From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2607:f8b0:4001:c06::241; helo=mail-io0-x241.google.com; envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-io0-x241.google.com (mail-io0-x241.google.com [IPv6:2607:f8b0:4001:c06::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 6D1DD2034CF7F for ; Mon, 30 Oct 2017 01:11:09 -0700 (PDT) Received: by mail-io0-x241.google.com with SMTP id p186so25215882ioe.12 for ; Mon, 30 Oct 2017 01:14:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=tJSmNjICLe8S6QY/wUvScFJSYlDYFBzx+j8HLXd3k+g=; b=W9N3yCUF4Jun+UFpe6CQDkOCMSrVGtk6fNYiS8CNcSZUZ2pClM5CR4pCtXq8ogNs7J tUg0F0/fDv0d58M2f+QpUqmT7BC+CEteP/Xdo8YwKfGmLgar4q2c1vVtCgJORZCkV/qt Z14+86LRufWiNQ3+42DWMpvGKX/t+4ZXmBwKM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=tJSmNjICLe8S6QY/wUvScFJSYlDYFBzx+j8HLXd3k+g=; b=gm/R9BpxaikfggPMKv293nANSJVzGp6A+uKP06FUykDNFZp42E2GkvVqTb2K3IHtl2 OMHufTbWFBUl5a2uZ22gqHkNtG+qQiclJh4O69OKPTiloqBxedUnuLr5Nzv3w/CTNrTM 1iDFx6C7ncNOvzYtIPdyO58b2Ua9k0K98Rrr43IVP+nxaT0f6jQAJ8prPr3JxXzB3Qup MX+D5zQlo0UcBVnaXXYAkJzP42GBNFsOBz1kPRe//FJfaypAwaIiQU709VYVG/9y9u1m V/Un8tfAOGUOlL99Cqeun81oQIiQj1GsDcepkr3wS+qTyqz280sD0TUemtZnKkgZ8IAL w07g== X-Gm-Message-State: AMCzsaWmWtmCSQlnUYSrCni0OBEaheCN4cTDfjlQb+YvT5mOmO4j5s7e 0tJoNoW3z1YEz3M9ptKeMwoVZH/gAPInEoZMvKUSxg== X-Google-Smtp-Source: ABhQp+TKzIaH4vf2Xuy8pA6WNrxOLXW9hgfCsnRUnggiXu4zD54vKqfJr4Ucjl8CpqhxRmo6mIZPPQJQcXh7WKuB91M= X-Received: by 10.107.142.208 with SMTP id q199mr9963243iod.186.1509351298722; Mon, 30 Oct 2017 01:14:58 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.131.167 with HTTP; Mon, 30 Oct 2017 01:14:58 -0700 (PDT) In-Reply-To: <1509342472-1688-1-git-send-email-heyi.guo@linaro.org> References: <1509342472-1688-1-git-send-email-heyi.guo@linaro.org> From: Ard Biesheuvel Date: Mon, 30 Oct 2017 08:14:58 +0000 Message-ID: To: Heyi Guo Cc: linaro-uefi , "edk2-devel@lists.01.org" , Star Zeng , Eric Dong , Ruiyu Ni Subject: Re: [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Oct 2017 08:11:09 -0000 Content-Type: text/plain; charset="UTF-8" On 30 October 2017 at 05:47, Heyi Guo wrote: > For PciIoPciRead interface, memory prior to Buffer would be written > with zeros if Offset was larger than sizeof (Dev->ConfigSpace), which > would cause serious system exception. > > So we add a pre-check branch to avoid memory override. > > Cc: Star Zeng > Cc: Eric Dong > Cc: Ard Biesheuvel > Cc: Ruiyu Ni > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Heyi Guo Reviewed-by: Ard Biesheuvel > --- > .../Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c > index c836ad6..0e42ae4 100644 > --- a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c > +++ b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c > @@ -465,6 +465,11 @@ PciIoPciRead ( > Address = (UINT8 *)&Dev->ConfigSpace + Offset; > Length = Count << ((UINTN)Width & 0x3); > > + if (Offset >= sizeof (Dev->ConfigSpace)) { > + ZeroMem (Buffer, Length); > + return EFI_SUCCESS; > + } > + > if (Offset + Length > sizeof (Dev->ConfigSpace)) { > // > // Read all zeroes for config space accesses beyond the first > -- > 1.9.1 >