From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <heyi.guo@linaro.org>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=2607:f8b0:4001:c06::243; helo=mail-io0-x243.google.com;
 envelope-from=heyi.guo@linaro.org; receiver=edk2-devel@lists.01.org 
Received: from mail-io0-x243.google.com (mail-io0-x243.google.com
 [IPv6:2607:f8b0:4001:c06::243])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 288992034D81F
 for <edk2-devel@lists.01.org>; Tue,  7 Nov 2017 01:29:22 -0800 (PST)
Received: by mail-io0-x243.google.com with SMTP id d66so1435993ioe.5
 for <edk2-devel@lists.01.org>; Tue, 07 Nov 2017 01:33:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=subject:to:cc:references:from:message-id:date:user-agent
 :mime-version:in-reply-to:content-transfer-encoding:content-language;
 bh=ZdPxJXmi/CSKrjVvf/bjKq28eOuA4PfHnekua84W5Fk=;
 b=bxeIcxTqr/xH7nYWyryevAY2zEXWSIRIIx7WaM2GCs5WF2oMxKQtMfS4/tX12fxVWE
 xWkuNe5j3s3B4IWT0YX6NmkXq2JF15Srt0RN3Tz8VMpNOd+Scx4tGxWoigAlUWAA6Ps8
 M8Tuacxecv0j8u6LvFxsEVsXxt3ycg+qZLsMQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:subject:to:cc:references:from:message-id:date
 :user-agent:mime-version:in-reply-to:content-transfer-encoding
 :content-language;
 bh=ZdPxJXmi/CSKrjVvf/bjKq28eOuA4PfHnekua84W5Fk=;
 b=hiQRb/DsUmOEgOWbtbdfjKW+YSPVB0jWgntYAVl8KSylqjvky9+mPH6nExveG9H6W/
 CRHH1UopVVKbD9QIT6X03cb7v41OGVdvJCcimuT25ijZTos4E+5IQnWLbecs4QPu4dPb
 dOzlSpQ7LhD5ROe+3lzI/iGKw8EROw7eRwZCdpnFUoOEfINJ7BLaGz9JKR59kOCmUKGC
 WBu/fOUy8WWQYncK5MB2FScDuOl9m2yR7493CdXWHsnx4va8+Ku2ECv2k05nGIpTi+qq
 Ci6CBHEDbkjJXPwJXYTwCmk3SNW2OPH6W5RtH2DpMChATcLKfChOsYKBR07dSLmdCO5l
 4FNw==
X-Gm-Message-State: AJaThX57lTBkOSauX/SnJ0HcOo33ycRZVNwz3vy9s/kENkdmbrdRHQDW
 V9qQuROjLq6KlE4rycNI7D8BXQ==
X-Google-Smtp-Source: ABhQp+QCFpAVGjdIjIjPWzdTcAL9/G8iDvua0oOZf9E4GrFNAENcBLOam1wsfYxlR7FBSJCaZECFoA==
X-Received: by 10.107.41.205 with SMTP id p196mr22994992iop.142.1510047201527; 
 Tue, 07 Nov 2017 01:33:21 -0800 (PST)
Received: from [10.189.19.158] ([45.56.152.90])
 by smtp.gmail.com with ESMTPSA id b7sm456160iob.63.2017.11.07.01.33.19
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 07 Nov 2017 01:33:20 -0800 (PST)
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: linaro-uefi <linaro-uefi@lists.linaro.org>,
 "edk2-devel@lists.01.org" <edk2-devel@lists.01.org>,
 Star Zeng <star.zeng@intel.com>, Eric Dong <eric.dong@intel.com>,
 Ruiyu Ni <ruiyu.ni@intel.com>
References: <1509342472-1688-1-git-send-email-heyi.guo@linaro.org>
 <CAKv+Gu_wJ7A+_cbv1jHwvQQg+6hH-YNxBswfFmbVDKSiq3qfhw@mail.gmail.com>
From: Heyi Guo <heyi.guo@linaro.org>
Message-ID: <b4025663-c13d-4f73-fa3f-e416a8669f88@linaro.org>
Date: Tue, 7 Nov 2017 17:33:06 +0800
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <CAKv+Gu_wJ7A+_cbv1jHwvQQg+6hH-YNxBswfFmbVDKSiq3qfhw@mail.gmail.com>
Subject: Re: [PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Nov 2017 09:29:23 -0000
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US

Hi Ray,

We had Ard's R-B already; could you help to commit it?

Thanks and regards,

Heyi


在 10/30/2017 4:14 PM, Ard Biesheuvel 写道:
> On 30 October 2017 at 05:47, Heyi Guo <heyi.guo@linaro.org> wrote:
>> For PciIoPciRead interface, memory prior to Buffer would be written
>> with zeros if Offset was larger than sizeof (Dev->ConfigSpace), which
>> would cause serious system exception.
>>
>> So we add a pre-check branch to avoid memory override.
>>
>> Cc: Star Zeng <star.zeng@intel.com>
>> Cc: Eric Dong <eric.dong@intel.com>
>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
>> Contributed-under: TianoCore Contribution Agreement 1.1
>> Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>
>> ---
>>   .../Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c | 5 +++++
>>   1 file changed, 5 insertions(+)
>>
>> diff --git a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c
>> index c836ad6..0e42ae4 100644
>> --- a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c
>> +++ b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c
>> @@ -465,6 +465,11 @@ PciIoPciRead (
>>     Address = (UINT8 *)&Dev->ConfigSpace + Offset;
>>     Length = Count << ((UINTN)Width & 0x3);
>>
>> +  if (Offset >= sizeof (Dev->ConfigSpace)) {
>> +    ZeroMem (Buffer, Length);
>> +    return EFI_SUCCESS;
>> +  }
>> +
>>     if (Offset + Length > sizeof (Dev->ConfigSpace)) {
>>       //
>>       // Read all zeroes for config space accesses beyond the first
>> --
>> 1.9.1
>>