From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 by groups.io with SMTP; Tue, 17 Sep 2019 12:49:55 -0700
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 8C7363090FCD;
	Tue, 17 Sep 2019 19:49:54 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-37.rdu2.redhat.com [10.10.120.37])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 82BC7600C8;
	Tue, 17 Sep 2019 19:49:53 +0000 (UTC)
From: "Laszlo Ersek" <lersek@redhat.com>
To: edk2-devel-groups-io <devel@edk2.groups.io>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	Leif Lindholm <leif.lindholm@linaro.org>
Subject: [PATCH 04/35] EmbeddedPkg/Universal/MmcDxe: "fix" CloseProtocol() call in BindingStop()
Date: Tue, 17 Sep 2019 21:49:04 +0200
Message-Id: <20190917194935.24322-5-lersek@redhat.com>
In-Reply-To: <20190917194935.24322-1-lersek@redhat.com>
References: <20190917194935.24322-1-lersek@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]); Tue, 17 Sep 2019 19:49:54 +0000 (UTC)
Content-Transfer-Encoding: quoted-printable

The 3rd and 4th parameters of the CloseProtocol() call are wrong.

Given that we're not dissociating a child controller from a parent
controller (=3D closing a BY_CHILD_CONTROLLER open), but closing a BY_DRI=
VER
open, the 4th parameter (ControllerHandle) should equal the 1st parameter
(Handle).

It's unclear why this code hasn't crashed before.

Note that the patch doesn't fix the underlying driver model bug. I don't
understand what the loop in MmcDriverBindingStop() attempts to do. Is thi=
s
driver supposed to be a bus driver? It seems to create new handles, and t=
o
append device path nodes. But it doesn't set up proper parent/child
protocol opens, and it doesn't close them.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---

Notes:
    build-tested only

 EmbeddedPkg/Universal/MmcDxe/Mmc.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/EmbeddedPkg/Universal/MmcDxe/Mmc.c b/EmbeddedPkg/Universal/M=
mcDxe/Mmc.c
index 2f9ec9c7e7c1..c6170880debd 100644
--- a/EmbeddedPkg/Universal/MmcDxe/Mmc.c
+++ b/EmbeddedPkg/Universal/MmcDxe/Mmc.c
@@ -329,8 +329,9 @@ MmcDriverBindingStop (
     // Close gEfiMmcHostProtocolGuid
     Status =3D gBS->CloseProtocol (
                 Controller,
-                &gEfiMmcHostProtocolGuid,(VOID **) &MmcHostInstance->Mmc=
Host,
-                This->DriverBindingHandle
+                &gEfiMmcHostProtocolGuid,
+                This->DriverBindingHandle,
+                Controller
                 );
=20
     // Remove MMC Host Instance from the pool
--=20
2.19.1.3.g30247aa5d201