From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+113726+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 5C70CAC1260
	for <rebecca@openfw.io>; Fri, 12 Jan 2024 12:11:45 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=AjhX7Hvfzz+mG7Kho1/9IFo8GSkwglJBnnUza40EHKw=;
 c=relaxed/simple; d=groups.io;
 h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:To:Cc:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type;
 s=20140610; t=1705061504; v=1;
 b=xPqYTVRaAFY1iF/6Z+KiBHBfveWj+Rpw0iqp43grcE5w4Ygp4XOxJh2hu0PDd1d8M9Td/ROB
 WK4rI5z/xWljBeMY9IOPUiC0UHUQUatJYEwd9q+idXjr2UGdR/4soQo6ovfwR0upLl33MUjzd0m
 /AsbuX7J9sfrCk9euzgmQ9m8=
X-Received: by 127.0.0.2 with SMTP id 59CcYY7687511xsG7GZ1FCYK; Fri, 12 Jan 2024 04:11:44 -0800
X-Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75])
 by mx.groups.io with SMTP id smtpd.web11.5608.1705061503303320658
 for <devel@edk2.groups.io>;
 Fri, 12 Jan 2024 04:11:43 -0800
X-Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58])
	by ams.source.kernel.org (Postfix) with ESMTP id 15989B822AA
	for <devel@edk2.groups.io>; Fri, 12 Jan 2024 12:11:41 +0000 (UTC)
X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6C010C43390
	for <devel@edk2.groups.io>; Fri, 12 Jan 2024 12:11:40 +0000 (UTC)
X-Received: by mail-lj1-f172.google.com with SMTP id 38308e7fff4ca-2ccbc328744so77743841fa.3
        for <devel@edk2.groups.io>; Fri, 12 Jan 2024 04:11:40 -0800 (PST)
X-Gm-Message-State: QX34nHGDdAuWlUNpzgOtap37x7686176AA=
X-Google-Smtp-Source: AGHT+IFFztq2d7dbE0yaQ0l+At3izoMmeEr4iKYP8tGW7fav3nCpxIGy3GdFzDs/nOyXSwcpEN2nzSIl1bqQEg1Rh98=
X-Received: by 2002:a2e:840f:0:b0:2cc:a5ae:f122 with SMTP id
 z15-20020a2e840f000000b002cca5aef122mr625996ljg.78.1705061498598; Fri, 12 Jan
 2024 04:11:38 -0800 (PST)
MIME-Version: 1.0
References: <20240112113754.14710-1-kraxel@redhat.com> <20240112113754.14710-2-kraxel@redhat.com>
In-Reply-To: <20240112113754.14710-2-kraxel@redhat.com>
From: "Ard Biesheuvel" <ardb@kernel.org>
Date: Fri, 12 Jan 2024 13:11:26 +0100
X-Gmail-Original-Message-ID: <CAMj1kXEUwg4umJMV93URoAzdHD-ERGYxxRfiPrY=h0=Qtz4R_w@mail.gmail.com>
Message-ID: <CAMj1kXEUwg4umJMV93URoAzdHD-ERGYxxRfiPrY=h0=Qtz4R_w@mail.gmail.com>
Subject: Re: [edk2-devel] [PATCH 1/4] OvmfPkg/VirtNorFlashDxe: fix shadowbuffer reads
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: devel@edk2.groups.io, Laszlo Ersek <lersek@redhat.com>, 
	Jiewen Yao <jiewen.yao@intel.com>, oliver@redhat.com
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,ardb@kernel.org
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
Content-Type: text/plain; charset="UTF-8"
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=xPqYTVRa;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=kernel.org (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io

On Fri, 12 Jan 2024 at 12:38, Gerd Hoffmann <kraxel@redhat.com> wrote:
>
> In some cases (specifically when the flash update region is
> small but crosses a multiple of P30_MAX_BUFFER_SIZE_IN_BYTES)
> NorFlashWriteSingleBlock reads only one instead of two
> P30_MAX_BUFFER_SIZE_IN_BYTES blocks into the shadow buffer.
>
> That leads to random crap being written to the second block,
> which in turn can corrupt both the variable store and the
> FTW work space.  One observed corruption pattern is finding
> 0xaf (aka PcdDebugClearMemoryValue) right after the last
> entry in the FTW log.  This should have been 0xff.
>
> This patch fixes the calculation.
>
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

Thanks a lot for taking the time to track this down and fix it.

Reviewed-by: Ard Biesheuvel <ardb@kernel.org>

> ---
>  OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
> index 1afd60ce66eb..cdc809d75e3d 100644
> --- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
> +++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
> @@ -566,7 +566,7 @@ NorFlashWriteSingleBlock (
>                 Instance,
>                 Lba,
>                 Offset & ~BOUNDARY_OF_32_WORDS,
> -               (*NumBytes | BOUNDARY_OF_32_WORDS) + 1,
> +               (((Offset & BOUNDARY_OF_32_WORDS) + *NumBytes) | BOUNDARY_OF_32_WORDS) + 1,
>                 Instance->ShadowBuffer
>                 );
>      if (EFI_ERROR (Status)) {
> --
> 2.43.0
>


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113726): https://edk2.groups.io/g/devel/message/113726
Mute This Topic: https://groups.io/mt/103680932/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-