From cf73dc0904716f3a616324686d76c67eaf64eb85 Mon Sep 17 00:00:00 2001 From: Aaron <105021049+apop5@users.noreply.github.com> Date: Thu, 19 Oct 2023 15:13:58 -0700 Subject: [PATCH 1/2] [PolicyServicePkg] Adding MemoryAllocationLib to library classes that rely on it (#597) ## Description PolicyServicePkg's PolicyLib rely on PolicyLibCommon, which includes MemoryAllocationLib, header. The Policy Libs do not enumerate MemoryAllocationLib in the LibraryClasses section of their INF files. If one of the enumerated library classes do not include MemoryAllocationLib, a build error will occur. Fixes #596 - [ ] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [ ] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... ## How This Was Tested A platform threw a build error because of unresolved externals coming from the MemoryAllocationLib usage. Adding MemoryAllocationLib to the INFs resolved the build error. ## Integration Instructions N/A --------- Signed-off-by: Aaron <105021049+apop5@users.noreply.github.com> Co-authored-by: Michael Kubacki --- PolicyServicePkg/Library/DxePolicyLib/DxePolicyLib.inf | 1 + PolicyServicePkg/Library/MmPolicyLib/MmPolicyLib.inf | 1 + PolicyServicePkg/Library/PeiPolicyLib/PeiPolicyLib.inf | 1 + 3 files changed, 3 insertions(+) diff --git a/PolicyServicePkg/Library/DxePolicyLib/DxePolicyLib.inf b/PolicyServicePkg/Library/DxePolicyLib/DxePolicyLib.inf index 9514705ecc..7b5b69cbf5 100644 --- a/PolicyServicePkg/Library/DxePolicyLib/DxePolicyLib.inf +++ b/PolicyServicePkg/Library/DxePolicyLib/DxePolicyLib.inf @@ -30,6 +30,7 @@ [LibraryClasses] BaseLib DebugLib + MemoryAllocationLib UefiBootServicesTableLib [Protocols] diff --git a/PolicyServicePkg/Library/MmPolicyLib/MmPolicyLib.inf b/PolicyServicePkg/Library/MmPolicyLib/MmPolicyLib.inf index 3ff1aa35b5..d014951764 100644 --- a/PolicyServicePkg/Library/MmPolicyLib/MmPolicyLib.inf +++ b/PolicyServicePkg/Library/MmPolicyLib/MmPolicyLib.inf @@ -29,6 +29,7 @@ BaseLib DebugLib MmServicesTableLib + MemoryAllocationLib [Protocols] gMmPolicyProtocolGuid ## CONSUMES diff --git a/PolicyServicePkg/Library/PeiPolicyLib/PeiPolicyLib.inf b/PolicyServicePkg/Library/PeiPolicyLib/PeiPolicyLib.inf index 329fbe051d..abb2393444 100644 --- a/PolicyServicePkg/Library/PeiPolicyLib/PeiPolicyLib.inf +++ b/PolicyServicePkg/Library/PeiPolicyLib/PeiPolicyLib.inf @@ -28,6 +28,7 @@ [LibraryClasses] BaseLib DebugLib + MemoryAllocationLib [Ppis] gPeiPolicyPpiGuid ## CONSUMES From 1f32c267225e34873d69a89be2e5d7bec86fad7c Mon Sep 17 00:00:00 2001 From: kenlautner <85201046+kenlautner@users.noreply.github.com> Date: Mon, 23 Oct 2023 09:21:51 -0700 Subject: [PATCH 2/2] MdeModulePkg and UefiCpuPkg CodeQL Fixes (#561) ## Description CodeQL fixes for MpLib, PeiMpLib and DxeMpLib. This includes their related files. - [ ] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [ ] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... ## How This Was Tested Tested on Intel physical devices. I was able to build and boot without any problems. ## Integration Instructions N/A --- MdeModulePkg/MdeModulePkg.dsc | 2 + MdeModulePkg/Universal/PCD/Pei/Pcd.c | 18 +- MdeModulePkg/Universal/PCD/Pei/Service.c | 35 +++- .../Universal/ResetSystemPei/ResetSystem.c | 11 ++ .../Universal/ResetSystemPei/ResetSystem.h | 1 + .../ResetSystemPei/ResetSystemPei.inf | 1 + UefiCpuPkg/CpuDxe/CpuDxe.inf | 1 + UefiCpuPkg/CpuDxe/CpuMp.c | 11 +- UefiCpuPkg/CpuDxe/CpuPageTable.c | 30 +++- UefiCpuPkg/CpuMpPei/CpuMpPei.c | 18 +- UefiCpuPkg/CpuMpPei/CpuMpPei.h | 1 + UefiCpuPkg/CpuMpPei/CpuMpPei.inf | 1 + UefiCpuPkg/CpuMpPei/CpuPaging.c | 9 +- UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 11 +- UefiCpuPkg/Library/MpInitLib/MpLib.c | 161 +++++++++++++++++- UefiCpuPkg/Library/MpInitLib/PeiMpLib.c | 16 ++ UefiCpuPkg/UefiCpuPkg.dsc | 2 + 17 files changed, 306 insertions(+), 23 deletions(-) diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc index 876860f273..6b32e3183e 100644 --- a/MdeModulePkg/MdeModulePkg.dsc +++ b/MdeModulePkg/MdeModulePkg.dsc @@ -120,6 +120,8 @@ MmuLib|MdePkg/Library/BaseMmuLibNull/BaseMmuLibNull.inf ## MU_CHANGE + PanicLib|MdePkg/Library/BasePanicLibNull/BasePanicLibNull.inf # MU_CHANGE + # MU_CHANGE START Include MemoryProtectionHobLib [LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.DXE_CORE, LibraryClasses.common.UEFI_APPLICATION] DxeMemoryProtectionHobLib|MdeModulePkg/Library/MemoryProtectionHobLib/DxeMemoryProtectionHobLib.inf diff --git a/MdeModulePkg/Universal/PCD/Pei/Pcd.c b/MdeModulePkg/Universal/PCD/Pei/Pcd.c index 2ade1aa44c..69b9f67810 100644 --- a/MdeModulePkg/Universal/PCD/Pei/Pcd.c +++ b/MdeModulePkg/Universal/PCD/Pei/Pcd.c @@ -172,7 +172,15 @@ PcdSetNvStoreDefaultIdCallBack ( // NvStoreBuffer = (VARIABLE_STORE_HEADER *)((UINT8 *)DataHeader + sizeof (DataHeader->DataSize) + DataHeader->HeaderSize); VarStoreHobData = (UINT8 *)BuildGuidHob (&NvStoreBuffer->Signature, NvStoreBuffer->Size); - ASSERT (VarStoreHobData != NULL); + // MU_CHANGE [BEGIN] - CodeQL change + if (VarStoreHobData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed build NV Store guid hob.\n", __func__)); + ASSERT (VarStoreHobData != NULL); + return; + } + + // MU_CHANGE [END] - CodeQL change + CopyMem (VarStoreHobData, NvStoreBuffer, NvStoreBuffer->Size); // // Find the matched SkuId and DefaultId in the first section @@ -316,6 +324,14 @@ EndOfPeiSignalPpiNotifyCallback ( if (PcdDb != NULL) { Length = PeiPcdDb->LengthForAllSkus; Database = BuildGuidHob (&gPcdDataBaseHobGuid, Length); + // MU_CHANGE [BEGIN] - CodeQL change + if (Database == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to build PCD guid hob.\n", __func__)); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE [END] - CodeQL change + CopyMem (Database, PcdDb, Length); } diff --git a/MdeModulePkg/Universal/PCD/Pei/Service.c b/MdeModulePkg/Universal/PCD/Pei/Service.c index a8860e6008..370c5340c4 100644 --- a/MdeModulePkg/Universal/PCD/Pei/Service.c +++ b/MdeModulePkg/Universal/PCD/Pei/Service.c @@ -428,6 +428,7 @@ BuildPcdDatabase ( IN EFI_PEI_FILE_HANDLE FileHandle ) { + VOID *Hob; // MU_CHANGE - CodeQL change PEI_PCD_DATABASE *Database; PEI_PCD_DATABASE *PeiPcdDbBinary; VOID *CallbackFnTable; @@ -438,9 +439,31 @@ BuildPcdDatabase ( // PeiPcdDbBinary = LocateExPcdBinary (FileHandle); - ASSERT (PeiPcdDbBinary != NULL); + // MU_CHANGE [BEGIN] - CodeQL change + if (PeiPcdDbBinary == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed To locate the Pcd Db binary.\n", __func__)); + ASSERT (PeiPcdDbBinary != NULL); + return NULL; + } - Database = BuildGuidHob (&gPcdDataBaseHobGuid, PeiPcdDbBinary->Length + PeiPcdDbBinary->UninitDataBaseSize); + // MU_CHANGE [END] - CodeQL change + + // MU_CHANGE [BEGIN] - CodeQL change + // Check to see if the Hob already exists because we can error out of this function when + // creating the CallbackFnTable Hob and call into this function again. + Hob = GetFirstGuidHob (&gPcdDataBaseHobGuid); + if (Hob == NULL) { + Database = BuildGuidHob (&gPcdDataBaseHobGuid, PeiPcdDbBinary->Length + PeiPcdDbBinary->UninitDataBaseSize); + } else { + Database = (PEI_PCD_DATABASE *)GET_GUID_HOB_DATA (Hob); + } + + if (Database == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to build the PCD Database guid hob.\n", __func__)); + return NULL; + } + + // MU_CHANGE [END] - CodeQL change ZeroMem (Database, PeiPcdDbBinary->Length + PeiPcdDbBinary->UninitDataBaseSize); @@ -453,6 +476,14 @@ BuildPcdDatabase ( CallbackFnTable = BuildGuidHob (&gEfiCallerIdGuid, SizeOfCallbackFnTable); + // MU_CHANGE [BEGIN] - CodeQL change + if (CallbackFnTable == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to build the CallbackFnTable guid hob.\n", __func__)); + return NULL; + } + + // MU_CHANGE [END] - CodeQL change + ZeroMem (CallbackFnTable, SizeOfCallbackFnTable); return Database; diff --git a/MdeModulePkg/Universal/ResetSystemPei/ResetSystem.c b/MdeModulePkg/Universal/ResetSystemPei/ResetSystem.c index 6e7693fcad..0c7489e673 100644 --- a/MdeModulePkg/Universal/ResetSystemPei/ResetSystem.c +++ b/MdeModulePkg/Universal/ResetSystemPei/ResetSystem.c @@ -300,6 +300,16 @@ ResetSystem2 ( RecursionDepthPointer = (UINT8 *)GET_GUID_HOB_DATA (Hob); } + // MU_CHANGE [BEGIN] - CodeQL change + if (RecursionDepthPointer == NULL) { + // Critical build failure so Panicking + PANIC ("Failed to build or get the RecursionDepthPointer Hob"); + // Reset anyway if we can't get the RecursionDepthPointer + goto Done; + } + + // MU_CHANGE [END] - CodeQL change + // // Only do REPORT_STATUS_CODE() on first call to ResetSystem() // @@ -338,6 +348,7 @@ ResetSystem2 ( DEBUG ((DEBUG_ERROR, "PEI ResetSystem2: Maximum reset call depth is met. Use the current reset type: %s!\n", mResetTypeStr[ResetType])); } +Done: switch (ResetType) { case EfiResetWarm: ResetWarm (); diff --git a/MdeModulePkg/Universal/ResetSystemPei/ResetSystem.h b/MdeModulePkg/Universal/ResetSystemPei/ResetSystem.h index a04e4840e6..f2e126b5bb 100644 --- a/MdeModulePkg/Universal/ResetSystemPei/ResetSystem.h +++ b/MdeModulePkg/Universal/ResetSystemPei/ResetSystem.h @@ -24,6 +24,7 @@ #include #include #include +#include // MU_CHANGE // // The maximum recursion depth to ResetSystem() by reset notification handlers diff --git a/MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf b/MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf index 810b568f87..7b65ac95ae 100644 --- a/MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf +++ b/MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf @@ -40,6 +40,7 @@ PeimEntryPoint HwResetSystemLib ## MS_CHANGE - Use HW reset from reset arch providers. ReportStatusCodeLib + PanicLib ## MU_CHANGE [Ppis] gEfiPeiReset2PpiGuid ## PRODUCES diff --git a/UefiCpuPkg/CpuDxe/CpuDxe.inf b/UefiCpuPkg/CpuDxe/CpuDxe.inf index bebd83ae12..dfc41ae353 100644 --- a/UefiCpuPkg/CpuDxe/CpuDxe.inf +++ b/UefiCpuPkg/CpuDxe/CpuDxe.inf @@ -42,6 +42,7 @@ PeCoffGetEntryPointLib DxeMemoryProtectionHobLib ## MU_CHANGE DeviceStateLib ## MU_CHANGE + PanicLib ## MU_CHANGE [Sources] CpuDxe.c diff --git a/UefiCpuPkg/CpuDxe/CpuMp.c b/UefiCpuPkg/CpuDxe/CpuMp.c index ab8382b36b..c4a0b0dcb2 100644 --- a/UefiCpuPkg/CpuDxe/CpuMp.c +++ b/UefiCpuPkg/CpuDxe/CpuMp.c @@ -622,8 +622,17 @@ InitializeExceptionStackSwitchHandlers ( { EXCEPTION_STACK_SWITCH_CONTEXT *SwitchStackData; UINTN Index; + EFI_STATUS Status; // MU_CHANGE - CodeQL change - MpInitLibWhoAmI (&Index); + // MU_CHANGE [START] - CodeQL change + Status = MpInitLibWhoAmI (&Index); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get processor number. The exception stack was not initialized.\n", __func__)); + return; + } + + // MU_CHANGE [END] - CodeQL change SwitchStackData = (EXCEPTION_STACK_SWITCH_CONTEXT *)Buffer; // // This may be called twice for each Cpu. Only run InitializeSeparateExceptionStacks diff --git a/UefiCpuPkg/CpuDxe/CpuPageTable.c b/UefiCpuPkg/CpuDxe/CpuPageTable.c index eabf1e8ee7..d386ff490f 100644 --- a/UefiCpuPkg/CpuDxe/CpuPageTable.c +++ b/UefiCpuPkg/CpuDxe/CpuPageTable.c @@ -14,6 +14,7 @@ #include #include #include +#include // MU_CHANGE #include #include #include @@ -1258,11 +1259,20 @@ DebugExceptionHandler ( IN EFI_SYSTEM_CONTEXT SystemContext ) { - UINTN CpuIndex; - UINTN PFEntry; - BOOLEAN IsWpEnabled; + UINTN CpuIndex; + UINTN PFEntry; + BOOLEAN IsWpEnabled; + EFI_STATUS Status; // MU_CHANGE - CodeQL change - MpInitLibWhoAmI (&CpuIndex); + // MU_CHANGE [START] - CodeQL change + Status = MpInitLibWhoAmI (&CpuIndex); + + if (EFI_ERROR (Status)) { + PANIC ("Failed to get processor number in the DebugExceptionHandler"); + goto Done; + } + + // MU_CHANGE [END] - CodeQL change // // Clear last PF entries @@ -1287,6 +1297,7 @@ DebugExceptionHandler ( // mPFEntryCount[CpuIndex] = 0; +Done: // // Flush TLB // @@ -1337,7 +1348,15 @@ PageFaultExceptionHandler ( } if (NonStopMode) { - MpInitLibWhoAmI (&CpuIndex); + // MU_CHANGE [START] - CodeQL change + Status = MpInitLibWhoAmI (&CpuIndex); + + if (EFI_ERROR (Status)) { + PANIC ("Failed to get processor number in the PageFaultExceptionHandler"); + goto Done; + } + + // MU_CHANGE [END] - CodeQL change GetCurrentPagingContext (&PagingContext); // // Memory operation cross page boundary, like "rep mov" instruction, will @@ -1378,6 +1397,7 @@ PageFaultExceptionHandler ( } } +Done: // // Initialize the serial port before dumping. // diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.c b/UefiCpuPkg/CpuMpPei/CpuMpPei.c index ad1a11c0c0..0ef65fe887 100644 --- a/UefiCpuPkg/CpuMpPei/CpuMpPei.c +++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.c @@ -504,8 +504,18 @@ InitializeExceptionStackSwitchHandlers ( { EXCEPTION_STACK_SWITCH_CONTEXT *SwitchStackData; UINTN Index; + EFI_STATUS Status; // MU_CHANGE - CodeQL change + + Status = MpInitLibWhoAmI (&Index); + + // MU_CHANGE [BEGIN] - CodeQL change + if (EFI_ERROR (Status)) { + PANIC ("Failed to get processor number when initializing the stack switch exception handlers."); + return; + } + + // MU_CHANGE [END] - CodeQL change - MpInitLibWhoAmI (&Index); SwitchStackData = (EXCEPTION_STACK_SWITCH_CONTEXT *)Buffer; // // This function may be called twice for each Cpu. Only run InitializeSeparateExceptionStacks @@ -545,7 +555,7 @@ InitializeMpExceptionStackSwitchHandlers ( Status = MpInitLibGetNumberOfProcessors (&NumberOfProcessors, NULL); if (EFI_ERROR (Status)) { ASSERT_EFI_ERROR (Status); - DEBUG ((DEBUG_ERROR, "%a - Failed to get number of processors. Status = %r\n", __FUNCTION__, Status)); + DEBUG ((DEBUG_ERROR, "%a - Failed to get number of processors. Status = %r\n", __func__, Status)); return; } @@ -555,7 +565,7 @@ InitializeMpExceptionStackSwitchHandlers ( // MU_CHANGE [BEGIN] - CodeQL change if (SwitchStackData == NULL) { ASSERT (SwitchStackData != NULL); - DEBUG ((DEBUG_ERROR, "%a - Failed to allocate Switch Stack pages.\n", __FUNCTION__)); + DEBUG ((DEBUG_ERROR, "%a - Failed to allocate Switch Stack pages.\n", __func__)); return; } @@ -592,7 +602,7 @@ InitializeMpExceptionStackSwitchHandlers ( // MU_CHANGE [BEGIN] - CodeQL change if (Buffer == NULL) { ASSERT (Buffer != NULL); - DEBUG ((DEBUG_ERROR, "%a - Failed to allocate Buffer pages.\n", __FUNCTION__)); + DEBUG ((DEBUG_ERROR, "%a - Failed to allocate Buffer pages.\n", __func__)); return; } diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.h b/UefiCpuPkg/CpuMpPei/CpuMpPei.h index a3946d4540..c122c860bf 100644 --- a/UefiCpuPkg/CpuMpPei/CpuMpPei.h +++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.h @@ -28,6 +28,7 @@ #include #include #include +#include // MU_CHANGE extern EFI_PEI_PPI_DESCRIPTOR mPeiCpuMpPpiDesc; diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.inf b/UefiCpuPkg/CpuMpPei/CpuMpPei.inf index 36d7f92511..6407ac0551 100644 --- a/UefiCpuPkg/CpuMpPei/CpuMpPei.inf +++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.inf @@ -46,6 +46,7 @@ BaseMemoryLib CpuLib MemoryAllocationLib + PanicLib ## MU_CHANGE [Guids] gEdkiiMigratedFvInfoGuid ## SOMETIMES_CONSUMES ## HOB diff --git a/UefiCpuPkg/CpuMpPei/CpuPaging.c b/UefiCpuPkg/CpuMpPei/CpuPaging.c index c7b76355a7..19b65dacc8 100644 --- a/UefiCpuPkg/CpuMpPei/CpuPaging.c +++ b/UefiCpuPkg/CpuMpPei/CpuPaging.c @@ -551,7 +551,14 @@ SetupStackGuardPage ( Status = MpInitLibGetNumberOfProcessors (&NumberOfProcessors, NULL); ASSERT_EFI_ERROR (Status); if (!EFI_ERROR (Status)) { - MpInitLibWhoAmI (&Bsp); + // MU_CHANGE [BEGIN] - CodeQL change + Status = MpInitLibWhoAmI (&Bsp); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get processor number. Aborting Stack Guard Page setup.\n", __func__)); + return; + } + + // MU_CHANGE [END] - CodeQL change for (Index = 0; Index < NumberOfProcessors; ++Index) { StackBase = 0; diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c index 362c69fbf3..ea24566316 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c @@ -611,8 +611,17 @@ RelocateApLoop ( ASM_RELOCATE_AP_LOOP AsmRelocateApLoopFunc; UINTN ProcessorNumber; UINTN StackStart; + EFI_STATUS Status; // MU_CHANGE - CodeQL change - MpInitLibWhoAmI (&ProcessorNumber); + // MU_CHANGE [START] - CodeQL change + Status = MpInitLibWhoAmI (&ProcessorNumber); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get processor number. Aborting AP sync.\n", __func__)); + return; + } + + // MU_CHANGE [END] - CodeQL change CpuMpData = GetCpuMpData (); MwaitSupport = IsMwaitSupport (); if (CpuMpData->UseSevEsAPMethod) { diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpInitLib/MpLib.c index 28ddecded8..f4ddab0228 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -1565,6 +1565,14 @@ ResetProcessorToIdleState ( CpuMpData = GetCpuMpData (); + // MU_CHANGE [BEGIN] - CodeQL change + if (CpuMpData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get CpuMpData. Aborting the AP reset to idle.\n", __func__)); + return; + } + + // MU_CHANGE [END] - CodeQL change + CpuMpData->InitFlag = ApInitReconfig; WakeUpAP (CpuMpData, FALSE, ProcessorNumber, NULL, NULL, TRUE); while (CpuMpData->FinishedCount < 1) { @@ -1597,6 +1605,14 @@ GetNextWaitingProcessorNumber ( CpuMpData = GetCpuMpData (); + // MU_CHANGE [BEGIN] - CodeQL change + if (CpuMpData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get CpuMpData.\n", __func__)); + return EFI_LOAD_ERROR; + } + + // MU_CHANGE [END] - CodeQL change + for (ProcessorNumber = 0; ProcessorNumber < CpuMpData->CpuCount; ProcessorNumber++) { if (CpuMpData->CpuData[ProcessorNumber].Waiting) { *NextProcessorNumber = ProcessorNumber; @@ -1627,7 +1643,16 @@ CheckThisAP ( CPU_AP_DATA *CpuData; CpuMpData = GetCpuMpData (); - CpuData = &CpuMpData->CpuData[ProcessorNumber]; + + // MU_CHANGE [BEGIN] - CodeQL change + if (CpuMpData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get CpuMpData.\n", __func__)); + return EFI_LOAD_ERROR; + } + + // MU_CHANGE [END] - CodeQL change + + CpuData = &CpuMpData->CpuData[ProcessorNumber]; // // Check the CPU state of AP. If it is CpuStateIdle, then the AP has finished its task. @@ -1689,6 +1714,14 @@ CheckAllAPs ( CpuMpData = GetCpuMpData (); + // MU_CHANGE [BEGIN] - CodeQL change + if (CpuMpData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get CpuMpData.\n", __func__)); + return EFI_LOAD_ERROR; + } + + // MU_CHANGE [END] - CodeQL change + NextProcessorNumber = 0; // @@ -2126,8 +2159,18 @@ MpInitLibGetProcessorInfo ( UINTN CallerNumber; CPU_INFO_IN_HOB *CpuInfoInHob; UINTN OriginalProcessorNumber; + EFI_STATUS Status; // MU_CHANGE - CodeQL change + + CpuMpData = GetCpuMpData (); + + // MU_CHANGE [BEGIN] - CodeQL change + if (CpuMpData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get CpuMpData.\n", __func__)); + return EFI_LOAD_ERROR; + } + + // MU_CHANGE [END] - CodeQL change - CpuMpData = GetCpuMpData (); CpuInfoInHob = (CPU_INFO_IN_HOB *)(UINTN)CpuMpData->CpuInfoInHob; // @@ -2136,10 +2179,19 @@ MpInitLibGetProcessorInfo ( OriginalProcessorNumber = ProcessorNumber; ProcessorNumber &= BIT24 - 1; + // MU_CHANGE [BEGIN] - CodeQL change // // Check whether caller processor is BSP // - MpInitLibWhoAmI (&CallerNumber); + Status = MpInitLibWhoAmI (&CallerNumber); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get processor number. Failed to get MpInit Processor info.\n", __func__)); + return Status; + } + + // MU_CHANGE [END] - CodeQL change + if (CallerNumber != CpuMpData->BspNumber) { return EFI_DEVICE_ERROR; } @@ -2220,6 +2272,7 @@ SwitchBSPWorker ( MSR_IA32_APIC_BASE_REGISTER ApicBaseMsr; BOOLEAN OldInterruptState; BOOLEAN OldTimerInterruptState; + EFI_STATUS Status; // MU_CHANGE - CodeQL change // // Save and Disable Local APIC timer interrupt @@ -2242,10 +2295,27 @@ SwitchBSPWorker ( CpuMpData = GetCpuMpData (); + // MU_CHANGE [BEGIN] - CodeQL change + if (CpuMpData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get CpuMpData.\n", __func__)); + return EFI_LOAD_ERROR; + } + + // MU_CHANGE [END] - CodeQL change + + // MU_CHANGE [START] - CodeQL change // // Check whether caller processor is BSP // - MpInitLibWhoAmI (&CallerNumber); + Status = MpInitLibWhoAmI (&CallerNumber); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get processor number. Failed to get MpInit Processor info.\n", __func__)); + return Status; + } + + // MU_CHANGE [END] - CodeQL change + if (CallerNumber != CpuMpData->BspNumber) { return EFI_DEVICE_ERROR; } @@ -2365,13 +2435,30 @@ EnableDisableApWorker ( { CPU_MP_DATA *CpuMpData; UINTN CallerNumber; + EFI_STATUS Status; // MU_CHANGE - CodeQL change CpuMpData = GetCpuMpData (); + // MU_CHANGE [BEGIN] - CodeQL change + if (CpuMpData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get CpuMpData.\n", __func__)); + return EFI_LOAD_ERROR; + } + + // MU_CHANGE [END] - CodeQL change + + // MU_CHANGE [START] - CodeQL change // // Check whether caller processor is BSP // - MpInitLibWhoAmI (&CallerNumber); + Status = MpInitLibWhoAmI (&CallerNumber); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get processor number. Failed to get MpInit Processor info.\n", __func__)); + return Status; + } + + // MU_CHANGE [END] - CodeQL change if (CallerNumber != CpuMpData->BspNumber) { return EFI_DEVICE_ERROR; } @@ -2428,6 +2515,14 @@ MpInitLibWhoAmI ( CpuMpData = GetCpuMpData (); + // MU_CHANGE [BEGIN] - CodeQL change + if (CpuMpData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get CpuMpData.\n", __func__)); + return EFI_LOAD_ERROR; + } + + // MU_CHANGE [END] - CodeQL change + return GetProcessorNumber (CpuMpData, ProcessorNumber); } @@ -2463,17 +2558,35 @@ MpInitLibGetNumberOfProcessors ( UINTN ProcessorNumber; UINTN EnabledProcessorNumber; UINTN Index; + EFI_STATUS Status; // MU_CHANGE - CodeQL change CpuMpData = GetCpuMpData (); + // MU_CHANGE [BEGIN] - CodeQL change + if (CpuMpData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get CpuMpData.\n", __func__)); + return EFI_LOAD_ERROR; + } + + // MU_CHANGE [END] - CodeQL change + if ((NumberOfProcessors == NULL) && (NumberOfEnabledProcessors == NULL)) { return EFI_INVALID_PARAMETER; } + // MU_CHANGE [START] - CodeQL change // // Check whether caller processor is BSP // - MpInitLibWhoAmI (&CallerNumber); + Status = MpInitLibWhoAmI (&CallerNumber); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get processor number. Failed to get MpInit Processor info.\n", __func__)); + return Status; + } + + // MU_CHANGE [END] - CodeQL change + if (CallerNumber != CpuMpData->BspNumber) { return EFI_DEVICE_ERROR; } @@ -2555,6 +2668,14 @@ StartupAllCPUsWorker ( *FailedCpuList = NULL; } + // MU_CHANGE [BEGIN] - CodeQL change + if (CpuMpData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get CpuMpData.\n", __func__)); + return EFI_LOAD_ERROR; + } + + // MU_CHANGE [END] - CodeQL change + if ((CpuMpData->CpuCount == 1) && ExcludeBsp) { return EFI_NOT_STARTED; } @@ -2563,10 +2684,18 @@ StartupAllCPUsWorker ( return EFI_INVALID_PARAMETER; } + // MU_CHANGE [START] - CodeQL change // // Check whether caller processor is BSP // - MpInitLibWhoAmI (&CallerNumber); + Status = MpInitLibWhoAmI (&CallerNumber); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get processor number. Failed to get MpInit Processor info.\n", __func__)); + return Status; + } + + // MU_CHANGE [END] - CodeQL change if (CallerNumber != CpuMpData->BspNumber) { return EFI_DEVICE_ERROR; } @@ -2708,10 +2837,26 @@ StartupThisAPWorker ( *Finished = FALSE; } + // MU_CHANGE [BEGIN] - CodeQL change + if (CpuMpData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get CpuMpData.\n", __func__)); + return EFI_LOAD_ERROR; + } + + // MU_CHANGE [END] - CodeQL change + + // MU_CHANGE [START] - CodeQL change // // Check whether caller processor is BSP // - MpInitLibWhoAmI (&CallerNumber); + Status = MpInitLibWhoAmI (&CallerNumber); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get processor number. Failed to get MpInit Processor info.\n", __func__)); + return Status; + } + + // MU_CHANGE [END] - CodeQL change if (CallerNumber != CpuMpData->BspNumber) { return EFI_DEVICE_ERROR; } diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpLib.c b/UefiCpuPkg/Library/MpInitLib/PeiMpLib.c index 89ea0956f0..0ecfb66f72 100644 --- a/UefiCpuPkg/Library/MpInitLib/PeiMpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/PeiMpLib.c @@ -86,6 +86,14 @@ NotifyOnS3SmmInitDonePpi ( CpuMpData = GetCpuMpData (); + // MU_CHANGE [BEGIN] - CodeQL change + if (CpuMpData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get CpuMpData.\n", __func__)); + return EFI_LOAD_ERROR; + } + + // MU_CHANGE [END] - CodeQL change + // // PiSmmCpuDxeSmm driver hardcode change the loop mode to HLT mode. // So in this notify function, code need to check the current loop @@ -375,6 +383,14 @@ CheckAndUpdateApsStatus ( CpuMpData = GetCpuMpData (); + // MU_CHANGE [BEGIN] - CodeQL change + if (CpuMpData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get CpuMpData. Aborting AP checkup and update.\n", __func__)); + return; + } + + // MU_CHANGE [END] - CodeQL change + // // check whether pending StartupThisAPs() callings exist. // diff --git a/UefiCpuPkg/UefiCpuPkg.dsc b/UefiCpuPkg/UefiCpuPkg.dsc index 4d895a794b..a085c44048 100644 --- a/UefiCpuPkg/UefiCpuPkg.dsc +++ b/UefiCpuPkg/UefiCpuPkg.dsc @@ -86,6 +86,8 @@ MmMemoryProtectionHobLib|MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf DeviceStateLib|MdeModulePkg/Library/DeviceStateLib/DeviceStateLib.inf BaseBinSecurityLib|MdePkg/Library/BaseBinSecurityLibNull/BaseBinSecurityLibNull.inf + + PanicLib|MdePkg/Library/BasePanicLibNull/BasePanicLibNull.inf # MU_CHANGE [LibraryClasses.X64, LibraryClasses.IA32] HwResetSystemLib|MdeModulePkg/Library/BaseResetSystemLibNull/BaseResetSystemLibNull.inf !if $(TOOL_CHAIN_TAG) == VS2019 or $(TOOL_CHAIN_TAG) == VS2022