PlatformInitLib: Init the EmuVariableNvStore before copy data

wojiaohanliyang Sun, 14 Jul 2024 05:25:12 -0700

From: hanliyang <wojiaohanliy...@163.com>

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4807


In the case launch with just OVMF.fd, if we just init part of the
EmuVariableNvStore, then EmuVariableFvbRuntimeDxe will skip the
initialize process of the EmuVariableNvStore and the Ftw (Fault
Tolerant Write) part of the EmuVariableNvStore will not be
initialized before the Ftw part is accessed. When we launch a SEV
guest, the FaultTolerantWriteDxe will get scrambled data when read
Ftw part of the EmuVariableNvStore, the FaultToleranteWriteDxe
access address specified by the scrambled data will cause invalid
address access and crash. The crash message is shown as below.

Loading driver at 0x000BDB92000 EntryPoint=0x000BDB95EF4 
FaultTolerantWriteDxe.efi
InstallProtocolInterface: BC62157E-3E33-4FEC-9920-2D3B36D750DF BDE01D98
ProtectUefiImageCommon - 0xBDE01040
  - 0x00000000BDB92000 - 0x0000000000005B00
Ftw: FtwWorkSpaceLba - 0x40, WorkBlockSize  - 0x1000, FtwWorkSpaceBase - 0x0
Ftw: FtwSpareLba     - 0x42, SpareBlockSize - 0x1000
Ftw: NumberOfWorkBlock - 0x1, FtwWorkBlockLba - 0x40
Ftw: WorkSpaceLbaInSpare - 0x0, WorkSpaceBaseInSpare - 0x0
Ftw: Remaining work space size - FE0
!!!! X64 Exception Type - 0D(#GP - General Protection)  CPU Apic ID - 00000000 
!!!!
ExceptionData - 0000000000000000
RIP  - 00000000BDB92459, CS  - 0000000000000038, RFLAGS - 0000000000010286
RAX  - 587E3201A019FB0C, RCX - 587E3200E238F994, RDX - 0000000000000001
RBX  - 00000000BDE10018, RSP - 00000000BFB79AD8, RBP - 0000000000000FE0
RSI  - 00000000BDE100A8, RDI - 00000000BDE10128
R8   - D4642A9DFB7C79BE, R9  - 00000000000003F8, R10 - 00000000BDB96602
R11  - 0000000000000002, R12 - 00000000BDE100A0, R13 - 0000000000000000
R14  - 0000000000000001, R15 - 00000000BFBA76C0
DS   - 0000000000000030, ES  - 0000000000000030, FS  - 0000000000000030
GS   - 0000000000000030, SS  - 0000000000000030
CR0  - 0000000080010033, CR2 - 0000000000000000, CR3 - 00000000BF801000
CR4  - 0000000000000668, CR8 - 0000000000000000
DR0  - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000
DR3  - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400
GDTR - 00000000BF5DC000 0000000000000047, LDTR - 0000000000000000
IDTR - 00000000BEF0C018 0000000000000FFF,   TR - 0000000000000000
FXSAVE_STATE - 00000000BFB79730
!!!! Find image based on IP(0xBDB92459) 
/dev/shm/edk2/Build/OvmfX64/DEBUG_GCC5/X64/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe/DEBUG/FaultTolerantWriteDxe.dll
 (ImageBase=00000000BDB92000, EntryPoint=00000000BDB95EF4) !!!!

Fixes: 4f173db8b45b ("OvmfPkg/PlatformInitLib: Add functions for 
EmuVariableNvStore")
Signed-off-by: hanliyang <wojiaohanliy...@163.com>
---
 OvmfPkg/Library/PlatformInitLib/Platform.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/OvmfPkg/Library/PlatformInitLib/Platform.c 
b/OvmfPkg/Library/PlatformInitLib/Platform.c
index 0a720a4c2c..5dbc5506f4 100644
--- a/OvmfPkg/Library/PlatformInitLib/Platform.c
+++ b/OvmfPkg/Library/PlatformInitLib/Platform.c
@@ -905,6 +905,8 @@ PlatformReserveEmuVariableNvStore (
 
 #define CLEARED_ARRAY_STATUS  0x00
 
+#define ERASED_UINT8  0xff
+
 /**
  When OVMF is lauched with -bios parameter, UEFI variables will be
  partially emulated, and non-volatile variables may lose their contents
@@ -982,6 +984,24 @@ PlatformInitEmuVariableNvStore (
 
   DEBUG ((DEBUG_INFO, "Init EmuVariableNvStore with the content in 
FlashNvStorage\n"));
 
+  //
+  // Init the whole EmuVariableNvStore before copy the content from
+  // FlashNvStorage to the EmuVariableNvStore.
+  //
+  // In the case launch with just OVMF.fd, if we just init part of the
+  // EmuVariableNvStore, then EmuVariableFvbRuntimeDxe will skip the
+  // initialize process of the EmuVariableNvStore and the Ftw (Fault
+  // Tolerant Write) part of the EmuVariableNvStore will not be
+  // initialized before the Ftw part is accessed. When we launch a SEV
+  // guest, the FaultTolerantWriteDxe will get scrambled data when read
+  // Ftw part of the EmuVariableNvStore, the FaultToleranteWriteDxe
+  // access address specified by the scrambled data will cause invalid
+  // address access and crash.
+  //
+  // The method to init EmuVariableNvStore here references
+  // OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c.
+  //
+  SetMem (EmuVariableNvStore, EmuVariableNvStoreSize, ERASED_UINT8);
   CopyMem (EmuVariableNvStore, Base, Size);
 
   return EFI_SUCCESS;
-- 
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119928): https://edk2.groups.io/g/devel/message/119928
Mute This Topic: https://groups.io/mt/107212943/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH 2/3] OvmfPkg/PlatformInitLib: Init the EmuVariableNvStore before copy data

Reply via email to