Age | Commit message (Collapse) | Author |
|
It would be possible to remove the UAF without local variables, by calling
SataPrivateData->PciIo->Attributes() before releasing SataPrivateData.
However, by keeping the location of the call (for which temporary
variables are necessary), we continue to match the error path logic in
SataControllerStart(), which is always recommended.
Reported-by: wang xiaofeng <winggundum82@163.com>
Fixes: bcab71413407e61c144994925556725dd65eede9
Cc: wang xiaofeng <winggundum82@163.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
|
|
"ASSERT (SataPrivateData != NULL)" is just a few lines higher up.
Cc: Jordan Justen <jordan.l.justen@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
|
|
When we bind the SATA controller in SataControllerStart(), we read the NP
("Number of Ports") bitfield from the CAP ("HBA Capabilities") register of
the controller. (See the AHCI 1.3.1 spec.)
This register is memory mapped. If we'd like to access it, we must at
least enable memory space access for the device. In addition, Feng Tian
recommended enabling Bus Master DMA in
<http://thread.gmane.org/gmane.comp.bios.tianocore.devel/10545/focus=10659>.
We also enable IO space access for completeness.
Further, because we change the PCI attributes of the device with the above
when binding it, we must also restore its original PCI attributes when
unbinding it. See the Driver Writer's Guide for UEFI 2.3.1 v1.01, section
18.3 "PCI drivers" | 18.3.2 "Start() and Stop()".
(OvmfPkg's copy of SataControllerDxe differs from the same in DuetPkg
because Duet inherits a pre-configured SATA controller from the BIOS, as
explained by Feng. Technically, DuetPkg's SataControllerDxe could also
apply the technique seen in this patch.)
Cc: Alexander Graf <agraf@suse.de>
Cc: Reza Jelveh <reza.jelveh@tuhh.de>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Hannes Reinecke <hare@suse.de>
Cc: Gabriel L. Somlo <somlo@cmu.edu>
Cc: Feng Tian <feng.tian@intel.com>
Suggested-by: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
Tested-by: Gabriel Somlo <somlo@cmu.edu>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18528 6f19259b-4bc3-4df7-8a09-765794883524
|
|
In the next patch we'll add another PCI operation to
SataControllerStart(), which, on error, has to be rolled back similarly to
other actions already being done in SataControllerStart(). Since that PCI
operation won't provide a non-NULL pointer on success, its rollback isn't
really suitable for the current error handling in SataControllerStart().
Employ the traditional cascading labels instead.
Cc: Alexander Graf <agraf@suse.de>
Cc: Reza Jelveh <reza.jelveh@tuhh.de>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Hannes Reinecke <hare@suse.de>
Cc: Gabriel L. Somlo <somlo@cmu.edu>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Gabriel Somlo <somlo@cmu.edu>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18527 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Edk2 maintainers reached the consensus that SataControllerDxe was
inherently platform specific, for which reason it was not appropriate for
either PcAtChipsetPkg nor MdeModulePkg. Hence, if OvmfPkg wanted to use
it, it should either reference it directly from under DuetPkg, or copy it.
Given that DuetPkg is another "leaf" platform in edk2, and that in the
upcoming patches we'll actually modify the driver, the ultimate decision
(reached months ago on the list, after Reza's v2 posting) is that OvmfPkg
shall copy the driver.
This patch does that; the only difference being a fresh FILE_GUID in the
INF file.
Cc: Alexander Graf <agraf@suse.de>
Cc: Reza Jelveh <reza.jelveh@tuhh.de>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Hannes Reinecke <hare@suse.de>
Cc: Gabriel L. Somlo <somlo@cmu.edu>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Reza Jelveh <reza.jelveh@tuhh.de>
[lersek@redhat.com: updated commit message, generated fresh FILE_GUID]
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Gabriel Somlo <somlo@cmu.edu>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18526 6f19259b-4bc3-4df7-8a09-765794883524
|