From: Nikita Leshenko <nikita.leshchenko@oracle.com>
Date: Mon, 4 May 2020 21:06:07 +0000 (+0300)
Subject: OvmfPkg/MptScsiDxe: Reset device on ExitBootServices()
X-Git-Tag: edk2-stable202005~95
X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=c635a56384bfc4fdf3e00d102ea0eb7aa8d840fd;hp=505812ae1d2d1d3efa5d9c622d87a990918442ee

OvmfPkg/MptScsiDxe: Reset device on ExitBootServices()

This causes the device to forget about the reply frame. We allocated the
reply frame in EfiBootServicesData type memory, and code executing after
ExitBootServices() is permitted to overwrite it.

Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2390
Signed-off-by: Nikita Leshenko <nikita.leshchenko@oracle.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200504210607.144434-13-nikita.leshchenko@oracle.com>
---

diff --git a/OvmfPkg/MptScsiDxe/MptScsi.c b/OvmfPkg/MptScsiDxe/MptScsi.c
index 8be38f6cdb..9ed1831bac 100644
--- a/OvmfPkg/MptScsiDxe/MptScsi.c
+++ b/OvmfPkg/MptScsiDxe/MptScsi.c
@@ -59,6 +59,7 @@ typedef struct {
   UINT32                          StallPerPollUsec;
   EFI_PCI_IO_PROTOCOL             *PciIo;
   UINT64                          OriginalPciAttributes;
+  EFI_EVENT                       ExitBoot;
   MPT_SCSI_DMA_BUFFER             *Dma;
   EFI_PHYSICAL_ADDRESS            DmaPhysical;
   VOID                            *DmaMapping;
@@ -762,6 +763,20 @@ MptScsiResetChannel (
   return EFI_UNSUPPORTED;
 }
 
+STATIC
+VOID
+EFIAPI
+MptScsiExitBoot (
+  IN  EFI_EVENT Event,
+  IN  VOID      *Context
+  )
+{
+  MPT_SCSI_DEV *Dev;
+
+  Dev = Context;
+  DEBUG ((DEBUG_VERBOSE, "%a: Context=0x%p\n", __FUNCTION__, Context));
+  MptScsiReset (Dev);
+}
 STATIC
 EFI_STATUS
 EFIAPI
@@ -955,6 +970,17 @@ MptScsiControllerStart (
     goto Unmap;
   }
 
+  Status = gBS->CreateEvent (
+                  EVT_SIGNAL_EXIT_BOOT_SERVICES,
+                  TPL_CALLBACK,
+                  &MptScsiExitBoot,
+                  Dev,
+                  &Dev->ExitBoot
+                  );
+  if (EFI_ERROR (Status)) {
+    goto UninitDev;
+  }
+
   //
   // Host adapter channel, doesn't exist
   //
@@ -979,11 +1005,14 @@ MptScsiControllerStart (
                   &Dev->PassThru
                   );
   if (EFI_ERROR (Status)) {
-    goto UninitDev;
+    goto CloseExitBoot;
   }
 
   return EFI_SUCCESS;
 
+CloseExitBoot:
+  gBS->CloseEvent (Dev->ExitBoot);
+
 UninitDev:
   MptScsiReset (Dev);
 
@@ -1059,6 +1088,8 @@ MptScsiControllerStop (
     return Status;
   }
 
+  gBS->CloseEvent (Dev->ExitBoot);
+
   MptScsiReset (Dev);
 
   Dev->PciIo->Unmap (