Revision: 14321
http://edk2.svn.sourceforge.net/edk2/?rev=14321&view=rev
Author: vanjeff
Date: 2013-04-28 02:28:40 +0000 (Sun, 28 Apr 2013)
Log Message:
-----------
Sync patches r14312, r14314 and r14318 from main trunk.
1. Mallicious code may use SmmFaultTolerantWriteHandler() to update some flash
area directly, like Variable region, so return EFI_ACCESS_DENIED after End Of
Dxe in SmmFaultTolerantWriteHandler().
And add code to prevent InfoSize overflow.
2. Fix ping command issue in IP4 driver.
3. Fix the bug which incorrectly programs the 64bit base address register in
the PCI to PCI bridge.
Revision Links:
--------------
http://edk2.svn.sourceforge.net/edk2/?rev=14312&view=rev
http://edk2.svn.sourceforge.net/edk2/?rev=14314&view=rev
http://edk2.svn.sourceforge.net/edk2/?rev=14318&view=rev
Modified Paths:
--------------
branches/UDK2010.SR1/MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AhciMode.c
branches/UDK2010.SR1/MdeModulePkg/Bus/Pci/PciBusDxe/PciResourceSupport.c
branches/UDK2010.SR1/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c
branches/UDK2010.SR1/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf
branches/UDK2010.SR1/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmmDxe.inf
branches/UDK2010.SR1/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Driver.c
branches/UDK2010.SR1/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4If.c
Modified: branches/UDK2010.SR1/MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AhciMode.c
===================================================================
--- branches/UDK2010.SR1/MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AhciMode.c
2013-04-28 02:23:45 UTC (rev 14320)
+++ branches/UDK2010.SR1/MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AhciMode.c
2013-04-28 02:28:40 UTC (rev 14321)
@@ -548,7 +548,6 @@
CommandList->AhciCmdA = 1;
CommandList->AhciCmdP = 1;
- CommandList->AhciCmdC = (DataLength == 0) ? 1 : 0;
AhciOrReg (PciIo, Offset, (EFI_AHCI_PORT_CMD_DLAE |
EFI_AHCI_PORT_CMD_ATAPI));
} else {
Modified:
branches/UDK2010.SR1/MdeModulePkg/Bus/Pci/PciBusDxe/PciResourceSupport.c
===================================================================
--- branches/UDK2010.SR1/MdeModulePkg/Bus/Pci/PciBusDxe/PciResourceSupport.c
2013-04-28 02:23:45 UTC (rev 14320)
+++ branches/UDK2010.SR1/MdeModulePkg/Bus/Pci/PciBusDxe/PciResourceSupport.c
2013-04-28 02:28:40 UTC (rev 14321)
@@ -1,7 +1,7 @@
/** @file
PCI resouces support functions implemntation for PCI Bus module.
-Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -1472,7 +1472,14 @@
case PPB_BAR_0:
case PPB_BAR_1:
- PciIo->Pci.Write (
+ switch ((Node->PciDev->PciBar[Node->Bar]).BarType) {
+
+ case PciBarTypeIo16:
+ case PciBarTypeIo32:
+ case PciBarTypeMem32:
+ case PciBarTypePMem32:
+
+ PciIo->Pci.Write (
PciIo,
EfiPciIoWidthUint32,
(Node->PciDev->PciBar[Node->Bar]).Offset,
@@ -1480,9 +1487,40 @@
&Address
);
- Node->PciDev->PciBar[Node->Bar].BaseAddress = Address;
- Node->PciDev->PciBar[Node->Bar].Length = Node->Length;
+ Node->PciDev->PciBar[Node->Bar].BaseAddress = Address;
+ Node->PciDev->PciBar[Node->Bar].Length = Node->Length;
+ break;
+ case PciBarTypeMem64:
+ case PciBarTypePMem64:
+
+ Address32 = (UINT32) (Address & 0x00000000FFFFFFFF);
+
+ PciIo->Pci.Write (
+ PciIo,
+ EfiPciIoWidthUint32,
+ (Node->PciDev->PciBar[Node->Bar]).Offset,
+ 1,
+ &Address32
+ );
+
+ Address32 = (UINT32) RShiftU64 (Address, 32);
+
+ PciIo->Pci.Write (
+ PciIo,
+ EfiPciIoWidthUint32,
+ (UINT8) ((Node->PciDev->PciBar[Node->Bar]).Offset + 4),
+ 1,
+ &Address32
+ );
+
+ Node->PciDev->PciBar[Node->Bar].BaseAddress = Address;
+ Node->PciDev->PciBar[Node->Bar].Length = Node->Length;
+ break;
+
+ default:
+ break;
+ }
break;
case PPB_IO_RANGE:
Modified:
branches/UDK2010.SR1/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c
===================================================================
---
branches/UDK2010.SR1/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c
2013-04-28 02:23:45 UTC (rev 14320)
+++
branches/UDK2010.SR1/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c
2013-04-28 02:28:40 UTC (rev 14321)
@@ -43,7 +43,7 @@
Caution: This module requires additional review when modified.
This driver need to make sure the CommBuffer is not in the SMRAM range.
-Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -60,12 +60,17 @@
#include "FaultTolerantWrite.h"
#include "FaultTolerantWriteSmmCommon.h"
#include <Protocol/SmmAccess2.h>
+#include <Protocol/SmmEndOfDxe.h>
EFI_EVENT mFvbRegistration = NULL;
EFI_FTW_DEVICE *mFtwDevice = NULL;
EFI_SMRAM_DESCRIPTOR *mSmramRanges;
UINTN mSmramRangeCount;
+///
+/// The flag to indicate whether the platform has left the DXE phase of
execution.
+///
+BOOLEAN mEndOfDxe = FALSE;
/**
This function check if the address is in SMRAM.
@@ -357,6 +362,16 @@
}
SmmFtwFunctionHeader = (SMM_FTW_COMMUNICATE_FUNCTION_HEADER *)CommBuffer;
+
+ if (mEndOfDxe) {
+ //
+ // It will be not safe to expose the operations after End Of Dxe.
+ //
+ DEBUG ((EFI_D_ERROR, "SmmFtwHandler: Not safe to do the operation: %x
after End Of Dxe, so access denied!\n", SmmFtwFunctionHeader->Function));
+ SmmFtwFunctionHeader->ReturnStatus = EFI_ACCESS_DENIED;
+ return EFI_SUCCESS;
+ }
+
switch (SmmFtwFunctionHeader->Function) {
case FTW_FUNCTION_GET_MAX_BLOCK_SIZE:
SmmGetMaxBlockSizeHeader = (SMM_FTW_GET_MAX_BLOCK_SIZE_HEADER *)
SmmFtwFunctionHeader->Data;
@@ -430,6 +445,13 @@
case FTW_FUNCTION_GET_LAST_WRITE:
SmmFtwGetLastWriteHeader = (SMM_FTW_GET_LAST_WRITE_HEADER *)
SmmFtwFunctionHeader->Data;
+ if ((UINTN)(~0) - SmmFtwGetLastWriteHeader->PrivateDataSize < OFFSET_OF
(SMM_FTW_GET_LAST_WRITE_HEADER, Data)){
+ //
+ // Prevent InfoSize overflow
+ //
+ Status = EFI_ACCESS_DENIED;
+ break;
+ }
InfoSize = OFFSET_OF (SMM_FTW_GET_LAST_WRITE_HEADER, Data) +
SmmFtwGetLastWriteHeader->PrivateDataSize;
//
@@ -532,7 +554,28 @@
return EFI_SUCCESS;
}
+/**
+ SMM END_OF_DXE protocol notification event handler.
+
+ @param Protocol Points to the protocol's unique identifier
+ @param Interface Points to the interface instance
+ @param Handle The handle on which the interface was installed
+ @retval EFI_SUCCESS SmmEndOfDxeCallback runs successfully
+
+**/
+EFI_STATUS
+EFIAPI
+SmmEndOfDxeCallback (
+ IN CONST EFI_GUID *Protocol,
+ IN VOID *Interface,
+ IN EFI_HANDLE Handle
+ )
+{
+ mEndOfDxe = TRUE;
+ return EFI_SUCCESS;
+}
+
/**
This function is the entry point of the Fault Tolerant Write driver.
@@ -555,7 +598,8 @@
EFI_HANDLE FtwHandle;
EFI_SMM_ACCESS2_PROTOCOL *SmmAccess;
UINTN Size;
-
+ VOID *SmmEndOfDxeRegistration;
+
//
// Allocate private data structure for SMM FTW protocol and do some
initialization
//
@@ -587,6 +631,16 @@
mSmramRangeCount = Size / sizeof (EFI_SMRAM_DESCRIPTOR);
//
+ // Register EFI_SMM_END_OF_DXE_PROTOCOL_GUID notify function.
+ //
+ Status = gSmst->SmmRegisterProtocolNotify (
+ &gEfiSmmEndOfDxeProtocolGuid,
+ SmmEndOfDxeCallback,
+ &SmmEndOfDxeRegistration
+ );
+ ASSERT_EFI_ERROR (Status);
+
+ //
// Register FvbNotificationEvent () notify function.
//
Status = gSmst->SmmRegisterProtocolNotify (
Modified:
branches/UDK2010.SR1/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf
===================================================================
---
branches/UDK2010.SR1/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf
2013-04-28 02:23:45 UTC (rev 14320)
+++
branches/UDK2010.SR1/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf
2013-04-28 02:28:40 UTC (rev 14321)
@@ -4,7 +4,7 @@
# depends on the full functionality SMM FVB protocol that support read,
write/erase
# flash access.
#
-# Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD
License
@@ -58,6 +58,7 @@
gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES
gEfiSmmFaultTolerantWriteProtocolGuid ## PRODUCES
gEfiSmmAccess2ProtocolGuid ## CONSUMES
+ gEfiSmmEndOfDxeProtocolGuid ## CONSUMES
[FeaturePcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdFullFtwServiceEnable
Modified:
branches/UDK2010.SR1/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmmDxe.inf
===================================================================
---
branches/UDK2010.SR1/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmmDxe.inf
2013-04-28 02:23:45 UTC (rev 14320)
+++
branches/UDK2010.SR1/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmmDxe.inf
2013-04-28 02:28:40 UTC (rev 14321)
@@ -1,8 +1,11 @@
## @file
-# This module is the Runtime DXE part corresponding to SMM Fault Tolerant
Write (FTW) module.
+# This module is the DXE part corresponding to SMM Fault Tolerant Write (FTW)
module.
# It installs FTW protocol and works with SMM FTW module together.
+# The FTW protocol will not work after End Of Dxe because it will be not safe
to expose
+# the related operations in SMM handler in SMM FTW module. You can use the FTW
protocol
+# before End Of Dxe or use FaultTolerantWriteDxe module instead if you really
want to.
#
-# Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD
License
Modified: branches/UDK2010.SR1/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Driver.c
===================================================================
--- branches/UDK2010.SR1/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Driver.c
2013-04-28 02:23:45 UTC (rev 14320)
+++ branches/UDK2010.SR1/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Driver.c
2013-04-28 02:28:40 UTC (rev 14321)
@@ -1,7 +1,7 @@
/** @file
The driver binding and service binding protocol for IP4 driver.
-Copyright (c) 2005 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2005 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -572,6 +572,8 @@
INTN State;
LIST_ENTRY *List;
IP4_DESTROY_CHILD_IN_HANDLE_BUF_CONTEXT Context;
+ IP4_INTERFACE *IpIf;
+ IP4_ROUTE_TABLE *RouteTable;
//
// IP4 driver opens the MNP child, ARP children or the IP4_CONFIG protocol
@@ -681,6 +683,35 @@
&Context,
NULL
);
+ } else if (IpSb->DefaultInterface->ArpHandle == ControllerHandle) {
+ //
+ // The ARP protocol for the default interface is being uninstalled and all
+ // its IP child handles should have been destroyed before. So, release the
+ // default interface and route table, create a new one and mark it as not
started.
+ //
+ Ip4CancelReceive (IpSb->DefaultInterface);
+ Ip4FreeInterface (IpSb->DefaultInterface, NULL);
+ Ip4FreeRouteTable (IpSb->DefaultRouteTable);
+
+ IpIf = Ip4CreateInterface (IpSb->Mnp, IpSb->Controller, IpSb->Image);
+ if (IpIf == NULL) {
+ goto ON_ERROR;
+ }
+ RouteTable = Ip4CreateRouteTable ();
+ if (RouteTable == NULL) {
+ Ip4FreeInterface (IpIf, NULL);
+ goto ON_ERROR;;
+ }
+
+ IpSb->DefaultInterface = IpIf;
+ InsertHeadList (&IpSb->Interfaces, &IpIf->Link);
+ IpSb->DefaultRouteTable = RouteTable;
+ Ip4ReceiveFrame (IpIf, NULL, Ip4AccpetFrame, IpSb);
+
+ if (IpSb->Ip4Config != NULL && IpSb->State != IP4_SERVICE_DESTROY) {
+ IpSb->Ip4Config->Stop (IpSb->Ip4Config);
+ }
+ IpSb->State = IP4_SERVICE_UNSTARTED;
} else if (IsListEmpty (&IpSb->Children)) {
State = IpSb->State;
IpSb->State = IP4_SERVICE_DESTROY;
Modified: branches/UDK2010.SR1/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4If.c
===================================================================
--- branches/UDK2010.SR1/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4If.c
2013-04-28 02:23:45 UTC (rev 14320)
+++ branches/UDK2010.SR1/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4If.c
2013-04-28 02:28:40 UTC (rev 14321)
@@ -740,11 +740,24 @@
//
Ip4CancelFrames (Interface, EFI_ABORTED, Ip4CancelInstanceFrame, IpInstance);
+ if (--Interface->RefCnt > 0) {
+ return EFI_SUCCESS;
+ }
+
//
- // Destroy the ARP instance if this is the last IP instance that
- // has the address.
+ // Destroy the interface if this is the last IP instance that
+ // has the address. Remove all the system transmitted packets
+ // from this interface, cancel the receive request if there is
+ // one, and destroy the ARP requests.
//
- if (Interface->Arp != NULL && IsListEmpty (&Interface->IpInstances)) {
+ Ip4CancelFrames (Interface, EFI_ABORTED, Ip4CancelInstanceFrame, NULL);
+ Ip4CancelReceive (Interface);
+
+ ASSERT (IsListEmpty (&Interface->IpInstances));
+ ASSERT (IsListEmpty (&Interface->ArpQues));
+ ASSERT (IsListEmpty (&Interface->SentFrames));
+
+ if (Interface->Arp != NULL) {
gBS->CloseProtocol (
Interface->ArpHandle,
&gEfiArpProtocolGuid,
@@ -758,25 +771,8 @@
&gEfiArpServiceBindingProtocolGuid,
Interface->ArpHandle
);
- Interface->Arp = NULL;
}
-
- if (--Interface->RefCnt > 0) {
- return EFI_SUCCESS;
- }
- //
- // Destroy the interface if it is not referenced by any IP instance (for
common Interface)
- // or the IP service (for the DefaultInterface). Remove all the system
transmitted packets
- // from this interface, cancel the receive request if there is one.
- //
- Ip4CancelFrames (Interface, EFI_ABORTED, Ip4CancelInstanceFrame, NULL);
- Ip4CancelReceive (Interface);
-
- ASSERT (IsListEmpty (&Interface->IpInstances));
- ASSERT (IsListEmpty (&Interface->ArpQues));
- ASSERT (IsListEmpty (&Interface->SentFrames));
-
RemoveEntryList (&Interface->Link);
FreePool (Interface);
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
