From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2607:f8b0:400e:c00::241; helo=mail-pf0-x241.google.com; envelope-from=heyi.guo@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-pf0-x241.google.com (mail-pf0-x241.google.com [IPv6:2607:f8b0:400e:c00::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id DFA792034CF7F for ; Mon, 30 Oct 2017 07:39:12 -0700 (PDT) Received: by mail-pf0-x241.google.com with SMTP id x7so11193366pfa.1 for ; Mon, 30 Oct 2017 07:43:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=toWCo9XfqBuMFnxkTyPwQTOWFek114rCQhxO44GJAsM=; b=aJEl498lalUnWEgzirewYWR2tnk9ipZ8Oe91o4NMURAJMJkrA1qBVMHlnIG6NNWvaK vLJnS7v3sQU03ALuilwIhU9PABkjHOoCg63xyivSgK3u5xO5gQHCJR7PSsCqr9vuQV3m cezgCgk2wESwSFs/fDNQgpgmQ9dcvBHE02XxU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=toWCo9XfqBuMFnxkTyPwQTOWFek114rCQhxO44GJAsM=; b=nB1wvJekBdVC0cy/shiCQImfMEygEzOFDLBT3E3NnirYdZRGm+daEnIrykVnRXxBeq ee+MWfYt7pQ0AFFtdcqVAFVtClXzzSAqhHJunIVx27P9XOwJE+jnqrnMXOLQhL4xkACY yrEEcMAmxZwOg6Pnw2ooZAM8ekFLHcWK+hY5xl39qhw5uLh9ZOF7xi/Ain/HIygtlfaf kxflsqMGKuuG551lG28U3e7JgOLDNtecOYbsG+fekwP5NB8UEEgWvl52dbT0g+fPzyog t2w7HfInUB7YhMA+I695Kz5UlwXONEN9fjYXyq2kw1uD2mLzVGerXYrMzTZE+3wnnomN Z3Sw== X-Gm-Message-State: AMCzsaVlCEzNx6Pck5qhGGsuArl57OBtDmhY7nQ7Y2qRj3XVaUYr6juf CFvmi2pU8DVy6HK+xJTgrXExcQ== X-Google-Smtp-Source: ABhQp+TVVB3G5NzNuPVSUcqh4wnPdIr6FqAIQcQJIxq/POsZypQfOoVABO55O9t/WwHUsmNICxESIw== X-Received: by 10.98.236.24 with SMTP id k24mr9030825pfh.220.1509374583205; Mon, 30 Oct 2017 07:43:03 -0700 (PDT) Received: from [10.27.161.226] ([89.47.15.137]) by smtp.gmail.com with ESMTPSA id p12sm25010855pgn.90.2017.10.30.07.42.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 30 Oct 2017 07:43:02 -0700 (PDT) To: "Ni, Ruiyu" , "Zeng, Star" , "linaro-uefi@lists.linaro.org" , "edk2-devel@lists.01.org" References: <1509342472-1688-1-git-send-email-heyi.guo@linaro.org> <0C09AFA07DD0434D9E2A0C6AEB0483103B9AFC6A@shsmsx102.ccr.corp.intel.com> <734D49CCEBEEF84792F5B80ED585239D5BAAC00C@SHSMSX104.ccr.corp.intel.com> Cc: "Dong, Eric" , Ard Biesheuvel From: Heyi Guo Message-ID: <03687a4b-15de-a65c-3cbb-4aacc19a041e@linaro.org> Date: Mon, 30 Oct 2017 22:42:39 +0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.4.0 MIME-Version: 1.0 In-Reply-To: <734D49CCEBEEF84792F5B80ED585239D5BAAC00C@SHSMSX104.ccr.corp.intel.com> Subject: Re: [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Oct 2017 14:39:13 -0000 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Hi Ray, It seems Ard already provided his R-B :) Thanks. Heyi On 10/30/2017 06:23 PM, Ni, Ruiyu wrote: > I will wait for Ard's feedback. It's an ARM specific module. > > Thanks/Ray > >> -----Original Message----- >> From: Zeng, Star >> Sent: Monday, October 30, 2017 6:07 PM >> To: Ni, Ruiyu ; Heyi Guo ; linaro- >> uefi@lists.linaro.org; edk2-devel@lists.01.org >> Cc: Dong, Eric ; Ard Biesheuvel >> ; Zeng, Star >> Subject: RE: [edk2][PATCH] MdeModulePkg/NonDiscoverable: fix memory >> override bug >> >> Ray, >> Please help take a review to this patch. >> >> >> Thanks, >> Star >> -----Original Message----- >> From: Heyi Guo [mailto:heyi.guo@linaro.org] >> Sent: Monday, October 30, 2017 1:48 PM >> To: linaro-uefi@lists.linaro.org; edk2-devel@lists.01.org >> Cc: Heyi Guo ; Zeng, Star ; >> Dong, Eric ; Ard Biesheuvel >> ; Ni, Ruiyu >> Subject: [edk2][PATCH] MdeModulePkg/NonDiscoverable: fix memory >> override bug >> >> For PciIoPciRead interface, memory prior to Buffer would be written with >> zeros if Offset was larger than sizeof (Dev->ConfigSpace), which would cause >> serious system exception. >> >> So we add a pre-check branch to avoid memory override. >> >> Cc: Star Zeng >> Cc: Eric Dong >> Cc: Ard Biesheuvel >> Cc: Ruiyu Ni >> Contributed-under: TianoCore Contribution Agreement 1.1 >> Signed-off-by: Heyi Guo >> --- >> .../Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c | 5 >> +++++ >> 1 file changed, 5 insertions(+) >> >> diff --git >> a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverable >> PciDeviceIo.c >> b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverable >> PciDeviceIo.c >> index c836ad6..0e42ae4 100644 >> --- >> a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverable >> PciDeviceIo.c >> +++ >> b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverable >> Pc >> +++ iDeviceIo.c >> @@ -465,6 +465,11 @@ PciIoPciRead ( >> Address = (UINT8 *)&Dev->ConfigSpace + Offset; >> Length = Count << ((UINTN)Width & 0x3); >> >> + if (Offset >= sizeof (Dev->ConfigSpace)) { >> + ZeroMem (Buffer, Length); >> + return EFI_SUCCESS; >> + } >> + >> if (Offset + Length > sizeof (Dev->ConfigSpace)) { >> // >> // Read all zeroes for config space accesses beyond the first >> -- >> 1.9.1