On Fri, 12 Jan 2024 at 12:38, Gerd Hoffmann <kra...@redhat.com> wrote: > > In some cases (specifically when the flash update region is > small but crosses a multiple of P30_MAX_BUFFER_SIZE_IN_BYTES) > NorFlashWriteSingleBlock reads only one instead of two > P30_MAX_BUFFER_SIZE_IN_BYTES blocks into the shadow buffer. > > That leads to random crap being written to the second block, > which in turn can corrupt both the variable store and the > FTW work space. One observed corruption pattern is finding > 0xaf (aka PcdDebugClearMemoryValue) right after the last > entry in the FTW log. This should have been 0xff. > > This patch fixes the calculation. > > Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
Thanks a lot for taking the time to track this down and fix it. Reviewed-by: Ard Biesheuvel <a...@kernel.org> > --- > OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c > b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c > index 1afd60ce66eb..cdc809d75e3d 100644 > --- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c > +++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c > @@ -566,7 +566,7 @@ NorFlashWriteSingleBlock ( > Instance, > Lba, > Offset & ~BOUNDARY_OF_32_WORDS, > - (*NumBytes | BOUNDARY_OF_32_WORDS) + 1, > + (((Offset & BOUNDARY_OF_32_WORDS) + *NumBytes) | > BOUNDARY_OF_32_WORDS) + 1, > Instance->ShadowBuffer > ); > if (EFI_ERROR (Status)) { > -- > 2.43.0 > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#113726): https://edk2.groups.io/g/devel/message/113726 Mute This Topic: https://groups.io/mt/103680932/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-