public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [RFC PATCH] Fix ArmReplaceLiveTranslationEntry alignment
@ 2023-04-10 18:08 Marvin Häuser
  0 siblings, 0 replies; only message in thread
From: Marvin Häuser @ 2023-04-10 18:08 UTC (permalink / raw)
  To: edk2-devel-groups-io, Leif Lindholm, Ard Biesheuvel, Sami Mujawar

Good day everyone,

Sorry, but due to time constraints, I cannot immediately provide a proper patch. Would you mind checking this commit and commenting on whether it looks about right, so I can submit a proper patch for review some time this or next week? https://github.com/acidanthera/audk/commit/53f2af3ad5909e177818445cafed7bdb6aae9d97

With the proper patch, I will probably also include an ASSERT to make sure the alignment is actually checked.

The symptom is that late PEI may crash due to corrupted memory. This is due to the fact that ArmReplaceLiveTranslationEntry() is misaligned despite the requirement it may not cross page boundaries. The related .balign directive technically belongs to the previous section, as ArmReplaceLiveTranslationEntry() is moved to its own section via ASM_FUNC() macro *after' the directive appears. The directive also cannot nicely be placed after ASM_FUNC(), as that would mean the label may refer to the padding inserted to achieve said alignment. Hence, my solution is to introduce a separate macro.

Reproducers are here, I tested the last two stable tags:
https://github.com/mhaeuser/edk2/tree/arm_corruption-202211
https://github.com/mhaeuser/edk2/tree/arm_corruption-202302

... and identified the last commit it is reproducible with (my hack does not work on master):
https://github.com/mhaeuser/edk2/tree/arm_corruption-latest

The fact that the commits after that last branch work is mere luck, I just didn't want to bruteforce a new hack to trigger the issue. :)

To trigger the issue, build ArmVirtQemu/AARCH64 of any of those branches with GCC 12 (GCC5) and as DEBUG - GCC 11 and RELEASE/NOOPT do *not* trigger the issue as-is for me. If this doesn't work for you, you probably need to find a different hack to move the function across a page boundary. When starting the generated FD, I get a hang right when jumping to DxeIplPeim (its entry point is badly corrupted). Opening PeiCore in IDA, it's obvious said function is misaligned.

Best regards,
Marvin

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2023-04-10 18:08 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-04-10 18:08 [RFC PATCH] Fix ArmReplaceLiveTranslationEntry alignment Marvin Häuser

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox