From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <star.zeng@intel.com>
Received: from mga02.intel.com (mga02.intel.com [134.134.136.20])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 21AC4803DF
 for <edk2-devel@lists.01.org>; Mon, 20 Mar 2017 18:28:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
 d=intel.com; i=@intel.com; q=dns/txt; s=intel;
 t=1490059730; x=1521595730;
 h=from:to:cc:subject:date:message-id:references:
 in-reply-to:content-transfer-encoding:mime-version;
 bh=N8uOcD78mbIIvaRrjyUQabdQbzEEhiZtrG6T6Y68KiA=;
 b=Rh2a74q6pOhEZdWFeO0p92uFNsD/TXIs0UsoSwzoGExIOrqeqGj1//sH
 ppM13O/WA3nWXurTUIJ80pPdOO414Q==;
Received: from fmsmga004.fm.intel.com ([10.253.24.48])
 by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 20 Mar 2017 18:28:49 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.36,197,1486454400"; d="scan'208";a="238491087"
Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206])
 by fmsmga004.fm.intel.com with ESMTP; 20 Mar 2017 18:28:49 -0700
Received: from fmsmsx158.amr.corp.intel.com (10.18.116.75) by
 FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Mon, 20 Mar 2017 18:28:49 -0700
Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by
 fmsmsx158.amr.corp.intel.com (10.18.116.75) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Mon, 20 Mar 2017 18:28:49 -0700
Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.88]) by
 SHSMSX104.ccr.corp.intel.com ([10.239.4.70]) with mapi id 14.03.0248.002;
 Tue, 21 Mar 2017 09:28:47 +0800
From: "Zeng, Star" <star.zeng@intel.com>
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>, "Tian, Feng" <feng.tian@intel.com>
CC: "Zeng, Star" <star.zeng@intel.com>
Thread-Topic: [PATCH] MdeModulePkg/AcpiTableDxe: consider version mask when
 removing tables
Thread-Index: AQHSoYmHApPiHuWy40GZ9hVRiZwPOKGegdEQ
Date: Tue, 21 Mar 2017 01:28:46 +0000
Message-ID: <0C09AFA07DD0434D9E2A0C6AEB0483103B836441@shsmsx102.ccr.corp.intel.com>
References: <1490021496-10195-1-git-send-email-ard.biesheuvel@linaro.org>
In-Reply-To: <1490021496-10195-1-git-send-email-ard.biesheuvel@linaro.org>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [PATCH] MdeModulePkg/AcpiTableDxe: consider version mask when removing tables
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Mar 2017 01:28:50 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Star Zeng <star.zeng@intel.com>

-----Original Message-----
From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]=20
Sent: Monday, March 20, 2017 10:52 PM
To: edk2-devel@lists.01.org; Zeng, Star <star.zeng@intel.com>; Tian, Feng <=
feng.tian@intel.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: [PATCH] MdeModulePkg/AcpiTableDxe: consider version mask when remo=
ving tables

Invocations of EFI_ACPI_TABLE_PROTOCOL::UninstallAcpiTable() may result in =
a crash when the value of PcdAcpiExposedTableVersions does not include EFI_=
ACPI_TABLE_VERSION_1_0B.

The reason is that EFI_ACPI_TABLE_PROTOCOL::InstallAcpiTable() will only po=
pulate the Rsdt1/Rsdt3 pointers when EFI_ACPI_TABLE_VERSION_1_0B is set, wh=
ereas EFI_ACPI_TABLE_PROTOCOL::UninstallAcpiTable() will invoke PublishTabl=
es with EFI_ACPI_TABLE_VERSION_1_0B alawys set, resulting in a NULL pointer=
 dereference of the Rsdt1/Rsdt3 pointers.

So take PcdAcpiExposedTableVersions into account for UninstallAcpiTable as =
well.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableProtocol.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableProtocol.c b=
/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableProtocol.c
index 4bb848df5203..a635e1de5a7c 100644
--- a/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableProtocol.c
+++ b/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableProtocol.c
@@ -290,24 +290,27 @@ UninstallAcpiTable (  {
   EFI_ACPI_TABLE_INSTANCE   *AcpiTableInstance;
   EFI_STATUS                Status;
+  EFI_ACPI_TABLE_VERSION    Version;
=20
   //
   // Get the instance of the ACPI table protocol
   //
   AcpiTableInstance =3D EFI_ACPI_TABLE_INSTANCE_FROM_THIS (This);
=20
+  Version =3D PcdGet32 (PcdAcpiExposedTableVersions);
+
   //
   // Uninstall the ACPI table
   //
   Status =3D RemoveTableFromList (
              AcpiTableInstance,
-             EFI_ACPI_TABLE_VERSION_1_0B | ACPI_TABLE_VERSION_GTE_2_0,
+             Version,
              TableKey
              );
   if (!EFI_ERROR (Status)) {
     Status =3D PublishTables (
                AcpiTableInstance,
-               EFI_ACPI_TABLE_VERSION_1_0B | ACPI_TABLE_VERSION_GTE_2_0
+               Version
                );
   }
=20
--
2.7.4