[PATCH] UefiCpuPkg/MtrrLib: Fix bug that may incorrectly set <1MB attribute

[PATCH] UefiCpuPkg/MtrrLib: Fix bug that may incorrectly set <1MB attribute

[Ruiyu Ni]

MtrrLibSetBelow1MBMemoryAttribute() may be called multiple times.
It's possible that in a 2nd call, Modified[0] is set to TRUE in
1st call but ClearMasks[0] and OrMasks[0] is uninitialized in
2nd call. It causes FixedSettings->Mtrr[0] be set to random
data.

The patch fixes this issue by introducing a local Modified[]
array and only updates FixedSettings->Mtrr[] when LocalModified[i]
is TRUE.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
---
 UefiCpuPkg/Library/MtrrLib/MtrrLib.c | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/UefiCpuPkg/Library/MtrrLib/MtrrLib.c b/UefiCpuPkg/Library/MtrrLib/MtrrLib.c
index cb22558103..200becdd4a 100644
--- a/UefiCpuPkg/Library/MtrrLib/MtrrLib.c
+++ b/UefiCpuPkg/Library/MtrrLib/MtrrLib.c
@@ -2114,22 +2114,32 @@ MtrrLibSetBelow1MBMemoryAttribute (
   UINT64                    OrMask;
   UINT64                    ClearMasks[ARRAY_SIZE (mMtrrLibFixedMtrrTable)];
   UINT64                    OrMasks[ARRAY_SIZE (mMtrrLibFixedMtrrTable)];
+  BOOLEAN                   LocalModified[ARRAY_SIZE (mMtrrLibFixedMtrrTable)];
 
   ASSERT (BaseAddress < BASE_1MB);
 
+  SetMem (LocalModified, sizeof (LocalModified), FALSE);
+
+  //
+  // (Value & ~0 | 0) still equals to (Value)
+  //
+  SetMem64 (ClearMasks, sizeof (ClearMasks), 0);
+  SetMem64 (OrMasks, sizeof (OrMasks), 0);
+
   MsrIndex = (UINT32)-1;
   while ((BaseAddress < BASE_1MB) && (Length != 0)) {
     Status = MtrrLibProgramFixedMtrr (Type, &BaseAddress, &Length, &MsrIndex, &ClearMask, &OrMask);
     if (RETURN_ERROR (Status)) {
       return Status;
     }
-    ClearMasks[MsrIndex] = ClearMask;
-    OrMasks[MsrIndex]    = OrMask;
-    Modified[MsrIndex]   = TRUE;
+    ClearMasks[MsrIndex]    = ClearMask;
+    OrMasks[MsrIndex]       = OrMask;
+    Modified[MsrIndex]      = TRUE;
+    LocalModified[MsrIndex] = TRUE;
   }
 
   for (MsrIndex = 0; MsrIndex < ARRAY_SIZE (mMtrrLibFixedMtrrTable); MsrIndex++) {
-    if (Modified[MsrIndex]) {
+    if (LocalModified[MsrIndex]) {
       FixedSettings->Mtrr[MsrIndex] = (FixedSettings->Mtrr[MsrIndex] & ~ClearMasks[MsrIndex]) | OrMasks[MsrIndex];
     }
   }
@@ -2354,6 +2364,7 @@ MtrrSetMemoryAttributesInMtrrSettings (
   //
   // 3. Apply the below-1MB memory attribute settings.
   //
+  ZeroMem (WorkingFixedSettings.Mtrr, sizeof (WorkingFixedSettings.Mtrr));
   for (Index = 0; Index < RangeCount; Index++) {
     if (Ranges[Index].BaseAddress >= BASE_1MB) {
       continue;
-- 
2.12.2.windows.2

Re: [PATCH] UefiCpuPkg/MtrrLib: Fix bug that may incorrectly set <1MB attribute

[Wu, Hao A]

Reviewed-by: Hao Wu <hao.a.wu@intel.com>


Best Regards,
Hao Wu


> -----Original Message-----
> From: Ni, Ruiyu
> Sent: Thursday, October 19, 2017 10:49 AM
> To: edk2-devel@lists.01.org
> Cc: Wu, Hao A
> Subject: [PATCH] UefiCpuPkg/MtrrLib: Fix bug that may incorrectly set <1MB
> attribute
> 
> MtrrLibSetBelow1MBMemoryAttribute() may be called multiple times.
> It's possible that in a 2nd call, Modified[0] is set to TRUE in
> 1st call but ClearMasks[0] and OrMasks[0] is uninitialized in
> 2nd call. It causes FixedSettings->Mtrr[0] be set to random
> data.
> 
> The patch fixes this issue by introducing a local Modified[]
> array and only updates FixedSettings->Mtrr[] when LocalModified[i]
> is TRUE.
> 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> ---
>  UefiCpuPkg/Library/MtrrLib/MtrrLib.c | 19 +++++++++++++++----
>  1 file changed, 15 insertions(+), 4 deletions(-)
> 
> diff --git a/UefiCpuPkg/Library/MtrrLib/MtrrLib.c
> b/UefiCpuPkg/Library/MtrrLib/MtrrLib.c
> index cb22558103..200becdd4a 100644
> --- a/UefiCpuPkg/Library/MtrrLib/MtrrLib.c
> +++ b/UefiCpuPkg/Library/MtrrLib/MtrrLib.c
> @@ -2114,22 +2114,32 @@ MtrrLibSetBelow1MBMemoryAttribute (
>    UINT64                    OrMask;
>    UINT64                    ClearMasks[ARRAY_SIZE (mMtrrLibFixedMtrrTable)];
>    UINT64                    OrMasks[ARRAY_SIZE (mMtrrLibFixedMtrrTable)];
> +  BOOLEAN                   LocalModified[ARRAY_SIZE (mMtrrLibFixedMtrrTable)];
> 
>    ASSERT (BaseAddress < BASE_1MB);
> 
> +  SetMem (LocalModified, sizeof (LocalModified), FALSE);
> +
> +  //
> +  // (Value & ~0 | 0) still equals to (Value)
> +  //
> +  SetMem64 (ClearMasks, sizeof (ClearMasks), 0);
> +  SetMem64 (OrMasks, sizeof (OrMasks), 0);
> +
>    MsrIndex = (UINT32)-1;
>    while ((BaseAddress < BASE_1MB) && (Length != 0)) {
>      Status = MtrrLibProgramFixedMtrr (Type, &BaseAddress, &Length,
> &MsrIndex, &ClearMask, &OrMask);
>      if (RETURN_ERROR (Status)) {
>        return Status;
>      }
> -    ClearMasks[MsrIndex] = ClearMask;
> -    OrMasks[MsrIndex]    = OrMask;
> -    Modified[MsrIndex]   = TRUE;
> +    ClearMasks[MsrIndex]    = ClearMask;
> +    OrMasks[MsrIndex]       = OrMask;
> +    Modified[MsrIndex]      = TRUE;
> +    LocalModified[MsrIndex] = TRUE;
>    }
> 
>    for (MsrIndex = 0; MsrIndex < ARRAY_SIZE (mMtrrLibFixedMtrrTable);
> MsrIndex++) {
> -    if (Modified[MsrIndex]) {
> +    if (LocalModified[MsrIndex]) {
>        FixedSettings->Mtrr[MsrIndex] = (FixedSettings->Mtrr[MsrIndex] &
> ~ClearMasks[MsrIndex]) | OrMasks[MsrIndex];
>      }
>    }
> @@ -2354,6 +2364,7 @@ MtrrSetMemoryAttributesInMtrrSettings (
>    //
>    // 3. Apply the below-1MB memory attribute settings.
>    //
> +  ZeroMem (WorkingFixedSettings.Mtrr, sizeof (WorkingFixedSettings.Mtrr));
>    for (Index = 0; Index < RangeCount; Index++) {
>      if (Ranges[Index].BaseAddress >= BASE_1MB) {
>        continue;
> --
> 2.12.2.windows.2