Fix memory leaks by adding missing FreePool calls:
release SpiHcHandles in SpiBusEntry exit path.
REF: https://uefi.org/sites/default/files/resources/UEFI_Spec_Final_2.11.pdf
Chapter 7.3.15: "Services - Boot Services.LocateHandleBuffer":
It is the caller's responsibility to call the Boot Service.FreePool when
the caller no longer requires the contents of Buffer.
Signed-off-by: Dongyan Qian <qiandongyan@loongson.cn>
Issue : When user access "Boot Maintenance Manager Menu/Secure Boot
Configuration Menu" with PcdNullPointerDetectionPropertyMask|0x03 and
PcdHeapGuardPageType|0x7FFF protection policy set,
we get X64 Exception Type - 0E(#PF - Page-Fault)
Root cause : When user access "Boot Maintenance Manager Menu/Secure Boot
Configuration Menu", BIOS calls FindQuestionDefaultSetting function and
send EFI VarStore header pointer to AuthFindVariableData function.
When header pointer is NULL, it send NULL pointer to AuthFindVariableData
function and causes the page fault.
Fix : Database.c: In function FindQuestionDefaultSetting, added
NULL pointers check, so that when EFI VarStore header argument is passed
to AuthFindVariableData function, NULL pointer access will not happen.
Test: Cross verified while accessing the "Boot Maintenance Manager Menu/
Secure Boot Configuration Menu" page.
Signed-off-by: DeepakX Singh <deepakx.singh@intel.com>
The latest VS2022 update replaces some code patterns with struct
assignments with `memcpy`. This change convert the code to
explicitly use `CopyMem`.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
This change moves the existing ConvertEfiGuidToUuid function to public
interface to support newly defined functions prototypes.
This change also adds the `ArmConvertUuidToEfiGuid` function
implementation, which is an inverse of the original conversion.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
This is needed in a MM_CORE_STANDALONE module. Since this null
instance is so simple, remove individual module types to allow
it be integrated more easily.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
- Updated the PciGetBusRange function signature to use IN OUT for
the Descriptors parameter.
- Introduced a new DescriptorsBuffer variable in PciLib.c to
temporarily hold descriptor data.
- Clean up DescriptorsBuffer and set Descriptors to NULL after use.
Co-authored-by: Michael Kubacki <michael.kubacki@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
When building with gcc 15.1, building RegularExpressionDxe fails
because it can't find the type ptrdiff_t. Therefore, add a typedef
for it in OniguramaUefiPort.h.
Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
If there is a slow device on the PCI Bus, and the HostBridge is
programmed to allow CRS, the slow device may return 0x0001 to inform the
config space reader of the Vendor Id that pci device is not ready. The
current PciBus enumerator will treat 0001 as a valid Vendor Id, but it
is not. It indicates that all other config space is invalid. This code
changes that operation to skip slow devices.
PCI EXPRESS BASE SPECIFICATION, REV. 3.1 section
2.3.1 Request Handling Rules.
Signed-off-by: Aaron Pop <aaronpop@microsoft.com>
commit 26fb5edff3
("MdeModulePkg/ArmFfaLib: Add depex on gEfiPeiMemoryDiscoveredPpiGuid")
restricts ArmFfaPeiLib usage only after PEI phase can be used
permanent memory. However, This would be problem for PEIM
which runs before gEfiPeiMemoryDiscoveredPpiGuid Ppi installed.
(i.e) Tcg2Pei PEIM.
To resolve this, remove dependency on gEfiPeiMemoryDiscoveredPpiGuid
and let ArmFfaPeiLib remap the Rx/Tx buffer after
gEfiPeiMemoryDiscoveredPpiGuid is installed so that ArmFfaPeiLib can be
used with temporary memory.
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
Fixes: 26fb5edff3 ("MdeModulePkg/ArmFfaLib: ...")
The BlockSize calculation was missing the 0 terminator which caused the
string block to shrink by 1 every time the string was processed.
Therefore causing memory corruptions, because the string took more
memory space as was allocated for the string block therefore corrupting
the memory pool at the end (which caused an ASSERT upon trying to free
it).
Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com>
https://www.usb.org/sites/default/files/hid1_11.pdf
Appendix B, B.2 Protocol 2 (Mouse) details the information
returned by a usb mouse HID.
bytes 3..n are specific to the device, but are used by absolute
pointer devices to return a z axis.
Prior to this change, the existing code was reusing the X value for
the Z axis, which was incorrect.
For usb devices which do not return enough data for a z axis,
this change will be a no-op.
Signed-off-by: Aaron Pop <aaronpop@microsoft.com>
The DebugImageInfoTable contains an array of image info
structures. The current implementation removes an entry by
freeing the info structure and putting NULL in that entry of
the array. It then decrements the table size tracked in the table.
However, the array is invalid at this point, it contains a NULL
entry, which the UEFI spec does not envision and it contains a valid
entry past the end of the array as tracked in the spec defined config
table. If the table is consumed at this point it can lead to an
invalid assessment of the image state, which defeats the purpose of
the table.
When a new info structure is added, it then scans for the first NULL
entry adds a pointer to the new info structure there and increments
the table size to cover the entrythat was formerly past the end of
the array.
The current implementation requires that once an unload happens,
more loads happen than unloads and that the last operation is not
an unload (which won't be true in the shell, e.g.). This is
needlessly complex, as the order of the table doesn't matter
(and in fact this implementation doesn't preserve image loading
order either).
This patch updates the removal function to free the desired
info structure, move the last entry of the array to this freed
spot, mark the last entry as NULL, and decrement the table count.
The entry addition function then just always puts a new entry at
the end of the array, expanding it as necessary. This simplifies
the logic and covers the gaps that were present.
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
Commit 5ccb5fff02 updated the
image memory protection code to set the protection
attributes through the GCD instead of directly to the page
table. However, this code had an implicit assumption that
each base address passed to it was the beginning of a GCD
descriptor. On the virtual platforms tested, this was the case.
However, on a physical platform, a scenario was encountered
where the base address was not the beginning of a GCD
descriptor, thus causing memory attributes to be applied
incorrectly.
This assumption does not need to be made and this patch
updates the code to handle the case where the base address
is not the beginning of a GCD descriptor.
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
CoreDumpGcdMemorySpaceMap() gets called on every update to
the GCD, but it only prints if DEBUG_GCD is set. However,
the compiler is not smart enough to remove all of this logic
if we are not printing anything, so we end up needlessly
allocating memory for the copy of the map and spending many
cycles looping through each entry, only to not print anything.
This code is compiled out on release builds, but slows down
debug builds that aren't printing at DEBUG_GCD level.
This patch updates CoreDumpGcdMemorySpaceMap() to shortcircuit
and immediately exit if DEBUG_GCD is not set. It also adds
the same logic to CoreDumpGcdIoSpaceMap(), which is called
less frequently, but has the same issue.
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
The pointer `Instance->SfdpBasicFlash` can be used before initializing.
Example code flow:
- CreateSpiNorFlashSfdpInstance: Allocate pool for `Instance`
- InitialSpiNorFlashSfdpInstance
- ReadSfdp
- ReadSfdpHeader
- FillWriteBuffer: Dereferencing
`Instance->SfdpBasicFlash`
- ReadSfdpBasicParameterTable: Allocate pool for
`Instance->SfdpBasicFlash`
Check both `Instance` and `Instance->SfdpBasicFlash` should have
a non null value before dereferencing it. Otherwise use the defaut
value 0.
Also terminate the function if `Instance` or `WriteBuffer` is NULL.
Signed-off-by: Paddy Deng <v-paddydeng@microsoft.com>
1. Got RSDP table which installed during the FSP phase from Hob,
then pass it to the DXE AcpiTableInstance.
2. Got XSDT from RSDP and extract necessary data from XSDT,
according to the old XSDT to Initialize a new XSDT.
3. Re-install ACPI table from old XSDT to the new XSDT.
a. If Hob has DSDT table then re-install DSDT table in the new XSDT.
If not, then skip it.
b. If Hob has FACS table then re-install FACS table in the new XSDT.
If not, then skip it.
Signed-off-by: George Liao <george.liao@intel.com>
Patch 8d03c42d38 ("ArmPkg: ArmFfaLib: Update FF-A direct message
to support 18 registers") calls SMCCC_VERSION by default during
FF-A initialization even if the SMC conduit is not enabled. This
leads to sending malformed FF-A versions if the SVC conduit is
used instead.
This is observed for example when using an SPMC@EL-1 (e.g. rust-spmc)
which receives the FF-A message via an SVC call and interprets
SMCCC_VERSION as an FF-A Function ID and subsequently fails to
handle it.
Since 18-register support is only support with FF-A >= 1.2, replace
SMCCC_VERSION check with FF-A version check
Signed-off-by: Mohamed Gamal Morsy <mohamed.morsy@arm.com>
Today, SetUefiImageMemoryAttributes calls directly to the
CPU Arch protocol to set EFI_MEMORY_XP or EFI_MEMORY_RO on
image memory. However, this bypasses the GCD and so the GCD
is out of sync with the actual state of memory.
This can cause an issue in the scenario where a new attribute
is being set (whether a virtual attribute or a real HW attribute),
if the GCD attributes are queried for a region and the new attribute
is appended to the existing GCD attributes (which are incorrect),
then the incorrect attributes can get applied. This can result in
setting EFI_MEMORY_XP on code sections of images and causing an
execution fault.
This patch updates SetUefiImageMemoryAttributes to call into the
GCD to update the attributes there and let the GCD code call into
the CPU Arch protocol to update the page table.
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
The print that describes memory attributes being applied to image
memory sections is currently at info level and very noisy, being
printed multiple times per image.
Reduce this to the verbose logging level.
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
Sometimes the controller name is not present, add BmGetDriverName
to retrieve the driver name.(Like DriverHealthManagerDxe)
Signed-off-by: Yang Gang <yanggang@byosoft.com.cn>
Function `PrintStringAt` returns the count of Unicode character, which
is not correct for computing column offset when display empty string if
wide character is introduced. `GetStringWidth (String) / 2 - 1` is
suitable option which is compatible with wide and narrow characters.
Cc: Lichao <lichao@loongson.cn>
Cc: Qian Dongyan <qiandongyan@loongson.cn>
Signed-off-by: Gao Qihang <gaoqihang@loongson.cn>
If ArmFfaLibRxTxMap is called before permanent memory is installed the
memory allocated for the FF-A buffers will be migrated to the permanent
memory after it is installed without updating gArmFfaRxTxBufferInfoGuid
or unmapping the old buffers and mapping the updated buffers.
An ASSERT in MemoryServices at ExitBootServices is triggered when
ArmFfaDxeLib tries to call FreeAlignedPages on the original buffer
reference.
Add depex on gEfiPeiMemoryDiscoveredPpiGuid for ArmFfaPeiLib so any
Peims that use FF-A are only dispatched after permanent memory is
available.
Signed-off-by: Anubhav Raina <anubhav.raina@arm.com>
With current implemenation, all 3 SmmCommunication* functions go through
the same routine, which will dereference the incoming pointer to inspect
whether this is a V3 buffer or not.
However, the caller always pass in the physical addresses, which could
cause the system to page fault after OS take over the runtime control.
This change reverted the common routine to its previous form to handle MM
communicate v1 and v2. Additionally, a specific communicate function for
v3 was created to support MM communicate v3.
Co-authored-by: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
This commit is to add two new APIs in MdeModulePkg
BaseHobLibNull:
1.The GetNextMemoryAllocationGuidHob () returns the next
instance of the Memory Allocation HOB with the matched
GUID from a starting HOB pointer.
2.The TagMemoryAllocationHobWithGuid () searchs the HOB
list for the Memory Allocation HOB with a matching base
address and set the Name GUID. Then the instance of the
tagged Memory Allocation HOB with matched base address is
returned.
Signed-off-by: Dun Tan <dun.tan@intel.com>
When a USB mass storage device is not ready (e.g., still powering up
or the hard disk has not reached the desired RPM), the ExecCommand
function fails.This failure is not a true error. Logging it as
DEBUG_ERROR will generate logs for properly functioning devices as
well, potentially flooding logs for older devices.
As mentioned in the command, proper error information retrieval
should occur in the sense request. The solution is to downgrade
the log level from DEBUG_ERROR to DEBUG_INFO.
Signed-off-by: Jack Pham <jackp@qti.qualcomm.com>
During USB mass storage enumeration, if a USB transfer fails due to any
other reason, UsbMassStorageDxe will attempt to reset the device.
With the commit ed07a2bb11 ("MdeModulePkg/UsbBusDxe: USB issue fix when
the port reset"), UsbIoPortReset now tears down the USB device context
and reinstalls it (via DisconnectController & ConnectController).
This process is not handled by the UsbMassDriver, causing the upper
layer to access an old pointer that has been freed during the teardown,
leading to a crash.
Example:
UsbMassReadBlocks (Failed)
-> UsbMassReset
-> UsbBotResetDevice
-> UsbIoPortReset (teardown + reinstall and return)
Now the UsbBot context pointer is invalidated and pointing to freed
memory.
-> UsbBot->UsbIo->UsbControlTransfer() therefore accesses a invalid
pointer and crashes.
The fix is to ignore the ExtendedVerification, which is supposed to
perform a more exhaustive verification operation during the reset. In
MassStorageDxe, ExtendedVerification perform the parent port reset
(UsbIoPortReset). Ultimately, the MassStorage device should not reset
the parent port due to a transfer error. By not performing any extended
verification, the teardown is prevented, thereby avoiding the crash.
Signed-off-by: Jack Pham <jackp@qti.qualcomm.com>
In general, for all HOB related content, the HOB structures must be designed so that natural alignment across all execution modes and byte-packed alignment are the same. Ensure ReturnStatus is aligned on 64 bit to achieve the same.
Signed-off-by: Dhaval Sharma <dhaval@rivosinc.com>
After d433b4c8e4 ("OvmfPkg/PlatformBootManagerLib: Register UiApp as
an optional boot option") UiApp can be found among the boot options
without the LOAD_OPTION_HIDDEN flag set. This means that it can appear
in the list of available entries. This can be confusing.
Starting from the UiApp guid, add a check on the Device Path on all the
available entries, if it matches, skip the entry.
Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
Currently, ArmFfaLib uses an internally defined Guided HOB to pass
information about the Rx/Tx buffer set up by the first executing agent.
However, the GUID definition is solely specified in the DEC file, which
is inconsistent with other GUID definitions in MdeModulePkg. This change
relocates the GUID definition to the Include/Guid folder to ensure
consistency across the package.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
ArmFfaLib is an implementation of an industry specification-defined
interface with UEFI specific method of handling Rx/Tx buffer sharing
across multiple boot phases, which is more appropriately placed in
MdeModulePkg.
This update relocates the implementation of ArmFfaLib to MdeModulePkg,
thereby supporting the FFA call primitives for all other packages that
depend on this interface.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
If the column width of screen cannot be divisible by three, one or two
rows will be superfluous in the 3rd column. so, Optimize calculation method
of 3rd cloumn to fill entire row.
Signed-off-by: Gao Qihang <gaoqihang@loongson.cn>
Adds `gEfiEventExitBootServicesGuid` to the `[Guids]` section and
removes `gEdkiiSmmExitBootServicesProtocolGuid` from the
`[Protocols]` section for the current implementation.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Hot Pluggable resource attribute was introduced in UEFI 2.11 and PI 1.9
specifications.
This type should have an entry in the Attribute Conversion Table.
Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
The values of BootRecordDataPayloadSize and CommSize are incorrect.
BootRecordDataPayloadSize should equal to
SmmBootRecordDataSize - SmmBootRecordDataRetrieved
CommSize should equal to
OFFSET_OF (EFI_MM_COMMUNICATE_HEADER,Data) \
+ (UINTN)MmCommBufferHeader->MessageLength
SmmCommData->BootRecordSize should be set to BootRecordDataPayloadSize,
instead of the total size of entire Smm boot record data.
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
