From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id DD431740032 for ; Sun, 14 Jul 2024 12:25:11 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=rI18MNRkXoUUmdw3zFemskGnW7WtgMyskVMazHQfEJY=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1720959911; v=1; b=TLHLQZpfInYiYWKFijirje9Fjh+eMu+aVPUNrDJJGDQQAWfBoerEh4QZFgeM08q4FhLpBum+ /nid7yEhxMG+O/Krnbl/M7c2vhekmr/ZEwHmXGwDTYYaNZqUiG00iyi6zRpo4z/9Wc78DwHhmog jIx36WeX+KUDdaU4xqcQWYwQoIfNAPtq6RqcMeXGKecx4Ni0tLdgu3gNlowHTxVNzihBLZV9TuD CCSemNJXsdfZYTWUkVnjVuq1Ol1ibYRxscg/kGU7iu7/WOQivqCEbFyCWDnz1Yn0didCqApTpx3 6aEKLox51CdFQ0QU/5Gk23fLcv7Jn9AiMaKsD0kj5hTTg== X-Received: by 127.0.0.2 with SMTP id eoUhYY7687511x73hHnN1DQu; Sun, 14 Jul 2024 05:25:10 -0700 X-Received: from m16.mail.163.com (m16.mail.163.com [117.135.210.3]) by mx.groups.io with SMTP id smtpd.web10.15293.1720959908418074981 for ; Sun, 14 Jul 2024 05:25:09 -0700 X-Received: from sh-hanliyang.Hygon.cn (unknown [118.242.3.34]) by gzga-smtp-mta-g3-5 (Coremail) with SMTP id _____wD3fy6Xw5Nmhb3wCw--.63654S4; Sun, 14 Jul 2024 20:25:00 +0800 (CST) From: wojiaohanliyang@163.com To: devel@edk2.groups.io Cc: erdemaktas@google.com, jejb@linux.ibm.com, jiewen.yao@intel.com, min.m.xu@intel.com, thomas.lendacky@amd.com, kraxel@redhat.com, hanliyang Subject: [edk2-devel] [PATCH 2/3] OvmfPkg/PlatformInitLib: Init the EmuVariableNvStore before copy data Date: Sun, 14 Jul 2024 20:24:54 +0800 Message-Id: <20240714122455.136148-3-wojiaohanliyang@163.com> In-Reply-To: <20240714122455.136148-1-wojiaohanliyang@163.com> References: <20240714122455.136148-1-wojiaohanliyang@163.com> MIME-Version: 1.0 X-CM-TRANSID: _____wD3fy6Xw5Nmhb3wCw--.63654S4 X-Coremail-Antispam: 1Uf129KBjvJXoWxAr4rWFyrtrW8JF13KFWDCFg_yoWrtF1Dpr WUXa15GrWkGFWUAr1Ut3s7JFy5ArWfAF1UG3WUJr1UJ3W5Cw4DAw1YyF1fJF48Xr4UJr1j qr4Iqw1ktFZ8WaDanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x0zR8-BiUUUUU= X-Originating-IP: [118.242.3.34] X-CM-SenderInfo: 5zrmxthrkd0zxl1d0wi6rwjhhfrp/xtbBZx0cL2V4IGb4JAAAsO Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Sun, 14 Jul 2024 05:25:09 -0700 Resent-From: wojiaohanliyang@163.com Reply-To: devel@edk2.groups.io,wojiaohanliyang@163.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: Sm73HeHC8veQq0eDWLb0g8z9x7686176AA= Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=TLHLQZpf; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=163.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io From: hanliyang BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4807 In the case launch with just OVMF.fd, if we just init part of the EmuVariableNvStore, then EmuVariableFvbRuntimeDxe will skip the initialize process of the EmuVariableNvStore and the Ftw (Fault Tolerant Write) part of the EmuVariableNvStore will not be initialized before the Ftw part is accessed. When we launch a SEV guest, the FaultTolerantWriteDxe will get scrambled data when read Ftw part of the EmuVariableNvStore, the FaultToleranteWriteDxe access address specified by the scrambled data will cause invalid address access and crash. The crash message is shown as below. Loading driver at 0x000BDB92000 EntryPoint=0x000BDB95EF4 FaultTolerantWriteDxe.efi InstallProtocolInterface: BC62157E-3E33-4FEC-9920-2D3B36D750DF BDE01D98 ProtectUefiImageCommon - 0xBDE01040 - 0x00000000BDB92000 - 0x0000000000005B00 Ftw: FtwWorkSpaceLba - 0x40, WorkBlockSize - 0x1000, FtwWorkSpaceBase - 0x0 Ftw: FtwSpareLba - 0x42, SpareBlockSize - 0x1000 Ftw: NumberOfWorkBlock - 0x1, FtwWorkBlockLba - 0x40 Ftw: WorkSpaceLbaInSpare - 0x0, WorkSpaceBaseInSpare - 0x0 Ftw: Remaining work space size - FE0 !!!! X64 Exception Type - 0D(#GP - General Protection) CPU Apic ID - 00000000 !!!! ExceptionData - 0000000000000000 RIP - 00000000BDB92459, CS - 0000000000000038, RFLAGS - 0000000000010286 RAX - 587E3201A019FB0C, RCX - 587E3200E238F994, RDX - 0000000000000001 RBX - 00000000BDE10018, RSP - 00000000BFB79AD8, RBP - 0000000000000FE0 RSI - 00000000BDE100A8, RDI - 00000000BDE10128 R8 - D4642A9DFB7C79BE, R9 - 00000000000003F8, R10 - 00000000BDB96602 R11 - 0000000000000002, R12 - 00000000BDE100A0, R13 - 0000000000000000 R14 - 0000000000000001, R15 - 00000000BFBA76C0 DS - 0000000000000030, ES - 0000000000000030, FS - 0000000000000030 GS - 0000000000000030, SS - 0000000000000030 CR0 - 0000000080010033, CR2 - 0000000000000000, CR3 - 00000000BF801000 CR4 - 0000000000000668, CR8 - 0000000000000000 DR0 - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000 DR3 - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400 GDTR - 00000000BF5DC000 0000000000000047, LDTR - 0000000000000000 IDTR - 00000000BEF0C018 0000000000000FFF, TR - 0000000000000000 FXSAVE_STATE - 00000000BFB79730 !!!! Find image based on IP(0xBDB92459) /dev/shm/edk2/Build/OvmfX64/DEBUG_GCC5/X64/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe/DEBUG/FaultTolerantWriteDxe.dll (ImageBase=00000000BDB92000, EntryPoint=00000000BDB95EF4) !!!! Fixes: 4f173db8b45b ("OvmfPkg/PlatformInitLib: Add functions for EmuVariableNvStore") Signed-off-by: hanliyang --- OvmfPkg/Library/PlatformInitLib/Platform.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/OvmfPkg/Library/PlatformInitLib/Platform.c b/OvmfPkg/Library/PlatformInitLib/Platform.c index 0a720a4c2c..5dbc5506f4 100644 --- a/OvmfPkg/Library/PlatformInitLib/Platform.c +++ b/OvmfPkg/Library/PlatformInitLib/Platform.c @@ -905,6 +905,8 @@ PlatformReserveEmuVariableNvStore ( #define CLEARED_ARRAY_STATUS 0x00 +#define ERASED_UINT8 0xff + /** When OVMF is lauched with -bios parameter, UEFI variables will be partially emulated, and non-volatile variables may lose their contents @@ -982,6 +984,24 @@ PlatformInitEmuVariableNvStore ( DEBUG ((DEBUG_INFO, "Init EmuVariableNvStore with the content in FlashNvStorage\n")); + // + // Init the whole EmuVariableNvStore before copy the content from + // FlashNvStorage to the EmuVariableNvStore. + // + // In the case launch with just OVMF.fd, if we just init part of the + // EmuVariableNvStore, then EmuVariableFvbRuntimeDxe will skip the + // initialize process of the EmuVariableNvStore and the Ftw (Fault + // Tolerant Write) part of the EmuVariableNvStore will not be + // initialized before the Ftw part is accessed. When we launch a SEV + // guest, the FaultTolerantWriteDxe will get scrambled data when read + // Ftw part of the EmuVariableNvStore, the FaultToleranteWriteDxe + // access address specified by the scrambled data will cause invalid + // address access and crash. + // + // The method to init EmuVariableNvStore here references + // OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c. + // + SetMem (EmuVariableNvStore, EmuVariableNvStoreSize, ERASED_UINT8); CopyMem (EmuVariableNvStore, Base, Size); return EFI_SUCCESS; -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119928): https://edk2.groups.io/g/devel/message/119928 Mute This Topic: https://groups.io/mt/107212943/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-