From e1b59e085a430674fc5f31be276432d18cab63b4 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Sat, 7 Sep 2019 01:43:28 +0200 Subject: [PATCH] EmbeddedPkg/Universal/MmcDxe: "fix" CloseProtocol() call in BindingStop() The 3rd and 4th parameters of the CloseProtocol() call are wrong. Given that we're not dissociating a child controller from a parent controller (= closing a BY_CHILD_CONTROLLER open), but closing a BY_DRIVER open, the 4th parameter (ControllerHandle) should equal the 1st parameter (Handle). It's unclear why this code hasn't crashed before. Note that the patch doesn't fix the underlying driver model bug. I don't understand what the loop in MmcDriverBindingStop() attempts to do. Is this driver supposed to be a bus driver? It seems to create new handles, and to append device path nodes. But it doesn't set up proper parent/child protocol opens, and it doesn't close them. Cc: Ard Biesheuvel Cc: Leif Lindholm Signed-off-by: Laszlo Ersek Acked-by: Ard Biesheuvel --- EmbeddedPkg/Universal/MmcDxe/Mmc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/EmbeddedPkg/Universal/MmcDxe/Mmc.c b/EmbeddedPkg/Universal/MmcDxe/Mmc.c index 2f9ec9c7e7..c6170880de 100644 --- a/EmbeddedPkg/Universal/MmcDxe/Mmc.c +++ b/EmbeddedPkg/Universal/MmcDxe/Mmc.c @@ -329,8 +329,9 @@ MmcDriverBindingStop ( // Close gEfiMmcHostProtocolGuid Status = gBS->CloseProtocol ( Controller, - &gEfiMmcHostProtocolGuid,(VOID **) &MmcHostInstance->MmcHost, - This->DriverBindingHandle + &gEfiMmcHostProtocolGuid, + This->DriverBindingHandle, + Controller ); // Remove MMC Host Instance from the pool