Hi Ganapat,

The issue is actually in GetEnvironmentVariable(). The function should have copied the default value to reflect the behaviour of value loaded from RUNTIME_SERVICES.GetVariable().

I fixed the issue in SVN rev 15427 (2nd April 2014).

Thanks a lot for having reported the issue,

Olivier

 

From: linaro-uefi-bounces@lists.linaro.org [mailto:linaro-uefi-bounces@lists.linaro.org] On Behalf Of Ganapatrao Kulkarni
Sent: 01 April 2014 06:57
To: linaro-uefi@lists.linaro.org
Subject: Re: [Linaro-uefi] ARM64: seeing FDT DevicePath node Corruption!!

 

any comments?

 

 

On Mon, Mar 24, 2014 at 5:10 PM, Ganapatrao Kulkarni <gpkulkarni@gmail.com> wrote:

In my case, both variables DefaultFdtDevicePath and FdtDevicePath are
holding the same address.
this is because the function gRT->GetVariable (as called from
GetEnvironmentVariable) returing status as 14(EFI_NOT_FOUND)
and hence code setting FdtDevicePath same as DefaultFdtDevicePath
(This is rootcause for the issue what i explained in previous email).

IMHO, it is a potential bug to execute FreePool (DefaultFdtDevicePath)
unconditionally.

the probable fix could be,

diff --git a/ArmPlatformPkg/Bds/BootOption.c b/ArmPlatformPkg/Bds/BootOption.c
index edd193e..be93d28 100644
--- a/ArmPlatformPkg/Bds/BootOption.c
+++ b/ArmPlatformPkg/Bds/BootOption.c
@@ -90,6 +90,7 @@ BootOptionStart (
         Status = GetEnvironmentVariable ((CHAR16 *)L"Fdt",
&gArmGlobalVariableGuid,
                    DefaultFdtDevicePath, &FdtDevicePathSize, (VOID
**)&FdtDevicePath);
         ASSERT_EFI_ERROR(Status);
+      if (DefaultFdtDevicePath != FdtDevicePath)
         FreePool (DefaultFdtDevicePath);
       }
       Status = BdsBootLinuxFdt (BootOption->FilePathList,


please comment?

regards
Ganapat




On Sun, Mar 23, 2014 at 11:50 PM, Ganapatrao Kulkarni
<gpkulkarni@gmail.com> wrote:
> Hi,
>
> I am trying to port edk2 to our ARM64 platform simulator and seeing
> strange behaviour.
>
> I see the content of FdtDevicePath is getting changed, after executing
> the function
> BdsLoadImage() to load the Linux Image file.
> Because of this, when BdsLoadImage function is called to load the
> fdt.dtb file, the execution goes in infinite loop.
>
> After debugging, i am seeing that, it is happenig due to corrution of
> FDT device path.
>
> Before the BdsLoadImage() called to load Linux Image file,
> the FDT device path(0xFBC8B918) content is valid, ie
> DevicePathFdt->Type = 1.
> DevicePathFdt ->SubType= 4.
> DevicePathFdt->Lenght[0] = 20.
>
> After the Linux Image is loaded, it is changes as below,
> DevicePathFdt->Type = 112
> DevicePathFdt ->SubType= 111
> DevicePathFdt->Lenght[0] = 100
>
> further debugging, i see this happening by below lines of code, in function
> CoreLocateHandle(), MdeModulePkg/Core/Dxe/Hand/Locate.c
>
> //
>     // Increase the resulting buffer size, and if this handle
>     // fits return it
>     //
>     ResultSize += sizeof(Handle);
>     if (ResultSize <= *BufferSize) {
>         *ResultBuffer = Handle;  <= this line is corrupting the
> devicepath of FDT.
>         ResultBuffer += 1;
>     }
>   }
>
> Not able to understand what causing this corruption.
> Any clue on what is going wrong?
> Any suggestions for further debugging?
>
> BTW, I am using edk2 source from
> git://git.linaro.org/uefi/linaro-edk2.git, branch master
>
>
> thanks
> Ganapat