From nobody Mon Dec 23 18:14:19 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain
 of lists.01.org)  smtp.mailfrom=edk2-devel-bounces@lists.01.org
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com
	with SMTPS id 151597586446954.995773189865076;
 Sun, 14 Jan 2018 16:24:24 -0800 (PST)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id 1AD74222DDBF4;
	Sun, 14 Jan 2018 16:18:56 -0800 (PST)
Received: from mail.paulo.ac (mail.paulo.ac [34.238.86.106])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 205C1222DDBEF
 for <edk2-devel@lists.01.org>; Sun, 14 Jan 2018 16:18:54 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
 by mail.paulo.ac (Postfix) with ESMTP id 3AA6BC0888F;
 Mon, 15 Jan 2018 00:24:11 +0000 (UTC)
Received: from mail.paulo.ac ([127.0.0.1])
 by localhost (mail.paulo.ac [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id KOqW0UjV4Uny; Mon, 15 Jan 2018 00:24:08 +0000 (UTC)
Received: from thor.domain.name (177.204.15.215.dynamic.adsl.gvt.net.br
 [177.204.15.215])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mail.paulo.ac (Postfix) with ESMTPSA id 656BCC08891;
 Mon, 15 Jan 2018 00:24:04 +0000 (UTC)
X-Original-To: edk2-devel@lists.01.org
Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by
 domain of lists.01.org) client-ip=198.145.21.10;
 envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org;
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=34.238.86.106; helo=mail.paulo.ac; envelope-from=paulo@paulo.ac;
 receiver=edk2-devel@lists.01.org
X-Virus-Scanned: amavisd-new at paulo.ac
X-Spam-Flag: NO
X-Spam-Score: -1.099
X-Spam-Level: 
X-Spam-Status: No, score=-1.099 tagged_above=-999 required=6.31
 tests=[ALL_TRUSTED=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, URIBL_BLOCKED=0.001]
 autolearn=ham autolearn_force=no
Authentication-Results: mail.paulo.ac (amavisd-new); dkim=pass (1024-bit key)
 header.d=paulo.ac
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.paulo.ac 656BCC08891
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=paulo.ac; s=default;
 t=1515975846; bh=Q+mwrfhWLb6d1pSB8tAKdl9SZZTuiGaQs78zX3ALDbc=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:In-Reply-To:
 References:From;
 b=Zrps696/zD2RbCgiRkcjrzdeSULR6tAXFJJ6OYcHjQJaP5YUHwA8MmL+GyxRSKkQK
 rr1FUyG9Ccb6k+hqqwENZbQ1Jl9sIqSW0Fa58KVPBLQCQoymTw3FIv27OrdyKQyF8K
 7EUUYWZO0nbFQVFK44wu1JpUsm6XvghkmNYcRzIo=
From: Paulo Alcantara <paulo@paulo.ac>
To: edk2-devel@lists.01.org
Date: Sun, 14 Jan 2018 22:23:35 -0200
Message-Id: 
 <d8d53906f02b9139e3342950440dd0006930505b.1515974582.git.paulo@paulo.ac>
X-Mailer: git-send-email 2.14.3
In-Reply-To: <cover.1515974582.git.paulo@paulo.ac>
References: <cover.1514517573.git.paulo@paulo.ac>
 <cover.1515974582.git.paulo@paulo.ac>
In-Reply-To: <cover.1515974582.git.paulo@paulo.ac>
References: <cover.1515974582.git.paulo@paulo.ac>
Subject: [edk2] [RFC v5 7/8] UefiCpuPkg/CpuExceptionHandlerLib: Validate
 memory address ranges
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: Laszlo Ersek <lersek@redhat.com>, Eric Dong <eric.dong@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_4  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Introduce a new IsLinearAddressRangeValid() function to validate a given
address range and check whether or not it is valid.

This function is useful for validating ranges of memory addresses during
stack traces in X64.

Contributed-under: TianoCore Contribution Agreement 1.1
Cc: Eric Dong <eric.dong@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Requested-by: Brian Johnson <brian.johnson@hpe.com>
Signed-off-by: Paulo Alcantara <paulo@paulo.ac>
---
 UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c       | 40 =
++++++++++++++++++++
 UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h       | 18 =
+++++++++
 UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c | 40 =
++++++++++++--------
 3 files changed, 83 insertions(+), 15 deletions(-)

diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c=
 b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c
index 7ac13640de..e1dd054259 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c
@@ -589,3 +589,43 @@ IsLinearAddressValid (
=20
   return AddressValid;
 }
+
+/**
+  Check if a linear address range is valid.
+
+  @param[in]  Cr0                 CR0 control register.
+  @param[in]  Cr3                 CR3 control register.
+  @param[in]  Cr4                 CR4 control register.
+  @param[in]  LinearAddressStart  Linear address start.
+  @param[in]  LinearAddressEnd    Linear address end.
+**/
+BOOLEAN
+IsLinearAddressRangeValid (
+  IN  UINTN              Cr0,
+  IN  UINTN              Cr3,
+  IN  UINTN              Cr4,
+  IN  UINTN              LinearAddressStart,
+  IN  UINTN              LinearAddressEnd
+  )
+{
+  //
+  // Check for valid input parameters
+  //
+  if (LinearAddressStart =3D=3D 0 || LinearAddressEnd =3D=3D 0 ||
+      LinearAddressStart > LinearAddressEnd) {
+    return FALSE;
+  }
+
+  //
+  // Validate all linear addresses within the given range
+  //
+  for (LinearAddressStart &=3D ~(SIZE_4KB - 1);
+       LinearAddressStart <=3D LinearAddressEnd;
+       LinearAddressStart +=3D SIZE_4KB) {
+    if (!IsLinearAddressValid (Cr0, Cr3, Cr4, LinearAddressStart)) {
+      return FALSE;
+    }
+  }
+
+  return TRUE;
+}
diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h=
 b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h
index 1b51034c25..075f668290 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h
@@ -346,5 +346,23 @@ IsLinearAddressValid (
   IN  UINTN              LinearAddress
   );
=20
+/**
+  Check if a linear address range is valid.
+
+  @param[in]  Cr0                 CR0 control register.
+  @param[in]  Cr3                 CR3 control register.
+  @param[in]  Cr4                 CR4 control register.
+  @param[in]  LinearAddressStart  Linear address start.
+  @param[in]  LinearAddressEnd    Linear address end.
+**/
+BOOLEAN
+IsLinearAddressRangeValid (
+  IN  UINTN              Cr0,
+  IN  UINTN              Cr3,
+  IN  UINTN              Cr4,
+  IN  UINTN              LinearAddressStart,
+  IN  UINTN              LinearAddressEnd
+  );
+
 #endif
=20
diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHan=
dler.c b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler=
.c
index 71d2d2f5d4..4d8c9b0a89 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c
@@ -415,6 +415,8 @@ DumpStackContents (
   UINTN   Cr0;
   UINTN   Cr3;
   UINTN   Cr4;
+  UINTN   RspAddressStart;
+  UINTN   RspAddressEnd;
=20
   //
   // Get current stack pointer
@@ -436,21 +438,29 @@ DumpStackContents (
   Cr3 =3D SystemContext.SystemContextX64->Cr3;
   Cr4 =3D SystemContext.SystemContextX64->Cr4;
=20
+  //
+  // Calculate address range of the stack pointers
+  //
+  RspAddressStart =3D (UINTN)CurrentRsp;
+  RspAddressEnd =3D
+    RspAddressStart + (UINTN)UnwoundStacksCount * CPU_STACK_ALIGNMENT;
+
+  //
+  // Validate address range of stack pointers
+  //
+  if (!IsLinearAddressRangeValid (Cr0, Cr3, Cr4, RspAddressStart,
+                                  RspAddressEnd)) {
+    InternalPrintMessage ("%a: attempted to dereference an invalid stack "
+                          "pointer at 0x%016lx - 0x%016lx\n", __FUNCTION__,
+                          RspAddressStart, RspAddressEnd);
+    return;
+  }
+
   //
   // Dump out stack contents
   //
   InternalPrintMessage ("\nStack dump:\n");
   while (UnwoundStacksCount-- > 0) {
-    //
-    // Check for a valid stack pointer address
-    //
-    if (!IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)CurrentRsp) ||
-        !IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)CurrentRsp + 8)) {
-      InternalPrintMessage ("%a: attempted to dereference an invalid stack=
 "
-                            "pointer at 0x%016lx\n", __FUNCTION__, Current=
Rsp);
-      break;
-    }
-
     InternalPrintMessage (
       "0x%016lx: %016lx %016lx\n",
       CurrentRsp,
@@ -459,7 +469,7 @@ DumpStackContents (
       );
=20
     //
-    // Point to next stack
+    // Point to next stack pointer
     //
     CurrentRsp +=3D CPU_STACK_ALIGNMENT;
   }
@@ -571,8 +581,8 @@ DumpImageModuleNames (
     //
     // Check for a valid frame pointer
     //
-    if (!IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)Rbp + 8) ||
-        !IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)Rbp)) {
+    if (!IsLinearAddressRangeValid (Cr0, Cr3, Cr4, (UINTN)Rbp,
+                                    (UINTN)Rbp + 8)) {
       InternalPrintMessage ("%a: attempted to dereference an invalid frame=
 "
                             "pointer at 0x%016lx\n", __FUNCTION__, Rbp);
       break;
@@ -722,8 +732,8 @@ DumpStacktrace (
     //
     // Check for valid frame pointer
     //
-    if (!IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)Rbp + 8) ||
-        !IsLinearAddressValid (Cr0, Cr3, Cr4, (UINTN)Rbp)) {
+    if (!IsLinearAddressRangeValid (Cr0, Cr3, Cr4, (UINTN)Rbp,
+                                    (UINTN)Rbp + 8)) {
       InternalPrintMessage ("%a: attempted to dereference an invalid frame=
 "
                             "pointer at 0x%016lx\n", __FUNCTION__, Rbp);
       break;
--=20
2.14.3

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel