1. Patchew
  2. EDK2
  3. View series

[edk2-devel] [PATCH v3 0/4] Bz4166: Integer Overflow in CreateHob()

Guo, Gua posted 4 patches 3 months, 2 weeks ago
Failed in applying to current master (apply log)
EmbeddedPkg/Library/PrePiHobLib/Hob.c         | 43 +++++++++++++++++++
MdeModulePkg/Core/Pei/Hob/Hob.c               |  2 +-
.../Arm/StandaloneMmCoreHobLib.c              | 35 +++++++++++++++
.../Library/PayloadEntryHobLib/Hob.c          | 43 +++++++++++++++++++
.../FitUniversalPayloadEntry.c                |  8 ++--
.../UefiPayloadEntry/UniversalPayloadEntry.c  |  8 ++--
6 files changed, 132 insertions(+), 7 deletions(-)
[edk2-devel] [PATCH v3 0/4] Bz4166: Integer Overflow in CreateHob()
Posted by Guo, Gua 3 months, 2 weeks ago 
From: Gua Guo <gua.guo@intel.com>

PR: https://github.com/tianocore/edk2/pull/5252

V3
1. UefiPayloadPkg/Hob: Integer : Add error handle

2. StandaloneMmPkg/Hob: Integer Overflow in : Add error handle

3. EmbeddedPkg/Hob: Integer Overflow in CreateHob() : Add error handle

V2
1. UefiPayloadPkg/Hob: Integer : Add Reviewed-by and Authored-by

2. StandaloneMmPkg/Hob: Integer Overflow in : Add Reviewed-by and Authored-by

3. EmbeddedPkg/Hob: Integer Overflow in CreateHob() : Add Reviewed-by and Authored-by

4. MdeModulePkg/Hob: Integer Overflow in CreateHob() : Add Authored-by

V1

1. UefiPayloadPkg/Hob: Integer

2. StandaloneMmPkg/Hob: Integer Overflow in

3. EmbeddedPkg/Hob: Integer Overflow in CreateHob()

4. MdeModulePkg/Hob: Integer Overflow in CreateHob()

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>

Cc: Gerd Hoffmann <kraxel@redhat.com>

Cc: John Mathew <john.mathews@intel.com>

Cc: Vincent Zimmer <vincent.zimmer@intel.com>

Cc: Sami Mujawar <sami.mujawar@arm.com>

Gua Guo (4):
  UefiPayloadPkg/Hob: Integer Overflow in CreateHob()
  StandaloneMmPkg/Hob: Integer Overflow in CreateHob()
  EmbeddedPkg/Hob: Integer Overflow in CreateHob()
  MdeModulePkg/Hob: Integer Overflow in CreateHob()

 EmbeddedPkg/Library/PrePiHobLib/Hob.c         | 43 +++++++++++++++++++
 MdeModulePkg/Core/Pei/Hob/Hob.c               |  2 +-
 .../Arm/StandaloneMmCoreHobLib.c              | 35 +++++++++++++++
 .../Library/PayloadEntryHobLib/Hob.c          | 43 +++++++++++++++++++
 .../FitUniversalPayloadEntry.c                |  8 ++--
 .../UefiPayloadEntry/UniversalPayloadEntry.c  |  8 ++--
 6 files changed, 132 insertions(+), 7 deletions(-)

--
2.39.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113639): https://edk2.groups.io/g/devel/message/113639
Mute This Topic: https://groups.io/mt/103675959/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v3 0/4] Bz4166: Integer Overflow in CreateHob()
Posted by Gerd Hoffmann 3 months ago 
On Fri, Jan 12, 2024 at 10:25:16AM +0800, gua.guo@intel.com wrote:
> From: Gua Guo <gua.guo@intel.com>
> 
> PR: https://github.com/tianocore/edk2/pull/5252

> Gua Guo (4):
>   UefiPayloadPkg/Hob: Integer Overflow in CreateHob()
>   StandaloneMmPkg/Hob: Integer Overflow in CreateHob()
>   EmbeddedPkg/Hob: Integer Overflow in CreateHob()
>   MdeModulePkg/Hob: Integer Overflow in CreateHob()

Ping.  What is the status here?

Patch 1/4 has been merged (commit 59f024c76ee5), the other tree patches
are missing still.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114204): https://edk2.groups.io/g/devel/message/114204
Mute This Topic: https://groups.io/mt/103675959/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v3 0/4] Bz4166: Integer Overflow in CreateHob()
Posted by Guo, Gua 3 months ago 
For MdeModulePkg, I think no need to change because no any logic change.

For StandaloneMmPkg and EmbeddedPkg
- Don't have enough abilities to close Sami Mujawar and Ni Ray open currently, so hold on the change until I find how to introduce Panic. So give up these two packages patch currently.

-----Original Message-----
From: Gerd Hoffmann <kraxel@redhat.com> 
Sent: Tuesday, January 23, 2024 10:50 PM
To: Guo, Gua <gua.guo@intel.com>
Cc: devel@edk2.groups.io; Ard Biesheuvel <ardb+tianocore@kernel.org>; Mathews, John <john.mathews@intel.com>; Zimmer, Vincent <vincent.zimmer@intel.com>; Sami Mujawar <sami.mujawar@arm.com>; jmaloy@redhat.com
Subject: Re: [PATCH v3 0/4] Bz4166: Integer Overflow in CreateHob()

On Fri, Jan 12, 2024 at 10:25:16AM +0800, gua.guo@intel.com wrote:
> From: Gua Guo <gua.guo@intel.com>
> 
> PR: https://github.com/tianocore/edk2/pull/5252

> Gua Guo (4):
>   UefiPayloadPkg/Hob: Integer Overflow in CreateHob()
>   StandaloneMmPkg/Hob: Integer Overflow in CreateHob()
>   EmbeddedPkg/Hob: Integer Overflow in CreateHob()
>   MdeModulePkg/Hob: Integer Overflow in CreateHob()

Ping.  What is the status here?

Patch 1/4 has been merged (commit 59f024c76ee5), the other tree patches are missing still.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114205): https://edk2.groups.io/g/devel/message/114205
Mute This Topic: https://groups.io/mt/103675959/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v3 0/4] Bz4166: Integer Overflow in CreateHob()
Posted by Gerd Hoffmann 3 months ago 
On Tue, Jan 23, 2024 at 03:16:32PM +0000, Guo, Gua wrote:
> For MdeModulePkg, I think no need to change because no any logic change.
> 
> For StandaloneMmPkg and EmbeddedPkg
> - Don't have enough abilities to close Sami Mujawar and Ni Ray open currently, so hold on the change until I find how to introduce Panic. So give up these two packages patch currently.

On StandaloneMmPkg: I think the patch is fine, I've replied in that
subthread.

On EmbeddedPkg:  I think the BuildGuidDataHob() callsites need review
whenever they do:

  (a) check the return value properly, or
  (b) allocate a fixed size HOB so the new check in CreateHob() can't
      fail.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114284): https://edk2.groups.io/g/devel/message/114284
Mute This Topic: https://groups.io/mt/103675959/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v3 0/4] Bz4166: Integer Overflow in CreateHob()
Posted by Guo, Gua 3 months ago 
Hi @Gerd Hoffmann

It's PR https://github.com/tianocore/edk2/pull/5298 if no more concern received, will merge it tomorrow morning.

Thanks,
Gua

-----Original Message-----
From: Gerd Hoffmann <kraxel@redhat.com> 
Sent: Wednesday, January 24, 2024 8:48 PM
To: Guo, Gua <gua.guo@intel.com>
Cc: devel@edk2.groups.io; Ard Biesheuvel <ardb+tianocore@kernel.org>; Mathews, John <john.mathews@intel.com>; Zimmer, Vincent <vincent.zimmer@intel.com>; Sami Mujawar <sami.mujawar@arm.com>; jmaloy@redhat.com
Subject: Re: RE: [PATCH v3 0/4] Bz4166: Integer Overflow in CreateHob()

On Tue, Jan 23, 2024 at 03:16:32PM +0000, Guo, Gua wrote:
> For MdeModulePkg, I think no need to change because no any logic change.
> 
> For StandaloneMmPkg and EmbeddedPkg
> - Don't have enough abilities to close Sami Mujawar and Ni Ray open currently, so hold on the change until I find how to introduce Panic. So give up these two packages patch currently.

On StandaloneMmPkg: I think the patch is fine, I've replied in that subthread.

On EmbeddedPkg:  I think the BuildGuidDataHob() callsites need review whenever they do:

  (a) check the return value properly, or
  (b) allocate a fixed size HOB so the new check in CreateHob() can't
      fail.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114370): https://edk2.groups.io/g/devel/message/114370
Mute This Topic: https://groups.io/mt/103675959/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v3 0/4] Bz4166: Integer Overflow in CreateHob()
Posted by Sami Mujawar 3 months, 1 week ago 
Hi Gua,

I don’t think handling the error one level up (i.e. only in the calling function) solves the problem in entirety, can you check please?
Example, now the crash can happen in BuildGuidDataHob() see https://github.com/tianocore/edk2/blob/master/EmbeddedPkg/Library/PrePiHobLib/Hob.c#L488-L490
I believe such cases are at other places as well.

I think it may be better to introduce a Panic() hander to fix this properly.

Regards,

Sami Mujawar

On 12/01/2024, 02:25, "gua.guo@intel.com <mailto:gua.guo@intel.com>" <gua.guo@intel.com <mailto:gua.guo@intel.com>> wrote:


From: Gua Guo <gua.guo@intel.com <mailto:gua.guo@intel.com>>


PR: https://github.com/tianocore/edk2/pull/5252 <https://github.com/tianocore/edk2/pull/5252>


V3
1. UefiPayloadPkg/Hob: Integer : Add error handle


2. StandaloneMmPkg/Hob: Integer Overflow in : Add error handle


3. EmbeddedPkg/Hob: Integer Overflow in CreateHob() : Add error handle


V2
1. UefiPayloadPkg/Hob: Integer : Add Reviewed-by and Authored-by


2. StandaloneMmPkg/Hob: Integer Overflow in : Add Reviewed-by and Authored-by


3. EmbeddedPkg/Hob: Integer Overflow in CreateHob() : Add Reviewed-by and Authored-by


4. MdeModulePkg/Hob: Integer Overflow in CreateHob() : Add Authored-by


V1


1. UefiPayloadPkg/Hob: Integer


2. StandaloneMmPkg/Hob: Integer Overflow in


3. EmbeddedPkg/Hob: Integer Overflow in CreateHob()


4. MdeModulePkg/Hob: Integer Overflow in CreateHob()


Cc: Ard Biesheuvel <ardb+tianocore@kernel.org <mailto:ardb+tianocore@kernel.org>>


Cc: Gerd Hoffmann <kraxel@redhat.com <mailto:kraxel@redhat.com>>


Cc: John Mathew <john.mathews@intel.com <mailto:john.mathews@intel.com>>


Cc: Vincent Zimmer <vincent.zimmer@intel.com <mailto:vincent.zimmer@intel.com>>


Cc: Sami Mujawar <sami.mujawar@arm.com <mailto:sami.mujawar@arm.com>>


Gua Guo (4):
UefiPayloadPkg/Hob: Integer Overflow in CreateHob()
StandaloneMmPkg/Hob: Integer Overflow in CreateHob()
EmbeddedPkg/Hob: Integer Overflow in CreateHob()
MdeModulePkg/Hob: Integer Overflow in CreateHob()


EmbeddedPkg/Library/PrePiHobLib/Hob.c | 43 +++++++++++++++++++
MdeModulePkg/Core/Pei/Hob/Hob.c | 2 +-
.../Arm/StandaloneMmCoreHobLib.c | 35 +++++++++++++++
.../Library/PayloadEntryHobLib/Hob.c | 43 +++++++++++++++++++
.../FitUniversalPayloadEntry.c | 8 ++--
.../UefiPayloadEntry/UniversalPayloadEntry.c | 8 ++--
6 files changed, 132 insertions(+), 7 deletions(-)


--
2.39.2.windows.1





IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114038): https://edk2.groups.io/g/devel/message/114038
Mute This Topic: https://groups.io/mt/103675959/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.