Project

General

Profile

Actions

Bug #9573

closed

overshifted smbios major version leads to undershifted data

Added by Robert Mustacchi about 3 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Category:
cmd - userland programs
Start date:
2018-05-31
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

The smbios routines often need to check against the library and table image version. These come into us as a pair of uint8_t values that represent the major and minor version. We generally try to save these in structures as a single uint16_t value and then operate on them. Similarly, when a user declares what version of the smbios library they want to use, they declare a similar looking version.

Now, the problem is best shown in the following lines:

487 #define SMB_MAJMIN(M, m)        ((((M) & 0xFF) << 16) | ((m) & 0xFF))
488 #define SMB_MAJOR(v)            (((v) & 0xFF00) >> 8)
489 #define SMB_MINOR(v)            (((v) & 0x00FF))

The SMB_MAJMIN is used when we are taking values from the entry points and trying to construct the value. We use the latter two when making comparisons between the user version and the hardware version. Note how SMB_MAJOR tries so grab the upper 8 bits of a 16-bit value. However, the SMB_MAJMIN shifts the major value over 16 bits. This ends up meaning that if you look at a structure in mdb that the version we think we have from hardware is much larger. See sh_smbvers below:

> 806b178::print smbios_hdl_t
{
    sh_ent_type = 0 (0)
    sh_ent = {
        ep21 = {
            smbe_eanchor = [ "_SM_" ]
            smbe_ecksum = 0xc8
            smbe_elen = 0x1f
            smbe_major = 0x3
            smbe_minor = 0
            smbe_maxssize = 0xb8
            smbe_revision = 0
            smbe_format = [ 0, 0, 0, 0, 0 ]
            smbe_ianchor = [ "_DMI_" ]
            smbe_icksum = 0x53
            smbe_stlen = 0x1919
            smbe_staddr = 0x20
            smbe_stnum = 0x93
            smbe_bcdrev = 0x30
        }
        ep30 = {
            smbe_eanchor = [ '_', 'S', 'M', '_', '\310' ]
            smbe_ecksum = 0x1f
            smbe_elen = 0x3
            smbe_major = 0
            smbe_minor = 0xb8
            smbe_docrev = 0
            smbe_revision = 0
            smbe_reserved = 0
            smbe_stlen = 0
            smbe_staddr = 0x1919535f494d445f
        }
    }
    sh_ent_stnum = 0x93
    sh_buf = 0x8069850
    sh_buflen = 0x1919
    sh_structs = 0x806b1d0
    sh_nstructs = 0x92
    sh_hash = 0x806bfa0
    sh_hashlen = 0x40
    sh_err = 0x3ee
    sh_libvers = 0x301
    sh_smbvers = 0x30000
    sh_flags = 0x2
}

To test this I decoded several different smbios images of systems and went through and made sure that values which were hidden based on the version were now presented. This included the cooling device description and certain bios characteristics. This testing on several different images led to discovering 9574.

As an example, see how the bios version is now correctly printed in the second example below:
This was tested in tandem with 9574 which discovered this. To test it, I compared the output of old smbios versions which never printed the version with those that showed bogus information with those that had more useful information. For example, previously:

$ smbios -t0 ha.smbios 
ID    SIZE TYPE
0     42   SMB_TYPE_BIOS (type 0) (BIOS information)

  Vendor:  
  Version String: 2.2.5
  Release Date: 09/06/2016
  Address Segment: 0xf000
  ROM Size: 16777216 bytes
  Image Size: 65536 bytes
  Characteristics: 0x1f000059e99a90
        SMB_BIOSFL_ISA (ISA is supported)
        SMB_BIOSFL_PCI (PCI is supported)
        SMB_BIOSFL_PLUGNPLAY (Plug and Play is supported)
        SMB_BIOSFL_FLASH (BIOS is Flash Upgradeable)
        SMB_BIOSFL_SHADOW (BIOS shadowing is allowed)
        SMB_BIOSFL_CDBOOT (Boot from CD is supported)
        SMB_BIOSFL_SELBOOT (Selectable Boot supported)
        SMB_BIOSFL_EDD (EDD Spec is supported)
        SMB_BIOSFL_TOSHIBA (int 0x13 Toshiba floppy)
        SMB_BIOSFL_525_360K (int 0x13 5.25" 360K floppy)
        SMB_BIOSFL_525_12M (int 0x13 5.25" 1.2M floppy)
        SMB_BIOSFL_35_720K (int 0x13 3.5" 720K floppy)
        SMB_BIOSFL_I9_KBD (int 0x9 8042 keyboard svcs)
        SMB_BIOSFL_I14_SER (int 0x14 serial svcs)
        SMB_BIOSFL_I10_CGA (int 0x10 CGA svcs)
        0x1000000000000
        0x2000000000000
        0x4000000000000
        0x8000000000000
        0x10000000000000
  Characteristics Extension Byte 1: 0x3
        SMB_BIOSXB1_ACPI (ACPI is supported)
        SMB_BIOSXB1_USBL (USB legacy is supported)
  Characteristics Extension Byte 2: 0xf
        SMB_BIOSXB2_BBOOT (BIOS Boot Specification supported)
        SMB_BIOSXB2_FKNETSVC (F-key Network Svc boot supported)
        SMB_BIOSXB2_ETCDIST (Enable Targeted Content Distrib.)
        SMB_BIOSXB2_UEFI (UEFI Specification supported)
  Version Number: 0.0
  Embedded Ctlr Firmware Version Number: 0.0

Is now:

$ LD_PRELOAD_32=../../lib/libsmbios/i386/libsmbios.so.1 ./smbios -t0 ha.smbios 
ID    SIZE TYPE
0     42   SMB_TYPE_BIOS (type 0) (BIOS information)

  Vendor:  
  Version String: 2.2.5
  Release Date: 09/06/2016
  Address Segment: 0xf000
  ROM Size: 16777216 bytes
  Image Size: 65536 bytes
  Characteristics: 0x1f000059e99a90
        SMB_BIOSFL_ISA (ISA is supported)
        SMB_BIOSFL_PCI (PCI is supported)
        SMB_BIOSFL_PLUGNPLAY (Plug and Play is supported)
        SMB_BIOSFL_FLASH (BIOS is Flash Upgradeable)
        SMB_BIOSFL_SHADOW (BIOS shadowing is allowed)
        SMB_BIOSFL_CDBOOT (Boot from CD is supported)
        SMB_BIOSFL_SELBOOT (Selectable Boot supported)
        SMB_BIOSFL_EDD (EDD Spec is supported)
        SMB_BIOSFL_TOSHIBA (int 0x13 Toshiba floppy)
        SMB_BIOSFL_525_360K (int 0x13 5.25" 360K floppy)
        SMB_BIOSFL_525_12M (int 0x13 5.25" 1.2M floppy)
        SMB_BIOSFL_35_720K (int 0x13 3.5" 720K floppy)
        SMB_BIOSFL_I9_KBD (int 0x9 8042 keyboard svcs)
        SMB_BIOSFL_I14_SER (int 0x14 serial svcs)
        SMB_BIOSFL_I10_CGA (int 0x10 CGA svcs)
        0x1000000000000
        0x2000000000000
        0x4000000000000
        0x8000000000000
        0x10000000000000
  Characteristics Extension Byte 1: 0x3
        SMB_BIOSXB1_ACPI (ACPI is supported)
        SMB_BIOSXB1_USBL (USB legacy is supported)
  Characteristics Extension Byte 2: 0xf
        SMB_BIOSXB2_BBOOT (BIOS Boot Specification supported)
        SMB_BIOSXB2_FKNETSVC (F-key Network Svc boot supported)
        SMB_BIOSXB2_ETCDIST (Enable Targeted Content Distrib.)
        SMB_BIOSXB2_UEFI (UEFI Specification supported)
  Version Number: 2.2

Related issues

Related to illumos gate - Bug #9574: smbios(1M) shouldn't print non-existant bios versionsClosedRobert Mustacchi2018-05-31

Actions
Actions #1

Updated by Robert Mustacchi about 3 years ago

  • Related to Bug #9574: smbios(1M) shouldn't print non-existant bios versions added
Actions #2

Updated by Electric Monk about 3 years ago

  • Status changed from New to Closed

git commit f44a1392c9d1c0ff0faf96d4eed0952a6b5cfbe0

commit  f44a1392c9d1c0ff0faf96d4eed0952a6b5cfbe0
Author: Robert Mustacchi <rm@joyent.com>
Date:   2018-07-19T18:47:39.000Z

    9569 smbios(1M) could decode voltage and curent probes
    9570 smbios(1M) could decode cooling devices
    9571 smbios(1M) could decode temperature probes
    9572 smb_impl.h structs should comment corresponding type
    9573 overshifted smbios major version leads to undershifted data
    9574 smbios(1M) shouldn't print non-existant bios versions
    Reviewed by: Tim Kordas <tim.kordas@joyent.com>
    Reviewed by: Dan McDonald <danmcd@joyent.com>
    Reviewed by: Toomas Soome <tsoome@me.com>
    Reviewed by: Igor Kozhukhov <igor@dilos.org>
    Reviewed by: Yuri Pankov <yuripv@yuripv.net>
    Approved by: Dan McDonald <danmcd@joyent.com>

Actions

Also available in: Atom PDF