Validate all possible memory dereferences during stack traces in IA32
and X64 CPU exceptions.
Contributed-under: TianoCore Contribution Agreement 1.1
Cc: Eric Dong <eric.dong@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Requested-by: Brian Johnson <brian.johnson@hpe.com>
Requested-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Paulo Alcantara <paulo@paulo.ac>
---
UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c | 143 +++++++++++++++++++-
UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c | 75 +++++++++-
2 files changed, 210 insertions(+), 8 deletions(-)
diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
index 25e02fbbc1..9b52d4f6d2 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
@@ -398,6 +398,96 @@ DumpCpuContext (
);
}
+/**
+ Check if a logical address is valid.
+
+ @param[in] SystemContext Pointer to EFI_SYSTEM_CONTEXT.
+ @param[in] SegmentSelector Segment selector.
+ @param[in] Offset Offset or logical address.
+**/
+STATIC
+BOOLEAN
+IsLogicalAddressValid (
+ IN EFI_SYSTEM_CONTEXT SystemContext,
+ IN UINT16 SegmentSelector,
+ IN UINTN Offset
+ )
+{
+ IA32_SEGMENT_DESCRIPTOR *SegmentDescriptor;
+ UINT32 SegDescBase;
+ UINT32 SegDescLimit;
+ UINTN SegDescLimitInBytes;
+
+ //
+ // Check for valid input parameters
+ //
+ if (SegmentSelector == 0 || Offset == 0) {
+ return FALSE;
+ }
+
+ //
+ // Check whether to look for a segment descriptor in GDT or LDT table
+ //
+ if ((SegmentSelector & BIT2) == 0) {
+ //
+ // Get segment descriptor from GDT table
+ //
+ SegmentDescriptor =
+ (IA32_SEGMENT_DESCRIPTOR *)(
+ (UINTN)SystemContext.SystemContextIa32->Gdtr[0] +
+ ((SegmentSelector >> 3) * 8)
+ );
+ } else {
+ //
+ // Get segment descriptor from LDT table
+ //
+ SegmentDescriptor =
+ (IA32_SEGMENT_DESCRIPTOR *)(
+ (UINTN)SystemContext.SystemContextIa32->Ldtr +
+ ((SegmentSelector >> 3) * 8)
+ );
+ }
+
+ //
+ // Get segment descriptor's base address
+ //
+ SegDescBase = SegmentDescriptor->Bits.BaseLow |
+ (SegmentDescriptor->Bits.BaseMid << 16) |
+ (SegmentDescriptor->Bits.BaseHigh << 24);
+
+ //
+ // Get segment descriptor's limit
+ //
+ SegDescLimit = SegmentDescriptor->Bits.LimitLow |
+ (SegmentDescriptor->Bits.LimitHigh << 16);
+
+ //
+ // Calculate segment descriptor's limit in bytes
+ //
+ if (SegmentDescriptor->Bits.G == 1) {
+ SegDescLimitInBytes = (UINTN)SegDescLimit * SIZE_4KB;
+ } else {
+ SegDescLimitInBytes = SegDescLimit;
+ }
+
+ //
+ // Make sure to not access beyond a segment limit boundary
+ //
+ if (Offset + SegDescBase > SegDescLimitInBytes) {
+ return FALSE;
+ }
+
+ //
+ // Check if the translated logical address (or linear address) is valid
+ //
+ return IsLinearAddressValid (
+ SystemContext.SystemContextIa32->Cr0,
+ SystemContext.SystemContextIa32->Cr3,
+ SystemContext.SystemContextIa32->Cr4,
+ Offset + SegDescBase
+ );
+}
+
/**
Dump stack trace.
@@ -459,6 +549,20 @@ DumpStackTrace (
InternalPrintMessage ("\nCall trace:\n");
for (;;) {
+ //
+ // Check for valid frame pointer
+ //
+ if (!IsLogicalAddressValid (SystemContext,
+ SystemContext.SystemContextIa32->Ss,
+ (UINTN)Ebp + 4) ||
+ !IsLogicalAddressValid (SystemContext,
+ SystemContext.SystemContextIa32->Ss,
+ (UINTN)Ebp)) {
+ InternalPrintMessage ("%a: attempted to dereference an invalid frame "
+ "pointer at 0x%08x\n", __FUNCTION__, Ebp);
+ break;
+ }
+
//
// Print stack frame in the following format:
//
@@ -588,6 +692,16 @@ DumpImageModuleNames (
// Walk through call stack and find next module names
//
for (;;) {
+ if (!IsLogicalAddressValid (SystemContext,
+ SystemContext.SystemContextIa32->Ss,
+ (UINTN)Ebp) ||
+ !IsLogicalAddressValid (SystemContext,
+ SystemContext.SystemContextIa32->Ss,
+ (UINTN)Ebp + 4)) {
+ InternalPrintMessage ("%a: attempted to dereference an invalid frame "
+ "pointer at 0x%08x\n", __FUNCTION__, Ebp);
+ }
+
//
// Set EIP with return address from current stack frame
//
@@ -651,16 +765,23 @@ DumpImageModuleNames (
/**
Dump stack contents.
- @param[in] CurrentEsp Current stack pointer address.
+ @param[in] SystemContext Pointer to EFI_SYSTEM_CONTEXT.
@param[in] UnwoundStacksCount Count of unwound stack frames.
**/
STATIC
VOID
DumpStackContents (
- IN UINT32 CurrentEsp,
- IN INTN UnwoundStacksCount
+ IN EFI_SYSTEM_CONTEXT SystemContext,
+ IN INTN UnwoundStacksCount
)
{
+ UINT32 CurrentEsp;
+
+ //
+ // Get current stack pointer
+ //
+ CurrentEsp = SystemContext.SystemContextIa32->Esp;
+
//
// Check for proper stack alignment
//
@@ -674,6 +795,20 @@ DumpStackContents (
//
InternalPrintMessage ("\nStack dump:\n");
while (UnwoundStacksCount-- > 0) {
+ //
+ // Check for a valid stack pointer address
+ //
+ if (!IsLogicalAddressValid (SystemContext,
+ SystemContext.SystemContextIa32->Ss,
+ (UINTN)CurrentEsp) ||
+ !IsLogicalAddressValid (SystemContext,
+ SystemContext.SystemContextIa32->Ss,
+ (UINTN)CurrentEsp + 4)) {
+ InternalPrintMessage ("%a: attempted to dereference an invalid stack "
+ "pointer at 0x%08x\n", __FUNCTION__, CurrentEsp);
+ break;
+ }
+
InternalPrintMessage (
"0x%08x: %08x %08x\n",
CurrentEsp,
@@ -720,5 +855,5 @@ DumpImageAndCpuContent (
//
// Dump stack contents
//
- DumpStackContents (SystemContext.SystemContextIa32->Esp, UnwoundStacksCount);
+ DumpStackContents (SystemContext, UnwoundStacksCount);
}
diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c
index d3a3878b3d..8067c34122 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c
@@ -401,16 +401,26 @@ DumpCpuContext (
/**
Dump stack contents.
- @param[in] CurrentRsp Current stack pointer address.
+ @param[in] SystemContext Pointer to EFI_SYSTEM_CONTEXT.
@param[in] UnwoundStacksCount Count of unwound stack frames.
**/
STATIC
VOID
DumpStackContents (
- IN UINT64 CurrentRsp,
- IN INTN UnwoundStacksCount
+ IN EFI_SYSTEM_CONTEXT SystemContext,
+ IN INTN UnwoundStacksCount
)
{
+ UINT64 CurrentRsp;
+ UINTN Cr0;
+ UINTN Cr3;
+ UINTN Cr4;
+
+ //
+ // Get current stack pointer
+ //
+ CurrentRsp = SystemContext.SystemContextX64->Rsp;
+
//
// Check for proper stack pointer alignment
//
@@ -419,11 +429,28 @@ DumpStackContents (
return;
}
+ //
+ // Get system control registers
+ //
+ Cr0 = SystemContext.SystemContextX64->Cr0;
+ Cr3 = SystemContext.SystemContextX64->Cr3;
+ Cr4 = SystemContext.SystemContextX64->Cr4;
+
//
// Dump out stack contents
//
InternalPrintMessage ("\nStack dump:\n");
while (UnwoundStacksCount-- > 0) {
+ //
+ // Check for a valid stack pointer address
+ //
+ if (!IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)CurrentRsp) ||
+ !IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)CurrentRsp + 8)) {
+ InternalPrintMessage ("%a: attempted to dereference an invalid stack "
+ "pointer at 0x%016lx\n", __FUNCTION__, CurrentRsp);
+ break;
+ }
+
InternalPrintMessage (
"0x%016lx: %016lx %016lx\n",
CurrentRsp,
@@ -457,6 +484,9 @@ DumpImageModuleNames (
CHAR8 *PdbFileName;
UINT64 Rbp;
UINTN LastImageBase;
+ UINTN Cr0;
+ UINTN Cr3;
+ UINTN Cr4;
//
// Set current RIP address
@@ -516,10 +546,27 @@ DumpImageModuleNames (
InternalPrintMessage ("%a\n", PdbAbsoluteFilePath);
}
+ //
+ // Get system control registers
+ //
+ Cr0 = SystemContext.SystemContextX64->Cr0;
+ Cr3 = SystemContext.SystemContextX64->Cr3;
+ Cr4 = SystemContext.SystemContextX64->Cr4;
+
//
// Walk through call stack and find next module names
//
for (;;) {
+ //
+ // Check for a valid frame pointer
+ //
+ if (!IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)Rbp + 8) ||
+ !IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)Rbp)) {
+ InternalPrintMessage ("%a: attempted to dereference an invalid frame "
+ "pointer at 0x%016lx\n", __FUNCTION__, Rbp);
+ break;
+ }
+
//
// Set RIP with return address from current stack frame
//
@@ -604,6 +651,9 @@ DumpStackTrace (
UINT64 Rbp;
UINTN ImageBase;
CHAR8 *PdbFileName;
+ UINTN Cr0;
+ UINTN Cr3;
+ UINTN Cr4;
//
// Set current RIP address
@@ -634,12 +684,29 @@ DumpStackTrace (
//
*UnwoundStacksCount = 1;
+ //
+ // Get system control registers
+ //
+ Cr0 = SystemContext.SystemContextX64->Cr0;
+ Cr3 = SystemContext.SystemContextX64->Cr3;
+ Cr4 = SystemContext.SystemContextX64->Cr4;
+
//
// Print out back trace
//
InternalPrintMessage ("\nCall trace:\n");
for (;;) {
+ //
+ // Check for valid frame pointer
+ //
+ if (!IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)Rbp + 8) ||
+ !IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)Rbp)) {
+ InternalPrintMessage ("%a: attempted to dereference an invalid frame "
+ "pointer at 0x%016lx\n", __FUNCTION__, Rbp);
+ break;
+ }
+
//
// Print stack frame in the following format:
//
@@ -727,5 +794,5 @@ DumpImageAndCpuContent (
//
// Dump stack contents
//
- DumpStackContents (SystemContext.SystemContextX64->Rsp, UnwoundStacksCount);
+ DumpStackContents (SystemContext, UnwoundStacksCount);
}
--
2.14.3
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Some suggestion:
1) Would you please use meaning definition for BIT2?
if ((SegmentSelector & BIT2) == 0) {
2) Can we just use (SegmentSelector & ~0x7) for below?
((SegmentSelector >> 3) * 8)
3) Below calculation seems wrong. Should it be: SegDescLimitInBytes = (UINTN)SegDescLimit * SIZE_4KB + (SIZE_4KB - 1) ?
if (SegmentDescriptor->Bits.G == 1) {
SegDescLimitInBytes = (UINTN)SegDescLimit * SIZE_4KB;
Thank you
Yao Jiewen
> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Paulo
> Alcantara
> Sent: Friday, December 29, 2017 12:40 PM
> To: edk2-devel@lists.01.org
> Cc: Laszlo Ersek <lersek@redhat.com>; Dong, Eric <eric.dong@intel.com>
> Subject: [edk2] [RFC v4 5/6] UefiCpuPkg/CpuExceptionHandlerLib: Ensure valid
> frame/stack pointers
>
> Validate all possible memory dereferences during stack traces in IA32
> and X64 CPU exceptions.
>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Requested-by: Brian Johnson <brian.johnson@hpe.com>
> Requested-by: Jiewen Yao <jiewen.yao@intel.com>
> Signed-off-by: Paulo Alcantara <paulo@paulo.ac>
> ---
> UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c |
> 143 +++++++++++++++++++-
> UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c |
> 75 +++++++++-
> 2 files changed, 210 insertions(+), 8 deletions(-)
>
> diff --git
> a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
> b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
> index 25e02fbbc1..9b52d4f6d2 100644
> --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
> +++
> b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
> @@ -398,6 +398,96 @@ DumpCpuContext (
> );
> }
>
> +/**
> + Check if a logical address is valid.
> +
> + @param[in] SystemContext Pointer to EFI_SYSTEM_CONTEXT.
> + @param[in] SegmentSelector Segment selector.
> + @param[in] Offset Offset or logical address.
> +**/
> +STATIC
> +BOOLEAN
> +IsLogicalAddressValid (
> + IN EFI_SYSTEM_CONTEXT SystemContext,
> + IN UINT16 SegmentSelector,
> + IN UINTN Offset
> + )
> +{
> + IA32_SEGMENT_DESCRIPTOR *SegmentDescriptor;
> + UINT32 SegDescBase;
> + UINT32 SegDescLimit;
> + UINTN SegDescLimitInBytes;
> +
> + //
> + // Check for valid input parameters
> + //
> + if (SegmentSelector == 0 || Offset == 0) {
> + return FALSE;
> + }
> +
> + //
> + // Check whether to look for a segment descriptor in GDT or LDT table
> + //
> + if ((SegmentSelector & BIT2) == 0) {
> + //
> + // Get segment descriptor from GDT table
> + //
> + SegmentDescriptor =
> + (IA32_SEGMENT_DESCRIPTOR *)(
> + (UINTN)SystemContext.SystemContextIa32->Gdtr[0] +
> + ((SegmentSelector >> 3) * 8)
> + );
> + } else {
> + //
> + // Get segment descriptor from LDT table
> + //
> + SegmentDescriptor =
> + (IA32_SEGMENT_DESCRIPTOR *)(
> + (UINTN)SystemContext.SystemContextIa32->Ldtr +
> + ((SegmentSelector >> 3) * 8)
> + );
> + }
> +
> + //
> + // Get segment descriptor's base address
> + //
> + SegDescBase = SegmentDescriptor->Bits.BaseLow |
> + (SegmentDescriptor->Bits.BaseMid << 16) |
> + (SegmentDescriptor->Bits.BaseHigh << 24);
> +
> + //
> + // Get segment descriptor's limit
> + //
> + SegDescLimit = SegmentDescriptor->Bits.LimitLow |
> + (SegmentDescriptor->Bits.LimitHigh << 16);
> +
> + //
> + // Calculate segment descriptor's limit in bytes
> + //
> + if (SegmentDescriptor->Bits.G == 1) {
> + SegDescLimitInBytes = (UINTN)SegDescLimit * SIZE_4KB;
> + } else {
> + SegDescLimitInBytes = SegDescLimit;
> + }
> +
> + //
> + // Make sure to not access beyond a segment limit boundary
> + //
> + if (Offset + SegDescBase > SegDescLimitInBytes) {
> + return FALSE;
> + }
> +
> + //
> + // Check if the translated logical address (or linear address) is valid
> + //
> + return IsLinearAddressValid (
> + SystemContext.SystemContextIa32->Cr0,
> + SystemContext.SystemContextIa32->Cr3,
> + SystemContext.SystemContextIa32->Cr4,
> + Offset + SegDescBase
> + );
> +}
> +
> /**
> Dump stack trace.
>
> @@ -459,6 +549,20 @@ DumpStackTrace (
> InternalPrintMessage ("\nCall trace:\n");
>
> for (;;) {
> + //
> + // Check for valid frame pointer
> + //
> + if (!IsLogicalAddressValid (SystemContext,
> + SystemContext.SystemContextIa32->Ss,
> + (UINTN)Ebp + 4) ||
> + !IsLogicalAddressValid (SystemContext,
> + SystemContext.SystemContextIa32->Ss,
> + (UINTN)Ebp)) {
> + InternalPrintMessage ("%a: attempted to dereference an invalid frame "
> + "pointer at 0x%08x\n", __FUNCTION__, Ebp);
> + break;
> + }
> +
> //
> // Print stack frame in the following format:
> //
> @@ -588,6 +692,16 @@ DumpImageModuleNames (
> // Walk through call stack and find next module names
> //
> for (;;) {
> + if (!IsLogicalAddressValid (SystemContext,
> + SystemContext.SystemContextIa32->Ss,
> + (UINTN)Ebp) ||
> + !IsLogicalAddressValid (SystemContext,
> + SystemContext.SystemContextIa32->Ss,
> + (UINTN)Ebp + 4)) {
> + InternalPrintMessage ("%a: attempted to dereference an invalid frame "
> + "pointer at 0x%08x\n", __FUNCTION__, Ebp);
> + }
> +
> //
> // Set EIP with return address from current stack frame
> //
> @@ -651,16 +765,23 @@ DumpImageModuleNames (
> /**
> Dump stack contents.
>
> - @param[in] CurrentEsp Current stack pointer address.
> + @param[in] SystemContext Pointer to EFI_SYSTEM_CONTEXT.
> @param[in] UnwoundStacksCount Count of unwound stack frames.
> **/
> STATIC
> VOID
> DumpStackContents (
> - IN UINT32 CurrentEsp,
> - IN INTN UnwoundStacksCount
> + IN EFI_SYSTEM_CONTEXT SystemContext,
> + IN INTN UnwoundStacksCount
> )
> {
> + UINT32 CurrentEsp;
> +
> + //
> + // Get current stack pointer
> + //
> + CurrentEsp = SystemContext.SystemContextIa32->Esp;
> +
> //
> // Check for proper stack alignment
> //
> @@ -674,6 +795,20 @@ DumpStackContents (
> //
> InternalPrintMessage ("\nStack dump:\n");
> while (UnwoundStacksCount-- > 0) {
> + //
> + // Check for a valid stack pointer address
> + //
> + if (!IsLogicalAddressValid (SystemContext,
> + SystemContext.SystemContextIa32->Ss,
> + (UINTN)CurrentEsp) ||
> + !IsLogicalAddressValid (SystemContext,
> + SystemContext.SystemContextIa32->Ss,
> + (UINTN)CurrentEsp + 4)) {
> + InternalPrintMessage ("%a: attempted to dereference an invalid stack "
> + "pointer at 0x%08x\n", __FUNCTION__,
> CurrentEsp);
> + break;
> + }
> +
> InternalPrintMessage (
> "0x%08x: %08x %08x\n",
> CurrentEsp,
> @@ -720,5 +855,5 @@ DumpImageAndCpuContent (
> //
> // Dump stack contents
> //
> - DumpStackContents (SystemContext.SystemContextIa32->Esp,
> UnwoundStacksCount);
> + DumpStackContents (SystemContext, UnwoundStacksCount);
> }
> diff --git
> a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c
> b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c
> index d3a3878b3d..8067c34122 100644
> --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c
> +++
> b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c
> @@ -401,16 +401,26 @@ DumpCpuContext (
> /**
> Dump stack contents.
>
> - @param[in] CurrentRsp Current stack pointer address.
> + @param[in] SystemContext Pointer to EFI_SYSTEM_CONTEXT.
> @param[in] UnwoundStacksCount Count of unwound stack frames.
> **/
> STATIC
> VOID
> DumpStackContents (
> - IN UINT64 CurrentRsp,
> - IN INTN UnwoundStacksCount
> + IN EFI_SYSTEM_CONTEXT SystemContext,
> + IN INTN UnwoundStacksCount
> )
> {
> + UINT64 CurrentRsp;
> + UINTN Cr0;
> + UINTN Cr3;
> + UINTN Cr4;
> +
> + //
> + // Get current stack pointer
> + //
> + CurrentRsp = SystemContext.SystemContextX64->Rsp;
> +
> //
> // Check for proper stack pointer alignment
> //
> @@ -419,11 +429,28 @@ DumpStackContents (
> return;
> }
>
> + //
> + // Get system control registers
> + //
> + Cr0 = SystemContext.SystemContextX64->Cr0;
> + Cr3 = SystemContext.SystemContextX64->Cr3;
> + Cr4 = SystemContext.SystemContextX64->Cr4;
> +
> //
> // Dump out stack contents
> //
> InternalPrintMessage ("\nStack dump:\n");
> while (UnwoundStacksCount-- > 0) {
> + //
> + // Check for a valid stack pointer address
> + //
> + if (!IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)CurrentRsp) ||
> + !IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)CurrentRsp + 8)) {
> + InternalPrintMessage ("%a: attempted to dereference an invalid stack "
> + "pointer at 0x%016lx\n", __FUNCTION__,
> CurrentRsp);
> + break;
> + }
> +
> InternalPrintMessage (
> "0x%016lx: %016lx %016lx\n",
> CurrentRsp,
> @@ -457,6 +484,9 @@ DumpImageModuleNames (
> CHAR8 *PdbFileName;
> UINT64 Rbp;
> UINTN LastImageBase;
> + UINTN Cr0;
> + UINTN Cr3;
> + UINTN Cr4;
>
> //
> // Set current RIP address
> @@ -516,10 +546,27 @@ DumpImageModuleNames (
> InternalPrintMessage ("%a\n", PdbAbsoluteFilePath);
> }
>
> + //
> + // Get system control registers
> + //
> + Cr0 = SystemContext.SystemContextX64->Cr0;
> + Cr3 = SystemContext.SystemContextX64->Cr3;
> + Cr4 = SystemContext.SystemContextX64->Cr4;
> +
> //
> // Walk through call stack and find next module names
> //
> for (;;) {
> + //
> + // Check for a valid frame pointer
> + //
> + if (!IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)Rbp + 8) ||
> + !IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)Rbp)) {
> + InternalPrintMessage ("%a: attempted to dereference an invalid frame "
> + "pointer at 0x%016lx\n", __FUNCTION__,
> Rbp);
> + break;
> + }
> +
> //
> // Set RIP with return address from current stack frame
> //
> @@ -604,6 +651,9 @@ DumpStackTrace (
> UINT64 Rbp;
> UINTN ImageBase;
> CHAR8 *PdbFileName;
> + UINTN Cr0;
> + UINTN Cr3;
> + UINTN Cr4;
>
> //
> // Set current RIP address
> @@ -634,12 +684,29 @@ DumpStackTrace (
> //
> *UnwoundStacksCount = 1;
>
> + //
> + // Get system control registers
> + //
> + Cr0 = SystemContext.SystemContextX64->Cr0;
> + Cr3 = SystemContext.SystemContextX64->Cr3;
> + Cr4 = SystemContext.SystemContextX64->Cr4;
> +
> //
> // Print out back trace
> //
> InternalPrintMessage ("\nCall trace:\n");
>
> for (;;) {
> + //
> + // Check for valid frame pointer
> + //
> + if (!IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)Rbp + 8) ||
> + !IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)Rbp)) {
> + InternalPrintMessage ("%a: attempted to dereference an invalid frame "
> + "pointer at 0x%016lx\n", __FUNCTION__,
> Rbp);
> + break;
> + }
> +
> //
> // Print stack frame in the following format:
> //
> @@ -727,5 +794,5 @@ DumpImageAndCpuContent (
> //
> // Dump stack contents
> //
> - DumpStackContents (SystemContext.SystemContextX64->Rsp,
> UnwoundStacksCount);
> + DumpStackContents (SystemContext, UnwoundStacksCount);
> }
> --
> 2.14.3
>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Paulo,
+ if (!IsLogicalAddressValid (SystemContext,
+ SystemContext.SystemContextIa32->Ss,
+ (UINTN)Ebp) ||
+ !IsLogicalAddressValid (SystemContext,
+ SystemContext.SystemContextIa32->Ss,
+ (UINTN)Ebp + 4)) {
I don’t understand why you check both ebp and ebp+4, I think it’s enough to only check EBP (saved stack pointer address)
Jeff
发件人: Paulo Alcantara<mailto:paulo@paulo.ac>
发送时间: 2017年12月29日 12:41
收件人: edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
抄送: Laszlo Ersek<mailto:lersek@redhat.com>; Eric Dong<mailto:eric.dong@intel.com>
主题: [edk2] [RFC v4 5/6] UefiCpuPkg/CpuExceptionHandlerLib: Ensure valid frame/stack pointers
Validate all possible memory dereferences during stack traces in IA32
and X64 CPU exceptions.
Contributed-under: TianoCore Contribution Agreement 1.1
Cc: Eric Dong <eric.dong@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Requested-by: Brian Johnson <brian.johnson@hpe.com>
Requested-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Paulo Alcantara <paulo@paulo.ac>
---
UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c | 143 +++++++++++++++++++-
UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c | 75 +++++++++-
2 files changed, 210 insertions(+), 8 deletions(-)
diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
index 25e02fbbc1..9b52d4f6d2 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
@@ -398,6 +398,96 @@ DumpCpuContext (
);
}
+/**
+ Check if a logical address is valid.
+
+ @param[in] SystemContext Pointer to EFI_SYSTEM_CONTEXT.
+ @param[in] SegmentSelector Segment selector.
+ @param[in] Offset Offset or logical address.
+**/
+STATIC
+BOOLEAN
+IsLogicalAddressValid (
+ IN EFI_SYSTEM_CONTEXT SystemContext,
+ IN UINT16 SegmentSelector,
+ IN UINTN Offset
+ )
+{
+ IA32_SEGMENT_DESCRIPTOR *SegmentDescriptor;
+ UINT32 SegDescBase;
+ UINT32 SegDescLimit;
+ UINTN SegDescLimitInBytes;
+
+ //
+ // Check for valid input parameters
+ //
+ if (SegmentSelector == 0 || Offset == 0) {
+ return FALSE;
+ }
+
+ //
+ // Check whether to look for a segment descriptor in GDT or LDT table
+ //
+ if ((SegmentSelector & BIT2) == 0) {
+ //
+ // Get segment descriptor from GDT table
+ //
+ SegmentDescriptor =
+ (IA32_SEGMENT_DESCRIPTOR *)(
+ (UINTN)SystemContext.SystemContextIa32->Gdtr[0] +
+ ((SegmentSelector >> 3) * 8)
+ );
+ } else {
+ //
+ // Get segment descriptor from LDT table
+ //
+ SegmentDescriptor =
+ (IA32_SEGMENT_DESCRIPTOR *)(
+ (UINTN)SystemContext.SystemContextIa32->Ldtr +
+ ((SegmentSelector >> 3) * 8)
+ );
+ }
+
+ //
+ // Get segment descriptor's base address
+ //
+ SegDescBase = SegmentDescriptor->Bits.BaseLow |
+ (SegmentDescriptor->Bits.BaseMid << 16) |
+ (SegmentDescriptor->Bits.BaseHigh << 24);
+
+ //
+ // Get segment descriptor's limit
+ //
+ SegDescLimit = SegmentDescriptor->Bits.LimitLow |
+ (SegmentDescriptor->Bits.LimitHigh << 16);
+
+ //
+ // Calculate segment descriptor's limit in bytes
+ //
+ if (SegmentDescriptor->Bits.G == 1) {
+ SegDescLimitInBytes = (UINTN)SegDescLimit * SIZE_4KB;
+ } else {
+ SegDescLimitInBytes = SegDescLimit;
+ }
+
+ //
+ // Make sure to not access beyond a segment limit boundary
+ //
+ if (Offset + SegDescBase > SegDescLimitInBytes) {
+ return FALSE;
+ }
+
+ //
+ // Check if the translated logical address (or linear address) is valid
+ //
+ return IsLinearAddressValid (
+ SystemContext.SystemContextIa32->Cr0,
+ SystemContext.SystemContextIa32->Cr3,
+ SystemContext.SystemContextIa32->Cr4,
+ Offset + SegDescBase
+ );
+}
+
/**
Dump stack trace.
@@ -459,6 +549,20 @@ DumpStackTrace (
InternalPrintMessage ("\nCall trace:\n");
for (;;) {
+ //
+ // Check for valid frame pointer
+ //
+ if (!IsLogicalAddressValid (SystemContext,
+ SystemContext.SystemContextIa32->Ss,
+ (UINTN)Ebp + 4) ||
+ !IsLogicalAddressValid (SystemContext,
+ SystemContext.SystemContextIa32->Ss,
+ (UINTN)Ebp)) {
+ InternalPrintMessage ("%a: attempted to dereference an invalid frame "
+ "pointer at 0x%08x\n", __FUNCTION__, Ebp);
+ break;
+ }
+
//
// Print stack frame in the following format:
//
@@ -588,6 +692,16 @@ DumpImageModuleNames (
// Walk through call stack and find next module names
//
for (;;) {
+ if (!IsLogicalAddressValid (SystemContext,
+ SystemContext.SystemContextIa32->Ss,
+ (UINTN)Ebp) ||
+ !IsLogicalAddressValid (SystemContext,
+ SystemContext.SystemContextIa32->Ss,
+ (UINTN)Ebp + 4)) {
+ InternalPrintMessage ("%a: attempted to dereference an invalid frame "
+ "pointer at 0x%08x\n", __FUNCTION__, Ebp);
+ }
+
//
// Set EIP with return address from current stack frame
//
@@ -651,16 +765,23 @@ DumpImageModuleNames (
/**
Dump stack contents.
- @param[in] CurrentEsp Current stack pointer address.
+ @param[in] SystemContext Pointer to EFI_SYSTEM_CONTEXT.
@param[in] UnwoundStacksCount Count of unwound stack frames.
**/
STATIC
VOID
DumpStackContents (
- IN UINT32 CurrentEsp,
- IN INTN UnwoundStacksCount
+ IN EFI_SYSTEM_CONTEXT SystemContext,
+ IN INTN UnwoundStacksCount
)
{
+ UINT32 CurrentEsp;
+
+ //
+ // Get current stack pointer
+ //
+ CurrentEsp = SystemContext.SystemContextIa32->Esp;
+
//
// Check for proper stack alignment
//
@@ -674,6 +795,20 @@ DumpStackContents (
//
InternalPrintMessage ("\nStack dump:\n");
while (UnwoundStacksCount-- > 0) {
+ //
+ // Check for a valid stack pointer address
+ //
+ if (!IsLogicalAddressValid (SystemContext,
+ SystemContext.SystemContextIa32->Ss,
+ (UINTN)CurrentEsp) ||
+ !IsLogicalAddressValid (SystemContext,
+ SystemContext.SystemContextIa32->Ss,
+ (UINTN)CurrentEsp + 4)) {
+ InternalPrintMessage ("%a: attempted to dereference an invalid stack "
+ "pointer at 0x%08x\n", __FUNCTION__, CurrentEsp);
+ break;
+ }
+
InternalPrintMessage (
"0x%08x: %08x %08x\n",
CurrentEsp,
@@ -720,5 +855,5 @@ DumpImageAndCpuContent (
//
// Dump stack contents
//
- DumpStackContents (SystemContext.SystemContextIa32->Esp, UnwoundStacksCount);
+ DumpStackContents (SystemContext, UnwoundStacksCount);
}
diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c
index d3a3878b3d..8067c34122 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c
@@ -401,16 +401,26 @@ DumpCpuContext (
/**
Dump stack contents.
- @param[in] CurrentRsp Current stack pointer address.
+ @param[in] SystemContext Pointer to EFI_SYSTEM_CONTEXT.
@param[in] UnwoundStacksCount Count of unwound stack frames.
**/
STATIC
VOID
DumpStackContents (
- IN UINT64 CurrentRsp,
- IN INTN UnwoundStacksCount
+ IN EFI_SYSTEM_CONTEXT SystemContext,
+ IN INTN UnwoundStacksCount
)
{
+ UINT64 CurrentRsp;
+ UINTN Cr0;
+ UINTN Cr3;
+ UINTN Cr4;
+
+ //
+ // Get current stack pointer
+ //
+ CurrentRsp = SystemContext.SystemContextX64->Rsp;
+
//
// Check for proper stack pointer alignment
//
@@ -419,11 +429,28 @@ DumpStackContents (
return;
}
+ //
+ // Get system control registers
+ //
+ Cr0 = SystemContext.SystemContextX64->Cr0;
+ Cr3 = SystemContext.SystemContextX64->Cr3;
+ Cr4 = SystemContext.SystemContextX64->Cr4;
+
//
// Dump out stack contents
//
InternalPrintMessage ("\nStack dump:\n");
while (UnwoundStacksCount-- > 0) {
+ //
+ // Check for a valid stack pointer address
+ //
+ if (!IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)CurrentRsp) ||
+ !IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)CurrentRsp + 8)) {
+ InternalPrintMessage ("%a: attempted to dereference an invalid stack "
+ "pointer at 0x%016lx\n", __FUNCTION__, CurrentRsp);
+ break;
+ }
+
InternalPrintMessage (
"0x%016lx: %016lx %016lx\n",
CurrentRsp,
@@ -457,6 +484,9 @@ DumpImageModuleNames (
CHAR8 *PdbFileName;
UINT64 Rbp;
UINTN LastImageBase;
+ UINTN Cr0;
+ UINTN Cr3;
+ UINTN Cr4;
//
// Set current RIP address
@@ -516,10 +546,27 @@ DumpImageModuleNames (
InternalPrintMessage ("%a\n", PdbAbsoluteFilePath);
}
+ //
+ // Get system control registers
+ //
+ Cr0 = SystemContext.SystemContextX64->Cr0;
+ Cr3 = SystemContext.SystemContextX64->Cr3;
+ Cr4 = SystemContext.SystemContextX64->Cr4;
+
//
// Walk through call stack and find next module names
//
for (;;) {
+ //
+ // Check for a valid frame pointer
+ //
+ if (!IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)Rbp + 8) ||
+ !IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)Rbp)) {
+ InternalPrintMessage ("%a: attempted to dereference an invalid frame "
+ "pointer at 0x%016lx\n", __FUNCTION__, Rbp);
+ break;
+ }
+
//
// Set RIP with return address from current stack frame
//
@@ -604,6 +651,9 @@ DumpStackTrace (
UINT64 Rbp;
UINTN ImageBase;
CHAR8 *PdbFileName;
+ UINTN Cr0;
+ UINTN Cr3;
+ UINTN Cr4;
//
// Set current RIP address
@@ -634,12 +684,29 @@ DumpStackTrace (
//
*UnwoundStacksCount = 1;
+ //
+ // Get system control registers
+ //
+ Cr0 = SystemContext.SystemContextX64->Cr0;
+ Cr3 = SystemContext.SystemContextX64->Cr3;
+ Cr4 = SystemContext.SystemContextX64->Cr4;
+
//
// Print out back trace
//
InternalPrintMessage ("\nCall trace:\n");
for (;;) {
+ //
+ // Check for valid frame pointer
+ //
+ if (!IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)Rbp + 8) ||
+ !IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)Rbp)) {
+ InternalPrintMessage ("%a: attempted to dereference an invalid frame "
+ "pointer at 0x%016lx\n", __FUNCTION__, Rbp);
+ break;
+ }
+
//
// Print stack frame in the following format:
//
@@ -727,5 +794,5 @@ DumpImageAndCpuContent (
//
// Dump stack contents
//
- DumpStackContents (SystemContext.SystemContextX64->Rsp, UnwoundStacksCount);
+ DumpStackContents (SystemContext, UnwoundStacksCount);
}
--
2.14.3
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
On 1/3/2018 6:45 AM, Fan Jeff wrote:
> Paulo,
>
> + if (!IsLogicalAddressValid (SystemContext,
> + SystemContext.SystemContextIa32->Ss,
> + (UINTN)Ebp) ||
> + !IsLogicalAddressValid (SystemContext,
> + SystemContext.SystemContextIa32->Ss,
> + (UINTN)Ebp + 4)) {
>
> I don’t understand why you check both ebp and ebp+4, I think it’s enough
> to only check EBP (saved stack pointer address)
Isn't it possible that EBP + 4 might potentially point to another page
frame? If not, then I will drop it out in v5.
Thanks
Paulo
>
> Jeff
>
> *发件人: *Paulo Alcantara <mailto:paulo@paulo.ac>
> *发送时间: *2017年12月29日12:41
> *收件人: *edk2-devel@lists.01.org <mailto:edk2-devel@lists.01.org>
> *抄送: *Laszlo Ersek <mailto:lersek@redhat.com>; Eric Dong
> <mailto:eric.dong@intel.com>
> *主题: *[edk2] [RFC v4 5/6] UefiCpuPkg/CpuExceptionHandlerLib: Ensure
> valid frame/stack pointers
>
> Validate all possible memory dereferences during stack traces in IA32
> and X64 CPU exceptions.
>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Requested-by: Brian Johnson <brian.johnson@hpe.com>
> Requested-by: Jiewen Yao <jiewen.yao@intel.com>
> Signed-off-by: Paulo Alcantara <paulo@paulo.ac>
> ---
> UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
> | 143 +++++++++++++++++++-
> UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c
> | 75 +++++++++-
> 2 files changed, 210 insertions(+), 8 deletions(-)
>
> diff --git
> a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
> b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
> index 25e02fbbc1..9b52d4f6d2 100644
> --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
> +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
> @@ -398,6 +398,96 @@ DumpCpuContext (
> );
> }
>
> +/**
> + Check if a logical address is valid.
> +
> + @param[in] SystemContext Pointer to EFI_SYSTEM_CONTEXT.
> + @param[in] SegmentSelector Segment selector.
> + @param[in] Offset Offset or logical address.
> +**/
> +STATIC
> +BOOLEAN
> +IsLogicalAddressValid (
> + IN EFI_SYSTEM_CONTEXT SystemContext,
> + IN UINT16 SegmentSelector,
> + IN UINTN Offset
> + )
> +{
> + IA32_SEGMENT_DESCRIPTOR *SegmentDescriptor;
> + UINT32 SegDescBase;
> + UINT32 SegDescLimit;
> + UINTN SegDescLimitInBytes;
> +
> + //
> + // Check for valid input parameters
> + //
> + if (SegmentSelector == 0 || Offset == 0) {
> + return FALSE;
> + }
> +
> + //
> + // Check whether to look for a segment descriptor in GDT or LDT table
> + //
> + if ((SegmentSelector & BIT2) == 0) {
> + //
> + // Get segment descriptor from GDT table
> + //
> + SegmentDescriptor =
> + (IA32_SEGMENT_DESCRIPTOR *)(
> + (UINTN)SystemContext.SystemContextIa32->Gdtr[0] +
> + ((SegmentSelector >> 3) * 8)
> + );
> + } else {
> + //
> + // Get segment descriptor from LDT table
> + //
> + SegmentDescriptor =
> + (IA32_SEGMENT_DESCRIPTOR *)(
> + (UINTN)SystemContext.SystemContextIa32->Ldtr +
> + ((SegmentSelector >> 3) * 8)
> + );
> + }
> +
> + //
> + // Get segment descriptor's base address
> + //
> + SegDescBase = SegmentDescriptor->Bits.BaseLow |
> + (SegmentDescriptor->Bits.BaseMid << 16) |
> + (SegmentDescriptor->Bits.BaseHigh << 24);
> +
> + //
> + // Get segment descriptor's limit
> + //
> + SegDescLimit = SegmentDescriptor->Bits.LimitLow |
> + (SegmentDescriptor->Bits.LimitHigh << 16);
> +
> + //
> + // Calculate segment descriptor's limit in bytes
> + //
> + if (SegmentDescriptor->Bits.G == 1) {
> + SegDescLimitInBytes = (UINTN)SegDescLimit * SIZE_4KB;
> + } else {
> + SegDescLimitInBytes = SegDescLimit;
> + }
> +
> + //
> + // Make sure to not access beyond a segment limit boundary
> + //
> + if (Offset + SegDescBase > SegDescLimitInBytes) {
> + return FALSE;
> + }
> +
> + //
> + // Check if the translated logical address (or linear address) is valid
> + //
> + return IsLinearAddressValid (
> + SystemContext.SystemContextIa32->Cr0,
> + SystemContext.SystemContextIa32->Cr3,
> + SystemContext.SystemContextIa32->Cr4,
> + Offset + SegDescBase
> + );
> +}
> +
> /**
> Dump stack trace.
>
> @@ -459,6 +549,20 @@ DumpStackTrace (
> InternalPrintMessage ("\nCall trace:\n");
>
> for (;;) {
> + //
> + // Check for valid frame pointer
> + //
> + if (!IsLogicalAddressValid (SystemContext,
> + SystemContext.SystemContextIa32->Ss,
> + (UINTN)Ebp + 4) ||
> + !IsLogicalAddressValid (SystemContext,
> + SystemContext.SystemContextIa32->Ss,
> + (UINTN)Ebp)) {
> + InternalPrintMessage ("%a: attempted to dereference an invalid
> frame "
> + "pointer at 0x%08x\n", __FUNCTION__, Ebp);
> + break;
> + }
> +
> //
> // Print stack frame in the following format:
> //
> @@ -588,6 +692,16 @@ DumpImageModuleNames (
> // Walk through call stack and find next module names
> //
> for (;;) {
> + if (!IsLogicalAddressValid (SystemContext,
> + SystemContext.SystemContextIa32->Ss,
> + (UINTN)Ebp) ||
> + !IsLogicalAddressValid (SystemContext,
> + SystemContext.SystemContextIa32->Ss,
> + (UINTN)Ebp + 4)) {
> + InternalPrintMessage ("%a: attempted to dereference an invalid
> frame "
> + "pointer at 0x%08x\n", __FUNCTION__, Ebp);
> + }
> +
> //
> // Set EIP with return address from current stack frame
> //
> @@ -651,16 +765,23 @@ DumpImageModuleNames (
> /**
> Dump stack contents.
>
> - @param[in] CurrentEsp Current stack pointer address.
> + @param[in] SystemContext Pointer to EFI_SYSTEM_CONTEXT.
> @param[in] UnwoundStacksCount Count of unwound stack frames.
> **/
> STATIC
> VOID
> DumpStackContents (
> - IN UINT32 CurrentEsp,
> - IN INTN UnwoundStacksCount
> + IN EFI_SYSTEM_CONTEXT SystemContext,
> + IN INTN UnwoundStacksCount
> )
> {
> + UINT32 CurrentEsp;
> +
> + //
> + // Get current stack pointer
> + //
> + CurrentEsp = SystemContext.SystemContextIa32->Esp;
> +
> //
> // Check for proper stack alignment
> //
> @@ -674,6 +795,20 @@ DumpStackContents (
> //
> InternalPrintMessage ("\nStack dump:\n");
> while (UnwoundStacksCount-- > 0) {
> + //
> + // Check for a valid stack pointer address
> + //
> + if (!IsLogicalAddressValid (SystemContext,
> + SystemContext.SystemContextIa32->Ss,
> + (UINTN)CurrentEsp) ||
> + !IsLogicalAddressValid (SystemContext,
> + SystemContext.SystemContextIa32->Ss,
> + (UINTN)CurrentEsp + 4)) {
> + InternalPrintMessage ("%a: attempted to dereference an invalid
> stack "
> + "pointer at 0x%08x\n", __FUNCTION__,
> CurrentEsp);
> + break;
> + }
> +
> InternalPrintMessage (
> "0x%08x: %08x %08x\n",
> CurrentEsp,
> @@ -720,5 +855,5 @@ DumpImageAndCpuContent (
> //
> // Dump stack contents
> //
> - DumpStackContents (SystemContext.SystemContextIa32->Esp,
> UnwoundStacksCount);
> + DumpStackContents (SystemContext, UnwoundStacksCount);
> }
> diff --git
> a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c
> b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c
> index d3a3878b3d..8067c34122 100644
> --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c
> +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c
> @@ -401,16 +401,26 @@ DumpCpuContext (
> /**
> Dump stack contents.
>
> - @param[in] CurrentRsp Current stack pointer address.
> + @param[in] SystemContext Pointer to EFI_SYSTEM_CONTEXT.
> @param[in] UnwoundStacksCount Count of unwound stack frames.
> **/
> STATIC
> VOID
> DumpStackContents (
> - IN UINT64 CurrentRsp,
> - IN INTN UnwoundStacksCount
> + IN EFI_SYSTEM_CONTEXT SystemContext,
> + IN INTN UnwoundStacksCount
> )
> {
> + UINT64 CurrentRsp;
> + UINTN Cr0;
> + UINTN Cr3;
> + UINTN Cr4;
> +
> + //
> + // Get current stack pointer
> + //
> + CurrentRsp = SystemContext.SystemContextX64->Rsp;
> +
> //
> // Check for proper stack pointer alignment
> //
> @@ -419,11 +429,28 @@ DumpStackContents (
> return;
> }
>
> + //
> + // Get system control registers
> + //
> + Cr0 = SystemContext.SystemContextX64->Cr0;
> + Cr3 = SystemContext.SystemContextX64->Cr3;
> + Cr4 = SystemContext.SystemContextX64->Cr4;
> +
> //
> // Dump out stack contents
> //
> InternalPrintMessage ("\nStack dump:\n");
> while (UnwoundStacksCount-- > 0) {
> + //
> + // Check for a valid stack pointer address
> + //
> + if (!IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)CurrentRsp) ||
> + !IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)CurrentRsp + 8)) {
> + InternalPrintMessage ("%a: attempted to dereference an invalid
> stack "
> + "pointer at 0x%016lx\n", __FUNCTION__,
> CurrentRsp);
> + break;
> + }
> +
> InternalPrintMessage (
> "0x%016lx: %016lx %016lx\n",
> CurrentRsp,
> @@ -457,6 +484,9 @@ DumpImageModuleNames (
> CHAR8 *PdbFileName;
> UINT64 Rbp;
> UINTN LastImageBase;
> + UINTN Cr0;
> + UINTN Cr3;
> + UINTN Cr4;
>
> //
> // Set current RIP address
> @@ -516,10 +546,27 @@ DumpImageModuleNames (
> InternalPrintMessage ("%a\n", PdbAbsoluteFilePath);
> }
>
> + //
> + // Get system control registers
> + //
> + Cr0 = SystemContext.SystemContextX64->Cr0;
> + Cr3 = SystemContext.SystemContextX64->Cr3;
> + Cr4 = SystemContext.SystemContextX64->Cr4;
> +
> //
> // Walk through call stack and find next module names
> //
> for (;;) {
> + //
> + // Check for a valid frame pointer
> + //
> + if (!IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)Rbp + 8) ||
> + !IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)Rbp)) {
> + InternalPrintMessage ("%a: attempted to dereference an invalid
> frame "
> + "pointer at 0x%016lx\n", __FUNCTION__, Rbp);
> + break;
> + }
> +
> //
> // Set RIP with return address from current stack frame
> //
> @@ -604,6 +651,9 @@ DumpStackTrace (
> UINT64 Rbp;
> UINTN ImageBase;
> CHAR8 *PdbFileName;
> + UINTN Cr0;
> + UINTN Cr3;
> + UINTN Cr4;
>
> //
> // Set current RIP address
> @@ -634,12 +684,29 @@ DumpStackTrace (
> //
> *UnwoundStacksCount = 1;
>
> + //
> + // Get system control registers
> + //
> + Cr0 = SystemContext.SystemContextX64->Cr0;
> + Cr3 = SystemContext.SystemContextX64->Cr3;
> + Cr4 = SystemContext.SystemContextX64->Cr4;
> +
> //
> // Print out back trace
> //
> InternalPrintMessage ("\nCall trace:\n");
>
> for (;;) {
> + //
> + // Check for valid frame pointer
> + //
> + if (!IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)Rbp + 8) ||
> + !IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)Rbp)) {
> + InternalPrintMessage ("%a: attempted to dereference an invalid
> frame "
> + "pointer at 0x%016lx\n", __FUNCTION__, Rbp);
> + break;
> + }
> +
> //
> // Print stack frame in the following format:
> //
> @@ -727,5 +794,5 @@ DumpImageAndCpuContent (
> //
> // Dump stack contents
> //
> - DumpStackContents (SystemContext.SystemContextX64->Rsp,
> UnwoundStacksCount);
> + DumpStackContents (SystemContext, UnwoundStacksCount);
> }
> --
> 2.14.3
>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
>
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
© 2016 - 2024 Red Hat, Inc.