patina-v20.1.3

What's Changed

• pecoff: Miscellaneous fixes/updates for load\_resource\_section [Rebase \& FF] @makubacki (#1431)
  
  Change Details

    ## Description

  pecoff: Fix resource string offset and UTF-16LE comparison

  The HII string lookup in load_resource_section calculated the string
  data offset as name_offset + 1, but DirectoryString has a
  2-byte length field (followed by the string data), so the correct
  offset is name_offset + sizeof(DirectoryString).

  "Resource Directory String" is defined here in the PE/COFF spec:

  https://learn.microsoft.com/windows/win32/debug/pe-format#resource-directory-string

  The comparison constant used was [0x00, 0x48, 0x00, 0x49, 0x00, 0x49]
  which matched the shifted byte sequence from the wrong offset instead
  of the correct UTF-16LE bytes for "HII" which is:
  [0x48, 0x00, 0x49, 0x00, 0x49, 0x00].

  ---

  pecoff: Advance iteration in resource directory parsing

  Today, the code in load_resource_section iterates the number of
  named entry times but doesn't actually update the directory_entry
  to the offset for the current iteration. This change makes that
  adjustment.

  This worked before because images with HII resource sections either
  had a sinlge section or the HII section was the first section.

  I couldn't find any existing images that have more than one resource
  directory entry, so I had to create a simple section with two entries
  in the unit test.

  ---

  pecoff: Prevent potential overflow in load_resource_section

  Since resource_directory_string.length is a u16, a .length
  value of > 32767 could cause an overflow when multiplied by 2
  since the multiplication done before the cast to usize.

  This change updates the code to perform the multiplication after the
  cast to usize which is the type the result is assigned to
  (the type of name_end_offset).

  ---

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • cargo make all
  • Q35 and SBSA boot to EFI shell

  Integration Instructions

  • N/A
    

  
  

  ---

• [patina\_internal\_cpu] remove alloc usage @kuqin12 (#1423)
  
  Change Details

    ## Description

  Patina internal CPU hosts the interrupt manager and other fundamental functionalities, which should not work on top of the allocator.

  Admittedly, the current crate can support more advanced components that works on top of exception forwarding, but this should not be treated as a required dependency.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  This was tested on QEMU Q35 and booted to UEFI shell.

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

• patina\_dxe\_core: Add DxeDispatch service for driver dispatch @kat-perez (#1421)
  
  Change Details

    ## Description

  Add a DxeDispatch service trait in the SDK and a CoreDxeDispatch
  implementation in patina_dxe_core that delegates to the PI dispatcher.
  The service is registered alongside other core services (MemoryManager,
  PerfTimer, etc.) and consumed via dependency injection by components
  that need to trigger driver dispatch passes.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • Built SBSA DXE core binary with BootDispatcher + SimpleBootManager consuming the service via DI
  • Booted Windows ARM64 under QEMU SBSA-ref with Patina BDS handling the full boot flow
  • Connect-dispatch interleaving discovered AHCI device, expanded partial device path, loaded Windows bootloader, ExitBootServices completed
  • 106 on-system unit tests passed (0 fails)

  Integration Instructions

  The DxeDispatch service is registered automatically by the DXE core.
  Components consume it via dependency injection:

  fn entry_point(self, dxe_dispatch: Service<dyn DxeDispatch>) -> Result<()> {
      dxe_dispatch.dispatch()?;
      Ok(())
  }

    </blockquote>
    <hr>
  </details>
  

• patina\_mm: Make MmCommunicator::mm\_executor non-dyn [Rebase \& FF] @makubacki (#1428)
  
  Change Details

    ## Description

  Two commits to address backlog issues.

  ---

  patina_mm: Drop communicator pointer

  Removes the communicator pointer from the ProtocolNotifyContext
  struct and referencing code. This pointer has not been used since a
  refactor and is only used for a debug print.

  ---

  patina_mm: Make MmCommunicator::mm_executor non-dyn

  Closes #874

  Replaces Box<dyn MmExecutor> with a generic type parameter
  (E: MmExecutor + 'static) that defaults to RealMmExecutor. This
  keeps the expected default executor for non-test scenarios while
  allowing test code to specify other executor types without needing
  to box them.

  Generic methods (e.g. with_executor() and set_test_comm_buffers())
  are split into a separate impl<E> block since #[component] applies
  to the default-type impl only. Debug and MmCommunication impls are
  similarly updated to be generic over E.

  Unit and integration tests now use concrete executor types directly
  instead of boxing them.

  ---

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • cargo make all
  • QEMU Q35 boot to EFI shell using patina_mm components

  Integration Instructions

  • Review the changes to the MmCommunicator public structure to determine if any code that might be using it needs to be updated.

  Note: This is not being marked as a breaking change per Patina "semantic preserving" guidelines.
  

  
  

  ---

  
  

• perf: Simplify generic type parameters in performance entry points @makubacki (#1426)
  
  Change Details

    ## Description

  Closes #750

  Reduces the number of generic type parameters in performance component functions by dropping the BB/B and RR/R indirection pattern.

  That pattern used a wrapper type (BB: AsRef<B>) alongside its underlying trait (B: BootServices). The AsRef indirection is not needed since StandardBootServices and MockBootServices both implement BootServices + Clone.

  Generic reductions:

  • _entry_point() from 6 generics (BB, B, RR, R, P, F) to 4 (B, R, P, F)
  • report_fbpt_record_buffer() from 5 generics (BB, B, RR, R, F) to 3 (B, R, F)
  • fetch_and_add_mm_performance_records() from 3 generics (BB, B, F) to 2 (B, F)
  • MmPerformanceEventContext() from 3 generics (BB, B, F) to 2 (B, F)

  Also:

  • Replaces .as_ref().method() calls with direct .method() calls
  • Replaces BB::clone(&x) with x.clone()
  • Removes Rc wrapping from performance tests

  ---

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • cargo make all
  • Q35 boot with performance component enabled

  Integration Instructions

  • N/A

  ---

  Note: This is to close an old backlog item as mentioned in the link GitHub issue.
  

  
  

  ---

  
  

• .github: Pass head-sha to QEMU validation workflows @makubacki (#1425)
  
  Change Details

    ## Description

  A new head-sha input parameter was added to the QEMU validation workflows. This allows the workflow to have access to the head SHA of the PR, which is useful for applying status check results.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • patina fork

  Integration Instructions

  • N/A - Only impacts local workflows in repo CI

    </blockquote>
    <hr>
    

• .github: Add integration changes for PR validation status check @makubacki (#1424)
  
  Change Details

    ## Description

  Contributes to OpenDevicePartnership/patina-devops#108

  Passes head-sha and conclusion args to the QEMU post-processing workflow.

  This allows the post-processing workflow to set commit status including cases like when the workflow is cancelled.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • Run successful, cancelled, and failing Patina QEMU PR Validation scenarios on fork

  Integration Instructions

  • N/A
    

  
  

  ---

• [patina\_dxe\_core] Add info to assert on fragmented free memory in spin\_locked\_gcd @thomashinds (#1419)
  
  Change Details

    ## Description

  Minor update to the assert in spin_locked_gcd.rs for the case where free memory is fragmented to include the address and attributes of offending regions in the error message for ease of debugging. Also converts the assert with message to an error print and assert so the issue can be logged in release builds as well, rather than silently ignored.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Tested on my physical ARM platform in debug & release.

  Integration Instructions

  n/a
  

  
  

  ---

  
  

🐛 Bug Fixes

• [patina\_internal\_cpu] fixing test instability @kuqin12 (#1438)
  
  Change Details

    ## Description

  The previous PR merged with intermittent testing stability: when the tests are run concurrently, some tests could fail based on timing. i.e.:
  https://github.com/OpenDevicePartnership/patina/actions/runs/23577664570/job/68653514272#step:5:1395

  The idea is to put a lock on the test and extend the test to register and unregister within each individual test.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  This was tested locally and on the pipeline to not trip on the same error.

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

Full Changelog: patina-v20.1.2...v20.1.3