From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by ml01.01.org (Postfix) with ESMTP id 876AB1A1DEF for ; Tue, 16 Aug 2016 09:49:08 -0700 (PDT) Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga101.fm.intel.com with ESMTP; 16 Aug 2016 09:49:08 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.28,529,1464678000"; d="scan'208,217";a="866397035" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by orsmga003.jf.intel.com with ESMTP; 16 Aug 2016 09:49:06 -0700 Received: from fmsmsx121.amr.corp.intel.com (10.18.125.36) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.248.2; Tue, 16 Aug 2016 09:49:05 -0700 Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by fmsmsx121.amr.corp.intel.com (10.18.125.36) with Microsoft SMTP Server (TLS) id 14.3.248.2; Tue, 16 Aug 2016 09:49:05 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.147]) by SHSMSX104.ccr.corp.intel.com ([169.254.5.116]) with mapi id 14.03.0248.002; Wed, 17 Aug 2016 00:49:03 +0800 From: "Gao, Liming" To: Andrew Fish CC: edk2-devel Thread-Topic: [edk2] [MdeModulePkg][PeiCore] I seemed to have crashed the PEI Core by grabbing memory from PeiTemporaryRamBase? Thread-Index: AQHR9PDNwlm4FMm6pUCkk1sIU0rVj6BKLCyw//+DQICAAht1cA== Date: Tue, 16 Aug 2016 16:49:03 +0000 Message-ID: <4A89E2EF3DFEDB4C8BFDE51014F606A1155EBB37@shsmsx102.ccr.corp.intel.com> References: <7B465500-570A-4B78-B1F2-458C36E7DC08@apple.com> <4A89E2EF3DFEDB4C8BFDE51014F606A1155EB470@shsmsx102.ccr.corp.intel.com> <7A93D95B-B05C-46C3-9B82-9974FECDA0ED@apple.com> In-Reply-To: <7A93D95B-B05C-46C3-9B82-9974FECDA0ED@apple.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ctpclassification: CTP_IC x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiODA2ZTkxMzItMGRkNi00ZjRjLTg2OGItZjBiODVlZDhlM2YwIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE1LjkuNi42IiwiVHJ1c3RlZExhYmVsSGFzaCI6InRRMjR3bkc1V0FheGw0anJUVEpxaXNlYmRRSTVSY1dVdXZuTVpzS2xXYVU9In0= x-originating-ip: [10.239.127.40] MIME-Version: 1.0 X-Content-Filtered-By: Mailman/MimeDel 2.1.21 Subject: Re: [MdeModulePkg][PeiCore] I seemed to have crashed the PEI Core by grabbing memory from PeiTemporaryRamBase? X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Aug 2016 16:49:08 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Andrew: PI spec has not defined such information. But, PPI implementation and Pei= Core needs to align new heap and stack layout. The full PPI should include = new heap base and new stack base. Current PPI has only one Base. Then, PPI = implementation needs mach PeiCore implementation. Thanks Liming From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Andr= ew Fish Sent: Tuesday, August 16, 2016 12:12 AM To: Gao, Liming Cc: edk2-devel Subject: Re: [edk2] [MdeModulePkg][PeiCore] I seemed to have crashed the PE= I Core by grabbing memory from PeiTemporaryRamBase? > On Aug 15, 2016, at 8:54 AM, Gao, Liming wrote: > > Andrew: > In permanent memory, PeiCore places heap base as stack top. Heap is above= stack. There is no hole between them. SEC needs to follow this layout and = migrate the temporary memory to permanent memory. It should copy TemporaryR= am HEAP and STACK range separately. HEAP range is specified by PeiTemporary= RamBase and PeiTemporaryRamSize, and STACK range is specified by StackBase = and StackSize. The grabbed memory is not migrated, because PeiCore doesn't = know it. But, EmulatorPkg Sec SecTemporaryRamSupport() migrates the whole t= emporary memory together. The grabbed memory is also migrated and wrongly r= egarded as heap data. So, the fix is to update SecTemporaryRamSupport() imp= lementation in SEC. > Limiing, I don't see any info in the PPI definition or the PI spec that defines the = heap and stack are copied separately? The PPI just passes the entire ranges= ? That is why I assumes in the PPI case the offsets should be relative to t= he big shift? /** This service of the EFI_PEI_TEMPORARY_RAM_SUPPORT_PPI that migrates tempora= ry RAM into permanent memory. @param PeiServices Pointer to the PEI Services Table. @param TemporaryMemoryBase Source Address in temporary memory from which th= e SEC or PEIM will copy the Temporary RAM contents. @param PermanentMemoryBase Destination Address in permanent memory into whi= ch the SEC or PEIM will copy the Temporary RAM contents. @param CopySize Amount of memory to migrate from temporary to permanent mem= ory. @retval EFI_SUCCESS The data was successfully returned. @retval EFI_INVALID_PARAMETER PermanentMemoryBase + CopySize > TemporaryMem= oryBase when TemporaryMemoryBase > PermanentMemoryBase. **/ typedef EFI_STATUS (EFIAPI * TEMPORARY_RAM_MIGRATION)( IN CONST EFI_PEI_SERVICES **PeiServices, IN EFI_PHYSICAL_ADDRESS TemporaryMemoryBase, IN EFI_PHYSICAL_ADDRESS PermanentMemoryBase, IN UINTN CopySize ); Thanks, Andrew Fish > Thanks > Liming > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of An= drew Fish > Sent: Saturday, August 13, 2016 7:25 AM > To: edk2-devel > Subject: [edk2] [MdeModulePkg][PeiCore] I seemed to have crashed the PEI = Core by grabbing memory from PeiTemporaryRamBase? > > I grabbed some memory between SEC and the PEI Core by adjusting SecCoreDa= ta-> PeiTemporaryRamBase and SecCoreData-> PeiTemporaryRamSize. > > When looking at the code I don't really understand the logic of the algor= ithm? So maybe I'm doing something wrong. > > This adjustment does not seem right to me? > https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Core/Pei/Dispa= tcher/Dispatcher.c#L768 > // > // Heap Offset > // > BaseOfNewHeap =3D TopOfNewStack; > if (BaseOfNewHeap >=3D (UINTN)SecCoreData->PeiTemporaryRamBase) { > Private->HeapOffsetPositive =3D TRUE; > Private->HeapOffset =3D (UINTN)(BaseOfNewHeap - (UINTN)SecCoreData->PeiTe= mporaryRamBase); > } else { > Private->HeapOffsetPositive =3D FALSE; > Private->HeapOffset =3D (UINTN)((UINTN)SecCoreData->PeiTemporaryRamBase -= BaseOfNewHeap); > } > > > The above code seems to be making a very strange adjustment. I noticed th= e adjustment in my failing case was off by 0xC0 which is the amount of memo= ry I carved out prior to entering the PEI Core. > > https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Core/Pei/Dispa= tcher/Dispatcher.c#L796 > > // > // Temporary Ram Support PPI is provided by platform, it will copy > // temporary memory to permenent memory and do stack switching. > // After invoking Temporary Ram Support PPI, the following code's > // stack is in permanent memory. > // > TemporaryRamSupportPpi->TemporaryRamMigration ( > PeiServices, > TemporaryRamBase, > (EFI_PHYSICAL_ADDRESS)(UINTN)(TopOfNewStack - TemporaryStackSize), > TemporaryRamSize > ); > > > And this is also a case in which the stack got bigger. But it seems to me= the shift if really defined by TemporaryRamBase, TopOfNewStack, and Tempor= aryStackSize in this case. > > The failure I hit was OldCoreData->Fv pointer was shifted so when the PPI= was called the system crashed. Is this a bug in the gEfiTemporaryRamSuppor= tPpiGuid path? > > If I changed the HeadOffset algorithm my crash went away? Private->HeapOf= fset =3D ((UINTN)TopOfNewStack - TemporaryStackSize) - TemporaryRamBase; > > Thanks, > > Andrew Fish > > PS My failure case was the EmulatorPkg. I've not had a chance to verify t= his failure in the open source yet, but I'm guessing reversing this #if wil= l make it happen. > > > https://github.com/tianocore/edk2/blob/master/EmulatorPkg/Sec/Sec.c#L107 > > #if 0 > // Tell the PEI Core to not use our buffer in temp RAM > SecPpiList =3D (EFI_PEI_PPI_DESCRIPTOR *)SecCoreData->PeiTemporaryRamBase= ; > SecCoreData->PeiTemporaryRamBase =3D (VOID *)((UINTN)SecCoreData->PeiTemp= oraryRamBase + SecReseveredMemorySize); > SecCoreData->PeiTemporaryRamSize -=3D SecReseveredMemorySize; > #else > { > // > // When I subtrack from SecCoreData->PeiTemporaryRamBase PEI Core crashes= ? Either there is a bug > // or I don't understand temp RAM correctly? > // > EFI_PEI_PPI_DESCRIPTOR PpiArray[10]; > > SecPpiList =3D &PpiArray[0]; > ASSERT (sizeof (PpiArray) >=3D SecReseveredMemorySize); > } > #endif > > > > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel