UEFI SCT crashed and failed in NonDiscoverablePciDeviceDxe becase required checks were not performed. Perform parameters validation in NonDiscoverablePciDeviceDxe.
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Vladimir Olovyannikov <[email protected]> --- .../NonDiscoverablePciDeviceIo.c | 50 ++++++++++++++++++- 1 file changed, 49 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c index 0e42ae4bf6ec..07118d59fd68 100644 --- a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c +++ b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c @@ -52,6 +52,10 @@ GetBarResource ( BarIndex -= (UINT8)Dev->BarOffset; + if (BarIndex >= Dev->BarCount) { + return EFI_UNSUPPORTED; + } + for (Desc = Dev->Device->Resources; Desc->Desc != ACPI_END_TAG_DESCRIPTOR; Desc = (VOID *)((UINT8 *)Desc + Desc->Len + 3)) { @@ -597,6 +601,19 @@ CoherentPciIoMap ( EFI_STATUS Status; NON_DISCOVERABLE_PCI_DEVICE_MAP_INFO *MapInfo; + if (Operation != EfiPciIoOperationBusMasterRead && + Operation != EfiPciIoOperationBusMasterWrite && + Operation != EfiPciIoOperationBusMasterCommonBuffer) { + return EFI_INVALID_PARAMETER; + } + + if (HostAddress == NULL || + NumberOfBytes == NULL || + DeviceAddress == NULL || + Mapping == NULL) { + return EFI_INVALID_PARAMETER; + } + // // If HostAddress exceeds 4 GB, and this device does not support 64-bit DMA // addressing, we need to allocate a bounce buffer and copy over the data. @@ -720,6 +737,11 @@ CoherentPciIoAllocateBuffer ( return EFI_UNSUPPORTED; } + if ((MemoryType != EfiBootServicesData) && + (MemoryType != EfiRuntimeServicesData)) { + return EFI_INVALID_PARAMETER; + } + // // Allocate below 4 GB if the dual address cycle attribute has not // been set. If the system has no memory available below 4 GB, there @@ -877,6 +899,10 @@ NonCoherentPciIoAllocateBuffer ( NON_DISCOVERABLE_DEVICE_UNCACHED_ALLOCATION *Alloc; VOID *AllocAddress; + if (HostAddress == NULL) { + return EFI_INVALID_PARAMETER; + } + Dev = NON_DISCOVERABLE_PCI_DEVICE_FROM_PCI_IO(This); Status = CoherentPciIoAllocateBuffer (This, Type, MemoryType, Pages, @@ -995,6 +1021,19 @@ NonCoherentPciIoMap ( EFI_GCD_MEMORY_SPACE_DESCRIPTOR GcdDescriptor; BOOLEAN Bounce; + if (HostAddress == NULL || + NumberOfBytes == NULL || + DeviceAddress == NULL || + Mapping == NULL) { + return EFI_INVALID_PARAMETER; + } + + if (Operation != EfiPciIoOperationBusMasterRead && + Operation != EfiPciIoOperationBusMasterWrite && + Operation != EfiPciIoOperationBusMasterCommonBuffer) { + return EFI_INVALID_PARAMETER; + } + MapInfo = AllocatePool (sizeof *MapInfo); if (MapInfo == NULL) { return EFI_OUT_OF_RESOURCES; @@ -1228,8 +1267,17 @@ PciIoAttributes ( NON_DISCOVERABLE_PCI_DEVICE *Dev; BOOLEAN Enable; + #define DEV_SUPPORTED_ATTRIBUTES \ + (EFI_PCI_DEVICE_ENABLE | EFI_PCI_IO_ATTRIBUTE_DUAL_ADDRESS_CYCLE) + Dev = NON_DISCOVERABLE_PCI_DEVICE_FROM_PCI_IO(This); + if (Attributes) { + if ((Attributes & (~(DEV_SUPPORTED_ATTRIBUTES))) != 0) { + return EFI_UNSUPPORTED; + } + } + Enable = FALSE; switch (Operation) { case EfiPciIoAttributeOperationGet: @@ -1243,7 +1291,7 @@ PciIoAttributes ( if (Result == NULL) { return EFI_INVALID_PARAMETER; } - *Result = EFI_PCI_DEVICE_ENABLE | EFI_PCI_IO_ATTRIBUTE_DUAL_ADDRESS_CYCLE; + *Result = DEV_SUPPORTED_ATTRIBUTES; break; case EfiPciIoAttributeOperationEnable: -- 2.18.0 _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
