1. Patchew
  2. EDK2
  3. View series

[edk2-devel] [PATCH v2] MdeModulePkg/DxeCapsuleLibFmp: avoid ESRT accesses at runtime

Ard Biesheuvel posted 1 patch 5 years ago
Failed in applying to current master (apply log)
MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleRuntime.c      | 58 ++++++++++++++++----
MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf |  1 +
2 files changed, 49 insertions(+), 10 deletions(-)
[edk2-devel] [PATCH v2] MdeModulePkg/DxeCapsuleLibFmp: avoid ESRT accesses at runtime
Posted by Ard Biesheuvel 5 years ago 
The DxeCapsuleLibFmp code accesses the ESRT table to decide whether
a certain capsule is an FMP capsule. Since the UEFI spec mandates
that the ESRT resides in EfiBootServicesData memory, this results
in problems at OS runtime, since the firmware implementation itself
cannot access memory that has not been virtually remapped.

So let's take a private copy of the ESRT at ReadyToBoot, and store
it in EfiRuntimeServicesData memory. The ESRT's size is order 10s
of bytes so the memory footprint is going to be negligigble.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
v2: copy the whole table instead of just the list of GUIDs

Still build tested only.

 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleRuntime.c      | 58 ++++++++++++++++----
 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf |  1 +
 2 files changed, 49 insertions(+), 10 deletions(-)

diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleRuntime.c b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleRuntime.c
index 602921d13c06..9e0327afb53b 100644
--- a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleRuntime.c
+++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleRuntime.c
@@ -23,6 +23,7 @@
 extern EFI_SYSTEM_RESOURCE_TABLE *mEsrtTable;
 extern BOOLEAN                   mIsVirtualAddrConverted;
 EFI_EVENT                 mDxeRuntimeCapsuleLibVirtualAddressChangeEvent  = NULL;
+EFI_EVENT                 mDxeRuntimeCapsuleLibReadyToBootEvent  = NULL;
 
 /**
   Convert EsrtTable physical address to virtual address.
@@ -38,8 +39,28 @@ DxeCapsuleLibVirtualAddressChangeEvent (
   IN  VOID        *Context
   )
 {
-  UINTN                    Index;
-  EFI_CONFIGURATION_TABLE  *ConfigEntry;
+  gRT->ConvertPointer (EFI_OPTIONAL_PTR, (VOID **)&mEsrtTable);
+  mIsVirtualAddrConverted = TRUE;
+}
+
+/**
+  Notify function for event group EFI_EVENT_GROUP_READY_TO_BOOT.
+
+  @param[in]  Event   The Event that is being processed.
+  @param[in]  Context The Event Context.
+
+**/
+STATIC
+VOID
+EFIAPI
+DxeCapsuleLibReadyToBootEventNotify (
+  IN EFI_EVENT        Event,
+  IN VOID             *Context
+  )
+{
+  UINTN                       Index;
+  EFI_CONFIGURATION_TABLE     *ConfigEntry;
+  EFI_SYSTEM_RESOURCE_TABLE   *EsrtTable;
 
   //
   // Get Esrt table first
@@ -59,16 +80,14 @@ DxeCapsuleLibVirtualAddressChangeEvent (
     //
     // Search Esrt to check given capsule is qualified
     //
-    mEsrtTable = (EFI_SYSTEM_RESOURCE_TABLE *) ConfigEntry->VendorTable;
+    EsrtTable = (EFI_SYSTEM_RESOURCE_TABLE *) ConfigEntry->VendorTable;
 
-    //
-    // Update protocol pointer to Esrt Table.
-    //
-    gRT->ConvertPointer (0x00, (VOID**) &(mEsrtTable));
+    mEsrtTable = AllocateRuntimeCopyPool (
+                   sizeof (EFI_SYSTEM_RESOURCE_TABLE) +
+                   EsrtTable->FwResourceCount * sizeof (EFI_SYSTEM_RESOURCE_ENTRY),
+                   EsrtTable);
+    ASSERT (mEsrtTable != NULL);
   }
-
-  mIsVirtualAddrConverted = TRUE;
-
 }
 
 /**
@@ -101,6 +120,19 @@ DxeRuntimeCapsuleLibConstructor (
                   );
   ASSERT_EFI_ERROR (Status);
 
+  //
+  // Register notify function to cache the FMP capsule GUIDs at ReadyToBoot.
+  //
+  Status = gBS->CreateEventEx (
+                  EVT_NOTIFY_SIGNAL,
+                  TPL_CALLBACK,
+                  DxeCapsuleLibReadyToBootEventNotify,
+                  NULL,
+                  &gEfiEventReadyToBootGuid,
+                  &mDxeRuntimeCapsuleLibReadyToBootEvent
+                  );
+  ASSERT_EFI_ERROR (Status);
+
   return EFI_SUCCESS;
 }
 
@@ -127,5 +159,11 @@ DxeRuntimeCapsuleLibDestructor (
   Status = gBS->CloseEvent (mDxeRuntimeCapsuleLibVirtualAddressChangeEvent);
   ASSERT_EFI_ERROR (Status);
 
+  //
+  // Close the ReadyToBoot event.
+  //
+  Status = gBS->CloseEvent (mDxeRuntimeCapsuleLibReadyToBootEvent);
+  ASSERT_EFI_ERROR (Status);
+
   return EFI_SUCCESS;
 }
diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf
index 700d0d5dcddd..2c93e6870023 100644
--- a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf
+++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf
@@ -66,6 +66,7 @@
   gEfiCapsuleReportGuid
   gEfiCapsuleVendorGuid                   ## SOMETIMES_CONSUMES ## Variable:L"CapsuleUpdateData"
   gEfiEndOfDxeEventGroupGuid              ## CONSUMES ## Event
+  gEfiEventReadyToBootGuid                ## CONSUMES ## Event
   gEfiEventVirtualAddressChangeGuid       ## CONSUMES ## Event
 
 [Depex]
-- 
2.20.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#39345): https://edk2.groups.io/g/devel/message/39345
Mute This Topic: https://groups.io/mt/31254157/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v2] MdeModulePkg/DxeCapsuleLibFmp: avoid ESRT accesses at runtime
Posted by Wu, Hao A 5 years ago 
> -----Original Message-----
> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Ard
> Biesheuvel
> Sent: Saturday, April 20, 2019 6:35 PM
> To: devel@edk2.groups.io
> Cc: Wu, Hao A; Wang, Jian J; Kinney, Michael D; Ard Biesheuvel
> Subject: [edk2-devel] [PATCH v2] MdeModulePkg/DxeCapsuleLibFmp: avoid
> ESRT accesses at runtime

Hello Ard,

It seems to me v2 patch makes a copy of the ESRT for runtime usage (rather
than avoid using ESRT), so the title of the commit may need update as
well.

Could you help to update the patch subject when you push the change?

Other than that, the patch looks good to me. But I would like to see if
Mike has additional comments on this:

Acked-by: Hao Wu <hao.a.wu@intel.com>

Best Regards,
Hao Wu

> 
> The DxeCapsuleLibFmp code accesses the ESRT table to decide whether
> a certain capsule is an FMP capsule. Since the UEFI spec mandates
> that the ESRT resides in EfiBootServicesData memory, this results
> in problems at OS runtime, since the firmware implementation itself
> cannot access memory that has not been virtually remapped.
> 
> So let's take a private copy of the ESRT at ReadyToBoot, and store
> it in EfiRuntimeServicesData memory. The ESRT's size is order 10s
> of bytes so the memory footprint is going to be negligigble.
> 
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
> v2: copy the whole table instead of just the list of GUIDs
> 
> Still build tested only.
> 
>  MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleRuntime.c      | 58
> ++++++++++++++++----
>  MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf |  1 +
>  2 files changed, 49 insertions(+), 10 deletions(-)
> 
> diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleRuntime.c
> b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleRuntime.c
> index 602921d13c06..9e0327afb53b 100644
> --- a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleRuntime.c
> +++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleRuntime.c
> @@ -23,6 +23,7 @@
>  extern EFI_SYSTEM_RESOURCE_TABLE *mEsrtTable;
>  extern BOOLEAN                   mIsVirtualAddrConverted;
>  EFI_EVENT                 mDxeRuntimeCapsuleLibVirtualAddressChangeEvent  =
> NULL;
> +EFI_EVENT                 mDxeRuntimeCapsuleLibReadyToBootEvent  = NULL;
> 
>  /**
>    Convert EsrtTable physical address to virtual address.
> @@ -38,8 +39,28 @@ DxeCapsuleLibVirtualAddressChangeEvent (
>    IN  VOID        *Context
>    )
>  {
> -  UINTN                    Index;
> -  EFI_CONFIGURATION_TABLE  *ConfigEntry;
> +  gRT->ConvertPointer (EFI_OPTIONAL_PTR, (VOID **)&mEsrtTable);
> +  mIsVirtualAddrConverted = TRUE;
> +}
> +
> +/**
> +  Notify function for event group EFI_EVENT_GROUP_READY_TO_BOOT.
> +
> +  @param[in]  Event   The Event that is being processed.
> +  @param[in]  Context The Event Context.
> +
> +**/
> +STATIC
> +VOID
> +EFIAPI
> +DxeCapsuleLibReadyToBootEventNotify (
> +  IN EFI_EVENT        Event,
> +  IN VOID             *Context
> +  )
> +{
> +  UINTN                       Index;
> +  EFI_CONFIGURATION_TABLE     *ConfigEntry;
> +  EFI_SYSTEM_RESOURCE_TABLE   *EsrtTable;
> 
>    //
>    // Get Esrt table first
> @@ -59,16 +80,14 @@ DxeCapsuleLibVirtualAddressChangeEvent (
>      //
>      // Search Esrt to check given capsule is qualified
>      //
> -    mEsrtTable = (EFI_SYSTEM_RESOURCE_TABLE *) ConfigEntry->VendorTable;
> +    EsrtTable = (EFI_SYSTEM_RESOURCE_TABLE *) ConfigEntry->VendorTable;
> 
> -    //
> -    // Update protocol pointer to Esrt Table.
> -    //
> -    gRT->ConvertPointer (0x00, (VOID**) &(mEsrtTable));
> +    mEsrtTable = AllocateRuntimeCopyPool (
> +                   sizeof (EFI_SYSTEM_RESOURCE_TABLE) +
> +                   EsrtTable->FwResourceCount * sizeof
> (EFI_SYSTEM_RESOURCE_ENTRY),
> +                   EsrtTable);
> +    ASSERT (mEsrtTable != NULL);
>    }
> -
> -  mIsVirtualAddrConverted = TRUE;
> -
>  }
> 
>  /**
> @@ -101,6 +120,19 @@ DxeRuntimeCapsuleLibConstructor (
>                    );
>    ASSERT_EFI_ERROR (Status);
> 
> +  //
> +  // Register notify function to cache the FMP capsule GUIDs at ReadyToBoot.
> +  //
> +  Status = gBS->CreateEventEx (
> +                  EVT_NOTIFY_SIGNAL,
> +                  TPL_CALLBACK,
> +                  DxeCapsuleLibReadyToBootEventNotify,
> +                  NULL,
> +                  &gEfiEventReadyToBootGuid,
> +                  &mDxeRuntimeCapsuleLibReadyToBootEvent
> +                  );
> +  ASSERT_EFI_ERROR (Status);
> +
>    return EFI_SUCCESS;
>  }
> 
> @@ -127,5 +159,11 @@ DxeRuntimeCapsuleLibDestructor (
>    Status = gBS->CloseEvent
> (mDxeRuntimeCapsuleLibVirtualAddressChangeEvent);
>    ASSERT_EFI_ERROR (Status);
> 
> +  //
> +  // Close the ReadyToBoot event.
> +  //
> +  Status = gBS->CloseEvent (mDxeRuntimeCapsuleLibReadyToBootEvent);
> +  ASSERT_EFI_ERROR (Status);
> +
>    return EFI_SUCCESS;
>  }
> diff --git
> a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf
> b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf
> index 700d0d5dcddd..2c93e6870023 100644
> --- a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf
> +++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf
> @@ -66,6 +66,7 @@
>    gEfiCapsuleReportGuid
>    gEfiCapsuleVendorGuid                   ## SOMETIMES_CONSUMES ##
> Variable:L"CapsuleUpdateData"
>    gEfiEndOfDxeEventGroupGuid              ## CONSUMES ## Event
> +  gEfiEventReadyToBootGuid                ## CONSUMES ## Event
>    gEfiEventVirtualAddressChangeGuid       ## CONSUMES ## Event
> 
>  [Depex]
> --
> 2.20.1
> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#39361): https://edk2.groups.io/g/devel/message/39361
Mute This Topic: https://groups.io/mt/31254157/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v2] MdeModulePkg/DxeCapsuleLibFmp: avoid ESRT accesses at runtime
Posted by Ard Biesheuvel 5 years ago 
On Mon, 22 Apr 2019 at 09:14, Wu, Hao A <hao.a.wu@intel.com> wrote:
>
> > -----Original Message-----
> > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Ard
> > Biesheuvel
> > Sent: Saturday, April 20, 2019 6:35 PM
> > To: devel@edk2.groups.io
> > Cc: Wu, Hao A; Wang, Jian J; Kinney, Michael D; Ard Biesheuvel
> > Subject: [edk2-devel] [PATCH v2] MdeModulePkg/DxeCapsuleLibFmp: avoid
> > ESRT accesses at runtime
>
> Hello Ard,
>
> It seems to me v2 patch makes a copy of the ESRT for runtime usage (rather
> than avoid using ESRT), so the title of the commit may need update as
> well.
>
> Could you help to update the patch subject when you push the change?
>
> Other than that, the patch looks good to me. But I would like to see if
> Mike has additional comments on this:
>
> Acked-by: Hao Wu <hao.a.wu@intel.com>
>

Thanks Hao. I will modify the subject to 'clone ESRT for runtime access'

Mike: any comments?

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#39375): https://edk2.groups.io/g/devel/message/39375
Mute This Topic: https://groups.io/mt/31254157/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v2] MdeModulePkg/DxeCapsuleLibFmp: avoid ESRT accesses at runtime
Posted by Michael D Kinney 5 years ago 
Ard,

I only see one potential issue.

The size of the buffer copied is based on the FwResourceCount field.
The actual size of based on the FwResourceCountMax field.  Your patch
does not set FwResourceCountMax to FwResourceCount, so this may confuse
the OS consumers that may think the buffer allocated for ESRT is larger
that is actually is.

  ///
  /// The number of firmware resources in the table, must not be zero.
  ///
  UINT32                     FwResourceCount;
  ///
  /// The maximum number of resource array entries that can be within the table
  /// without reallocating the table, must not be zero.
  ///
  UINT32                     FwResourceCountMax;

The simplest fix is to use FwResourceCountMax instead of FwResourceCount 
for the copy size.  The other option is to set FwResourceCountMax to
FwResourceCountMax after the copy.

The rest of the patch looks good.  With one of the two changes above:

Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>

Mike

> -----Original Message-----
> From: devel@edk2.groups.io
> [mailto:devel@edk2.groups.io] On Behalf Of Ard
> Biesheuvel
> Sent: Monday, April 22, 2019 3:03 PM
> To: Wu, Hao A <hao.a.wu@intel.com>
> Cc: devel@edk2.groups.io; Wang, Jian J
> <jian.j.wang@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>
> Subject: Re: [edk2-devel] [PATCH v2]
> MdeModulePkg/DxeCapsuleLibFmp: avoid ESRT accesses at
> runtime
> 
> On Mon, 22 Apr 2019 at 09:14, Wu, Hao A
> <hao.a.wu@intel.com> wrote:
> >
> > > -----Original Message-----
> > > From: devel@edk2.groups.io
> [mailto:devel@edk2.groups.io] On Behalf Of Ard
> > > Biesheuvel
> > > Sent: Saturday, April 20, 2019 6:35 PM
> > > To: devel@edk2.groups.io
> > > Cc: Wu, Hao A; Wang, Jian J; Kinney, Michael D; Ard
> Biesheuvel
> > > Subject: [edk2-devel] [PATCH v2]
> MdeModulePkg/DxeCapsuleLibFmp: avoid
> > > ESRT accesses at runtime
> >
> > Hello Ard,
> >
> > It seems to me v2 patch makes a copy of the ESRT for
> runtime usage (rather
> > than avoid using ESRT), so the title of the commit
> may need update as
> > well.
> >
> > Could you help to update the patch subject when you
> push the change?
> >
> > Other than that, the patch looks good to me. But I
> would like to see if
> > Mike has additional comments on this:
> >
> > Acked-by: Hao Wu <hao.a.wu@intel.com>
> >
> 
> Thanks Hao. I will modify the subject to 'clone ESRT
> for runtime access'
> 
> Mike: any comments?
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#39376): https://edk2.groups.io/g/devel/message/39376
Mute This Topic: https://groups.io/mt/31254157/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v2] MdeModulePkg/DxeCapsuleLibFmp: avoid ESRT accesses at runtime
Posted by Ard Biesheuvel 5 years ago 
On Tue, 23 Apr 2019 at 00:37, Michael D Kinney
<michael.d.kinney@intel.com> wrote:
>
> Ard,
>
> I only see one potential issue.
>
> The size of the buffer copied is based on the FwResourceCount field.
> The actual size of based on the FwResourceCountMax field.  Your patch
> does not set FwResourceCountMax to FwResourceCount, so this may confuse
> the OS consumers that may think the buffer allocated for ESRT is larger
> that is actually is.
>
>   ///
>   /// The number of firmware resources in the table, must not be zero.
>   ///
>   UINT32                     FwResourceCount;
>   ///
>   /// The maximum number of resource array entries that can be within the table
>   /// without reallocating the table, must not be zero.
>   ///
>   UINT32                     FwResourceCountMax;
>

The OS never sees our copy of the table. That copy is for internal use
only by the DxeCapsuleLibFmp implementation.

> The simplest fix is to use FwResourceCountMax instead of FwResourceCount
> for the copy size.  The other option is to set FwResourceCountMax to
> FwResourceCountMax after the copy.
>

Given the above, I'll go with the latter. It is unlikely to matter,
but it is more correct, and prevents any potential confusion in the
future.

> The rest of the patch looks good.  With one of the two changes above:
>
> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
>

Thanks.

>
> > -----Original Message-----
> > From: devel@edk2.groups.io
> > [mailto:devel@edk2.groups.io] On Behalf Of Ard
> > Biesheuvel
> > Sent: Monday, April 22, 2019 3:03 PM
> > To: Wu, Hao A <hao.a.wu@intel.com>
> > Cc: devel@edk2.groups.io; Wang, Jian J
> > <jian.j.wang@intel.com>; Kinney, Michael D
> > <michael.d.kinney@intel.com>
> > Subject: Re: [edk2-devel] [PATCH v2]
> > MdeModulePkg/DxeCapsuleLibFmp: avoid ESRT accesses at
> > runtime
> >
> > On Mon, 22 Apr 2019 at 09:14, Wu, Hao A
> > <hao.a.wu@intel.com> wrote:
> > >
> > > > -----Original Message-----
> > > > From: devel@edk2.groups.io
> > [mailto:devel@edk2.groups.io] On Behalf Of Ard
> > > > Biesheuvel
> > > > Sent: Saturday, April 20, 2019 6:35 PM
> > > > To: devel@edk2.groups.io
> > > > Cc: Wu, Hao A; Wang, Jian J; Kinney, Michael D; Ard
> > Biesheuvel
> > > > Subject: [edk2-devel] [PATCH v2]
> > MdeModulePkg/DxeCapsuleLibFmp: avoid
> > > > ESRT accesses at runtime
> > >
> > > Hello Ard,
> > >
> > > It seems to me v2 patch makes a copy of the ESRT for
> > runtime usage (rather
> > > than avoid using ESRT), so the title of the commit
> > may need update as
> > > well.
> > >
> > > Could you help to update the patch subject when you
> > push the change?
> > >
> > > Other than that, the patch looks good to me. But I
> > would like to see if
> > > Mike has additional comments on this:
> > >
> > > Acked-by: Hao Wu <hao.a.wu@intel.com>
> > >
> >
> > Thanks Hao. I will modify the subject to 'clone ESRT
> > for runtime access'
> >
> > Mike: any comments?
> >
> >
>
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#39377): https://edk2.groups.io/g/devel/message/39377
Mute This Topic: https://groups.io/mt/31254157/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v2] MdeModulePkg/DxeCapsuleLibFmp: avoid ESRT accesses at runtime
Posted by Michael D Kinney 5 years ago 
Ard,

I agree. Only consumer is only the DxeCapsuleLibFmp
itself.

I see I had a typo on the second option.  The
statement to add after the copy and ASSERT() 
would be:

  mEsrtTable->FwResourceCountMax = FwResourceCount;

Mike

> -----Original Message-----
> From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]
> Sent: Monday, April 22, 2019 3:40 PM
> To: edk2-devel-groups-io <devel@edk2.groups.io>; Kinney,
> Michael D <michael.d.kinney@intel.com>
> Cc: Wu, Hao A <hao.a.wu@intel.com>; Wang, Jian J
> <jian.j.wang@intel.com>
> Subject: Re: [edk2-devel] [PATCH v2]
> MdeModulePkg/DxeCapsuleLibFmp: avoid ESRT accesses at
> runtime
> 
> On Tue, 23 Apr 2019 at 00:37, Michael D Kinney
> <michael.d.kinney@intel.com> wrote:
> >
> > Ard,
> >
> > I only see one potential issue.
> >
> > The size of the buffer copied is based on the
> FwResourceCount field.
> > The actual size of based on the FwResourceCountMax
> field.  Your patch
> > does not set FwResourceCountMax to FwResourceCount, so
> this may confuse
> > the OS consumers that may think the buffer allocated
> for ESRT is larger
> > that is actually is.
> >
> >   ///
> >   /// The number of firmware resources in the table,
> must not be zero.
> >   ///
> >   UINT32                     FwResourceCount;
> >   ///
> >   /// The maximum number of resource array entries
> that can be within the table
> >   /// without reallocating the table, must not be
> zero.
> >   ///
> >   UINT32                     FwResourceCountMax;
> >
> 
> The OS never sees our copy of the table. That copy is
> for internal use
> only by the DxeCapsuleLibFmp implementation.
> 
> > The simplest fix is to use FwResourceCountMax instead
> of FwResourceCount
> > for the copy size.  The other option is to set
> FwResourceCountMax to
> > FwResourceCountMax after the copy.
> >
> 
> Given the above, I'll go with the latter. It is unlikely
> to matter,
> but it is more correct, and prevents any potential
> confusion in the
> future.
> 
> > The rest of the patch looks good.  With one of the two
> changes above:
> >
> > Reviewed-by: Michael D Kinney
> <michael.d.kinney@intel.com>
> >
> 
> Thanks.
> 
> >
> > > -----Original Message-----
> > > From: devel@edk2.groups.io
> > > [mailto:devel@edk2.groups.io] On Behalf Of Ard
> > > Biesheuvel
> > > Sent: Monday, April 22, 2019 3:03 PM
> > > To: Wu, Hao A <hao.a.wu@intel.com>
> > > Cc: devel@edk2.groups.io; Wang, Jian J
> > > <jian.j.wang@intel.com>; Kinney, Michael D
> > > <michael.d.kinney@intel.com>
> > > Subject: Re: [edk2-devel] [PATCH v2]
> > > MdeModulePkg/DxeCapsuleLibFmp: avoid ESRT accesses
> at
> > > runtime
> > >
> > > On Mon, 22 Apr 2019 at 09:14, Wu, Hao A
> > > <hao.a.wu@intel.com> wrote:
> > > >
> > > > > -----Original Message-----
> > > > > From: devel@edk2.groups.io
> > > [mailto:devel@edk2.groups.io] On Behalf Of Ard
> > > > > Biesheuvel
> > > > > Sent: Saturday, April 20, 2019 6:35 PM
> > > > > To: devel@edk2.groups.io
> > > > > Cc: Wu, Hao A; Wang, Jian J; Kinney, Michael D;
> Ard
> > > Biesheuvel
> > > > > Subject: [edk2-devel] [PATCH v2]
> > > MdeModulePkg/DxeCapsuleLibFmp: avoid
> > > > > ESRT accesses at runtime
> > > >
> > > > Hello Ard,
> > > >
> > > > It seems to me v2 patch makes a copy of the ESRT
> for
> > > runtime usage (rather
> > > > than avoid using ESRT), so the title of the commit
> > > may need update as
> > > > well.
> > > >
> > > > Could you help to update the patch subject when
> you
> > > push the change?
> > > >
> > > > Other than that, the patch looks good to me. But I
> > > would like to see if
> > > > Mike has additional comments on this:
> > > >
> > > > Acked-by: Hao Wu <hao.a.wu@intel.com>
> > > >
> > >
> > > Thanks Hao. I will modify the subject to 'clone ESRT
> > > for runtime access'
> > >
> > > Mike: any comments?
> > >
> > >
> >
> >
> > 
> >

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#39378): https://edk2.groups.io/g/devel/message/39378
Mute This Topic: https://groups.io/mt/31254157/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v2] MdeModulePkg/DxeCapsuleLibFmp: avoid ESRT accesses at runtime
Posted by Ard Biesheuvel 5 years ago 
On Tue, 23 Apr 2019 at 01:02, Michael D Kinney
<michael.d.kinney@intel.com> wrote:
>
> Ard,
>
> I agree. Only consumer is only the DxeCapsuleLibFmp
> itself.
>
> I see I had a typo on the second option.  The
> statement to add after the copy and ASSERT()
> would be:
>
>   mEsrtTable->FwResourceCountMax = FwResourceCount;
>

I have added the following

    //
    // Set FwResourceCountMax to a sane value.
    //
    mEsrtTable->FwResourceCountMax = mEsrtTable->FwResourceCount;

and committed as 2c0d39ac4704b76b7efb67b0aee23c2e78045cbc

Thanks all

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#39421): https://edk2.groups.io/g/devel/message/39421
Mute This Topic: https://groups.io/mt/31254157/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.