On Fri, 12 Jan 2024 at 12:38, Gerd Hoffmann <kra...@redhat.com> wrote:
>
> In some cases (specifically when the flash update region is
> small but crosses a multiple of P30_MAX_BUFFER_SIZE_IN_BYTES)
> NorFlashWriteSingleBlock reads only one instead of two
> P30_MAX_BUFFER_SIZE_IN_BYTES blocks into the shadow buffer.
>
> That leads to random crap being written to the second block,
> which in turn can corrupt both the variable store and the
> FTW work space. One observed corruption pattern is finding
> 0xaf (aka PcdDebugClearMemoryValue) right after the last
> entry in the FTW log. This should have been 0xff.
>
> This patch fixes the calculation.
>
> Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
Thanks a lot for taking the time to track this down and fix it.
Reviewed-by: Ard Biesheuvel <a...@kernel.org>
> ---
> OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
> b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
> index 1afd60ce66eb..cdc809d75e3d 100644
> --- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
> +++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
> @@ -566,7 +566,7 @@ NorFlashWriteSingleBlock (
> Instance,
> Lba,
> Offset & ~BOUNDARY_OF_32_WORDS,
> - (*NumBytes | BOUNDARY_OF_32_WORDS) + 1,
> + (((Offset & BOUNDARY_OF_32_WORDS) + *NumBytes) |
> BOUNDARY_OF_32_WORDS) + 1,
> Instance->ShadowBuffer
> );
> if (EFI_ERROR (Status)) {
> --
> 2.43.0
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113726): https://edk2.groups.io/g/devel/message/113726
Mute This Topic: https://groups.io/mt/103680932/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
