MdeModulePkg/NvmExpressDxe: Refine data buffer & len check in PassThru

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1142

According to the the NVM Express spec Revision 1.1, for some commands
(like Get/Set Feature Command, Figure 89 & 90 of the spec), the Memory
Buffer maybe optional although the command opcode indicates there is a
data transfer between host & controller (Get/Set Feature Command, Figure
38 of the spec).

Hence, this commit refine the checks for the 'TransferLength' and
'TransferBuffer' field of the EFI_NVM_EXPRESS_PASS_THRU_COMMAND_PACKET
structure to address this issue.

Cc: Liangcheng Tang <liangcheng.tang@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>

diff --git a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c
index 2468871322187965f5bd92a029b93277bbb214e3..bfcd3497949af1d2515e1e1a3a5ee986bb886931 100644 (file)
--- a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c
+++ b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c
@@ -595,7 +595,8 @@ NvmExpressPassThru (
   //\r
   if (((Sq->Opc & (BIT0 | BIT1)) != 0) &&\r
       !((Packet->QueueType == NVME_ADMIN_QUEUE) && ((Sq->Opc == NVME_ADMIN_CRIOCQ_CMD) || (Sq->Opc == NVME_ADMIN_CRIOSQ_CMD)))) {\r
-    if ((Packet->TransferLength == 0) || (Packet->TransferBuffer == NULL)) {\r
+    if (((Packet->TransferLength != 0) && (Packet->TransferBuffer == NULL)) ||\r
+        ((Packet->TransferLength == 0) && (Packet->TransferBuffer != NULL))) {\r
       return EFI_INVALID_PARAMETER;\r
     }\r
 \r
@@ -605,21 +606,23 @@ NvmExpressPassThru (
       Flag = EfiPciIoOperationBusMasterWrite;\r
     }\r
 \r
-    MapLength = Packet->TransferLength;\r
-    Status = PciIo->Map (\r
-                      PciIo,\r
-                      Flag,\r
-                      Packet->TransferBuffer,\r
-                      &MapLength,\r
-                      &PhyAddr,\r
-                      &MapData\r
-                      );\r
-    if (EFI_ERROR (Status) || (Packet->TransferLength != MapLength)) {\r
-      return EFI_OUT_OF_RESOURCES;\r
-    }\r
+    if ((Packet->TransferLength != 0) && (Packet->TransferBuffer != NULL)) {\r
+      MapLength = Packet->TransferLength;\r
+      Status = PciIo->Map (\r
+                        PciIo,\r
+                        Flag,\r
+                        Packet->TransferBuffer,\r
+                        &MapLength,\r
+                        &PhyAddr,\r
+                        &MapData\r
+                        );\r
+      if (EFI_ERROR (Status) || (Packet->TransferLength != MapLength)) {\r
+        return EFI_OUT_OF_RESOURCES;\r
+      }\r
 \r
-    Sq->Prp[0] = PhyAddr;\r
-    Sq->Prp[1] = 0;\r
+      Sq->Prp[0] = PhyAddr;\r
+      Sq->Prp[1] = 0;\r
+    }\r
 \r
     if((Packet->MetadataLength != 0) && (Packet->MetadataBuffer != NULL)) {\r
       MapLength = Packet->MetadataLength;\r