Re: [edk2-devel] [PATCH v3 1/1] OvmfPkg/VirtNorFlashDxe: sanity-check variables

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Gerd Hoffmann" <kraxel@redhat.com>
To: Laszlo Ersek <lersek@redhat.com>
Cc: devel@edk2.groups.io, Ard Biesheuvel <ardb+tianocore@kernel.org>,
	 oliver@redhat.com, mike.maslenkin@gmail.com,
	Jiewen Yao <jiewen.yao@intel.com>
Subject: Re: [edk2-devel] [PATCH v3 1/1] OvmfPkg/VirtNorFlashDxe: sanity-check variables
Date: Thu, 4 Jan 2024 16:06:30 +0100	[thread overview]
Message-ID: <iid2d243rh5c3izh4w2xdx2wjiat5agtkaevikb4qlyzdq2tsd@fkobk4l6qtir> (raw)
In-Reply-To: <f75afdeb-6927-feff-ac56-80c3eed81172@redhat.com>

  Hi,

> >> - if the StartId is 0x55aa, then we need to look further, beause we
> >> can't decide yet. For example, if State is VAR_HEADER_VALID_ONLY (0x7f),
> >> then it might be fine for the variable header (at the very end of the
> >> varstore) *not* to be followed by payload bytes (name, data).
> > 
> > Not sure this makes sense.  VAR_HEADER_VALID_ONLY is a temporary state,
> > while the variable driver writes name and data just after the header,
> > to be updated to VAR_ADDED when the write completed successfully.  So
> > I'd expect to never find a header without space for name + data.
> 
> - Do we know for sure that VAR_HEADER_VALID_ONLY is never expected to be
> seen?

Writing goes like this:

  (1) find free space
  (2) write header, with VAR_HEADER_VALID_ONLY.
  (3) write name + data
  (4) update header, set state = VAR_ADDED.

> What if the variable update design defines VAR_HEADER_VALID_ONLY
> specifically so that the variable driver can recover from a power loss
> "in the middle"?

Power loss in step (3) can surely lead to variables in
VAR_HEADER_VALID_ONLY state, and I'd expect the variable driver can
actually recover from that.

[ side note:  The (2) write should be small enough that it fits into the
              flash block write buffer (128 bytes).  Which could be
              important to maintain variable store consistency. ]

Nevertheless we should never find a header at the end of the variable
store, without space allocated for name + date.  Minimal space for the
name is 4 bytes (one char16 + '\0'), for the data 1 byte, alignment
rounds the latter to 4 bytes too, so this should be true:

VarOffset + sizeof(*VarHeader) + 8 <= VariableStoreHeader->Size

> So I figure, if we accept VAR_HEADER_VALID_ONLY in that logic, then we
> should also accept VAR_HEADER_VALID_ONLY if it's at the very end of
> the varstore.

Disagree, see above.  Storing the header at a place which leaves no room
for name + data doesn't make sense to me.

We could go the extra mile and look at the next StartId location, verify
StartId != 0x55aa, in the no-space-left-for-header case.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113182): https://edk2.groups.io/g/devel/message/113182
Mute This Topic: https://groups.io/mt/103171811/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

next prev parent reply	other threads:[~2024-01-04 15:06 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-12-14 15:31 [edk2-devel] [PATCH v3 1/1] OvmfPkg/VirtNorFlashDxe: sanity-check variables Gerd Hoffmann
2024-01-03 12:56 ` Laszlo Ersek
2024-01-03 13:09   ` Laszlo Ersek
2024-01-03 13:13     ` Laszlo Ersek
2024-01-03 15:11   ` Gerd Hoffmann
2024-01-04 13:21     ` Laszlo Ersek
2024-01-04 15:06       ` Gerd Hoffmann [this message]
2024-01-05 13:50         ` Laszlo Ersek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=iid2d243rh5c3izh4w2xdx2wjiat5agtkaevikb4qlyzdq2tsd@fkobk4l6qtir \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox