From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web12.1687.1606335252248874367 for ; Wed, 25 Nov 2020 12:14:12 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@ibm.com header.s=pp1 header.b=LSQ36Par; spf=pass (domain: linux.ibm.com, ip: 148.163.156.1, mailfrom: jejb@linux.ibm.com) Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 0APK2HQO125416; Wed, 25 Nov 2020 15:13:54 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : subject : from : reply-to : to : cc : date : content-type : mime-version : content-transfer-encoding; s=pp1; bh=FkU3ccCv2Jfj6sHrv0YQEHS9imMi9YLAFYKulkGkvrA=; b=LSQ36Pargek2MwCl5JcIqF/M/9q/37dVd6Bgy1yegH9Qip1HLqfOWm7zp7vJUMvOZJ6T 4nUF1fUpukjrEOFKKGtcgLtREvVeM0Sc/JZGv4knGuPLnUrlgr/b33x+t77+GpBWAvPq 8oTU+u5COm42nD1fsOerUFt5ttYHQ/YiI6+HLnQLQfj52CtL3Y6Rgy35tUNv1Tj185aZ KEXwe5FxAVZ1krxXC8Qf8GcLI9nFW2aVycVMwTXHMcUvxHE0CFZLP+t+uF3LC8Kn9b2w GaOnRW1Dl2WngBpaBnIgFJ72UNxO+EzyDB79Zi2IjSYJLTd5KiOjaJMfeYoXcVJ66P+M Yg== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 351vyv9tyh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 25 Nov 2020 15:13:54 -0500 Received: from m0098393.ppops.net (m0098393.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 0APK30Ze127200; Wed, 25 Nov 2020 15:13:53 -0500 Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com [169.53.41.122]) by mx0a-001b2d01.pphosted.com with ESMTP id 351vyv9tya-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 25 Nov 2020 15:13:53 -0500 Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1]) by ppma04dal.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 0APK84Um020638; Wed, 25 Nov 2020 20:13:52 GMT Received: from b03cxnp07029.gho.boulder.ibm.com (b03cxnp07029.gho.boulder.ibm.com [9.17.130.16]) by ppma04dal.us.ibm.com with ESMTP id 351uh8171x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 25 Nov 2020 20:13:52 +0000 Received: from b03ledav004.gho.boulder.ibm.com (b03ledav004.gho.boulder.ibm.com [9.17.130.235]) by b03cxnp07029.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 0APKDpOV17695376 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 25 Nov 2020 20:13:51 GMT Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 518F278060; Wed, 25 Nov 2020 20:13:51 +0000 (GMT) Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E62517805E; Wed, 25 Nov 2020 20:13:49 +0000 (GMT) Received: from jarvis.int.hansenpartnership.com (unknown [9.85.194.234]) by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 25 Nov 2020 20:13:49 +0000 (GMT) Message-ID: <414b7574bf8249de0cecd16fb422c711feb76e1a.camel@linux.ibm.com> Subject: [PATCH] MdeModulePkg: Fix runtime panic in ValidateSetVariable() From: "James Bottomley" Reply-To: jejb@linux.ibm.com To: devel@edk2.groups.io Cc: Bret Barkelew , "Liming Gao (Byosoft address)" , "Ard Biesheuvel (ARM address)" , Laszlo Ersek Date: Wed, 25 Nov 2020 12:13:48 -0800 User-Agent: Evolution 3.34.4 MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.312,18.0.737 definitions=2020-11-25_11:2020-11-25,2020-11-25 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 lowpriorityscore=0 phishscore=0 mlxlogscore=999 malwarescore=0 priorityscore=1501 bulkscore=0 suspectscore=0 spamscore=0 clxscore=1015 adultscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2011250121 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit The current variable policy is allocated by AllocatePool(), which is boot time only. This means that if you do any variable setting in the runtime, the policy has been freed. Ordinarily this isn't detected because freed memory is still there, but when you boot the Linux kernel, it's been remapped so the actual memory no longer exists in the memory map causing a page fault. Fix this by making it AllocateRuntimePool(). For SMM drivers, the platform DSC is responsible for resolving the MemoryAllocationLib class to the SmmMemoryAllocationLib instance. In the SmmMemoryAllocationLib instance, AllocatePool() and AllocateRuntimePool() are implemented identically. Therefore this change is a no-op when the RegisterVariablePolicy() function is built into an SMM driver. The fix affects runtime DXE drivers only. Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3092 Signed-off-by: James Bottomley --- MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c index 5029ddb96adb..12944ac7ea81 100644 --- a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c +++ b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c @@ -411,7 +411,7 @@ RegisterVariablePolicy ( } // Reallocate and copy the table. - NewTable = AllocatePool( NewSize ); + NewTable = AllocateRuntimePool( NewSize ); if (NewTable == NULL) { return EFI_OUT_OF_RESOURCES; } -- 2.26.2