1. Patchew
  2. EDK2
  3. [edk2] [Patch 0/2] Fix bug in IP driver for IpSec protocol notify
  4. View patch

[edk2] [Patch 1/2] MdeModulePkg/Ip4Dxe: fix a bug in IP4 driver for IpSec protocol notify.

Fu Siyuan posted 2 patches 7 years, 3 months ago
[edk2] [Patch 1/2] MdeModulePkg/Ip4Dxe: fix a bug in IP4 driver for IpSec protocol notify.
Posted by Fu Siyuan 7 years, 3 months ago 
The IP driver uses EfiCreateProtocolNotifyEvent() to register notify callback
function for IpSec protocol, but it didn't notice that the callback will always
be executed at least once, even the protocol wasn't in handle database.
As a result, the Ip4IpSecProcessPacket() will still always call LocateProtocol()
even the IpSec protocol is not installed, which will impact the network
performance.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
---
 MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Driver.c | 14 +++++++++++---
 MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Input.c  | 10 ++--------
 2 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Driver.c b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Driver.c
index 792db5c..03ba458 100644
--- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Driver.c
+++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Driver.c
@@ -41,12 +41,20 @@ IpSec2InstalledCallback (
   IN VOID       *Context
   )
 {
+  EFI_STATUS    Status;
   //
-  // Close the event so it does not get called again.
+  // Test if protocol was even found.
+  // Notification function will be called at least once.
   //
-  gBS->CloseEvent (Event);
+  Status = gBS->LocateProtocol (&gEfiIpSec2ProtocolGuid, NULL, &mIpSec);
+  if (Status == EFI_SUCCESS && mIpSec != NULL) {
+    //
+    // Close the event so it does not get called again.
+    //
+    gBS->CloseEvent (Event);
 
-  mIpSec2Installed = TRUE;
+    mIpSec2Installed = TRUE;
+  }
 }
 
 /**
diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Input.c b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Input.c
index 09b8f2b..e694323 100644
--- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Input.c
+++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Input.c
@@ -1,7 +1,7 @@
 /** @file
   IP4 input process.
   
-Copyright (c) 2005 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2005 - 2017, Intel Corporation. All rights reserved.<BR>
 (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
 
 This program and the accompanying materials
@@ -518,6 +518,7 @@ Ip4IpSecProcessPacket (
   if (!mIpSec2Installed) {
     goto ON_EXIT;
   }
+  ASSERT (mIpSec != NULL);
   
   Packet        = *Netbuf;
   RecycleEvent  = NULL;
@@ -527,13 +528,6 @@ Ip4IpSecProcessPacket (
   FragmentCount = Packet->BlockOpNum;
 
   ZeroMem (&ZeroHead, sizeof (IP4_HEAD));
-  
-  if (mIpSec == NULL) {
-    gBS->LocateProtocol (&gEfiIpSec2ProtocolGuid, NULL, (VOID **) &mIpSec);
-    if (mIpSec == NULL) {
-      goto ON_EXIT;
-    }
-  }
 
   //
   // Check whether the IPsec enable variable is set.
-- 
1.9.5.msysgit.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [Patch 1/2] MdeModulePkg/Ip4Dxe: fix a bug in IP4 driver for IpSec protocol notify.
Posted by Ard Biesheuvel 7 years, 3 months ago 
Hello Fu,

On 4 September 2017 at 09:07, Fu Siyuan <siyuan.fu@intel.com> wrote:
> The IP driver uses EfiCreateProtocolNotifyEvent() to register notify callback
> function for IpSec protocol, but it didn't notice that the callback will always
> be executed at least once, even the protocol wasn't in handle database.
> As a result, the Ip4IpSecProcessPacket() will still always call LocateProtocol()
> even the IpSec protocol is not installed, which will impact the network
> performance.
>
> Cc: Ye Ting <ting.ye@intel.com>
> Cc: Wu Jiaxin <jiaxin.wu@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
> ---
>  MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Driver.c | 14 +++++++++++---
>  MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Input.c  | 10 ++--------
>  2 files changed, 13 insertions(+), 11 deletions(-)
>
> diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Driver.c b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Driver.c
> index 792db5c..03ba458 100644
> --- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Driver.c
> +++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Driver.c
> @@ -41,12 +41,20 @@ IpSec2InstalledCallback (
>    IN VOID       *Context
>    )
>  {
> +  EFI_STATUS    Status;
>    //
> -  // Close the event so it does not get called again.
> +  // Test if protocol was even found.
> +  // Notification function will be called at least once.
>    //
> -  gBS->CloseEvent (Event);
> +  Status = gBS->LocateProtocol (&gEfiIpSec2ProtocolGuid, NULL, &mIpSec);

While moving this call here from below, you removed the (void **)
cast, which breaks the build on GCC

 In function 'IpSec2InstalledCallback':
49:3: error: passing argument 3 of 'gBS->LocateProtocol' from
incompatible pointer type [-Werror]
   Status = gBS->LocateProtocol (&gEfiIpSec2ProtocolGuid, NULL, &mIpSec);
   ^
49:3: note: expected 'void **' but argument is of type 'struct
EFI_IPSEC2_PROTOCOL **'
cc1: all warnings being treated as errors

Please fix.

Kind regards,
Ard,


> +  if (Status == EFI_SUCCESS && mIpSec != NULL) {
> +    //
> +    // Close the event so it does not get called again.
> +    //
> +    gBS->CloseEvent (Event);
>
> -  mIpSec2Installed = TRUE;
> +    mIpSec2Installed = TRUE;
> +  }
>  }
>
>  /**
> diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Input.c b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Input.c
> index 09b8f2b..e694323 100644
> --- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Input.c
> +++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Input.c
> @@ -1,7 +1,7 @@
>  /** @file
>    IP4 input process.
>
> -Copyright (c) 2005 - 2014, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2005 - 2017, Intel Corporation. All rights reserved.<BR>
>  (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
>
>  This program and the accompanying materials
> @@ -518,6 +518,7 @@ Ip4IpSecProcessPacket (
>    if (!mIpSec2Installed) {
>      goto ON_EXIT;
>    }
> +  ASSERT (mIpSec != NULL);
>
>    Packet        = *Netbuf;
>    RecycleEvent  = NULL;
> @@ -527,13 +528,6 @@ Ip4IpSecProcessPacket (
>    FragmentCount = Packet->BlockOpNum;
>
>    ZeroMem (&ZeroHead, sizeof (IP4_HEAD));
> -
> -  if (mIpSec == NULL) {
> -    gBS->LocateProtocol (&gEfiIpSec2ProtocolGuid, NULL, (VOID **) &mIpSec);
> -    if (mIpSec == NULL) {
> -      goto ON_EXIT;
> -    }
> -  }
>
>    //
>    // Check whether the IPsec enable variable is set.
> --
> 1.9.5.msysgit.1
>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Patchew 2.1-devel-8c64711

© 2016 - 2024 Red Hat, Inc.