edk2/edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch

From 6eceae607639b46ea46ba26a288270bd1c97dc0f Mon Sep 17 00:00:00 2001
From: Jon Maloy <jmaloy@redhat.com>
Date: Thu, 13 Jun 2024 18:35:46 -0400
Subject: [PATCH 31/31] NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow
 in iPXE environment
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

RH-Author: Jon Maloy <jmaloy@redhat.com>
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
RH-Acked-by: Gerd Hoffmann <None>
RH-Commit: [31/31] 2088a79fef3d6dfec032f2f560ccf87ae42d786f

JIRA: https://issues.redhat.com/browse/RHEL-21854
Upstream: Merged
CVE: CVE-2023-45236

commit ced13b93afea87a8a1fe6ddbb67240a84cb2e3d3
Author: Sam <Sam_Tsai@wiwynn.com>
Date:   Wed May 29 07:46:03 2024 +0800

    NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow in iPXE environment

    This bug fix is based on the following commit "NetworkPkg TcpDxe: SECURITY PATCH"
    REF: 1904a64

    Issue Description:
    An "Invalid handle" error was detected during runtime when attempting to destroy a child instance of the hashing protocol. The problematic code segment was:

    NetworkPkg\TcpDxe\TcpDriver.c
    Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, &mHash2ServiceHandle);

    Root Cause Analysis:
    The root cause of the error was the passing of an incorrect parameter type, a pointer to an EFI_HANDLE instead of an EFI_HANDLE itself, to the DestroyChild function. This mismatch resulted in the function receiving an invalid handle.

    Implemented Solution:
    To resolve this issue, the function call was corrected to pass mHash2ServiceHandle directly:

    NetworkPkg\TcpDxe\TcpDriver.c
    Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, mHash2ServiceHandle);

    This modification ensures the correct handle type is used, effectively rectifying the "Invalid handle" error.

    Verification:
    Testing has been conducted, confirming the efficacy of the fix. Additionally, the BIOS can boot into the OS in an iPXE environment.

    Cc: Doug Flick [MSFT] <doug.edk2@gmail.com>

    Signed-off-by: Sam Tsai [Wiwynn] <sam_tsai@wiwynn.com>
    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>

Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
 NetworkPkg/TcpDxe/TcpDriver.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c
index 34ae838ae0..1aec292501 100644
--- a/NetworkPkg/TcpDxe/TcpDriver.c
+++ b/NetworkPkg/TcpDxe/TcpDriver.c
@@ -509,7 +509,7 @@ TcpDestroyService (
     //
     // Destroy the instance of the hashing protocol for this controller.
     //
-    Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, &mHash2ServiceHandle);
+    Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, mHash2ServiceHandle);
     if (EFI_ERROR (Status)) {
       return EFI_UNSUPPORTED;
     }
-- 
2.39.3
-												* Wed Jul 03 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20220126gitbb1bba3d77-13.el8_10.1

- edk2-MdeModulePkg-Change-use-of-EFI_D_-to-DEBUG_.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdeModulePkg-Potential-UINT32-overflow-in-S3-ResumeC.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdePkg-Apply-uncrustify-changes.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-NetworkPkg-Apply-uncrustify-changes.p2.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Rename-RdRandGenerateEntropy-to-g.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Remove-ArchGetSupportedRngAlgorit.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Documentation-include-parameter-c.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Check-before-advertising-Cpu-Rng-.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Add-AArch64-RawAlgorithm-support-.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Add-debug-warning-for-NULL-PcdCpu.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Rename-AArch64-RngDxe.c.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Add-Arm-support-of-RngDxe.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Correctly-update-mAvailableAlgoAr.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Conditionally-install-EFI_RNG_PRO.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdeModulePkg-Duplicate-BaseRngLibTimerLib-to-MdeModu.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdePkg-Add-deprecated-warning-to-BaseRngLibTimer.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-SecurityPkg.dec-Move-PcdCpuRngSupportedA.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdePkg-DxeRngLib-Request-raw-algorithm-instead-of-de.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdePkg-Rng-Add-GUID-to-describe-Arm-Rndr-Rng-algorit.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdeModulePkg-Rng-Add-GUID-to-describe-unsafe-Rng-alg.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdePkg-Rng-Add-GetRngGuid-to-RngLib.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Use-GetRngGuid-when-probing-RngLi.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Simplify-Rng-algorithm-selection-.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-add-rng-test.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-OvmfPkg-wire-up-RngDxe.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- Resolves: RHEL-21854
  (CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-8])
- Resolves: RHEL-21856
  (CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-8])
- Resolves: RHEL-40099
  (CVE-2024-1298 edk2: Temporary DoS vulnerability [rhel-8.10.z])

											
										
										
											2024-07-03 12:35:29 +00:00
+								From 6eceae607639b46ea46ba26a288270bd1c97dc0f Mon Sep 17 00:00:00 2001
 								From: Jon Maloy <jmaloy@redhat.com>
 								Date: Thu, 13 Jun 2024 18:35:46 -0400
 								Subject: [PATCH 31/31] NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow
 								 in iPXE environment
 								MIME-Version: 1.0
 								Content-Type: text/plain; charset=UTF-8
 								Content-Transfer-Encoding: 8bit
 								RH-Author: Jon Maloy <jmaloy@redhat.com>
 								RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
 								RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
 								RH-Acked-by: Gerd Hoffmann <None>
 								RH-Commit: [31/31] 2088a79fef3d6dfec032f2f560ccf87ae42d786f
 								JIRA: https://issues.redhat.com/browse/RHEL-21854
 								Upstream: Merged
 								CVE: CVE-2023-45236
 								commit ced13b93afea87a8a1fe6ddbb67240a84cb2e3d3
 								Author: Sam <Sam_Tsai@wiwynn.com>
 								Date:   Wed May 29 07:46:03 2024 +0800
 								    NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow in iPXE environment
 								    This bug fix is based on the following commit "NetworkPkg TcpDxe: SECURITY PATCH"
 								    REF: 1904a64
 								    Issue Description:
 								    An "Invalid handle" error was detected during runtime when attempting to destroy a child instance of the hashing protocol. The problematic code segment was:
 								    NetworkPkg\TcpDxe\TcpDriver.c
 								    Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, &mHash2ServiceHandle);
 								    Root Cause Analysis:
 								    The root cause of the error was the passing of an incorrect parameter type, a pointer to an EFI_HANDLE instead of an EFI_HANDLE itself, to the DestroyChild function. This mismatch resulted in the function receiving an invalid handle.
 								    Implemented Solution:
 								    To resolve this issue, the function call was corrected to pass mHash2ServiceHandle directly:
 								    NetworkPkg\TcpDxe\TcpDriver.c
 								    Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, mHash2ServiceHandle);
 								    This modification ensures the correct handle type is used, effectively rectifying the "Invalid handle" error.
 								    Verification:
 								    Testing has been conducted, confirming the efficacy of the fix. Additionally, the BIOS can boot into the OS in an iPXE environment.
 								    Cc: Doug Flick [MSFT] <doug.edk2@gmail.com>
 								    Signed-off-by: Sam Tsai [Wiwynn] <sam_tsai@wiwynn.com>
 								    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
 								Signed-off-by: Jon Maloy <jmaloy@redhat.com>
 								---
 								 NetworkPkg/TcpDxe/TcpDriver.c | 2 +-
 file changed, 1 insertion(+), 1 deletion(-)
 								diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c
 								index 34ae838ae0..1aec292501 100644
 								--- a/NetworkPkg/TcpDxe/TcpDriver.c
 								+++ b/NetworkPkg/TcpDxe/TcpDriver.c
@@ -509,7 +509,7 @@ TcpDestroyService (
 								     //
 								     // Destroy the instance of the hashing protocol for this controller.
 								     //
 								-    Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, &mHash2ServiceHandle);
 								+    Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, mHash2ServiceHandle);
 								     if (EFI_ERROR (Status)) {
 								       return EFI_UNSUPPORTED;
 								     }
 								--
 .39.3