From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wr1-f65.google.com (mail-wr1-f65.google.com [209.85.221.65]) by mx.groups.io with SMTP id smtpd.web12.315.1592410482751288758 for ; Wed, 17 Jun 2020 09:14:43 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@nuviainc-com.20150623.gappssmtp.com header.s=20150623 header.b=t76bsXmU; spf=pass (domain: nuviainc.com, ip: 209.85.221.65, mailfrom: leif@nuviainc.com) Received: by mail-wr1-f65.google.com with SMTP id t18so2958379wru.6 for ; Wed, 17 Jun 2020 09:14:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nuviainc-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=tOqZ6qPVF0GvpJIK4J/w3dKYqS/re/cHxuBNArYvA5Q=; b=t76bsXmUhXkaHbhe84DbyfmBMArpp1MlmeuabO9mWvkRYVlist5yCstxx0ZxHLL0hm pgg9S8BZKmmq5Mp80AmoHIEMwjeIqsz/qtzGHQ/cM+JjmwN0NUwP6Ys6lbdAMmvCReQo b/ddVbrpZtKr8c0OOvTfJnmBia9Ip7hNLgfz2+C3Tq8eU5wJC5WIa8rlmMUUTIJbGKW+ qAFjgL7uaF7jshibRnObhBgS4fcuFROmevx/77z/x+WPnjU4aotPhtmpEvNV+sK930EW ql3ZGgCp2avUYzV+bGp3UQ7mdS6oIDvbSc7INXjOOyi5+spIAZVMLK4Q/Ib/7Vdcrzii S4xA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=tOqZ6qPVF0GvpJIK4J/w3dKYqS/re/cHxuBNArYvA5Q=; b=dxmWyRKRpW4//uYn6bWacDY9FYL+W2pbfAlBIHqIhhRE2ScQVoFoCU51nNILemjTbl Qb55lneHPfTp/skxd28Afjq1yoH2gkv7Uiz6wryS+WGpDbEH8ecpA1s4fdvHcBHVC5PS J85YQU1k9JnrjFA/bWzDeNjfdo6njwkF5errMVjD420AdW9gJ7wmgfDDuK4B2CheTD8G cjZNyjzAp/HSmhidSIxBEXKmnIr3HI71OPSlAvu3S4AL8Cx7u1Qyva4WgPGnZGx5AIqa oei1Ci7ooOVaqeNw0GSh+lpt9fS8I7r+/NFyYiI6L97TyiscbW6j4yAR1gyI0q1mJ8VA Y8HQ== X-Gm-Message-State: AOAM531NxDGBC7hqt2xb+roj6dEbHWE/7nMK7SLaSfVEmmPNvixH0bWG bRZJATxgyL0N+zVJYB+f8zO10A== X-Google-Smtp-Source: ABdhPJx4hPLzXkVmrCQ+uvpUriUnWocM7jZBUfyNANHW/m1E8DlwYC/7X7YlOuQEjp4kBLuKjzgThg== X-Received: by 2002:a5d:6a4b:: with SMTP id t11mr10341wrw.404.1592410481357; Wed, 17 Jun 2020 09:14:41 -0700 (PDT) Return-Path: Received: from vanye ([2001:470:1f09:12f0:b26e:bfff:fea9:f1b8]) by smtp.gmail.com with ESMTPSA id n19sm230716wmi.33.2020.06.17.09.14.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Jun 2020 09:14:40 -0700 (PDT) Date: Wed, 17 Jun 2020 17:14:38 +0100 From: "Leif Lindholm" To: Ard Biesheuvel Cc: devel@edk2.groups.io, pete@akeo.ie, awarkentin@vmware.com, jeremy.linton@arm.com, Samer.El-Haj-Mahmoud@arm.com Subject: Re: [PATCH] EmbeddedPkg/NonCoherentDmaLib: avoid dereferencing bogus buffer address Message-ID: <20200617161438.GR6739@vanye> References: <20200617153824.1175136-1-ard.biesheuvel@arm.com> MIME-Version: 1.0 In-Reply-To: <20200617153824.1175136-1-ard.biesheuvel@arm.com> User-Agent: Mutt/1.10.1 (2018-07-13) Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Wed, Jun 17, 2020 at 17:38:24 +0200, Ard Biesheuvel wrote: > The bounce buffering code in NonCoherentDmaLib copies data into the > bounce buffer using CopyMem(), but passes Map->HostAddress as the > source of the copy before it has been assigned its correct value. Whoops. > Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm > --- > EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c b/EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c > index 115345765435..9c8ef5bfb533 100644 > --- a/EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c > +++ b/EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c > @@ -225,8 +225,7 @@ DmaMap ( > } > > if (Map->Operation == MapOperationBusMasterRead) { > - CopyMem (Map->BufferAddress, (VOID *)(UINTN)Map->HostAddress, > - *NumberOfBytes); > + CopyMem (Map->BufferAddress, (VOID *)(UINTN)HostAddress, *NumberOfBytes); > } > mCpu->FlushDataCache (mCpu, (UINTN)Map->BufferAddress, AllocSize, > EfiCpuFlushTypeWriteBack); > -- > 2.27.0 >