* [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug
@ 2017-10-30 5:47 Heyi Guo
2017-10-30 8:14 ` Ard Biesheuvel
2017-10-30 10:07 ` Zeng, Star
0 siblings, 2 replies; 8+ messages in thread
From: Heyi Guo @ 2017-10-30 5:47 UTC (permalink / raw)
To: linaro-uefi, edk2-devel
Cc: Heyi Guo, Star Zeng, Eric Dong, Ard Biesheuvel, Ruiyu Ni
For PciIoPciRead interface, memory prior to Buffer would be written
with zeros if Offset was larger than sizeof (Dev->ConfigSpace), which
would cause serious system exception.
So we add a pre-check branch to avoid memory override.
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
---
.../Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c
index c836ad6..0e42ae4 100644
--- a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c
+++ b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c
@@ -465,6 +465,11 @@ PciIoPciRead (
Address = (UINT8 *)&Dev->ConfigSpace + Offset;
Length = Count << ((UINTN)Width & 0x3);
+ if (Offset >= sizeof (Dev->ConfigSpace)) {
+ ZeroMem (Buffer, Length);
+ return EFI_SUCCESS;
+ }
+
if (Offset + Length > sizeof (Dev->ConfigSpace)) {
//
// Read all zeroes for config space accesses beyond the first
--
1.9.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug
2017-10-30 5:47 [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug Heyi Guo
@ 2017-10-30 8:14 ` Ard Biesheuvel
2017-11-07 9:33 ` Heyi Guo
2017-10-30 10:07 ` Zeng, Star
1 sibling, 1 reply; 8+ messages in thread
From: Ard Biesheuvel @ 2017-10-30 8:14 UTC (permalink / raw)
To: Heyi Guo
Cc: linaro-uefi, edk2-devel@lists.01.org, Star Zeng, Eric Dong,
Ruiyu Ni
On 30 October 2017 at 05:47, Heyi Guo <heyi.guo@linaro.org> wrote:
> For PciIoPciRead interface, memory prior to Buffer would be written
> with zeros if Offset was larger than sizeof (Dev->ConfigSpace), which
> would cause serious system exception.
>
> So we add a pre-check branch to avoid memory override.
>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
> .../Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c
> index c836ad6..0e42ae4 100644
> --- a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c
> +++ b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c
> @@ -465,6 +465,11 @@ PciIoPciRead (
> Address = (UINT8 *)&Dev->ConfigSpace + Offset;
> Length = Count << ((UINTN)Width & 0x3);
>
> + if (Offset >= sizeof (Dev->ConfigSpace)) {
> + ZeroMem (Buffer, Length);
> + return EFI_SUCCESS;
> + }
> +
> if (Offset + Length > sizeof (Dev->ConfigSpace)) {
> //
> // Read all zeroes for config space accesses beyond the first
> --
> 1.9.1
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug
2017-10-30 5:47 [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug Heyi Guo
2017-10-30 8:14 ` Ard Biesheuvel
@ 2017-10-30 10:07 ` Zeng, Star
2017-10-30 10:23 ` Ni, Ruiyu
1 sibling, 1 reply; 8+ messages in thread
From: Zeng, Star @ 2017-10-30 10:07 UTC (permalink / raw)
To: Ni, Ruiyu, Heyi Guo, linaro-uefi@lists.linaro.org,
edk2-devel@lists.01.org
Cc: Dong, Eric, Ard Biesheuvel, Zeng, Star
Ray,
Please help take a review to this patch.
Thanks,
Star
-----Original Message-----
From: Heyi Guo [mailto:heyi.guo@linaro.org]
Sent: Monday, October 30, 2017 1:48 PM
To: linaro-uefi@lists.linaro.org; edk2-devel@lists.01.org
Cc: Heyi Guo <heyi.guo@linaro.org>; Zeng, Star <star.zeng@intel.com>; Dong, Eric <eric.dong@intel.com>; Ard Biesheuvel <ard.biesheuvel@linaro.org>; Ni, Ruiyu <ruiyu.ni@intel.com>
Subject: [edk2][PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug
For PciIoPciRead interface, memory prior to Buffer would be written with zeros if Offset was larger than sizeof (Dev->ConfigSpace), which would cause serious system exception.
So we add a pre-check branch to avoid memory override.
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
---
.../Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c
index c836ad6..0e42ae4 100644
--- a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c
+++ b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePc
+++ iDeviceIo.c
@@ -465,6 +465,11 @@ PciIoPciRead (
Address = (UINT8 *)&Dev->ConfigSpace + Offset;
Length = Count << ((UINTN)Width & 0x3);
+ if (Offset >= sizeof (Dev->ConfigSpace)) {
+ ZeroMem (Buffer, Length);
+ return EFI_SUCCESS;
+ }
+
if (Offset + Length > sizeof (Dev->ConfigSpace)) {
//
// Read all zeroes for config space accesses beyond the first
--
1.9.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug
2017-10-30 10:07 ` Zeng, Star
@ 2017-10-30 10:23 ` Ni, Ruiyu
2017-10-30 14:42 ` Heyi Guo
0 siblings, 1 reply; 8+ messages in thread
From: Ni, Ruiyu @ 2017-10-30 10:23 UTC (permalink / raw)
To: Zeng, Star, Heyi Guo, linaro-uefi@lists.linaro.org,
edk2-devel@lists.01.org
Cc: Dong, Eric, Ard Biesheuvel
I will wait for Ard's feedback. It's an ARM specific module.
Thanks/Ray
> -----Original Message-----
> From: Zeng, Star
> Sent: Monday, October 30, 2017 6:07 PM
> To: Ni, Ruiyu <ruiyu.ni@intel.com>; Heyi Guo <heyi.guo@linaro.org>; linaro-
> uefi@lists.linaro.org; edk2-devel@lists.01.org
> Cc: Dong, Eric <eric.dong@intel.com>; Ard Biesheuvel
> <ard.biesheuvel@linaro.org>; Zeng, Star <star.zeng@intel.com>
> Subject: RE: [edk2][PATCH] MdeModulePkg/NonDiscoverable: fix memory
> override bug
>
> Ray,
> Please help take a review to this patch.
>
>
> Thanks,
> Star
> -----Original Message-----
> From: Heyi Guo [mailto:heyi.guo@linaro.org]
> Sent: Monday, October 30, 2017 1:48 PM
> To: linaro-uefi@lists.linaro.org; edk2-devel@lists.01.org
> Cc: Heyi Guo <heyi.guo@linaro.org>; Zeng, Star <star.zeng@intel.com>;
> Dong, Eric <eric.dong@intel.com>; Ard Biesheuvel
> <ard.biesheuvel@linaro.org>; Ni, Ruiyu <ruiyu.ni@intel.com>
> Subject: [edk2][PATCH] MdeModulePkg/NonDiscoverable: fix memory
> override bug
>
> For PciIoPciRead interface, memory prior to Buffer would be written with
> zeros if Offset was larger than sizeof (Dev->ConfigSpace), which would cause
> serious system exception.
>
> So we add a pre-check branch to avoid memory override.
>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
> ---
> .../Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c | 5
> +++++
> 1 file changed, 5 insertions(+)
>
> diff --git
> a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverable
> PciDeviceIo.c
> b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverable
> PciDeviceIo.c
> index c836ad6..0e42ae4 100644
> ---
> a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverable
> PciDeviceIo.c
> +++
> b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverable
> Pc
> +++ iDeviceIo.c
> @@ -465,6 +465,11 @@ PciIoPciRead (
> Address = (UINT8 *)&Dev->ConfigSpace + Offset;
> Length = Count << ((UINTN)Width & 0x3);
>
> + if (Offset >= sizeof (Dev->ConfigSpace)) {
> + ZeroMem (Buffer, Length);
> + return EFI_SUCCESS;
> + }
> +
> if (Offset + Length > sizeof (Dev->ConfigSpace)) {
> //
> // Read all zeroes for config space accesses beyond the first
> --
> 1.9.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug
2017-10-30 10:23 ` Ni, Ruiyu
@ 2017-10-30 14:42 ` Heyi Guo
0 siblings, 0 replies; 8+ messages in thread
From: Heyi Guo @ 2017-10-30 14:42 UTC (permalink / raw)
To: Ni, Ruiyu, Zeng, Star, linaro-uefi@lists.linaro.org,
edk2-devel@lists.01.org
Cc: Dong, Eric, Ard Biesheuvel
Hi Ray,
It seems Ard already provided his R-B :)
Thanks.
Heyi
On 10/30/2017 06:23 PM, Ni, Ruiyu wrote:
> I will wait for Ard's feedback. It's an ARM specific module.
>
> Thanks/Ray
>
>> -----Original Message-----
>> From: Zeng, Star
>> Sent: Monday, October 30, 2017 6:07 PM
>> To: Ni, Ruiyu <ruiyu.ni@intel.com>; Heyi Guo <heyi.guo@linaro.org>; linaro-
>> uefi@lists.linaro.org; edk2-devel@lists.01.org
>> Cc: Dong, Eric <eric.dong@intel.com>; Ard Biesheuvel
>> <ard.biesheuvel@linaro.org>; Zeng, Star <star.zeng@intel.com>
>> Subject: RE: [edk2][PATCH] MdeModulePkg/NonDiscoverable: fix memory
>> override bug
>>
>> Ray,
>> Please help take a review to this patch.
>>
>>
>> Thanks,
>> Star
>> -----Original Message-----
>> From: Heyi Guo [mailto:heyi.guo@linaro.org]
>> Sent: Monday, October 30, 2017 1:48 PM
>> To: linaro-uefi@lists.linaro.org; edk2-devel@lists.01.org
>> Cc: Heyi Guo <heyi.guo@linaro.org>; Zeng, Star <star.zeng@intel.com>;
>> Dong, Eric <eric.dong@intel.com>; Ard Biesheuvel
>> <ard.biesheuvel@linaro.org>; Ni, Ruiyu <ruiyu.ni@intel.com>
>> Subject: [edk2][PATCH] MdeModulePkg/NonDiscoverable: fix memory
>> override bug
>>
>> For PciIoPciRead interface, memory prior to Buffer would be written with
>> zeros if Offset was larger than sizeof (Dev->ConfigSpace), which would cause
>> serious system exception.
>>
>> So we add a pre-check branch to avoid memory override.
>>
>> Cc: Star Zeng <star.zeng@intel.com>
>> Cc: Eric Dong <eric.dong@intel.com>
>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
>> Contributed-under: TianoCore Contribution Agreement 1.1
>> Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
>> ---
>> .../Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c | 5
>> +++++
>> 1 file changed, 5 insertions(+)
>>
>> diff --git
>> a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverable
>> PciDeviceIo.c
>> b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverable
>> PciDeviceIo.c
>> index c836ad6..0e42ae4 100644
>> ---
>> a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverable
>> PciDeviceIo.c
>> +++
>> b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverable
>> Pc
>> +++ iDeviceIo.c
>> @@ -465,6 +465,11 @@ PciIoPciRead (
>> Address = (UINT8 *)&Dev->ConfigSpace + Offset;
>> Length = Count << ((UINTN)Width & 0x3);
>>
>> + if (Offset >= sizeof (Dev->ConfigSpace)) {
>> + ZeroMem (Buffer, Length);
>> + return EFI_SUCCESS;
>> + }
>> +
>> if (Offset + Length > sizeof (Dev->ConfigSpace)) {
>> //
>> // Read all zeroes for config space accesses beyond the first
>> --
>> 1.9.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug
2017-10-30 8:14 ` Ard Biesheuvel
@ 2017-11-07 9:33 ` Heyi Guo
2017-11-08 4:53 ` Zeng, Star
0 siblings, 1 reply; 8+ messages in thread
From: Heyi Guo @ 2017-11-07 9:33 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: linaro-uefi, edk2-devel@lists.01.org, Star Zeng, Eric Dong,
Ruiyu Ni
Hi Ray,
We had Ard's R-B already; could you help to commit it?
Thanks and regards,
Heyi
在 10/30/2017 4:14 PM, Ard Biesheuvel 写道:
> On 30 October 2017 at 05:47, Heyi Guo <heyi.guo@linaro.org> wrote:
>> For PciIoPciRead interface, memory prior to Buffer would be written
>> with zeros if Offset was larger than sizeof (Dev->ConfigSpace), which
>> would cause serious system exception.
>>
>> So we add a pre-check branch to avoid memory override.
>>
>> Cc: Star Zeng <star.zeng@intel.com>
>> Cc: Eric Dong <eric.dong@intel.com>
>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
>> Contributed-under: TianoCore Contribution Agreement 1.1
>> Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>
>> ---
>> .../Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c | 5 +++++
>> 1 file changed, 5 insertions(+)
>>
>> diff --git a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c
>> index c836ad6..0e42ae4 100644
>> --- a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c
>> +++ b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c
>> @@ -465,6 +465,11 @@ PciIoPciRead (
>> Address = (UINT8 *)&Dev->ConfigSpace + Offset;
>> Length = Count << ((UINTN)Width & 0x3);
>>
>> + if (Offset >= sizeof (Dev->ConfigSpace)) {
>> + ZeroMem (Buffer, Length);
>> + return EFI_SUCCESS;
>> + }
>> +
>> if (Offset + Length > sizeof (Dev->ConfigSpace)) {
>> //
>> // Read all zeroes for config space accesses beyond the first
>> --
>> 1.9.1
>>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug
2017-11-07 9:33 ` Heyi Guo
@ 2017-11-08 4:53 ` Zeng, Star
2017-11-08 5:02 ` Heyi Guo
0 siblings, 1 reply; 8+ messages in thread
From: Zeng, Star @ 2017-11-08 4:53 UTC (permalink / raw)
To: Heyi Guo, Ard Biesheuvel
Cc: Ni, Ruiyu, edk2-devel@lists.01.org, Dong, Eric, linaro-uefi,
Zeng, Star
Just pushed at 710d9e69fae6753a1a826aa18dd37bcadd3e0c3e.
Thanks,
Star
-----Original Message-----
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Heyi Guo
Sent: Tuesday, November 7, 2017 5:33 PM
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Ni, Ruiyu <ruiyu.ni@intel.com>; edk2-devel@lists.01.org; Dong, Eric <eric.dong@intel.com>; Zeng, Star <star.zeng@intel.com>; linaro-uefi <linaro-uefi@lists.linaro.org>
Subject: Re: [edk2] [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug
Hi Ray,
We had Ard's R-B already; could you help to commit it?
Thanks and regards,
Heyi
在 10/30/2017 4:14 PM, Ard Biesheuvel 写道:
> On 30 October 2017 at 05:47, Heyi Guo <heyi.guo@linaro.org> wrote:
>> For PciIoPciRead interface, memory prior to Buffer would be written
>> with zeros if Offset was larger than sizeof (Dev->ConfigSpace), which
>> would cause serious system exception.
>>
>> So we add a pre-check branch to avoid memory override.
>>
>> Cc: Star Zeng <star.zeng@intel.com>
>> Cc: Eric Dong <eric.dong@intel.com>
>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
>> Contributed-under: TianoCore Contribution Agreement 1.1
>> Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>
>> ---
>> .../Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c | 5 +++++
>> 1 file changed, 5 insertions(+)
>>
>> diff --git
>> a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePci
>> DeviceIo.c
>> b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePci
>> DeviceIo.c
>> index c836ad6..0e42ae4 100644
>> ---
>> a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePci
>> DeviceIo.c
>> +++ b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverabl
>> +++ ePciDeviceIo.c
>> @@ -465,6 +465,11 @@ PciIoPciRead (
>> Address = (UINT8 *)&Dev->ConfigSpace + Offset;
>> Length = Count << ((UINTN)Width & 0x3);
>>
>> + if (Offset >= sizeof (Dev->ConfigSpace)) {
>> + ZeroMem (Buffer, Length);
>> + return EFI_SUCCESS;
>> + }
>> +
>> if (Offset + Length > sizeof (Dev->ConfigSpace)) {
>> //
>> // Read all zeroes for config space accesses beyond the first
>> --
>> 1.9.1
>>
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug
2017-11-08 4:53 ` Zeng, Star
@ 2017-11-08 5:02 ` Heyi Guo
0 siblings, 0 replies; 8+ messages in thread
From: Heyi Guo @ 2017-11-08 5:02 UTC (permalink / raw)
To: Zeng, Star, Ard Biesheuvel
Cc: Ni, Ruiyu, edk2-devel@lists.01.org, Dong, Eric, linaro-uefi
Thanks,
Heyi
在 11/8/2017 12:53 PM, Zeng, Star 写道:
> Just pushed at 710d9e69fae6753a1a826aa18dd37bcadd3e0c3e.
>
> Thanks,
> Star
> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Heyi Guo
> Sent: Tuesday, November 7, 2017 5:33 PM
> To: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Ni, Ruiyu <ruiyu.ni@intel.com>; edk2-devel@lists.01.org; Dong, Eric <eric.dong@intel.com>; Zeng, Star <star.zeng@intel.com>; linaro-uefi <linaro-uefi@lists.linaro.org>
> Subject: Re: [edk2] [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug
>
> Hi Ray,
>
> We had Ard's R-B already; could you help to commit it?
>
> Thanks and regards,
>
> Heyi
>
>
> 在 10/30/2017 4:14 PM, Ard Biesheuvel 写道:
>> On 30 October 2017 at 05:47, Heyi Guo <heyi.guo@linaro.org> wrote:
>>> For PciIoPciRead interface, memory prior to Buffer would be written
>>> with zeros if Offset was larger than sizeof (Dev->ConfigSpace), which
>>> would cause serious system exception.
>>>
>>> So we add a pre-check branch to avoid memory override.
>>>
>>> Cc: Star Zeng <star.zeng@intel.com>
>>> Cc: Eric Dong <eric.dong@intel.com>
>>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>>> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
>>> Contributed-under: TianoCore Contribution Agreement 1.1
>>> Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
>> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>>
>>> ---
>>> .../Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c | 5 +++++
>>> 1 file changed, 5 insertions(+)
>>>
>>> diff --git
>>> a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePci
>>> DeviceIo.c
>>> b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePci
>>> DeviceIo.c
>>> index c836ad6..0e42ae4 100644
>>> ---
>>> a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePci
>>> DeviceIo.c
>>> +++ b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverabl
>>> +++ ePciDeviceIo.c
>>> @@ -465,6 +465,11 @@ PciIoPciRead (
>>> Address = (UINT8 *)&Dev->ConfigSpace + Offset;
>>> Length = Count << ((UINTN)Width & 0x3);
>>>
>>> + if (Offset >= sizeof (Dev->ConfigSpace)) {
>>> + ZeroMem (Buffer, Length);
>>> + return EFI_SUCCESS;
>>> + }
>>> +
>>> if (Offset + Length > sizeof (Dev->ConfigSpace)) {
>>> //
>>> // Read all zeroes for config space accesses beyond the first
>>> --
>>> 1.9.1
>>>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2017-11-08 4:58 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-10-30 5:47 [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug Heyi Guo
2017-10-30 8:14 ` Ard Biesheuvel
2017-11-07 9:33 ` Heyi Guo
2017-11-08 4:53 ` Zeng, Star
2017-11-08 5:02 ` Heyi Guo
2017-10-30 10:07 ` Zeng, Star
2017-10-30 10:23 ` Ni, Ruiyu
2017-10-30 14:42 ` Heyi Guo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox