Bug #9573
closedovershifted smbios major version leads to undershifted data
100%
Description
The smbios routines often need to check against the library and table image version. These come into us as a pair of uint8_t values that represent the major and minor version. We generally try to save these in structures as a single uint16_t value and then operate on them. Similarly, when a user declares what version of the smbios library they want to use, they declare a similar looking version.
Now, the problem is best shown in the following lines:
487 #define SMB_MAJMIN(M, m) ((((M) & 0xFF) << 16) | ((m) & 0xFF)) 488 #define SMB_MAJOR(v) (((v) & 0xFF00) >> 8) 489 #define SMB_MINOR(v) (((v) & 0x00FF))
The SMB_MAJMIN is used when we are taking values from the entry points and trying to construct the value. We use the latter two when making comparisons between the user version and the hardware version. Note how SMB_MAJOR tries so grab the upper 8 bits of a 16-bit value. However, the SMB_MAJMIN shifts the major value over 16 bits. This ends up meaning that if you look at a structure in mdb that the version we think we have from hardware is much larger. See sh_smbvers below:
> 806b178::print smbios_hdl_t { sh_ent_type = 0 (0) sh_ent = { ep21 = { smbe_eanchor = [ "_SM_" ] smbe_ecksum = 0xc8 smbe_elen = 0x1f smbe_major = 0x3 smbe_minor = 0 smbe_maxssize = 0xb8 smbe_revision = 0 smbe_format = [ 0, 0, 0, 0, 0 ] smbe_ianchor = [ "_DMI_" ] smbe_icksum = 0x53 smbe_stlen = 0x1919 smbe_staddr = 0x20 smbe_stnum = 0x93 smbe_bcdrev = 0x30 } ep30 = { smbe_eanchor = [ '_', 'S', 'M', '_', '\310' ] smbe_ecksum = 0x1f smbe_elen = 0x3 smbe_major = 0 smbe_minor = 0xb8 smbe_docrev = 0 smbe_revision = 0 smbe_reserved = 0 smbe_stlen = 0 smbe_staddr = 0x1919535f494d445f } } sh_ent_stnum = 0x93 sh_buf = 0x8069850 sh_buflen = 0x1919 sh_structs = 0x806b1d0 sh_nstructs = 0x92 sh_hash = 0x806bfa0 sh_hashlen = 0x40 sh_err = 0x3ee sh_libvers = 0x301 sh_smbvers = 0x30000 sh_flags = 0x2 }
To test this I decoded several different smbios images of systems and went through and made sure that values which were hidden based on the version were now presented. This included the cooling device description and certain bios characteristics. This testing on several different images led to discovering 9574.
As an example, see how the bios version is now correctly printed in the second example below:
This was tested in tandem with 9574 which discovered this. To test it, I compared the output of old smbios versions which never printed the version with those that showed bogus information with those that had more useful information. For example, previously:
$ smbios -t0 ha.smbios ID SIZE TYPE 0 42 SMB_TYPE_BIOS (type 0) (BIOS information) Vendor: Version String: 2.2.5 Release Date: 09/06/2016 Address Segment: 0xf000 ROM Size: 16777216 bytes Image Size: 65536 bytes Characteristics: 0x1f000059e99a90 SMB_BIOSFL_ISA (ISA is supported) SMB_BIOSFL_PCI (PCI is supported) SMB_BIOSFL_PLUGNPLAY (Plug and Play is supported) SMB_BIOSFL_FLASH (BIOS is Flash Upgradeable) SMB_BIOSFL_SHADOW (BIOS shadowing is allowed) SMB_BIOSFL_CDBOOT (Boot from CD is supported) SMB_BIOSFL_SELBOOT (Selectable Boot supported) SMB_BIOSFL_EDD (EDD Spec is supported) SMB_BIOSFL_TOSHIBA (int 0x13 Toshiba floppy) SMB_BIOSFL_525_360K (int 0x13 5.25" 360K floppy) SMB_BIOSFL_525_12M (int 0x13 5.25" 1.2M floppy) SMB_BIOSFL_35_720K (int 0x13 3.5" 720K floppy) SMB_BIOSFL_I9_KBD (int 0x9 8042 keyboard svcs) SMB_BIOSFL_I14_SER (int 0x14 serial svcs) SMB_BIOSFL_I10_CGA (int 0x10 CGA svcs) 0x1000000000000 0x2000000000000 0x4000000000000 0x8000000000000 0x10000000000000 Characteristics Extension Byte 1: 0x3 SMB_BIOSXB1_ACPI (ACPI is supported) SMB_BIOSXB1_USBL (USB legacy is supported) Characteristics Extension Byte 2: 0xf SMB_BIOSXB2_BBOOT (BIOS Boot Specification supported) SMB_BIOSXB2_FKNETSVC (F-key Network Svc boot supported) SMB_BIOSXB2_ETCDIST (Enable Targeted Content Distrib.) SMB_BIOSXB2_UEFI (UEFI Specification supported) Version Number: 0.0 Embedded Ctlr Firmware Version Number: 0.0
Is now:
$ LD_PRELOAD_32=../../lib/libsmbios/i386/libsmbios.so.1 ./smbios -t0 ha.smbios ID SIZE TYPE 0 42 SMB_TYPE_BIOS (type 0) (BIOS information) Vendor: Version String: 2.2.5 Release Date: 09/06/2016 Address Segment: 0xf000 ROM Size: 16777216 bytes Image Size: 65536 bytes Characteristics: 0x1f000059e99a90 SMB_BIOSFL_ISA (ISA is supported) SMB_BIOSFL_PCI (PCI is supported) SMB_BIOSFL_PLUGNPLAY (Plug and Play is supported) SMB_BIOSFL_FLASH (BIOS is Flash Upgradeable) SMB_BIOSFL_SHADOW (BIOS shadowing is allowed) SMB_BIOSFL_CDBOOT (Boot from CD is supported) SMB_BIOSFL_SELBOOT (Selectable Boot supported) SMB_BIOSFL_EDD (EDD Spec is supported) SMB_BIOSFL_TOSHIBA (int 0x13 Toshiba floppy) SMB_BIOSFL_525_360K (int 0x13 5.25" 360K floppy) SMB_BIOSFL_525_12M (int 0x13 5.25" 1.2M floppy) SMB_BIOSFL_35_720K (int 0x13 3.5" 720K floppy) SMB_BIOSFL_I9_KBD (int 0x9 8042 keyboard svcs) SMB_BIOSFL_I14_SER (int 0x14 serial svcs) SMB_BIOSFL_I10_CGA (int 0x10 CGA svcs) 0x1000000000000 0x2000000000000 0x4000000000000 0x8000000000000 0x10000000000000 Characteristics Extension Byte 1: 0x3 SMB_BIOSXB1_ACPI (ACPI is supported) SMB_BIOSXB1_USBL (USB legacy is supported) Characteristics Extension Byte 2: 0xf SMB_BIOSXB2_BBOOT (BIOS Boot Specification supported) SMB_BIOSXB2_FKNETSVC (F-key Network Svc boot supported) SMB_BIOSXB2_ETCDIST (Enable Targeted Content Distrib.) SMB_BIOSXB2_UEFI (UEFI Specification supported) Version Number: 2.2
Related issues
Updated by Robert Mustacchi almost 4 years ago
- Related to Bug #9574: smbios(1M) shouldn't print non-existant bios versions added
Updated by Electric Monk almost 4 years ago
- Status changed from New to Closed
git commit f44a1392c9d1c0ff0faf96d4eed0952a6b5cfbe0
commit f44a1392c9d1c0ff0faf96d4eed0952a6b5cfbe0 Author: Robert Mustacchi <rm@joyent.com> Date: 2018-07-19T18:47:39.000Z 9569 smbios(1M) could decode voltage and curent probes 9570 smbios(1M) could decode cooling devices 9571 smbios(1M) could decode temperature probes 9572 smb_impl.h structs should comment corresponding type 9573 overshifted smbios major version leads to undershifted data 9574 smbios(1M) shouldn't print non-existant bios versions Reviewed by: Tim Kordas <tim.kordas@joyent.com> Reviewed by: Dan McDonald <danmcd@joyent.com> Reviewed by: Toomas Soome <tsoome@me.com> Reviewed by: Igor Kozhukhov <igor@dilos.org> Reviewed by: Yuri Pankov <yuripv@yuripv.net> Approved by: Dan McDonald <danmcd@joyent.com>