From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web12.2338.1592418718262231958 for ; Wed, 17 Jun 2020 11:31:58 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ard.biesheuvel@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id D9CE31045; Wed, 17 Jun 2020 11:31:57 -0700 (PDT) Received: from [192.168.1.69] (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 9B5813F71F; Wed, 17 Jun 2020 11:31:56 -0700 (PDT) Subject: Re: [PATCH] EmbeddedPkg/NonCoherentDmaLib: avoid dereferencing bogus buffer address To: Leif Lindholm Cc: devel@edk2.groups.io, pete@akeo.ie, awarkentin@vmware.com, jeremy.linton@arm.com, Samer.El-Haj-Mahmoud@arm.com References: <20200617153824.1175136-1-ard.biesheuvel@arm.com> <20200617161438.GR6739@vanye> From: "Ard Biesheuvel" Message-ID: Date: Wed, 17 Jun 2020 20:31:49 +0200 User-Agent: Mozilla/5.0 (X11; Linux aarch64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0 MIME-Version: 1.0 In-Reply-To: <20200617161438.GR6739@vanye> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit On 6/17/20 6:14 PM, Leif Lindholm wrote: > On Wed, Jun 17, 2020 at 17:38:24 +0200, Ard Biesheuvel wrote: >> The bounce buffering code in NonCoherentDmaLib copies data into the >> bounce buffer using CopyMem(), but passes Map->HostAddress as the >> source of the copy before it has been assigned its correct value. > > Whoops. > >> Signed-off-by: Ard Biesheuvel > > Reviewed-by: Leif Lindholm > Thanks Merged as 8f22a331b955bd3f8077c7fa83bafeec566d6718 >> --- >> EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c | 3 +-- >> 1 file changed, 1 insertion(+), 2 deletions(-) >> >> diff --git a/EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c b/EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c >> index 115345765435..9c8ef5bfb533 100644 >> --- a/EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c >> +++ b/EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c >> @@ -225,8 +225,7 @@ DmaMap ( >> } >> >> if (Map->Operation == MapOperationBusMasterRead) { >> - CopyMem (Map->BufferAddress, (VOID *)(UINTN)Map->HostAddress, >> - *NumberOfBytes); >> + CopyMem (Map->BufferAddress, (VOID *)(UINTN)HostAddress, *NumberOfBytes); >> } >> mCpu->FlushDataCache (mCpu, (UINTN)Map->BufferAddress, AllocSize, >> EfiCpuFlushTypeWriteBack); >> -- >> 2.27.0 >>