The bug can be triggered when alignment of Base is larger than Length
by 2 level of page granularity, e.g.
Base is 0x4000_0000, Length is 0x1000
The original code will change 2MB page level and we will get a
negative remaining length.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Heyi Guo <heyi....@linaro.org>
Cc: Leif Lindholm <leif.lindh...@linaro.org>
Cc: Ard Biesheuvel <ard.biesheu...@linaro.org>
---
ArmPkg/Library/ArmLib/AArch64/AArch64Mmu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ArmPkg/Library/ArmLib/AArch64/AArch64Mmu.c
b/ArmPkg/Library/ArmLib/AArch64/AArch64Mmu.c
index 4db4bbe..e7b095c 100644
--- a/ArmPkg/Library/ArmLib/AArch64/AArch64Mmu.c
+++ b/ArmPkg/Library/ArmLib/AArch64/AArch64Mmu.c
@@ -314,7 +314,7 @@ GetBlockEntryListFromAddress (
// If the required size is smaller than the current block size then we need
to go to the page below.
// The PageLevel was calculated on the Base Address alignment but did not
take in account the alignment
// of the allocation size
- if (*BlockEntrySize < TT_BLOCK_ENTRY_SIZE_AT_LEVEL (PageLevel)) {
+ while (*BlockEntrySize < TT_BLOCK_ENTRY_SIZE_AT_LEVEL (PageLevel)) {
// It does not fit so we need to go a page level above
PageLevel++;
}
--
2.5.0
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
