patina-v21.2.0
What's Changed
-
[REBASE \& FF] Add Stack Overflow Hint in Exception Handlers @os-d (#1554)
Change Details
## Description
Stack overflows show up as page faults in the exception handler, which can be hard to distinguish from other kinds of page faults. This PR contains three commits to provide a hint that a stack overflow occurred.
x64: IDT: Use a Separate Stack for Page Fault Exceptions
Currently, only double faults use a separate stack. However, a stack overflow manifests as a page fault, so taking a stack overflow causes a double fault. This makes it harder to reason about what the fault was.
This commit instead using a separate stack for x64 page faults, aligning with the aarch64 side. This is in preparation for giving better information about stack overflows in the exception handlers.
exception handlers: Print Stack Overflow Hint
Currently, stack overflows show up as page faults in the exception handlers. This can make it hard to identify when a different page fault has occurred.
This commit introduces a heuristic to hint that a stack overflow likely occurred in the exception handler. It checks if the faulting address is on the same page as or one page lower than the stack pointer. In some cases, the stack pointer is incremented first, then data is written (in which case the faulting address is on the same page as the stack pointer) and in other cases the data is written before the stack pointer is decremented (so the faulting address is on the page below the stack pointer).
A pretty message is then printed to indicate a stack overflow occurred.
internal_cpu: Rename EfiExceptionStackTrace Trait
The EfiExceptionStackTrace trait is an internal trait that originally was just used so the common exception handler can use arch specific stack trace dumping.
However, this was expanded to also include dumping a page table walk, so the name is not accurate.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
In Q35 and SBSA testing stack overflows which now look like:
Integration Instructions
N/A.
-
patina: Add Memory Type Information HOB serialization to the SDK @makubacki (#1556)
Change Details
## Description
Adds a
HobSerDe::MemoryTypeInformationvariant so that GUID extension HOBs matchingMEMORY_TYPE_INFO_HOB_GUIDare serialized with their parsed payload instead of being collapsed into a genericGuidExtensionentry.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
cargo make all
Integration Instructions
- N/A
-
Move Patina QEMU PR Validation workflows to patina-devops main branch @makubacki (#1555)
Change Details
## Description
The workflows were previously using a branch dedicated to creating the workflow. All of the changes are in main now, so the workflows can use the main branch instead.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- All of the changes in the branch previously being used
patina_e2e_plat_validation
Integration Instructions
- N/A
-
Minor Test Bug Fix: Initialize GCD before allocating SystemTable @vineelko (#1551)
Change Details
## Description
Initialize GCD before allocating SystemTable, otherwise below is the call flow causing stack corruption.
test_init_driver_services() EfiSystemTable::allocate_new_table() EfiRuntimeServicesTable::allocate_new_table() Box::new_in(...) Box::try_new_uninit_in(...) uefi_allocator::...::allocate() fixed_size_block_allocator::...::allocate() self.allocate_from_gcd() // Attempts to allocate from uninitialized GCD!- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
cargo nextest run driver_services::tests::test_init_driver_servicesIntegration Instructions
NA
-
patina\_internal\_collections: Replace array\_windows with windows (MSRV 1.89.0 compat) @makubacki (#1547)
Change Details
## Description
array_windowswas introduced in Rust 1.94 and to patina in commit 856bda1, our MSRV is 1.89.Replace
array_windowswithwindowsand adjust the loop body accordingly to pass the MSRV check.
Issue before:
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
cargo make all- MSRV Check workflow being added in https://github.com/OpenDevicePartnership/patina/pull/1546
Integration Instructions
- N/A
-
[mm] Do not introduce `talk_to_supervisor` bit @kuqin12 (#1544)
Change Details
## Description
Even the status buffer definition from basecore has this bit set:
However, with the current usage of MM communicate, this bit is not needed for the proper communication invocation:
In addition, the updated MM supervisor will no longer rely on this bit to differentiate the target channel, thus will not need this bit in the future, either.
This change removes the bit definition and the associated usage.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
This was tested locally and booted to Windows desktop. Pipeline should verify the same as well.
Integration Instructions
N/A
🚀 Features & ✨ Enhancements
-
patina\_debugger: Do not initialize the transport by default @cfernald (#1550)
Change Details
## Description
This change removes the default behavior to initialize the debugger transport serial port. Most systems will use a shared transport, and so the re-initialization is at best unnecessary. In some scenarios the Patina serial transport initialization may stomp on the existing configuration. This has caused confusion on multiple platforms during enablement. It is best to just skip unless requested. This commit inverts the default, deprecates
without_transport_init, and introduceswith_transport_initfor the rare platforms that require this.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Tested that Q35 & SBSA debuggers still function
Integration Instructions
Platforms using
without_transport_init()may safely drop that function call. There are no known platforms that require transport initialization, but if so those should now callwith_transport_init()as needed.
🐛 Bug Fixes
-
Ensure cache consistency when changing to uncached memory [FF \& REBASE] @cfernald (#1540)
Change Details
## Description
patina_internal_cpu: Flush data cache which switching to uncached
When switching memory from a cached normal memory to a uncached or device
memory, the cache lines may stuill exist. Some platforms may snoop this
cache, but this is not guaranteed. To ensure data consistency accross all
platforms, the data cache should be explicitly cleaned.This commit adds a arc architectural callout for when caching is changed.
For AARCH64 this will flush and invalidate the data cache when chaning
from a cached to a uncached memory type.patina_internal_cpu: Fix stride bug in cache operations
The current cache operations for aarch64 is using the cache line size mask
as the stride causing later cache lines to be skipped. This commit cleans
up the variables for clarity and adds input validation.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Tested on physical and virtual platform
- Boot to OS
- One off test for cache coherency
Integration Instructions
N/A
🔐 Security Impacting
-
[REBASE \& FF] Enable Clippy's Deny indexing\_slicing Lint @os-d (#1517)
Change Details
## Description
This enables an optional clippy lint to disallow direct slice indexing. First, all instances in the codebase are fixed or explicitly allowed.
The only places they are explicitly allowed are:
- In const functions because .get() is currently not const. An unstable feature could be enabled to allow this, but because const functions are evaluated at build time, it did not seem worthwhile to enable
- In test code
Each crate was updated separately to make any future bisects easier to identify where an issue occurred and to allow reviewers to focus on crates they care about.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Unit tests, booting to Win/Linux on Q35/SBSA and Windows on a physical Intel platform.
Integration Instructions
Clippy will now fail when direct slice indexing is used. Developers must either use .get() (preferred) or disable the lint at the smallest level possible if it is not possible to use .get().
Full Changelog: patina-v21.1.1...v21.2.0
