[PATCH 1/1] MdeModulePkg/Core: Move Private calculation after TemporaryRamMigration

[PATCH 1/1] MdeModulePkg/Core: Move Private calculation after TemporaryRamMigration

[Guomin Jiang]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2639

Move Private calculation after TemporaryRamMigration to avoid calculate
Private twice.

RootCause:
1. ebp is used as Private pointer
2. It is calculated in TemporaryRamMigration again
3. So Private point to the invalid address after second calculation
4. When MigrateMemoryPages consume Private, Segmentation fault happened

Detail analysis can refer
https://bugzilla.tianocore.org/show_bug.cgi?id=2639#c18

Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Debkumar De <debkumar.de@intel.com>
Cc: Harry Han <harry.han@intel.com>
Cc: Catharine West <catharine.west@intel.com>
---
 MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c b/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c
index 3552feda8f1b..4b6ec00f71bd 100644
--- a/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c
+++ b/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c
@@ -837,17 +837,6 @@ PeiCheckAndSwitchStack (
 
       DEBUG ((DEBUG_INFO, "Heap Offset = 0x%lX Stack Offset = 0x%lX\n", (UINT64)Private->HeapOffset, (UINT64)Private->StackOffset));
 
-      //
-      // Calculate new HandOffTable and PrivateData address in permanent memory's stack
-      //
-      if (StackOffsetPositive) {
-        SecCoreData = (CONST EFI_SEC_PEI_HAND_OFF *)((UINTN)(VOID *)SecCoreData + StackOffset);
-        Private     = (PEI_CORE_INSTANCE *)((UINTN)(VOID *)Private + StackOffset);
-      } else {
-        SecCoreData = (CONST EFI_SEC_PEI_HAND_OFF *)((UINTN)(VOID *)SecCoreData - StackOffset);
-        Private     = (PEI_CORE_INSTANCE *)((UINTN)(VOID *)Private - StackOffset);
-      }
-
       //
       // Temporary Ram Support PPI is provided by platform, it will copy
       // temporary memory to permanent memory and do stack switching.
@@ -861,6 +850,17 @@ PeiCheckAndSwitchStack (
                                 TemporaryRamSize
                                 );
 
+      //
+      // Calculate new HandOffTable and PrivateData address in permanent memory's stack
+      //
+      if (StackOffsetPositive) {
+        SecCoreData = (CONST EFI_SEC_PEI_HAND_OFF *)((UINTN)(VOID *)SecCoreData + StackOffset);
+        Private     = (PEI_CORE_INSTANCE *)((UINTN)(VOID *)Private + StackOffset);
+      } else {
+        SecCoreData = (CONST EFI_SEC_PEI_HAND_OFF *)((UINTN)(VOID *)SecCoreData - StackOffset);
+        Private     = (PEI_CORE_INSTANCE *)((UINTN)(VOID *)Private - StackOffset);
+      }
+
       //
       // Migrate memory pages allocated in pre-memory phase.
       // It could not be called before calling TemporaryRamSupportPpi->TemporaryRamMigration()
-- 
2.26.2.windows.1

Re: [edk2-devel] [PATCH 1/1] MdeModulePkg/Core: Move Private calculation after TemporaryRamMigration

[Raf Meeusen]

[-- Attachment #1: Type: text/plain, Size: 100 bytes --]

Got stuck with a segfault on Ubuntu 20.04 running EmulatorX64 (./Host).
This patch worked for me.

[-- Attachment #2: Type: text/html, Size: 105 bytes --]