MdeModulePkg NvmExpressDxe: Avoid crashing 'Mode' during OpenProtocol

The gBS->OpenProtocol() calls to open EFI_NVM_EXPRESS_PASS_THRU_PROTOCOL
in NvmExpress.c will crash the data in 'Mode' field of
'Private->Passthru'.

The third parameter of gBS->OpenProtocol() is an output parameter that
stores the address where a pointer to the corresponding Protocol
Interface. The current code mistakenly pass '&Private->Passthru' (a
pointer of the EFI_NVM_EXPRESS_PASS_THRU_PROTOCOL) as the third
parameter. This will crash the data in 'Mode' filed.

Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>

diff --git a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c
index cb25b3e08dc62f9a6b2db5fcb56520557406d07a..255fa2ba5afbcd9c62bdd759507cc747c530eacc 100644 (file)
--- a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c
+++ b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c
@@ -76,6 +76,7 @@ EnumerateNvmeDevNamespace (
   UINT32                                LbaFmtIdx;\r
   UINT8                                 Sn[21];\r
   UINT8                                 Mn[41];\r
+  VOID                                  *DummyInterface;\r
 \r
   NewDevicePathNode = NULL;\r
   DevicePath        = NULL;\r
@@ -264,7 +265,7 @@ EnumerateNvmeDevNamespace (
     gBS->OpenProtocol (\r
            Private->ControllerHandle,\r
            &gEfiNvmExpressPassThruProtocolGuid,\r
-           (VOID **) &Private->Passthru,\r
+           (VOID **) &DummyInterface,\r
            Private->DriverBindingHandle,\r
            Device->DeviceHandle,\r
            EFI_OPEN_PROTOCOL_BY_CHILD_CONTROLLER\r
@@ -392,10 +393,10 @@ UnregisterNvmeNamespace (
   EFI_STATUS                               Status;\r
   EFI_BLOCK_IO_PROTOCOL                    *BlockIo;\r
   NVME_DEVICE_PRIVATE_DATA                 *Device;\r
-  NVME_CONTROLLER_PRIVATE_DATA             *Private;\r
   EFI_STORAGE_SECURITY_COMMAND_PROTOCOL    *StorageSecurity;\r
   BOOLEAN                                  IsEmpty;\r
   EFI_TPL                                  OldTpl;\r
+  VOID                                     *DummyInterface;\r
 \r
   BlockIo = NULL;\r
 \r
@@ -412,7 +413,6 @@ UnregisterNvmeNamespace (
   }\r
 \r
   Device  = NVME_DEVICE_PRIVATE_DATA_FROM_BLOCK_IO (BlockIo);\r
-  Private = Device->Controller;\r
 \r
   //\r
   // Wait for the device's asynchronous I/O queue to become empty.\r
@@ -460,7 +460,7 @@ UnregisterNvmeNamespace (
     gBS->OpenProtocol (\r
            Controller,\r
            &gEfiNvmExpressPassThruProtocolGuid,\r
-           (VOID **) &Private->Passthru,\r
+           (VOID **) &DummyInterface,\r
            This->DriverBindingHandle,\r
            Handle,\r
            EFI_OPEN_PROTOCOL_BY_CHILD_CONTROLLER\r
@@ -490,7 +490,7 @@ UnregisterNvmeNamespace (
       gBS->OpenProtocol (\r
         Controller,\r
         &gEfiNvmExpressPassThruProtocolGuid,\r
-        (VOID **) &Private->Passthru,\r
+        (VOID **) &DummyInterface,\r
         This->DriverBindingHandle,\r
         Handle,\r
         EFI_OPEN_PROTOCOL_BY_CHILD_CONTROLLER\r