Re: [edk2] [MdeModulePkg] SetVirtualAddressMap() crashed due to DxeReportStatusCodeLib assuming the state of the BootService Memory at runtime.

Mon, 08 Aug 2016 18:22:15 -0700 

Andrew,

Should MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib be used for your case 
if there are really runtime status code reporting needed?

Thanks,
Star
-----Original Message-----
From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Andrew 
Fish
Sent: Tuesday, August 9, 2016 7:08 AM
To: edk2-devel <edk2-devel@lists.01.org>
Subject: [edk2] [MdeModulePkg] SetVirtualAddressMap() crashed due to 
DxeReportStatusCodeLib assuming the state of the BootService Memory at runtime.

I was messing about with an ExitBootServices test that fills boot services 
memory with 0xAFAFAFAFAFAFAFAF (It was Vincent's idea to use my Initials but it 
has the handy property of being a non-cononical address and causes on GP fault 
on X64) and SetVirtualAddressMap() started crashing. 

It looks like this code is assuming the 1st call to ReportStatus code will not 
happen at runtime. This is not the case for the RuntimeDxe driver. 
https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Library/DxeReportStatusCodeLib/ReportStatusCodeLib.c#L43
VOID
InternalGetReportStatusCode (
  VOID
  )
{
  EFI_STATUS  Status;

  if (mReportStatusCodeLibStatusCodeProtocol != NULL) {
    return;
  }

  //
  // Check gBS just in case ReportStatusCode is called before gBS is 
initialized.
  //
  if (gBS != NULL && gBS->LocateProtocol != NULL) {
    Status = gBS->LocateProtocol (&gEfiStatusCodeRuntimeProtocolGuid, NULL, 
(VOID**) &mReportStatusCodeLibStatusCodeProtocol);
    if (EFI_ERROR (Status)) {
      mReportStatusCodeLibStatusCodeProtocol = NULL;
    }
  }
}

I'm guessing this seems to work due 
to:https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c#L803

  //
  // Zero out the Boot Service Table
  //
  ZeroMem (gBS, sizeof (EFI_BOOT_SERVICES));


Thus if I'm looking at this code correctly it only looks like it works at 
Runtime since it is depending on the value of a boot services memory buffer not 
changing. This is not a valid assumption as that code is owned by the caller of 
ExitBootServices, so it should be legal for my test to change the value. 

I wanted to get a few more eyes on this prior to filling a bug?

Thanks,

Andrew Fish


_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Reply via email to