MdeModulePkg/NvmExpressPei: Refine data buffer & len check in PassThru

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1142 The fix is similar to commit ebb6c7633bca47fcd5b460a67e18e4a717ea91cc. We found that a similar fix should be applied to the NVMe PEI driver as well. Hence, this one is for the PEI counterpart driver. According to the the NVM Express spec Revision 1.1, for some commands (like Get/Set Feature Command, Figure 89 & 90 of the spec), the Memory Buffer maybe optional although the command opcode indicates there is a data transfer between host & controller (Get/Set Feature Command, Figure 38 of the spec). Hence, this commit refine the checks for the 'TransferLength' and 'TransferBuffer' field of the EDKII_PEI_NVM_EXPRESS_PASS_THRU_COMMAND_PACKET structure to address this issue. Cc: Andrew Fish <afish@apple.com> Cc: Leif Lindholm <leif.lindholm@linaro.org> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Liming Gao <liming.gao@intel.com> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Jiewen Yao <Jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
2025-07-28 16:14:04 +02:00 · 2018-11-09 15:14:08 +08:00 · 2018-11-09 15:14:08 +08:00 · bd224a5dad
commit bd224a5dad
parent da2c81ee96
1 changed files with 18 additions and 15 deletions
--- a/MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPeiPassThru.c
+++ b/MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPeiPassThru.c
@ -442,7 +442,8 @@ NvmePassThru (
  // specific addresses.
  //
  if ((Sq->Opc & (BIT0 | BIT1)) != 0) {
-    if ((Packet->TransferLength == 0) || (Packet->TransferBuffer == NULL)) {
+    if (((Packet->TransferLength != 0) && (Packet->TransferBuffer == NULL)) ||
+        ((Packet->TransferLength == 0) && (Packet->TransferBuffer != NULL))) {
      return EFI_INVALID_PARAMETER;
    }

@ -468,21 +469,23 @@ NvmePassThru (
        MapOp = EdkiiIoMmuOperationBusMasterWrite;
      }

-      MapLength = Packet->TransferLength;
-      Status = IoMmuMap (
-                 MapOp,
-                 Packet->TransferBuffer,
-                 &MapLength,
-                 &PhyAddr,
-                 &MapData
-                 );
-      if (EFI_ERROR (Status) || (MapLength != Packet->TransferLength)) {
-        Status = EFI_OUT_OF_RESOURCES;
-        DEBUG ((DEBUG_ERROR, "%a: Fail to map data buffer.\n", __FUNCTION__));
-        goto Exit;
-      }
+      if ((Packet->TransferLength != 0) && (Packet->TransferBuffer != NULL)) {
+        MapLength = Packet->TransferLength;
+        Status = IoMmuMap (
+                   MapOp,
+                   Packet->TransferBuffer,
+                   &MapLength,
+                   &PhyAddr,
+                   &MapData
+                   );
+        if (EFI_ERROR (Status) || (MapLength != Packet->TransferLength)) {
+          Status = EFI_OUT_OF_RESOURCES;
+          DEBUG ((DEBUG_ERROR, "%a: Fail to map data buffer.\n", __FUNCTION__));
+          goto Exit;
+        }

-      Sq->Prp[0] = PhyAddr;
+        Sq->Prp[0] = PhyAddr;
+      }

      if((Packet->MetadataLength != 0) && (Packet->MetadataBuffer != NULL)) {
        MapLength = Packet->MetadataLength;