From 1f2c35936d1731da26c3ed8d002785240853a742 Mon Sep 17 00:00:00 2001

From: Laszlo Ersek <lersek@redhat.com>

Date: Wed, 7 Nov 2018 11:25:57 +0100

Subject: [PATCH] NetworkPkg: UefiPxeBcDxe: Add EXCLUSIVE attribute when

 opening SNP protocol installed by PXE.

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

Message-id: <20181107102557.9106-2-lersek@redhat.com>

Patchwork-id: 82937

O-Subject:  [RHEL8 edk2 PATCH 1/1] NetworkPkg: UefiPxeBcDxe: Add EXCLUSIVE

	attribute when opening SNP protocol installed by PXE.

Bugzilla: 1643377

Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>

Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>

From: "edk2-devel-bounces@lists.01.org" <edk2-devel-bounces@lists.01.org>

--v-- RHEL8 note start --v--

Please see the analysis for this backport in

<https://bugzilla.redhat.com/show_bug.cgi?id=1643377#c20> through

<https://bugzilla.redhat.com/show_bug.cgi?id=1643377#c25>.

There was a trivial conflict to resolve while cherry-picking the upstream

commit; please refer to

<https://bugzilla.redhat.com/show_bug.cgi?id=1643377#c28>.

--^-- RHEL8 note end --^--

Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1152

v2: Sync the same logic to Ipv6 and update code comments.

The PXE driver installs a SNP and open this SNP with attribute BY_DRIVER

to avoid it being opened by MNP driver, this SNP is also expected not to

be opened by other drivers with EXCLUSIVE attribute. In some cases, other

drivers may happen to do this by error, and thus cause a system crash.

This patch adds EXCLUSIVE attribute when opening SNP in PXE driver, and

will reject all OpenProtocol requests by EXCLUSIVE.

Cc: Subramanian, Sriram <sriram-s@hpe.com>

Cc: Ye Ting <ting.ye@intel.com>

Cc: Fu Siyuan <siyuan.fu@intel.com>

Cc: Wu Jiaxin <jiaxin.wu@intel.com>

Contributed-under: TianoCore Contribution Agreement 1.1

Signed-off-by: Wang Fan <fan.wang@intel.com>

Reviewed-by: Sriram Subramanian <sriram-s@hpe.com>

Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>

Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>

(cherry picked from commit cde5a72d365eff5b02b8330fef1c8d36fced08eb)

Signed-off-by: Laszlo Ersek <lersek@redhat.com>

---

 NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c | 8 ++++----

 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c

index 8dd787b..437cd6f 100644

--- a/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c

+++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c

@@ -814,7 +814,7 @@ PxeBcCreateIp4Children (

     }

     //

-    // Open SNP on the child handle BY_DRIVER. It will prevent any additionally 

+    // Open SNP on the child handle BY_DRIVER|EXCLUSIVE. It will prevent any additionally

     // layering to perform the experiment.

     //

     Status = gBS->OpenProtocol (

@@ -823,7 +823,7 @@ PxeBcCreateIp4Children (

                     (VOID **) &Snp,

                     This->DriverBindingHandle,

                     Private->Ip4Nic->Controller,

-                    EFI_OPEN_PROTOCOL_BY_DRIVER

+                    EFI_OPEN_PROTOCOL_BY_DRIVER|EFI_OPEN_PROTOCOL_EXCLUSIVE

                     );

     if (EFI_ERROR (Status)) {

       goto ON_ERROR;

@@ -1157,7 +1157,7 @@ PxeBcCreateIp6Children (

     }

     //

-    // Open SNP on the child handle BY_DRIVER. It will prevent any additionally 

+    // Open SNP on the child handle BY_DRIVER|EXCLUSIVE. It will prevent any additionally

     // layering to perform the experiment.

     //

     Status = gBS->OpenProtocol (

@@ -1166,7 +1166,7 @@ PxeBcCreateIp6Children (

                     (VOID **) &Snp,

                     This->DriverBindingHandle,

                     Private->Ip6Nic->Controller,

-                    EFI_OPEN_PROTOCOL_BY_DRIVER

+                    EFI_OPEN_PROTOCOL_BY_DRIVER|EFI_OPEN_PROTOCOL_EXCLUSIVE

                     );

     if (EFI_ERROR (Status)) {

       goto ON_ERROR;

-- 

1.8.3.1