[edk2] [PATCH v2 01/10] MdeModulePkg NvmExpressDxe: Avoid crashing 'Mode' during OpenProtocol

Wed, 31 Aug 2016 19:33:53 -0700 

The gBS->OpenProtocol() calls to open EFI_NVM_EXPRESS_PASS_THRU_PROTOCOL
in NvmExpress.c will crash the data in 'Mode' field of
'Private->Passthru'.

The third parameter of gBS->OpenProtocol() is an output parameter that
stores the address where a pointer to the corresponding Protocol
Interface. The current code mistakenly pass '&Private->Passthru' (a
pointer of the EFI_NVM_EXPRESS_PASS_THRU_PROTOCOL) as the third
parameter. This will crash the data in 'Mode' filed.

Cc: Feng Tian <feng.t...@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a...@intel.com>
---
 MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c 
b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c
index cb25b3e..255fa2b 100644
--- a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c
+++ b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c
@@ -76,6 +76,7 @@ EnumerateNvmeDevNamespace (
   UINT32                                LbaFmtIdx;
   UINT8                                 Sn[21];
   UINT8                                 Mn[41];
+  VOID                                  *DummyInterface;
 
   NewDevicePathNode = NULL;
   DevicePath        = NULL;
@@ -264,7 +265,7 @@ EnumerateNvmeDevNamespace (
     gBS->OpenProtocol (
            Private->ControllerHandle,
            &gEfiNvmExpressPassThruProtocolGuid,
-           (VOID **) &Private->Passthru,
+           (VOID **) &DummyInterface,
            Private->DriverBindingHandle,
            Device->DeviceHandle,
            EFI_OPEN_PROTOCOL_BY_CHILD_CONTROLLER
@@ -392,10 +393,10 @@ UnregisterNvmeNamespace (
   EFI_STATUS                               Status;
   EFI_BLOCK_IO_PROTOCOL                    *BlockIo;
   NVME_DEVICE_PRIVATE_DATA                 *Device;
-  NVME_CONTROLLER_PRIVATE_DATA             *Private;
   EFI_STORAGE_SECURITY_COMMAND_PROTOCOL    *StorageSecurity;
   BOOLEAN                                  IsEmpty;
   EFI_TPL                                  OldTpl;
+  VOID                                     *DummyInterface;
 
   BlockIo = NULL;
 
@@ -412,7 +413,6 @@ UnregisterNvmeNamespace (
   }
 
   Device  = NVME_DEVICE_PRIVATE_DATA_FROM_BLOCK_IO (BlockIo);
-  Private = Device->Controller;
 
   //
   // Wait for the device's asynchronous I/O queue to become empty.
@@ -460,7 +460,7 @@ UnregisterNvmeNamespace (
     gBS->OpenProtocol (
            Controller,
            &gEfiNvmExpressPassThruProtocolGuid,
-           (VOID **) &Private->Passthru,
+           (VOID **) &DummyInterface,
            This->DriverBindingHandle,
            Handle,
            EFI_OPEN_PROTOCOL_BY_CHILD_CONTROLLER
@@ -490,7 +490,7 @@ UnregisterNvmeNamespace (
       gBS->OpenProtocol (
         Controller,
         &gEfiNvmExpressPassThruProtocolGuid,
-        (VOID **) &Private->Passthru,
+        (VOID **) &DummyInterface,
         This->DriverBindingHandle,
         Handle,
         EFI_OPEN_PROTOCOL_BY_CHILD_CONTROLLER
-- 
1.9.5.msysgit.0

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Reply via email to