UINTN PrpListNo;\r
UINT32 Attributes;\r
UINT32 IoAlign;\r
+ UINT32 MaxTransLen;\r
UINT32 Data;\r
NVME_PASS_THRU_ASYNC_REQ *AsyncRequest;\r
EFI_TPL OldTpl;\r
}\r
\r
Private = NVME_CONTROLLER_PRIVATE_DATA_FROM_PASS_THRU (This);\r
+\r
+ //\r
+ // Check whether TransferLength exceeds the maximum data transfer size.\r
+ //\r
+ if (Private->ControllerData->Mdts != 0) {\r
+ MaxTransLen = (1 << (Private->ControllerData->Mdts)) *\r
+ (1 << (Private->Cap.Mpsmin + 12));\r
+ if (Packet->TransferLength > MaxTransLen) {\r
+ Packet->TransferLength = MaxTransLen;\r
+ return EFI_BAD_BUFFER_SIZE;\r
+ }\r
+ }\r
+\r
PciIo = Private->PciIo;\r
MapData = NULL;\r
MapMeta = NULL;\r
// processor and a PCI Bus Master. It's caller's responsbility to ensure this.\r
//\r
if (((Sq->Opc & (BIT0 | BIT1)) != 0) && (Sq->Opc != NVME_ADMIN_CRIOCQ_CMD) && (Sq->Opc != NVME_ADMIN_CRIOSQ_CMD)) {\r
+ if ((Packet->TransferLength == 0) || (Packet->TransferBuffer == NULL)) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
if ((Sq->Opc & BIT0) != 0) {\r
Flag = EfiPciIoOperationBusMasterRead;\r
} else {\r
Sq->Prp[0] = PhyAddr;\r
Sq->Prp[1] = 0;\r
\r
- MapLength = Packet->MetadataLength;\r
- if(Packet->MetadataBuffer != NULL) {\r
+ if((Packet->MetadataLength != 0) && (Packet->MetadataBuffer != NULL)) {\r
MapLength = Packet->MetadataLength;\r
Status = PciIo->Map (\r
PciIo,\r
projects / mirror_edk2.git / blobdiff