On 09/21/18 09:25, Ruiyu Ni wrote:
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Ruiyu Ni <ruiyu...@intel.com>
> Cc: Star Zeng <star.z...@intel.com>
> ---
> .../Bus/Pci/PciHostBridgeDxe/PciRootBridgeIo.c | 26
> +++++++++++++++++-----
> 1 file changed, 21 insertions(+), 5 deletions(-)
>
> diff --git a/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciRootBridgeIo.c
> b/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciRootBridgeIo.c
> index f8a1239ceb..0b6b56f846 100644
> --- a/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciRootBridgeIo.c
> +++ b/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciRootBridgeIo.c
> @@ -321,6 +321,7 @@ RootBridgeIoCheckParameter (
> UINT64 Base;
> UINT64 Limit;
> UINT32 Size;
> + UINT64 Length;
>
> //
> // Check to see if Buffer is NULL
> @@ -337,7 +338,7 @@ RootBridgeIoCheckParameter (
> }
>
> //
> - // For FIFO type, the target address won't increase during the access,
> + // For FIFO type, the device address won't increase during the access,
> // so treat Count as 1
> //
> if (Width >= EfiPciWidthFifoUint8 && Width <= EfiPciWidthFifoUint64) {
> @@ -347,6 +348,13 @@ RootBridgeIoCheckParameter (
> Width = (EFI_PCI_ROOT_BRIDGE_IO_PROTOCOL_WIDTH) (Width & 0x03);
> Size = 1 << Width;
>
> + //
> + // Make sure (Count * Size) doesn't exceed MAX_UINT64
> + //
> + if (Count > DivU64x32 (MAX_UINT64, Size)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> //
> // Check to see if Address is aligned
> //
> @@ -354,6 +362,14 @@ RootBridgeIoCheckParameter (
> return EFI_UNSUPPORTED;
> }
>
> + //
> + // Make sure (Address + Count * Size) doesn't exceed MAX_UINT64
> + //
> + Length = MultU64x32 (Count, Size);
> + if (Address > MAX_UINT64 - Length) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> RootBridge = ROOT_BRIDGE_FROM_THIS (This);
>
> //
> @@ -372,7 +388,7 @@ RootBridgeIoCheckParameter (
> //
> // Allow Legacy IO access
> //
> - if (Address + MultU64x32 (Count, Size) <= 0x1000) {
> + if (Address + Length <= 0x1000) {
> if ((RootBridge->Attributes & (
> EFI_PCI_ATTRIBUTE_ISA_IO | EFI_PCI_ATTRIBUTE_VGA_PALETTE_IO |
> EFI_PCI_ATTRIBUTE_VGA_IO |
> EFI_PCI_ATTRIBUTE_IDE_PRIMARY_IO |
> EFI_PCI_ATTRIBUTE_IDE_SECONDARY_IO |
> @@ -386,7 +402,7 @@ RootBridgeIoCheckParameter (
> //
> // Allow Legacy MMIO access
> //
> - if ((Address >= 0xA0000) && (Address + MultU64x32 (Count, Size)) <=
> 0xC0000) {
> + if ((Address >= 0xA0000) && (Address + Length) <= 0xC0000) {
> if ((RootBridge->Attributes & EFI_PCI_ATTRIBUTE_VGA_MEMORY) != 0) {
> return EFI_SUCCESS;
> }
> @@ -395,7 +411,7 @@ RootBridgeIoCheckParameter (
> // By comparing the Address against Limit we know which range to be used
> // for checking
> //
> - if (Address + MultU64x32 (Count, Size) <= RootBridge->Mem.Limit + 1) {
> + if (Address + Length <= RootBridge->Mem.Limit + 1) {
> Base = RootBridge->Mem.Base;
> Limit = RootBridge->Mem.Limit;
> } else {
> @@ -427,7 +443,7 @@ RootBridgeIoCheckParameter (
> return EFI_INVALID_PARAMETER;
> }
>
> - if (Address + MultU64x32 (Count, Size) > Limit + 1) {
> + if (Address + Length > Limit + 1) {
> return EFI_INVALID_PARAMETER;
> }
>
>
Reviewed-by: Laszlo Ersek <ler...@redhat.com>
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
