[edk2-devel] [PATCH v1 06/11] ShellPkg: acpiview: SRAT: Add error-checking in the parsing logic
Krzysztof Koch
krzysztof.koch at arm.com
Fri Jul 12 06:52:38 UTC 2019
1. Check if the global pointers (in the scope of this ACPI table parser)
have been successfully updated before they are later used to control
the parsing logic.
2. Give forward progress guarantee when parsing the SRAT table. Report
an error if a SRAT structure is too small to be valid. Without this
check, there is a possibility for the parser to enter an ifninite loop.
3. Test against buffer overruns.
4. Remove redundant forward function declarations by repositioning
blocks of code.
5. Allow silencing ACPI table content validation errors which do not
cause table parsing to fail.
Signed-off-by: Krzysztof Koch <krzysztof.koch at arm.com>
---
Changes can be seen at: https://github.com/KrzysztofKoch1/edk2/commit/d46d682d28654b1c6263be2f4fd961c35e80e5cb
Notes:
v1:
- improve the logic in the SRAT parser [Krzysztof]
ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Srat/SratParser.c | 113 +++++++++++---------
1 file changed, 63 insertions(+), 50 deletions(-)
diff --git a/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Srat/SratParser.c b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Srat/SratParser.c
index 075ff2a141a82b522e8aaedb7ad79249aaf5eaac..a12aceb70d273a628387b72437819dc05ad7301e 100644
--- a/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Srat/SratParser.c
+++ b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Srat/SratParser.c
@@ -1,7 +1,7 @@
/** @file
SRAT table parser
- Copyright (c) 2016 - 2018, ARM Limited. All rights reserved.
+ Copyright (c) 2016 - 2019, ARM Limited. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent
@par Reference(s):
@@ -13,6 +13,7 @@
#include <Library/UefiLib.h>
#include "AcpiParser.h"
#include "AcpiTableParser.h"
+#include "AcpiView.h"
// Local Variables
STATIC CONST UINT8* SratRAType;
@@ -32,7 +33,13 @@ EFIAPI
ValidateSratReserved (
IN UINT8* Ptr,
IN VOID* Context
- );
+ )
+{
+ if (*(UINT32*)Ptr != 1) {
+ IncrementErrorCount ();
+ Print (L"\nERROR: Reserved should be 1 for backward compatibility.\n");
+ }
+}
/**
This function traces the APIC Proximity Domain field.
@@ -44,9 +51,16 @@ STATIC
VOID
EFIAPI
DumpSratApicProximity (
- IN CONST CHAR16* Format,
- IN UINT8* Ptr
- );
+ IN CONST CHAR16* Format,
+ IN UINT8* Ptr
+ )
+{
+ UINT32 ProximityDomain;
+
+ ProximityDomain = Ptr[0] | (Ptr[1] << 8) | (Ptr[2] << 16);
+
+ Print (Format, ProximityDomain);
+}
/**
An ACPI_PARSER array describing the SRAT Table.
@@ -139,47 +153,6 @@ STATIC CONST ACPI_PARSER SratX2ApciAffinityParser[] = {
{L"Reserved", 4, 20, L"0x%x", NULL, NULL, NULL, NULL}
};
-/** This function validates the Reserved field in the SRAT table header.
-
- @param [in] Ptr Pointer to the start of the field data.
- @param [in] Context Pointer to context specific information e.g. this
- could be a pointer to the ACPI table header.
-**/
-STATIC
-VOID
-EFIAPI
-ValidateSratReserved (
- IN UINT8* Ptr,
- IN VOID* Context
- )
-{
- if (*(UINT32*)Ptr != 1) {
- IncrementErrorCount ();
- Print (L"\nERROR: Reserved should be 1 for backward compatibility.\n");
- }
-}
-
-/**
- This function traces the APIC Proximity Domain field.
-
- @param [in] Format Format string for tracing the data.
- @param [in] Ptr Pointer to the start of the buffer.
-**/
-STATIC
-VOID
-EFIAPI
-DumpSratApicProximity (
- IN CONST CHAR16* Format,
- IN UINT8* Ptr
- )
-{
- UINT32 ProximityDomain;
-
- ProximityDomain = Ptr[0] | (Ptr[1] << 8) | (Ptr[2] << 16);
-
- Print (Format, ProximityDomain);
-}
-
/**
This function parses the ACPI SRAT table.
When trace is enabled this function parses the SRAT table and
@@ -234,6 +207,7 @@ ParseAcpiSrat (
AcpiTableLength,
PARSER_PARAMS (SratParser)
);
+
ResourcePtr = Ptr + Offset;
while (Offset < AcpiTableLength) {
@@ -242,10 +216,47 @@ ParseAcpiSrat (
0,
NULL,
ResourcePtr,
- 2, // The length is 1 byte at offset 1
+ AcpiTableLength - Offset,
PARSER_PARAMS (SratResourceAllocationParser)
);
+ // Check if the values used to control the parsing logic have been
+ // successfully read.
+ if ((SratRAType == NULL) ||
+ (SratRALength == NULL)) {
+ IncrementErrorCount ();
+ Print (
+ L"ERROR: Insufficient remaining table buffer length to read the " \
+ L"Static Resource Allocation structure header. Length = %d.\n",
+ AcpiTableLength - Offset
+ );
+ return;
+ }
+
+ // Make sure forward progress is made.
+ if (*SratRALength < 2) {
+ IncrementErrorCount ();
+ Print (
+ L"ERROR: Structure length is too small: SratRALength = %d. " \
+ L"SratRAType = %d. SRAT parsing aborted.\n",
+ *SratRALength,
+ *SratRAType
+ );
+ return;
+ }
+
+ // Make sure the SRAT structure lies inside the table
+ if ((Offset + *SratRALength) > AcpiTableLength) {
+ IncrementErrorCount ();
+ Print (
+ L"ERROR: Invalid SRAT structure length. SratRALength = %d. " \
+ L"RemainingTableBufferLength = %d. SRAT parsing aborted.\n",
+ *SratRALength,
+ AcpiTableLength - Offset
+ );
+ return;
+ }
+
switch (*SratRAType) {
case EFI_ACPI_6_2_GICC_AFFINITY:
AsciiSPrint (
@@ -278,7 +289,7 @@ ParseAcpiSrat (
ResourcePtr,
*SratRALength,
PARSER_PARAMS (SratGicITSAffinityParser)
- );
+ );
break;
case EFI_ACPI_6_2_MEMORY_AFFINITY:
@@ -333,8 +344,10 @@ ParseAcpiSrat (
break;
default:
- IncrementErrorCount ();
- Print (L"ERROR: Unknown SRAT Affinity type = 0x%x\n", *SratRAType);
+ if (GetConsistencyChecking ()) {
+ IncrementErrorCount ();
+ Print (L"ERROR: Unknown SRAT Affinity type = 0x%x\n", *SratRAType);
+ }
break;
}
--
'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#43646): https://edk2.groups.io/g/devel/message/43646
Mute This Topic: https://groups.io/mt/32439509/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list