From 5f31238166ce7dbff51b7b1d1f6ef4ff7c23d2ad Mon Sep 17 00:00:00 2001 From: zhangxingrong Date: Fri, 12 Jul 2024 10:06:42 +0800 Subject: [PATCH] add some upstream patchs update edk2.spec. Signed-off-by: zhangxingrong --- 0049-Fix-assert-in-CmObject-parser.patch | 38 +++++++++++ ...32B-when-calling-C-function-in-64bit.patch | 63 +++++++++++++++++++ edk2.spec | 9 ++- 3 files changed, 109 insertions(+), 1 deletion(-) create mode 100644 0049-Fix-assert-in-CmObject-parser.patch create mode 100644 0050-Reserve-32B-when-calling-C-function-in-64bit.patch diff --git a/0049-Fix-assert-in-CmObject-parser.patch b/0049-Fix-assert-in-CmObject-parser.patch new file mode 100644 index 0000000..48f4b5c --- /dev/null +++ b/0049-Fix-assert-in-CmObject-parser.patch @@ -0,0 +1,38 @@ +From fbbbd984998d83cf6b69e9291336aefbac23396c Mon Sep 17 00:00:00 2001 +From: Sami Mujawar +Date: Tue, 31 Oct 2023 14:50:43 +0000 +Subject: [PATCH] DynamicTablesPkg: Fix assert in CmObject parser + +The patch "f81ee47513e5 DynamicTablesPkg: Add an ET info +object parser" updates the Configuration Manager object +parser to add support for parsing CM_ARM_ET_INFO object. + +However, the GicC info structure also has an ET Reference +token that points to the CM_ARM_ET_INFO object. Therefore, +update the GICC info object parser to add an entry to parse +the ET reference token. Without this change an assert +stating that the RemainingSize != 0 will be triggered. + +Signed-off-by: Sami Mujawar +Reviewed-by: levi.yun + +--- + .../Common/TableHelperLib/ConfigurationManagerObjectParser.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/DynamicTablesPkg/Library/Common/TableHelperLib/ConfigurationManagerObjectParser.c b/DynamicTablesPkg/Library/Common/TableHelperLib/ConfigurationManagerObjectParser.c +index 99d6032..ceb73f3 100644 +--- a/DynamicTablesPkg/Library/Common/TableHelperLib/ConfigurationManagerObjectParser.c ++++ b/DynamicTablesPkg/Library/Common/TableHelperLib/ConfigurationManagerObjectParser.c +@@ -60,6 +60,8 @@ STATIC CONST CM_OBJ_PARSER CmArmGicCInfoParser[] = { + { "ClockDomain", 4, "0x%x", NULL }, + { "AffinityFlags", 4, "0x%x", NULL }, + { "CpcToken", sizeof (CM_OBJECT_TOKEN), "0x%p", NULL } ++ { "TRBEInterrupt", 2, "0x%x", NULL }, ++ { "EtToken", sizeof (CM_OBJECT_TOKEN), "0x%p", NULL } + }; + + /** A parser for EArmObjGicDInfo. +-- +2.43.0 + diff --git a/0050-Reserve-32B-when-calling-C-function-in-64bit.patch b/0050-Reserve-32B-when-calling-C-function-in-64bit.patch new file mode 100644 index 0000000..54c979b --- /dev/null +++ b/0050-Reserve-32B-when-calling-C-function-in-64bit.patch @@ -0,0 +1,63 @@ +From 0b4acb88d67520ad5cd9fd8896db0a2e203eaca4 Mon Sep 17 00:00:00 2001 +From: "Ni, Ray" +Date: Tue, 31 Oct 2023 01:22:16 -0700 +Subject: [PATCH] IntelFsp2Pkg/SwitchStack: Reserve 32B when calling C function + in 64bit + +When FSP runs in API mode, it saves the IDTR in its own stack then +switches to bootloader's stack before it returns from FspMemoryInit. +Next time when the bootloader calls TempRamExit, FSP switches to +its own stack and restores IDTR from its stack saved earlier. + +However, due to a bug in BaseFspSwitchStackLib, the IDTR saved on +FSP's stack might be corrupted that results the following TempRamExit +call fails inside FSP due to PeiServices pointer cannot be retrieved +from IDT.base - 8. + +The bug is the assembly code doesn't reserve 32 bytes before calling +the C routine in 64bit. According to the x86-64 calling convention, +caller is responsible for allocating 32 bytes of "shadow space" on the +stack right before calling the function (regardless of the actual +number of parameters used). + +When FSP is built in optimization-off mode, the C routine makes use +of the 32-byte "shadow space" which is not reserved by the assembly +caller. That causes the IDTR saved on the stack is corrupted by the +C routine. +The patch fixes so by reserving the 32 bytes before calling C routine. + +Signed-off-by: Ray Ni +Cc: Chasel Chiu +Reviewed-by: Nate DeSimone +Cc: Duggapu Chinni B +Cc: Ray Han Lim Ng +Cc: Star Zeng +Reviewed-by: Ted Kuo +Reviewed-by: Ashraf Ali S +Cc: Susovan Mohapatra +--- + IntelFsp2Pkg/Library/BaseFspSwitchStackLib/X64/Stack.nasm | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/IntelFsp2Pkg/Library/BaseFspSwitchStackLib/X64/Stack.nasm b/IntelFsp2Pkg/Library/BaseFspSwitchStackLib/X64/Stack.nasm +index 1ea1220608ef..e3a7cf002fe6 100644 +--- a/IntelFsp2Pkg/Library/BaseFspSwitchStackLib/X64/Stack.nasm ++++ b/IntelFsp2Pkg/Library/BaseFspSwitchStackLib/X64/Stack.nasm +@@ -1,6 +1,6 @@ + ;------------------------------------------------------------------------------ + ; +-; Copyright (c) 2022, Intel Corporation. All rights reserved.
++; Copyright (c) 2022 - 2023, Intel Corporation. All rights reserved.
+ ; SPDX-License-Identifier: BSD-2-Clause-Patent + ; + ; Abstract: +@@ -60,7 +60,9 @@ ASM_PFX(FspSwitchStack): + + ; Load new stack + mov rcx, rsp ++ sub rsp, 0x20 + call ASM_PFX(SwapStack) ++ add rsp, 0x20 + mov rsp, rax + + ; Restore previous contexts diff --git a/edk2.spec b/edk2.spec index 5ae8cc6..25b33ee 100644 --- a/edk2.spec +++ b/edk2.spec @@ -7,7 +7,7 @@ Name: edk2 Version: %{stable_date} -Release: 8 +Release: 9 Summary: EFI Development Kit II License: BSD-2-Clause-Patent and OpenSSL and MIT URL: https://github.com/tianocore/edk2 @@ -76,6 +76,9 @@ patch46: 0046-MdeModulePkg-Potential-UINT32-overflow-in-S3-ResumeC.patch patch47: 0047-Fix-SSL_select_next_proto-and-add-ALPN-validation-in.patch patch48: 0048-Add-a-test-for-ALPN-and-NPN.patch +Patch49: 0049-Fix-assert-in-CmObject-parser.patch +Patch50: 0050-Reserve-32B-when-calling-C-function-in-64bit.patch + BuildRequires: acpica-tools gcc gcc-c++ libuuid-devel python3 bc nasm python3-unversioned-command isl %description @@ -312,6 +315,10 @@ chmod +x %{buildroot}%{_bindir}/Rsa2048Sha256GenerateKeys %endif %changelog +* Thu Jul 11 2024 zhangxingrong- - 202308-9 +- DynamicTablesPkg: Fix assert in CmObject parser +- IntelFsp2Pkg/SwitchStack: Reserve 32B when calling C function in 64bit + * Thu Jul 11 2024 shenyage - 202308-8 - fix CVE-2024-5535 -- Gitee