From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
 by mx.groups.io with SMTP id smtpd.web10.9747.1616399674107148063
 for <devel@edk2.groups.io>;
 Mon, 22 Mar 2021 00:54:34 -0700
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: ianx.kuo@intel.com)
IronPort-SDR: UjdvetxthPxfA4CtEortP4q1VhR3+UtaWOGpE8JwITzWHTphkQMzlYOXTtkHiUqcc70Uv0Ls71
 2H1SsMkY1OVA==
X-IronPort-AV: E=McAfee;i="6000,8403,9930"; a="177795636"
X-IronPort-AV: E=Sophos;i="5.81,268,1610438400"; 
   d="scan'208";a="177795636"
Received: from orsmga007.jf.intel.com ([10.7.209.58])
  by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Mar 2021 00:54:33 -0700
IronPort-SDR: zRHMCEBUNloLWG2LEfAHjHXxztsguODXggxfTQLoj+LsliwJRpEyaNH07rMO9dT5PvE2ln7SKI
 x8w4ADWbFgdQ==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.81,268,1610438400"; 
   d="scan'208";a="412959278"
Received: from ikuox-tiger-lake-client-platform.itwn.intel.com ([10.5.215.23])
  by orsmga007.jf.intel.com with ESMTP; 22 Mar 2021 00:54:31 -0700
From: "IanX Kuo" <ianx.kuo@intel.com>
To: devel@edk2.groups.io
Cc: lersek@redhat.com,
	VincentX Ke <vincentx.ke@intel.com>,
	Ray Ni <ray.ni@intel.com>,
	Zhichao Gao <zhichao.gao@intel.com>
Subject: [PATCH v5] ShellPkg/Pci: Add valid check for PCI extended config space parser
Date: Mon, 22 Mar 2021 15:53:28 +0800
Message-Id: <d7ee56f58a710d4b0aa11a567358f98723862888.1616399160.git.vincentx.ke@intel.com>
X-Mailer: git-send-email 2.27.0
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

From: VincentX Ke <vincentx.ke@intel.com>

[edk2-devel] [PATCH v5]
From: VincentX Ke <vincentx.ke@intel.com>

Bugzilla: 3262 (https://bugzilla.tianocore.org/show_bug.cgi?id=3D3262)

No need to print PCIe details while CapabilityId is 0xFFFF.
Limit the NextCapabilityOffset to PCI/PCIe configuration space.

Cc: Ray Ni <ray.ni@intel.com>
Cc: Zhichao Gao <zhichao.gao@intel.com>
Signed-off-by: VincentX Ke <vincentx.ke@intel.com>
Change-Id: I951d0a040154873e6459730e76eccca36c31f6c2
---
 ShellPkg/Library/UefiShellDebug1CommandsLib/Pci.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/ShellPkg/Library/UefiShellDebug1CommandsLib/Pci.c b/ShellPkg/L=
ibrary/UefiShellDebug1CommandsLib/Pci.c
index a2f04d8db5..1e5dc75e27 100644
--- a/ShellPkg/Library/UefiShellDebug1CommandsLib/Pci.c
+++ b/ShellPkg/Library/UefiShellDebug1CommandsLib/Pci.c
@@ -2038,12 +2038,14 @@ LocatePciCapability (
 =0D
   @param[in] PciExpressCap       PCI Express capability buffer.=0D
   @param[in] ExtendedConfigSpace PCI Express extended configuration space.=
=0D
+  @param[in] ExtendedConfigSize  PCI Express extended configuration size.=
=0D
   @param[in] ExtendedCapability  PCI Express extended capability ID to exp=
lain.=0D
 **/=0D
 VOID=0D
 PciExplainPciExpress (=0D
   IN  PCI_CAPABILITY_PCIEXP                  *PciExpressCap,=0D
   IN  UINT8                                  *ExtendedConfigSpace,=0D
+  IN  UINTN                                  ExtendedConfigSize,=0D
   IN CONST UINT16                            ExtendedCapability=0D
   );=0D
 =0D
@@ -2921,6 +2923,7 @@ ShellCommandRunPci (
         PciExplainPciExpress (=0D
           (PCI_CAPABILITY_PCIEXP *) ((UINT8 *) &ConfigSpace + PcieCapabili=
tyPtr),=0D
           ExtendedConfigSpace,=0D
+          ExtendedConfigSize,=0D
           ExtendedCapability=0D
           );=0D
       }=0D
@@ -5698,12 +5701,14 @@ PrintPciExtendedCapabilityDetails(
 =0D
   @param[in] PciExpressCap       PCI Express capability buffer.=0D
   @param[in] ExtendedConfigSpace PCI Express extended configuration space.=
=0D
+  @param[in] ExtendedConfigSize  PCI Express extended configuration size.=
=0D
   @param[in] ExtendedCapability  PCI Express extended capability ID to exp=
lain.=0D
 **/=0D
 VOID=0D
 PciExplainPciExpress (=0D
   IN  PCI_CAPABILITY_PCIEXP                  *PciExpressCap,=0D
   IN  UINT8                                  *ExtendedConfigSpace,=0D
+  IN  UINTN                                  ExtendedConfigSize,=0D
   IN CONST UINT16                            ExtendedCapability=0D
   )=0D
 {=0D
@@ -5786,7 +5791,7 @@ PciExplainPciExpress (
   }=0D
 =0D
   ExtHdr =3D (PCI_EXP_EXT_HDR*)ExtendedConfigSpace;=0D
-  while (ExtHdr->CapabilityId !=3D 0 && ExtHdr->CapabilityVersion !=3D 0) =
{=0D
+  while (ExtHdr->CapabilityId !=3D 0 && ExtHdr->CapabilityVersion !=3D 0 &=
& ExtHdr->CapabilityId !=3D 0xFFFF) {=0D
     //=0D
     // Process this item=0D
     //=0D
@@ -5800,7 +5805,8 @@ PciExplainPciExpress (
     //=0D
     // Advance to the next item if it exists=0D
     //=0D
-    if (ExtHdr->NextCapabilityOffset !=3D 0) {=0D
+    if (ExtHdr->NextCapabilityOffset !=3D 0 &&=0D
+       (ExtHdr->NextCapabilityOffset <=3D (UINT32) (ExtendedConfigSize + E=
FI_PCIE_CAPABILITY_BASE_OFFSET - sizeof (PCI_EXP_EXT_HDR)))) {=0D
       ExtHdr =3D (PCI_EXP_EXT_HDR*)(ExtendedConfigSpace + ExtHdr->NextCapa=
bilityOffset - EFI_PCIE_CAPABILITY_BASE_OFFSET);=0D
     } else {=0D
       break;=0D
--=20
2.18.0.windows.1