From: Ruiyu Ni <ruiyu.ni@intel.com>
Date: Tue, 17 Oct 2017 01:46:27 +0000 (+0800)
Subject: UefiCpuPkg/MtrrLib: Fix MtrrDebugPrintAllMtrrsWorker to avoid hang
X-Git-Tag: edk2-stable201903~3212
X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=1c29d03869355a5e9dfafb88332c139d8c5c2215

UefiCpuPkg/MtrrLib: Fix MtrrDebugPrintAllMtrrsWorker to avoid hang

ARRAY_SIZE(Mtrrs->Variables.Mtrr) was used in
MtrrDebugPrintAllMtrrsWorker() to parse the MTRR registers.
Instead, the actual variable MTRR count should be used.
Otherwise, the uninitialized random data in MtrrSetting may cause
MtrrLibSetMemoryType() hang.

Steven Shi found this bug in QEMU when using Q35 chip.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Steven Shi <steven.shi@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
---

diff --git a/UefiCpuPkg/Library/MtrrLib/MtrrLib.c b/UefiCpuPkg/Library/MtrrLib/MtrrLib.c
index 2fd1d0153e..cb22558103 100644
--- a/UefiCpuPkg/Library/MtrrLib/MtrrLib.c
+++ b/UefiCpuPkg/Library/MtrrLib/MtrrLib.c
@@ -2776,6 +2776,7 @@ MtrrDebugPrintAllMtrrsWorker (
     UINTN             RangeCount;
     UINT64            MtrrValidBitsMask;
     UINT64            MtrrValidAddressMask;
+    UINT32            VariableMtrrCount;
     MTRR_MEMORY_RANGE Ranges[
       ARRAY_SIZE (mMtrrLibFixedMtrrTable) * sizeof (UINT64) + 2 * ARRAY_SIZE (Mtrrs->Variables.Mtrr) + 1
       ];
@@ -2785,6 +2786,8 @@ MtrrDebugPrintAllMtrrsWorker (
       return;
     }
 
+    VariableMtrrCount = GetVariableMtrrCountWorker ();
+
     if (MtrrSetting != NULL) {
       Mtrrs = MtrrSetting;
     } else {
@@ -2802,7 +2805,7 @@ MtrrDebugPrintAllMtrrsWorker (
       DEBUG((DEBUG_CACHE, "Fixed MTRR[%02d]   : %016lx\n", Index, Mtrrs->Fixed.Mtrr[Index]));
     }
 
-    for (Index = 0; Index < ARRAY_SIZE (Mtrrs->Variables.Mtrr); Index++) {
+    for (Index = 0; Index < VariableMtrrCount; Index++) {
       if (((MSR_IA32_MTRR_PHYSMASK_REGISTER *)&Mtrrs->Variables.Mtrr[Index].Mask)->Bits.V == 0) {
         //
         // If mask is not valid, then do not display range
@@ -2829,11 +2832,11 @@ MtrrDebugPrintAllMtrrsWorker (
     RangeCount = 1;
 
     MtrrLibGetRawVariableRanges (
-      &Mtrrs->Variables, ARRAY_SIZE (Mtrrs->Variables.Mtrr),
+      &Mtrrs->Variables, VariableMtrrCount,
       MtrrValidBitsMask, MtrrValidAddressMask, RawVariableRanges
       );
     MtrrLibApplyVariableMtrrs (
-      RawVariableRanges, ARRAY_SIZE (RawVariableRanges),
+      RawVariableRanges, VariableMtrrCount,
       Ranges, ARRAY_SIZE (Ranges), &RangeCount
       );