From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2607:f8b0:4001:c06::243; helo=mail-io0-x243.google.com; envelope-from=heyi.guo@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-io0-x243.google.com (mail-io0-x243.google.com [IPv6:2607:f8b0:4001:c06::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 288992034D81F for ; Tue, 7 Nov 2017 01:29:22 -0800 (PST) Received: by mail-io0-x243.google.com with SMTP id d66so1435993ioe.5 for ; Tue, 07 Nov 2017 01:33:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=ZdPxJXmi/CSKrjVvf/bjKq28eOuA4PfHnekua84W5Fk=; b=bxeIcxTqr/xH7nYWyryevAY2zEXWSIRIIx7WaM2GCs5WF2oMxKQtMfS4/tX12fxVWE xWkuNe5j3s3B4IWT0YX6NmkXq2JF15Srt0RN3Tz8VMpNOd+Scx4tGxWoigAlUWAA6Ps8 M8Tuacxecv0j8u6LvFxsEVsXxt3ycg+qZLsMQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=ZdPxJXmi/CSKrjVvf/bjKq28eOuA4PfHnekua84W5Fk=; b=hiQRb/DsUmOEgOWbtbdfjKW+YSPVB0jWgntYAVl8KSylqjvky9+mPH6nExveG9H6W/ CRHH1UopVVKbD9QIT6X03cb7v41OGVdvJCcimuT25ijZTos4E+5IQnWLbecs4QPu4dPb dOzlSpQ7LhD5ROe+3lzI/iGKw8EROw7eRwZCdpnFUoOEfINJ7BLaGz9JKR59kOCmUKGC WBu/fOUy8WWQYncK5MB2FScDuOl9m2yR7493CdXWHsnx4va8+Ku2ECv2k05nGIpTi+qq Ci6CBHEDbkjJXPwJXYTwCmk3SNW2OPH6W5RtH2DpMChATcLKfChOsYKBR07dSLmdCO5l 4FNw== X-Gm-Message-State: AJaThX57lTBkOSauX/SnJ0HcOo33ycRZVNwz3vy9s/kENkdmbrdRHQDW V9qQuROjLq6KlE4rycNI7D8BXQ== X-Google-Smtp-Source: ABhQp+QCFpAVGjdIjIjPWzdTcAL9/G8iDvua0oOZf9E4GrFNAENcBLOam1wsfYxlR7FBSJCaZECFoA== X-Received: by 10.107.41.205 with SMTP id p196mr22994992iop.142.1510047201527; Tue, 07 Nov 2017 01:33:21 -0800 (PST) Received: from [10.189.19.158] ([45.56.152.90]) by smtp.gmail.com with ESMTPSA id b7sm456160iob.63.2017.11.07.01.33.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 07 Nov 2017 01:33:20 -0800 (PST) To: Ard Biesheuvel Cc: linaro-uefi , "edk2-devel@lists.01.org" , Star Zeng , Eric Dong , Ruiyu Ni References: <1509342472-1688-1-git-send-email-heyi.guo@linaro.org> From: Heyi Guo Message-ID: Date: Tue, 7 Nov 2017 17:33:06 +0800 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Subject: Re: [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Nov 2017 09:29:23 -0000 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Hi Ray, We had Ard's R-B already; could you help to commit it? Thanks and regards, Heyi 在 10/30/2017 4:14 PM, Ard Biesheuvel 写道: > On 30 October 2017 at 05:47, Heyi Guo wrote: >> For PciIoPciRead interface, memory prior to Buffer would be written >> with zeros if Offset was larger than sizeof (Dev->ConfigSpace), which >> would cause serious system exception. >> >> So we add a pre-check branch to avoid memory override. >> >> Cc: Star Zeng >> Cc: Eric Dong >> Cc: Ard Biesheuvel >> Cc: Ruiyu Ni >> Contributed-under: TianoCore Contribution Agreement 1.1 >> Signed-off-by: Heyi Guo > Reviewed-by: Ard Biesheuvel > >> --- >> .../Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c | 5 +++++ >> 1 file changed, 5 insertions(+) >> >> diff --git a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c >> index c836ad6..0e42ae4 100644 >> --- a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c >> +++ b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c >> @@ -465,6 +465,11 @@ PciIoPciRead ( >> Address = (UINT8 *)&Dev->ConfigSpace + Offset; >> Length = Count << ((UINTN)Width & 0x3); >> >> + if (Offset >= sizeof (Dev->ConfigSpace)) { >> + ZeroMem (Buffer, Length); >> + return EFI_SUCCESS; >> + } >> + >> if (Offset + Length > sizeof (Dev->ConfigSpace)) { >> // >> // Read all zeroes for config space accesses beyond the first >> -- >> 1.9.1 >>