From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web12.93.1668015357210686109 for ; Wed, 09 Nov 2022 09:35:57 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=D29seahR; spf=pass (domain: intel.com, ip: 192.55.52.151, mailfrom: nathaniel.l.desimone@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1668015357; x=1699551357; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=5aoDnpgA3zcrNHoHBEh1HePqx5iKZHiM6mHI3QGkh0A=; b=D29seahRuCiF/tImcF6aGqd52BP+jFj2mRQPC+vBGeZ+I9CYXsD984rb ynqV8pYRCDfMiasocUlXHtX9b04zL+pRat8rWBDXAGrDfFFAKTDMbYIrU UsswtIbnUDKf1Jn8B68QLKsTQNEB9Wgft64LKEMhnmDwonpi0EWQ6duVM iUBErUvk/YQYxDrOdSJIP360EUPHmuMhTEU22uW61hC/GlJWzKeOzNIqv +214UbiRW9+62u3HdhpFBAZ1kqG3NF2hvgr1Je+3QOGaPq9o2bxVrwlIZ hAZaxgj2hY0XkdF2EbaWBpU+8FRJbF19CT/TLju2/75o/55DPIAiposZ9 Q==; X-IronPort-AV: E=McAfee;i="6500,9779,10526"; a="291436765" X-IronPort-AV: E=Sophos;i="5.96,151,1665471600"; d="scan'208,217";a="291436765" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Nov 2022 09:33:05 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10526"; a="670031138" X-IronPort-AV: E=Sophos;i="5.96,151,1665471600"; d="scan'208,217";a="670031138" Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by orsmga001.jf.intel.com with ESMTP; 09 Nov 2022 09:33:05 -0800 Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Wed, 9 Nov 2022 09:33:04 -0800 Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Wed, 9 Nov 2022 09:33:03 -0800 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Frontend Transport; Wed, 9 Nov 2022 09:33:03 -0800 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.172) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2375.31; Wed, 9 Nov 2022 09:33:02 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=c9Bp4eltNVC+vuJ8czaRoDDQiIEkbryjEmmGZaV28U+NHNxZcdruiZ8Ti8pRoMyOLuS87rfz6ypKPvrCl5ieByczxCfnSE1f/Qki+IiM3U5NJTnLQJF3gG887fGsi2QnaGlX3h5coaMYIugV2gL1yNbgFaSNjE0on+UTbepHnpYE27KNUo2w+4uMykOBZxPCjAEbNoYr6nsGBmYOKoEhCo8KyCyVBaClpoLt5C0WMAkXFoz7V7Df+CFlhF7vY0GhlP5bJkzYS/Yny7VRAx5MOrYY3VqX0ssk9IWAQPhs/Gwnif8NVqEazKN/ggRi84YvlvH4ZHb0NdjAwTX5ZuPWdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=N/ycaGxb2Z1qZaEp+7kgKBO7kczOfYtKo1J94wey26w=; b=G6WfrqBEnvOibBqGuDAnQH0Z1c86iS8iMLNUQ2yVDVBXAA99kH7zgyo/JA/zz8F4BkbgxT5vqUPc1TUzICpI74Kj4m18L7OyOX11tiJuXa3fGFZ/10tGP2DAKsriEF39I38+h2+Hr328qWMGgLr+lKluPa3zCwNpQuFcbx+lRwSbvitR4pgzoVi9DwstU9edoywzHa+KEnpj27L6cxIt1Td4qwjyIZWLHdhLkXDDz8Kz8O/2wL+1ipzkI1srLi5ipWMuHS7STbkPZtqLKpm78dy9MeLp87xMRKQBZV59xB7TGqdWoLm8QLdee13ydvssdbmnjZcvmRDRDDosraSCyg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MW4PR11MB5821.namprd11.prod.outlook.com (2603:10b6:303:184::5) by PH0PR11MB5594.namprd11.prod.outlook.com (2603:10b6:510:e4::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5791.27; Wed, 9 Nov 2022 17:32:52 +0000 Received: from MW4PR11MB5821.namprd11.prod.outlook.com ([fe80::abf6:28a:bd23:a6f0]) by MW4PR11MB5821.namprd11.prod.outlook.com ([fe80::abf6:28a:bd23:a6f0%5]) with mapi id 15.20.5791.027; Wed, 9 Nov 2022 17:32:52 +0000 From: "Nate DeSimone" To: "Kinney, Michael D" , "devel@edk2.groups.io" CC: "Gao, Liming" , "Jiang, Guomin" , "Wang, Jian J" Subject: Re: [PATCH V4] MdeModulePkg: Memory Corruption Error in CapsuleRuntimeDxe Thread-Topic: [PATCH V4] MdeModulePkg: Memory Corruption Error in CapsuleRuntimeDxe Thread-Index: AQHY6MFqz6uLrnoEoUCtQhUmdyZIaa4twgMQgAABIWCACSrlIw== Date: Wed, 9 Nov 2022 17:32:51 +0000 Message-ID: References: <20221025223007.3853-1-nathaniel.l.desimone@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5821:EE_|PH0PR11MB5594:EE_ x-ms-office365-filtering-correlation-id: c0563b9c-d3c0-4693-5e0a-08dac2786dbf x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: EKFkgRNhY5s3T0jakbjaXwvt8ley8uzvfzDHoa0Amr9a6nZP8kjx10YUCgvVqwVaZstaO8ZB5ofuQPHs5vEka8epb5cdwrueYaZJLpZX0BG1Od3qGkNJ0D+3XvshQBUa+eW5HOxx9pkmxUI24a7XdPwHtjrEMQfNQovm7FNjYQ1DF8KpW79OUSBU9U5H8RjTyusLFtRc0lEZxAWaaXqrO5FbXp9G8nR5Y+rHOj7EqaAJEzyA0KOHixFXsPmYzWfGm7OQVJI56UXzGRGkR0yJ+BXtIqecXc36cd2rO6inqXHhuKuug+IzMTrzpIk9m4ckPf5Zsa+6xSsTintgvqJMCXPHO8y25PDaUf532Ry8PkoM3iLMjwH61FWAFvkNnQcFAq3dfWHb0zMZ73LSiytWSYtDdi9OZjNL96PM37cn53jQyWdkx+hFypq6KwAcNFZRHFySnLQ7rjZ6w2uYWgBB68daffTH8p4s7gT3U5gtMC48MFtY25v7fnJd0P2IEIe1IAsEWFIiGdTmezClSgSTrZWAXZ0I83Y6F2XXjbQXHHDnuB6m8vUqTbis45korWEOquJbALLvAyU5atVWNjA7hNGkaVppKluQGpRQuOH3gEpxPg7h3XP9AfR10iqrS/O/pZIx+zhxDJfg90C8Yn0HsdunRlTaqyGhVB6BYs9hm/6r+y27jKN5mhfAFUtH0hNJ6uNyCw5Aj4DA3YkbvbPEOMjHqVlvwn0+ivbFC6ESjDRgkcKVO6VIAOOmFOAm40CQg1VOyFP/9nh0vQNQaJK2G/NSEHW5eEYVZL4DAlOxfa4a2S3AW6g2B44xevn4hXtJVQEpyfFt2UbN6KG2DABcMw== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5821.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(376002)(366004)(346002)(396003)(136003)(39860400002)(451199015)(478600001)(966005)(71200400001)(38070700005)(86362001)(38100700002)(122000001)(107886003)(82960400001)(316002)(110136005)(54906003)(166002)(186003)(52536014)(26005)(9686003)(19627235002)(7696005)(2906002)(76116006)(5660300002)(91956017)(6506007)(4326008)(53546011)(8936002)(41300700001)(64756008)(66946007)(66446008)(66476007)(66556008)(55016003)(83380400001)(8676002)(33656002)(9326002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?Windows-1252?Q?sVzlwRHMBh3TRErJQw/rDT30zC/zbfLatFlk3UKl8FGTZsNV2hKqc1aT?= =?Windows-1252?Q?5eMtN0aMK1d9cpQ8l6Sw8le37eYuBVsur2IkddWBEYmt2fYZApJX+XFv?= =?Windows-1252?Q?sj2hq3fQ5joadiGQqKOlywX4dIVAo4zFIWFiiPyg5sQxsBId/dCMtQCq?= =?Windows-1252?Q?72cfAelzQoOdUftJzcAYadIkzMT5O5qPHIClY0D70GA7Jaoq+VuAjq/s?= =?Windows-1252?Q?h284MK7+pp3/hnJPRVr2+YHvuRxg8mnLV8KBuOSBo5TIkNMXFRjSmWHU?= =?Windows-1252?Q?lyuOKFliD9pO1QmClFv0bS3vNx2ZDIK0+Zj56Wuwmdpx4B3zXyYDO5qA?= =?Windows-1252?Q?WjHWjR7+BdvXiCsh7w+akIJpPl5RQeEf2iVxO/6BGjMZmuvd6z040DWg?= =?Windows-1252?Q?C2umPK18giCtIhvgGRMfjFIoiAJWhsyDZdaQ8H86NudyFeV1mUicwYpF?= =?Windows-1252?Q?nBxozYOF1+Ma84fXCgLIRimpl0vs5a+wnE67pOyaATe9ts7cL5NG5/FD?= =?Windows-1252?Q?lnb5il8Ui6u/VLZ6LV3JSLzXeOjJRHENuIq4dG+ts8hXfCq/049uUfvQ?= =?Windows-1252?Q?nv4c09Rh8W8Pyz2dxsUASrqUEkq4US7YxL3YL8kxEMTLUtA+h36UD6oo?= =?Windows-1252?Q?ElBbpTiGM6bTtDvP6//7grYA0ddAv3mf0dtncmvXyqpHYoO8GM1lco6d?= =?Windows-1252?Q?DPbKZuch6ryPeijM9Ym0B7X4JDOJyZiDMWUKWINeuiCiUtFcNOzOetFf?= =?Windows-1252?Q?i9VXl6YnWVYKg+06k8mehmX6Tp3AmBWsp3BxTqS1dfeZNK8je0rQrA4W?= =?Windows-1252?Q?I0StYhNLYpW5cCgKJfmKQ/2M4GJZOLfTUfNHtVJqpTpR3d5oUWTInIWB?= =?Windows-1252?Q?T5f5O2mGEDJBKV+lyCfF6yeR10NU8vj8mii3GRZLrOgC4McLTdcyRmpu?= =?Windows-1252?Q?/uyRFgZF1TMsJ/vgK+CCgRQe4/4iWKoOUrn+PsF4pYXwoF9VFdg0rKpk?= =?Windows-1252?Q?7g7CAnwmxkuo/EHzuADXuJiXs0+qY73G/IqMq7yOaJGtmD7JWHnCCYzM?= =?Windows-1252?Q?zLOdGlIbolY2qyyhr9wGb/8gIXubvBeGSS1LsRoljzOJ+BOyjOWblRYj?= =?Windows-1252?Q?zp/jVcc4wbzujqeY4OgQnxiE4neuUe12JtYEk+J//21WKEcZHejRoFsY?= =?Windows-1252?Q?mmEXbqwkfW0wraL20fT30IwXDduzoT6MFYfBr5C8ylliOkBdvNbTpO5d?= =?Windows-1252?Q?j/YpPbLG0vmUEFUw6IfKGjmIhZ7m0thEWPFUr8jLs72smbMISsJmH07U?= =?Windows-1252?Q?NIVNjOxUoMqCwISfY7AkEC1g7DelHWRL6BchgM1Qp8lobPI0FKR4n5F9?= =?Windows-1252?Q?LKP6Oz5Q1j9RVpIoOiV+jiRPRZN1fB1LTUINqlU7NoUP3xAg0FpCdlk7?= =?Windows-1252?Q?2dOAj5imeNjaF+AmXUIa1vKR2t9yOIrlK8oK7D+0CHPd+MfAx18TTDbq?= =?Windows-1252?Q?D0Nqh1/246x/42UYULShdThiJfdT+FYk+ZeGWJEwx9nnwP2wLmeHb0RG?= =?Windows-1252?Q?tUfpzaJff29MguYO7QK7zXGjHn1lC9rDKW2mcUabscRFkcb/isdGKea2?= =?Windows-1252?Q?CPZWV2e270sBtaSGn5JVALREiyN6W8Wnfqm1usyIemA8oxkgMQ6uZkE7?= =?Windows-1252?Q?oDCGXNPTDIc7CvWJwbIpiHW98IX5zUGIxVHKw1BOfn9WTEH7wOeiv5+d?= =?Windows-1252?Q?voDGT0AJlVmRE8+K74M=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5821.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: c0563b9c-d3c0-4693-5e0a-08dac2786dbf X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Nov 2022 17:32:51.8843 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: xBOYRbd7Y7h3eEdNZ4GuOkNy6l94q8rwnun6zBXdJuaZrR8auKQ/dq64RpbNs6Fim0IycClIp4u22aJK7jfpic3/09XDoAT/4oedly9G8Ys= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5594 Return-Path: nathaniel.l.desimone@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_MW4PR11MB5821F0C25F8451F0E4B5EF3FCD3E9MW4PR11MB5821namp_" --_000_MW4PR11MB5821F0C25F8451F0E4B5EF3FCD3E9MW4PR11MB5821namp_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Hi Mike, All I did was copy the existing error handling in the scenario where we are= unable to set up the buffer for any reason: https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Universal/Capsul= eRuntimeDxe/X64/SaveLongModeContext.c#L191 I agree that seems a little odd, but I haven=92t investigated the ramificat= ions of what this unhappy path is from an overall capsule flow perspective.= Regardless of that=85 I feel like figuring that out and making the capsule= flow fail completely either in the case of a memory allocation failure or = a SetVariable() failure should probably be a different patch series. Don=92= t let perfect be the enemy of good. Thanks, Nate From: Kinney, Michael D Date: Thursday, November 3, 2022 at 2:23 PM To: Desimone, Nathaniel L , devel@edk2.grou= ps.io , Kinney, Michael D Cc: Gao, Liming , Jiang, Guomin , Wang, Jian J Subject: RE: [PATCH V4] MdeModulePkg: Memory Corruption Error in CapsuleRun= timeDxe Also...would it be a simpler policy to fail the capsule update all together= if any of the 3 allocations fail? That way, there is no case where is "may fail". Mike > -----Original Message----- > From: Kinney, Michael D > Sent: Thursday, November 3, 2022 2:21 PM > To: Desimone, Nathaniel L ; devel@edk2.gr= oups.io; Kinney, Michael D > Cc: Gao, Liming ; Jiang, Guomin ; Wang, Jian J > Subject: RE: [PATCH V4] MdeModulePkg: Memory Corruption Error in CapsuleR= untimeDxe > > Hi Nate, > > The "may fail" messages look a bit odd. Is this due to the fact that Cap= suleRuntimeDxe is in X64 mode, > but this module does not know if PEI Phase will process the capsule in IA= 32 or X64 execution mode? > > We have a PCD that is set if the DXE IPL needs to switch modes. Can we u= se that information? > > These "may fail" messages will only be generated if there is enough memor= y to allocate the capsule > image, but not the page tables and/or stack. Correct? > > Thanks, > > Mike > > > -----Original Message----- > > From: Desimone, Nathaniel L > > Sent: Tuesday, October 25, 2022 3:30 PM > > To: devel@edk2.groups.io > > Cc: Gao, Liming ; Jiang, Guomin ; Wang, Jian J ; > > Kinney, Michael D > > Subject: [PATCH V4] MdeModulePkg: Memory Corruption Error in CapsuleRun= timeDxe > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4112 > > > > In AllocateReservedMemoryBelow4G(), if gBS->AllocatePages() > > returns an error, and ASSERTs are disabled, then the > > function will overwrite memory from 0xFFFFFFFF -> (0xFFFFFFFF + Size). > > > > Cc: Liming Gao > > Cc: Guomin Jiang > > Cc: Jian J Wang > > Cc: Michael D Kinney > > Signed-off-by: Nate DeSimone > > --- > > .../X64/SaveLongModeContext.c | 25 ++++++++++++++++--- > > 1 file changed, 22 insertions(+), 3 deletions(-) > > > > diff --git a/MdeModulePkg/Universal/CapsuleRuntimeDxe/X64/SaveLongModeC= ontext.c > > b/MdeModulePkg/Universal/CapsuleRuntimeDxe/X64/SaveLongModeContext.c > > index dab297dd0a..a8c5de8764 100644 > > --- a/MdeModulePkg/Universal/CapsuleRuntimeDxe/X64/SaveLongModeContext.= c > > +++ b/MdeModulePkg/Universal/CapsuleRuntimeDxe/X64/SaveLongModeContext.= c > > @@ -38,6 +38,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > @param Size Size of memory to allocate. > > > > @return Allocated Address for output. > > + @return NULL - Memory allocation failed. > > > > **/ > > VOID * > > @@ -59,7 +60,15 @@ AllocateReservedMemoryBelow4G ( > > Pages, > > &Address > > ); > > - ASSERT_EFI_ERROR (Status); > > + if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "ERROR AllocateReservedMemoryBelow4G(): %r\n"= , Status)); > > + return NULL; > > + } > > + > > + if (Address =3D=3D 0) { > > + DEBUG ((DEBUG_ERROR, "ERROR AllocateReservedMemoryBelow4G(): Alloc= atePages() returned NULL")); > > + return NULL; > > + } > > > > Buffer =3D (VOID *)(UINTN)Address; > > ZeroMem (Buffer, Size); > > @@ -159,14 +168,23 @@ PrepareContextForCapsulePei ( > > DEBUG ((DEBUG_INFO, "CapsuleRuntimeDxe X64 TotalPagesNum - 0x%x page= s\n", TotalPagesNum)); > > > > LongModeBuffer.PageTableAddress =3D (EFI_PHYSICAL_ADDRESS)(UINTN)All= ocateReservedMemoryBelow4G (EFI_PAGES_TO_SIZE > > (TotalPagesNum)); > > - ASSERT (LongModeBuffer.PageTableAddress !=3D 0); > > + if (LongModeBuffer.PageTableAddress =3D=3D 0) { > > + DEBUG ((DEBUG_ERROR, "FATAL ERROR: CapsuleLongModeBuffer cannot be= saved, ")); > > + DEBUG ((DEBUG_ERROR, "PageTableAddress allocation failed. Capsule = in PEI may fail!\n")); > > + return; > > + } > > > > // > > // Allocate stack > > // > > LongModeBuffer.StackSize =3D PcdGet32 (PcdCapsulePeiLongModeS= tackSize); > > LongModeBuffer.StackBaseAddress =3D (EFI_PHYSICAL_ADDRESS)(UINTN)All= ocateReservedMemoryBelow4G (PcdGet32 > > (PcdCapsulePeiLongModeStackSize)); > > - ASSERT (LongModeBuffer.StackBaseAddress !=3D 0); > > + if (LongModeBuffer.StackBaseAddress =3D=3D 0) { > > + DEBUG ((DEBUG_ERROR, "FATAL ERROR: CapsuleLongModeBuffer cannot be= saved, ")); > > + DEBUG ((DEBUG_ERROR, "StackBaseAddress allocation failed. Capsule = in PEI may fail!\n")); > > + gBS->FreePages (LongModeBuffer.PageTableAddress, TotalPagesNum); > > + return; > > + } > > > > Status =3D gRT->SetVariable ( > > EFI_CAPSULE_LONG_MODE_BUFFER_NAME, > > @@ -189,6 +207,7 @@ PrepareContextForCapsulePei ( > > ); > > } else { > > DEBUG ((DEBUG_ERROR, "FATAL ERROR: CapsuleLongModeBuffer cannot be= saved: %r. Capsule in PEI may fail!\n", Status)); > > + gBS->FreePages (LongModeBuffer.PageTableAddress, TotalPagesNum); > > gBS->FreePages (LongModeBuffer.StackBaseAddress, EFI_SIZE_TO_PAGES= (LongModeBuffer.StackSize)); > > } > > } > > -- > > 2.27.0.windows.1 --_000_MW4PR11MB5821F0C25F8451F0E4B5EF3FCD3E9MW4PR11MB5821namp_ Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable

Hi Mike,=

 

All I did was copy = the existing error handling in the scenario where we are unable to set up t= he buffer for any reason:

 

https://github.com/tianocore/edk2/blob/= master/MdeModulePkg/Universal/CapsuleRuntimeDxe/X64/SaveLongModeContext.c#L= 191

 

I agree that seems = a little odd, but I haven=92t investigated the ramifications of what this u= nhappy path is from an overall capsule flow perspective. Regardless of that= =85 I feel like figuring that out and making the capsule flow fail completely either in the case of a memory allocation= failure or a SetVariable() failure should probably be a different patch se= ries. Don=92t let perfect be the enemy of good.

 

Thanks,<= /span>

Nate

 

From: Kinney, Michael D &= lt;michael.d.kinney@intel.com>
Date: Thursday, November 3, 2022 at 2:23 PM
To: Desimone, Nathaniel L <nathaniel.l.desimone@intel.com>, de= vel@edk2.groups.io <devel@edk2.groups.io>, Kinney, Michael D <mich= ael.d.kinney@intel.com>
Cc: Gao, Liming <gaoliming@byosoft.com.cn>, Jiang, Guomin <= Guomin.Jiang@intel.com>, Wang, Jian J <jian.j.wang@intel.com>
Subject: RE: [PATCH V4] MdeModulePkg: Memory Corruption Error in Cap= suleRuntimeDxe

Also...would it be a simpler policy to fail the capsule update = all together if any of the
3 allocations fail?  That way, there is no case where is "may fai= l".

Mike

> -----Original Message-----
> From: Kinney, Michael D <michael.d.kinney@intel.com>
> Sent: Thursday, November 3, 2022 2:21 PM
> To: Desimone, Nathaniel L <nathaniel.l.desimone@intel.com>; deve= l@edk2.groups.io; Kinney, Michael D <michael.d.kinney@intel.com>
> Cc: Gao, Liming <gaoliming@byosoft.com.cn>; Jiang, Guomin <gu= omin.jiang@intel.com>; Wang, Jian J <jian.j.wang@intel.com>
> Subject: RE: [PATCH V4] MdeModulePkg: Memory Corruption Error in Capsu= leRuntimeDxe
>
> Hi Nate,
>
> The "may fail" messages look a bit odd.  Is this due to= the fact that CapsuleRuntimeDxe is in X64 mode,
> but this module does not know if PEI Phase will process the capsule in= IA32 or X64 execution mode?
>
> We have a PCD that is set if the DXE IPL needs to switch modes.  = Can we use that information?
>
> These "may fail" messages will only be generated if there is= enough memory to allocate the capsule
> image, but not the page tables and/or stack.  Correct?
>
> Thanks,
>
> Mike
>
> > -----Original Message-----
> > From: Desimone, Nathaniel L <nathaniel.l.desimone@intel.com>= ;
> > Sent: Tuesday, October 25, 2022 3:30 PM
> > To: devel@edk2.groups.io
> > Cc: Gao, Liming <gaoliming@byosoft.com.cn>; Jiang, Guomin &= lt;guomin.jiang@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;<= br> > > Kinney, Michael D <michael.d.kinney@intel.com>
> > Subject: [PATCH V4] MdeModulePkg: Memory Corruption Error in Caps= uleRuntimeDxe
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4112
> >
> > In AllocateReservedMemoryBelow4G(), if gBS->AllocatePages() > > returns an error, and ASSERTs are disabled, then the
> > function will overwrite memory from 0xFFFFFFFF -> (0xFFFFFFFF = + Size).
> >
> > Cc: Liming Gao <gaoliming@byosoft.com.cn>
> > Cc: Guomin Jiang <guomin.jiang@intel.com>
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > Signed-off-by: Nate DeSimone <nathaniel.l.desimone@intel.com&g= t;
> > ---
> >  .../X64/SaveLongModeContext.c     =             | 25 +++= +++++++++++++---
> >  1 file changed, 22 insertions(+), 3 deletions(-)
> >
> > diff --git a/MdeModulePkg/Universal/CapsuleRuntimeDxe/X64/SaveLon= gModeContext.c
> > b/MdeModulePkg/Universal/CapsuleRuntimeDxe/X64/SaveLongModeContex= t.c
> > index dab297dd0a..a8c5de8764 100644
> > --- a/MdeModulePkg/Universal/CapsuleRuntimeDxe/X64/SaveLongModeCo= ntext.c
> > +++ b/MdeModulePkg/Universal/CapsuleRuntimeDxe/X64/SaveLongModeCo= ntext.c
> > @@ -38,6 +38,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > >    @param  Size     = Size of memory to allocate.
> >
> >    @return Allocated Address for output.
> > +  @return NULL - Memory allocation failed.
> >
> >  **/
> >  VOID *
> > @@ -59,7 +60,15 @@ AllocateReservedMemoryBelow4G (
> >           =          Pages,
> >           =          &Address
> >           =          );
> > -  ASSERT_EFI_ERROR (Status);
> > +  if (EFI_ERROR (Status)) {
> > +    DEBUG ((DEBUG_ERROR, "ERROR AllocateRese= rvedMemoryBelow4G(): %r\n", Status));
> > +    return NULL;
> > +  }
> > +
> > +  if (Address =3D=3D 0) {
> > +    DEBUG ((DEBUG_ERROR, "ERROR AllocateRese= rvedMemoryBelow4G(): AllocatePages() returned NULL"));
> > +    return NULL;
> > +  }
> >
> >    Buffer =3D (VOID *)(UINTN)Address;
> >    ZeroMem (Buffer, Size);
> > @@ -159,14 +168,23 @@ PrepareContextForCapsulePei (
> >    DEBUG ((DEBUG_INFO, "CapsuleRuntimeDxe X64= TotalPagesNum - 0x%x pages\n", TotalPagesNum));
> >
> >    LongModeBuffer.PageTableAddress =3D (EFI_PHYSIC= AL_ADDRESS)(UINTN)AllocateReservedMemoryBelow4G (EFI_PAGES_TO_SIZE
> > (TotalPagesNum));
> > -  ASSERT (LongModeBuffer.PageTableAddress !=3D 0);
> > +  if (LongModeBuffer.PageTableAddress =3D=3D 0) {
> > +    DEBUG ((DEBUG_ERROR, "FATAL ERROR: Capsu= leLongModeBuffer cannot be saved, "));
> > +    DEBUG ((DEBUG_ERROR, "PageTableAddress a= llocation failed. Capsule in PEI may fail!\n"));
> > +    return;
> > +  }
> >
> >    //
> >    // Allocate stack
> >    //
> >    LongModeBuffer.StackSize    = ;    =3D PcdGet32 (PcdCapsulePeiLongModeStackSize);
> >    LongModeBuffer.StackBaseAddress =3D (EFI_PHYSIC= AL_ADDRESS)(UINTN)AllocateReservedMemoryBelow4G (PcdGet32
> > (PcdCapsulePeiLongModeStackSize));
> > -  ASSERT (LongModeBuffer.StackBaseAddress !=3D 0);
> > +  if (LongModeBuffer.StackBaseAddress =3D=3D 0) {
> > +    DEBUG ((DEBUG_ERROR, "FATAL ERROR: Capsu= leLongModeBuffer cannot be saved, "));
> > +    DEBUG ((DEBUG_ERROR, "StackBaseAddress a= llocation failed. Capsule in PEI may fail!\n"));
> > +    gBS->FreePages (LongModeBuffer.PageTableAd= dress, TotalPagesNum);
> > +    return;
> > +  }
> >
> >    Status =3D gRT->SetVariable (
> >           =          EFI_CAPSULE_LONG_MODE_BUFF= ER_NAME,
> > @@ -189,6 +207,7 @@ PrepareContextForCapsulePei (
> >        );
> >    } else {
> >      DEBUG ((DEBUG_ERROR, "FATAL ER= ROR: CapsuleLongModeBuffer cannot be saved: %r. Capsule in PEI may fail!\n&= quot;, Status));
> > +    gBS->FreePages (LongModeBuffer.PageTableAd= dress, TotalPagesNum);
> >      gBS->FreePages (LongModeBuffer.S= tackBaseAddress, EFI_SIZE_TO_PAGES (LongModeBuffer.StackSize));
> >    }
> >  }
> > --
> > 2.27.0.windows.1

--_000_MW4PR11MB5821F0C25F8451F0E4B5EF3FCD3E9MW4PR11MB5821namp_--