From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-in4.apple.com (mail-out4.apple.com [17.151.62.26]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id EEDAE1A1E07 for ; Fri, 12 Aug 2016 16:25:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1471044313; x=2334957913; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-version:Content-type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=cVTt/Gy8s5NonsnubqXemh8h9JKpTAYDniVFy5pEUk4=; b=u9q64THrfEjvUP1jr9vmiMp41siN2mErAQi04sZU4qnZ3nLuFuqbZk+iUUCsMZH0 OmF5ZBY4dIqvMsdp/becYeeWr6FbTbivnaE7121aPTr+LztVkLBt30qt0sIDLihK /gmPgOuRxz7Eh4kacowRzSIAoLoTp5997NM/4sgSTC+HpxeZnTOBuH4XNyDpie8Q Gev/h4QfLWc9AwtU/iugHNfZygHBNV73lb8sthlCQbs1927C/EjJZaPmJhBBDDAt 2pvsB/e/B+5OcsWNLYkEz8i4jyGNCu+gLuFH0LL9ZXlCTHmqZ1fCcKfqKyJddrnp XSv3W141SxkzmJNKjnRnIA==; Received: from relay5.apple.com (relay5.apple.com [17.128.113.88]) by mail-in4.apple.com (Apple Secure Mail Relay) with SMTP id 78.A6.07433.9DA5EA75; Fri, 12 Aug 2016 16:25:13 -0700 (PDT) X-AuditID: 11973e12-f79b16d000001d09-da-57ae5ad9856a Received: from nwk-mmpp-sz11.apple.com (nwk-mmpp-sz11.apple.com [17.128.115.155]) by relay5.apple.com (Apple SCV relay) with SMTP id 3E.07.30701.9DA5EA75; Fri, 12 Aug 2016 16:25:13 -0700 (PDT) MIME-version: 1.0 Received: from [17.153.71.106] by nwk-mmpp-sz11.apple.com (Oracle Communications Messaging Server 8.0.1.1.0 64bit (built Jun 15 2016)) with ESMTPSA id <0OBT000R3L20AZ70@nwk-mmpp-sz11.apple.com> for edk2-devel@lists.01.org; Fri, 12 Aug 2016 16:25:13 -0700 (PDT) Sender: afish@apple.com From: Andrew Fish Message-id: <7B465500-570A-4B78-B1F2-458C36E7DC08@apple.com> Date: Fri, 12 Aug 2016 16:25:12 -0700 To: edk2-devel X-Mailer: Apple Mail (2.3112) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrMLMWRmVeSWpSXmKPExsUi2FAYoXszal24warZahZ7Dh1ldmD06J79 jyWAMYrLJiU1J7MstUjfLoEr4/WC94wFrxcwVxy7fI2xgfH2K6YuRk4OCQETifZ5x6BsMYkL 99azdTFycQgJ7GWUeHX+BBtM0d+paxhBbCGBQ4wS7Z/BbF4BQYkfk++xgNjMAmESj1auYYdo 7mKSONixFCwhLCAu8e7MJmYQm01AWWLF/A/sEPFSid9HLzBDDLKROPxyFZjNIqAqcXvLbbAa EQENia3drcwQR8hK7NuwAOw6CYEZbBI/H39in8AoMAvJIbOQHAJha0l8f9QKFOcAsuUlDp6X hQhrSjy79wmqRFviybsLrAsY2VYxCuUmZuboZuaZ6CUWFOSk6iXn525iBIXydDuhHYynVlkd YhTgYFTi4f3AuS5ciDWxrLgy9xCjNAeLkjivkPjacCGB9MSS1OzU1ILUovii0pzU4kOMTByc Ug2M0ZUtt/8cUFi5r7Zw6iSNZslVea0njGaeManorAysaXtS/qhG9X4er/LkaV7aL9/GJgue +VnJ9HNOtdfzVLHnCSlV09/NrC8LsfSdP+FS+YWpHFJzzJpChNp474Y0W4Zw/Ipf1VUyM/B1 onTn7sx2nj0ZTS/ShCdxy4Tv4PZz/jYro6jxJ7sSS3FGoqEWc1FxIgCosRT2RgIAAA== X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprLIsWRmVeSWpSXmKPExsUi2FA8W/dm1LpwgxkL5S32HDrK7MDo0T37 H0sAYxSXTUpqTmZZapG+XQJXxusF7xkLXi9grjh2+RpjA+PtV0xdjJwcEgImEn+nrmGEsMUk LtxbzwZiCwkcYpRo/wwW5xUQlPgx+R4LiM0sECbxaOUa9i5GLqCaLiaJgx1LwRLCAuIS785s Ygax2QSUJVbM/8AOES+V+H30AjPEIBuJwy9XgdksAqoSt7fcBqsREdCQ2NrdygxxhKzEvg0L 2CYw8s5CsnsWkt0QtpbE90etQHEOIFte4uB5WYiwpsSze5+gSrQlnry7wLqAkW0Vo0BRak5i paleYkFBTqpecn7uJkZw6BVG7GD8v8zqEKMAB6MSD+8HznXhQqyJZcWVuUD/czArifB2hwOF eFMSK6tSi/Lji0pzUosPMU5kBHpgIrOUaHI+MDLySuINTUwMTIyNzYyNzU3MaSmsJM572wno IoH0xJLU7NTUgtQimKOYODilGhjP/73yxKBSV/RVWtS3xgv/ji2eWNE9fYpxRazVk1Tx5Z4X sxa4Rhw4MH+q+oHb/xMj07iljdTFuS54ltp3+0/SPG7MJXws9HD27Y+3i60/VB211p69qjLm ut3MbQKvHuU/r92yn9ldgHuqmqTcugUdn8wbnZgt9xe2/d++Xtrz3yW9faFB7zYrsRRnJBpq MRcVJwIA2I9ie7ACAAA= X-Content-Filtered-By: Mailman/MimeDel 2.1.21 Subject: [MdeModulePkg][PeiCore] I seemed to have crashed the PEI Core by grabbing memory from PeiTemporaryRamBase? X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Aug 2016 23:25:14 -0000 Content-Type: text/plain; CHARSET=US-ASCII Content-Transfer-Encoding: 7BIT I grabbed some memory between SEC and the PEI Core by adjusting SecCoreData-> PeiTemporaryRamBase and SecCoreData-> PeiTemporaryRamSize. When looking at the code I don't really understand the logic of the algorithm? So maybe I'm doing something wrong. This adjustment does not seem right to me? https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c#L768 // // Heap Offset // BaseOfNewHeap = TopOfNewStack; if (BaseOfNewHeap >= (UINTN)SecCoreData->PeiTemporaryRamBase) { Private->HeapOffsetPositive = TRUE; Private->HeapOffset = (UINTN)(BaseOfNewHeap - (UINTN)SecCoreData->PeiTemporaryRamBase); } else { Private->HeapOffsetPositive = FALSE; Private->HeapOffset = (UINTN)((UINTN)SecCoreData->PeiTemporaryRamBase - BaseOfNewHeap); } The above code seems to be making a very strange adjustment. I noticed the adjustment in my failing case was off by 0xC0 which is the amount of memory I carved out prior to entering the PEI Core. https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c#L796 // // Temporary Ram Support PPI is provided by platform, it will copy // temporary memory to permenent memory and do stack switching. // After invoking Temporary Ram Support PPI, the following code's // stack is in permanent memory. // TemporaryRamSupportPpi->TemporaryRamMigration ( PeiServices, TemporaryRamBase, (EFI_PHYSICAL_ADDRESS)(UINTN)(TopOfNewStack - TemporaryStackSize), TemporaryRamSize ); And this is also a case in which the stack got bigger. But it seems to me the shift if really defined by TemporaryRamBase, TopOfNewStack, and TemporaryStackSize in this case. The failure I hit was OldCoreData->Fv pointer was shifted so when the PPI was called the system crashed. Is this a bug in the gEfiTemporaryRamSupportPpiGuid path? If I changed the HeadOffset algorithm my crash went away? Private->HeapOffset = ((UINTN)TopOfNewStack - TemporaryStackSize) - TemporaryRamBase; Thanks, Andrew Fish PS My failure case was the EmulatorPkg. I've not had a chance to verify this failure in the open source yet, but I'm guessing reversing this #if will make it happen. https://github.com/tianocore/edk2/blob/master/EmulatorPkg/Sec/Sec.c#L107 #if 0 // Tell the PEI Core to not use our buffer in temp RAM SecPpiList = (EFI_PEI_PPI_DESCRIPTOR *)SecCoreData->PeiTemporaryRamBase; SecCoreData->PeiTemporaryRamBase = (VOID *)((UINTN)SecCoreData->PeiTemporaryRamBase + SecReseveredMemorySize); SecCoreData->PeiTemporaryRamSize -= SecReseveredMemorySize; #else { // // When I subtrack from SecCoreData->PeiTemporaryRamBase PEI Core crashes? Either there is a bug // or I don't understand temp RAM correctly? // EFI_PEI_PPI_DESCRIPTOR PpiArray[10]; SecPpiList = &PpiArray[0]; ASSERT (sizeof (PpiArray) >= SecReseveredMemorySize); } #endif