From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga17.intel.com (mga17.intel.com [192.55.52.151])
 by mx.groups.io with SMTP id smtpd.web12.30296.1585192568738836317
 for <devel@edk2.groups.io>;
 Wed, 25 Mar 2020 20:16:08 -0700
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.151, mailfrom: zhichao.gao@intel.com)
IronPort-SDR: JpoEzx54cpRBGxfWKJpCEV/PjCosBcbiYKrg41D2Y+e/hqDAzX7dd/rZ67lc+ftLlEpA8tg0jO
 S9PI8nXGSAIg==
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga008.fm.intel.com ([10.253.24.58])
  by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Mar 2020 20:16:08 -0700
IronPort-SDR: LIYfO0+xuvSUyNXScnhpI9ugdQdoOSHXGklvxLEFEqAIhfljiqzOdk8ZFSuGS2us4nXLYCjpY2
 NJ8HOmzLH7bg==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.72,306,1580803200"; 
   d="scan'208";a="240556913"
Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201])
  by fmsmga008.fm.intel.com with ESMTP; 25 Mar 2020 20:16:08 -0700
Received: from shsmsx602.ccr.corp.intel.com (10.109.6.142) by
 FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Wed, 25 Mar 2020 20:16:08 -0700
Received: from shsmsx603.ccr.corp.intel.com (10.109.6.143) by
 SHSMSX602.ccr.corp.intel.com (10.109.6.142) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.1713.5; Thu, 26 Mar 2020 11:16:05 +0800
Received: from shsmsx603.ccr.corp.intel.com ([10.109.6.143]) by
 SHSMSX603.ccr.corp.intel.com ([10.109.6.143]) with mapi id 15.01.1713.004;
 Thu, 26 Mar 2020 11:16:05 +0800
From: "Gao, Zhichao" <zhichao.gao@intel.com>
To: Laszlo Ersek <lersek@redhat.com>, "Ni, Ray" <ray.ni@intel.com>, "Wu,
 Jiaxin" <jiaxin.wu@intel.com>, "Fu, Siyuan" <siyuan.fu@intel.com>
CC: "devel@edk2.groups.io" <devel@edk2.groups.io>,
	"maciej.rabeda@linux.intel.com" <maciej.rabeda@linux.intel.com>
Subject: Re: [edk2-devel] [PATCH v1] ShellPkg: Fix 'ping' command Ip4 receive flow.
Thread-Topic: [edk2-devel] [PATCH v1] ShellPkg: Fix 'ping' command Ip4 receive
 flow.
Thread-Index: AQHV7V1hVl9sa0gGCkqbPw4XK/NnKKhY0b4AgAGNCWA=
Date: Thu, 26 Mar 2020 03:16:05 +0000
Message-ID: <526dba76ac004389873ca89c053407af@intel.com>
References: <20200227110212.1070-1-maciej.rabeda@linux.intel.com>
 <e319a343-543d-74c4-2eaf-a10590b72bf4@redhat.com>
In-Reply-To: <e319a343-543d-74c4-2eaf-a10590b72bf4@redhat.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.36]
MIME-Version: 1.0
Return-Path: zhichao.gao@intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

The ping command implementation would go into the ip4/ip6 protocol. But I a=
m not familiar with the network part.

Jiaxin/Siyuan,

Can you help to review this patch?

Thanks,
Zhichao

> -----Original Message-----
> From: Laszlo Ersek [mailto:lersek@redhat.com]
> Sent: Wednesday, March 25, 2020 7:34 PM
> To: Ni, Ray <ray.ni@intel.com>; Gao, Zhichao <zhichao.gao@intel.com>
> Cc: devel@edk2.groups.io; maciej.rabeda@linux.intel.com
> Subject: Re: [edk2-devel] [PATCH v1] ShellPkg: Fix 'ping' command Ip4
> receive flow.
>=20
> Ray, Zhichao,
>=20
> On 02/27/20 12:02, Maciej Rabeda wrote:
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2032
> >
> > 'ping' command's receive flow utilizes a single Rx token which it
> > attempts to reuse before recycling the previously received packet.
> > This causes a situation where under ICMP traffic,
> > Ping6OnEchoReplyReceived() function will receive an already recycled
> > packet with EFI_SUCCESS token status and finally dereference invalid
> > pointers from RxData structure.
> >
> > Cc: Ray Ni <ray.ni@intel.com>
> > Cc: Zhichao Gao <zhichao.gao@intel.com>
> > Signed-off-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> > ---
> >  ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c | 9 +++++----
> >  1 file changed, 5 insertions(+), 4 deletions(-)
>=20
> can you please review this ShellPkg patch? It's been on the list for almo=
st a
> month now.
>=20
> Thanks
> Laszlo
>=20
> > diff --git a/ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c
> > b/ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c
> > index 23567fa2c1bb..a3fa32515192 100644
> > --- a/ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c
> > +++ b/ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c
> > @@ -614,6 +614,11 @@ Ping6OnEchoReplyReceived (
> >
> >  ON_EXIT:
> >
> > +  //
> > +  // Recycle the packet before reusing RxToken  //  gBS->SignalEvent
> > + (Private->IpChoice =3D=3D
> > + PING_IP_CHOICE_IP6?((EFI_IP6_RECEIVE_DATA*)Private-
> >RxToken.Packet.R
> > + xData)->RecycleSignal:((EFI_IP4_RECEIVE_DATA*)Private-
> >RxToken.Packe
> > + t.RxData)->RecycleSignal);
> > +
> >    if (Private->RxCount < Private->SendNum) {
> >      //
> >      // Continue to receive icmp echo reply packets.
> > @@ -632,10 +637,6 @@ ON_EXIT:
> >      //
> >      Private->Status =3D EFI_SUCCESS;
> >    }
> > -  //
> > -  // Singal to recycle the each rxdata here, not at the end of process=
.
> > -  //
> > -  gBS->SignalEvent (Private->IpChoice =3D=3D
> > PING_IP_CHOICE_IP6?((EFI_IP6_RECEIVE_DATA*)Private-
> >RxToken.Packet.RxD
> > ata)->RecycleSignal:((EFI_IP4_RECEIVE_DATA*)Private-
> >RxToken.Packet.Rx
> > Data)->RecycleSignal);
> >  }
> >
> >  /**
> >