Re: [edk2-devel] [PATCH v3 0/4] Bz4166: Integer Overflow in CreateHob()

2024-01-25 Thread Guo, Gua
Hi @Gerd Hoffmann

It's PR https://github.com/tianocore/edk2/pull/5298 if no more concern 
received, will merge it tomorrow morning.

Thanks,
Gua

-Original Message-
From: Gerd Hoffmann  
Sent: Wednesday, January 24, 2024 8:48 PM
To: Guo, Gua 
Cc: devel@edk2.groups.io; Ard Biesheuvel ; Mathews, 
John ; Zimmer, Vincent ; Sami 
Mujawar ; jma...@redhat.com
Subject: Re: RE: [PATCH v3 0/4] Bz4166: Integer Overflow in CreateHob()

On Tue, Jan 23, 2024 at 03:16:32PM +, Guo, Gua wrote:
> For MdeModulePkg, I think no need to change because no any logic change.
> 
> For StandaloneMmPkg and EmbeddedPkg
> - Don't have enough abilities to close Sami Mujawar and Ni Ray open 
> currently, so hold on the change until I find how to introduce Panic. So give 
> up these two packages patch currently.

On StandaloneMmPkg: I think the patch is fine, I've replied in that subthread.

On EmbeddedPkg:  I think the BuildGuidDataHob() callsites need review whenever 
they do:

  (a) check the return value properly, or
  (b) allocate a fixed size HOB so the new check in CreateHob() can't
  fail.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114370): https://edk2.groups.io/g/devel/message/114370
Mute This Topic: https://groups.io/mt/103675959/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-




Re: [edk2-devel] [PATCH v3 0/4] Bz4166: Integer Overflow in CreateHob()

2024-01-24 Thread Gerd Hoffmann
On Tue, Jan 23, 2024 at 03:16:32PM +, Guo, Gua wrote:
> For MdeModulePkg, I think no need to change because no any logic change.
> 
> For StandaloneMmPkg and EmbeddedPkg
> - Don't have enough abilities to close Sami Mujawar and Ni Ray open 
> currently, so hold on the change until I find how to introduce Panic. So give 
> up these two packages patch currently.

On StandaloneMmPkg: I think the patch is fine, I've replied in that
subthread.

On EmbeddedPkg:  I think the BuildGuidDataHob() callsites need review
whenever they do:

  (a) check the return value properly, or
  (b) allocate a fixed size HOB so the new check in CreateHob() can't
  fail.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114284): https://edk2.groups.io/g/devel/message/114284
Mute This Topic: https://groups.io/mt/103675959/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-




Re: [edk2-devel] [PATCH v3 0/4] Bz4166: Integer Overflow in CreateHob()

2024-01-23 Thread Guo, Gua
For MdeModulePkg, I think no need to change because no any logic change.

For StandaloneMmPkg and EmbeddedPkg
- Don't have enough abilities to close Sami Mujawar and Ni Ray open currently, 
so hold on the change until I find how to introduce Panic. So give up these two 
packages patch currently.

-Original Message-
From: Gerd Hoffmann  
Sent: Tuesday, January 23, 2024 10:50 PM
To: Guo, Gua 
Cc: devel@edk2.groups.io; Ard Biesheuvel ; Mathews, 
John ; Zimmer, Vincent ; Sami 
Mujawar ; jma...@redhat.com
Subject: Re: [PATCH v3 0/4] Bz4166: Integer Overflow in CreateHob()

On Fri, Jan 12, 2024 at 10:25:16AM +0800, gua@intel.com wrote:
> From: Gua Guo 
> 
> PR: https://github.com/tianocore/edk2/pull/5252

> Gua Guo (4):
>   UefiPayloadPkg/Hob: Integer Overflow in CreateHob()
>   StandaloneMmPkg/Hob: Integer Overflow in CreateHob()
>   EmbeddedPkg/Hob: Integer Overflow in CreateHob()
>   MdeModulePkg/Hob: Integer Overflow in CreateHob()

Ping.  What is the status here?

Patch 1/4 has been merged (commit 59f024c76ee5), the other tree patches are 
missing still.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114205): https://edk2.groups.io/g/devel/message/114205
Mute This Topic: https://groups.io/mt/103675959/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-




Re: [edk2-devel] [PATCH v3 0/4] Bz4166: Integer Overflow in CreateHob()

2024-01-23 Thread Gerd Hoffmann
On Fri, Jan 12, 2024 at 10:25:16AM +0800, gua@intel.com wrote:
> From: Gua Guo 
> 
> PR: https://github.com/tianocore/edk2/pull/5252

> Gua Guo (4):
>   UefiPayloadPkg/Hob: Integer Overflow in CreateHob()
>   StandaloneMmPkg/Hob: Integer Overflow in CreateHob()
>   EmbeddedPkg/Hob: Integer Overflow in CreateHob()
>   MdeModulePkg/Hob: Integer Overflow in CreateHob()

Ping.  What is the status here?

Patch 1/4 has been merged (commit 59f024c76ee5), the other tree patches
are missing still.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114204): https://edk2.groups.io/g/devel/message/114204
Mute This Topic: https://groups.io/mt/103675959/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-




Re: [edk2-devel] [PATCH v3 0/4] Bz4166: Integer Overflow in CreateHob()

2024-01-19 Thread Sami Mujawar
Hi Gua,

I don’t think handling the error one level up (i.e. only in the calling 
function) solves the problem in entirety, can you check please?
Example, now the crash can happen in BuildGuidDataHob() see 
https://github.com/tianocore/edk2/blob/master/EmbeddedPkg/Library/PrePiHobLib/Hob.c#L488-L490
I believe such cases are at other places as well.

I think it may be better to introduce a Panic() hander to fix this properly.

Regards,

Sami Mujawar

On 12/01/2024, 02:25, "gua@intel.com " 
mailto:gua@intel.com>> wrote:


From: Gua Guo mailto:gua@intel.com>>


PR: https://github.com/tianocore/edk2/pull/5252 



V3
1. UefiPayloadPkg/Hob: Integer : Add error handle


2. StandaloneMmPkg/Hob: Integer Overflow in : Add error handle


3. EmbeddedPkg/Hob: Integer Overflow in CreateHob() : Add error handle


V2
1. UefiPayloadPkg/Hob: Integer : Add Reviewed-by and Authored-by


2. StandaloneMmPkg/Hob: Integer Overflow in : Add Reviewed-by and Authored-by


3. EmbeddedPkg/Hob: Integer Overflow in CreateHob() : Add Reviewed-by and 
Authored-by


4. MdeModulePkg/Hob: Integer Overflow in CreateHob() : Add Authored-by


V1


1. UefiPayloadPkg/Hob: Integer


2. StandaloneMmPkg/Hob: Integer Overflow in


3. EmbeddedPkg/Hob: Integer Overflow in CreateHob()


4. MdeModulePkg/Hob: Integer Overflow in CreateHob()


Cc: Ard Biesheuvel mailto:ardb+tianoc...@kernel.org>>


Cc: Gerd Hoffmann mailto:kra...@redhat.com>>


Cc: John Mathew mailto:john.math...@intel.com>>


Cc: Vincent Zimmer mailto:vincent.zim...@intel.com>>


Cc: Sami Mujawar mailto:sami.muja...@arm.com>>


Gua Guo (4):
UefiPayloadPkg/Hob: Integer Overflow in CreateHob()
StandaloneMmPkg/Hob: Integer Overflow in CreateHob()
EmbeddedPkg/Hob: Integer Overflow in CreateHob()
MdeModulePkg/Hob: Integer Overflow in CreateHob()


EmbeddedPkg/Library/PrePiHobLib/Hob.c | 43 +++
MdeModulePkg/Core/Pei/Hob/Hob.c | 2 +-
.../Arm/StandaloneMmCoreHobLib.c | 35 +++
.../Library/PayloadEntryHobLib/Hob.c | 43 +++
.../FitUniversalPayloadEntry.c | 8 ++--
.../UefiPayloadEntry/UniversalPayloadEntry.c | 8 ++--
6 files changed, 132 insertions(+), 7 deletions(-)


--
2.39.2.windows.1





IMPORTANT NOTICE: The contents of this email and any attachments are 
confidential and may also be privileged. If you are not the intended recipient, 
please notify the sender immediately and do not disclose the contents to any 
other person, use it for any purpose, or store or copy the information in any 
medium. Thank you.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114038): https://edk2.groups.io/g/devel/message/114038
Mute This Topic: https://groups.io/mt/103675959/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-




[edk2-devel] [PATCH v3 0/4] Bz4166: Integer Overflow in CreateHob()

2024-01-11 Thread Guo, Gua
From: Gua Guo 

PR: https://github.com/tianocore/edk2/pull/5252

V3
1. UefiPayloadPkg/Hob: Integer : Add error handle

2. StandaloneMmPkg/Hob: Integer Overflow in : Add error handle

3. EmbeddedPkg/Hob: Integer Overflow in CreateHob() : Add error handle

V2
1. UefiPayloadPkg/Hob: Integer : Add Reviewed-by and Authored-by

2. StandaloneMmPkg/Hob: Integer Overflow in : Add Reviewed-by and Authored-by

3. EmbeddedPkg/Hob: Integer Overflow in CreateHob() : Add Reviewed-by and 
Authored-by

4. MdeModulePkg/Hob: Integer Overflow in CreateHob() : Add Authored-by

V1

1. UefiPayloadPkg/Hob: Integer

2. StandaloneMmPkg/Hob: Integer Overflow in

3. EmbeddedPkg/Hob: Integer Overflow in CreateHob()

4. MdeModulePkg/Hob: Integer Overflow in CreateHob()

Cc: Ard Biesheuvel 

Cc: Gerd Hoffmann 

Cc: John Mathew 

Cc: Vincent Zimmer 

Cc: Sami Mujawar 

Gua Guo (4):
  UefiPayloadPkg/Hob: Integer Overflow in CreateHob()
  StandaloneMmPkg/Hob: Integer Overflow in CreateHob()
  EmbeddedPkg/Hob: Integer Overflow in CreateHob()
  MdeModulePkg/Hob: Integer Overflow in CreateHob()

 EmbeddedPkg/Library/PrePiHobLib/Hob.c | 43 +++
 MdeModulePkg/Core/Pei/Hob/Hob.c   |  2 +-
 .../Arm/StandaloneMmCoreHobLib.c  | 35 +++
 .../Library/PayloadEntryHobLib/Hob.c  | 43 +++
 .../FitUniversalPayloadEntry.c|  8 ++--
 .../UefiPayloadEntry/UniversalPayloadEntry.c  |  8 ++--
 6 files changed, 132 insertions(+), 7 deletions(-)

--
2.39.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113639): https://edk2.groups.io/g/devel/message/113639
Mute This Topic: https://groups.io/mt/103675959/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-