DescEnd will be clipped for alignment in CoreFindFreePagesI, and it
may fall below DescStart, when alignment is more than 16KB (included)
and both DescStart and original DescEnd fall into a single range of
such alignment. This results in a huge size (Negative number in
unsigned type) for this descriptor, fulfilling the allocation
requirement but failing to run ConvertPages; at last it causes
occasional failure of AllocatePages.
A simple comparison is added to ensure we would never get a negative
number.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Heyi Guo <heyi....@linaro.org>
---
MdeModulePkg/Core/Dxe/Mem/Page.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/MdeModulePkg/Core/Dxe/Mem/Page.c b/MdeModulePkg/Core/Dxe/Mem/Page.c
index a92c865..f2efaf1 100644
--- a/MdeModulePkg/Core/Dxe/Mem/Page.c
+++ b/MdeModulePkg/Core/Dxe/Mem/Page.c
@@ -1051,6 +1051,11 @@ CoreFindFreePagesI (
DescEnd = ((DescEnd + 1) & (~(Alignment - 1))) - 1;
+ // Skip if DescEnd is less than DescStart after alignment clipping
+ if (DescEnd < DescStart) {
+ continue;
+ }
+
//
// Compute the number of bytes we can used from this
// descriptor, and see it's enough to satisfy the request
--
2.1.4
------------------------------------------------------------------------------
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel
