From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.120; helo=mga04.intel.com; envelope-from=hao.a.wu@intel.com; receiver=edk2-devel@lists.01.org Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 078902117AE4D for ; Wed, 17 Oct 2018 23:42:04 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Oct 2018 23:42:03 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,395,1534834800"; d="scan'208";a="82135280" Received: from shwdeopenpsi014.ccr.corp.intel.com ([10.239.9.9]) by orsmga007.jf.intel.com with ESMTP; 17 Oct 2018 23:42:02 -0700 From: Hao Wu To: edk2-devel@lists.01.org Cc: Hao Wu , Liangcheng Tang , Ruiyu Ni , Star Zeng Date: Thu, 18 Oct 2018 14:41:58 +0800 Message-Id: <20181018064200.2068-2-hao.a.wu@intel.com> X-Mailer: git-send-email 2.12.0.windows.1 In-Reply-To: <20181018064200.2068-1-hao.a.wu@intel.com> References: <20181018064200.2068-1-hao.a.wu@intel.com> Subject: [PATCH v1 1/3] MdeModulePkg/NvmExpressDxe: Refine data buffer & len check in PassThru X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Oct 2018 06:42:04 -0000 REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1142 According to the the NVM Express spec Revision 1.1, for some commands (like Get/Set Feature Command, Figure 89 & 90 of the spec), the Memory Buffer maybe optional although the command opcode indicates there is a data transfer between host & controller (Get/Set Feature Command, Figure 38 of the spec). Hence, this commit refine the checks for the 'TransferLength' and 'TransferBuffer' field of the EFI_NVM_EXPRESS_PASS_THRU_COMMAND_PACKET structure to address this issue. Cc: Liangcheng Tang Cc: Ruiyu Ni Cc: Star Zeng Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu --- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c | 33 +++++++++++--------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c index 2468871322..bfcd349794 100644 --- a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c +++ b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c @@ -595,7 +595,8 @@ NvmExpressPassThru ( // if (((Sq->Opc & (BIT0 | BIT1)) != 0) && !((Packet->QueueType == NVME_ADMIN_QUEUE) && ((Sq->Opc == NVME_ADMIN_CRIOCQ_CMD) || (Sq->Opc == NVME_ADMIN_CRIOSQ_CMD)))) { - if ((Packet->TransferLength == 0) || (Packet->TransferBuffer == NULL)) { + if (((Packet->TransferLength != 0) && (Packet->TransferBuffer == NULL)) || + ((Packet->TransferLength == 0) && (Packet->TransferBuffer != NULL))) { return EFI_INVALID_PARAMETER; } @@ -605,21 +606,23 @@ NvmExpressPassThru ( Flag = EfiPciIoOperationBusMasterWrite; } - MapLength = Packet->TransferLength; - Status = PciIo->Map ( - PciIo, - Flag, - Packet->TransferBuffer, - &MapLength, - &PhyAddr, - &MapData - ); - if (EFI_ERROR (Status) || (Packet->TransferLength != MapLength)) { - return EFI_OUT_OF_RESOURCES; - } + if ((Packet->TransferLength != 0) && (Packet->TransferBuffer != NULL)) { + MapLength = Packet->TransferLength; + Status = PciIo->Map ( + PciIo, + Flag, + Packet->TransferBuffer, + &MapLength, + &PhyAddr, + &MapData + ); + if (EFI_ERROR (Status) || (Packet->TransferLength != MapLength)) { + return EFI_OUT_OF_RESOURCES; + } - Sq->Prp[0] = PhyAddr; - Sq->Prp[1] = 0; + Sq->Prp[0] = PhyAddr; + Sq->Prp[1] = 0; + } if((Packet->MetadataLength != 0) && (Packet->MetadataBuffer != NULL)) { MapLength = Packet->MetadataLength; -- 2.12.0.windows.1