> On Jun 29, 2015, at 9:56 PM, Andrew Fish <af...@apple.com> wrote:
>
> I was playing around in an emulator and I started to see a crash with
> Private->Fv[0] having bad data.
>
> I root caused the bug and it looks like if gEfiTemporaryRamSupportPpiGuid
> path is taken there is an assumption about the alignment of the
> PeiTemporaryRamBase relative to the stack.
>
> In my usage case the SEC was allocating, “stealing”, data from the start of
> the traditional PeiTemporaryRamBase.
>
> (lldb) p *SecCoreData
> (EFI_SEC_PEI_HAND_OFF) $9 = {
> DataSize = 0x0048
> BootFirmwareVolumeBase = 0x0000000f00700000
> BootFirmwareVolumeSize = 0x0000000000000000
> TemporaryRamBase = 0x0000001041000000
> TemporaryRamSize = 0x0000000000020000
> PeiTemporaryRamBase = 0x0000001041010090
> PeiTemporaryRamSize = 0x000000000000ff70
> StackBase = 0x0000001041000000
> StackSize = 0x0000000000010000
> }
>
> This causes PeiTemporaryRamBase to be offset by 0x90, and this seems to break
> the HeapOffset calculation.
>
> https://svn.code.sf.net/p/edk2/code/trunk/edk2/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c
>
> <https://svn.code.sf.net/p/edk2/code/trunk/edk2/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c>
> //
> // TemporaryRamSupportPpi is produced by platform's SEC
> //
> Status = PeiServicesLocatePpi (
> &gEfiTemporaryRamSupportPpiGuid,
> 0,
> NULL,
> (VOID**)&TemporaryRamSupportPpi
> );
> if (!EFI_ERROR (Status)) {
> //
> // Heap Offset
> //
> BaseOfNewHeap = TopOfNewStack;
> if (BaseOfNewHeap >= (UINTN)SecCoreData->PeiTemporaryRamBase)
> {
> Private->HeapOffsetPositive = TRUE;
> Private->HeapOffset = (UINTN)(BaseOfNewHeap -
> (UINTN)SecCoreData->PeiTemporaryRamBase);
> } else {
> Private->HeapOffsetPositive = FALSE;
> Private->HeapOffset =
> (UINTN)((UINTN)SecCoreData->PeiTemporaryRamBase - BaseOfNewHeap);
> }
Given this call:
//
// Temporary Ram Support PPI is provided by platform, it will
copy
// temporary memory to permenent memory and do stack switching.
// After invoking Temporary Ram Support PPI, the following
code's
// stack is in permanent memory.
//
TemporaryRamSupportPpi->TemporaryRamMigration (
PeiServices,
TemporaryRamBase,
(EFI_PHYSICAL_ADDRESS)(UINTN)(TopOfNewStack - TemporaryStackSize),
TemporaryRamSize
);
It seems that in this path Private->HeapOffset is really the delta between
TemporaryRamBase and (EFI_PHYSICAL_ADDRESS)(UINTN)(TopOfNewStack -
TemporaryStackSize). This is the move that happens on the data, so it should be
the heap adjustment.
Thanks,
Andrew Fish
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel
