1. Patchew
  2. EDK2
  3. View series

[edk2] [PATCH edk2-platforms] Silicon/SynQuacer/NetsecDxe: fix buffer allocation bug

Ard Biesheuvel posted 1 patch 6 years ago
Failed in applying to current master (apply log)
Silicon/Socionext/SynQuacer/Drivers/Net/NetsecDxe/netsec_for_uefi/pfdep_uefi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[edk2] [PATCH edk2-platforms] Silicon/SynQuacer/NetsecDxe: fix buffer allocation bug
Posted by Ard Biesheuvel 6 years ago 
The receive buffers of the NETSEC driver are owned by the driver itself
(as opposed to the protocol client in the case of the transmit path),
and so the descriptors and the buffers (which are of a fixed size) are
allocated in one go. The idea is that the 'buffer' member of the
descriptor should point to a DMA aligned offset into the same allocation,
but the code in pfdep_alloc_pkt_buf() calculates the value incorrectly,
resulting in corruption of the descriptor metadata if the pool allocation
happens to be DMA aligned.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 Silicon/Socionext/SynQuacer/Drivers/Net/NetsecDxe/netsec_for_uefi/pfdep_uefi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Silicon/Socionext/SynQuacer/Drivers/Net/NetsecDxe/netsec_for_uefi/pfdep_uefi.c b/Silicon/Socionext/SynQuacer/Drivers/Net/NetsecDxe/netsec_for_uefi/pfdep_uefi.c
index b43d1aaff037..0875558c08ea 100644
--- a/Silicon/Socionext/SynQuacer/Drivers/Net/NetsecDxe/netsec_for_uefi/pfdep_uefi.c
+++ b/Silicon/Socionext/SynQuacer/Drivers/Net/NetsecDxe/netsec_for_uefi/pfdep_uefi.c
@@ -134,7 +134,7 @@ pfdep_alloc_pkt_buf (
       return PFDEP_ERR_ALLOC;
     }
 
-    (*pkt_handle_p)->Buffer = ALIGN_POINTER (*pkt_handle_p,
+    (*pkt_handle_p)->Buffer = ALIGN_POINTER (*pkt_handle_p + 1,
                                              mCpu->DmaBufferAlignment);
   }
 
-- 
2.17.0

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH edk2-platforms] Silicon/SynQuacer/NetsecDxe: fix buffer allocation bug
Posted by Leif Lindholm 6 years ago 
On Thu, Apr 12, 2018 at 11:23:49AM +0200, Ard Biesheuvel wrote:
> The receive buffers of the NETSEC driver are owned by the driver itself
> (as opposed to the protocol client in the case of the transmit path),
> and so the descriptors and the buffers (which are of a fixed size) are
> allocated in one go. The idea is that the 'buffer' member of the
> descriptor should point to a DMA aligned offset into the same allocation,
> but the code in pfdep_alloc_pkt_buf() calculates the value incorrectly,
> resulting in corruption of the descriptor metadata if the pool allocation
> happens to be DMA aligned.
> 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>

> ---
>  Silicon/Socionext/SynQuacer/Drivers/Net/NetsecDxe/netsec_for_uefi/pfdep_uefi.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/Silicon/Socionext/SynQuacer/Drivers/Net/NetsecDxe/netsec_for_uefi/pfdep_uefi.c b/Silicon/Socionext/SynQuacer/Drivers/Net/NetsecDxe/netsec_for_uefi/pfdep_uefi.c
> index b43d1aaff037..0875558c08ea 100644
> --- a/Silicon/Socionext/SynQuacer/Drivers/Net/NetsecDxe/netsec_for_uefi/pfdep_uefi.c
> +++ b/Silicon/Socionext/SynQuacer/Drivers/Net/NetsecDxe/netsec_for_uefi/pfdep_uefi.c
> @@ -134,7 +134,7 @@ pfdep_alloc_pkt_buf (
>        return PFDEP_ERR_ALLOC;
>      }
>  
> -    (*pkt_handle_p)->Buffer = ALIGN_POINTER (*pkt_handle_p,
> +    (*pkt_handle_p)->Buffer = ALIGN_POINTER (*pkt_handle_p + 1,
>                                               mCpu->DmaBufferAlignment);
>    }
>  
> -- 
> 2.17.0
> 
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH edk2-platforms] Silicon/SynQuacer/NetsecDxe: fix buffer allocation bug
Posted by Ard Biesheuvel 6 years ago 
On 19 April 2018 at 12:44, Leif Lindholm <leif.lindholm@linaro.org> wrote:
> On Thu, Apr 12, 2018 at 11:23:49AM +0200, Ard Biesheuvel wrote:
>> The receive buffers of the NETSEC driver are owned by the driver itself
>> (as opposed to the protocol client in the case of the transmit path),
>> and so the descriptors and the buffers (which are of a fixed size) are
>> allocated in one go. The idea is that the 'buffer' member of the
>> descriptor should point to a DMA aligned offset into the same allocation,
>> but the code in pfdep_alloc_pkt_buf() calculates the value incorrectly,
>> resulting in corruption of the descriptor metadata if the pool allocation
>> happens to be DMA aligned.
>>
>> Contributed-under: TianoCore Contribution Agreement 1.1
>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>
> Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
>

Thanks

Pushed as 61716249316b

>> ---
>>  Silicon/Socionext/SynQuacer/Drivers/Net/NetsecDxe/netsec_for_uefi/pfdep_uefi.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/Silicon/Socionext/SynQuacer/Drivers/Net/NetsecDxe/netsec_for_uefi/pfdep_uefi.c b/Silicon/Socionext/SynQuacer/Drivers/Net/NetsecDxe/netsec_for_uefi/pfdep_uefi.c
>> index b43d1aaff037..0875558c08ea 100644
>> --- a/Silicon/Socionext/SynQuacer/Drivers/Net/NetsecDxe/netsec_for_uefi/pfdep_uefi.c
>> +++ b/Silicon/Socionext/SynQuacer/Drivers/Net/NetsecDxe/netsec_for_uefi/pfdep_uefi.c
>> @@ -134,7 +134,7 @@ pfdep_alloc_pkt_buf (
>>        return PFDEP_ERR_ALLOC;
>>      }
>>
>> -    (*pkt_handle_p)->Buffer = ALIGN_POINTER (*pkt_handle_p,
>> +    (*pkt_handle_p)->Buffer = ALIGN_POINTER (*pkt_handle_p + 1,
>>                                               mCpu->DmaBufferAlignment);
>>    }
>>
>> --
>> 2.17.0
>>
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.