From 1f32c267225e34873d69a89be2e5d7bec86fad7c Mon Sep 17 00:00:00 2001 From: kenlautner <85201046+kenlautner@users.noreply.github.com> Date: Mon, 23 Oct 2023 09:21:51 -0700 Subject: [PATCH] MdeModulePkg and UefiCpuPkg CodeQL Fixes (#561) ## Description CodeQL fixes for MpLib, PeiMpLib and DxeMpLib. This includes their related files. - [ ] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [ ] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... ## How This Was Tested Tested on Intel physical devices. I was able to build and boot without any problems. ## Integration Instructions N/A --- MdeModulePkg/MdeModulePkg.dsc | 2 + MdeModulePkg/Universal/PCD/Pei/Pcd.c | 18 +- MdeModulePkg/Universal/PCD/Pei/Service.c | 35 +++- .../Universal/ResetSystemPei/ResetSystem.c | 11 ++ .../Universal/ResetSystemPei/ResetSystem.h | 1 + .../ResetSystemPei/ResetSystemPei.inf | 1 + UefiCpuPkg/CpuDxe/CpuDxe.inf | 1 + UefiCpuPkg/CpuDxe/CpuMp.c | 11 +- UefiCpuPkg/CpuDxe/CpuPageTable.c | 30 +++- UefiCpuPkg/CpuMpPei/CpuMpPei.c | 18 +- UefiCpuPkg/CpuMpPei/CpuMpPei.h | 1 + UefiCpuPkg/CpuMpPei/CpuMpPei.inf | 1 + UefiCpuPkg/CpuMpPei/CpuPaging.c | 9 +- UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 11 +- UefiCpuPkg/Library/MpInitLib/MpLib.c | 161 +++++++++++++++++- UefiCpuPkg/Library/MpInitLib/PeiMpLib.c | 16 ++ UefiCpuPkg/UefiCpuPkg.dsc | 2 + 17 files changed, 306 insertions(+), 23 deletions(-) diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc index 876860f273..6b32e3183e 100644 --- a/MdeModulePkg/MdeModulePkg.dsc +++ b/MdeModulePkg/MdeModulePkg.dsc @@ -120,6 +120,8 @@ MmuLib|MdePkg/Library/BaseMmuLibNull/BaseMmuLibNull.inf ## MU_CHANGE + PanicLib|MdePkg/Library/BasePanicLibNull/BasePanicLibNull.inf # MU_CHANGE + # MU_CHANGE START Include MemoryProtectionHobLib [LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.DXE_CORE, LibraryClasses.common.UEFI_APPLICATION] DxeMemoryProtectionHobLib|MdeModulePkg/Library/MemoryProtectionHobLib/DxeMemoryProtectionHobLib.inf diff --git a/MdeModulePkg/Universal/PCD/Pei/Pcd.c b/MdeModulePkg/Universal/PCD/Pei/Pcd.c index 2ade1aa44c..69b9f67810 100644 --- a/MdeModulePkg/Universal/PCD/Pei/Pcd.c +++ b/MdeModulePkg/Universal/PCD/Pei/Pcd.c @@ -172,7 +172,15 @@ PcdSetNvStoreDefaultIdCallBack ( // NvStoreBuffer = (VARIABLE_STORE_HEADER *)((UINT8 *)DataHeader + sizeof (DataHeader->DataSize) + DataHeader->HeaderSize); VarStoreHobData = (UINT8 *)BuildGuidHob (&NvStoreBuffer->Signature, NvStoreBuffer->Size); - ASSERT (VarStoreHobData != NULL); + // MU_CHANGE [BEGIN] - CodeQL change + if (VarStoreHobData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed build NV Store guid hob.\n", __func__)); + ASSERT (VarStoreHobData != NULL); + return; + } + + // MU_CHANGE [END] - CodeQL change + CopyMem (VarStoreHobData, NvStoreBuffer, NvStoreBuffer->Size); // // Find the matched SkuId and DefaultId in the first section @@ -316,6 +324,14 @@ EndOfPeiSignalPpiNotifyCallback ( if (PcdDb != NULL) { Length = PeiPcdDb->LengthForAllSkus; Database = BuildGuidHob (&gPcdDataBaseHobGuid, Length); + // MU_CHANGE [BEGIN] - CodeQL change + if (Database == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to build PCD guid hob.\n", __func__)); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE [END] - CodeQL change + CopyMem (Database, PcdDb, Length); } diff --git a/MdeModulePkg/Universal/PCD/Pei/Service.c b/MdeModulePkg/Universal/PCD/Pei/Service.c index a8860e6008..370c5340c4 100644 --- a/MdeModulePkg/Universal/PCD/Pei/Service.c +++ b/MdeModulePkg/Universal/PCD/Pei/Service.c @@ -428,6 +428,7 @@ BuildPcdDatabase ( IN EFI_PEI_FILE_HANDLE FileHandle ) { + VOID *Hob; // MU_CHANGE - CodeQL change PEI_PCD_DATABASE *Database; PEI_PCD_DATABASE *PeiPcdDbBinary; VOID *CallbackFnTable; @@ -438,9 +439,31 @@ BuildPcdDatabase ( // PeiPcdDbBinary = LocateExPcdBinary (FileHandle); - ASSERT (PeiPcdDbBinary != NULL); + // MU_CHANGE [BEGIN] - CodeQL change + if (PeiPcdDbBinary == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed To locate the Pcd Db binary.\n", __func__)); + ASSERT (PeiPcdDbBinary != NULL); + return NULL; + } - Database = BuildGuidHob (&gPcdDataBaseHobGuid, PeiPcdDbBinary->Length + PeiPcdDbBinary->UninitDataBaseSize); + // MU_CHANGE [END] - CodeQL change + + // MU_CHANGE [BEGIN] - CodeQL change + // Check to see if the Hob already exists because we can error out of this function when + // creating the CallbackFnTable Hob and call into this function again. + Hob = GetFirstGuidHob (&gPcdDataBaseHobGuid); + if (Hob == NULL) { + Database = BuildGuidHob (&gPcdDataBaseHobGuid, PeiPcdDbBinary->Length + PeiPcdDbBinary->UninitDataBaseSize); + } else { + Database = (PEI_PCD_DATABASE *)GET_GUID_HOB_DATA (Hob); + } + + if (Database == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to build the PCD Database guid hob.\n", __func__)); + return NULL; + } + + // MU_CHANGE [END] - CodeQL change ZeroMem (Database, PeiPcdDbBinary->Length + PeiPcdDbBinary->UninitDataBaseSize); @@ -453,6 +476,14 @@ BuildPcdDatabase ( CallbackFnTable = BuildGuidHob (&gEfiCallerIdGuid, SizeOfCallbackFnTable); + // MU_CHANGE [BEGIN] - CodeQL change + if (CallbackFnTable == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to build the CallbackFnTable guid hob.\n", __func__)); + return NULL; + } + + // MU_CHANGE [END] - CodeQL change + ZeroMem (CallbackFnTable, SizeOfCallbackFnTable); return Database; diff --git a/MdeModulePkg/Universal/ResetSystemPei/ResetSystem.c b/MdeModulePkg/Universal/ResetSystemPei/ResetSystem.c index 6e7693fcad..0c7489e673 100644 --- a/MdeModulePkg/Universal/ResetSystemPei/ResetSystem.c +++ b/MdeModulePkg/Universal/ResetSystemPei/ResetSystem.c @@ -300,6 +300,16 @@ ResetSystem2 ( RecursionDepthPointer = (UINT8 *)GET_GUID_HOB_DATA (Hob); } + // MU_CHANGE [BEGIN] - CodeQL change + if (RecursionDepthPointer == NULL) { + // Critical build failure so Panicking + PANIC ("Failed to build or get the RecursionDepthPointer Hob"); + // Reset anyway if we can't get the RecursionDepthPointer + goto Done; + } + + // MU_CHANGE [END] - CodeQL change + // // Only do REPORT_STATUS_CODE() on first call to ResetSystem() // @@ -338,6 +348,7 @@ ResetSystem2 ( DEBUG ((DEBUG_ERROR, "PEI ResetSystem2: Maximum reset call depth is met. Use the current reset type: %s!\n", mResetTypeStr[ResetType])); } +Done: switch (ResetType) { case EfiResetWarm: ResetWarm (); diff --git a/MdeModulePkg/Universal/ResetSystemPei/ResetSystem.h b/MdeModulePkg/Universal/ResetSystemPei/ResetSystem.h index a04e4840e6..f2e126b5bb 100644 --- a/MdeModulePkg/Universal/ResetSystemPei/ResetSystem.h +++ b/MdeModulePkg/Universal/ResetSystemPei/ResetSystem.h @@ -24,6 +24,7 @@ #include #include #include +#include // MU_CHANGE // // The maximum recursion depth to ResetSystem() by reset notification handlers diff --git a/MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf b/MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf index 810b568f87..7b65ac95ae 100644 --- a/MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf +++ b/MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf @@ -40,6 +40,7 @@ PeimEntryPoint HwResetSystemLib ## MS_CHANGE - Use HW reset from reset arch providers. ReportStatusCodeLib + PanicLib ## MU_CHANGE [Ppis] gEfiPeiReset2PpiGuid ## PRODUCES diff --git a/UefiCpuPkg/CpuDxe/CpuDxe.inf b/UefiCpuPkg/CpuDxe/CpuDxe.inf index bebd83ae12..dfc41ae353 100644 --- a/UefiCpuPkg/CpuDxe/CpuDxe.inf +++ b/UefiCpuPkg/CpuDxe/CpuDxe.inf @@ -42,6 +42,7 @@ PeCoffGetEntryPointLib DxeMemoryProtectionHobLib ## MU_CHANGE DeviceStateLib ## MU_CHANGE + PanicLib ## MU_CHANGE [Sources] CpuDxe.c diff --git a/UefiCpuPkg/CpuDxe/CpuMp.c b/UefiCpuPkg/CpuDxe/CpuMp.c index ab8382b36b..c4a0b0dcb2 100644 --- a/UefiCpuPkg/CpuDxe/CpuMp.c +++ b/UefiCpuPkg/CpuDxe/CpuMp.c @@ -622,8 +622,17 @@ InitializeExceptionStackSwitchHandlers ( { EXCEPTION_STACK_SWITCH_CONTEXT *SwitchStackData; UINTN Index; + EFI_STATUS Status; // MU_CHANGE - CodeQL change - MpInitLibWhoAmI (&Index); + // MU_CHANGE [START] - CodeQL change + Status = MpInitLibWhoAmI (&Index); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get processor number. The exception stack was not initialized.\n", __func__)); + return; + } + + // MU_CHANGE [END] - CodeQL change SwitchStackData = (EXCEPTION_STACK_SWITCH_CONTEXT *)Buffer; // // This may be called twice for each Cpu. Only run InitializeSeparateExceptionStacks diff --git a/UefiCpuPkg/CpuDxe/CpuPageTable.c b/UefiCpuPkg/CpuDxe/CpuPageTable.c index eabf1e8ee7..d386ff490f 100644 --- a/UefiCpuPkg/CpuDxe/CpuPageTable.c +++ b/UefiCpuPkg/CpuDxe/CpuPageTable.c @@ -14,6 +14,7 @@ #include #include #include +#include // MU_CHANGE #include #include #include @@ -1258,11 +1259,20 @@ DebugExceptionHandler ( IN EFI_SYSTEM_CONTEXT SystemContext ) { - UINTN CpuIndex; - UINTN PFEntry; - BOOLEAN IsWpEnabled; + UINTN CpuIndex; + UINTN PFEntry; + BOOLEAN IsWpEnabled; + EFI_STATUS Status; // MU_CHANGE - CodeQL change - MpInitLibWhoAmI (&CpuIndex); + // MU_CHANGE [START] - CodeQL change + Status = MpInitLibWhoAmI (&CpuIndex); + + if (EFI_ERROR (Status)) { + PANIC ("Failed to get processor number in the DebugExceptionHandler"); + goto Done; + } + + // MU_CHANGE [END] - CodeQL change // // Clear last PF entries @@ -1287,6 +1297,7 @@ DebugExceptionHandler ( // mPFEntryCount[CpuIndex] = 0; +Done: // // Flush TLB // @@ -1337,7 +1348,15 @@ PageFaultExceptionHandler ( } if (NonStopMode) { - MpInitLibWhoAmI (&CpuIndex); + // MU_CHANGE [START] - CodeQL change + Status = MpInitLibWhoAmI (&CpuIndex); + + if (EFI_ERROR (Status)) { + PANIC ("Failed to get processor number in the PageFaultExceptionHandler"); + goto Done; + } + + // MU_CHANGE [END] - CodeQL change GetCurrentPagingContext (&PagingContext); // // Memory operation cross page boundary, like "rep mov" instruction, will @@ -1378,6 +1397,7 @@ PageFaultExceptionHandler ( } } +Done: // // Initialize the serial port before dumping. // diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.c b/UefiCpuPkg/CpuMpPei/CpuMpPei.c index ad1a11c0c0..0ef65fe887 100644 --- a/UefiCpuPkg/CpuMpPei/CpuMpPei.c +++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.c @@ -504,8 +504,18 @@ InitializeExceptionStackSwitchHandlers ( { EXCEPTION_STACK_SWITCH_CONTEXT *SwitchStackData; UINTN Index; + EFI_STATUS Status; // MU_CHANGE - CodeQL change + + Status = MpInitLibWhoAmI (&Index); + + // MU_CHANGE [BEGIN] - CodeQL change + if (EFI_ERROR (Status)) { + PANIC ("Failed to get processor number when initializing the stack switch exception handlers."); + return; + } + + // MU_CHANGE [END] - CodeQL change - MpInitLibWhoAmI (&Index); SwitchStackData = (EXCEPTION_STACK_SWITCH_CONTEXT *)Buffer; // // This function may be called twice for each Cpu. Only run InitializeSeparateExceptionStacks @@ -545,7 +555,7 @@ InitializeMpExceptionStackSwitchHandlers ( Status = MpInitLibGetNumberOfProcessors (&NumberOfProcessors, NULL); if (EFI_ERROR (Status)) { ASSERT_EFI_ERROR (Status); - DEBUG ((DEBUG_ERROR, "%a - Failed to get number of processors. Status = %r\n", __FUNCTION__, Status)); + DEBUG ((DEBUG_ERROR, "%a - Failed to get number of processors. Status = %r\n", __func__, Status)); return; } @@ -555,7 +565,7 @@ InitializeMpExceptionStackSwitchHandlers ( // MU_CHANGE [BEGIN] - CodeQL change if (SwitchStackData == NULL) { ASSERT (SwitchStackData != NULL); - DEBUG ((DEBUG_ERROR, "%a - Failed to allocate Switch Stack pages.\n", __FUNCTION__)); + DEBUG ((DEBUG_ERROR, "%a - Failed to allocate Switch Stack pages.\n", __func__)); return; } @@ -592,7 +602,7 @@ InitializeMpExceptionStackSwitchHandlers ( // MU_CHANGE [BEGIN] - CodeQL change if (Buffer == NULL) { ASSERT (Buffer != NULL); - DEBUG ((DEBUG_ERROR, "%a - Failed to allocate Buffer pages.\n", __FUNCTION__)); + DEBUG ((DEBUG_ERROR, "%a - Failed to allocate Buffer pages.\n", __func__)); return; } diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.h b/UefiCpuPkg/CpuMpPei/CpuMpPei.h index a3946d4540..c122c860bf 100644 --- a/UefiCpuPkg/CpuMpPei/CpuMpPei.h +++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.h @@ -28,6 +28,7 @@ #include #include #include +#include // MU_CHANGE extern EFI_PEI_PPI_DESCRIPTOR mPeiCpuMpPpiDesc; diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.inf b/UefiCpuPkg/CpuMpPei/CpuMpPei.inf index 36d7f92511..6407ac0551 100644 --- a/UefiCpuPkg/CpuMpPei/CpuMpPei.inf +++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.inf @@ -46,6 +46,7 @@ BaseMemoryLib CpuLib MemoryAllocationLib + PanicLib ## MU_CHANGE [Guids] gEdkiiMigratedFvInfoGuid ## SOMETIMES_CONSUMES ## HOB diff --git a/UefiCpuPkg/CpuMpPei/CpuPaging.c b/UefiCpuPkg/CpuMpPei/CpuPaging.c index c7b76355a7..19b65dacc8 100644 --- a/UefiCpuPkg/CpuMpPei/CpuPaging.c +++ b/UefiCpuPkg/CpuMpPei/CpuPaging.c @@ -551,7 +551,14 @@ SetupStackGuardPage ( Status = MpInitLibGetNumberOfProcessors (&NumberOfProcessors, NULL); ASSERT_EFI_ERROR (Status); if (!EFI_ERROR (Status)) { - MpInitLibWhoAmI (&Bsp); + // MU_CHANGE [BEGIN] - CodeQL change + Status = MpInitLibWhoAmI (&Bsp); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get processor number. Aborting Stack Guard Page setup.\n", __func__)); + return; + } + + // MU_CHANGE [END] - CodeQL change for (Index = 0; Index < NumberOfProcessors; ++Index) { StackBase = 0; diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c index 362c69fbf3..ea24566316 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c @@ -611,8 +611,17 @@ RelocateApLoop ( ASM_RELOCATE_AP_LOOP AsmRelocateApLoopFunc; UINTN ProcessorNumber; UINTN StackStart; + EFI_STATUS Status; // MU_CHANGE - CodeQL change - MpInitLibWhoAmI (&ProcessorNumber); + // MU_CHANGE [START] - CodeQL change + Status = MpInitLibWhoAmI (&ProcessorNumber); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get processor number. Aborting AP sync.\n", __func__)); + return; + } + + // MU_CHANGE [END] - CodeQL change CpuMpData = GetCpuMpData (); MwaitSupport = IsMwaitSupport (); if (CpuMpData->UseSevEsAPMethod) { diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpInitLib/MpLib.c index 28ddecded8..f4ddab0228 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -1565,6 +1565,14 @@ ResetProcessorToIdleState ( CpuMpData = GetCpuMpData (); + // MU_CHANGE [BEGIN] - CodeQL change + if (CpuMpData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get CpuMpData. Aborting the AP reset to idle.\n", __func__)); + return; + } + + // MU_CHANGE [END] - CodeQL change + CpuMpData->InitFlag = ApInitReconfig; WakeUpAP (CpuMpData, FALSE, ProcessorNumber, NULL, NULL, TRUE); while (CpuMpData->FinishedCount < 1) { @@ -1597,6 +1605,14 @@ GetNextWaitingProcessorNumber ( CpuMpData = GetCpuMpData (); + // MU_CHANGE [BEGIN] - CodeQL change + if (CpuMpData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get CpuMpData.\n", __func__)); + return EFI_LOAD_ERROR; + } + + // MU_CHANGE [END] - CodeQL change + for (ProcessorNumber = 0; ProcessorNumber < CpuMpData->CpuCount; ProcessorNumber++) { if (CpuMpData->CpuData[ProcessorNumber].Waiting) { *NextProcessorNumber = ProcessorNumber; @@ -1627,7 +1643,16 @@ CheckThisAP ( CPU_AP_DATA *CpuData; CpuMpData = GetCpuMpData (); - CpuData = &CpuMpData->CpuData[ProcessorNumber]; + + // MU_CHANGE [BEGIN] - CodeQL change + if (CpuMpData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get CpuMpData.\n", __func__)); + return EFI_LOAD_ERROR; + } + + // MU_CHANGE [END] - CodeQL change + + CpuData = &CpuMpData->CpuData[ProcessorNumber]; // // Check the CPU state of AP. If it is CpuStateIdle, then the AP has finished its task. @@ -1689,6 +1714,14 @@ CheckAllAPs ( CpuMpData = GetCpuMpData (); + // MU_CHANGE [BEGIN] - CodeQL change + if (CpuMpData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get CpuMpData.\n", __func__)); + return EFI_LOAD_ERROR; + } + + // MU_CHANGE [END] - CodeQL change + NextProcessorNumber = 0; // @@ -2126,8 +2159,18 @@ MpInitLibGetProcessorInfo ( UINTN CallerNumber; CPU_INFO_IN_HOB *CpuInfoInHob; UINTN OriginalProcessorNumber; + EFI_STATUS Status; // MU_CHANGE - CodeQL change + + CpuMpData = GetCpuMpData (); + + // MU_CHANGE [BEGIN] - CodeQL change + if (CpuMpData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get CpuMpData.\n", __func__)); + return EFI_LOAD_ERROR; + } + + // MU_CHANGE [END] - CodeQL change - CpuMpData = GetCpuMpData (); CpuInfoInHob = (CPU_INFO_IN_HOB *)(UINTN)CpuMpData->CpuInfoInHob; // @@ -2136,10 +2179,19 @@ MpInitLibGetProcessorInfo ( OriginalProcessorNumber = ProcessorNumber; ProcessorNumber &= BIT24 - 1; + // MU_CHANGE [BEGIN] - CodeQL change // // Check whether caller processor is BSP // - MpInitLibWhoAmI (&CallerNumber); + Status = MpInitLibWhoAmI (&CallerNumber); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get processor number. Failed to get MpInit Processor info.\n", __func__)); + return Status; + } + + // MU_CHANGE [END] - CodeQL change + if (CallerNumber != CpuMpData->BspNumber) { return EFI_DEVICE_ERROR; } @@ -2220,6 +2272,7 @@ SwitchBSPWorker ( MSR_IA32_APIC_BASE_REGISTER ApicBaseMsr; BOOLEAN OldInterruptState; BOOLEAN OldTimerInterruptState; + EFI_STATUS Status; // MU_CHANGE - CodeQL change // // Save and Disable Local APIC timer interrupt @@ -2242,10 +2295,27 @@ SwitchBSPWorker ( CpuMpData = GetCpuMpData (); + // MU_CHANGE [BEGIN] - CodeQL change + if (CpuMpData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get CpuMpData.\n", __func__)); + return EFI_LOAD_ERROR; + } + + // MU_CHANGE [END] - CodeQL change + + // MU_CHANGE [START] - CodeQL change // // Check whether caller processor is BSP // - MpInitLibWhoAmI (&CallerNumber); + Status = MpInitLibWhoAmI (&CallerNumber); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get processor number. Failed to get MpInit Processor info.\n", __func__)); + return Status; + } + + // MU_CHANGE [END] - CodeQL change + if (CallerNumber != CpuMpData->BspNumber) { return EFI_DEVICE_ERROR; } @@ -2365,13 +2435,30 @@ EnableDisableApWorker ( { CPU_MP_DATA *CpuMpData; UINTN CallerNumber; + EFI_STATUS Status; // MU_CHANGE - CodeQL change CpuMpData = GetCpuMpData (); + // MU_CHANGE [BEGIN] - CodeQL change + if (CpuMpData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get CpuMpData.\n", __func__)); + return EFI_LOAD_ERROR; + } + + // MU_CHANGE [END] - CodeQL change + + // MU_CHANGE [START] - CodeQL change // // Check whether caller processor is BSP // - MpInitLibWhoAmI (&CallerNumber); + Status = MpInitLibWhoAmI (&CallerNumber); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get processor number. Failed to get MpInit Processor info.\n", __func__)); + return Status; + } + + // MU_CHANGE [END] - CodeQL change if (CallerNumber != CpuMpData->BspNumber) { return EFI_DEVICE_ERROR; } @@ -2428,6 +2515,14 @@ MpInitLibWhoAmI ( CpuMpData = GetCpuMpData (); + // MU_CHANGE [BEGIN] - CodeQL change + if (CpuMpData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get CpuMpData.\n", __func__)); + return EFI_LOAD_ERROR; + } + + // MU_CHANGE [END] - CodeQL change + return GetProcessorNumber (CpuMpData, ProcessorNumber); } @@ -2463,17 +2558,35 @@ MpInitLibGetNumberOfProcessors ( UINTN ProcessorNumber; UINTN EnabledProcessorNumber; UINTN Index; + EFI_STATUS Status; // MU_CHANGE - CodeQL change CpuMpData = GetCpuMpData (); + // MU_CHANGE [BEGIN] - CodeQL change + if (CpuMpData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get CpuMpData.\n", __func__)); + return EFI_LOAD_ERROR; + } + + // MU_CHANGE [END] - CodeQL change + if ((NumberOfProcessors == NULL) && (NumberOfEnabledProcessors == NULL)) { return EFI_INVALID_PARAMETER; } + // MU_CHANGE [START] - CodeQL change // // Check whether caller processor is BSP // - MpInitLibWhoAmI (&CallerNumber); + Status = MpInitLibWhoAmI (&CallerNumber); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get processor number. Failed to get MpInit Processor info.\n", __func__)); + return Status; + } + + // MU_CHANGE [END] - CodeQL change + if (CallerNumber != CpuMpData->BspNumber) { return EFI_DEVICE_ERROR; } @@ -2555,6 +2668,14 @@ StartupAllCPUsWorker ( *FailedCpuList = NULL; } + // MU_CHANGE [BEGIN] - CodeQL change + if (CpuMpData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get CpuMpData.\n", __func__)); + return EFI_LOAD_ERROR; + } + + // MU_CHANGE [END] - CodeQL change + if ((CpuMpData->CpuCount == 1) && ExcludeBsp) { return EFI_NOT_STARTED; } @@ -2563,10 +2684,18 @@ StartupAllCPUsWorker ( return EFI_INVALID_PARAMETER; } + // MU_CHANGE [START] - CodeQL change // // Check whether caller processor is BSP // - MpInitLibWhoAmI (&CallerNumber); + Status = MpInitLibWhoAmI (&CallerNumber); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get processor number. Failed to get MpInit Processor info.\n", __func__)); + return Status; + } + + // MU_CHANGE [END] - CodeQL change if (CallerNumber != CpuMpData->BspNumber) { return EFI_DEVICE_ERROR; } @@ -2708,10 +2837,26 @@ StartupThisAPWorker ( *Finished = FALSE; } + // MU_CHANGE [BEGIN] - CodeQL change + if (CpuMpData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get CpuMpData.\n", __func__)); + return EFI_LOAD_ERROR; + } + + // MU_CHANGE [END] - CodeQL change + + // MU_CHANGE [START] - CodeQL change // // Check whether caller processor is BSP // - MpInitLibWhoAmI (&CallerNumber); + Status = MpInitLibWhoAmI (&CallerNumber); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get processor number. Failed to get MpInit Processor info.\n", __func__)); + return Status; + } + + // MU_CHANGE [END] - CodeQL change if (CallerNumber != CpuMpData->BspNumber) { return EFI_DEVICE_ERROR; } diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpLib.c b/UefiCpuPkg/Library/MpInitLib/PeiMpLib.c index 89ea0956f0..0ecfb66f72 100644 --- a/UefiCpuPkg/Library/MpInitLib/PeiMpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/PeiMpLib.c @@ -86,6 +86,14 @@ NotifyOnS3SmmInitDonePpi ( CpuMpData = GetCpuMpData (); + // MU_CHANGE [BEGIN] - CodeQL change + if (CpuMpData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get CpuMpData.\n", __func__)); + return EFI_LOAD_ERROR; + } + + // MU_CHANGE [END] - CodeQL change + // // PiSmmCpuDxeSmm driver hardcode change the loop mode to HLT mode. // So in this notify function, code need to check the current loop @@ -375,6 +383,14 @@ CheckAndUpdateApsStatus ( CpuMpData = GetCpuMpData (); + // MU_CHANGE [BEGIN] - CodeQL change + if (CpuMpData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to get CpuMpData. Aborting AP checkup and update.\n", __func__)); + return; + } + + // MU_CHANGE [END] - CodeQL change + // // check whether pending StartupThisAPs() callings exist. // diff --git a/UefiCpuPkg/UefiCpuPkg.dsc b/UefiCpuPkg/UefiCpuPkg.dsc index 4d895a794b..a085c44048 100644 --- a/UefiCpuPkg/UefiCpuPkg.dsc +++ b/UefiCpuPkg/UefiCpuPkg.dsc @@ -86,6 +86,8 @@ MmMemoryProtectionHobLib|MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf DeviceStateLib|MdeModulePkg/Library/DeviceStateLib/DeviceStateLib.inf BaseBinSecurityLib|MdePkg/Library/BaseBinSecurityLibNull/BaseBinSecurityLibNull.inf + + PanicLib|MdePkg/Library/BasePanicLibNull/BasePanicLibNull.inf # MU_CHANGE [LibraryClasses.X64, LibraryClasses.IA32] HwResetSystemLib|MdeModulePkg/Library/BaseResetSystemLibNull/BaseResetSystemLibNull.inf !if $(TOOL_CHAIN_TAG) == VS2019 or $(TOOL_CHAIN_TAG) == VS2022