From nobody Sat May 18 04:46:22 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12
 as permitted sender) client-ip=66.175.222.12;
 envelope-from=bounce+27952+65726+1787277+3901457@groups.io;
 helo=web01.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as
 permitted sender)
  smtp.mailfrom=bounce+27952+65726+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=nvidia.com
ARC-Seal: i=1; a=rsa-sha256; t=1601385809; cv=none;
	d=zohomail.com; s=zohoarc;
	b=cLczZFugakM76JOziXkg5dBcsf32n1iMms3mXwFIMgfBXufb0JcBtcsqUubEWfyNvTTwsnB9Xmb1Cn6wLdNzv+CSVmSHCgQfE5JaZHQcMtPTgGfQvBUvjHlqJ2sRFWD7rJJFbfAZc/mE1CBBiZ+GTTiAbb6Hsi22bEQmaZfIwnQ=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1601385809;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=TjeM5AATEOOFRZlNWT7lcmJpL7VXvGCRCtpw8PLbfS0=;
	b=QvVt9rEa7YvqUCi2cPykQpnjNTZxayzoA6yLy+mJLHYdgXJlPVl9TJN4SO2dfR2T/Zw1CTEN7UAC2RdVlJs0X+ejrO9DcModqMe9opHDAXDMARnW46irxLkve6zxjMHMAUnjMx8jOnrDtrjrB3DYTotZ15OauNOdzqQq6cUlWAM=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as
 permitted sender)
  smtp.mailfrom=bounce+27952+65726+1787277+3901457@groups.io;
	dmarc=fail header.from=<jbobek@nvidia.com> (p=none dis=none)
 header.from=<jbobek@nvidia.com>
Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by
 mx.zohomail.com
	with SMTPS id 1601385809754188.9078568339113;
 Tue, 29 Sep 2020 06:23:29 -0700 (PDT)
Return-Path: <bounce+27952+65726+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id 43PwYY1788612xMgz6lTkgOH;
 Tue, 29 Sep 2020 06:23:29 -0700
X-Received: from hqnvemgate25.nvidia.com (hqnvemgate25.nvidia.com
 [216.228.121.64])
 by mx.groups.io with SMTP id smtpd.web10.10580.1601342011363633932
 for <devel@edk2.groups.io>;
 Mon, 28 Sep 2020 18:13:31 -0700
X-Received: from hqmail.nvidia.com (Not Verified[216.228.121.13]) by
 hqnvemgate25.nvidia.com (using TLS: TLSv1.2, AES256-SHA)
	id <B5f728a080000>; Mon, 28 Sep 2020 18:12:40 -0700
X-Received: from titan.vdiclient.nvidia.com (10.124.1.5) by
 HQMAIL107.nvidia.com
 (172.20.187.13) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 29 Sep
 2020 01:13:19 +0000
From: "Jan Bobek" <jbobek@nvidia.com>
To: <devel@edk2.groups.io>
CC: Harry Liebel <Harry.Liebel@arm.com>, Olivier Martin
	<olivier.martin@arm.com>, Liming Gao <liming.gao@intel.com>, Jeff Brasen
	<jbrasen@nvidia.com>, Ashish Singhal <ashishsingha@nvidia.com>
Subject: [edk2-devel] [PATCH 1/1] MdePkg/BaseLib: Fix invalid memory access in
 AArch64 SetJump/LongJump
Date: Mon, 28 Sep 2020 19:12:58 -0600
Message-ID: 
 <bc7a5e050dc8b24be8e9189e18e4f4a88b089d78.1601327092.git.jbobek@nvidia.com>
In-Reply-To: <cover.1601327092.git.jbobek@nvidia.com>
References: <cover.1601327092.git.jbobek@nvidia.com>
MIME-Version: 1.0
X-Originating-IP: [10.124.1.5]
X-ClientProxiedBy: HQMAIL111.nvidia.com (172.20.187.18) To
 HQMAIL107.nvidia.com (172.20.187.13)
Precedence: Bulk
List-Unsubscribe: <https://edk2.groups.io/g/devel/unsub>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,jbobek@nvidia.com
X-Gm-Message-State: eQVZ41VblBz67YOzp7yolrzcx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1601385809;
 bh=ixmOq6F18Y2sij8V64xQ5OkZg2gD4WKRPYyrwNuMf1o=;
 h=CC:Content-Type:Date:From:Reply-To:Subject:To;
 b=kdIexOndz57Hj4p4RNyDClbZ82yo/p1J8JJQ26f9dqxa6X+TdtdZmW56QniiNmqlCwo
 TYZkUddt6JS9gX6VUYJERNkWwq6ki0usIqhrAAbxn6DGTIGHIhd148YeSdvGrxw7eeuTr
 U7WKLJoV+J8X7Bn7NXctYD7CwTTEf6IKvfQ=
X-ZohoMail-DKIM: pass (identity @groups.io)
Content-Type: text/plain; charset="utf-8"

Correct the memory offsets used in REG_ONE/REG_PAIR macros to
synchronize them with definition of the BASE_LIBRARY_JUMP_BUFFER
structure on AArch64.

The REG_ONE macro declares only a single 64-bit register be
read/written; however, the subsequent offset has previously been 16
bytes larger, creating an unused memory gap in the middle of the
structure and causing SetJump/LongJump functions to read/write 8 bytes
of memory past the end of the jump buffer struct.

Signed-off-by: Jan Bobek <jbobek@nvidia.com>
---
 MdePkg/Library/BaseLib/AArch64/SetJumpLongJump.S   | 8 ++++----
 MdePkg/Library/BaseLib/AArch64/SetJumpLongJump.asm | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/MdePkg/Library/BaseLib/AArch64/SetJumpLongJump.S b/MdePkg/Libr=
ary/BaseLib/AArch64/SetJumpLongJump.S
index 72cea259e9..deefdf526b 100644
--- a/MdePkg/Library/BaseLib/AArch64/SetJumpLongJump.S
+++ b/MdePkg/Library/BaseLib/AArch64/SetJumpLongJump.S
@@ -20,10 +20,10 @@ GCC_ASM_EXPORT(InternalLongJump)
         REG_ONE  (x16,      96) /*IP0*/
=20
 #define FPR_LAYOUT                      \
-        REG_PAIR ( d8,  d9, 112);       \
-        REG_PAIR (d10, d11, 128);       \
-        REG_PAIR (d12, d13, 144);       \
-        REG_PAIR (d14, d15, 160);
+        REG_PAIR ( d8,  d9, 104);       \
+        REG_PAIR (d10, d11, 120);       \
+        REG_PAIR (d12, d13, 136);       \
+        REG_PAIR (d14, d15, 152);
=20
 #/**
 #  Saves the current CPU context that can be restored with a call to LongJ=
ump() and returns 0.#
diff --git a/MdePkg/Library/BaseLib/AArch64/SetJumpLongJump.asm b/MdePkg/Li=
brary/BaseLib/AArch64/SetJumpLongJump.asm
index 20dd0f1b85..df70f29899 100644
--- a/MdePkg/Library/BaseLib/AArch64/SetJumpLongJump.asm
+++ b/MdePkg/Library/BaseLib/AArch64/SetJumpLongJump.asm
@@ -19,10 +19,10 @@
         REG_ONE  (x16,      #96) /*IP0*/
=20
 #define FPR_LAYOUT                       \
-        REG_PAIR ( d8,  d9, #112);       \
-        REG_PAIR (d10, d11, #128);       \
-        REG_PAIR (d12, d13, #144);       \
-        REG_PAIR (d14, d15, #160);
+        REG_PAIR ( d8,  d9, #104);       \
+        REG_PAIR (d10, d11, #120);       \
+        REG_PAIR (d12, d13, #136);       \
+        REG_PAIR (d14, d15, #152);
=20
 ;/**
 ;  Saves the current CPU context that can be restored with a call to LongJ=
ump() and returns 0.#
--=20
2.28.0



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#65726): https://edk2.groups.io/g/devel/message/65726
Mute This Topic: https://groups.io/mt/77195592/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-