From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <star.zeng@intel.com>
Received: from mga14.intel.com (mga14.intel.com [192.55.52.115])
 by ml01.01.org (Postfix) with ESMTP id 951FE1A1DF3
 for <edk2-devel@lists.01.org>; Mon,  8 Aug 2016 18:22:04 -0700 (PDT)
Received: from orsmga003.jf.intel.com ([10.7.209.27])
 by fmsmga103.fm.intel.com with ESMTP; 08 Aug 2016 18:22:05 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.28,493,1464678000"; d="scan'208";a="862044584"
Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201])
 by orsmga003.jf.intel.com with ESMTP; 08 Aug 2016 18:22:03 -0700
Received: from fmsmsx101.amr.corp.intel.com (10.18.124.199) by
 FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Mon, 8 Aug 2016 18:22:01 -0700
Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by
 fmsmsx101.amr.corp.intel.com (10.18.124.199) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Mon, 8 Aug 2016 18:22:00 -0700
Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.147]) by
 SHSMSX101.ccr.corp.intel.com ([169.254.1.8]) with mapi id 14.03.0248.002;
 Tue, 9 Aug 2016 09:21:59 +0800
From: "Zeng, Star" <star.zeng@intel.com>
To: Andrew Fish <afish@apple.com>, edk2-devel <edk2-devel@lists.01.org>
Thread-Topic: [edk2] [MdeModulePkg] SetVirtualAddressMap() crashed due to
 DxeReportStatusCodeLib assuming the state of the BootService Memory at
 runtime.
Thread-Index: AQHR8cmugaYAxbIGqkqxNq+H8AFPWaA/1Png
Date: Tue, 9 Aug 2016 01:21:59 +0000
Message-ID: <0C09AFA07DD0434D9E2A0C6AEB048310036A1BCF@shsmsx102.ccr.corp.intel.com>
References: <776695E1-E864-42F4-A633-B86FB913A510@apple.com>
In-Reply-To: <776695E1-E864-42F4-A633-B86FB913A510@apple.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [MdeModulePkg] SetVirtualAddressMap() crashed due to DxeReportStatusCodeLib assuming the state of the BootService Memory at runtime.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2016 01:22:04 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Andrew,

Should MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib be used for your =
case if there are really runtime status code reporting needed?

Thanks,
Star
-----Original Message-----
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Andr=
ew Fish
Sent: Tuesday, August 9, 2016 7:08 AM
To: edk2-devel <edk2-devel@lists.01.org>
Subject: [edk2] [MdeModulePkg] SetVirtualAddressMap() crashed due to DxeRep=
ortStatusCodeLib assuming the state of the BootService Memory at runtime.

I was messing about with an ExitBootServices test that fills boot services =
memory with 0xAFAFAFAFAFAFAFAF (It was Vincent's idea to use my Initials bu=
t it has the handy property of being a non-cononical address and causes on =
GP fault on X64) and SetVirtualAddressMap() started crashing.=20

It looks like this code is assuming the 1st call to ReportStatus code will =
not happen at runtime. This is not the case for the RuntimeDxe driver.=20
https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Library/DxeRepor=
tStatusCodeLib/ReportStatusCodeLib.c#L43
VOID
InternalGetReportStatusCode (
  VOID
  )
{
  EFI_STATUS  Status;

  if (mReportStatusCodeLibStatusCodeProtocol !=3D NULL) {
    return;
  }

  //
  // Check gBS just in case ReportStatusCode is called before gBS is initia=
lized.
  //
  if (gBS !=3D NULL && gBS->LocateProtocol !=3D NULL) {
    Status =3D gBS->LocateProtocol (&gEfiStatusCodeRuntimeProtocolGuid, NUL=
L, (VOID**) &mReportStatusCodeLibStatusCodeProtocol);
    if (EFI_ERROR (Status)) {
      mReportStatusCodeLibStatusCodeProtocol =3D NULL;
    }
  }
}

I'm guessing this seems to work due to:https://github.com/tianocore/edk2/bl=
ob/master/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c#L803

  //
  // Zero out the Boot Service Table
  //
  ZeroMem (gBS, sizeof (EFI_BOOT_SERVICES));


Thus if I'm looking at this code correctly it only looks like it works at R=
untime since it is depending on the value of a boot services memory buffer =
not changing. This is not a valid assumption as that code is owned by the c=
aller of ExitBootServices, so it should be legal for my test to change the =
value.=20

I wanted to get a few more eyes on this prior to filling a bug?

Thanks,

Andrew Fish


_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel