From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2a00:1450:4864:20::543; helo=mail-ed1-x543.google.com; envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-ed1-x543.google.com (mail-ed1-x543.google.com [IPv6:2a00:1450:4864:20::543]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id B20B7211AEA4B for ; Fri, 4 Jan 2019 10:05:04 -0800 (PST) Received: by mail-ed1-x543.google.com with SMTP id h50so32527140ede.5 for ; Fri, 04 Jan 2019 10:05:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=DknfAsB782kb3Js4W/x6Vm9HBaGgnaqZtNKcJnzorJY=; b=TU5c+KS8VKk8aPxck7PZYmCnclXKTKk6X3bgbNhjEPT6svaYRbuMkrwBQQxLPFq4Da /xLdakm/U2yrwfAs0cThJVx7q/7n0UiyJGvirx3GzM+wd0TyzmgRAb1++f4hSecqHRfh boqBPHt3bCI+noZl4ZH1w0ldMJ0FeULe4rsPc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=DknfAsB782kb3Js4W/x6Vm9HBaGgnaqZtNKcJnzorJY=; b=uUu+h8DbrkvFzU6nl1AP3qbcRKpYSk50BDWectvgr52vWMJk7CHboC0/Ks8KYfjaBz E9xEIOaWo+Ta6BLHyXFKjf/PhSq/vkoCsHQQtWEX5i/4Cwdj0oA3sENm4pwEQjS0I9y1 i9ZtL/d3NDtwEubGK9m3xebBjMl7SNQDu/9cgVtchF5Lt2eEzk5BbQ3/EJ/vurifaMaP QBe1k1smgTvn0jUYcvwjIDMO/Q6xjkbNA3MEQrYOxndycnbr9U1phUVEUsHQ4XlVYMfh wnNNhZgeh43qkA/9MNg06wMgdmdC33ohxncRzqg2Y5jYwX/oh46oxcEmio/2+HsGFdMt QKfg== X-Gm-Message-State: AA+aEWYijCNgG8A38wF5KJgSasXL94X0NJHyX9I3IzVaYc+Fs+5EdSaz +oMjDzxHSazIHW9afIHrZkLDaOm21m8cIw== X-Google-Smtp-Source: AFSGD/Vi8rq/1EG6TJWDsoiJTNjEIojxQBGwA32afDTPtAK07ZYFUtTVg+cbaplDzDC09Ra0LIZU+A== X-Received: by 2002:a50:a826:: with SMTP id j35mr48314907edc.230.1546625102948; Fri, 04 Jan 2019 10:05:02 -0800 (PST) Received: from dogfood.home ([2a01:cb1d:112:6f00:183a:9013:d5a3:37a8]) by smtp.gmail.com with ESMTPSA id t26sm26038977eda.22.2019.01.04.10.05.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 04 Jan 2019 10:05:01 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org Date: Fri, 4 Jan 2019 19:04:32 +0100 Message-Id: <20190104180432.24480-2-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190104180432.24480-1-ard.biesheuvel@linaro.org> References: <20190104180432.24480-1-ard.biesheuvel@linaro.org> Subject: [PATCH 2/2] ArmPkg/ArmMmuLib ARM: fix thinko in second level page table handling X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jan 2019 18:05:05 -0000 PopulateLevel2PageTable () is invoked for [parts of] mappings that start or end on a non-1 MB aligned address (or both). The size of the mapping depends on both the start address modulo 1 MB and the length of the mapping, but the logic that calculates this size is flawed: subtracting 'start address modulo 1 MB' could result in a negative value for the remaining length, which is obviously wrong. So instead, take either RemainLength, or the rest of the 1 MB block, whichever is smaller. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ard Biesheuvel --- ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibCore.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibCore.c b/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibCore.c index b237321a8d8b..3b3b20aa9b78 100644 --- a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibCore.c +++ b/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibCore.c @@ -294,8 +294,8 @@ FillTranslationTable ( PhysicalBase += TT_DESCRIPTOR_SECTION_SIZE; RemainLength -= TT_DESCRIPTOR_SECTION_SIZE; } else { - PageMapLength = MIN (RemainLength, TT_DESCRIPTOR_SECTION_SIZE) - - (PhysicalBase % TT_DESCRIPTOR_SECTION_SIZE); + PageMapLength = MIN (RemainLength, TT_DESCRIPTOR_SECTION_SIZE - + (PhysicalBase % TT_DESCRIPTOR_SECTION_SIZE)); // Case: Physical address aligned on the Section Size (1MB) && the length // does not fill a section -- 2.17.1