlq1gZp/Q2MCAC7zVGXp51iRF0ojOzFLyHC1DWgU0vnWCkla?= =?us-ascii?Q?64SH5v0fvqDbvLQJDiSJ2qiQsn3C13uI2+YFP5R0ucwGvbr+9AyAOEvVHZww?= =?us-ascii?Q?lENRE016syRc68Yo3cUVbHIFVisOHolYAakBqzmpHuNCixPgMkeGlKZds02T?= =?us-ascii?Q?vzK4nYRpD7sct7/I79BqTrrnA+BicujFoZbz5hKm4tUaH6EPJWTkkowcDM6h?= =?us-ascii?Q?Ms/yltgTwDdg/ZAECiVrxSJQPKmg3SHUr3b9J3ONoEIjccxZ6fveRBR/nDCu?= =?us-ascii?Q?3xIfD2Y00bldt3VzcK45Hs4nOD0D/nAkiS1cbs3FSgDh7+Hg9xW6wxs7khAB?= =?us-ascii?Q?m9M5ypU2WcZatjccb1otHT4FTC7LmQgsEUjiVAIW919KgDqNwi8pARMsWAFG?= =?us-ascii?Q?1ObzPAu7Lrgpe+nalFWeSBX8Ex/7V5Zmiy1DYbb1vDMsC4utjXwvVKwhyZyE?= =?us-ascii?Q?8pnXbZrt+4IckkVn9Ym4aBWALsHwgfUqM/1uX5Urg+i8oSTgF065gIEX76yW?= =?us-ascii?Q?4lJcXhaShIqvCwB4m76DTvXtTUgzs4Od8mUlzaKmG4JKRDl0dmuUllO72kSm?= =?us-ascii?Q?HCXBae8jfoW309tOLGWmupnSKBRYCoHHvBqlVz5urDTiLziLbhBadYA3TwH6?= =?us-ascii?Q?bw753lruR+x3kFwZas4YlRcjHSJ9oPTsavnQUMfOTDZLj++W2SC1nXf95XHE?= =?us-ascii?Q?WKuaCJoDIHqqVxE+kLTteIaYn9osE07Ow6flzHL571daCaqatRko+82mxvhs?= =?us-ascii?Q?+73xHDeFNk4n0dSrdyWokFTxQ2E8jCGIuXkZcDedjMGhzl779+oXowE5xuzI?= =?us-ascii?Q?Mpc6nXOJoF7RVZy4iCgW2ltO6ivUWo939239KXY+V75TDNr/ymda1cAXR6uH?= =?us-ascii?Q?+xbD56T6UMXdacs8RXNBfkDwNk02SsjG5DIJjAXcNEFANMnn1XtQe91081hP?= =?us-ascii?Q?ix0pCyNtx4kzPdDaX+JFMTKwIWmFhS4BlfCgHHpZTyebA2JNvWzf6dwbQ1pg?= =?us-ascii?Q?bQL7SHWfS+UcZbBJJPh/8qmCXQv+5WjT2wSqF/FL?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SA1PR11MB5801.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6eeb5722-fd49-435d-280c-08db7e87800a X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Jul 2023 01:14:23.6401 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: FUVA22IWWGjHFfb6iyWClYu2gG0O9Zm1M2RT6GYXp9ErJMwEBgPolp4GyCzPjFonTdPHx9egcTLLj3+P5CgbRg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR11MB6012 Return-Path: isaac.w.oram@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Pushed as 87c40ac89b97eccac690762536db5376af15bb65 -----Original Message----- From: devel@edk2.groups.io On Behalf Of Isaac Oram Sent: Wednesday, July 5, 2023 7:57 PM To: devel@edk2.groups.io; mikuback@linux.microsoft.com Cc: Chiu, Chasel ; Desimone, Nathaniel L ; Gao, Liming ; Dong, Eric <= eric.dong@intel.com>; Lautner, Kenneth Subject: Re: [edk2-devel] [edk2-platforms][PATCH v1 1/1] MinPlatformPkg: Ad= d Mem Type Info variable validity checks Reviewed-by: Isaac Oram -----Original Message----- From: devel@edk2.groups.io On Behalf Of Michael Kuba= cki Sent: Wednesday, July 5, 2023 6:57 PM To: devel@edk2.groups.io Cc: Chiu, Chasel ; Desimone, Nathaniel L ; Oram, Isaac W ; Gao, Liming = ; Dong, Eric ; Lautner, Kenn= eth Subject: [edk2-devel] [edk2-platforms][PATCH v1 1/1] MinPlatformPkg: Add Me= m Type Info variable validity checks From: Michael Kubacki Adds some sanity checks around the Memory Type Information data restored fr= om the `EFI_MEMORY_TYPE_INFORMATION_VARIABLE_NAME` UEFI variable. This is particularly useful when the structures that the data was saved aga= inst have changed in the latest firmware image. For example, `EfiUnaccepted= MemoryType` was added to `EFI_MEMORY_TYPE` in edk2 commit `502c01c`. This incremented `EfiMaxMemoryType` by `1`. That change was first released in the `edk2-stable202211` stable tag. Firmware performing an update across those stable tags may encounter issues= depending on code implementation for handling `EfiMaxMemoryType` as a term= inating loop value. This change checks the size and max memory type saved i= n the UEFI variable to determine whether it is better to start from the def= aults and rebuild the UEFI variable data on the current boot. Cc: Chasel Chiu Cc: Nate DeSimone Cc: Isaac Oram Cc: Liming Gao Cc: Eric Dong Co-authored-by: Ken Lautner Signed-off-by: Michael Kubacki --- Platform/Intel/MinPlatformPkg/PlatformInit/PlatformInitPei/PlatformInitPre= Mem.c | 32 +++++++++++++++++--- 1 file changed, 28 insertions(+), 4 deletions(-) diff --git a/Platform/Intel/MinPlatformPkg/PlatformInit/PlatformInitPei/Pla= tformInitPreMem.c b/Platform/Intel/MinPlatformPkg/PlatformInit/PlatformInit= Pei/PlatformInitPreMem.c index d8c96b52f4b3..bc97711a02f6 100644 --- a/Platform/Intel/MinPlatformPkg/PlatformInit/PlatformInitPei/PlatformIn= itPreMem.c +++ b/Platform/Intel/MinPlatformPkg/PlatformInit/PlatformInitPei/Platfor +++ mInitPreMem.c @@ -164,18 +164,22 @@ BuildMemoryTypeInformation ( EFI_STATUS Status; EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariableServices; UINTN DataSize; + UINTN Index; EFI_MEMORY_TYPE_INFORMATION MemoryData[EfiMaxMemoryType + 1]; =20 // // Locate system configuration variable // - Status =3D PeiServicesLocatePpi( + Status =3D PeiServicesLocatePpi ( &gEfiPeiReadOnlyVariable2PpiGuid, // GUID 0, // INSTANCE NULL, // EFI_PEI_PPI_DESCRIPTOR (VOID **) &VariableServices // PPI ); - ASSERT_EFI_ERROR(Status); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return; + } =20 DataSize =3D sizeof (MemoryData); Status =3D VariableServices->GetVariable ( @@ -186,9 +190,29 @@ BuildMem= oryTypeInformation ( &DataSize, &MemoryData ); - if (EFI_ERROR(Status)) { + if (!EFI_ERROR (Status)) { + if (DataSize % sizeof (EFI_MEMORY_TYPE_INFORMATION) !=3D 0) { + DEBUG ((DEBUG_ERROR, "The UEFI Memory Type Information variable size= is inconsistent with this build.\n")); + Status =3D EFI_COMPROMISED_DATA; + } else { + // Loop through all except the last one and make sure it seems reaso= nable + for (Index =3D 0; Index < ((DataSize / sizeof (EFI_MEMORY_TYPE_INFOR= MATION)) - 1); Index++) { + if (MemoryData[Index].Type >=3D EfiMaxMemoryType) { + DEBUG ((DEBUG_ERROR, "UEFI Memory Type Information variable has = an invalid memory type.\n")); + Status =3D EFI_COMPROMISED_DATA; + } + } + // The last entry must be MaxMemoryType with size 0 + if ((MemoryData[Index].Type !=3D EfiMaxMemoryType) || (MemoryData[In= dex].NumberOfPages !=3D 0)) { + DEBUG ((DEBUG_ERROR, "UEFI Memory Type Information variable contai= ns an invalid last entry.\n")); + Status =3D EFI_COMPROMISED_DATA; + } + } + } + + if (EFI_ERROR (Status)) { DataSize =3D sizeof (mDefaultMemoryTypeInformation); - CopyMem(MemoryData, mDefaultMemoryTypeInformation, DataSize); + CopyMem (MemoryData, mDefaultMemoryTypeInformation, DataSize); } =20 /// -- 2.41.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106670): https://edk2.groups.io/g/devel/message/106670 Mute This Topic: https://groups.io/mt/99978201/1492418 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [isaac.w.oram@intel.com] = -=3D-=3D-=3D-=3D-=3D-=3D