From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-in6.apple.com (mail-out6.apple.com [17.151.62.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 6E57A21969FBE for ; Wed, 24 May 2017 08:08:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1495638516; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-version:Content-type: Content-transfer-encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-reply-to:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=N7fseu/slWb7kXddXlY5Du+0lLK7P+FJY38QukYTBbc=; b=FOC/6esYX2TJWNsKrxBq/Yxzuvha0K0EBWmEuXL+DPFc0wPFtTzodtqxjs03mOK/ 9M8ti+kdiw9gXnPK8GkGoAIyW+Q110/+U+q4fEUskPxc24msq88hz6mAoWEjEX7B SLiK1SbAO9EhNOmNe6mX8Pw/0GPUYk7g8zCPWxVSPtFUO6wDqCwXwh3107lRVuUT O7C1XW8ivTDAzIQXvn0yec6CWS1+ILXAwmdQwkydwA0m/anMq8/aUoT0/yvAGzDD PRUpSv5f7cByAgm4XHm1f9AU3Ti+NwS3+6sK0N8A52RUoCRyt2LMRKDarkeiOZWl 4ASUeokHEqW1sU1mzCpZLw==; Received: from relay7.apple.com (relay7.apple.com [17.128.113.101]) (using TLS with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail-in6.apple.com (Apple Secure Mail Relay) with SMTP id CE.85.24649.3F1A5295; Wed, 24 May 2017 08:08:36 -0700 (PDT) X-AuditID: 11973e15-a4ffb70000006049-ba-5925a1f37713 Received: from nwk-mmpp-sz13.apple.com (nwk-mmpp-sz13.apple.com [17.128.115.216]) by relay7.apple.com (Apple SCV relay) with SMTP id CC.BC.18088.3F1A5295; Wed, 24 May 2017 08:08:35 -0700 (PDT) MIME-version: 1.0 Received: from [17.153.39.244] by nwk-mmpp-sz13.apple.com (Oracle Communications Messaging Server 8.0.1.2.20170210 64bit (built Feb 10 2017)) with ESMTPSA id <0OQG00818Q2AMY10@nwk-mmpp-sz13.apple.com>; Wed, 24 May 2017 08:08:35 -0700 (PDT) Sender: afish@apple.com From: Andrew Fish In-reply-to: Date: Wed, 24 May 2017 08:08:34 -0700 Cc: "Ye, Ting" , "edk2-devel@lists.01.org" Message-id: References: To: Karunakar P X-Mailer: Apple Mail (2.3273) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrKLMWRmVeSWpSXmKPExsUi2FCYqvtloWqkwarjbBZ7Dh1ltpjZ/o3N 4tDB96wOzB7/Ns9n8Vi85yWTR/fsfywBzFFcNimpOZllqUX6dglcGS1PP7MVXJWvuLhlG2MD 432JLkYODgkBE4kn/4y7GLk4hATWMEmsuPaTqYuREyx+4gqIDZI4xChxeeNzFpAEr4CgxI/J 91hAmpkF5CUOnpcFCTMLaEl8f9TKAlH/lVGi/W4rO0hCWEBc4t2ZTcwQtp/Ez099YHE2AWWJ FfM/gNmcAgESZ5ZsBlvMIqAqce/lR0aIoZESy+4eYYXYayOx+NomRogF9xklnq3fCnaQiIC2 xPuvbawQV8tK3Jp9iRmkSEJgC5vEwmUH2ScwCs9CcvgshMNnITl8ASPzKkah3MTMHN3MPDO9 xIKCnFS95PzcTYygcJ9uJ7qD8cwqq0OMAhyMSjy8Hf2qkUKsiWXFlbmHGKU5WJTEeaviVSKF BNITS1KzU1MLUovii0pzUosPMTJxcEo1MIbFvGy6E3tz40vOhWlmiktLHKaWiMy5naZ+hVHl y9azs6denMNzO3VC116X9J/XG9rtWSdYCBx5KlfUYc6t/P9sFMvUcDO90D1MsSe6oi8ZJ/P9 E/kgt1XkVWvsLMFHm70PNbBy1H5Zvr/XXCfS9qKViHtMQHU739Lq9/clJ90/fSJfa2NlmhJL cUaioRZzUXEiAEhf5QdYAgAA X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprBIsWRmVeSWpSXmKPExsUi2FB8Q/fzQtVIg53HLS32HDrKbDGz/Rub xaGD71kdmD3+bZ7P4rF4z0smj+7Z/1gCmKO4bFJSczLLUov07RK4MlqefmYruCpfcXHLNsYG xvsSXYycHBICJhInrvxk6mLk4hASOMQocXnjcxaQBK+AoMSPyfeAbA4OZgF5iYPnZUHCzAJa Et8ftbJA1H9llGi/28oOkhAWEJd4d2YTM4TtJ/HzUx9YnE1AWWLF/A9gNqdAgMSZJZuZQGwW AVWJey8/MkIMjZRYdvcIK8ReG4nF1zYxQiy4zyjxbP1WsINEBLQl3n9tY4W4Wlbi1uxLzBMY BWYhuXUWwq2zkNy6gJF5FaNAUWpOYqW5XmJBQU6qXnJ+7iZGcIAWpu5gbFxudYhRgINRiYe3 o181Uog1say4MhcYGBzMSiK8D+cBhXhTEiurUovy44tKc1KLDzFWAT0wkVlKNDkfGD15JfGG JiYGJsbGZsbG5ibmVBFWEufNSlCJFBJITyxJzU5NLUgtglnOxMEp1cCo3jp/ZuNCj+JlzU6z 5+r++nN44UerOA8Jlc82Calrr7POXvhgsVBX2lmTns9W7VtL/+R7lvP/lPl9e4LD3rutbsYZ MYZru5tqnNdHW8urvr+adr/4377LqnkTq1Na/RX+d83sXi7efW5/01E/iaaDgvcWMAgYeT1w jC01q9L9wTjlgOfpC65KLMUZiYZazEXFiQDxEqO+qwIAAA== Subject: Re: Pressing ESC from "PXE windows Boot manager" causes ASSERT X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 May 2017 15:08:36 -0000 Content-transfer-encoding: 7BIT Content-type: text/plain; CHARSET=US-ASCII Karunakar, Every Pool allocation has a header and a tail data structure that is outside of the user visible data. Both these structures have signatures. The ASSERT you are seeing is a bad signature in the header so that looks like a buffer underflow. It could also be a use after free bug. Head: POOL_HEAD Buffer: User Data Tail: POOL_TAIL Given the checks only happen on Free it is possible it could be a buffer overflow on a buffer that has not yet been freed that runs into this buffer. If you have a debugger dumping the memory before and after the buffer can some times be useful. The pattern might give you some clues. Thanks, Andrew Fish > On May 23, 2017, at 10:16 PM, Karunakar P wrote: > > Hello All, > > The ASSERT happens in the following function > > /** > Internal function to free a pool entry. > Caller must have the memory lock held > > @param Buffer The allocated pool entry to free > @param PoolType Pointer to pool type > > @retval EFI_INVALID_PARAMETER Buffer not valid > @retval EFI_SUCCESS Buffer successfully freed. > > **/ > EFI_STATUS > CoreFreePoolI ( > IN VOID *Buffer, > OUT EFI_MEMORY_TYPE *PoolType OPTIONAL > ) > { > . > . > ASSERT(Buffer != NULL); > // > // Get the head & tail of the pool entry > // > Head = CR (Buffer, POOL_HEAD, Data, POOL_HEAD_SIGNATURE); // ASSERT happens here > ASSERT(Head != NULL); > . > . > } > > We are using NetworkPkg: SHA- ef810bc807188224a752ffbcf5e7f4b651291cee > > I think here I'm unable attach the files. > You can find the attached screenshots in the following Bug571 > https://bugzilla.tianocore.org/show_bug.cgi?id=571 > > Thanks, > Karunakar > > > -----Original Message----- > From: Ye, Ting [mailto:ting.ye@intel.com] > Sent: Wednesday, May 24, 2017 10:29 AM > To: Karunakar P; edk2-devel@lists.01.org > Subject: RE: Pressing ESC from "PXE windows Boot manager" causes ASSERT > > Hi Karunakar, > > Sorry I did not find your attached files. Would you please send them again? Besides that, do you mind telling us which code base are you using for PXE boot? Are you using some revision of EDKII main trunk or UDK release? > > Thanks, > Ting > > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Karunakar P > Sent: Wednesday, May 24, 2017 12:20 PM > To: edk2-devel@lists.01.org > Subject: [edk2] Pressing ESC from "PXE windows Boot manager" causes ASSERT > > Hi All, > > We have facing an issue with PXE boot. > [Issue] > When ESC is pressed from Windows Boot manager during PXE boot (IPv4 or IPv6) system Hangs with following ASSERT > > ASSERT [DxeCore] \MdeModulePkg\Core\Dxe\Mem\Pool.c : CR has Bad Signature > > [Reproduction Steps] > 1. Perform UEFI PXEv4 or UEFI PXEv6 boot 2. It will start PXE boot over IPv4/6 and Downloads NBP file successfully. > Attached the Screenshot for the same(ScreenShot1.jpg) > > It will Displays the info like "Press ENTER for network boot service" > Attached Screensho(ScreenShot2.jpg) > > 3. Press ENTER and then press ESC immediately to see the Windows Boot Manager Menu > It will list the available Operating Systems > Attached the screenshot(ScreenShot3.png) > > 4. Press ESC to come back to Setup or next Boot option > > [Result] > System hangs with ASSERT > > [Expected Result] > On pressing ESC from Windows Boot Manager, it should come back to setup/Next boot option in boot order > > Note: > We have PXE server configured in Windows Server 2012 R2. > > Please look into it. > > > Thanks, > karunakar > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel