MdeModulePkg NvmExpressDxe: Avoid crashing 'Mode' during OpenProtocol

The gBS->OpenProtocol() calls to open EFI_NVM_EXPRESS_PASS_THRU_PROTOCOL in NvmExpress.c will crash the data in 'Mode' field of 'Private->Passthru'. The third parameter of gBS->OpenProtocol() is an output parameter that stores the address where a pointer to the corresponding Protocol Interface. The current code mistakenly pass '&Private->Passthru' (a pointer of the EFI_NVM_EXPRESS_PASS_THRU_PROTOCOL) as the third parameter. This will crash the data in 'Mode' filed. Cc: Feng Tian <feng.tian@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Feng Tian <feng.tian@intel.com>
author: Hao Wu <hao.a.wu@intel.com> 2016-08-26 14:39:37 +0800
committer: Hao Wu <hao.a.wu@intel.com> 2016-09-06 15:31:12 +0800
commit: 6fe39780140f9f429c97a71ca3bfa4e16e779793 (patch)
tree: 8bfc79e662e3f84e99277cb94fc36d537a08c4a0 /MdeModulePkg
parent: bc54e50e0fe03c570014f363b547426913e92449 (diff)
download: edk2-platforms-6fe39780140f9f429c97a71ca3bfa4e16e779793.tar.xz
1 files changed, 5 insertions, 5 deletions
diff --git a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c
index cb25b3e08d..255fa2ba5a 100644
--- a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c
+++ b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c
@@ -76,6 +76,7 @@ EnumerateNvmeDevNamespace (
   UINT32                                LbaFmtIdx;
   UINT8                                 Sn[21];
   UINT8                                 Mn[41];
+  VOID                                  *DummyInterface;
 
   NewDevicePathNode = NULL;
   DevicePath        = NULL;
@@ -264,7 +265,7 @@ EnumerateNvmeDevNamespace (
     gBS->OpenProtocol (
            Private->ControllerHandle,
            &gEfiNvmExpressPassThruProtocolGuid,
-           (VOID **) &Private->Passthru,
+           (VOID **) &DummyInterface,
            Private->DriverBindingHandle,
            Device->DeviceHandle,
            EFI_OPEN_PROTOCOL_BY_CHILD_CONTROLLER
@@ -392,10 +393,10 @@ UnregisterNvmeNamespace (
   EFI_STATUS                               Status;
   EFI_BLOCK_IO_PROTOCOL                    *BlockIo;
   NVME_DEVICE_PRIVATE_DATA                 *Device;
-  NVME_CONTROLLER_PRIVATE_DATA             *Private;
   EFI_STORAGE_SECURITY_COMMAND_PROTOCOL    *StorageSecurity;
   BOOLEAN                                  IsEmpty;
   EFI_TPL                                  OldTpl;
+  VOID                                     *DummyInterface;
 
   BlockIo = NULL;
 
@@ -412,7 +413,6 @@ UnregisterNvmeNamespace (
   }
 
   Device  = NVME_DEVICE_PRIVATE_DATA_FROM_BLOCK_IO (BlockIo);
-  Private = Device->Controller;
 
   //
   // Wait for the device's asynchronous I/O queue to become empty.
@@ -460,7 +460,7 @@ UnregisterNvmeNamespace (
     gBS->OpenProtocol (
            Controller,
            &gEfiNvmExpressPassThruProtocolGuid,
-           (VOID **) &Private->Passthru,
+           (VOID **) &DummyInterface,
            This->DriverBindingHandle,
            Handle,
            EFI_OPEN_PROTOCOL_BY_CHILD_CONTROLLER
@@ -490,7 +490,7 @@ UnregisterNvmeNamespace (
       gBS->OpenProtocol (
         Controller,
         &gEfiNvmExpressPassThruProtocolGuid,
-        (VOID **) &Private->Passthru,
+        (VOID **) &DummyInterface,
         This->DriverBindingHandle,
         Handle,
         EFI_OPEN_PROTOCOL_BY_CHILD_CONTROLLER
author	Hao Wu <hao.a.wu@intel.com>	2016-08-26 14:39:37 +0800
committer	Hao Wu <hao.a.wu@intel.com>	2016-09-06 15:31:12 +0800
commit	6fe39780140f9f429c97a71ca3bfa4e16e779793 (patch)
tree	8bfc79e662e3f84e99277cb94fc36d537a08c4a0 /MdeModulePkg
parent	bc54e50e0fe03c570014f363b547426913e92449 (diff)
download	edk2-platforms-6fe39780140f9f429c97a71ca3bfa4e16e779793.tar.xz