From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 3241FD811B1 for ; Thu, 15 Feb 2024 08:45:22 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=Nc24SmL7YrZAEp57fuXTh3rvIbyKYGt0t2K85hM8H+s=; c=relaxed/simple; d=groups.io; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1707986720; v=1; b=Y8NNIYkrLiNygIj+/q6BE+tUhNtebfFScqhTzFLKAbFzBKWgv8uI7hElK0L9Y1rKuJTSfEVK uGqPIprD4cjUXOArmkPmpjO4uF83dnsj45+AOoBzFsuxaW5PhHQvm9/PreKECR8Y4UTrKXApnlH pdkr4GtbeOGsd58l49EkARpI= X-Received: by 127.0.0.2 with SMTP id XZFHYY7687511xDY7x8SOm5g; Thu, 15 Feb 2024 00:45:20 -0800 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.groups.io with SMTP id smtpd.web10.9913.1707986720085882365 for ; Thu, 15 Feb 2024 00:45:20 -0800 X-Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-279-zZz92HgIPMq0jfPmNgyPwQ-1; Thu, 15 Feb 2024 03:45:17 -0500 X-MC-Unique: zZz92HgIPMq0jfPmNgyPwQ-1 X-Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8C54385CBA3; Thu, 15 Feb 2024 08:45:01 +0000 (UTC) X-Received: from [10.39.192.112] (unknown [10.39.192.112]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4CBD51C060B1; Thu, 15 Feb 2024 08:44:59 +0000 (UTC) Message-ID: Date: Thu, 15 Feb 2024 09:44:58 +0100 MIME-Version: 1.0 Subject: Re: [edk2-devel] [edk2-stable202402 PATCH 1/2] UefiCpuPkg/PiSmmCpuDxeSmm: distinguish GetSmBase() failure modes To: "Kinney, Michael D" , Leif Lindholm , "devel@edk2.groups.io" , Leif Lindholm , "Andrew Fish (afish@apple.com)" , "Gao, Liming" Cc: "Tan, Dun" , Gerd Hoffmann , "Kumar, Rahul R" , "Ni, Ray" References: <20240213210918.16372-1-lersek@redhat.com> <20240213210918.16372-2-lersek@redhat.com> <5f807038-3e4b-0d82-6fee-37b81fd8e9f6@redhat.com> <8b4bffe9-2ac2-4a9f-873a-13a90f887b4a@quicinc.com> From: "Laszlo Ersek" In-Reply-To: X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.7 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: dx0M7K13uCJ03be2CLtYOBVrx7686176AA= Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=Y8NNIYkr; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none) On 2/14/24 18:26, Kinney, Michael D wrote: > Merged: https://github.com/tianocore/edk2/pull/5373 Thanks! Laszlo >=20 >> -----Original Message----- >> From: Leif Lindholm >> Sent: Wednesday, February 14, 2024 5:08 AM >> To: devel@edk2.groups.io; Kinney, Michael D >> ; lersek@redhat.com; Leif Lindholm >> ; Andrew Fish (afish@apple.com) >> ; Gao, Liming >> Cc: Tan, Dun ; Gerd Hoffmann ; >> Kumar, Rahul R ; Ni, Ray >> Subject: Re: [edk2-devel] [edk2-stable202402 PATCH 1/2] >> UefiCpuPkg/PiSmmCpuDxeSmm: distinguish GetSmBase() failure modes >> >> On 2024-02-14 03:43, Michael D Kinney wrote: >>> Hi Laszlo, >>> >>> Thank you for the quick fix. >>> >>> I have reviewed the changes. I agree they fix the issue at hand. >>> >>> Reviewed-by: Michael D Kinney >>> >>> I have adjusted the commit message with your suggested changes in >>> the PR I have prepared: >>> >>> https://github.com/tianocore/edk2/pull/5373 >>> >>> There may be better ways to organize this code in general to make >>> it easier to understand and maintain in the future, but we can >>> let Ray review that when he returns. That will also likely be a >>> much bugger change that can be accepted just before a release. >>> >>> I also approve this as a critical fix for edk2-stable202402 >>> >>> I will wait till tomorrow morning my time to see if Gerd and >>> Rahul and Leif can also provide their reviews/approvals and >>> to give me some time to run some tests. >> >> For the series: >> Reviewed-by: Leif Lindholm >> I'm happy for this to go into the stable tag. >> >> / >> Leif >> >>> I do not expect Ray Ni or Dun Tan to be available this week. >>> >>> Best regards, >>> >>> Mike >>> >>>> -----Original Message----- >>>> From: devel@edk2.groups.io On Behalf Of >> Laszlo >>>> Ersek >>>> Sent: Tuesday, February 13, 2024 1:36 PM >>>> To: devel@edk2.groups.io >>>> Cc: Tan, Dun ; Gerd Hoffmann ; >>>> Kumar, Rahul R ; Ni, Ray >>>> Subject: Re: [edk2-devel] [edk2-stable202402 PATCH 1/2] >>>> UefiCpuPkg/PiSmmCpuDxeSmm: distinguish GetSmBase() failure modes >>>> >>>> On 2/13/24 22:09, Laszlo Ersek wrote: >>>>> Commit 725acd0b9cc0 ("UefiCpuPkg: Avoid assuming only one >>>> smmbasehob", >>>>> 2023-12-12) introduced a helper function called GetSmBase(), >>>> replacing the >>>>> lookup of the first and only "gSmmBaseHobGuid" GUID HOB, with >>>> iterated >>>>> lookups plus memory allocation. >>>>> >>>>> This introduced a new failure mode for setting >>>> "mCpuHotPlugData.SmBase". >>>>> Namely, before commit 725acd0b9cc0, "mCpuHotPlugData.SmBase" would >> be >>>> set >>>>> to NULL if and only if the GUID HOB was absent. After the commit, a >>>> NULL >>>>> assignment would be possible if the GUID HOB was absent, *or* one >> of >>>> the >>>>> memory allocations inside GetSmBase() failed. >>>> >>>> Sorry, these two paragraphs are not precise. A better version: >>>> >>>> ---------- >>>> Commit 725acd0b9cc0 ("UefiCpuPkg: Avoid assuming only one >> smmbasehob", >>>> 2023-12-12) introduced a helper function called GetSmBase(), >> replacing >>>> the lookup of the first and only "gSmmBaseHobGuid" GUID HOB and >>>> unconditional "mCpuHotPlugData.SmBase" allocation, with iterated >>>> lookups >>>> plus conditional memory allocation. >>>> >>>> This introduced a new failure mode for setting >>>> "mCpuHotPlugData.SmBase". >>>> Namely, before commit 725acd0b9cc0, "mCpuHotPlugData.SmBase" would >> be >>>> allocated regardless of the GUID HOB being absent. After the commit, >>>> "mCpuHotPlugData.SmBase" could remain NULL if the GUID HOB was >> absent, >>>> *or* one of the memory allocations inside GetSmBase() failed; and in >>>> the >>>> former case, we'd even proceed to the rest of PiCpuSmmEntry(). >>>> ---------- >>>> >>>> Sorry, it's late. >>>> >>>> If this patch set is accepted otherwise, then Mike or Liming, can >> you >>>> please update the first two paragraphs of the commit message upon >>>> merge? >>>> >>>> Thanks >>>> Laszlo >>>> >>>>> >>>>> In relation to this conflation of distinct failure modes, commit >>>>> 725acd0b9cc0 actually introduced a NULL pointer dereference. >> Namely, >>>> a >>>>> NULL "mCpuHotPlugData.SmBase" is not handled properly at all now. >>>> We're >>>>> going to fix that NULL pointer dereference in a subsequent patch; >>>> however, >>>>> as a pre-requisite for that we need to tell apart the failure modes >>>> of >>>>> GetSmBase(). >>>>> >>>>> For memory allocation failures, return EFI_OUT_OF_RESOURCES. Move >> the >>>>> "assertion" that SMRAM cannot be exhausted happen out to the caller >>>>> (PiCpuSmmEntry()). Strengthen the assertion by adding an explicit >>>>> CpuDeadLoop() call. (Note: GetSmBase() *already* calls >> CpuDeadLoop() >>>> if >>>>> (NumberOfProcessors !=3D MaxNumberOfCpus).) >>>>> >>>>> For the absence of the GUID HOB, return EFI_NOT_FOUND. >>>>> >>>>> For good measure, make GetSmBase() STATIC (it should have been >> STATIC >>>> from >>>>> the start). >>>>> >>>>> This is just a refactoring, no behavioral difference is intended >>>> (beyond >>>>> the explicit CpuDeadLoop() upon SMRAM exhaustion). >>>>> >>>>> Cc: Dun Tan >>>>> Cc: Gerd Hoffmann >>>>> Cc: Rahul Kumar >>>>> Cc: Ray Ni >>>>> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4682 >>>>> Signed-off-by: Laszlo Ersek >>>>> --- >>>>> >>>>> Notes: >>>>> context:-U4 >>>>> >>>>> UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 40 ++++++++++++++--- >> --- >>>>> 1 file changed, 28 insertions(+), 12 deletions(-) >>>>> >>>>> diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c >>>> b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c >>>>> index cd394826ffcf..09382945ddb4 100644 >>>>> --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c >>>>> +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c >>>>> @@ -619,16 +619,23 @@ SmBaseHobCompare ( >>>>> >>>>> /** >>>>> Extract SmBase for all CPU from SmmBase HOB. >>>>> >>>>> - @param[in] MaxNumberOfCpus Max NumberOfCpus. >>>>> + @param[in] MaxNumberOfCpus Max NumberOfCpus. >>>>> >>>>> - @retval SmBaseBuffer Pointer to SmBase Buffer. >>>>> - @retval NULL gSmmBaseHobGuid was not been >>>> created. >>>>> + @param[out] AllocatedSmBaseBuffer Pointer to SmBase Buffer >>>> allocated >>>>> + by this function. Only set if >>>> the >>>>> + function returns EFI_SUCCESS. >>>>> + >>>>> + @retval EFI_SUCCESS SmBase Buffer output successfully. >>>>> + @retval EFI_OUT_OF_RESOURCES Memory allocation failed. >>>>> + @retval EFI_NOT_FOUND gSmmBaseHobGuid was never created. >>>>> **/ >>>>> -UINTN * >>>>> +STATIC >>>>> +EFI_STATUS >>>>> GetSmBase ( >>>>> - IN UINTN MaxNumberOfCpus >>>>> + IN UINTN MaxNumberOfCpus, >>>>> + OUT UINTN **AllocatedSmBaseBuffer >>>>> ) >>>>> { >>>>> UINTN HobCount; >>>>> EFI_HOB_GUID_TYPE *GuidHob; >>>>> @@ -649,9 +656,9 @@ GetSmBase ( >>>>> NumberOfProcessors =3D 0; >>>>> >>>>> FirstSmmBaseGuidHob =3D GetFirstGuidHob (&gSmmBaseHobGuid); >>>>> if (FirstSmmBaseGuidHob =3D=3D NULL) { >>>>> - return NULL; >>>>> + return EFI_NOT_FOUND; >>>>> } >>>>> >>>>> GuidHob =3D FirstSmmBaseGuidHob; >>>>> while (GuidHob !=3D NULL) { >>>>> @@ -671,11 +678,10 @@ GetSmBase ( >>>>> CpuDeadLoop (); >>>>> } >>>>> >>>>> SmBaseHobs =3D AllocatePool (sizeof (SMM_BASE_HOB_DATA *) * >>>> HobCount); >>>>> - ASSERT (SmBaseHobs !=3D NULL); >>>>> if (SmBaseHobs =3D=3D NULL) { >>>>> - return NULL; >>>>> + return EFI_OUT_OF_RESOURCES; >>>>> } >>>>> >>>>> // >>>>> // Record each SmmBaseHob pointer in the SmBaseHobs. >>>>> @@ -691,9 +697,9 @@ GetSmBase ( >>>>> SmBaseBuffer =3D (UINTN *)AllocatePool (sizeof (UINTN) * >>>> (MaxNumberOfCpus)); >>>>> ASSERT (SmBaseBuffer !=3D NULL); >>>>> if (SmBaseBuffer =3D=3D NULL) { >>>>> FreePool (SmBaseHobs); >>>>> - return NULL; >>>>> + return EFI_OUT_OF_RESOURCES; >>>>> } >>>>> >>>>> QuickSort (SmBaseHobs, HobCount, sizeof (SMM_BASE_HOB_DATA *), >>>> (BASE_SORT_COMPARE)SmBaseHobCompare, &SortBuffer); >>>>> PrevProcessorIndex =3D 0; >>>>> @@ -713,9 +719,10 @@ GetSmBase ( >>>>> PrevProcessorIndex +=3D SmBaseHobs[HobIndex]- >>> NumberOfProcessors; >>>>> } >>>>> >>>>> FreePool (SmBaseHobs); >>>>> - return SmBaseBuffer; >>>>> + *AllocatedSmBaseBuffer =3D SmBaseBuffer; >>>>> + return EFI_SUCCESS; >>>>> } >>>>> >>>>> /** >>>>> Function to compare 2 MP_INFORMATION2_HOB_DATA pointer based on >>>> ProcessorIndex. >>>>> @@ -1110,10 +1117,17 @@ PiCpuSmmEntry ( >>>>> // >>>>> // Retrive the allocated SmmBase from gSmmBaseHobGuid. If >> found, >>>>> // means the SmBase relocation has been done. >>>>> // >>>>> - mCpuHotPlugData.SmBase =3D GetSmBase (mMaxNumberOfCpus); >>>>> - if (mCpuHotPlugData.SmBase !=3D NULL) { >>>>> + mCpuHotPlugData.SmBase =3D NULL; >>>>> + Status =3D GetSmBase (mMaxNumberOfCpus, >>>> &mCpuHotPlugData.SmBase); >>>>> + if (Status =3D=3D EFI_OUT_OF_RESOURCES) { >>>>> + ASSERT (Status !=3D EFI_OUT_OF_RESOURCES); >>>>> + CpuDeadLoop (); >>>>> + } >>>>> + >>>>> + if (!EFI_ERROR (Status)) { >>>>> + ASSERT (mCpuHotPlugData.SmBase !=3D NULL); >>>>> // >>>>> // Check whether the Required TileSize is enough. >>>>> // >>>>> if (TileSize > SIZE_8KB) { >>>>> @@ -1125,8 +1139,10 @@ PiCpuSmmEntry ( >>>>> } >>>>> >>>>> mSmmRelocated =3D TRUE; >>>>> } else { >>>>> + ASSERT (Status =3D=3D EFI_NOT_FOUND); >>>>> + ASSERT (mCpuHotPlugData.SmBase =3D=3D NULL); >>>>> // >>>>> // When the HOB doesn't exist, allocate new SMBASE itself. >>>>> // >>>>> DEBUG ((DEBUG_INFO, "PiCpuSmmEntry: gSmmBaseHobGuid not >>>> found!\n")); >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>> >>>> >>>> >>> >>> >>> >>>=20 >>> >>> >=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#115493): https://edk2.groups.io/g/devel/message/115493 Mute This Topic: https://groups.io/mt/104341342/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-