patina-v6.1.0
What's Changed
-
FixedSizeBlockAllocator: Do not panic when an allocation fails due to not having enough resources. @Javagedes (#683)
-
debugger: Add descriptions to custom monitor commands @cfernald (#670)
Change Details
## Description
Adds descriptions to custom monitor commands and cleans up the help print for the added commands.
Removed the version command as it is redundant with
?- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Tested on Q35
Integration Instructions
N/A
</blockquote> <hr> </details>
-
AdvLogger: Remove UB and improve parsing safety @cfernald (#570)
Change Details
## Description
Undefined behavior and safety improvements:
- Removes the undefined behavior by moving the log data into a UnsafeCell.
- More tightly binds buffer parsing by using data slice and
ZeroCopyto perform data casting.
General Cleanup:
- Introduce the wrapper
AdvancedLogtype to abstract the entire log structure and routines. - Simplified to use
LogEntryfor all intput and output of entries forAdvancedLog - Allow for readonly version of log for parsing
CLOSES: #544
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- Tested on QEMU
- Unit tests
- Integration Test
- Manual parsing test
Integration Instructions
N/A
</blockquote> <hr> </details>
-
patina\_debugger: Improve the info (monitor ?) response @cfernald (#607)
Change Details
## Description
Adds instruction address and clarifies the exception type info. This is invoked by calling
!uefiext.infoor!uefiext.monitor ?in windbgx.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Tested on Q35
Integration Instructions
N/A
</blockquote> <hr> </details>
-
patina\_sdk: Add size check to page allocation's into\_raw\_ptr @cfernald (#661)
Change Details
## Description
Other routines in the Memory Manager API will return
Nonein the event that the type of the pointer does not fit into the allocated pages. This moves that logic down to the ptr so that all returnes will do size checks. Ainto_raw_ptr_uncheckedcould be added in the future if a truely unchecked version is needed.This change additionally removes the
try_prefixes as the panic versions no longer exist, and this makes the interfaces more consistent.CLOSES: #620
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- Q35 with patina tests
- Unit tests
Integration Instructions
Update usage to remote
try_prefix and handle option frominto_raw_ptr</blockquote> <hr> </details>
-
chore: Release v6.0.4 @makubacki (#660)
Change Details
## Description
Release v6.0.4
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
N/A
Integration Instructions
See release notes
🚀 Features & ✨ Enhancements
-
[REBASE \& FF] Debugger: Remove the global monitor buffer @cfernald (#584)
Change Details
## Description
With the newest Windbgx (2507+), the configuration for UEFI has been updated such
that the GDB extension will wait until a monitor command is completed with
an OK packet to signal that all responses have been sent. This means that buffering
the entire response into a single buffer is no longer required and the message
may be sent over multiple GDB packets. So the monitor buffer that is pre-allocated
is no longer required.Additionally, this change introduces a
MonitorBufferstructure that will be inserted
on the stack. This temporary stack is used to reduce the number of packets that will
be sent. Format commands in rust will result in a large number of small writes as it
formats the various types of potentially character by character. This new stack buffer
serves as an optimization to reduce those packets.The second change in this PR is to remove the use of an allocated formatted string for
the GCD monitor command.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Tested on Q35
Integration Instructions
N/A
</blockquote> <hr> </details>
🐛 Bug Fixes
-
dxe\_core: Add capabilities to EFI memory map descriptors @cfernald (#675)
Change Details
## Description
This PR changes the behavior of
efi_get_memory_mapto return the capabilities and not the active attributes as this is required by the UEFI specification. Without this behavior failures can occur in Windows when the boot loader attempts to find allocatable memory that it wants to use uncached.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- Q35
- SBSA
- aarch64 platform
Integration Instructions
N/A
</blockquote> <hr> </details>
-
core\_locate\_device\_path: return InvalidParameter if device path is null @Javagedes (#668)
Change Details
## Description
If core_locate_device_path is provided a nullptr as the device path, a null pointer exception is hit in
remaining_device_pathfunction, as it's safety requirements are not upheld. This commit updates the logic in core_locate_device_path to return invalid parameter if the device path provided is a null pointer.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
SCTs not only stopped asserting, but now pass the previously asserting test case.
Integration Instructions
N/A
-
dxe\_core: Point to Reallocated Table in Dbg Image Info @os-d (#664)
Change Details
## Description
Currently, the debug image info table updates the Rust slice pointer to a newly reallocated table, but does not update the UEFI defined structure to point to the new table, as a result the old table gets freed and the table in memory (discovered by the debugger) points to garbage.
This correctly points the in memory UEFI spec defined structure to point to the new table.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Tested on Q35 when the SCTs caused the image count to go above the initial table size. This resolved the issue of the debug extension not being able to load image symbols.
Integration Instructions
N/A.
</blockquote> <hr> </details>
-
patina\_dxe\_core: Prevent calling RaiseTPL on a TPL lower than current TPL. @Javagedes (#666)
Change Details
## Description
This commit drops the allocators variable, which raises the TPL to TPL_HIGH_LEVEL throughout the lock. Dropping this early is necessary because MemoryAttributesTable::install() attempts to lock the system tables, which attempts to raise the TPL to TPL_NOTIFY.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Validated that previously asserting SCT tests now succeed
Integration Instructions
N/A
</blockquote> <hr> </details>
📖 Documentation Updates
-
RFC: Move to cargo-llvm-cov for Code Coverage @os-d (#625)
Change Details
## Description
Status: FCP
This introduces an RFC that proposes to move to cargo-llvm-cov for code coverage. Details in the RFC.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
N/A.
Integration Instructions
N/A.
</blockquote> <hr> </details>
Full Changelog: patina-v6.0.4...v6.1.0
