summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* FatPkg: Refine casting expression result to bigger sizeHao Wu2017-03-062-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are cases that the operands of an expression are all with rank less than UINT64/INT64 and the result of the expression is explicitly cast to UINT64/INT64 to fit the target size. An example will be: UINT32 a,b; // a and b can be any unsigned int type with rank less than UINT64, like // UINT8, UINT16, etc. UINT64 c; c = (UINT64) (a + b); Some static code checkers may warn that the expression result might overflow within the rank of "int" (integer promotions) and the result is then cast to a bigger size. The commit refines codes by the following rules: 1). When the expression is possible to overflow the range of unsigned int/ int: c = (UINT64)a + b; 2). When the expression will not overflow within the rank of "int", remove the explicit type casts: c = a + b; 3). When the expression will be cast to pointer of possible greater size: UINT32 a,b; VOID *c; c = (VOID *)(UINTN)(a + b); --> c = (VOID *)((UINTN)a + b); 4). When one side of a comparison expression contains only operands with rank less than UINT32: UINT8 a; UINT16 b; UINTN c; if ((UINTN)(a + b) > c) {...} --> if (((UINT32)a + b) > c) {...} For rule 4), if we remove the 'UINTN' type cast like: if (a + b > c) {...} The VS compiler will complain with warning C4018 (signed/unsigned mismatch, level 3 warning) due to promoting 'a + b' to type 'int'. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
* MdeModulePkg: Refine casting expression result to bigger sizeHao Wu2017-03-0634-118/+110
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are cases that the operands of an expression are all with rank less than UINT64/INT64 and the result of the expression is explicitly cast to UINT64/INT64 to fit the target size. An example will be: UINT32 a,b; // a and b can be any unsigned int type with rank less than UINT64, like // UINT8, UINT16, etc. UINT64 c; c = (UINT64) (a + b); Some static code checkers may warn that the expression result might overflow within the rank of "int" (integer promotions) and the result is then cast to a bigger size. The commit refines codes by the following rules: 1). When the expression is possible to overflow the range of unsigned int/ int: c = (UINT64)a + b; 2). When the expression will not overflow within the rank of "int", remove the explicit type casts: c = a + b; 3). When the expression will be cast to pointer of possible greater size: UINT32 a,b; VOID *c; c = (VOID *)(UINTN)(a + b); --> c = (VOID *)((UINTN)a + b); 4). When one side of a comparison expression contains only operands with rank less than UINT32: UINT8 a; UINT16 b; UINTN c; if ((UINTN)(a + b) > c) {...} --> if (((UINT32)a + b) > c) {...} For rule 4), if we remove the 'UINTN' type cast like: if (a + b > c) {...} The VS compiler will complain with warning C4018 (signed/unsigned mismatch, level 3 warning) due to promoting 'a + b' to type 'int'. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Feng Tian <feng.tian@intel.com>
* MdePkg: Refine casting expression result to bigger sizeHao Wu2017-03-065-15/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are cases that the operands of an expression are all with rank less than UINT64/INT64 and the result of the expression is explicitly cast to UINT64/INT64 to fit the target size. An example will be: UINT32 a,b; // a and b can be any unsigned int type with rank less than UINT64, like // UINT8, UINT16, etc. UINT64 c; c = (UINT64) (a + b); Some static code checkers may warn that the expression result might overflow within the rank of "int" (integer promotions) and the result is then cast to a bigger size. The commit refines codes by the following rules: 1). When the expression is possible to overflow the range of unsigned int/ int: c = (UINT64)a + b; 2). When the expression will not overflow within the rank of "int", remove the explicit type casts: c = a + b; 3). When the expression will be cast to pointer of possible greater size: UINT32 a,b; VOID *c; c = (VOID *)(UINTN)(a + b); --> c = (VOID *)((UINTN)a + b); 4). When one side of a comparison expression contains only operands with rank less than UINT32: UINT8 a; UINT16 b; UINTN c; if ((UINTN)(a + b) > c) {...} --> if (((UINT32)a + b) > c) {...} For rule 4), if we remove the 'UINTN' type cast like: if (a + b > c) {...} The VS compiler will complain with warning C4018 (signed/unsigned mismatch, level 3 warning) due to promoting 'a + b' to type 'int'. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
* ShellPkg: Refine type cast for pointer subtractionHao Wu2017-03-065-10/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For pointer subtraction, the result is of type "ptrdiff_t". According to the C11 standard (Committee Draft - April 12, 2011): "When two pointers are subtracted, both shall point to elements of the same array object, or one past the last element of the array object; the result is the difference of the subscripts of the two array elements. The size of the result is implementation-defined, and its type (a signed integer type) is ptrdiff_t defined in the <stddef.h> header. If the result is not representable in an object of that type, the behavior is undefined." In our codes, there are cases that the pointer subtraction is not performed by pointers to elements of the same array object. This might lead to potential issues, since the behavior is undefined according to C11 standard. Also, since the size of type "ptrdiff_t" is implementation-defined. Some static code checkers may warn that the pointer subtraction might underflow first and then being cast to a bigger size. For example: UINT8 *Ptr1, *Ptr2; UINTN PtrDiff; ... PtrDiff = (UINTN) (Ptr1 - Ptr2); The commit will refine the pointer subtraction expressions by casting each pointer to UINTN first and then perform the subtraction: PtrDiff = (UINTN) Ptr1 - (UINTN) Ptr2; Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
* SecurityPkg: Refine type cast for pointer subtractionHao Wu2017-03-066-32/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For pointer subtraction, the result is of type "ptrdiff_t". According to the C11 standard (Committee Draft - April 12, 2011): "When two pointers are subtracted, both shall point to elements of the same array object, or one past the last element of the array object; the result is the difference of the subscripts of the two array elements. The size of the result is implementation-defined, and its type (a signed integer type) is ptrdiff_t defined in the <stddef.h> header. If the result is not representable in an object of that type, the behavior is undefined." In our codes, there are cases that the pointer subtraction is not performed by pointers to elements of the same array object. This might lead to potential issues, since the behavior is undefined according to C11 standard. Also, since the size of type "ptrdiff_t" is implementation-defined. Some static code checkers may warn that the pointer subtraction might underflow first and then being cast to a bigger size. For example: UINT8 *Ptr1, *Ptr2; UINTN PtrDiff; ... PtrDiff = (UINTN) (Ptr1 - Ptr2); The commit will refine the pointer subtraction expressions by casting each pointer to UINTN first and then perform the subtraction: PtrDiff = (UINTN) Ptr1 - (UINTN) Ptr2; Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* NetworkPkg: Refine type cast for pointer subtractionHao Wu2017-03-061-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For pointer subtraction, the result is of type "ptrdiff_t". According to the C11 standard (Committee Draft - April 12, 2011): "When two pointers are subtracted, both shall point to elements of the same array object, or one past the last element of the array object; the result is the difference of the subscripts of the two array elements. The size of the result is implementation-defined, and its type (a signed integer type) is ptrdiff_t defined in the <stddef.h> header. If the result is not representable in an object of that type, the behavior is undefined." In our codes, there are cases that the pointer subtraction is not performed by pointers to elements of the same array object. This might lead to potential issues, since the behavior is undefined according to C11 standard. Also, since the size of type "ptrdiff_t" is implementation-defined. Some static code checkers may warn that the pointer subtraction might underflow first and then being cast to a bigger size. For example: UINT8 *Ptr1, *Ptr2; UINTN PtrDiff; ... PtrDiff = (UINTN) (Ptr1 - Ptr2); The commit will refine the pointer subtraction expressions by casting each pointer to UINTN first and then perform the subtraction: PtrDiff = (UINTN) Ptr1 - (UINTN) Ptr2; Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
* IntelFrameworkModulePkg: Refine type cast for pointer subtractionHao Wu2017-03-066-13/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For pointer subtraction, the result is of type "ptrdiff_t". According to the C11 standard (Committee Draft - April 12, 2011): "When two pointers are subtracted, both shall point to elements of the same array object, or one past the last element of the array object; the result is the difference of the subscripts of the two array elements. The size of the result is implementation-defined, and its type (a signed integer type) is ptrdiff_t defined in the <stddef.h> header. If the result is not representable in an object of that type, the behavior is undefined." In our codes, there are cases that the pointer subtraction is not performed by pointers to elements of the same array object. This might lead to potential issues, since the behavior is undefined according to C11 standard. Also, since the size of type "ptrdiff_t" is implementation-defined. Some static code checkers may warn that the pointer subtraction might underflow first and then being cast to a bigger size. For example: UINT8 *Ptr1, *Ptr2; UINTN PtrDiff; ... PtrDiff = (UINTN) (Ptr1 - Ptr2); The commit will refine the pointer subtraction expressions by casting each pointer to UINTN first and then perform the subtraction: PtrDiff = (UINTN) Ptr1 - (UINTN) Ptr2; Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jeff Fan <jeff.fan@intel.com>
* CryptoPkg: Refine type cast for pointer subtractionHao Wu2017-03-061-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For pointer subtraction, the result is of type "ptrdiff_t". According to the C11 standard (Committee Draft - April 12, 2011): "When two pointers are subtracted, both shall point to elements of the same array object, or one past the last element of the array object; the result is the difference of the subscripts of the two array elements. The size of the result is implementation-defined, and its type (a signed integer type) is ptrdiff_t defined in the <stddef.h> header. If the result is not representable in an object of that type, the behavior is undefined." In our codes, there are cases that the pointer subtraction is not performed by pointers to elements of the same array object. This might lead to potential issues, since the behavior is undefined according to C11 standard. Also, since the size of type "ptrdiff_t" is implementation-defined. Some static code checkers may warn that the pointer subtraction might underflow first and then being cast to a bigger size. For example: UINT8 *Ptr1, *Ptr2; UINTN PtrDiff; ... PtrDiff = (UINTN) (Ptr1 - Ptr2); The commit will refine the pointer subtraction expressions by casting each pointer to UINTN first and then perform the subtraction: PtrDiff = (UINTN) Ptr1 - (UINTN) Ptr2; Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com>
* MdeModulePkg: Refine type cast for pointer subtractionHao Wu2017-03-0611-24/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For pointer subtraction, the result is of type "ptrdiff_t". According to the C11 standard (Committee Draft - April 12, 2011): "When two pointers are subtracted, both shall point to elements of the same array object, or one past the last element of the array object; the result is the difference of the subscripts of the two array elements. The size of the result is implementation-defined, and its type (a signed integer type) is ptrdiff_t defined in the <stddef.h> header. If the result is not representable in an object of that type, the behavior is undefined." In our codes, there are cases that the pointer subtraction is not performed by pointers to elements of the same array object. This might lead to potential issues, since the behavior is undefined according to C11 standard. Also, since the size of type "ptrdiff_t" is implementation-defined. Some static code checkers may warn that the pointer subtraction might underflow first and then being cast to a bigger size. For example: UINT8 *Ptr1, *Ptr2; UINTN PtrDiff; ... PtrDiff = (UINTN) (Ptr1 - Ptr2); The commit will refine the pointer subtraction expressions by casting each pointer to UINTN first and then perform the subtraction: PtrDiff = (UINTN) Ptr1 - (UINTN) Ptr2; Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Feng Tian <feng.tian@intel.com>
* MdeModulePkg: Variable: Update DBT PCR[7] measureZhang, Chao B2017-03-061-2/+11
| | | | | | | | | | | | | | Measure DBT into PCR[7] when it is updated between initial measure if present and not empty. by following TCG PC Client PFP 00.49 Previous patch for PCR[7] DBT part is overrode. dc9bd6ed281fcba5358f3004632bdbda968be1e5 Cc: Star Zeng <star.zeng@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
* SecurityPkg: Tcg2Dxe: Measure DBT into PCR[7]Zhang, Chao B2017-03-061-1/+18
| | | | | | | | | | | | | | Measure DBT into PCR[7] in initial measurement phase if present and not empty by following TCG PC Client PFP 00.49. The previous patch according to 00.21 is removed 1404e3a1508473643efba89af34bd133ab082dd5 Cc: Star Zeng <star.zeng@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
* SecurityPkg: Tcg2Dxe: Measure BootOrder, Boot#### to PCR[1]Zhang, Chao B2017-03-061-2/+3
| | | | | | | | | | | | | Measure BootOrder, Boot#### to PCR[1] according to TCG PC-Client PFP Spec 00.21 Section 2.4.4.2 http://www.trustedcomputinggroup.org/wp-content/uploads/PC-ClientSpecific_Platform_Profile_for_TPM_2p0_Systems_v21.pdf Cc: Star Zeng <star.zeng@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
* NetworkPkg/Dhcp6Dxe: Handle the Nil UUID caseJiaxin Wu2017-03-063-4/+7
| | | | | | | | | | | | | Nil UUID is a special case with all zeros value. This patch is to handle this case to avoid the invalid DUID. Cc: Naveen Santhapur <naveens@amiindia.co.in> Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
* ArmPlatformPkg/PlatformIntelBdsLib: don't clobber ConSplitter handleArd Biesheuvel2017-03-031-10/+15
| | | | | | | | | | | | | | | | The InitializeConsolePipe() routine takes care to only set its output argument *Interface if it is not already set, to prevent overwriting the ConSplitter interface pointer that may have already been assigned. However, the associated OUT argument 'Handle' is clobbered by the subsequent unnecessary LocateDevicePath() invocation, which should similarly be made dependent on whether *Interface has been set already. Reported-by: "Lee, Terry Ping-Chung" <terry.lee@hpe.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
* NetworkPkg/TlsAuthConfigDxe: Use StrToGuid in BaseLibJiaxin Wu2017-03-031-147/+10
| | | | | | | | Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com>
* BaseTools/Source/C/Makefiles: Fix NmakeSubdirs.bat always return 0Hao Wu2017-03-021-3/+2
| | | | | | | | | | | | In batch script file NmakeSubdirs.bat, the value changes made to the variable 'TOOL_ERROR' within the 'setlocal...endlocal' block will not be reflected in the return value of the script. A value of 0 will always be returned. Thus, the script will not reflect the result of the 'nmake' command correctly when building BaseTool source codes. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
* MdePkg/BasePrintLib: Add deprecated flag for APIs [A|U]ValueToStringHao Wu2017-03-022-0/+24
| | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
* MdeModulePkg/PrintLib: Add deprecated flag for APIs [A|U]ValueToStringHao Wu2017-03-021-0/+12
| | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
* MdeModulePkg/PrintDxe: Handle the deprecation of [A|U]ValueToStringHao Wu2017-03-021-2/+90
| | | | | | | | | | | | | | | To handle the deprecation of PrintLib APIs UnicodeValueToString and AsciiValueToString by subsequent commits, the commit refines the logic for the implemetation of the UnicodeValueToString and AsciiValueToString services in EFI_PRINT2_PROTOCOL. When the macro DISABLE_NEW_DEPRECATED_INTERFACES is defined (indicating the deprecation of the PrintLib APIs), the above two services will ASSERT and will return zero to reflect not being supported. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
* SignedCapsulePkg: Replace [Ascii|Unicode]ValueToStringHao Wu2017-03-022-4/+16
| | | | | | | | | | It is the follow up of commits 51f0ceb..9e32e97 to replace AsciiValueToString/UnicodeValueToString with AsciiValueToStringS/UnicodeValueToStringS. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* Nt32Pkg: Replace [Ascii|Unicode]ValueToStringHao Wu2017-03-021-3/+3
| | | | | | | | | | It is the follow up of commits 51f0ceb..9e32e97 to replace AsciiValueToString/UnicodeValueToString with AsciiValueToStringS/UnicodeValueToStringS. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
* MdeModulePkg: Replace [Ascii|Unicode]ValueToStringHao Wu2017-03-0215-58/+256
| | | | | | | | | | It is the follow up of commits 51f0ceb..9e32e97 to replace AsciiValueToString/UnicodeValueToString with AsciiValueToStringS/UnicodeValueToStringS. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
* IntelFrameworkModulePkg: Replace [Ascii|Unicode]ValueToStringHao Wu2017-03-024-13/+40
| | | | | | | | | | It is the follow up of commits 51f0ceb..9e32e97 to replace AsciiValueToString/UnicodeValueToString with AsciiValueToStringS/UnicodeValueToStringS. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Jeff Fan <jeff.fan@intel.com>
* ShellPkg: Link DxeSmmPerformanceLib to make DP command genericStar Zeng2017-03-021-1/+1
| | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=412 Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Jaben Carsey <jaben.carsey@intel.com> Cc: Liming Gao <liming.gao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
* PerformancePkg: Link DxeSmmPerformanceLib to make DP command genericStar Zeng2017-03-021-19/+2
| | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=412 Also remove the unreferenced TimerLib mapping. Cc: Liming Gao <liming.gao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
* ArmVirtPkg AARCH64: enable NX memory protection for all platformsArd Biesheuvel2017-03-011-0/+7
| | | | | | | | | | | | | | | This sets the recently introduced PCD PcdDxeNxMemoryProtectionPolicy to a value that protects all memory regions except code regions against inadvertent execution. Note that this does not [yet] protect EfiLoaderData regions, due to compatibility issues with shim and GRUB. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Laszlo Ersek <lersek@redhat.com>
* ArmVirtPkg: move UefiBootManagerLib resolution to ArmVirt.dsc.incArd Biesheuvel2017-03-013-2/+1
| | | | | | | | | | | Recent changes to ShellPkg require a resolution for UefiBootManagerLib for all platforms in ArmVirtPkg. So move the resolution to the shared include ArmVirt.dsc.inc. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
* ArmVirtPkg/HighMemDxe: preserve non-exec permissions on newly added regionsArd Biesheuvel2017-03-012-2/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Using DxeServices::SetMemorySpaceAttributes to set cacheability attributes has the side effect of stripping permission attributes, given that those are bits in the same bitfield, and so setting the Attributes argument to EFI_MEMORY_WB implies not setting EFI_MEMORY_XP or EFI_MEMORY_RO attributes. In fact, the situation is even worse, given that the descriptor returned by DxeServices::GetMemorySpaceDescriptor does not reflect the permission attributes that may have been set by the preceding call to DxeServices::AddMemorySpace if PcdDxeNxMemoryProtectionPolicy has been configured to map EfiConventionalMemory with non-executable permissions. Note that this applies equally to the non-executable stack and to PE/COFF sections that may have been mapped with R-X or RW- permissions. This is due to the ambiguity in the meaning of the EFI_MEMORY_RO/EFI_MEMORY_XP attributes when used in the GCD memory map, i.e., between signifying that an underlying RAM region has the controls to be configured as read-only or non-executable, and signifying that the contents of a certain UEFI memory region allow them to be mapped with certain restricted permissions. So let's check the policy in PcdDxeNxMemoryProtectionPolicy directly, and set the EFI_MEMORY_XP attribute if appropriate for EfiConventionalMemory regions. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
* SecurityPkg: Fix potential bug in Security Boot dxe.Zhang Lubo2017-03-012-11/+11
| | | | | | | | | | | | | | | | | v2: update hash value in SecureBootConfig.vfr to keep them consistent with macro definition in SecureBootConfigImpl.h since we removed the sha-1 definition in Hash table and related macro, but the macro definition HashAlg index may be value 4 which is exceed the range of the Hash table array. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zhang Lubo <lubo.zhang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Long Qin <qin.long@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* NetworkPkg: Define the prompt and help information for new PCD.Zhang Lubo2017-03-011-0/+3
| | | | | | | | | | | Define the prompt and help information for PcdMaxIScsiAttemptNumber. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zhang Lubo <lubo.zhang@intel.com> Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
* NetworkPkg: Add check logic for some variable in iSCSI driver.Zhang Lubo2017-03-012-130/+145
| | | | | | | | | | | | | | v2: need to check the global variable mPrivate before using it in the Convert AttemptConfigData To IfrNvData by Keyword function. Add check logic for some attempt variable to enhance code in iSCSI. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zhang Lubo <lubo.zhang@intel.com> Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
* Make [-D Macros] as optional argument for GenCfgOptedk2-devel On Behalf Of rthomaiy2017-03-011-4/+5
| | | | | | | | | Cc: Maurice Ma <maurice.ma@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Richard Thomaiyar <richard.marian.thomaiyar@intel.com> Reviewed-by: Maurice Ma <maurice.ma@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* MdeModulePkg: use LShiftU64() instead of "<<" to avoid IA32 build error.Fu Siyuan2017-03-012-2/+2
| | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Feng Tian <feng.tian@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
* ShellPkg/bcfg: Add Shell Spec 2.2 modification functionalityChen A Chen2017-03-013-3/+360
| | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chen A Chen <chen.a.chen@intel.com> Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
* ShellPkg/Debug1CommandLib: Use StrToGuid/StrHexToBytes in BaseLibRuiyu Ni2017-03-014-159/+11
| | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
* UefiCpuPkg/PiSmmCpuDxeSmm: Add support for PCD ↵Leo Duran2017-03-019-125/+91
| | | | | | | | | | | | | | | | | | | PcdPteMemoryEncryptionAddressOrMask This PCD holds the address mask for page table entries when memory encryption is enabled on AMD processors supporting the Secure Encrypted Virtualization (SEV) feature. The mask is applied when page tables entriees are created or modified. CC: Jeff Fan <jeff.fan@intel.com> Cc: Feng Tian <feng.tian@intel.com> Cc: Star Zeng <star.zeng@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Brijesh Singh <brijesh.singh@amd.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Leo Duran <leo.duran@amd.com> Reviewed-by: Jeff Fan <jeff.fan@intel.com>
* MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe: Add support for PCD ↵Leo Duran2017-03-014-6/+23
| | | | | | | | | | | | | | | | | | | | | | PcdPteMemoryEncryptionAddressOrMask This PCD holds the address mask for page table entries when memory encryption is enabled on AMD processors supporting the Secure Encrypted Virtualization (SEV) feature. This module updates the under-4GB page tables configured by the S3-Resume code in UefiCpuPkg/Universal/Acpi/S3Resume2Pei. The mask is saved at module start (ScriptExecute.c), and applied when tables are expanded on-demand by page-faults above 4GB's (SetIdtEntry.c). CC: Jeff Fan <jeff.fan@intel.com> Cc: Feng Tian <feng.tian@intel.com> Cc: Star Zeng <star.zeng@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Brijesh Singh <brijesh.singh@amd.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Leo Duran <leo.duran@amd.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
* UefiCpuPkg/Universal/Acpi/S3Resume2Pei: Add support for PCD ↵Leo Duran2017-03-012-4/+15
| | | | | | | | | | | | | | | | | | | PcdPteMemoryEncryptionAddressOrMask This PCD holds the address mask for page table entries when memory encryption is enabled on AMD processors supporting the Secure Encrypted Virtualization (SEV) feature. The mask is applied when page tables are created (S3Resume.c). CC: Jeff Fan <jeff.fan@intel.com> Cc: Feng Tian <feng.tian@intel.com> Cc: Star Zeng <star.zeng@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Brijesh Singh <brijesh.singh@amd.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Leo Duran <leo.duran@amd.com> Reviewed-by: Jeff Fan <jeff.fan@intel.com>
* MdeModulePkg/Universal/CapsulePei: Add support for PCD ↵Leo Duran2017-03-014-11/+37
| | | | | | | | | | | | | | | | | | | PcdPteMemoryEncryptionAddressOrMask This PCD holds the address mask for page table entries when memory encryption is enabled on AMD processors supporting the Secure Encrypted Virtualization (SEV) feature. The mask is applied when 4GB tables are created (UefiCapsule.c), and when the tables are expanded on-demand by page-faults above 4GB's (X64Entry.c). Cc: Feng Tian <feng.tian@intel.com> Cc: Star Zeng <star.zeng@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Brijesh Singh <brijesh.singh@amd.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Leo Duran <leo.duran@amd.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
* MdeModulePkg/Core/DxeIplPeim: Add support for PCD ↵Leo Duran2017-03-014-11/+50
| | | | | | | | | | | | | | | | | | PcdPteMemoryEncryptionAddressOrMask This PCD holds the address mask for page table entries when memory encryption is enabled on AMD processors supporting the Secure Encrypted Virtualization (SEV) feature. The mask is applied when creating page tables. Cc: Feng Tian <feng.tian@intel.com> Cc: Star Zeng <star.zeng@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Brijesh Singh <brijesh.singh@amd.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Leo Duran <leo.duran@amd.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
* MdeModulePkg: Add PCD PcdPteMemoryEncryptionAddressOrMaskLeo Duran2017-03-011-0/+8
| | | | | | | | | | | | | | This PCD holds the address mask for page table entries when memory encryption is enabled on AMD processors supporting the Secure Encrypted Virtualization (SEV) feature. Cc: Feng Tian <feng.tian@intel.com> Cc: Star Zeng <star.zeng@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by: Leo Duran <leo.duran@amd.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
* BaseTools/GenVtf & VolInfo: Fix build fail for 'snprintf' not definedHao Wu2017-03-012-75/+8
| | | | | | | | | | | Function snprintf() is not supported in Visual Studio 2013 or older version. The commit replaces the use of snprintf() with sprintf() to avoid build failure for VS compilers. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
* MdeModulePkg/DxeCore: implement memory protection policyArd Biesheuvel2017-02-285-1/+409
| | | | | | | | | | | | | | | | | | | | | | | This implements a DXE memory protection policy that ensures that regions that don't require executable permissions are mapped with the non-exec attribute set. First of all, it iterates over all entries in the UEFI memory map, and removes executable permissions according to the configured DXE memory protection policy, as recorded in PcdDxeNxMemoryProtectionPolicy. Secondly, it sets or clears the non-executable attribute when allocating or freeing pages, both for page based or pool based allocations. Note that this complements the image protection facility, which applies strict permissions to BootServicesCode/RuntimeServicesCode regions when the section alignment allows it. The memory protection configured by this patch operates on non-code regions only. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
* MdeModulePkg: define PCD for DXE memory protection policyArd Biesheuvel2017-02-281-0/+32
| | | | | | | | | | | | | Define a new fixed/patchable PCD that sets the DXE memory protection policy: its primary use is to define which memory types should have their executable permissions removed. Combined with the image protection policy, this can be used to implement a strict W^X policy, i.e.. a policy where no regions exist that are both executable and writable at the same time. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* MdeModulePkg/DxeCore: use separate lock for pool allocationsArd Biesheuvel2017-02-281-10/+48
| | | | | | | | | | | | | | | | In preparation of adding memory permission attribute management to the pool allocator, split off the locking of the pool metadata into a separate lock. This is an improvement in itself, given that pool allocations can only interfere with the page allocation bookkeeping if pool pages are allocated or released. But it is also required to ensure that the permission attribute management does not deadlock, given that it may trigger page table splits leading to additional page tables being allocated. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
* MdeModulePkg/EbcDxe: use EfiBootServicesCode memory for thunksArd Biesheuvel2017-02-286-4/+41
| | | | | | | | | | | | | | | | | | | | The EBC driver emits thunks for native to EBC calls, which are short instructions sequences that bridge the gap between the native execution environment and the EBC virtual machine. Since these thunks are allocated using MemoryAllocationLib::AllocatePool(), they are emitted into EfiBootServicesData regions, which does not reflect the nature of these thunks accurately, and interferes with strict memory protection policies that map data regions non-executable. So instead, create a new helper EbcAllocatePoolForThunk() that invokes the AllocatePool() boot service directly to allocate EfiBootServicesCode pool memory explicitly, and wire up this helper for the various architecture specific thunk generation routines. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* MdeModulePkg/PeiCore: allocate BootServicesCode memory for PE/COFF imagesArd Biesheuvel2017-02-281-9/+14
| | | | | | | | | | | Ensure that any memory allocated for PE/COFF images is identifiable as a boot services code region, so that we know it requires its executable permissions to be preserved when we tighten mapping permissions later on. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
* ArmPkg/CpuDxe: ignore attribute changes during SyncCacheConfig()Ard Biesheuvel2017-02-283-0/+8
| | | | | | | | | | | | | | | To prevent the initial MMU->GCD memory space map synchronization from stripping permissions attributes [which we cannot use in the GCD memory space map, unfortunately], implement the same approach as x86, and ignore SetMemoryAttributes() calls during the time SyncCacheConfig() is in progress. This is a horrible hack, but is currently the only way we can implement strict permissions on arbitrary memory regions [as opposed to PE/COFF text/data sections only] Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
* MdeModulePkg: Fix coding style issuesDandan Bi2017-02-283-2/+16
| | | | | | | | | | | | | 1. Make function comments align with the function. 2. Change the FILE_GUID value in SmmSmiHandlerProfileLib.inf since it is duplicated with the FILE_GUID value in SmiHandlerProfileLibNull.inf 3. Add missing PCD PROMPT&HELP string to uni file. Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi <dandan.bi@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* MdeModulePkg/BMMUiLib: Replace same logic with API in UefiBootManagerLibDandan Bi2017-02-282-228/+11
| | | | | | | | | | | | | | | | Use the API EfiBootManagerDeleteLoadOptionVariable in UefiBootManagerLib to replace the same logic in function Var_DelBootOption/Var_DelDriverOption. This can make code clean and prevent potential bugs. https://bugzilla.tianocore.org/show_bug.cgi?id=391 Cc: Eric Dong <eric.dong@intel.com> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Star Zeng <star.zeng@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi <dandan.bi@intel.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com>