patina-v6.0.3
What's Changed
-
[REBASE \& FF] Update Memory Allocation HOB Processing @os-d (#657)
Change Details
## Description
This PR consists of two commits:
allocator: Allocate non-System Memory Allocation HOBs
Currently, Patina always attempts to call core_allocate_pages for memory allocation HOBs. However, this API can only be used on HOBs of type System Memory. Platforms may produce HOBs for non-System Memory regions, e.g. MMIO, which should be allocated directly in the GCD. The core does not rely on non-System Memory being allocated or not, but drivers may.
This patch updates the memory allocation HOB processing logic to call the correct memory allocation routine.
Closes #595
allocator: Don't Assert if Page 0 Has Memory Allocation HOB
edk2/Mu made a change to drop DXE IPL from creating memory allocation HOBs for page 0, which Patina was relying on. However, this is a recent change and many existing platforms still create the memory allocation HOBs. We should not debug_assert in this case, but simply let the allocation fail. We can still unmap the page for null pointer detection.
This also adjusts some stale comments.
Closes #656
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Updated unit tests and booted SBSA and Q35 to Windows. Also tested on physical platforms that exhibited these issues.
Integration Instructions
N/A.
</blockquote> <hr> </details>
-
.github: Add issue triager @makubacki (#651)
Change Details
## Description
Adds a GitHub workflow to "triage" issues when they are initially submitted. This includes applying labels based on content in the issue.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- Verified expected labels are added on patina fork
Integration Instructions
- N/A
-
patina\_stacktrace: Allow timestamps in input @makubacki (#626)
Change Details
## Description
Allow timestamps in the format "dd:dd:dd.ddd : " which is common in platform serial logs. It will be ignored like prefixes already are.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- Executed
resolve_stacktrace.ps1with the examples shown in the readme.
Integration Instructions
- N/A
-
[REBASE\&FF] patina\_sdk: Improve pointer provenance @Javagedes (#630)
Change Details
## Description
This commit enhances the pointer provenance tracking for allocations
made through the MemoryManager service in the Patina SDK. Pointer
provenance is crucial for ensuring memory safety, preventing undefined
behavior, allowing for enhanced compiler optimizations, and most
importantly, better evaluation of memory access patterns by static
analysis tools such as miri.For more information on pointer provenance, see:
https://doc.rust-lang.org/std/ptr/index.html#provenanceWith this commit, provenance is now exposed within the
core_allocate_pagesfunction via theexpose_provenancemethod, which
means any conversions of an address in the bounds of that allocation
will gain that pointer's provenance so long as it is converted via the
with_exposed_provenanceorwith_exposed_provenance_mutmethods.
Simple conversions likeas *mut Toras *const Tshould also pick up
the provenance, however, it is better to use the provided methods to
ensure provenance is tracked correctly.While this does help with provenance tracking once the allocation is
exposed to the caller ofcore_allocate_pages, further work should
eventually be done to either expose the pointer's provenance earlier in
the call-stack, or to generate and return a pointer type such as
NonNull<T>in the rust core, rather than ausize, as provenance is
maintained with these types.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
CI
Integration Instructions
N/A
</blockquote> <hr> </details>
-
Support for code coverage for misc\_boot\_services @HappyCoding-2025 (#477)
Change Details
## Description Addressing https://github.com//issues/253
How This Was Tested
Tested with cargo make coverage.
Coverage is now 100%</blockquote> <hr> </details>
-
patina\_sdk: MemoryManager unit tests @Javagedes (#629)
Change Details
## Description
Adds unit tests to the MemoryManager service bringing up test coverage
to ~97%.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
CI
Integration Instructions
N/A
</blockquote> <hr> </details>
-
Patina DXE Core Requirements: Native address width requirements @makubacki (#617)
Change Details
## Description
Closes #615
Describe the default Patina DXE Core behavior to allocate top-down (intentional to catch bugs) so that the behavior is clear when reviewing the DXE Core requirements and readers understand they should audit their code or, at least be aware of this behavior per the requirements if an issue arises.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
cargo make cspell& CI
Integration Instructions
- N/A
-
[REBASE\&FF] Prevent panic on failed consumption of PageAllocation @Javagedes (#619)
Change Details
## Description
A PageAllocation can be converted to different types in multiple different ways. Some of these ways are fallable, if the type being converted to is too large. In a scenario where the conversion failed, the code was found to panic because the
dropimplementation is called, which purposefully panics.To fix this, on a failed conversion, we manually free the pages and forget the instance, so that
dropis not called and the panic does not occur.The other option would be to add a new field to the page allocation that tracked if the page allocation failed to convert, and use that to determine if we should panic. This was found to be a poor solution.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Added CI tests to ensure the panic no longer occurs.
Integration Instructions
N/A
</blockquote> <hr> </details>
-
Remove the exclusion of patina\_sdk\_macro from code coverage @Javagedes (#611)
Change Details
## Description
The patina_sdk_macro crate keeps being added as an exclusion in the Makefile because an older version of cargo tarpaulin would crash when testing macro crates. When local developers hit this issue, they are adding the crate to the excluded list, when the real solution is to upgrade to the version of cargo tarpaulin specified in the rust-toolchain.toml file. This change has snuck in and been merged a time or two I think. So just removing the exclusion again.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
CI Passes
Integration Instructions
N/A
</blockquote> <hr> </details>
-
chore: Release v6.0.2 @os-d (#614)
Change Details
## Description
6.0.2 was released.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
N/A.
Integration Instructions
N/A.
</blockquote> <hr> </details>
🐛 Bug Fixes
-
patina\_sdk: PageAllocation: Do not drop uninitialized memory @Javagedes (#623)
Change Details
## Description
This commit does the following two things:
-
Brings the user interface for leaking to be similar to Box::leak which is to say we no longer require the lifetime of the leaked data to be
static, but still clearly state that dropping the reference will result in a memory leak. -
Similar to #622 and the issue #621, when filling a slice, the existing memory is treated as initialized and is thus dropped when replaced with the default value. #622 resolved the issue in
into_boxed_slicebut did not fixleak_as_slice, which this commit resolves by moving the logic ofinto_boxed_sliceintoleak_as_slicethen re-usingleak_as_sliceininto_boxed_slice
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
CI passes
Integration Instructions
N/A
</blockquote> <hr> </details> -
-
patina\_sdk: PageAllocation: Do not call `Drop` on unitialized memory @Javagedes (#622)
Change Details
## Description
As referenced in #621, when filling the slice for
into_boxed_slice, the value being replaced (which is uninitialized) has it'sDropimplementation called because the function believes the data is initialized. This commit updates the logic to use MaybeUninit, so that when the value is inserted, the replaced, uninitialized data, does not have it'sDropimplementation called- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Failing test that detected this is now passing.
Integration Instructions
N/A
</blockquote> <hr> </details>
📖 Documentation Updates
-
[REBASE \& FF] Docs: Add Rejected RFCs folder and Move First Rejected RFC There @os-d (#624)
Change Details
## Description
This commit adds a directory to track rejected RFCs and updates the documentation accordingly. The details are in the documentation itself. This could have been an RFC, but has already been agreed upon and is a small change, more of a clarification. If desired, I can move this to the RFC process. Note, this does not change the approved RFC directory name, which is
text, though that could be changed toapprovedto distinguish it fromrejected.This also moves the first and so far only rejected RFC to this new rejected directory.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
N/A.
Integration Instructions
N/A.
</blockquote> <hr> </details>
Full Changelog: patina-v6.0.2...v6.0.3
