From: "Gerd Hoffmann" <kraxel@redhat.com>
To: devel@edk2.groups.io
Cc: Laszlo Ersek <lersek@redhat.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Ard Biesheuvel <ardb+tianocore@kernel.org>,
Jiewen Yao <jiewen.yao@intel.com>,
oliver@redhat.com
Subject: [edk2-devel] [PATCH 1/4] OvmfPkg/VirtNorFlashDxe: fix shadowbuffer reads
Date: Fri, 12 Jan 2024 12:37:51 +0100 [thread overview]
Message-ID: <20240112113754.14710-2-kraxel@redhat.com> (raw)
In-Reply-To: <20240112113754.14710-1-kraxel@redhat.com>
In some cases (specifically when the flash update region is
small but crosses a multiple of P30_MAX_BUFFER_SIZE_IN_BYTES)
NorFlashWriteSingleBlock reads only one instead of two
P30_MAX_BUFFER_SIZE_IN_BYTES blocks into the shadow buffer.
That leads to random crap being written to the second block,
which in turn can corrupt both the variable store and the
FTW work space. One observed corruption pattern is finding
0xaf (aka PcdDebugClearMemoryValue) right after the last
entry in the FTW log. This should have been 0xff.
This patch fixes the calculation.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
index 1afd60ce66eb..cdc809d75e3d 100644
--- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
@@ -566,7 +566,7 @@ NorFlashWriteSingleBlock (
Instance,
Lba,
Offset & ~BOUNDARY_OF_32_WORDS,
- (*NumBytes | BOUNDARY_OF_32_WORDS) + 1,
+ (((Offset & BOUNDARY_OF_32_WORDS) + *NumBytes) | BOUNDARY_OF_32_WORDS) + 1,
Instance->ShadowBuffer
);
if (EFI_ERROR (Status)) {
--
2.43.0
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113717): https://edk2.groups.io/g/devel/message/113717
Mute This Topic: https://groups.io/mt/103680932/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2024-01-12 11:38 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-12 11:37 [edk2-devel] [PATCH 0/4] OvmfPkg/VirtNorFlashDxe: fix corruption + misc small improvements Gerd Hoffmann
2024-01-12 11:37 ` Gerd Hoffmann [this message]
2024-01-12 12:11 ` [edk2-devel] [PATCH 1/4] OvmfPkg/VirtNorFlashDxe: fix shadowbuffer reads Ard Biesheuvel
2024-01-12 11:37 ` [edk2-devel] [PATCH 2/4] OvmfPkg/VirtNorFlashDxe: clarify block write logic Gerd Hoffmann
2024-01-12 12:14 ` Ard Biesheuvel
2024-01-12 11:37 ` [edk2-devel] [PATCH 3/4] OvmfPkg/VirtNorFlashDxe: allow larger writes without block erase Gerd Hoffmann
2024-01-12 12:15 ` Ard Biesheuvel
2024-01-12 11:37 ` [edk2-devel] [PATCH 4/4] OvmfPkg/VirtNorFlashDxe: ValidateFvHeader: unwritten state is EOL too Gerd Hoffmann
2024-01-12 12:16 ` Ard Biesheuvel
2024-01-12 12:41 ` Gerd Hoffmann
2024-01-15 10:21 ` [edk2-devel] [PATCH 0/4] OvmfPkg/VirtNorFlashDxe: fix corruption + misc small improvements Laszlo Ersek
2024-01-15 12:38 ` Laszlo Ersek
2024-01-15 17:56 ` Ard Biesheuvel
2024-01-16 9:37 ` Laszlo Ersek
2024-01-16 10:21 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240112113754.14710-2-kraxel@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox