From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by mx.groups.io with SMTP id smtpd.web10.22946.1670436058757865938 for ; Wed, 07 Dec 2022 10:00:59 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=JtvNaOC2; spf=pass (domain: kernel.org, ip: 145.40.68.75, mailfrom: ardb@kernel.org) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 42162B81F1F; Wed, 7 Dec 2022 18:00:56 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0358EC433C1; Wed, 7 Dec 2022 18:00:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1670436054; bh=drGcgcZsxaSfBq7oE1CBRET301HDcmdgXpYmBBpVfxM=; h=From:To:Cc:Subject:Date:From; b=JtvNaOC2C1opjp5QdSftXeVU59Xmg6R5KA+pzX0vs78rs1ErxaW1VrUvC9ItwUGeM AZL6/ukQ/nAj/2ve438FsT56Nw+noDX1T3DNRcetFj6vDGqn//CMP8nwLSaxAhTj90 H0u0UhNqnKGUaEgcafy3GN7xGuext2rxh5znd8rKMQEzNNPCVSE5k2hFVxjIwM7z2V 617+IxyDX9TANnqy0bQpqIRawAP0M5YoaoblIBS/xSqiDuGHQ6wVnBBnbkDmapf39u 1qt0wdHk0W70iVtSUz3LIeLcZuCxP1UUfo1CmyAg5uUrugGPyUxjEcAEKXsJ5ZMFPi iN24jNDqAhguA== From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: dandan.bi@intel.com, gaoliming@byosoft.com.cn, jian.j.wang@intel.com, Ard Biesheuvel Subject: [PATCH] MdeModulePkg/DxeCore: Use correct type for alignment mask Date: Wed, 7 Dec 2022 19:00:44 +0100 Message-Id: <20221207180044.2863126-1-ardb@kernel.org> X-Mailer: git-send-email 2.35.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable The page allocator code in CoreFindFreePagesI() uses a mask derived from its UINTN Alignment argument to align the descriptor end address of a MEMORY_MAP entry to the requested alignment, in order to check whether the descriptor covers enough sufficiently aligned area to satisfy the request. However, on 32-bit architectures, 'Alignment' is a 32-bit type, whereas DescEnd is a 64-bit type, and so the resulting operation performed on the end address comes down to masking with 0xfffff000 instead of the intended 0xffffffff_fffff000. Given the -1 at the end of the expression, the resulting address is 0xffffffff_fffffffff for any descriptor that ends on a 4G aligned boundary, and this is certainly not what was intended. So cast Alignment to UINT64 to ensure that the mask has the right size. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/Dxe/Mem/Page.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MdeModulePkg/Core/Dxe/Mem/Page.c b/MdeModulePkg/Core/Dxe/Mem/P= age.c index 160289c1f9ec..5903ce7ab525 100644 --- a/MdeModulePkg/Core/Dxe/Mem/Page.c +++ b/MdeModulePkg/Core/Dxe/Mem/Page.c @@ -1097,7 +1097,7 @@ CoreFindFreePagesI ( DescEnd =3D MaxAddress;=0D }=0D =0D - DescEnd =3D ((DescEnd + 1) & (~(Alignment - 1))) - 1;=0D + DescEnd =3D ((DescEnd + 1) & (~((UINT64)Alignment - 1))) - 1;=0D =0D // Skip if DescEnd is less than DescStart after alignment clipping=0D if (DescEnd < DescStart) {=0D --=20 2.35.1