From nobody Sun Feb 8 14:35:24 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+111748+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+111748+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1701109120; cv=none; d=zohomail.com; s=zohoarc; b=PYv4GgPCJ2guNIiVsAckQ3e6uQmDVYOllOMKXcKpULpCln65nSuot+uf4WfgR/yQqQeWiWoOk8cNhDaNeUXaW49QAAc/gL0Wlz/Zi5//5hH8pXZSYGm4VM/B/5y5667CIpov8aTVmI9pyGfqSww7zAzX7LhyoxaSgG2X/pllddA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1701109120; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Sender:Subject:Subject:To:To:Message-Id; bh=WLsOEwC163iErytQ0vtSIPcS7rjotlEIO+0lfg3zbXg=; b=ZA7dek6XJfGSdDWOEouTPt6CNHjg0ZENew2wtdLnIY60MLgESCfnGITFGz6gjZePVi0IeGnFCnlsK9VOPCX1Mhuq6oqM+N5t3Zo4cjGw/N7+R3UsUjbf2JPSQYIkdOHKMgB7+eG2EJe8iV1FCbkR53inwWsXOmL6/guAmsiX54U= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+111748+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1701109120260824.9905163412639; Mon, 27 Nov 2023 10:18:40 -0800 (PST) Return-Path: DKIM-Signature: a=rsa-sha256; bh=vSj6oQLa0U6WkIcQTLwU6Wc5ICJFDsA/1p6brxpnzpQ=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1701109119; v=1; b=sMja8DnbfGR8ef34dhqmlF9QGeVDUJn56QuEeMvCngZffKMrf2uD5rvlo8YjhsNoAJfrKItM 5qVImIGzBiw3VjPXc+mDPib7Lrf8aH4MKEZhBWznbyIMCBABI7oNFS4u7C6UymH0S+Rx69b6tNe vvWF7oyD3mgFJQZtAqOpuepg= X-Received: by 127.0.0.2 with SMTP id QRchYY1788612xGf6pibOOlX; Mon, 27 Nov 2023 10:18:39 -0800 X-Received: from mail-pg1-f179.google.com (mail-pg1-f179.google.com [209.85.215.179]) by mx.groups.io with SMTP id smtpd.web10.102527.1701109118665477031 for ; Mon, 27 Nov 2023 10:18:38 -0800 X-Received: by mail-pg1-f179.google.com with SMTP id 41be03b00d2f7-5c194b111d6so3367928a12.0 for ; Mon, 27 Nov 2023 10:18:38 -0800 (PST) X-Gm-Message-State: nBmj0St0o1vRUpG8Z7Lwbkt9x1787277AA= X-Google-Smtp-Source: AGHT+IHykZp49GEDfssiqnP+fVjNli8vKyUBTAfOmdBoj3uUSO0cdTRTdppkKCwOyniUXZspngR6QQ== X-Received: by 2002:a17:90a:34cd:b0:285:6490:82bc with SMTP id m13-20020a17090a34cd00b00285649082bcmr13763092pjf.15.1701109117876; Mon, 27 Nov 2023 10:18:37 -0800 (PST) X-Received: from localhost.localdomain ([50.46.253.1]) by smtp.gmail.com with ESMTPSA id c6-20020a170902c1c600b001cfd0ed1604sm2013259plc.87.2023.11.27.10.18.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 27 Nov 2023 10:18:37 -0800 (PST) From: "Taylor Beebe" To: devel@edk2.groups.io Cc: Jian J Wang , Liming Gao , Dandan Bi Subject: [edk2-devel] [PATCH v5 11/16] MdeModulePkg: Fix MAT SplitTable() Logic Date: Mon, 27 Nov 2023 10:18:09 -0800 Message-ID: <20231127181818.411-12-taylor.d.beebe@gmail.com> In-Reply-To: <20231127181818.411-1-taylor.d.beebe@gmail.com> References: <20231127181818.411-1-taylor.d.beebe@gmail.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,taylor.d.beebe@gmail.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1701109122370000052 Content-Type: text/plain; charset="utf-8" SplitTable() does not properly handle the case where there is an odd number of code regions within a loaded image. When there are an odd number of code regions, at least one image region descriptor is overwritten with uninitialized memory which has caused crashes in the right conditions. This failure cases is documented extensively in the following bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4492 Cc: Jian J Wang Cc: Liming Gao Cc: Dandan Bi Signed-off-by: Taylor Beebe Reviewed-by: Liming Gao --- MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.c |= 40 ++++++++++---------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesR= ecordLib.c b/MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesR= ecordLib.c index 9d4082280bf5..379eb0c6cccd 100644 --- a/MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLi= b.c +++ b/MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLi= b.c @@ -463,11 +463,12 @@ SplitTable ( { INTN IndexOld; INTN IndexNew; + INTN IndexNewStarting; UINTN MaxSplitRecordCount; UINTN RealSplitRecordCount; - UINTN TotalSplitRecordCount; + UINTN TotalSkippedRecords; =20 - TotalSplitRecordCount =3D 0; + TotalSkippedRecords =3D 0; // // Let old record point to end of valid MemoryMap buffer. // @@ -475,7 +476,8 @@ SplitTable ( // // Let new record point to end of full MemoryMap buffer. // - IndexNew =3D ((*MemoryMapSize) / DescriptorSize) - 1 + NumberOfAdditiona= lDescriptors; + IndexNew =3D ((*MemoryMapSize) / DescriptorSize) - 1 + NumberOfA= dditionalDescriptors; + IndexNewStarting =3D IndexNew; for ( ; IndexOld >=3D 0; IndexOld--) { MaxSplitRecordCount =3D GetMaxSplitRecordCount ((EFI_MEMORY_DESCRIPTOR= *)((UINT8 *)MemoryMap + IndexOld * DescriptorSize), ImageRecordList); // @@ -489,16 +491,14 @@ SplitTable ( DescriptorSize, ImageRecordList ); - // - // Adjust IndexNew according to real split. - // - CopyMem ( - ((UINT8 *)MemoryMap + (IndexNew + MaxSplitRecordCount - RealSplitRec= ordCount) * DescriptorSize), - ((UINT8 *)MemoryMap + IndexNew * DescriptorSize), - RealSplitRecordCount * DescriptorSize - ); - IndexNew =3D IndexNew + MaxSplitRecordCount - RealSplitR= ecordCount; - TotalSplitRecordCount +=3D RealSplitRecordCount; + + // If we didn't utilize all the extra allocated descriptor slots, set = the physical address of the unused slots + // to MAX_ADDRESS so they are moved to the bottom of the list when sor= ting. + for ( ; RealSplitRecordCount < MaxSplitRecordCount; RealSplitRecordCou= nt++) { + ((EFI_MEMORY_DESCRIPTOR *)((UINT8 *)MemoryMap + ((IndexNew + RealSpl= itRecordCount + 1) * DescriptorSize)))->PhysicalStart =3D MAX_ADDRESS; + TotalSkippedRecords++; + } + IndexNew--; } =20 @@ -507,16 +507,16 @@ SplitTable ( // CopyMem ( MemoryMap, - (UINT8 *)MemoryMap + (NumberOfAdditionalDescriptors - TotalSplitRecord= Count) * DescriptorSize, - (*MemoryMapSize) + TotalSplitRecordCount * DescriptorSize + (UINT8 *)MemoryMap + ((IndexNew + 1) * DescriptorSize), + (IndexNewStarting - IndexNew) * DescriptorSize ); =20 - *MemoryMapSize =3D (*MemoryMapSize) + DescriptorSize * TotalSplitRecordC= ount; + // + // Sort from low to high to filter out the MAX_ADDRESS records. + // + SortMemoryMap (MemoryMap, (IndexNewStarting - IndexNew) * DescriptorSize= , DescriptorSize); =20 - // - // Sort from low to high (Just in case) - // - SortMemoryMap (MemoryMap, *MemoryMapSize, DescriptorSize); + *MemoryMapSize =3D (IndexNewStarting - IndexNew - TotalSkippedRecords) *= DescriptorSize; =20 return; } --=20 2.42.0.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#111748): https://edk2.groups.io/g/devel/message/111748 Mute This Topic: https://groups.io/mt/102834918/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-