Re: [Qemu-devel] [PATCH 3/7] HACK: HobLib: workaround infinite loop

[Laszlo Ersek]

On 02/23/18 14:23, address@hidden wrote:
> From: Marc-André Lureau <address@hidden>
> 
> Without this hack, GetNextHob() loops infinitely with the next patch.
> I don't understand the reason.
> 
> The loop is triggered by the GetFirstGuidHob (&gTpmErrorHobGuid) call.
> 
> CC: Laszlo Ersek <address@hidden>
> CC: Stefan Berger <address@hidden>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Marc-André Lureau <address@hidden>
> ---
>  MdePkg/Library/PeiHobLib/HobLib.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/MdePkg/Library/PeiHobLib/HobLib.c 
> b/MdePkg/Library/PeiHobLib/HobLib.c
> index 5c0eeb992f..ed3c5fbd6d 100644
> --- a/MdePkg/Library/PeiHobLib/HobLib.c
> +++ b/MdePkg/Library/PeiHobLib/HobLib.c
> @@ -89,6 +89,10 @@ GetNextHob (
>      if (Hob.Header->HobType == Type) {
>        return Hob.Raw;
>      }
> +    if (GET_HOB_LENGTH (HobStart) == 0) {
> +        DEBUG ((DEBUG_INFO, "FIXME: GetNextHob length == 0"));
> +        return NULL;
> +    }
>      Hob.Raw = GET_NEXT_HOB (Hob);
>    }
>    return NULL;
> 

Strange. The HobLength field is supposed to include the size of the HOB header, 
so it should never be zero.

Furthermore, the PEI core initializes the HOB list; it should be terminated 
with an End-of-HOB-List HOB:

PeiCore()                             [MdeModulePkg/Core/Pei/PeiMain/PeiMain.c]
  InitializeMemoryServices()          
[MdeModulePkg/Core/Pei/Memory/MemoryServices.c]
    PeiCoreBuildHobHandoffInfoTable() [MdeModulePkg/Core/Pei/Hob/Hob.c]

I tried to reproduce this issue by:
- applying patches 1, 2, and 4
- in function PeimEntryMA(), file "SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c", moving 
the GetFirstGuidHob (&gTpmErrorHobGuid) call to the top of the function.

It didn't hang for me.

Laszlo