From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <leif.lindholm@linaro.org>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=2a00:1450:400c:c0c::242; helo=mail-wr0-x242.google.com;
 envelope-from=leif.lindholm@linaro.org; receiver=edk2-devel@lists.01.org 
Received: from mail-wr0-x242.google.com (mail-wr0-x242.google.com
 [IPv6:2a00:1450:400c:c0c::242])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 92CCA22497F2C
 for <edk2-devel@lists.01.org>; Mon, 16 Apr 2018 03:44:16 -0700 (PDT)
Received: by mail-wr0-x242.google.com with SMTP id y7so24576063wrh.10
 for <edk2-devel@lists.01.org>; Mon, 16 Apr 2018 03:44:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-disposition:in-reply-to:user-agent;
 bh=9RHTeL4Fj0MsH1ACxeVkqdEEiUhDvnP35voi5QT/rIM=;
 b=be8WlWI+KbMhbiOH3sEV6DA1b7tT2OUYI20PSqgvFsdf8dz1nEsDz4Zdx8R4lH6qpE
 GZuRKsyDmP3a8tJIParzaAv+xWFTxMD3jG+S2G8hbit9b+/BloJ2juOEVXOeJk3nKdmh
 gOEzMbg+zBp+fyN15z7d4/70GE4Mzk8ETtSCo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:references
 :mime-version:content-disposition:in-reply-to:user-agent;
 bh=9RHTeL4Fj0MsH1ACxeVkqdEEiUhDvnP35voi5QT/rIM=;
 b=uUWWn8P7Cm19IANeqn7YzYFt89xQ5kSr5knt8yk2cVE0YdIZLUsEfioHT+C8+H84wu
 fh0w8/gxdvKVUPq+Y5LKfSeYxknp9NJbYJyLZIos+eYAH7rZu71WQyXLoNpbIIk/OLAe
 0/fTxloJA5dxB5/H5pWTB0CNB8+PVOxd8WsEF7Ccz2iqDt9jxXp0ubyv17JkktLmYo1N
 sinYywYkyAv1dB9n8cAuMTrfMwlALwmec6lR0f/GrA3iNyESy1C1ZtgTfvtgBxwVgn31
 sPboz+AS7zP6FZd1nYQRFK3C/lFqC/+fSzdHta6mBc86pDOzqa57/aylJR3TAzjCom65
 qQ5w==
X-Gm-Message-State: ALQs6tBlecO0V0B/XOtCozVYOe0GNFptI5ghfABV8KmP3+Qfdu95DPa5
 Kbe7y18xtYJxVxhJUMAZ2+MvIA==
X-Google-Smtp-Source: AIpwx4+2+/Vyb/F5rNoLRKVNqc6sFrHx4ufimhvl42Mv9zyFhOZdYw0w+5zFvtraeeH0f3XYT3oLGQ==
X-Received: by 10.28.131.211 with SMTP id f202mr10391916wmd.20.1523875454956; 
 Mon, 16 Apr 2018 03:44:14 -0700 (PDT)
Received: from bivouac.eciton.net (bivouac.eciton.net.
 [2a00:1098:0:86:1000:23:0:2])
 by smtp.gmail.com with ESMTPSA id 71sm9786482wmg.11.2018.04.16.03.44.13
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Mon, 16 Apr 2018 03:44:14 -0700 (PDT)
Date: Mon, 16 Apr 2018 11:44:12 +0100
From: Leif Lindholm <leif.lindholm@linaro.org>
To: Chris Co <Christopher.Co@microsoft.com>
Cc: "edk2-devel@lists.01.org" <edk2-devel@lists.01.org>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>
Message-ID: <20180416104412.npzwcvl6zlrh426k@bivouac.eciton.net>
References: <ceeba0dde1c8c84450b85ff971edaa47b908d6d6.1523660380.git.christopher.co@microsoft.com>
MIME-Version: 1.0
In-Reply-To: <ceeba0dde1c8c84450b85ff971edaa47b908d6d6.1523660380.git.christopher.co@microsoft.com>
User-Agent: NeoMutt/20170113 (1.7.2)
Subject: Re: [PATCH] ArmPkg/ArmMmuLib ARM: fix Mva to use idx instead of table base
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Apr 2018 10:44:17 -0000
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Fri, Apr 13, 2018 at 11:43:27PM +0000, Chris Co wrote:
> Mva address calculation should use the left-shifted current
> section index instead of the left-shifted table base address.
> 
> Using the table base address here has the side-effect of potentially
> causing an access violation depending on the base address value.
> 
> Cc: Leif Lindholm <leif.lindholm@linaro.org>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Christopher Co <christopher.co@microsoft.com>
> ---
>  ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibCore.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibCore.c b/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibCore.c
> index 774a7ccf59..9bf4ba03fd 100644
> --- a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibCore.c
> +++ b/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibCore.c
> @@ -716,7 +716,7 @@ UpdateSectionEntries (
>        Descriptor |= EntryValue;
>  
>        if (CurrentDescriptor  != Descriptor) {
> -        Mva = (VOID *)(UINTN)(((UINTN)FirstLevelTable) << TT_DESCRIPTOR_SECTION_BASE_SHIFT);
> +        Mva = (VOID *)(UINTN)(((UINTN)FirstLevelIdx + i) << TT_DESCRIPTOR_SECTION_BASE_SHIFT);

So, this clearly looks like you've found a bug - thanks!

But I am a little bit confused about the patch - should this not need
to incorporate the descriptor size in some way?
I.e. something like
  Mva = (VOID *)(UINTN)(((UINTN)FirstLevelIdx + (i * sizeof(UINTN))) << TT_DESCRIPTOR_SECTION_BASE_SHIFT);
or
  ...                           &FirstLevelTable[FirstLevelIndex + i] ...

?

Regards,

Leif

>  
>          // Clean/invalidate the cache for this section, but only
>          // if we are modifying the memory type attributes
> -- 
> 2.15.1.gvfs.2.39.g03d366a
>