* [PATCH] MdeModulePkg: Fix runtime panic in ValidateSetVariable() @ 2020-11-25 20:13 James Bottomley 2020-11-25 21:00 ` Laszlo Ersek 2020-11-25 21:05 ` Ard Biesheuvel 0 siblings, 2 replies; 10+ messages in thread From: James Bottomley @ 2020-11-25 20:13 UTC (permalink / raw) To: devel Cc: Bret Barkelew, Liming Gao (Byosoft address), Ard Biesheuvel (ARM address), Laszlo Ersek The current variable policy is allocated by AllocatePool(), which is boot time only. This means that if you do any variable setting in the runtime, the policy has been freed. Ordinarily this isn't detected because freed memory is still there, but when you boot the Linux kernel, it's been remapped so the actual memory no longer exists in the memory map causing a page fault. Fix this by making it AllocateRuntimePool(). For SMM drivers, the platform DSC is responsible for resolving the MemoryAllocationLib class to the SmmMemoryAllocationLib instance. In the SmmMemoryAllocationLib instance, AllocatePool() and AllocateRuntimePool() are implemented identically. Therefore this change is a no-op when the RegisterVariablePolicy() function is built into an SMM driver. The fix affects runtime DXE drivers only. Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3092 Signed-off-by: James Bottomley <jejb@linux.ibm.com> --- MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c index 5029ddb96adb..12944ac7ea81 100644 --- a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c +++ b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c @@ -411,7 +411,7 @@ RegisterVariablePolicy ( } // Reallocate and copy the table. - NewTable = AllocatePool( NewSize ); + NewTable = AllocateRuntimePool( NewSize ); if (NewTable == NULL) { return EFI_OUT_OF_RESOURCES; } -- 2.26.2 ^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH] MdeModulePkg: Fix runtime panic in ValidateSetVariable() 2020-11-25 20:13 [PATCH] MdeModulePkg: Fix runtime panic in ValidateSetVariable() James Bottomley @ 2020-11-25 21:00 ` Laszlo Ersek 2020-11-26 1:23 ` 回复: " gaoliming [not found] ` <164AEA4706B9EEF6.8857@groups.io> 2020-11-25 21:05 ` Ard Biesheuvel 1 sibling, 2 replies; 10+ messages in thread From: Laszlo Ersek @ 2020-11-25 21:00 UTC (permalink / raw) To: jejb, Liming Gao (Byosoft address) Cc: devel, Bret Barkelew, Ard Biesheuvel (ARM address), Hao A Wu, Jian J Wang On 11/25/20 21:13, James Bottomley wrote: > The current variable policy is allocated by AllocatePool(), which is > boot time only. This means that if you do any variable setting in the > runtime, the policy has been freed. Ordinarily this isn't detected > because freed memory is still there, but when you boot the Linux > kernel, it's been remapped so the actual memory no longer exists in > the memory map causing a page fault. > > Fix this by making it AllocateRuntimePool(). For SMM drivers, the > platform DSC is responsible for resolving the MemoryAllocationLib > class to the SmmMemoryAllocationLib instance. In the > SmmMemoryAllocationLib instance, AllocatePool() and > AllocateRuntimePool() are implemented identically. Therefore this > change is a no-op when the RegisterVariablePolicy() function is built > into an SMM driver. The fix affects runtime DXE drivers only. > > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3092 > Signed-off-by: James Bottomley <jejb@linux.ibm.com> > --- > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > index 5029ddb96adb..12944ac7ea81 100644 > --- a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > +++ b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > @@ -411,7 +411,7 @@ RegisterVariablePolicy ( > } > > // Reallocate and copy the table. > - NewTable = AllocatePool( NewSize ); > + NewTable = AllocateRuntimePool( NewSize ); > if (NewTable == NULL) { > return EFI_OUT_OF_RESOURCES; > } > (1) CC'ing Jian and Hao: $ python BaseTools/Scripts/GetMaintainer.py \ -l MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c Jian J Wang <jian.j.wang@intel.com> Hao A Wu <hao.a.wu@intel.com> Liming Gao <gaoliming@byosoft.com.cn> devel@edk2.groups.io (2) My feedback: Fixes: 355b181f74050cdf2f09b1755c1a5ee4affb1faf Reviewed-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Laszlo Ersek <lersek@redhat.com> (I tested the actual bugfix with SMM-less OVMF. I also regression-tested the patch, namely with SMM OVMF, and ArmVirtQemu too.) (3) I suggest updating the subject line as follows: MdeModulePkg/VariablePolicyLib: Fix runtime panic in ValidateSetVariable() 74 characters, so it's not overlong. No need to repost because of this. Liming, can you please pick up my feedback tags from (2), in addition to your own review, and refresh the subject as requested in (3), and then merge this patch -- before releasing edk2-stable202011? Thank you all, Laszlo ^ permalink raw reply [flat|nested] 10+ messages in thread
* 回复: [PATCH] MdeModulePkg: Fix runtime panic in ValidateSetVariable() 2020-11-25 21:00 ` Laszlo Ersek @ 2020-11-26 1:23 ` gaoliming [not found] ` <164AEA4706B9EEF6.8857@groups.io> 1 sibling, 0 replies; 10+ messages in thread From: gaoliming @ 2020-11-26 1:23 UTC (permalink / raw) To: 'Laszlo Ersek', jejb Cc: devel, 'Bret Barkelew', 'Ard Biesheuvel (ARM address)', 'Hao A Wu', 'Jian J Wang' Laszlo and James: Thanks for your root cause. The fix is clear. It works on runtime version and smm version. Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> I agree to merge this hot fix for this stable tag 202011. I will add Laszlo tag and update subject title when I merge this patch. Thanks Liming > -----邮件原件----- > 发件人: Laszlo Ersek <lersek@redhat.com> > 发送时间: 2020年11月26日 5:01 > 收件人: jejb@linux.ibm.com; Liming Gao (Byosoft address) > <gaoliming@byosoft.com.cn> > 抄送: devel@edk2.groups.io; Bret Barkelew <brbarkel@microsoft.com>; Ard > Biesheuvel (ARM address) <ard.biesheuvel@arm.com>; Hao A Wu > <hao.a.wu@intel.com>; Jian J Wang <jian.j.wang@intel.com> > 主题: Re: [PATCH] MdeModulePkg: Fix runtime panic in ValidateSetVariable() > > On 11/25/20 21:13, James Bottomley wrote: > > The current variable policy is allocated by AllocatePool(), which is > > boot time only. This means that if you do any variable setting in the > > runtime, the policy has been freed. Ordinarily this isn't detected > > because freed memory is still there, but when you boot the Linux > > kernel, it's been remapped so the actual memory no longer exists in > > the memory map causing a page fault. > > > > Fix this by making it AllocateRuntimePool(). For SMM drivers, the > > platform DSC is responsible for resolving the MemoryAllocationLib > > class to the SmmMemoryAllocationLib instance. In the > > SmmMemoryAllocationLib instance, AllocatePool() and > > AllocateRuntimePool() are implemented identically. Therefore this > > change is a no-op when the RegisterVariablePolicy() function is built > > into an SMM driver. The fix affects runtime DXE drivers only. > > > > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3092 > > Signed-off-by: James Bottomley <jejb@linux.ibm.com> > > --- > > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > > index 5029ddb96adb..12944ac7ea81 100644 > > --- a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > > +++ b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > > @@ -411,7 +411,7 @@ RegisterVariablePolicy ( > > } > > > > // Reallocate and copy the table. > > - NewTable = AllocatePool( NewSize ); > > + NewTable = AllocateRuntimePool( NewSize ); > > if (NewTable == NULL) { > > return EFI_OUT_OF_RESOURCES; > > } > > > > (1) CC'ing Jian and Hao: > > $ python BaseTools/Scripts/GetMaintainer.py \ > -l MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > > Jian J Wang <jian.j.wang@intel.com> > Hao A Wu <hao.a.wu@intel.com> > Liming Gao <gaoliming@byosoft.com.cn> > devel@edk2.groups.io > > > (2) My feedback: > > Fixes: 355b181f74050cdf2f09b1755c1a5ee4affb1faf > Reviewed-by: Laszlo Ersek <lersek@redhat.com> > Tested-by: Laszlo Ersek <lersek@redhat.com> > > (I tested the actual bugfix with SMM-less OVMF. I also > regression-tested the patch, namely with SMM OVMF, and ArmVirtQemu too.) > > > (3) I suggest updating the subject line as follows: > > MdeModulePkg/VariablePolicyLib: Fix runtime panic in > ValidateSetVariable() > > 74 characters, so it's not overlong. > > No need to repost because of this. > > > Liming, can you please pick up my feedback tags from (2), in addition to > your own review, and refresh the subject as requested in (3), and then > merge this patch -- before releasing edk2-stable202011? > > Thank you all, > Laszlo ^ permalink raw reply [flat|nested] 10+ messages in thread
[parent not found: <164AEA4706B9EEF6.8857@groups.io>]
* 回复: [edk2-devel] 回复: [PATCH] MdeModulePkg: Fix runtime panic in ValidateSetVariable() [not found] ` <164AEA4706B9EEF6.8857@groups.io> @ 2020-11-27 0:58 ` gaoliming 0 siblings, 0 replies; 10+ messages in thread From: gaoliming @ 2020-11-27 0:58 UTC (permalink / raw) To: devel, gaoliming, 'Laszlo Ersek', jejb Cc: 'Bret Barkelew', 'Ard Biesheuvel (ARM address)', 'Hao A Wu', 'Jian J Wang' PR https://github.com/tianocore/edk2/pull/1148 is created. Thanks Liming > -----邮件原件----- > 发件人: bounce+27952+68010+4905953+8761045@groups.io > <bounce+27952+68010+4905953+8761045@groups.io> 代表 gaoliming > 发送时间: 2020年11月26日 9:23 > 收件人: 'Laszlo Ersek' <lersek@redhat.com>; jejb@linux.ibm.com > 抄送: devel@edk2.groups.io; 'Bret Barkelew' <brbarkel@microsoft.com>; > 'Ard Biesheuvel (ARM address)' <ard.biesheuvel@arm.com>; 'Hao A Wu' > <hao.a.wu@intel.com>; 'Jian J Wang' <jian.j.wang@intel.com> > 主题: [edk2-devel] 回复: [PATCH] MdeModulePkg: Fix runtime panic in > ValidateSetVariable() > > Laszlo and James: > Thanks for your root cause. The fix is clear. It works on runtime version and > smm version. Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> > > I agree to merge this hot fix for this stable tag 202011. I will add Laszlo tag > and update subject title when I merge this patch. > > Thanks > Liming > > -----邮件原件----- > > 发件人: Laszlo Ersek <lersek@redhat.com> > > 发送时间: 2020年11月26日 5:01 > > 收件人: jejb@linux.ibm.com; Liming Gao (Byosoft address) > > <gaoliming@byosoft.com.cn> > > 抄送: devel@edk2.groups.io; Bret Barkelew <brbarkel@microsoft.com>; > Ard > > Biesheuvel (ARM address) <ard.biesheuvel@arm.com>; Hao A Wu > > <hao.a.wu@intel.com>; Jian J Wang <jian.j.wang@intel.com> > > 主题: Re: [PATCH] MdeModulePkg: Fix runtime panic in > ValidateSetVariable() > > > > On 11/25/20 21:13, James Bottomley wrote: > > > The current variable policy is allocated by AllocatePool(), which is > > > boot time only. This means that if you do any variable setting in the > > > runtime, the policy has been freed. Ordinarily this isn't detected > > > because freed memory is still there, but when you boot the Linux > > > kernel, it's been remapped so the actual memory no longer exists in > > > the memory map causing a page fault. > > > > > > Fix this by making it AllocateRuntimePool(). For SMM drivers, the > > > platform DSC is responsible for resolving the MemoryAllocationLib > > > class to the SmmMemoryAllocationLib instance. In the > > > SmmMemoryAllocationLib instance, AllocatePool() and > > > AllocateRuntimePool() are implemented identically. Therefore this > > > change is a no-op when the RegisterVariablePolicy() function is built > > > into an SMM driver. The fix affects runtime DXE drivers only. > > > > > > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3092 > > > Signed-off-by: James Bottomley <jejb@linux.ibm.com> > > > --- > > > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > > b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > > > index 5029ddb96adb..12944ac7ea81 100644 > > > --- a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > > > +++ b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > > > @@ -411,7 +411,7 @@ RegisterVariablePolicy ( > > > } > > > > > > // Reallocate and copy the table. > > > - NewTable = AllocatePool( NewSize ); > > > + NewTable = AllocateRuntimePool( NewSize ); > > > if (NewTable == NULL) { > > > return EFI_OUT_OF_RESOURCES; > > > } > > > > > > > (1) CC'ing Jian and Hao: > > > > $ python BaseTools/Scripts/GetMaintainer.py \ > > -l MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > > > > Jian J Wang <jian.j.wang@intel.com> > > Hao A Wu <hao.a.wu@intel.com> > > Liming Gao <gaoliming@byosoft.com.cn> > > devel@edk2.groups.io > > > > > > (2) My feedback: > > > > Fixes: 355b181f74050cdf2f09b1755c1a5ee4affb1faf > > Reviewed-by: Laszlo Ersek <lersek@redhat.com> > > Tested-by: Laszlo Ersek <lersek@redhat.com> > > > > (I tested the actual bugfix with SMM-less OVMF. I also > > regression-tested the patch, namely with SMM OVMF, and ArmVirtQemu > too.) > > > > > > (3) I suggest updating the subject line as follows: > > > > MdeModulePkg/VariablePolicyLib: Fix runtime panic in > > ValidateSetVariable() > > > > 74 characters, so it's not overlong. > > > > No need to repost because of this. > > > > > > Liming, can you please pick up my feedback tags from (2), in addition to > > your own review, and refresh the subject as requested in (3), and then > > merge this patch -- before releasing edk2-stable202011? > > > > Thank you all, > > Laszlo > > > > > > > ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] MdeModulePkg: Fix runtime panic in ValidateSetVariable() 2020-11-25 20:13 [PATCH] MdeModulePkg: Fix runtime panic in ValidateSetVariable() James Bottomley 2020-11-25 21:00 ` Laszlo Ersek @ 2020-11-25 21:05 ` Ard Biesheuvel 2020-11-25 21:17 ` Laszlo Ersek 1 sibling, 1 reply; 10+ messages in thread From: Ard Biesheuvel @ 2020-11-25 21:05 UTC (permalink / raw) To: jejb, devel; +Cc: Bret Barkelew, Liming Gao (Byosoft address), Laszlo Ersek On 11/25/20 9:13 PM, James Bottomley wrote: > The current variable policy is allocated by AllocatePool(), which is > boot time only. This means that if you do any variable setting in the > runtime, the policy has been freed. Ordinarily this isn't detected > because freed memory is still there, but when you boot the Linux > kernel, it's been remapped so the actual memory no longer exists in > the memory map causing a page fault. > > Fix this by making it AllocateRuntimePool(). For SMM drivers, the > platform DSC is responsible for resolving the MemoryAllocationLib > class to the SmmMemoryAllocationLib instance. In the > SmmMemoryAllocationLib instance, AllocatePool() and > AllocateRuntimePool() are implemented identically. Therefore this > change is a no-op when the RegisterVariablePolicy() function is built > into an SMM driver. The fix affects runtime DXE drivers only. > > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3092 > Signed-off-by: James Bottomley <jejb@linux.ibm.com> Thanks James Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com> > --- > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > index 5029ddb96adb..12944ac7ea81 100644 > --- a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > +++ b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > @@ -411,7 +411,7 @@ RegisterVariablePolicy ( > } > > // Reallocate and copy the table. > - NewTable = AllocatePool( NewSize ); > + NewTable = AllocateRuntimePool( NewSize ); > if (NewTable == NULL) { > return EFI_OUT_OF_RESOURCES; > } > BTW I wouldn't mind if the whitespace gets fixed up here at merge time. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] MdeModulePkg: Fix runtime panic in ValidateSetVariable() 2020-11-25 21:05 ` Ard Biesheuvel @ 2020-11-25 21:17 ` Laszlo Ersek 2020-12-01 21:12 ` [EXTERNAL] Re: [edk2-devel] " Bret Barkelew 0 siblings, 1 reply; 10+ messages in thread From: Laszlo Ersek @ 2020-11-25 21:17 UTC (permalink / raw) To: Ard Biesheuvel, jejb, devel; +Cc: Bret Barkelew, Liming Gao (Byosoft address) On 11/25/20 22:05, Ard Biesheuvel wrote: > On 11/25/20 9:13 PM, James Bottomley wrote: >> The current variable policy is allocated by AllocatePool(), which is >> boot time only. This means that if you do any variable setting in the >> runtime, the policy has been freed. Ordinarily this isn't detected >> because freed memory is still there, but when you boot the Linux >> kernel, it's been remapped so the actual memory no longer exists in >> the memory map causing a page fault. >> >> Fix this by making it AllocateRuntimePool(). For SMM drivers, the >> platform DSC is responsible for resolving the MemoryAllocationLib >> class to the SmmMemoryAllocationLib instance. In the >> SmmMemoryAllocationLib instance, AllocatePool() and >> AllocateRuntimePool() are implemented identically. Therefore this >> change is a no-op when the RegisterVariablePolicy() function is built >> into an SMM driver. The fix affects runtime DXE drivers only. >> >> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3092 >> Signed-off-by: James Bottomley <jejb@linux.ibm.com> > > Thanks James > > Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com> > >> --- >> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git >> a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c >> b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c >> index 5029ddb96adb..12944ac7ea81 100644 >> --- a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c >> +++ b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c >> @@ -411,7 +411,7 @@ RegisterVariablePolicy ( >> } >> // Reallocate and copy the table. >> - NewTable = AllocatePool( NewSize ); >> + NewTable = AllocateRuntimePool( NewSize ); >> if (NewTable == NULL) { >> return EFI_OUT_OF_RESOURCES; >> } >> > > BTW I wouldn't mind if the whitespace gets fixed up here at merge time. > The coding style all over the VariablePolicy code (that I have investigated) is non-idiomatic for edk2 -- it should have been pointed out during the original patch review sessions. The coding style can also be fixed up retro-actively whole-sale, of course. In the present patch, James is only sticking with the (non-idiomatic) style that's been part of the VariablePolicy contribution. I'm quite displeased myself with the reams of non-idiomatic coding style in VariablePolicy, but I don't blame that on the contribution -- IMO it should have been caught in review. ( Meta-request: Ard, can you please start signing your emails? (Such as, in "Bye: Ard", not as in cryptographic signing.) It's quite hit-or-miss to know where your emails end; in the present case, I *almost* didn't scroll down to the bottom (because in many other cases, you insert an A-b, don't remove the tail, and add nothing at the bottom, so the reader kind of gets conditioned to stop reading after the A-b, seeing repeatedly how scrolling down to the bottom is a waste). Consistently using a manual signature does away with this problem. Another solution is of course to always strip the tail, when you're done responding. Sorry about this verbiage, I just wanted to have it said. :) ) Thanks, Laszlo ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [EXTERNAL] Re: [edk2-devel] [PATCH] MdeModulePkg: Fix runtime panic in ValidateSetVariable() 2020-11-25 21:17 ` Laszlo Ersek @ 2020-12-01 21:12 ` Bret Barkelew 2020-12-03 10:39 ` Laszlo Ersek 0 siblings, 1 reply; 10+ messages in thread From: Bret Barkelew @ 2020-12-01 21:12 UTC (permalink / raw) To: devel@edk2.groups.io, lersek@redhat.com, Ard Biesheuvel, jejb@linux.ibm.com Cc: Liming Gao (Byosoft address) [-- Attachment #1: Type: text/plain, Size: 4359 bytes --] Getting caught up on emails from last week. I wanted to say thanks for the good catch and the good patch in my absence! Sorry for the oversight. :-/ - Bret From: Laszlo Ersek via groups.io<mailto:lersek=redhat.com@groups.io> Sent: Wednesday, November 25, 2020 1:17 PM To: Ard Biesheuvel<mailto:ard.biesheuvel@arm.com>; jejb@linux.ibm.com<mailto:jejb@linux.ibm.com>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> Cc: Bret Barkelew<mailto:Bret.Barkelew@microsoft.com>; Liming Gao (Byosoft address)<mailto:gaoliming@byosoft.com.cn> Subject: [EXTERNAL] Re: [edk2-devel] [PATCH] MdeModulePkg: Fix runtime panic in ValidateSetVariable() On 11/25/20 22:05, Ard Biesheuvel wrote: > On 11/25/20 9:13 PM, James Bottomley wrote: >> The current variable policy is allocated by AllocatePool(), which is >> boot time only. This means that if you do any variable setting in the >> runtime, the policy has been freed. Ordinarily this isn't detected >> because freed memory is still there, but when you boot the Linux >> kernel, it's been remapped so the actual memory no longer exists in >> the memory map causing a page fault. >> >> Fix this by making it AllocateRuntimePool(). For SMM drivers, the >> platform DSC is responsible for resolving the MemoryAllocationLib >> class to the SmmMemoryAllocationLib instance. In the >> SmmMemoryAllocationLib instance, AllocatePool() and >> AllocateRuntimePool() are implemented identically. Therefore this >> change is a no-op when the RegisterVariablePolicy() function is built >> into an SMM driver. The fix affects runtime DXE drivers only. >> >> Ref: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3092&data=04%7C01%7Cbret.barkelew%40microsoft.com%7C2e91993035204bbd307d08d891878686%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637419358545184416%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=uYtJTRY5RRS5XJ7j%2Bo%2B75qH12ROX9%2FQ4v1GMdUbLk3I%3D&reserved=0 >> Signed-off-by: James Bottomley <jejb@linux.ibm.com> > > Thanks James > > Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com> > >> --- >> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git >> a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c >> b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c >> index 5029ddb96adb..12944ac7ea81 100644 >> --- a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c >> +++ b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c >> @@ -411,7 +411,7 @@ RegisterVariablePolicy ( >> } >> // Reallocate and copy the table. >> - NewTable = AllocatePool( NewSize ); >> + NewTable = AllocateRuntimePool( NewSize ); >> if (NewTable == NULL) { >> return EFI_OUT_OF_RESOURCES; >> } >> > > BTW I wouldn't mind if the whitespace gets fixed up here at merge time. > The coding style all over the VariablePolicy code (that I have investigated) is non-idiomatic for edk2 -- it should have been pointed out during the original patch review sessions. The coding style can also be fixed up retro-actively whole-sale, of course. In the present patch, James is only sticking with the (non-idiomatic) style that's been part of the VariablePolicy contribution. I'm quite displeased myself with the reams of non-idiomatic coding style in VariablePolicy, but I don't blame that on the contribution -- IMO it should have been caught in review. ( Meta-request: Ard, can you please start signing your emails? (Such as, in "Bye: Ard", not as in cryptographic signing.) It's quite hit-or-miss to know where your emails end; in the present case, I *almost* didn't scroll down to the bottom (because in many other cases, you insert an A-b, don't remove the tail, and add nothing at the bottom, so the reader kind of gets conditioned to stop reading after the A-b, seeing repeatedly how scrolling down to the bottom is a waste). Consistently using a manual signature does away with this problem. Another solution is of course to always strip the tail, when you're done responding. Sorry about this verbiage, I just wanted to have it said. :) ) Thanks, Laszlo [-- Attachment #2: Type: text/html, Size: 7503 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [EXTERNAL] Re: [edk2-devel] [PATCH] MdeModulePkg: Fix runtime panic in ValidateSetVariable() 2020-12-01 21:12 ` [EXTERNAL] Re: [edk2-devel] " Bret Barkelew @ 2020-12-03 10:39 ` Laszlo Ersek 2020-12-03 11:25 ` Ard Biesheuvel 0 siblings, 1 reply; 10+ messages in thread From: Laszlo Ersek @ 2020-12-03 10:39 UTC (permalink / raw) To: devel, bret.barkelew, Ard Biesheuvel, jejb@linux.ibm.com Cc: Liming Gao (Byosoft address) On 12/01/20 22:12, Bret Barkelew via groups.io wrote: > Getting caught up on emails from last week. I wanted to say thanks for the good catch and the good patch in my absence! > Sorry for the oversight. :-/ It happens. It's not great that I didn't get to regression-testing earlier during the HFF. It's even less great that I chalked it up to a guest kernel issue initially. What *is* great however is that James kept pushing and fixed it! :) MemoryAllocationLib is tricky. The abstraction it provides is a bit "deceptive", IMO. There's an argument for removing support, between the existing instances of this lib class, for *runtime* DXE drivers altogether. In runtime DXE drivers, just force programmers to spell out gBS, and the desired memory type. In other module types (PEIMs, DXE and UEFI drivers, and SMM drivers), there is no ambiguity whether the allocated memory survives into OS runtime. (Well, AllocateReservedPool() complicates matters a bit, but it's not used frequently.) Another sign that MemoryAllocationLib is a leaky abstraction is commit 1d733f731f968 -- in the SMM instance, AllocatePool() allocates SMRAM, but FreePool() is supposed to be able to release both SMRAM and normal RAM :( Something seems really fishy there, as one would expect calling FreePool() only on what AllocatePool() returned earlier in the *same module*. Since AllocatePool() only returns SMRAM in an SMM driver, why would FreePool() *have* to release normal RAM? Oof. Thanks, Laszlo > > - Bret > > From: Laszlo Ersek via groups.io<mailto:lersek=redhat.com@groups.io> > Sent: Wednesday, November 25, 2020 1:17 PM > To: Ard Biesheuvel<mailto:ard.biesheuvel@arm.com>; jejb@linux.ibm.com<mailto:jejb@linux.ibm.com>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> > Cc: Bret Barkelew<mailto:Bret.Barkelew@microsoft.com>; Liming Gao (Byosoft address)<mailto:gaoliming@byosoft.com.cn> > Subject: [EXTERNAL] Re: [edk2-devel] [PATCH] MdeModulePkg: Fix runtime panic in ValidateSetVariable() > > On 11/25/20 22:05, Ard Biesheuvel wrote: >> On 11/25/20 9:13 PM, James Bottomley wrote: >>> The current variable policy is allocated by AllocatePool(), which is >>> boot time only. This means that if you do any variable setting in the >>> runtime, the policy has been freed. Ordinarily this isn't detected >>> because freed memory is still there, but when you boot the Linux >>> kernel, it's been remapped so the actual memory no longer exists in >>> the memory map causing a page fault. >>> >>> Fix this by making it AllocateRuntimePool(). For SMM drivers, the >>> platform DSC is responsible for resolving the MemoryAllocationLib >>> class to the SmmMemoryAllocationLib instance. In the >>> SmmMemoryAllocationLib instance, AllocatePool() and >>> AllocateRuntimePool() are implemented identically. Therefore this >>> change is a no-op when the RegisterVariablePolicy() function is built >>> into an SMM driver. The fix affects runtime DXE drivers only. >>> >>> Ref: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3092&data=04%7C01%7Cbret.barkelew%40microsoft.com%7C2e91993035204bbd307d08d891878686%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637419358545184416%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=uYtJTRY5RRS5XJ7j%2Bo%2B75qH12ROX9%2FQ4v1GMdUbLk3I%3D&reserved=0 >>> Signed-off-by: James Bottomley <jejb@linux.ibm.com> >> >> Thanks James >> >> Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com> >> >>> --- >>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git >>> a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c >>> b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c >>> index 5029ddb96adb..12944ac7ea81 100644 >>> --- a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c >>> +++ b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c >>> @@ -411,7 +411,7 @@ RegisterVariablePolicy ( >>> } >>> // Reallocate and copy the table. >>> - NewTable = AllocatePool( NewSize ); >>> + NewTable = AllocateRuntimePool( NewSize ); >>> if (NewTable == NULL) { >>> return EFI_OUT_OF_RESOURCES; >>> } >>> >> >> BTW I wouldn't mind if the whitespace gets fixed up here at merge time. >> > > The coding style all over the VariablePolicy code (that I have > investigated) is non-idiomatic for edk2 -- it should have been pointed > out during the original patch review sessions. > > The coding style can also be fixed up retro-actively whole-sale, of course. > > In the present patch, James is only sticking with the (non-idiomatic) > style that's been part of the VariablePolicy contribution. > > I'm quite displeased myself with the reams of non-idiomatic coding style > in VariablePolicy, but I don't blame that on the contribution -- IMO it > should have been caught in review. > > ( > > Meta-request: Ard, can you please start signing your emails? (Such as, > in "Bye: Ard", not as in cryptographic signing.) It's quite hit-or-miss > to know where your emails end; in the present case, I *almost* didn't > scroll down to the bottom (because in many other cases, you insert an > A-b, don't remove the tail, and add nothing at the bottom, so the reader > kind of gets conditioned to stop reading after the A-b, seeing > repeatedly how scrolling down to the bottom is a waste). Consistently > using a manual signature does away with this problem. Another solution > is of course to always strip the tail, when you're done responding. > Sorry about this verbiage, I just wanted to have it said. :) > > ) > > Thanks, > Laszlo > > > > > > > > > > > > ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [EXTERNAL] Re: [edk2-devel] [PATCH] MdeModulePkg: Fix runtime panic in ValidateSetVariable() 2020-12-03 10:39 ` Laszlo Ersek @ 2020-12-03 11:25 ` Ard Biesheuvel 2020-12-03 23:33 ` Laszlo Ersek 0 siblings, 1 reply; 10+ messages in thread From: Ard Biesheuvel @ 2020-12-03 11:25 UTC (permalink / raw) To: Laszlo Ersek, devel, bret.barkelew, jejb@linux.ibm.com Cc: Liming Gao (Byosoft address) On 12/3/20 11:39 AM, Laszlo Ersek wrote: > On 12/01/20 22:12, Bret Barkelew via groups.io wrote: >> Getting caught up on emails from last week. I wanted to say thanks for the good catch and the good patch in my absence! >> Sorry for the oversight. :-/ > > It happens. It's not great that I didn't get to regression-testing > earlier during the HFF. It's even less great that I chalked it up to a > guest kernel issue initially. > > What *is* great however is that James kept pushing and fixed it! :) > > MemoryAllocationLib is tricky. The abstraction it provides is a bit > "deceptive", IMO. There's an argument for removing support, between the > existing instances of this lib class, for *runtime* DXE drivers > altogether. In runtime DXE drivers, just force programmers to spell out > gBS, and the desired memory type. In other module types (PEIMs, DXE and > UEFI drivers, and SMM drivers), there is no ambiguity whether the > allocated memory survives into OS runtime. (Well, AllocateReservedPool() > complicates matters a bit, but it's not used frequently.) > > Another sign that MemoryAllocationLib is a leaky abstraction is commit > 1d733f731f968 -- in the SMM instance, AllocatePool() allocates SMRAM, > but FreePool() is supposed to be able to release both SMRAM and normal > RAM :( Something seems really fishy there, as one would expect calling > FreePool() only on what AllocatePool() returned earlier in the *same > module*. Since AllocatePool() only returns SMRAM in an SMM driver, why > would FreePool() *have* to release normal RAM? Oof. > I thought traditional SMM drivers could call DXE protocols before end of DXE, no? Some boot services return pool allocated memory that has to be freed by the caller (e.g., LocateHandleBuffer()) ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [EXTERNAL] Re: [edk2-devel] [PATCH] MdeModulePkg: Fix runtime panic in ValidateSetVariable() 2020-12-03 11:25 ` Ard Biesheuvel @ 2020-12-03 23:33 ` Laszlo Ersek 0 siblings, 0 replies; 10+ messages in thread From: Laszlo Ersek @ 2020-12-03 23:33 UTC (permalink / raw) To: Ard Biesheuvel, devel, bret.barkelew, jejb@linux.ibm.com Cc: Liming Gao (Byosoft address) On 12/03/20 12:25, Ard Biesheuvel wrote: > On 12/3/20 11:39 AM, Laszlo Ersek wrote: >> On 12/01/20 22:12, Bret Barkelew via groups.io wrote: >>> Getting caught up on emails from last week. I wanted to say thanks for the good catch and the good patch in my absence! >>> Sorry for the oversight. :-/ >> >> It happens. It's not great that I didn't get to regression-testing >> earlier during the HFF. It's even less great that I chalked it up to a >> guest kernel issue initially. >> >> What *is* great however is that James kept pushing and fixed it! :) >> >> MemoryAllocationLib is tricky. The abstraction it provides is a bit >> "deceptive", IMO. There's an argument for removing support, between the >> existing instances of this lib class, for *runtime* DXE drivers >> altogether. In runtime DXE drivers, just force programmers to spell out >> gBS, and the desired memory type. In other module types (PEIMs, DXE and >> UEFI drivers, and SMM drivers), there is no ambiguity whether the >> allocated memory survives into OS runtime. (Well, AllocateReservedPool() >> complicates matters a bit, but it's not used frequently.) >> >> Another sign that MemoryAllocationLib is a leaky abstraction is commit >> 1d733f731f968 -- in the SMM instance, AllocatePool() allocates SMRAM, >> but FreePool() is supposed to be able to release both SMRAM and normal >> RAM :( Something seems really fishy there, as one would expect calling >> FreePool() only on what AllocatePool() returned earlier in the *same >> module*. Since AllocatePool() only returns SMRAM in an SMM driver, why >> would FreePool() *have* to release normal RAM? Oof. >> > > I thought traditional SMM drivers could call DXE protocols before end of > DXE, no? Some boot services return pool allocated memory that has to be > freed by the caller (e.g., LocateHandleBuffer()) Yes, and in that case, the SMM driver should release the memory with gBS->FreePool(), not FreePool(). The fact that FreePool() in the SMM instance of MemoryAllocationLib copes, since commit 1d733f731f968, is a misfeature, IMO. (Or even better, the SMM driver should release the memory with SystemTable->BootServices->FreePool(), as having the "gBS" global variable in the SMM module is apparently sometimes seen as a liability; see SmmServicesTableLibConstructor() in "MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.c".) Thanks Laszlo ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2020-12-03 23:33 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-11-25 20:13 [PATCH] MdeModulePkg: Fix runtime panic in ValidateSetVariable() James Bottomley
2020-11-25 21:00 ` Laszlo Ersek
2020-11-26 1:23 ` 回复: " gaoliming
[not found] ` <164AEA4706B9EEF6.8857@groups.io>
2020-11-27 0:58 ` 回复: [edk2-devel] " gaoliming
2020-11-25 21:05 ` Ard Biesheuvel
2020-11-25 21:17 ` Laszlo Ersek
2020-12-01 21:12 ` [EXTERNAL] Re: [edk2-devel] " Bret Barkelew
2020-12-03 10:39 ` Laszlo Ersek
2020-12-03 11:25 ` Ard Biesheuvel
2020-12-03 23:33 ` Laszlo Ersek
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox