From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=Yl6o=LF=lists.denx.de=u-boot-bounces@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-12.3 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1
	autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7C17FC48BE0
	for <u-boot@archiver.kernel.org>; Fri, 11 Jun 2021 17:06:29 +0000 (UTC)
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 57ACC613AD
	for <u-boot@archiver.kernel.org>; Fri, 11 Jun 2021 17:06:28 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 57ACC613AD
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmx.de
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 8932280772;
	Fri, 11 Jun 2021 19:06:25 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=gmx.de
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (1024-bit key; secure) header.d=gmx.net header.i=@gmx.net header.b="H4KzBgPf";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 3264180C96; Fri, 11 Jun 2021 19:06:24 +0200 (CEST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 4A78780772
 for <u-boot@lists.denx.de>; Fri, 11 Jun 2021 19:06:21 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=gmx.de
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=xypron.glpk@gmx.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net;
 s=badeba3b8450; t=1623431167;
 bh=KZ/Kne+8cRbk0iCi40HBjU0BwHz3XJfzU5Na0Xb4hK8=;
 h=X-UI-Sender-Class:Subject:To:Cc:References:From:Date:In-Reply-To;
 b=H4KzBgPf7C8GCBrngWXlW9APu77/bzQwYZK8sk0IMMhcDWTvI0NPelaUlYWhH5k9w
 o4jtGKGybOwW1PkZDQpy3HaQpT12YHYQAcAndiF7QH38pdpvuvSpQbpxH4mJMnqjY8
 gb6vPW5DXNb9W6UFlwuOOn6AxlA1dHqLHxXCTwsw=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [192.168.123.35] ([62.143.247.63]) by mail.gmx.net (mrgmx105
 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MHoRK-1m5Vhh1iZK-00Et4a; Fri, 11
 Jun 2021 19:06:07 +0200
Subject: Re: [PATCH] efi_loader: check update capsule parameters
To: =?UTF-8?Q?Vincent_Stehl=c3=a9?= <vincent.stehle@arm.com>
Cc: Grant Likely <grant.likely@arm.com>, Alexander Graf <agraf@csgraf.de>,
 AKASHI Takahiro <takahiro.akashi@linaro.org>,
 Sughosh Ganu <sughosh.ganu@linaro.org>,
 Ilias Apalodimas <ilias.apalodimas@linaro.org>, u-boot@lists.denx.de
References: <20210611161520.30315-1-vincent.stehle@arm.com>
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
Message-ID: <822ab371-50b8-4279-4f8e-c29621bea7cf@gmx.de>
Date: Fri, 11 Jun 2021 19:06:01 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.10.0
MIME-Version: 1.0
In-Reply-To: <20210611161520.30315-1-vincent.stehle@arm.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:DbIb2Y5SWtf/fCENxmMOIoRwWam3ZkdV/CuVjweMq+u5ZnhUqnf
 oemw84v0Zf3Mu5wFjWEK0saBIzVwByFgjrNyuYck2rXsIRHT/3dnMYPBatTkLS/w0g6SEmi
 PfHRU2/oRAnDwTPj0dFR/yKP1SnKzgD6ZPyQ9wLps8acRHTniRwPo15CaVH6cDXUZTj1U7O
 2DwsFd3dSfMVnWja9c5gw==
X-UI-Out-Filterresults: notjunk:1;V03:K0:AaUC1nam8jM=:YWlEbotkFI2YbE9LfIsZql
 58Ba0MDwwLfALXtTdN+YHsMFJPWBhclKrOzdqMzjlV0pq8aCASfy9HwlERxe6IzBn7IdAkTef
 411bv/2Hf7PIZh2BwNg1PFMRZ5lHCyU2mtXTM3rE+CH1nZZDTPx9SM3W5P0U2zAuE8weMuKt2
 FNKQaee79vYaZaQy0NkhVJDZFRUjQ/UEXRnwXcmBm3ORDu7hfNUuAaE5HPPBlPzQXsa81T4dG
 YC7Q9hl5perrzeGFXeXbygsmnpvte3A7N5HU7QLYVKt4CFZMWXwYTMw7pHx7u5UibjCplhSf2
 gHRe5STBJz+YWCpFJ9RDm5PLvbioZoYxlQH366egq37a7myGSqFM+UAT1VG+6Vzb9waa1fuva
 mhruc1aeRg4Zt7sYYU908ZHXuTx4JcwoSEjz6ZpL8ko2a2oFakVXgYvmb8d4m8DO7DJoBDOdm
 rBLEgdS7J9ZX+fWnONJv/d4rkcO5nKtlytpmboGqae1Rn80Uf0X93WGzRAOzdHQJveHdS66hy
 +MglREt8J1mxJVHMVnLiB7S0yEwBlOEudbr1QTB+S9YX8wvx0kIRh3f4IReiy6Wr6mMssSrCC
 4adGHVEdWZen5Lqc6W4sM0ADw17T702klgk5aWMEAJLx446fgnsPQNNxLG4V90KbCH68udNdy
 JnaiP4/qW+Vs4LC148VLXmyb/CmddOstrBb29mwSVQs+eLS3J6WNQlffb4ayl9J4hEIID3zOg
 X8wuEvAAHwZ/e7o7CVeJn+NJEGgvv344ogMnqk9HazjIgi/o4ZH3y2J4Lt2jakNA04qX3Wc4b
 4GJYXrMM+8QvlSggc5kmrvxBhYQQ06XTuRF9+Waiw1rxNrJyGz1Vr1/+RmMIpEgHCVj7n0Msn
 xSoMrSk1ENK4snXPmxgIgUsmTniENw4ywBgpOJfL3dY/tppdER6/e2KDNKoPHOQ4PZYcFFxbT
 2cAp+Gr7kd1Tat4RcAeaovQqHdCC8eBowIvzet5P4Vv71eBQgspRzdCSWDT5X+zJqe5DOAv9u
 mUyLnwdPPEd4yPRDUzjFLZLyvgffJx0Tn6WXvu2vimjqlCedilK9uuk0+TNGvxurFQNVUX7QG
 YCS3kANZzlKoc/VQwzqHRMSe0LJpUxfF7YK
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de
X-Virus-Status: Clean

Cc: Takahiro, Sughosh, Ilias

On 6/11/21 6:15 PM, Vincent Stehl=C3=A9 wrote:
> UpdateCapsule() must return EFI_INVALID_PARAMETER in a number of cases,
> listed by the UEFI specification and tested by the SCT. Add a common
> function to do that.
>
> This fixes SCT UpdateCapsule_Conf failures.
>
> Reviewed-by: Grant Likely <grant.likely@arm.com>
> Signed-off-by: Vincent Stehl=C3=A9 <vincent.stehle@arm.com>
> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
> Cc: Alexander Graf <agraf@csgraf.de>
> ---
>   include/efi_loader.h         | 24 ++++++++++++++++++++++++
>   lib/efi_loader/efi_capsule.c |  8 ++++----
>   lib/efi_loader/efi_runtime.c |  8 ++++++++
>   3 files changed, 36 insertions(+), 4 deletions(-)
>
> diff --git a/include/efi_loader.h b/include/efi_loader.h
> index 0a9c82a257e..426d1c72d7d 100644
> --- a/include/efi_loader.h
> +++ b/include/efi_loader.h
> @@ -910,6 +910,30 @@ extern const struct efi_firmware_management_protoco=
l efi_fmp_fit;
>   extern const struct efi_firmware_management_protocol efi_fmp_raw;
>
>   /* Capsule update */
> +static inline efi_status_t
> +efi_valid_update_capsule_params(struct efi_capsule_header
> +						**capsule_header_array,
> +				efi_uintn_t capsule_count,
> +				u64 scatter_gather_list)
> +{
> +	u32 flags;
> +
> +	if (!capsule_count)
> +		return EFI_INVALID_PARAMETER;

If capsule count > 1, don't you have to check all capsules headers?

> +
> +	flags =3D capsule_header_array[0]->flags;
> +
> +	if (((flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET) &&
> +	     !scatter_gather_list) ||
> +	    ((flags & CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE) &&
> +	     !(flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET)) ||
> +	    ((flags & CAPSULE_FLAGS_INITIATE_RESET) &&
> +	     !(flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET)))
> +		return EFI_INVALID_PARAMETER;

What happens if capsule(0) has CAPSULE_FLAGS_INITIATE_RESET and
capsule(4) has !CAPSULE_FLAGS_PERSIST_ACROSS_RESET?

Best regards

Heinrich

> +
> +	return EFI_SUCCESS;
> +}
> +
>   efi_status_t EFIAPI efi_update_capsule(
>   		struct efi_capsule_header **capsule_header_array,
>   		efi_uintn_t capsule_count,
> diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
> index 60309d4a07d..380cfd70290 100644
> --- a/lib/efi_loader/efi_capsule.c
> +++ b/lib/efi_loader/efi_capsule.c
> @@ -442,12 +442,12 @@ efi_status_t EFIAPI efi_update_capsule(
>   	EFI_ENTRY("%p, %zu, %llu\n", capsule_header_array, capsule_count,
>   		  scatter_gather_list);
>
> -	if (!capsule_count) {
> -		ret =3D EFI_INVALID_PARAMETER;
> +	ret =3D efi_valid_update_capsule_params(capsule_header_array,
> +					      capsule_count,
> +					      scatter_gather_list);
> +	if (ret !=3D EFI_SUCCESS)
>   		goto out;
> -	}
>
> -	ret =3D EFI_SUCCESS;
>   	for (i =3D 0, capsule =3D *capsule_header_array; i < capsule_count;
>   	     i++, capsule =3D *(++capsule_header_array)) {
>   		/* sanity check */
> diff --git a/lib/efi_loader/efi_runtime.c b/lib/efi_loader/efi_runtime.c
> index 93a695fc27e..449ad8b9f36 100644
> --- a/lib/efi_loader/efi_runtime.c
> +++ b/lib/efi_loader/efi_runtime.c
> @@ -467,6 +467,14 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsul=
e_unsupported(
>   			efi_uintn_t capsule_count,
>   			u64 scatter_gather_list)
>   {
> +	efi_status_t ret;
> +
> +	ret =3D efi_valid_update_capsule_params(capsule_header_array,
> +					      capsule_count,
> +					      scatter_gather_list);
> +	if (ret !=3D EFI_SUCCESS)
> +		return ret;
> +
>   	return EFI_UNSUPPORTED;
>   }
>
>