From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+113618+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 7C23CD811BC
	for <rebecca@openfw.io>; Thu, 11 Jan 2024 13:36:36 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=DiR7inqFAWsVYUYzWYc/QhIylIs2HsflYZbTHc2xfC4=;
 c=relaxed/simple; d=groups.io;
 h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type;
 s=20140610; t=1704980195; v=1;
 b=ILpFPO16A02ohlJTWnsuAjc1Ydgkt4a6zjuOczjx4TyVPSn3CGterMPUMh7Uniie+hOhDZoM
 kC7dPt42C05RJ45TU5KMV2nqYIJ1NU3zDgfwvkMnmQgYxWOjUL4jBMb7fYXZfbpLIjygx2//cRC
 /LToJ84fbNldJkTQ30r4xUB4=
X-Received: by 127.0.0.2 with SMTP id VruNYY7687511xTqUn2JrOK3; Thu, 11 Jan 2024 05:36:35 -0800
X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by mx.groups.io with SMTP id smtpd.web11.11356.1704980194531824054
 for <devel@edk2.groups.io>;
 Thu, 11 Jan 2024 05:36:34 -0800
X-Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73])
 by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-215-OSy9MsHYNaqSjBg4lSeITw-1; Thu,
 11 Jan 2024 08:36:29 -0500
X-MC-Unique: OSy9MsHYNaqSjBg4lSeITw-1
X-Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 169BB3811F22;
	Thu, 11 Jan 2024 13:36:29 +0000 (UTC)
X-Received: from dobby.home.kraxel.org (unknown [10.39.194.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 9B307492BF0;
	Thu, 11 Jan 2024 13:36:28 +0000 (UTC)
X-Received: by dobby.home.kraxel.org (Postfix, from userid 1000)
	id 6F606AAAC7; Thu, 11 Jan 2024 14:36:27 +0100 (CET)
From: "Gerd Hoffmann" <kraxel@redhat.com>
To: devel@edk2.groups.io
Cc: oliver@redhat.com, Jiewen Yao <jiewen.yao@intel.com>,
	Gerd Hoffmann <kraxel@redhat.com>, Laszlo Ersek <lersek@redhat.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>
Subject: [edk2-devel] [PATCH 1/1] OvmfPkg/VirtNorFlashDxe: fix shadowbuffer reads
Date: Thu, 11 Jan 2024 14:36:27 +0100
Message-ID: <20240111133627.156839-1-kraxel@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.10
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,kraxel@redhat.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: 7NaacUHjWEzbnYXokUAbattBx7686176AA=
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"; x-default=true
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=ILpFPO16;
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none)

In some cases (specifically when the flash update region is
small but crosses a multiple of P30_MAX_BUFFER_SIZE_IN_BYTES)
NorFlashWriteSingleBlock reads only one instead of two
P30_MAX_BUFFER_SIZE_IN_BYTES blocks into the shadow buffer.

That leads to random crap being written to the second block,
which in turn can corrupt both the variable store and the
FTW work space.

This patch fixes the calculation.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
index 1afd60ce66eb..cdc809d75e3d 100644
--- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
@@ -566,7 +566,7 @@ NorFlashWriteSingleBlock (
                Instance,
                Lba,
                Offset & ~BOUNDARY_OF_32_WORDS,
-               (*NumBytes | BOUNDARY_OF_32_WORDS) + 1,
+               (((Offset & BOUNDARY_OF_32_WORDS) + *NumBytes) | BOUNDARY_OF_32_WORDS) + 1,
                Instance->ShadowBuffer
                );
     if (EFI_ERROR (Status)) {
-- 
2.43.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113618): https://edk2.groups.io/g/devel/message/113618
Mute This Topic: https://groups.io/mt/103661868/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-