From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <vladimir.olovyannikov@broadcom.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=2607:f8b0:400d:c0d::241; helo=mail-qt0-x241.google.com;
 envelope-from=vladimir.olovyannikov@broadcom.com;
 receiver=edk2-devel@lists.01.org 
Received: from mail-qt0-x241.google.com (mail-qt0-x241.google.com
 [IPv6:2607:f8b0:400d:c0d::241])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id D16B32112387A
 for <edk2-devel@lists.01.org>; Thu,  6 Sep 2018 11:56:12 -0700 (PDT)
Received: by mail-qt0-x241.google.com with SMTP id g53-v6so13502492qtg.10
 for <edk2-devel@lists.01.org>; Thu, 06 Sep 2018 11:56:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google;
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=YtgEyZ6u3CDAgx2imr6oHoymZTvZocIGeDg0JoMsNgI=;
 b=CF20JKU0xWy5hk+tS3W9bRvzkazVQ6GocWHdZWCjR90nnPF7NAZkYNCncPVxC9IAel
 VmUtS9DJgqMEF2ukQW6tmYrhBD95dLTchYcaIK9411hVK6YkK6NjUY50hgAjHPp4Vpss
 uHXi7VIsV8weS6Fn89AhBKL3iIyl/nBAaj88Q=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=YtgEyZ6u3CDAgx2imr6oHoymZTvZocIGeDg0JoMsNgI=;
 b=snbISH8vU5umnxWtJQnKxYUSNgTjNr9LOy3MUbhrXbr9hOgRPcTKl2K7M6M2UQ0DGx
 sIKpgItfGEea3d2TeOSMFYURsxz7dlSJpp13qOVIUZDBLLefYxHzJQNM6ClZ3AtQP8+o
 GyM8dHbDvk/8YFKGAJmo4Ro0qFiiA+DQSuecrAWYsTxdZYjY6+GZcpevp2Uqdz5lL3pI
 +sFcaMNWp6VmzjG6R+aYZd8tdzov4ClPJMQ6qK7UIm0HmW3l0MPtEIO579QKQngh48ZP
 FXm3cdqwOe+rRP5PQ7ONHRMQR7wO3IaQNEqpxPi3YxeTAdwdnvCy0yrFumqi9yWhH2PG
 YI9w==
X-Gm-Message-State: APzg51AvtL5folOm+yiEeA9/b4kmp6Es7GFdf34cpmL7nWS7MI+Dgg89
 0HCdtUGnksfbn90Ua/6wK6LXNxOXJpWgig==
X-Google-Smtp-Source: ANB0VdZTcFsvTDp/qWGRptcf3KtsWIi6TlhXDfnmMR62RxhFmRWvwB89WpUbNzxz1SfWWcyNRYLP9Q==
X-Received: by 2002:a0c:d60f:: with SMTP id
 c15-v6mr3125901qvj.70.1536260171394; 
 Thu, 06 Sep 2018 11:56:11 -0700 (PDT)
Received: from LBRMN-LNXUB114.ric.broadcom.com ([192.19.228.250])
 by smtp.gmail.com with ESMTPSA id 187-v6sm3417010qki.19.2018.09.06.11.56.09
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Thu, 06 Sep 2018 11:56:10 -0700 (PDT)
From: Vladimir Olovyannikov <vladimir.olovyannikov@broadcom.com>
To: edk2-devel@lists.01.org, Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 Leif Lindholm <leif.lindholm@linaro.org>, Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Vladimir Olovyannikov <vladimir.olovyannikov@broadcom.com>
Date: Thu,  6 Sep 2018 11:55:04 -0700
Message-Id: <bfae1968b4e0d3bb6a4f249dc57cc1716ff6e2c7.1536260010.git.vladimir.olovyannikov@broadcom.com>
X-Mailer: git-send-email 2.18.0
In-Reply-To: <ea512050c425791cd652fe395283b3dedd2f8bee.1536260010.git.vladimir.olovyannikov@broadcom.com>
References: <ea512050c425791cd652fe395283b3dedd2f8bee.1536260010.git.vladimir.olovyannikov@broadcom.com>
Subject: [PATCH 3/3] MdeModulePkg/NonDiscoverablePciDeviceDxe: add missing validation
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Sep 2018 18:56:13 -0000

UEFI SCT crashed and failed in NonDiscoverablePciDeviceDxe becase
required checks were not performed. Perform parameters validation in
NonDiscoverablePciDeviceDxe.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Vladimir Olovyannikov <vladimir.olovyannikov@broadcom.com>
---
 .../NonDiscoverablePciDeviceIo.c              | 50 ++++++++++++++++++-
 1 file changed, 49 insertions(+), 1 deletion(-)

diff --git a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c
index 0e42ae4bf6ec..07118d59fd68 100644
--- a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c
+++ b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c
@@ -52,6 +52,10 @@ GetBarResource (
 
   BarIndex -= (UINT8)Dev->BarOffset;
 
+  if (BarIndex >= Dev->BarCount) {
+    return EFI_UNSUPPORTED;
+  }
+
   for (Desc = Dev->Device->Resources;
        Desc->Desc != ACPI_END_TAG_DESCRIPTOR;
        Desc = (VOID *)((UINT8 *)Desc + Desc->Len + 3)) {
@@ -597,6 +601,19 @@ CoherentPciIoMap (
   EFI_STATUS                            Status;
   NON_DISCOVERABLE_PCI_DEVICE_MAP_INFO  *MapInfo;
 
+  if (Operation != EfiPciIoOperationBusMasterRead &&
+      Operation != EfiPciIoOperationBusMasterWrite &&
+      Operation != EfiPciIoOperationBusMasterCommonBuffer) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  if (HostAddress   == NULL ||
+      NumberOfBytes == NULL ||
+      DeviceAddress == NULL ||
+      Mapping       == NULL) {
+    return EFI_INVALID_PARAMETER;
+  }
+
   //
   // If HostAddress exceeds 4 GB, and this device does not support 64-bit DMA
   // addressing, we need to allocate a bounce buffer and copy over the data.
@@ -720,6 +737,11 @@ CoherentPciIoAllocateBuffer (
     return EFI_UNSUPPORTED;
   }
 
+  if ((MemoryType != EfiBootServicesData) &&
+      (MemoryType != EfiRuntimeServicesData)) {
+    return EFI_INVALID_PARAMETER;
+  }
+
   //
   // Allocate below 4 GB if the dual address cycle attribute has not
   // been set. If the system has no memory available below 4 GB, there
@@ -877,6 +899,10 @@ NonCoherentPciIoAllocateBuffer (
   NON_DISCOVERABLE_DEVICE_UNCACHED_ALLOCATION *Alloc;
   VOID                                        *AllocAddress;
 
+  if (HostAddress == NULL) {
+    return EFI_INVALID_PARAMETER;
+  }
+
   Dev = NON_DISCOVERABLE_PCI_DEVICE_FROM_PCI_IO(This);
 
   Status = CoherentPciIoAllocateBuffer (This, Type, MemoryType, Pages,
@@ -995,6 +1021,19 @@ NonCoherentPciIoMap (
   EFI_GCD_MEMORY_SPACE_DESCRIPTOR       GcdDescriptor;
   BOOLEAN                               Bounce;
 
+  if (HostAddress   == NULL ||
+      NumberOfBytes == NULL ||
+      DeviceAddress == NULL ||
+      Mapping       == NULL) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  if (Operation != EfiPciIoOperationBusMasterRead &&
+      Operation != EfiPciIoOperationBusMasterWrite &&
+      Operation != EfiPciIoOperationBusMasterCommonBuffer) {
+    return EFI_INVALID_PARAMETER;
+  }
+
   MapInfo = AllocatePool (sizeof *MapInfo);
   if (MapInfo == NULL) {
     return EFI_OUT_OF_RESOURCES;
@@ -1228,8 +1267,17 @@ PciIoAttributes (
   NON_DISCOVERABLE_PCI_DEVICE   *Dev;
   BOOLEAN                       Enable;
 
+  #define DEV_SUPPORTED_ATTRIBUTES \
+    (EFI_PCI_DEVICE_ENABLE | EFI_PCI_IO_ATTRIBUTE_DUAL_ADDRESS_CYCLE)
+
   Dev = NON_DISCOVERABLE_PCI_DEVICE_FROM_PCI_IO(This);
 
+  if (Attributes) {
+      if ((Attributes & (~(DEV_SUPPORTED_ATTRIBUTES))) != 0) {
+        return EFI_UNSUPPORTED;
+      }
+    }
+
   Enable = FALSE;
   switch (Operation) {
   case EfiPciIoAttributeOperationGet:
@@ -1243,7 +1291,7 @@ PciIoAttributes (
     if (Result == NULL) {
       return EFI_INVALID_PARAMETER;
     }
-    *Result = EFI_PCI_DEVICE_ENABLE | EFI_PCI_IO_ATTRIBUTE_DUAL_ADDRESS_CYCLE;
+    *Result = DEV_SUPPORTED_ATTRIBUTES;
     break;
 
   case EfiPciIoAttributeOperationEnable:
-- 
2.18.0