From nobody Thu May  2 13:20:17 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+68003+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+68003+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=linux.ibm.com
ARC-Seal: i=1; a=rsa-sha256; t=1606335258; cv=none;
	d=zohomail.com; s=zohoarc;
	b=SCuAuns6vDWaZ0DJFoA1Te8JDxudvNxKYMSKBdoPZBz1f91bD2vLYCsMs27Yq7zi1+Ie1ftPWICOFrzXUyRVNUKjuUlV0Y8NTU2mHe8BbMkHNpm0CyyWcRxQngsVQ/ZsZ86pQnV0oKDnfWlZtPuZiIx+uCTsZK5GVodmCdpdUnk=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1606335258;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To;
	bh=LW0qlBFvczeltgB+vXkVXlqReWDUW/4xotzqZi3Z9OE=;
	b=Pbw2N5PCPZOzm+aLbzc3QqbHu0QjXBWQLWK6dPOqnA3z1FJHbQgiNY+DEODNvGO7FCAeVur7VaRF5BP96O0FwhIqxdHKXnQzzCH8b8EtZ7sShKl4E2TMI0nPLaRVtTiKycUkxmZv1wXTXkbmLqbBsbiFCITLa7veE9Yr31dnSio=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+68003+1787277+3901457@groups.io;
	dmarc=fail header.from=<jejb@linux.ibm.com> (p=none dis=none)
 header.from=<jejb@linux.ibm.com>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1606335258091577.6922593038761;
 Wed, 25 Nov 2020 12:14:18 -0800 (PST)
Return-Path: <bounce+27952+68003+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id gUEiYY1788612xvwvO8Ypn7e;
 Wed, 25 Nov 2020 12:14:17 -0800
X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
 [148.163.156.1])
 by mx.groups.io with SMTP id smtpd.web12.1687.1606335252248874367
 for <devel@edk2.groups.io>;
 Wed, 25 Nov 2020 12:14:12 -0800
X-Received: from pps.filterd (m0098393.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id
 0APK2HQO125416;
	Wed, 25 Nov 2020 15:13:54 -0500
X-Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 351vyv9tyh-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 25 Nov 2020 15:13:54 -0500
X-Received: from m0098393.ppops.net (m0098393.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 0APK30Ze127200;
	Wed, 25 Nov 2020 15:13:53 -0500
X-Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com
 [169.53.41.122])
	by mx0a-001b2d01.pphosted.com with ESMTP id 351vyv9tya-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 25 Nov 2020 15:13:53 -0500
X-Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1])
	by ppma04dal.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 0APK84Um020638;
	Wed, 25 Nov 2020 20:13:52 GMT
X-Received: from b03cxnp07029.gho.boulder.ibm.com
 (b03cxnp07029.gho.boulder.ibm.com [9.17.130.16])
	by ppma04dal.us.ibm.com with ESMTP id 351uh8171x-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 25 Nov 2020 20:13:52 +0000
X-Received: from b03ledav004.gho.boulder.ibm.com
 (b03ledav004.gho.boulder.ibm.com [9.17.130.235])
	by b03cxnp07029.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
 0APKDpOV17695376
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Wed, 25 Nov 2020 20:13:51 GMT
X-Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 518F278060;
	Wed, 25 Nov 2020 20:13:51 +0000 (GMT)
X-Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id E62517805E;
	Wed, 25 Nov 2020 20:13:49 +0000 (GMT)
X-Received: from jarvis.int.hansenpartnership.com (unknown [9.85.194.234])
	by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP;
	Wed, 25 Nov 2020 20:13:49 +0000 (GMT)
Message-ID: <414b7574bf8249de0cecd16fb422c711feb76e1a.camel@linux.ibm.com>
Subject: [edk2-devel] [PATCH] MdeModulePkg: Fix runtime panic in
 ValidateSetVariable()
From: "James Bottomley" <jejb@linux.ibm.com>
Reply-To: devel@edk2.groups.io,jejb@linux.ibm.com
To: devel@edk2.groups.io
Cc: Bret Barkelew <brbarkel@microsoft.com>,
        "Liming Gao (Byosoft address)"
	 <gaoliming@byosoft.com.cn>,
        "Ard Biesheuvel (ARM address)"
	 <ard.biesheuvel@arm.com>,
        Laszlo Ersek <lersek@redhat.com>
Date: Wed, 25 Nov 2020 12:13:48 -0800
User-Agent: Evolution 3.34.4 
MIME-Version: 1.0
X-TM-AS-GCONF: 00
Precedence: Bulk
List-Unsubscribe: <https://edk2.groups.io/g/devel/unsub>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
X-Gm-Message-State: AUvadVaWTwPzIZ2cceDrQfD4x1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1606335257;
 bh=78bBKroicCeq+s7TVRH8Xj2oQYb20JdnxvzbfoP6G1I=;
 h=Cc:Content-Type:Date:From:Reply-To:Subject:To;
 b=SdZCkhzNBntPy+4FDqwCtD4KN2HZL/nER8VbjcAWkOpc3eRaJ+4Txs/hGXP2OSV+2kl
 z01EQ+jBPH5E21zD1IoA8/xsbV865Q1GF/bEPlzaz/CTPmCfev+H2m2TiFzPZzOhjQ0Ma
 D0WUlsZ1dXKBBXbkNaTamTWqEFgdXDEyWug=
X-ZohoMail-DKIM: pass (identity @groups.io)
Content-Type: text/plain; charset="utf-8"

The current variable policy is allocated by AllocatePool(), which is
boot time only.  This means that if you do any variable setting in the
runtime, the policy has been freed.  Ordinarily this isn't detected
because freed memory is still there, but when you boot the Linux
kernel, it's been remapped so the actual memory no longer exists in
the memory map causing a page fault.

Fix this by making it AllocateRuntimePool().  For SMM drivers, the
platform DSC is responsible for resolving the MemoryAllocationLib
class to the SmmMemoryAllocationLib instance. In the
SmmMemoryAllocationLib instance, AllocatePool() and
AllocateRuntimePool() are implemented identically. Therefore this
change is a no-op when the RegisterVariablePolicy() function is built
into an SMM driver. The fix affects runtime DXE drivers only.

Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3092
Signed-off-by: James Bottomley <jejb@linux.ibm.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
---
 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c b/M=
deModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
index 5029ddb96adb..12944ac7ea81 100644
--- a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
+++ b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
@@ -411,7 +411,7 @@ RegisterVariablePolicy (
     }
=20
     // Reallocate and copy the table.
-    NewTable =3D AllocatePool( NewSize );
+    NewTable =3D AllocateRuntimePool( NewSize );
     if (NewTable =3D=3D NULL) {
       return EFI_OUT_OF_RESOURCES;
     }
--=20
2.26.2




-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#68003): https://edk2.groups.io/g/devel/message/68003
Mute This Topic: https://groups.io/mt/78508231/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-