[Bug]: RuntimeDxe Virtualizes the FVB Protocol Function Pointers #877

os-d · 2024-05-29T22:10:15Z

Is there an existing issue for this?

I have searched existing issues

Current Behavior

RuntimeDxe virtualizes the pointers for the FVB protocol, which is not the typical way that UEFI operates, of virtualize your own pointers. See:

mu_basecore/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c

Lines 253 to 260 in 7f9a27e

    
           EfiConvertPointer (0x0, (VOID **)&mVariableModuleGlobal->FvbInstance->GetBlockSize); 
        
           EfiConvertPointer (0x0, (VOID **)&mVariableModuleGlobal->FvbInstance->GetPhysicalAddress); 
        
           EfiConvertPointer (0x0, (VOID **)&mVariableModuleGlobal->FvbInstance->GetAttributes); 
        
           EfiConvertPointer (0x0, (VOID **)&mVariableModuleGlobal->FvbInstance->SetAttributes); 
        
           EfiConvertPointer (0x0, (VOID **)&mVariableModuleGlobal->FvbInstance->Read); 
        
           EfiConvertPointer (0x0, (VOID **)&mVariableModuleGlobal->FvbInstance->Write); 
        
           EfiConvertPointer (0x0, (VOID **)&mVariableModuleGlobal->FvbInstance->EraseBlocks); 
        
           EfiConvertPointer (0x0, (VOID **)&mVariableModuleGlobal->FvbInstance);

.

This is potentially dangerous, a different FVB protocol provider may do the canonical behavior and virtualize their own protocol pointers, which could harmlessly fail EfiConvertPointer calls or worse could already have been converted into a virtual address that itself maps to a physical address in the VirtualAddressMap and so the second EfiConvertPointer call could succeed and return a new virtual address and have us execute in a random point in the code.

Expected Behavior

The FVB protocol should virtualize the pointers to its protocol itself and not rely on RuntimeDxe to do so.

Steps To Reproduce

Look at code.

Build Environment

- OS(s):
- Tool Chain(s):
- Targets Impacted:
All

Version Information

Top of tree.

Urgency

Medium

Are you going to fix this?

I will fix it

Do you need maintainer feedback?

No maintainer feedback needed

Anything else?

No response

The text was updated successfully, but these errors were encountered:

github-actions · 2024-08-24T23:36:04Z

This issue has been automatically marked as stale because it has not had activity in 45 days. It will be closed if no further activity occurs within 7 days. Thank you for your contributions.

github-actions · 2024-08-31T23:36:28Z

This issue has been automatically been closed because it did not have any activity in 45 days and no follow up within 7 days after being marked stale. Thank you for your contributions.

os-d added state:needs-triage Needs to triaged to determine next steps type:bug Something isn't working labels May 29, 2024

github-actions bot added urgency:medium Important with a moderate impact labels May 29, 2024

github-actions bot assigned os-d May 29, 2024

github-actions bot added the state:stale Has not been updated in a long time label Aug 24, 2024

github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Aug 31, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug]: RuntimeDxe Virtualizes the FVB Protocol Function Pointers #877

[Bug]: RuntimeDxe Virtualizes the FVB Protocol Function Pointers #877

os-d commented May 29, 2024

github-actions bot commented Aug 24, 2024

github-actions bot commented Aug 31, 2024

[Bug]: RuntimeDxe Virtualizes the FVB Protocol Function Pointers #877

[Bug]: RuntimeDxe Virtualizes the FVB Protocol Function Pointers #877

Comments

os-d commented May 29, 2024

Is there an existing issue for this?

Current Behavior

Expected Behavior

Steps To Reproduce

Build Environment

Version Information

Urgency

Are you going to fix this?

Do you need maintainer feedback?

Anything else?

github-actions bot commented Aug 24, 2024

github-actions bot commented Aug 31, 2024