From nobody Thu May 16 18:24:46 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+112025+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1701682869518674.6157619139998; Mon, 4 Dec 2023 01:41:09 -0800 (PST) Return-Path: DKIM-Signature: a=rsa-sha256; bh=r5fYzh1LYiD3ZwSsbyHfDMj64bnXv0U3ifDG4yX94Cg=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1701682869; v=1; b=ZgoBmfCVGu7qTP6jygf4OpxwMztGobOpDKg8mYI+xepj9mBY/tw/ll6nvTD0ezTRqB1sEaYi m6VD+02Ybw3Qc5VCbXoBpOCU8dspzJej0PRInSelz2H6eFzTgCexyryya9dTBMxwjLJEJ6OLxaV K0ukBNji1O+ImvIuLMCHmxzk= X-Received: by 127.0.0.2 with SMTP id IciPYY1788612xLkkzYpvidN; Mon, 04 Dec 2023 01:41:09 -0800 X-Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.59]) by mx.groups.io with SMTP id smtpd.web10.65920.1701682863425665195 for ; Mon, 04 Dec 2023 01:41:03 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JxSm9RbU+U8TqWZKgsztrX86nSvMFGsogApPVF9UW3mJOyYeuKlfMdBAdBwr4uX1HEByErjEWCbDgfO8r72f3tf0ogyclR8TQ1eiTigebef4Hf96XJMca39MMzCbIIrx4o4rlF3I+zdsoLd9pobtiopzpqV8N9RP8DokqfOlHb4+A41nGE6alRXoIvvWi652RnW9GFqbC6q3eiKc1GFzNaEQrwKpIGziOeaG0GQvkSD2JjF83/d/FvNcR7W3XnyatSdftaee0PBYX/Zc4yMZNAfI6iuAklQRxvx7kze85ZiA1C9jgPLCEXoCjybhhvSJxaFuielwoftyNyKTDtm8bA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=oOnQFhXuRvJa6sb4R5PBpdns+1dopr9kgDVtJhndRBU=; b=dmylpefuesy4h7dX8KVCs5QwW2qgilX0DrJ2eWbetOkb6Oh7VgrHBq7Byzdwc67U+AktmE7asnSINrdCIxlgxJ/IjkMvIn3AxBrZT7/XlxeCpaa0nX+11xDVSlauitq0DFankji9aYKxmaNXOzOF1zhLp2xDBpg5dXeJvOn/i7eDG8klc2pd57KmLG3bC6rkNROmMXJZfE72u/m4dPST0NSGhIFuzgSjjlxYyy6Kh2r1xjltVZ16Ybpvs+vITPT9G+wpwfZQBZul9wzmiTqxI9kizNSM5lfez3FrGnc4eB66wQ19vStqABLvXOjY7ZD/Qafeva9kUXRhJ3swS+X8Jw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.161) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) X-Received: from DS7PR05CA0066.namprd05.prod.outlook.com (2603:10b6:8:57::11) by DM3PR12MB9328.namprd12.prod.outlook.com (2603:10b6:0:44::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7046.33; Mon, 4 Dec 2023 09:41:00 +0000 X-Received: from CY4PEPF0000EE35.namprd05.prod.outlook.com (2603:10b6:8:57:cafe::93) by DS7PR05CA0066.outlook.office365.com (2603:10b6:8:57::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7068.23 via Frontend Transport; Mon, 4 Dec 2023 09:41:00 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+112025+1787277+3901457@groups.io; helo=mail02.groups.io; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C X-Received: from mail.nvidia.com (216.228.117.161) by CY4PEPF0000EE35.mail.protection.outlook.com (10.167.242.41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7068.20 via Frontend Transport; Mon, 4 Dec 2023 09:41:00 +0000 X-Received: from rnnvmail203.nvidia.com (10.129.68.9) by mail.nvidia.com (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Mon, 4 Dec 2023 01:40:46 -0800 X-Received: from rnnvmail201.nvidia.com (10.129.68.8) by rnnvmail203.nvidia.com (10.129.68.9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Mon, 4 Dec 2023 01:40:46 -0800 X-Received: from NV-CL38DL3.nvidia.com (10.127.8.13) by mail.nvidia.com (10.129.68.8) with Microsoft SMTP Server id 15.2.986.41 via Frontend Transport; Mon, 4 Dec 2023 01:40:45 -0800 From: "Nickle Wang via groups.io" To: CC: Abner Chang , Igor Kulchytskyy , "Nick Ramirez" Subject: [edk2-devel] [edk2-redfish-client][PATCH v2] RedfishClientPkg/RedfishFeatureUtilityLib: validate string array Date: Mon, 4 Dec 2023 17:40:44 +0800 Message-ID: <20231204094044.23207-1-nicklew@nvidia.com> MIME-Version: 1.0 X-NV-OnPremToCloud: ExternallySecured X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EE35:EE_|DM3PR12MB9328:EE_ X-MS-Office365-Filtering-Correlation-Id: 4d5e802c-a487-43c0-081e-08dbf4ad1fe8 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: 3O8zqzmAK3chkof0sM5QD4Npx4ZtEiwpwJW/Phat+5A2FFaGKYVUDQCYDKe6jRorsijix3vWI+VLs8YIkLzYhrCsErO0PV6cA0X2U7EJpQhZAt55/Ss+h8xZesZ6g6devVsIu3mRUp/1NFX/n196yElkXPpZ5iSzVZJvcac0QXVU+awAi+wyWso4RH8ElJ+ApewbOMFo3BugdBd/GzSLZZE2ANOV9u8lgXpGeOYX4OP26URfTyi9rfGQ1pVyxtWrOKvvsDP2QWn68A4kTGwI2DmzxCnrB15Gx03CJwEaEjstq1plM1HqaI8souE3kBRiVWF2QCaly1HOoYYTdMRPX7iBDv7ytCElWRLiKUE+DxIqGZIFXHse/QebImKZiprAJATXYvn9OFK2tWFjMe5sLrsmKRNgDXF+fkKG6sdI03eCxroupMHkyXSpfUwSalfTb1y92ZGFaBLZ9iDK/IRYs2j9tk92YvJ3iOL9GATG8ddVG1aFbZAHb58hYzr7CVSJRuX42A/McLebvwxZ8S9gJ9CcO+uvSsWHlNNeSlrcYa1b59gHjik2Ll6PWkhvx1zg80dDuILWS781C4v5/Nwqv1XEke32QM5V5yjwP700lkxUcM7AZ7p/oXQFrrfOmwoFYUYzQzEE3IxCwf71QUAZXSrqkMqdjhka88m7HC5vl2qgAyDzxL2bdlMKcfLkgm8XaWqK8ZBCKY24YO0J5dQRjXhOb3vZD8Vy8j4fdzf3EriI+j8M0zxnGKv4wSmnhZjS X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Dec 2023 09:41:00.3783 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4d5e802c-a487-43c0-081e-08dbf4ad1fe8 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.117.161];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EE35.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM3PR12MB9328 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,nicklew@nvidia.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: WVIoxMiCKBfR6AxOH9u4GfpEx1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1701682871762100003 Content-Type: text/plain; charset="utf-8" Add function ValidateRedfishStringArrayValues to validate Redfish request for string array type. There is case that user request invalid string array and feature driver can not find corresponding HII option. Signed-off-by: Nickle Wang Cc: Abner Chang Cc: Igor Kulchytskyy Cc: Nick Ramirez Reviewed-by: Igor Kulchytskyy --- .../Library/RedfishFeatureUtilityLib.h | 28 +++ .../RedfishFeatureUtilityLib.c | 187 ++++++++++++++---- 2 files changed, 172 insertions(+), 43 deletions(-) diff --git a/RedfishClientPkg/Include/Library/RedfishFeatureUtilityLib.h b/= RedfishClientPkg/Include/Library/RedfishFeatureUtilityLib.h index 6347585c..24f0ad24 100644 --- a/RedfishClientPkg/Include/Library/RedfishFeatureUtilityLib.h +++ b/RedfishClientPkg/Include/Library/RedfishFeatureUtilityLib.h @@ -990,4 +990,32 @@ GetPendingSettings ( OUT EFI_STRING *SettingUri ); =20 +/** + This function goes through Head and StringArray to check below: + 1) Check and see if value in Redfish string array can be found in HII + configuration string array. This is to see if there is any invalid + values from Redfish. + 2) Check and see if size of Head is the same as ArraySize. + 3) Check and see if value in Redfish string array are all the same as th= e one + from HII configuration. + + @param[in] Head The head of string array. + @param[in] StringArray Input string array. + @param[in] ArraySize The size of StringArray. + @param[out] ValueChanged TRUE when The order of Head is not the same as= the order of StringArray. + FALSE when Head and StringArray are identical. + + @retval EFI_INVALID_PARAMETER Input parameter is NULL or ArraySize is = 0. + @retval EFI_NOT_FOUND The element in Head cannot be found in S= tringArray. This is invalid request. + @retval EFI_BAD_BUFFER_SIZE The size of Head is not the same as the = size of StringArray. This is invalid request. + +**/ +EFI_STATUS +ValidateRedfishStringArrayValues ( + IN RedfishCS_char_Array *Head, + IN CHAR8 **StringArray, + IN UINTN ArraySize, + OUT BOOLEAN *ValueChanged + ); + #endif diff --git a/RedfishClientPkg/Library/RedfishFeatureUtilityLib/RedfishFeatu= reUtilityLib.c b/RedfishClientPkg/Library/RedfishFeatureUtilityLib/RedfishF= eatureUtilityLib.c index 6652539c..07033488 100644 --- a/RedfishClientPkg/Library/RedfishFeatureUtilityLib/RedfishFeatureUtili= tyLib.c +++ b/RedfishClientPkg/Library/RedfishFeatureUtilityLib/RedfishFeatureUtili= tyLib.c @@ -866,6 +866,7 @@ ApplyFeatureSettingsStringArrayType ( EDKII_REDFISH_VALUE RedfishValue; UINTN Index; RedfishCS_char_Array *Buffer; + BOOLEAN ValueChanged; =20 if (IS_EMPTY_STRING (Schema) || IS_EMPTY_STRING (Version) || IS_EMPTY_ST= RING (ConfigureLang) || (ArrayHead =3D=3D NULL)) { return EFI_INVALID_PARAMETER; @@ -886,61 +887,69 @@ ApplyFeatureSettingsStringArrayType ( } =20 // - // If there is no change in array, do nothing + // Validate input string array from BMC to see: + // 1) String array from BMC is valid or not. + // 2) If there is no change in array, do nothing. // - if (!CompareRedfishStringArrayValues (ArrayHead, RedfishValue.Value.Stri= ngArray, RedfishValue.ArrayCount)) { - // - // Apply settings from redfish - // - DEBUG ((DEBUG_MANAGEABILITY, "%a: %a.%a apply %s for array\n", __func_= _, Schema, Version, ConfigureLang)); - FreeArrayTypeRedfishValue (&RedfishValue); - - // - // Convert array from RedfishCS_char_Array to EDKII_REDFISH_VALUE - // - RedfishValue.ArrayCount =3D 0; - Buffer =3D ArrayHead; - while (Buffer !=3D NULL) { - RedfishValue.ArrayCount +=3D 1; - Buffer =3D Buffer->Next; - } + Status =3D ValidateRedfishStringArrayValues (ArrayHead, RedfishValue.Val= ue.StringArray, RedfishValue.ArrayCount, &ValueChanged); + if (!EFI_ERROR (Status)) { + if (ValueChanged) { + // + // Apply settings from redfish + // + DEBUG ((DEBUG_MANAGEABILITY, "%a: %a.%a apply %s for array\n", __fun= c__, Schema, Version, ConfigureLang)); + FreeArrayTypeRedfishValue (&RedfishValue); =20 - // - // Allocate pool for new values - // - RedfishValue.Value.StringArray =3D AllocatePool (RedfishValue.ArrayCou= nt *sizeof (CHAR8 *)); - if (RedfishValue.Value.StringArray =3D=3D NULL) { - ASSERT (FALSE); - return EFI_OUT_OF_RESOURCES; - } + // + // Convert array from RedfishCS_char_Array to EDKII_REDFISH_VALUE + // + RedfishValue.ArrayCount =3D 0; + Buffer =3D ArrayHead; + while (Buffer !=3D NULL) { + RedfishValue.ArrayCount +=3D 1; + Buffer =3D Buffer->Next; + } =20 - Buffer =3D ArrayHead; - Index =3D 0; - while (Buffer !=3D NULL) { - RedfishValue.Value.StringArray[Index] =3D AllocateCopyPool (AsciiStr= Size (Buffer->ArrayValue), Buffer->ArrayValue); - if (RedfishValue.Value.StringArray[Index] =3D=3D NULL) { + // + // Allocate pool for new values + // + RedfishValue.Value.StringArray =3D AllocatePool (RedfishValue.ArrayC= ount *sizeof (CHAR8 *)); + if (RedfishValue.Value.StringArray =3D=3D NULL) { ASSERT (FALSE); - FreePool (RedfishValue.Value.StringArray); return EFI_OUT_OF_RESOURCES; } =20 - Buffer =3D Buffer->Next; - Index++; - } + Buffer =3D ArrayHead; + Index =3D 0; + while (Buffer !=3D NULL) { + RedfishValue.Value.StringArray[Index] =3D AllocateCopyPool (AsciiS= trSize (Buffer->ArrayValue), Buffer->ArrayValue); + if (RedfishValue.Value.StringArray[Index] =3D=3D NULL) { + ASSERT (FALSE); + FreePool (RedfishValue.Value.StringArray); + return EFI_OUT_OF_RESOURCES; + } =20 - ASSERT (Index <=3D RedfishValue.ArrayCount); + Buffer =3D Buffer->Next; + Index++; + } =20 - Status =3D RedfishPlatformConfigSetValue (Schema, Version, ConfigureLa= ng, RedfishValue); - if (!EFI_ERROR (Status)) { - // - // Configuration changed. Enable system reboot flag. - // - REDFISH_ENABLE_SYSTEM_REBOOT (); + ASSERT (Index <=3D RedfishValue.ArrayCount); + + Status =3D RedfishPlatformConfigSetValue (Schema, Version, Configure= Lang, RedfishValue); + if (!EFI_ERROR (Status)) { + // + // Configuration changed. Enable system reboot flag. + // + REDFISH_ENABLE_SYSTEM_REBOOT (); + } else { + DEBUG ((DEBUG_ERROR, "%a: apply %s array failed: %r\n", __func__, = ConfigureLang, Status)); + } } else { - DEBUG ((DEBUG_ERROR, "%a: apply %s array failed: %r\n", __func__, Co= nfigureLang, Status)); + DEBUG ((DEBUG_ERROR, "%a: %a.%a %s array value has no change\n", __f= unc__, Schema, Version, ConfigureLang)); } } else { - DEBUG ((DEBUG_ERROR, "%a: %a.%a %s array value has no change\n", __fun= c__, Schema, Version, ConfigureLang)); + DEBUG ((DEBUG_ERROR, "%a: %a.%a %s array value has invalid element, sk= ip!\n", __func__, Schema, Version, ConfigureLang)); + Status =3D EFI_DEVICE_ERROR; } =20 for (Index =3D 0; Index < RedfishValue.ArrayCount; Index++) { @@ -3817,6 +3826,98 @@ CompareRedfishPropertyVagueValues ( return TRUE; } =20 +/** + This function goes through Head and StringArray to check below: + 1) Check and see if value in Redfish string array can be found in HII + configuration string array. This is to see if there is any invalid + values from Redfish. + 2) Check and see if size of Head is the same as ArraySize. + 3) Check and see if value in Redfish string array are all the same as th= e one + from HII configuration. + + @param[in] Head The head of string array. + @param[in] StringArray Input string array. + @param[in] ArraySize The size of StringArray. + @param[out] ValueChanged TRUE when The order of Head is not the same as= the order of StringArray. + FALSE when Head and StringArray are identical. + + @retval EFI_INVALID_PARAMETER Input parameter is NULL or ArraySize is = 0. + @retval EFI_NOT_FOUND The element in Head cannot be found in S= tringArray. This is invalid request. + @retval EFI_BAD_BUFFER_SIZE The size of Head is not the same as the = size of StringArray. This is invalid request. + +**/ +EFI_STATUS +ValidateRedfishStringArrayValues ( + IN RedfishCS_char_Array *Head, + IN CHAR8 **StringArray, + IN UINTN ArraySize, + OUT BOOLEAN *ValueChanged + ) +{ + UINTN Index; + UINTN ArrayIndex; + UINTN FirstMismatch; + RedfishCS_char_Array *CharArrayBuffer; + + if ((Head =3D=3D NULL) || (StringArray =3D=3D NULL) || (ArraySize =3D=3D= 0) || (ValueChanged =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + *ValueChanged =3D FALSE; + CharArrayBuffer =3D Head; + Index =3D 0; + FirstMismatch =3D 0; + while (CharArrayBuffer !=3D NULL) { + // + // If the size of Head is bigger than StringArray, we still like to kn= ow how many + // element in Head. So we have this check to prevent buffer overflow. + // + if (Index < ArraySize) { + // + // Check to see if CharArrayBuffer and StringArray are identical at = same position. + // + if (AsciiStrCmp (StringArray[Index], CharArrayBuffer->ArrayValue) != =3D 0) { + if (*ValueChanged =3D=3D FALSE) { + *ValueChanged =3D TRUE; + FirstMismatch =3D Index; + } + + // + // CharArrayBuffer is not the same as the StringArray at Index. So= the + // value is changed. But we still have to go through StringArray t= o see + // if CharArrayBuffer can be found in StringArray or not. If not, = Head + // is invalid input from BMC. + // + for (ArrayIndex =3D FirstMismatch; ArrayIndex < ArraySize; ArraySi= ze++) { + if (AsciiStrCmp (StringArray[ArrayIndex], CharArrayBuffer->Array= Value) =3D=3D 0) { + break; + } + } + + if (ArrayIndex =3D=3D ArraySize) { + DEBUG ((DEBUG_ERROR, "%a: input string: %a is not found in HII s= tring list\n", __func__, CharArrayBuffer->ArrayValue)); + return EFI_NOT_FOUND; + } + } + } + + Index++; + CharArrayBuffer =3D CharArrayBuffer->Next; + } + + // + // Check to see if the number of string from Redfish equals to the + // number of string returned by HII. HII only accepts the same + // number of string array due to the design or HII ordered list. + // + if (Index !=3D ArraySize) { + DEBUG ((DEBUG_ERROR, "%a: input string size: %d is not the same as HII= string list size: %d\n", __func__, Index, ArraySize)); + return EFI_BAD_BUFFER_SIZE; + } + + return EFI_SUCCESS; +} + /** =20 Install Boot Maintenance Manager Menu driver. --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#112025): https://edk2.groups.io/g/devel/message/112025 Mute This Topic: https://groups.io/mt/102967620/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-