From nobody Thu May 9 00:57:52 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+65808+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+65808+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=nvidia.com ARC-Seal: i=1; a=rsa-sha256; t=1601568951; cv=none; d=zohomail.com; s=zohoarc; b=e9FIX2ygXxdrXTcSEpRbQUPVTLziuvQ0nk2DqrBa22R9n6vtDvUQzu6S1t/5iNzqOvEldDTHvDrR/yZ3BtWwQa7pJwJVHp5qYcAWoDdhGnXrXOk9GMGhQTyLS7wmkq5NDJq8MyhSeJplUagSp0++T36JK0ME9X7xdDi4QFlF7g4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1601568951; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=337MECfC8GP1z4auJeG6qaMSJ3et95QzZljuYwQoxL4=; b=CWU9YpxrlKy+IwDgm6ZobRkHyx/8fC6k0vXoofcvrUxUYxlvRiU9sULVnkMHC4BzZE8j5bdmEtzpjMLei+0wNyq5/nskbxZs2ULviuuZvzN0MUCDZPfTor1Ke5vaQupbBxXGf8aE+0O12hfgD2In6g5rccUp42jiJQIchgmPbPs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+65808+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1601568951332131.96930705788418; Thu, 1 Oct 2020 09:15:51 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 1ctoYY1788612xT17VcXQuvY; Thu, 01 Oct 2020 09:15:50 -0700 X-Received: from hqnvemgate24.nvidia.com (hqnvemgate24.nvidia.com [216.228.121.143]) by mx.groups.io with SMTP id smtpd.web11.2749.1601568950505080640 for ; Thu, 01 Oct 2020 09:15:50 -0700 X-Received: from hqmail.nvidia.com (Not Verified[216.228.121.13]) by hqnvemgate24.nvidia.com (using TLS: TLSv1.2, AES256-SHA) id ; Thu, 01 Oct 2020 09:14:07 -0700 X-Received: from titan.vdiclient.nvidia.com (10.124.1.5) by HQMAIL107.nvidia.com (172.20.187.13) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 1 Oct 2020 16:15:36 +0000 From: "Jan Bobek" To: CC: Leif Lindholm , Ard Biesheuvel , Michael D Kinney , Liming Gao , Zhiguang Liu , Jeff Brasen , Ashish Singhal Subject: [edk2-devel] [PATCH v2 1/1] MdePkg/BaseLib: Fix invalid memory access in AArch64 SetJump/LongJump Date: Thu, 1 Oct 2020 10:15:07 -0600 Message-ID: <20201001161507.48710-2-jbobek@nvidia.com> In-Reply-To: <20201001161507.48710-1-jbobek@nvidia.com> References: <20201001161507.48710-1-jbobek@nvidia.com> MIME-Version: 1.0 X-Originating-IP: [10.124.1.5] X-ClientProxiedBy: HQMAIL105.nvidia.com (172.20.187.12) To HQMAIL107.nvidia.com (172.20.187.13) Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jbobek@nvidia.com X-Gm-Message-State: PDGUfNF8jJDmM5BzH20OcvX4x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1601568950; bh=d3wD1SHV0KoosTtAwQjr/4KquGTPLtLd5aUK2XyQqLw=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=Ko4YrXCH3rRP5IPex3JvGrxTsOI702Rgx0Q2P6Q2RSmmmcZPQlolwe+YNgaKRPV+bgU HOyJZSPWVFl6MTmSHKcD8ALSr9BKs911UhLPP88qHNW/6x/6L2oley0jtlvfeISPeoi2B ctAxxVbG0d5IRU+3+Zc7YeFEYC6BhVAFxE0= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" Correct the memory offsets used in REG_ONE/REG_PAIR macros to synchronize them with definition of the BASE_LIBRARY_JUMP_BUFFER structure on AArch64. The REG_ONE macro declares only a single 64-bit register be read/written; however, the subsequent offset is 16 bytes larger, creating an unused memory gap in the middle of the structure and causing SetJump/LongJump functions to read/write 8 bytes of memory past the end of the jump buffer struct. Signed-off-by: Jan Bobek Acked-by: Michael D Kinney Reviewed-by: Ard Biesheuvel --- MdePkg/Library/BaseLib/AArch64/SetJumpLongJump.S | 8 ++++---- MdePkg/Library/BaseLib/AArch64/SetJumpLongJump.asm | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/MdePkg/Library/BaseLib/AArch64/SetJumpLongJump.S b/MdePkg/Libr= ary/BaseLib/AArch64/SetJumpLongJump.S index 72cea259e913..deefdf526b95 100644 --- a/MdePkg/Library/BaseLib/AArch64/SetJumpLongJump.S +++ b/MdePkg/Library/BaseLib/AArch64/SetJumpLongJump.S @@ -20,10 +20,10 @@ GCC_ASM_EXPORT(InternalLongJump) REG_ONE (x16, 96) /*IP0*/ =20 #define FPR_LAYOUT \ - REG_PAIR ( d8, d9, 112); \ - REG_PAIR (d10, d11, 128); \ - REG_PAIR (d12, d13, 144); \ - REG_PAIR (d14, d15, 160); + REG_PAIR ( d8, d9, 104); \ + REG_PAIR (d10, d11, 120); \ + REG_PAIR (d12, d13, 136); \ + REG_PAIR (d14, d15, 152); =20 #/** # Saves the current CPU context that can be restored with a call to LongJ= ump() and returns 0.# diff --git a/MdePkg/Library/BaseLib/AArch64/SetJumpLongJump.asm b/MdePkg/Li= brary/BaseLib/AArch64/SetJumpLongJump.asm index 20dd0f1b850f..df70f298998e 100644 --- a/MdePkg/Library/BaseLib/AArch64/SetJumpLongJump.asm +++ b/MdePkg/Library/BaseLib/AArch64/SetJumpLongJump.asm @@ -19,10 +19,10 @@ REG_ONE (x16, #96) /*IP0*/ =20 #define FPR_LAYOUT \ - REG_PAIR ( d8, d9, #112); \ - REG_PAIR (d10, d11, #128); \ - REG_PAIR (d12, d13, #144); \ - REG_PAIR (d14, d15, #160); + REG_PAIR ( d8, d9, #104); \ + REG_PAIR (d10, d11, #120); \ + REG_PAIR (d12, d13, #136); \ + REG_PAIR (d14, d15, #152); =20 ;/** ; Saves the current CPU context that can be restored with a call to LongJ= ump() and returns 0.# --=20 2.28.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#65808): https://edk2.groups.io/g/devel/message/65808 Mute This Topic: https://groups.io/mt/77244029/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-