From: Hao Wu <hao.a.wu@intel.com>
To: edk2-devel@lists.01.org
Cc: Hao Wu <hao.a.wu@intel.com>,
Liangcheng Tang <liangcheng.tang@intel.com>,
Star Zeng <star.zeng@intel.com>
Subject: [PATCH v2 1/3] MdeModulePkg/NvmExpressDxe: Refine data buffer & len check in PassThru
Date: Wed, 24 Oct 2018 09:19:50 +0800 [thread overview]
Message-ID: <20181024011952.20404-2-hao.a.wu@intel.com> (raw)
In-Reply-To: <20181024011952.20404-1-hao.a.wu@intel.com>
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1142
According to the the NVM Express spec Revision 1.1, for some commands
(like Get/Set Feature Command, Figure 89 & 90 of the spec), the Memory
Buffer maybe optional although the command opcode indicates there is a
data transfer between host & controller (Get/Set Feature Command, Figure
38 of the spec).
Hence, this commit refine the checks for the 'TransferLength' and
'TransferBuffer' field of the EFI_NVM_EXPRESS_PASS_THRU_COMMAND_PACKET
structure to address this issue.
Cc: Liangcheng Tang <liangcheng.tang@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
---
MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c | 33 +++++++++++---------
1 file changed, 18 insertions(+), 15 deletions(-)
diff --git a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c
index 2468871322..bfcd349794 100644
--- a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c
+++ b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c
@@ -595,7 +595,8 @@ NvmExpressPassThru (
//
if (((Sq->Opc & (BIT0 | BIT1)) != 0) &&
!((Packet->QueueType == NVME_ADMIN_QUEUE) && ((Sq->Opc == NVME_ADMIN_CRIOCQ_CMD) || (Sq->Opc == NVME_ADMIN_CRIOSQ_CMD)))) {
- if ((Packet->TransferLength == 0) || (Packet->TransferBuffer == NULL)) {
+ if (((Packet->TransferLength != 0) && (Packet->TransferBuffer == NULL)) ||
+ ((Packet->TransferLength == 0) && (Packet->TransferBuffer != NULL))) {
return EFI_INVALID_PARAMETER;
}
@@ -605,21 +606,23 @@ NvmExpressPassThru (
Flag = EfiPciIoOperationBusMasterWrite;
}
- MapLength = Packet->TransferLength;
- Status = PciIo->Map (
- PciIo,
- Flag,
- Packet->TransferBuffer,
- &MapLength,
- &PhyAddr,
- &MapData
- );
- if (EFI_ERROR (Status) || (Packet->TransferLength != MapLength)) {
- return EFI_OUT_OF_RESOURCES;
- }
+ if ((Packet->TransferLength != 0) && (Packet->TransferBuffer != NULL)) {
+ MapLength = Packet->TransferLength;
+ Status = PciIo->Map (
+ PciIo,
+ Flag,
+ Packet->TransferBuffer,
+ &MapLength,
+ &PhyAddr,
+ &MapData
+ );
+ if (EFI_ERROR (Status) || (Packet->TransferLength != MapLength)) {
+ return EFI_OUT_OF_RESOURCES;
+ }
- Sq->Prp[0] = PhyAddr;
- Sq->Prp[1] = 0;
+ Sq->Prp[0] = PhyAddr;
+ Sq->Prp[1] = 0;
+ }
if((Packet->MetadataLength != 0) && (Packet->MetadataBuffer != NULL)) {
MapLength = Packet->MetadataLength;
--
2.12.0.windows.1
next prev parent reply other threads:[~2018-10-24 1:19 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-24 1:19 [PATCH v2 0/3] NvmExpressDxe: Bug fixes within NvmExpressPassThru() Hao Wu
2018-10-24 1:19 ` Hao Wu [this message]
2018-10-24 1:19 ` [PATCH v2 2/3] MdeModulePkg/NvmExpressDxe: Always copy CQ entry to PassThru packet Hao Wu
2018-10-24 1:19 ` [PATCH v2 3/3] MdeModulePkg/NvmExpressDxe: Refine PassThru IO queue creation behavior Hao Wu
2018-10-24 4:08 ` Ni, Ruiyu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181024011952.20404-2-hao.a.wu@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox