From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2a00:1450:400c:c0c::242; helo=mail-wr0-x242.google.com; envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-wr0-x242.google.com (mail-wr0-x242.google.com [IPv6:2a00:1450:400c:c0c::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 91424226EAC7B for ; Thu, 12 Apr 2018 02:24:52 -0700 (PDT) Received: by mail-wr0-x242.google.com with SMTP id q13so960639wre.3 for ; Thu, 12 Apr 2018 02:24:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=j7RdsBkUkgyEbIRaWRi3tEea1A/Jh3ZFrSqkozeHQlw=; b=hAlLrBFnPehsoIUJ70J4TmTKq63wTA2jMmnjjRQo3xz2drYWt/UxRVbaDnYaDoDT/+ Jja/vo3hYcMjSlhNH2b8IgnIfks0guP4zkMCHa9nPbH33D0jl5Ze2I/5V1nlWxInmJv5 No6yrtKdPiGmq90AzPCi3F0fH1O+9y+ytF8Po= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=j7RdsBkUkgyEbIRaWRi3tEea1A/Jh3ZFrSqkozeHQlw=; b=RZZJSMZ6QDwge6vXa4mHfdw2+OK218LQxakpGRUYtQdlsrv/dG0r8KCUR/S713SOUA FgpFUXdZMm7AH6nBDmsBpdGYAHv0OgjNyG0Ldjk85jGUfEJeqeInnUWJyC41ta32ClT4 160Dy/RiSeTmniEyO50zoMq35KDauYjiEshuEki3ZlSlMytsfBfjlHTiPeNlS5F2FDyu v1WmyNFoJ3I6bIzQqHKMZkhUr4k5zu1n8rqASvXnh0julerY+gbBY8dDM23+yXnFCF9g Z6XC4o955eyIta8Zc60KYqLR+eaS1uchzf1PycnNWY1e2T/UDjPAJW+rCn1rDqgUc2Zz qdgA== X-Gm-Message-State: ALQs6tAVCdm0FWUY1UZx5GIq3h8T8LhZOjHnDTXmAAI54n6gz/lmIabL Z799wG3v5whBphdMLDLTvCkrunyJOZ4= X-Google-Smtp-Source: AIpwx4+f4vbcZ8OGitvEP337aSHnqNuBTSV4C+yGsMYFj2pwuz1QexJwmKE1kr/PiuWu4q3IVr3qxg== X-Received: by 10.223.226.208 with SMTP id d16mr183891wrj.50.1523525089849; Thu, 12 Apr 2018 02:24:49 -0700 (PDT) Received: from localhost.localdomain ([2a01:e35:3995:5470:200:1aff:fe1b:b328]) by smtp.gmail.com with ESMTPSA id w14sm726748wmd.1.2018.04.12.02.24.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 12 Apr 2018 02:24:48 -0700 (PDT) From: Ard Biesheuvel To: edk2-devel@lists.01.org Cc: leif.lindholm@linaro.org, okamoto.satoru@socionext.com, graeme.gregory@linaro.org, daniel.thompson@linaro.org, jaswinder.singh@linaro.org, masami.hiramatsu@linaro.org, renato.golin@linaro.org, masahisa.kojima@linaro.org, bill.fletcher@linaro.org, linarobox@linaro.org, Ard Biesheuvel Date: Thu, 12 Apr 2018 11:23:49 +0200 Message-Id: <20180412092349.8680-1-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.0 Subject: [PATCH edk2-platforms] Silicon/SynQuacer/NetsecDxe: fix buffer allocation bug X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Apr 2018 09:24:53 -0000 The receive buffers of the NETSEC driver are owned by the driver itself (as opposed to the protocol client in the case of the transmit path), and so the descriptors and the buffers (which are of a fixed size) are allocated in one go. The idea is that the 'buffer' member of the descriptor should point to a DMA aligned offset into the same allocation, but the code in pfdep_alloc_pkt_buf() calculates the value incorrectly, resulting in corruption of the descriptor metadata if the pool allocation happens to be DMA aligned. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ard Biesheuvel --- Silicon/Socionext/SynQuacer/Drivers/Net/NetsecDxe/netsec_for_uefi/pfdep_uefi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Silicon/Socionext/SynQuacer/Drivers/Net/NetsecDxe/netsec_for_uefi/pfdep_uefi.c b/Silicon/Socionext/SynQuacer/Drivers/Net/NetsecDxe/netsec_for_uefi/pfdep_uefi.c index b43d1aaff037..0875558c08ea 100644 --- a/Silicon/Socionext/SynQuacer/Drivers/Net/NetsecDxe/netsec_for_uefi/pfdep_uefi.c +++ b/Silicon/Socionext/SynQuacer/Drivers/Net/NetsecDxe/netsec_for_uefi/pfdep_uefi.c @@ -134,7 +134,7 @@ pfdep_alloc_pkt_buf ( return PFDEP_ERR_ALLOC; } - (*pkt_handle_p)->Buffer = ALIGN_POINTER (*pkt_handle_p, + (*pkt_handle_p)->Buffer = ALIGN_POINTER (*pkt_handle_p + 1, mCpu->DmaBufferAlignment); } -- 2.17.0