* [PATCH 0/7] Fix some bugs in NvmExpressDxe driver
@ 2016-08-29 2:42 Hao Wu
2016-08-29 2:42 ` [PATCH 1/7] MdeModulePkg NvmExpressDxe: Avoid crashing 'Mode' during OpenProtocol Hao Wu
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: Hao Wu @ 2016-08-29 2:42 UTC (permalink / raw)
To: edk2-devel, feng.tian; +Cc: Hao Wu
This series fixed some bugs in the NvmExpressDxe driver
Hao Wu (7):
MdeModulePkg NvmExpressDxe: Avoid crashing 'Mode' during OpenProtocol
MdeModulePkg NvmExpressDxe: Refine BuildDevicePath API to follow spec
MdeModulePkg NvmExpressDxe: Refine GetNameSpace API to follow spec
MdeModulePkg NvmExpressDxe: Refine GetNextNamespace API to follow spec
MdeModulePkg NvmExpressDxe: Add buffer alignment check in PassThru API
MdeModulePkg NvmExpressDxe: Add check on the attributes of NVME
controller
MdeModulePkg NvmExpressDxe: Add check for command packet in PassThru
MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c | 10 +-
.../Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c | 106 +++++++++++++++------
2 files changed, 81 insertions(+), 35 deletions(-)
--
1.9.5.msysgit.0
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/7] MdeModulePkg NvmExpressDxe: Avoid crashing 'Mode' during OpenProtocol
2016-08-29 2:42 [PATCH 0/7] Fix some bugs in NvmExpressDxe driver Hao Wu
@ 2016-08-29 2:42 ` Hao Wu
2016-08-29 2:42 ` [PATCH 2/7] MdeModulePkg NvmExpressDxe: Refine BuildDevicePath API to follow spec Hao Wu
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Hao Wu @ 2016-08-29 2:42 UTC (permalink / raw)
To: edk2-devel, feng.tian; +Cc: Hao Wu
The gBS->OpenProtocol() calls to open EFI_NVM_EXPRESS_PASS_THRU_PROTOCOL
in NvmExpress.c will crash the data in 'Mode' field of
'Private->Passthru'.
The third parameter of gBS->OpenProtocol() is an output parameter that
stores the address where a pointer to the corresponding Protocol
Interface. The current code mistakenly pass '&Private->Passthru' (a
pointer of the EFI_NVM_EXPRESS_PASS_THRU_PROTOCOL) as the third
parameter. This will crash the data in 'Mode' filed.
Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c
index cb25b3e..255fa2b 100644
--- a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c
+++ b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c
@@ -76,6 +76,7 @@ EnumerateNvmeDevNamespace (
UINT32 LbaFmtIdx;
UINT8 Sn[21];
UINT8 Mn[41];
+ VOID *DummyInterface;
NewDevicePathNode = NULL;
DevicePath = NULL;
@@ -264,7 +265,7 @@ EnumerateNvmeDevNamespace (
gBS->OpenProtocol (
Private->ControllerHandle,
&gEfiNvmExpressPassThruProtocolGuid,
- (VOID **) &Private->Passthru,
+ (VOID **) &DummyInterface,
Private->DriverBindingHandle,
Device->DeviceHandle,
EFI_OPEN_PROTOCOL_BY_CHILD_CONTROLLER
@@ -392,10 +393,10 @@ UnregisterNvmeNamespace (
EFI_STATUS Status;
EFI_BLOCK_IO_PROTOCOL *BlockIo;
NVME_DEVICE_PRIVATE_DATA *Device;
- NVME_CONTROLLER_PRIVATE_DATA *Private;
EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *StorageSecurity;
BOOLEAN IsEmpty;
EFI_TPL OldTpl;
+ VOID *DummyInterface;
BlockIo = NULL;
@@ -412,7 +413,6 @@ UnregisterNvmeNamespace (
}
Device = NVME_DEVICE_PRIVATE_DATA_FROM_BLOCK_IO (BlockIo);
- Private = Device->Controller;
//
// Wait for the device's asynchronous I/O queue to become empty.
@@ -460,7 +460,7 @@ UnregisterNvmeNamespace (
gBS->OpenProtocol (
Controller,
&gEfiNvmExpressPassThruProtocolGuid,
- (VOID **) &Private->Passthru,
+ (VOID **) &DummyInterface,
This->DriverBindingHandle,
Handle,
EFI_OPEN_PROTOCOL_BY_CHILD_CONTROLLER
@@ -490,7 +490,7 @@ UnregisterNvmeNamespace (
gBS->OpenProtocol (
Controller,
&gEfiNvmExpressPassThruProtocolGuid,
- (VOID **) &Private->Passthru,
+ (VOID **) &DummyInterface,
This->DriverBindingHandle,
Handle,
EFI_OPEN_PROTOCOL_BY_CHILD_CONTROLLER
--
1.9.5.msysgit.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 2/7] MdeModulePkg NvmExpressDxe: Refine BuildDevicePath API to follow spec
2016-08-29 2:42 [PATCH 0/7] Fix some bugs in NvmExpressDxe driver Hao Wu
2016-08-29 2:42 ` [PATCH 1/7] MdeModulePkg NvmExpressDxe: Avoid crashing 'Mode' during OpenProtocol Hao Wu
@ 2016-08-29 2:42 ` Hao Wu
2016-08-29 2:42 ` [PATCH 3/7] MdeModulePkg NvmExpressDxe: Refine GetNameSpace " Hao Wu
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Hao Wu @ 2016-08-29 2:42 UTC (permalink / raw)
To: edk2-devel, feng.tian; +Cc: Hao Wu
According to the UEFI spec,
EFI_NVM_EXPRESS_PASS_THRU_PROTOCOL.BuildDevicePath() should return
EFI_NOT_FOUND when the input NamespaceId is not valid. However, current
code returns EFI_DEVICE_ERROR instead. This commit modifies the check for
input NamespaceId to return the correct status.
Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c
index 0221921..ccff4f6 100644
--- a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c
+++ b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c
@@ -3,7 +3,7 @@
NVM Express specification.
(C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
- Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -895,13 +895,17 @@ NvmExpressBuildDevicePath (
return EFI_INVALID_PARAMETER;
}
- if (NamespaceId == 0) {
- return EFI_NOT_FOUND;
- }
-
Status = EFI_SUCCESS;
Private = NVME_CONTROLLER_PRIVATE_DATA_FROM_PASS_THRU (This);
+ //
+ // Check NamespaceId is valid or not.
+ //
+ if ((NamespaceId == 0) ||
+ (NamespaceId > Private->ControllerData->Nn)) {
+ return EFI_NOT_FOUND;
+ }
+
Node = (NVME_NAMESPACE_DEVICE_PATH *)AllocateZeroPool (sizeof (NVME_NAMESPACE_DEVICE_PATH));
if (Node == NULL) {
return EFI_OUT_OF_RESOURCES;
--
1.9.5.msysgit.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 3/7] MdeModulePkg NvmExpressDxe: Refine GetNameSpace API to follow spec
2016-08-29 2:42 [PATCH 0/7] Fix some bugs in NvmExpressDxe driver Hao Wu
2016-08-29 2:42 ` [PATCH 1/7] MdeModulePkg NvmExpressDxe: Avoid crashing 'Mode' during OpenProtocol Hao Wu
2016-08-29 2:42 ` [PATCH 2/7] MdeModulePkg NvmExpressDxe: Refine BuildDevicePath API to follow spec Hao Wu
@ 2016-08-29 2:42 ` Hao Wu
2016-08-29 2:42 ` [PATCH 4/7] MdeModulePkg NvmExpressDxe: Refine GetNextNamespace " Hao Wu
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Hao Wu @ 2016-08-29 2:42 UTC (permalink / raw)
To: edk2-devel, feng.tian; +Cc: Hao Wu
According to the UEFI spec,
EFI_NVM_EXPRESS_PASS_THRU_PROTOCOL.GetNamespace() should return
EFI_NOT_FOUND when the input DevicePath is a device path node type that
the NVM Express Pass Thru driver supports, but there is not a valid
translation from DevicePath to a namespace ID. Current code will return
EFI_SUCCESS. This commit adds additional check in the GetNameSpace API to
make sure correct status is returned.
Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c
index ccff4f6..f0d2f5a 100644
--- a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c
+++ b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c
@@ -820,6 +820,7 @@ NvmExpressGetNamespace (
)
{
NVME_NAMESPACE_DEVICE_PATH *Node;
+ NVME_CONTROLLER_PRIVATE_DATA *Private;
if ((This == NULL) || (DevicePath == NULL) || (NamespaceId == NULL)) {
return EFI_INVALID_PARAMETER;
@@ -829,13 +830,22 @@ NvmExpressGetNamespace (
return EFI_UNSUPPORTED;
}
- Node = (NVME_NAMESPACE_DEVICE_PATH *)DevicePath;
+ Node = (NVME_NAMESPACE_DEVICE_PATH *)DevicePath;
+ Private = NVME_CONTROLLER_PRIVATE_DATA_FROM_PASS_THRU (This);
if (DevicePath->SubType == MSG_NVME_NAMESPACE_DP) {
if (DevicePathNodeLength(DevicePath) != sizeof(NVME_NAMESPACE_DEVICE_PATH)) {
return EFI_NOT_FOUND;
}
+ //
+ // Check NamespaceId in the device path node is valid or not.
+ //
+ if ((Node->NamespaceId == 0) ||
+ (Node->NamespaceId > Private->ControllerData->Nn)) {
+ return EFI_NOT_FOUND;
+ }
+
*NamespaceId = Node->NamespaceId;
return EFI_SUCCESS;
--
1.9.5.msysgit.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 4/7] MdeModulePkg NvmExpressDxe: Refine GetNextNamespace API to follow spec
2016-08-29 2:42 [PATCH 0/7] Fix some bugs in NvmExpressDxe driver Hao Wu
` (2 preceding siblings ...)
2016-08-29 2:42 ` [PATCH 3/7] MdeModulePkg NvmExpressDxe: Refine GetNameSpace " Hao Wu
@ 2016-08-29 2:42 ` Hao Wu
2016-08-29 2:42 ` [PATCH 5/7] MdeModulePkg NvmExpressDxe: Add buffer alignment check in PassThru API Hao Wu
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Hao Wu @ 2016-08-29 2:42 UTC (permalink / raw)
To: edk2-devel, feng.tian; +Cc: Hao Wu
According to the UEFI spec,
EFI_NVM_EXPRESS_PASS_THRU_PROTOCOL.GetNextNamespace() should return
EFI_NOT_FOUND when the value pointed to by NamespaceId is the namespace ID
of the last namespace on the NVM Express controller. This commit modifies
the check for NamespaceId to follow this rule.
Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c
index f0d2f5a..ec7507e 100644
--- a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c
+++ b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c
@@ -758,11 +758,15 @@ NvmExpressGetNextNamespace (
*NamespaceId = NextNamespaceId;
} else {
- if (*NamespaceId >= Private->ControllerData->Nn) {
+ if (*NamespaceId > Private->ControllerData->Nn) {
return EFI_INVALID_PARAMETER;
}
NextNamespaceId = *NamespaceId + 1;
+ if (NextNamespaceId > Private->ControllerData->Nn) {
+ return EFI_NOT_FOUND;
+ }
+
//
// Allocate buffer for Identify Namespace data.
//
--
1.9.5.msysgit.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 5/7] MdeModulePkg NvmExpressDxe: Add buffer alignment check in PassThru API
2016-08-29 2:42 [PATCH 0/7] Fix some bugs in NvmExpressDxe driver Hao Wu
` (3 preceding siblings ...)
2016-08-29 2:42 ` [PATCH 4/7] MdeModulePkg NvmExpressDxe: Refine GetNextNamespace " Hao Wu
@ 2016-08-29 2:42 ` Hao Wu
2016-08-29 2:42 ` [PATCH 6/7] MdeModulePkg NvmExpressDxe: Add check on the attributes of NVME controller Hao Wu
2016-08-29 2:42 ` [PATCH 7/7] MdeModulePkg NvmExpressDxe: Add check for command packet in PassThru Hao Wu
6 siblings, 0 replies; 8+ messages in thread
From: Hao Wu @ 2016-08-29 2:42 UTC (permalink / raw)
To: edk2-devel, feng.tian; +Cc: Hao Wu
According to the UEFI spec, the 'TransferBuffer' and 'MetadataBuffer' used
in a data transfer should be aligned on the boundary specified by the
IoAlign field in the EFI_NVM_EXPRESS_PASS_THRU_MODE structure.
This commit adds this check to follow the spec.
Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
.../Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c | 55 +++++++++++++---------
1 file changed, 34 insertions(+), 21 deletions(-)
diff --git a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c
index ec7507e..6b29260 100644
--- a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c
+++ b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c
@@ -357,27 +357,28 @@ NvmExpressPassThru (
IN EFI_EVENT Event OPTIONAL
)
{
- NVME_CONTROLLER_PRIVATE_DATA *Private;
- EFI_STATUS Status;
- EFI_PCI_IO_PROTOCOL *PciIo;
- NVME_SQ *Sq;
- NVME_CQ *Cq;
- UINT16 QueueId;
- UINT32 Bytes;
- UINT16 Offset;
- EFI_EVENT TimerEvent;
- EFI_PCI_IO_PROTOCOL_OPERATION Flag;
- EFI_PHYSICAL_ADDRESS PhyAddr;
- VOID *MapData;
- VOID *MapMeta;
- VOID *MapPrpList;
- UINTN MapLength;
- UINT64 *Prp;
- VOID *PrpListHost;
- UINTN PrpListNo;
- UINT32 Data;
- NVME_PASS_THRU_ASYNC_REQ *AsyncRequest;
- EFI_TPL OldTpl;
+ NVME_CONTROLLER_PRIVATE_DATA *Private;
+ EFI_STATUS Status;
+ EFI_PCI_IO_PROTOCOL *PciIo;
+ NVME_SQ *Sq;
+ NVME_CQ *Cq;
+ UINT16 QueueId;
+ UINT32 Bytes;
+ UINT16 Offset;
+ EFI_EVENT TimerEvent;
+ EFI_PCI_IO_PROTOCOL_OPERATION Flag;
+ EFI_PHYSICAL_ADDRESS PhyAddr;
+ VOID *MapData;
+ VOID *MapMeta;
+ VOID *MapPrpList;
+ UINTN MapLength;
+ UINT64 *Prp;
+ VOID *PrpListHost;
+ UINTN PrpListNo;
+ UINT32 IoAlign;
+ UINT32 Data;
+ NVME_PASS_THRU_ASYNC_REQ *AsyncRequest;
+ EFI_TPL OldTpl;
//
// check the data fields in Packet parameter.
@@ -394,6 +395,18 @@ NvmExpressPassThru (
return EFI_INVALID_PARAMETER;
}
+ //
+ // Buffer alignment check for TransferBuffer & MetadataBuffer.
+ //
+ IoAlign = This->Mode->IoAlign;
+ if (IoAlign > 0 && (((UINTN) Packet->TransferBuffer & (IoAlign - 1)) != 0)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (IoAlign > 0 && (((UINTN) Packet->MetadataBuffer & (IoAlign - 1)) != 0)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
Private = NVME_CONTROLLER_PRIVATE_DATA_FROM_PASS_THRU (This);
PciIo = Private->PciIo;
MapData = NULL;
--
1.9.5.msysgit.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 6/7] MdeModulePkg NvmExpressDxe: Add check on the attributes of NVME controller
2016-08-29 2:42 [PATCH 0/7] Fix some bugs in NvmExpressDxe driver Hao Wu
` (4 preceding siblings ...)
2016-08-29 2:42 ` [PATCH 5/7] MdeModulePkg NvmExpressDxe: Add buffer alignment check in PassThru API Hao Wu
@ 2016-08-29 2:42 ` Hao Wu
2016-08-29 2:42 ` [PATCH 7/7] MdeModulePkg NvmExpressDxe: Add check for command packet in PassThru Hao Wu
6 siblings, 0 replies; 8+ messages in thread
From: Hao Wu @ 2016-08-29 2:42 UTC (permalink / raw)
To: edk2-devel, feng.tian; +Cc: Hao Wu
According to UEFI spec, an EFI_NVM_EXPRESS_PASS_THRU_PROTOCOL with neither
EFI_NVM_EXPRESS_PASS_THRU_ATTRIBUTES_LOGICAL nor
EFI_NVM_EXPRESS_PASS_THRU_ATTRIBUTES_PHYSICAL set in the Attributes field
is an illegal configuration.
This commit adds this check in the PassThru API to follow the spec.
Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c
index 6b29260..c7ead21 100644
--- a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c
+++ b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c
@@ -375,6 +375,7 @@ NvmExpressPassThru (
UINT64 *Prp;
VOID *PrpListHost;
UINTN PrpListNo;
+ UINT32 Attributes;
UINT32 IoAlign;
UINT32 Data;
NVME_PASS_THRU_ASYNC_REQ *AsyncRequest;
@@ -396,9 +397,20 @@ NvmExpressPassThru (
}
//
+ // 'Attributes' with neither EFI_NVM_EXPRESS_PASS_THRU_ATTRIBUTES_LOGICAL nor
+ // EFI_NVM_EXPRESS_PASS_THRU_ATTRIBUTES_PHYSICAL set is an illegal
+ // configuration.
+ //
+ Attributes = This->Mode->Attributes;
+ if ((Attributes & (EFI_NVM_EXPRESS_PASS_THRU_ATTRIBUTES_PHYSICAL |
+ EFI_NVM_EXPRESS_PASS_THRU_ATTRIBUTES_LOGICAL)) == 0) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
// Buffer alignment check for TransferBuffer & MetadataBuffer.
//
- IoAlign = This->Mode->IoAlign;
+ IoAlign = This->Mode->IoAlign;
if (IoAlign > 0 && (((UINTN) Packet->TransferBuffer & (IoAlign - 1)) != 0)) {
return EFI_INVALID_PARAMETER;
}
--
1.9.5.msysgit.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 7/7] MdeModulePkg NvmExpressDxe: Add check for command packet in PassThru
2016-08-29 2:42 [PATCH 0/7] Fix some bugs in NvmExpressDxe driver Hao Wu
` (5 preceding siblings ...)
2016-08-29 2:42 ` [PATCH 6/7] MdeModulePkg NvmExpressDxe: Add check on the attributes of NVME controller Hao Wu
@ 2016-08-29 2:42 ` Hao Wu
6 siblings, 0 replies; 8+ messages in thread
From: Hao Wu @ 2016-08-29 2:42 UTC (permalink / raw)
To: edk2-devel, feng.tian; +Cc: Hao Wu
This commit adds check for the 'TransferBuffer' and 'TransferLength'
fields in EFI_NVM_EXPRESS_PASS_THRU_COMMAND_PACKET when the Opcode of an
NVME command indicates a data transfer between controller and host.
This commit also makes sure that the 'MetadataLength' field in
EFI_NVM_EXPRESS_PASS_THRU_COMMAND_PACKET is not 0 when the corresponding
'MetadataBuffer' field has a non-NULL value.
Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c
index c7ead21..693418c 100644
--- a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c
+++ b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c
@@ -477,6 +477,10 @@ NvmExpressPassThru (
// processor and a PCI Bus Master. It's caller's responsbility to ensure this.
//
if (((Sq->Opc & (BIT0 | BIT1)) != 0) && (Sq->Opc != NVME_ADMIN_CRIOCQ_CMD) && (Sq->Opc != NVME_ADMIN_CRIOSQ_CMD)) {
+ if ((Packet->TransferLength == 0) || (Packet->TransferBuffer == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
if ((Sq->Opc & BIT0) != 0) {
Flag = EfiPciIoOperationBusMasterRead;
} else {
@@ -499,8 +503,7 @@ NvmExpressPassThru (
Sq->Prp[0] = PhyAddr;
Sq->Prp[1] = 0;
- MapLength = Packet->MetadataLength;
- if(Packet->MetadataBuffer != NULL) {
+ if((Packet->MetadataLength != 0) && (Packet->MetadataBuffer != NULL)) {
MapLength = Packet->MetadataLength;
Status = PciIo->Map (
PciIo,
--
1.9.5.msysgit.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
end of thread, other threads:[~2016-08-29 2:42 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-08-29 2:42 [PATCH 0/7] Fix some bugs in NvmExpressDxe driver Hao Wu
2016-08-29 2:42 ` [PATCH 1/7] MdeModulePkg NvmExpressDxe: Avoid crashing 'Mode' during OpenProtocol Hao Wu
2016-08-29 2:42 ` [PATCH 2/7] MdeModulePkg NvmExpressDxe: Refine BuildDevicePath API to follow spec Hao Wu
2016-08-29 2:42 ` [PATCH 3/7] MdeModulePkg NvmExpressDxe: Refine GetNameSpace " Hao Wu
2016-08-29 2:42 ` [PATCH 4/7] MdeModulePkg NvmExpressDxe: Refine GetNextNamespace " Hao Wu
2016-08-29 2:42 ` [PATCH 5/7] MdeModulePkg NvmExpressDxe: Add buffer alignment check in PassThru API Hao Wu
2016-08-29 2:42 ` [PATCH 6/7] MdeModulePkg NvmExpressDxe: Add check on the attributes of NVME controller Hao Wu
2016-08-29 2:42 ` [PATCH 7/7] MdeModulePkg NvmExpressDxe: Add check for command packet in PassThru Hao Wu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox