From nobody Sun May  5 12:52:29 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as
 permitted sender) client-ip=66.175.222.12;
 envelope-from=bounce+27952+39335+1787277+3901457@groups.io;
 helo=web01.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted
 sender)  smtp.mailfrom=bounce+27952+39335+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=linaro.org
ARC-Seal: i=1; a=rsa-sha256; t=1555702085; cv=none;
	d=zoho.com; s=zohoarc;
	b=S3im/YL8NN8AAdqsppdT2HO1Bg+3Wwu9PZ3akg6s/XO0Sy9fpUb4nn1ijlIra298cXL5cRc68YgXLx/NOG4z2WRXEHH85722flshFAtt5pEVYVeNBj5NSVKbl/zzXEq/rs/C0USt982ndlvRUXaRYr/UUOw7kfPn2MkHZpg6kHQ=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com;
 s=zohoarc;
	t=1555702085;
 h=Content-Transfer-Encoding:Cc:Date:From:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To:ARC-Authentication-Results;
	bh=U0+WEIShF6ZijrA3QLuS9/oRc3KQnSBODgB+jkw/O28=;
	b=B3WXGCiq5dqa4429irUcRz6hEqtVTZt1T7OpPyNKw1CFmSfiaWfD5//SqXQeQeKbEuIDKxK8XJLDWgOfvnBt/lYiWb5S2rTnRxFfhkR/eaxwKjSoqa3MklpiQj9aBxafu8kWAOTs7XgR9TYq6ID1oFu/fdpxb0rexkcVlMMeINQ=
ARC-Authentication-Results: i=1; mx.zoho.com;
	dkim=pass;
	spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted
 sender)  smtp.mailfrom=bounce+27952+39335+1787277+3901457@groups.io;
	dmarc=fail header.from=<ard.biesheuvel@linaro.org> (p=none dis=none)
 header.from=<ard.biesheuvel@linaro.org>
Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by
 mx.zohomail.com
	with SMTPS id 15557020850070.7620761134597842;
 Fri, 19 Apr 2019 12:28:05 -0700 (PDT)
Return-Path: <bounce+27952+39335+1787277+3901457@groups.io>
X-Received: from mail-wr1-f68.google.com (mail-wr1-f68.google.com
 [209.85.221.68])
 by groups.io with SMTP; Fri, 19 Apr 2019 12:28:03 -0700
X-Received: by mail-wr1-f68.google.com with SMTP id w18so7959794wrv.11
        for <devel@edk2.groups.io>; Fri, 19 Apr 2019 12:28:02 -0700 (PDT)
X-Gm-Message-State: APjAAAUiO9AsBZh+Mnosr+cX1IWQ7j8EkLwTumxw7v6u1MgAGA9RPAnC
	pW6DM7g7nPJynYyBurX/C8sIwrzXdM8SYTKp
X-Google-Smtp-Source: 
 APXvYqyBDYs4+MIOyfv9viHaGMfd1uOwhfy/yxpaTHvN28ub37jfERdw/qstQeHfLwtawLkiAFu31Q==
X-Received: by 2002:a5d:6192:: with SMTP id j18mr4170161wru.303.1555702081120;
        Fri, 19 Apr 2019 12:28:01 -0700 (PDT)
X-Received: from sudo.home ([2a01:cb1d:112:6f00:6d50:e4de:ed13:846f])
        by smtp.gmail.com with ESMTPSA id t6sm5102891wrn.3.2019.04.19.12.27.59
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 19 Apr 2019 12:28:00 -0700 (PDT)
From: "Ard Biesheuvel" <ard.biesheuvel@linaro.org>
To: devel@edk2.groups.io
Cc: michael.d.kinney@intel.com,
	hao.a.wu@intel.com,
	jian.j.wang@intel.com,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: [edk2-devel] [PATCH] MdeModulePkg/DxeCapsuleLibFmp: avoid ESRT
 accesses at runtime
Date: Fri, 19 Apr 2019 21:27:21 +0200
Message-Id: <20190419192721.28054-1-ard.biesheuvel@linaro.org>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <https://edk2.groups.io/g/devel/unsub>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,ard.biesheuvel@linaro.org
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1555702084;
 bh=rbTc5s7TzFGG9IzPQdrlU5ZaMsgW4AvVb0z8gp0Gxco=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=t1cD/irXUE6zwN0SZalVvbNbovoXSbQ+eTJr5jw9+zRrXAApNu3noMjV4a3WCojTY9D
 1L0EBZaSzNs5JwYqcn2uy59H1umS3C194dk15zie9rzpcIL6GPOquBMCyEJZB+2v9ivkM
 rNnHLzxpUFy+K/rp6bpsknoS/oxuybpavmw=
X-ZohoMail-DKIM: pass (identity @groups.io)
Content-Type: text/plain; charset="utf-8"

The DxeCapsuleLibFmp code accesses the ESRT table to decide whether
a certain capsule is an FMP capsule. Since the UEFI spec mandates
that the ESRT resides in EfiBootServicesData memory, this results
in problems at OS runtime, since the firmware implementation itself
cannot access memory that has not been virtually remapped.

Since we are only interested in the GUIDs, let's cache those at
ReadyToBoot so that we retain access to them even after the address
space has been virtually remapped.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
Build tested only.

 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c          | 18 ++---
 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleRuntime.c      | 81 ++++++=
+++++++++-----
 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf |  1 +
 3 files changed, 70 insertions(+), 30 deletions(-)

diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c b/MdeMod=
ulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c
index f38ab69e38fb..24ff6f420edb 100644
--- a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c
+++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c
@@ -41,8 +41,8 @@
 #include <Protocol/FirmwareManagementProgress.h>
 #include <Protocol/DevicePath.h>
=20
-EFI_SYSTEM_RESOURCE_TABLE *mEsrtTable                  =3D NULL;
-BOOLEAN                   mIsVirtualAddrConverted      =3D FALSE;
+EFI_GUID                  *mFmpGuidList;
+UINTN                     mFmpGuidCount;
=20
 BOOLEAN                   mDxeCapsuleLibEndOfDxe       =3D FALSE;
 EFI_EVENT                 mDxeCapsuleLibEndOfDxeEvent  =3D NULL;
@@ -1298,7 +1298,6 @@ IsNestedFmpCapsule (
   )
 {
   EFI_STATUS                 Status;
-  EFI_SYSTEM_RESOURCE_ENTRY  *EsrtEntry;
   UINTN                      Index;
   BOOLEAN                    EsrtGuidFound;
   EFI_CAPSULE_HEADER         *NestedCapsuleHeader;
@@ -1307,14 +1306,11 @@ IsNestedFmpCapsule (
   EFI_SYSTEM_RESOURCE_ENTRY  Entry;
=20
   EsrtGuidFound =3D FALSE;
-  if (mIsVirtualAddrConverted) {
-    if(mEsrtTable !=3D NULL) {
-      EsrtEntry =3D (EFI_SYSTEM_RESOURCE_ENTRY *)(mEsrtTable + 1);
-      for (Index =3D 0; Index < mEsrtTable->FwResourceCount ; Index++, Esr=
tEntry++) {
-        if (CompareGuid(&EsrtEntry->FwClass, &CapsuleHeader->CapsuleGuid))=
 {
-          EsrtGuidFound =3D TRUE;
-          break;
-        }
+  if (mFmpGuidCount > 0) {
+    for (Index =3D 0; Index < mFmpGuidCount; Index++) {
+      if (CompareGuid (mFmpGuidList + Index, &CapsuleHeader->CapsuleGuid))=
 {
+        EsrtGuidFound =3D TRUE;
+        break;
       }
     }
   } else {
diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleRuntime.c b/Md=
eModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleRuntime.c
index 602921d13c06..e75e78202045 100644
--- a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleRuntime.c
+++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleRuntime.c
@@ -20,9 +20,10 @@
 #include <Library/UefiRuntimeServicesTableLib.h>
 #include <Library/MemoryAllocationLib.h>
=20
-extern EFI_SYSTEM_RESOURCE_TABLE *mEsrtTable;
-extern BOOLEAN                   mIsVirtualAddrConverted;
+extern EFI_GUID           *mFmpGuidList;
+extern UINTN              mFmpGuidCount;
 EFI_EVENT                 mDxeRuntimeCapsuleLibVirtualAddressChangeEvent  =
=3D NULL;
+EFI_EVENT                 mDxeRuntimeCapsuleLibReadyToBootEvent  =3D NULL;
=20
 /**
   Convert EsrtTable physical address to virtual address.
@@ -38,37 +39,60 @@ DxeCapsuleLibVirtualAddressChangeEvent (
   IN  VOID        *Context
   )
 {
-  UINTN                    Index;
-  EFI_CONFIGURATION_TABLE  *ConfigEntry;
+  gRT->ConvertPointer (0x0, (VOID **)&mFmpGuidList);
+}
+
+/**
+  Notify function for event group EFI_EVENT_GROUP_READY_TO_BOOT. This is u=
sed to
+  install the Esrt Table into system configuration table
+
+  @param[in]  Event   The Event that is being processed.
+  @param[in]  Context The Event Context.
+
+**/
+STATIC
+VOID
+EFIAPI
+DxeCapsuleLibReadyToBootEventNotify (
+  IN EFI_EVENT        Event,
+  IN VOID             *Context
+  )
+{
+  UINTN                       Index;
+  EFI_CONFIGURATION_TABLE     *ConfigEntry;
+  EFI_SYSTEM_RESOURCE_TABLE   *EsrtTable;
+  EFI_SYSTEM_RESOURCE_ENTRY   *EsrtEntry;
=20
   //
   // Get Esrt table first
   //
   ConfigEntry =3D gST->ConfigurationTable;
-  for (Index =3D 0; Index < gST->NumberOfTableEntries; Index++) {
-    if (CompareGuid(&gEfiSystemResourceTableGuid, &ConfigEntry->VendorGuid=
)) {
+  EsrtTable =3D NULL;
+  for (Index =3D 0; Index < gST->NumberOfTableEntries; Index++, ConfigEntr=
y++) {
+    if (CompareGuid (&gEfiSystemResourceTableGuid, &ConfigEntry->VendorGui=
d)) {
+      EsrtTable =3D (EFI_SYSTEM_RESOURCE_TABLE *)ConfigEntry->VendorTable;
       break;
     }
-    ConfigEntry++;
   }
=20
-  //
-  // If no Esrt table installed in Configure Table
-  //
-  if (Index < gST->NumberOfTableEntries) {
-    //
-    // Search Esrt to check given capsule is qualified
-    //
-    mEsrtTable =3D (EFI_SYSTEM_RESOURCE_TABLE *) ConfigEntry->VendorTable;
-
+  if (EsrtTable =3D=3D NULL) {
     //
-    // Update protocol pointer to Esrt Table.
+    // No ESRT table was found - close the VA change event, there will
+    // be nothing to convert.
     //
-    gRT->ConvertPointer (0x00, (VOID**) &(mEsrtTable));
+    gBS->CloseEvent (mDxeRuntimeCapsuleLibVirtualAddressChangeEvent);
+    return;
   }
=20
-  mIsVirtualAddrConverted =3D TRUE;
+  mFmpGuidCount =3D EsrtTable->FwResourceCount;
+  mFmpGuidList =3D AllocateRuntimePool (mFmpGuidCount * sizeof(EFI_GUID));
=20
+  ASSERT (mFmpGuidList !=3D NULL);
+
+  EsrtEntry =3D (EFI_SYSTEM_RESOURCE_ENTRY *)(EsrtTable + 1);
+  for (Index =3D 0; Index < mFmpGuidCount; Index++, EsrtEntry++) {
+    CopyGuid (mFmpGuidList + Index, &EsrtEntry->FwClass);
+  }
 }
=20
 /**
@@ -101,6 +125,19 @@ DxeRuntimeCapsuleLibConstructor (
                   );
   ASSERT_EFI_ERROR (Status);
=20
+  //
+  // Register notify function to cache the FMP capsule GUIDs at ReadyToBoo=
t.
+  //
+  Status =3D gBS->CreateEventEx (
+                  EVT_NOTIFY_SIGNAL,
+                  TPL_CALLBACK,
+                  DxeCapsuleLibReadyToBootEventNotify,
+                  NULL,
+                  &gEfiEventReadyToBootGuid,
+                  &mDxeRuntimeCapsuleLibReadyToBootEvent
+                  );
+  ASSERT_EFI_ERROR (Status);
+
   return EFI_SUCCESS;
 }
=20
@@ -127,5 +164,11 @@ DxeRuntimeCapsuleLibDestructor (
   Status =3D gBS->CloseEvent (mDxeRuntimeCapsuleLibVirtualAddressChangeEve=
nt);
   ASSERT_EFI_ERROR (Status);
=20
+  //
+  // Close the ReadyToBoot event.
+  //
+  Status =3D gBS->CloseEvent (mDxeRuntimeCapsuleLibReadyToBootEvent);
+  ASSERT_EFI_ERROR (Status);
+
   return EFI_SUCCESS;
 }
diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf=
 b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf
index 700d0d5dcddd..2c93e6870023 100644
--- a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf
+++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf
@@ -66,6 +66,7 @@
   gEfiCapsuleReportGuid
   gEfiCapsuleVendorGuid                   ## SOMETIMES_CONSUMES ## Variabl=
e:L"CapsuleUpdateData"
   gEfiEndOfDxeEventGroupGuid              ## CONSUMES ## Event
+  gEfiEventReadyToBootGuid                ## CONSUMES ## Event
   gEfiEventVirtualAddressChangeGuid       ## CONSUMES ## Event
=20
 [Depex]
--=20
2.20.1


-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#39335): https://edk2.groups.io/g/devel/message/39335
Mute This Topic: https://groups.io/mt/31248929/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-