* [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug @ 2017-10-30 5:47 Heyi Guo 2017-10-30 8:14 ` Ard Biesheuvel 2017-10-30 10:07 ` Zeng, Star 0 siblings, 2 replies; 8+ messages in thread From: Heyi Guo @ 2017-10-30 5:47 UTC (permalink / raw) To: linaro-uefi, edk2-devel Cc: Heyi Guo, Star Zeng, Eric Dong, Ard Biesheuvel, Ruiyu Ni For PciIoPciRead interface, memory prior to Buffer would be written with zeros if Offset was larger than sizeof (Dev->ConfigSpace), which would cause serious system exception. So we add a pre-check branch to avoid memory override. Cc: Star Zeng <star.zeng@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Heyi Guo <heyi.guo@linaro.org> --- .../Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c index c836ad6..0e42ae4 100644 --- a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c +++ b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c @@ -465,6 +465,11 @@ PciIoPciRead ( Address = (UINT8 *)&Dev->ConfigSpace + Offset; Length = Count << ((UINTN)Width & 0x3); + if (Offset >= sizeof (Dev->ConfigSpace)) { + ZeroMem (Buffer, Length); + return EFI_SUCCESS; + } + if (Offset + Length > sizeof (Dev->ConfigSpace)) { // // Read all zeroes for config space accesses beyond the first -- 1.9.1 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug 2017-10-30 5:47 [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug Heyi Guo @ 2017-10-30 8:14 ` Ard Biesheuvel 2017-11-07 9:33 ` Heyi Guo 2017-10-30 10:07 ` Zeng, Star 1 sibling, 1 reply; 8+ messages in thread From: Ard Biesheuvel @ 2017-10-30 8:14 UTC (permalink / raw) To: Heyi Guo Cc: linaro-uefi, edk2-devel@lists.01.org, Star Zeng, Eric Dong, Ruiyu Ni On 30 October 2017 at 05:47, Heyi Guo <heyi.guo@linaro.org> wrote: > For PciIoPciRead interface, memory prior to Buffer would be written > with zeros if Offset was larger than sizeof (Dev->ConfigSpace), which > would cause serious system exception. > > So we add a pre-check branch to avoid memory override. > > Cc: Star Zeng <star.zeng@intel.com> > Cc: Eric Dong <eric.dong@intel.com> > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > Cc: Ruiyu Ni <ruiyu.ni@intel.com> > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Heyi Guo <heyi.guo@linaro.org> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> > --- > .../Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c > index c836ad6..0e42ae4 100644 > --- a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c > +++ b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c > @@ -465,6 +465,11 @@ PciIoPciRead ( > Address = (UINT8 *)&Dev->ConfigSpace + Offset; > Length = Count << ((UINTN)Width & 0x3); > > + if (Offset >= sizeof (Dev->ConfigSpace)) { > + ZeroMem (Buffer, Length); > + return EFI_SUCCESS; > + } > + > if (Offset + Length > sizeof (Dev->ConfigSpace)) { > // > // Read all zeroes for config space accesses beyond the first > -- > 1.9.1 > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug 2017-10-30 8:14 ` Ard Biesheuvel @ 2017-11-07 9:33 ` Heyi Guo 2017-11-08 4:53 ` Zeng, Star 0 siblings, 1 reply; 8+ messages in thread From: Heyi Guo @ 2017-11-07 9:33 UTC (permalink / raw) To: Ard Biesheuvel Cc: linaro-uefi, edk2-devel@lists.01.org, Star Zeng, Eric Dong, Ruiyu Ni Hi Ray, We had Ard's R-B already; could you help to commit it? Thanks and regards, Heyi 在 10/30/2017 4:14 PM, Ard Biesheuvel 写道: > On 30 October 2017 at 05:47, Heyi Guo <heyi.guo@linaro.org> wrote: >> For PciIoPciRead interface, memory prior to Buffer would be written >> with zeros if Offset was larger than sizeof (Dev->ConfigSpace), which >> would cause serious system exception. >> >> So we add a pre-check branch to avoid memory override. >> >> Cc: Star Zeng <star.zeng@intel.com> >> Cc: Eric Dong <eric.dong@intel.com> >> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> >> Cc: Ruiyu Ni <ruiyu.ni@intel.com> >> Contributed-under: TianoCore Contribution Agreement 1.1 >> Signed-off-by: Heyi Guo <heyi.guo@linaro.org> > Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> > >> --- >> .../Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c | 5 +++++ >> 1 file changed, 5 insertions(+) >> >> diff --git a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c >> index c836ad6..0e42ae4 100644 >> --- a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c >> +++ b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c >> @@ -465,6 +465,11 @@ PciIoPciRead ( >> Address = (UINT8 *)&Dev->ConfigSpace + Offset; >> Length = Count << ((UINTN)Width & 0x3); >> >> + if (Offset >= sizeof (Dev->ConfigSpace)) { >> + ZeroMem (Buffer, Length); >> + return EFI_SUCCESS; >> + } >> + >> if (Offset + Length > sizeof (Dev->ConfigSpace)) { >> // >> // Read all zeroes for config space accesses beyond the first >> -- >> 1.9.1 >> ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug 2017-11-07 9:33 ` Heyi Guo @ 2017-11-08 4:53 ` Zeng, Star 2017-11-08 5:02 ` Heyi Guo 0 siblings, 1 reply; 8+ messages in thread From: Zeng, Star @ 2017-11-08 4:53 UTC (permalink / raw) To: Heyi Guo, Ard Biesheuvel Cc: Ni, Ruiyu, edk2-devel@lists.01.org, Dong, Eric, linaro-uefi, Zeng, Star Just pushed at 710d9e69fae6753a1a826aa18dd37bcadd3e0c3e. Thanks, Star -----Original Message----- From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Heyi Guo Sent: Tuesday, November 7, 2017 5:33 PM To: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Ni, Ruiyu <ruiyu.ni@intel.com>; edk2-devel@lists.01.org; Dong, Eric <eric.dong@intel.com>; Zeng, Star <star.zeng@intel.com>; linaro-uefi <linaro-uefi@lists.linaro.org> Subject: Re: [edk2] [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug Hi Ray, We had Ard's R-B already; could you help to commit it? Thanks and regards, Heyi 在 10/30/2017 4:14 PM, Ard Biesheuvel 写道: > On 30 October 2017 at 05:47, Heyi Guo <heyi.guo@linaro.org> wrote: >> For PciIoPciRead interface, memory prior to Buffer would be written >> with zeros if Offset was larger than sizeof (Dev->ConfigSpace), which >> would cause serious system exception. >> >> So we add a pre-check branch to avoid memory override. >> >> Cc: Star Zeng <star.zeng@intel.com> >> Cc: Eric Dong <eric.dong@intel.com> >> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> >> Cc: Ruiyu Ni <ruiyu.ni@intel.com> >> Contributed-under: TianoCore Contribution Agreement 1.1 >> Signed-off-by: Heyi Guo <heyi.guo@linaro.org> > Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> > >> --- >> .../Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c | 5 +++++ >> 1 file changed, 5 insertions(+) >> >> diff --git >> a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePci >> DeviceIo.c >> b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePci >> DeviceIo.c >> index c836ad6..0e42ae4 100644 >> --- >> a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePci >> DeviceIo.c >> +++ b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverabl >> +++ ePciDeviceIo.c >> @@ -465,6 +465,11 @@ PciIoPciRead ( >> Address = (UINT8 *)&Dev->ConfigSpace + Offset; >> Length = Count << ((UINTN)Width & 0x3); >> >> + if (Offset >= sizeof (Dev->ConfigSpace)) { >> + ZeroMem (Buffer, Length); >> + return EFI_SUCCESS; >> + } >> + >> if (Offset + Length > sizeof (Dev->ConfigSpace)) { >> // >> // Read all zeroes for config space accesses beyond the first >> -- >> 1.9.1 >> _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug 2017-11-08 4:53 ` Zeng, Star @ 2017-11-08 5:02 ` Heyi Guo 0 siblings, 0 replies; 8+ messages in thread From: Heyi Guo @ 2017-11-08 5:02 UTC (permalink / raw) To: Zeng, Star, Ard Biesheuvel Cc: Ni, Ruiyu, edk2-devel@lists.01.org, Dong, Eric, linaro-uefi Thanks, Heyi 在 11/8/2017 12:53 PM, Zeng, Star 写道: > Just pushed at 710d9e69fae6753a1a826aa18dd37bcadd3e0c3e. > > Thanks, > Star > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Heyi Guo > Sent: Tuesday, November 7, 2017 5:33 PM > To: Ard Biesheuvel <ard.biesheuvel@linaro.org> > Cc: Ni, Ruiyu <ruiyu.ni@intel.com>; edk2-devel@lists.01.org; Dong, Eric <eric.dong@intel.com>; Zeng, Star <star.zeng@intel.com>; linaro-uefi <linaro-uefi@lists.linaro.org> > Subject: Re: [edk2] [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug > > Hi Ray, > > We had Ard's R-B already; could you help to commit it? > > Thanks and regards, > > Heyi > > > 在 10/30/2017 4:14 PM, Ard Biesheuvel 写道: >> On 30 October 2017 at 05:47, Heyi Guo <heyi.guo@linaro.org> wrote: >>> For PciIoPciRead interface, memory prior to Buffer would be written >>> with zeros if Offset was larger than sizeof (Dev->ConfigSpace), which >>> would cause serious system exception. >>> >>> So we add a pre-check branch to avoid memory override. >>> >>> Cc: Star Zeng <star.zeng@intel.com> >>> Cc: Eric Dong <eric.dong@intel.com> >>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> >>> Cc: Ruiyu Ni <ruiyu.ni@intel.com> >>> Contributed-under: TianoCore Contribution Agreement 1.1 >>> Signed-off-by: Heyi Guo <heyi.guo@linaro.org> >> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> >> >>> --- >>> .../Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c | 5 +++++ >>> 1 file changed, 5 insertions(+) >>> >>> diff --git >>> a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePci >>> DeviceIo.c >>> b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePci >>> DeviceIo.c >>> index c836ad6..0e42ae4 100644 >>> --- >>> a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePci >>> DeviceIo.c >>> +++ b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverabl >>> +++ ePciDeviceIo.c >>> @@ -465,6 +465,11 @@ PciIoPciRead ( >>> Address = (UINT8 *)&Dev->ConfigSpace + Offset; >>> Length = Count << ((UINTN)Width & 0x3); >>> >>> + if (Offset >= sizeof (Dev->ConfigSpace)) { >>> + ZeroMem (Buffer, Length); >>> + return EFI_SUCCESS; >>> + } >>> + >>> if (Offset + Length > sizeof (Dev->ConfigSpace)) { >>> // >>> // Read all zeroes for config space accesses beyond the first >>> -- >>> 1.9.1 >>> > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug 2017-10-30 5:47 [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug Heyi Guo 2017-10-30 8:14 ` Ard Biesheuvel @ 2017-10-30 10:07 ` Zeng, Star 2017-10-30 10:23 ` Ni, Ruiyu 1 sibling, 1 reply; 8+ messages in thread From: Zeng, Star @ 2017-10-30 10:07 UTC (permalink / raw) To: Ni, Ruiyu, Heyi Guo, linaro-uefi@lists.linaro.org, edk2-devel@lists.01.org Cc: Dong, Eric, Ard Biesheuvel, Zeng, Star Ray, Please help take a review to this patch. Thanks, Star -----Original Message----- From: Heyi Guo [mailto:heyi.guo@linaro.org] Sent: Monday, October 30, 2017 1:48 PM To: linaro-uefi@lists.linaro.org; edk2-devel@lists.01.org Cc: Heyi Guo <heyi.guo@linaro.org>; Zeng, Star <star.zeng@intel.com>; Dong, Eric <eric.dong@intel.com>; Ard Biesheuvel <ard.biesheuvel@linaro.org>; Ni, Ruiyu <ruiyu.ni@intel.com> Subject: [edk2][PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug For PciIoPciRead interface, memory prior to Buffer would be written with zeros if Offset was larger than sizeof (Dev->ConfigSpace), which would cause serious system exception. So we add a pre-check branch to avoid memory override. Cc: Star Zeng <star.zeng@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Heyi Guo <heyi.guo@linaro.org> --- .../Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c index c836ad6..0e42ae4 100644 --- a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c +++ b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePc +++ iDeviceIo.c @@ -465,6 +465,11 @@ PciIoPciRead ( Address = (UINT8 *)&Dev->ConfigSpace + Offset; Length = Count << ((UINTN)Width & 0x3); + if (Offset >= sizeof (Dev->ConfigSpace)) { + ZeroMem (Buffer, Length); + return EFI_SUCCESS; + } + if (Offset + Length > sizeof (Dev->ConfigSpace)) { // // Read all zeroes for config space accesses beyond the first -- 1.9.1 ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug 2017-10-30 10:07 ` Zeng, Star @ 2017-10-30 10:23 ` Ni, Ruiyu 2017-10-30 14:42 ` Heyi Guo 0 siblings, 1 reply; 8+ messages in thread From: Ni, Ruiyu @ 2017-10-30 10:23 UTC (permalink / raw) To: Zeng, Star, Heyi Guo, linaro-uefi@lists.linaro.org, edk2-devel@lists.01.org Cc: Dong, Eric, Ard Biesheuvel I will wait for Ard's feedback. It's an ARM specific module. Thanks/Ray > -----Original Message----- > From: Zeng, Star > Sent: Monday, October 30, 2017 6:07 PM > To: Ni, Ruiyu <ruiyu.ni@intel.com>; Heyi Guo <heyi.guo@linaro.org>; linaro- > uefi@lists.linaro.org; edk2-devel@lists.01.org > Cc: Dong, Eric <eric.dong@intel.com>; Ard Biesheuvel > <ard.biesheuvel@linaro.org>; Zeng, Star <star.zeng@intel.com> > Subject: RE: [edk2][PATCH] MdeModulePkg/NonDiscoverable: fix memory > override bug > > Ray, > Please help take a review to this patch. > > > Thanks, > Star > -----Original Message----- > From: Heyi Guo [mailto:heyi.guo@linaro.org] > Sent: Monday, October 30, 2017 1:48 PM > To: linaro-uefi@lists.linaro.org; edk2-devel@lists.01.org > Cc: Heyi Guo <heyi.guo@linaro.org>; Zeng, Star <star.zeng@intel.com>; > Dong, Eric <eric.dong@intel.com>; Ard Biesheuvel > <ard.biesheuvel@linaro.org>; Ni, Ruiyu <ruiyu.ni@intel.com> > Subject: [edk2][PATCH] MdeModulePkg/NonDiscoverable: fix memory > override bug > > For PciIoPciRead interface, memory prior to Buffer would be written with > zeros if Offset was larger than sizeof (Dev->ConfigSpace), which would cause > serious system exception. > > So we add a pre-check branch to avoid memory override. > > Cc: Star Zeng <star.zeng@intel.com> > Cc: Eric Dong <eric.dong@intel.com> > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > Cc: Ruiyu Ni <ruiyu.ni@intel.com> > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Heyi Guo <heyi.guo@linaro.org> > --- > .../Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c | 5 > +++++ > 1 file changed, 5 insertions(+) > > diff --git > a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverable > PciDeviceIo.c > b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverable > PciDeviceIo.c > index c836ad6..0e42ae4 100644 > --- > a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverable > PciDeviceIo.c > +++ > b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverable > Pc > +++ iDeviceIo.c > @@ -465,6 +465,11 @@ PciIoPciRead ( > Address = (UINT8 *)&Dev->ConfigSpace + Offset; > Length = Count << ((UINTN)Width & 0x3); > > + if (Offset >= sizeof (Dev->ConfigSpace)) { > + ZeroMem (Buffer, Length); > + return EFI_SUCCESS; > + } > + > if (Offset + Length > sizeof (Dev->ConfigSpace)) { > // > // Read all zeroes for config space accesses beyond the first > -- > 1.9.1 ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug 2017-10-30 10:23 ` Ni, Ruiyu @ 2017-10-30 14:42 ` Heyi Guo 0 siblings, 0 replies; 8+ messages in thread From: Heyi Guo @ 2017-10-30 14:42 UTC (permalink / raw) To: Ni, Ruiyu, Zeng, Star, linaro-uefi@lists.linaro.org, edk2-devel@lists.01.org Cc: Dong, Eric, Ard Biesheuvel Hi Ray, It seems Ard already provided his R-B :) Thanks. Heyi On 10/30/2017 06:23 PM, Ni, Ruiyu wrote: > I will wait for Ard's feedback. It's an ARM specific module. > > Thanks/Ray > >> -----Original Message----- >> From: Zeng, Star >> Sent: Monday, October 30, 2017 6:07 PM >> To: Ni, Ruiyu <ruiyu.ni@intel.com>; Heyi Guo <heyi.guo@linaro.org>; linaro- >> uefi@lists.linaro.org; edk2-devel@lists.01.org >> Cc: Dong, Eric <eric.dong@intel.com>; Ard Biesheuvel >> <ard.biesheuvel@linaro.org>; Zeng, Star <star.zeng@intel.com> >> Subject: RE: [edk2][PATCH] MdeModulePkg/NonDiscoverable: fix memory >> override bug >> >> Ray, >> Please help take a review to this patch. >> >> >> Thanks, >> Star >> -----Original Message----- >> From: Heyi Guo [mailto:heyi.guo@linaro.org] >> Sent: Monday, October 30, 2017 1:48 PM >> To: linaro-uefi@lists.linaro.org; edk2-devel@lists.01.org >> Cc: Heyi Guo <heyi.guo@linaro.org>; Zeng, Star <star.zeng@intel.com>; >> Dong, Eric <eric.dong@intel.com>; Ard Biesheuvel >> <ard.biesheuvel@linaro.org>; Ni, Ruiyu <ruiyu.ni@intel.com> >> Subject: [edk2][PATCH] MdeModulePkg/NonDiscoverable: fix memory >> override bug >> >> For PciIoPciRead interface, memory prior to Buffer would be written with >> zeros if Offset was larger than sizeof (Dev->ConfigSpace), which would cause >> serious system exception. >> >> So we add a pre-check branch to avoid memory override. >> >> Cc: Star Zeng <star.zeng@intel.com> >> Cc: Eric Dong <eric.dong@intel.com> >> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> >> Cc: Ruiyu Ni <ruiyu.ni@intel.com> >> Contributed-under: TianoCore Contribution Agreement 1.1 >> Signed-off-by: Heyi Guo <heyi.guo@linaro.org> >> --- >> .../Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c | 5 >> +++++ >> 1 file changed, 5 insertions(+) >> >> diff --git >> a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverable >> PciDeviceIo.c >> b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverable >> PciDeviceIo.c >> index c836ad6..0e42ae4 100644 >> --- >> a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverable >> PciDeviceIo.c >> +++ >> b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverable >> Pc >> +++ iDeviceIo.c >> @@ -465,6 +465,11 @@ PciIoPciRead ( >> Address = (UINT8 *)&Dev->ConfigSpace + Offset; >> Length = Count << ((UINTN)Width & 0x3); >> >> + if (Offset >= sizeof (Dev->ConfigSpace)) { >> + ZeroMem (Buffer, Length); >> + return EFI_SUCCESS; >> + } >> + >> if (Offset + Length > sizeof (Dev->ConfigSpace)) { >> // >> // Read all zeroes for config space accesses beyond the first >> -- >> 1.9.1 ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2017-11-08 4:58 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2017-10-30 5:47 [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug Heyi Guo 2017-10-30 8:14 ` Ard Biesheuvel 2017-11-07 9:33 ` Heyi Guo 2017-11-08 4:53 ` Zeng, Star 2017-11-08 5:02 ` Heyi Guo 2017-10-30 10:07 ` Zeng, Star 2017-10-30 10:23 ` Ni, Ruiyu 2017-10-30 14:42 ` Heyi Guo
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox