From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.web11.61671.1638842842234416761 for ; Mon, 06 Dec 2021 18:07:22 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=i80DvrzO; spf=pass (domain: gmail.com, ip: 209.85.214.180, mailfrom: kuqin12@gmail.com) Received: by mail-pl1-f180.google.com with SMTP id p18so8324388plf.13 for ; Mon, 06 Dec 2021 18:07:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language:to :cc:references:from:in-reply-to:content-transfer-encoding; bh=CnzLAP2UwNgQcIUZ5Ns0So2jcv9plk65N+0zkjTUdj0=; b=i80DvrzOfRJukDMYtU+7wjmk9ueRB0Sf0Qd3Y+ITrKumCBucATESo98btDKDRmiFL3 xOtTVhOJt/PhZ8XgH7IVeQOT0UEdEf89BNfdak0sC6OiGYOIGidBvu7skRsk7vwhYUa9 W7utZMTDMQ3WZA0RNMULIT2BNTK4GCnFrtZj0gQTd1iFg0g5Y0AOhdIWsggZm7D7Ykkp qC1eb/8eOpOEf3dUYw309w/H8HbQRY12XLDXMP91soLfl8ihSDibUHO20j97/hDvEUJL l3wl3yhAJlKzrzUNxZ2GXXzZqgrWt98FINw+qPb7VvCLHpLfPTNG2NsJcZhLExlVP+j3 Eq9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=CnzLAP2UwNgQcIUZ5Ns0So2jcv9plk65N+0zkjTUdj0=; b=O+xtrBLzjJhrMcGRL73iMRzgqld596/RSQCL9m/pfcc6h39NULLa0fYu3MBBBdfdLd uqT2Ae4SCu3GKd+mNOfuVMxtOAVHT6O7EdSCL7r6xSCOt/pmzErF0UlVYzZUW6IGQ33R wqJ8z8b5yE4efY+j0SI52fNns+ZkI+G5b5yjdcI4J4T6emnpIH7W3iQ44E6eD2atzT2v +Q2WxttstFgbb8mCJsWZdxylEqcu4tVk6fQz7BDxPheV05Fn/mWq6XmjuOir7d/fTbt4 TDCOgdNjdvN9Ib2Ytf/IpFcvKCOWZk5CduNvS1dlDpQjdasNkJvbI6nwxPe2rWiXlPnw mPsg== X-Gm-Message-State: AOAM5300DlMqipWXapUEkqb+MMMmEaGuhxfhEFBosOioCB80pqoYAw0j xHUsISABdNlpI+l7alfTJO5Csi8hg1P4Ng== X-Google-Smtp-Source: ABdhPJyJLLWuwi81gl/E49Y2mzqOoIzlOQS9SvkzixA209m9vkDTVuc4GH49nQ05axW4OUcP1tVwaQ== X-Received: by 2002:a17:90a:d481:: with SMTP id s1mr2935339pju.66.1638842841612; Mon, 06 Dec 2021 18:07:21 -0800 (PST) Return-Path: Received: from [192.168.1.18] ([50.35.70.63]) by smtp.gmail.com with ESMTPSA id f185sm13450719pfg.39.2021.12.06.18.07.21 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 06 Dec 2021 18:07:21 -0800 (PST) Message-ID: <1fadf673-8364-b18c-70ea-051beefb1a86@gmail.com> Date: Mon, 6 Dec 2021 18:07:21 -0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.3.2 Subject: =?UTF-8?B?UmU6IOWbnuWkjTogW2VkazItZGV2ZWxdIFtQQVRDSCB2MSAwLzJdIE1NIGNvbW11bmljYXRlIGZ1bmN0aW9uYWxpdHkgaW4gdmFyaWFibGUgcG9saWN5?= To: devel@edk2.groups.io, gaoliming@byosoft.com.cn, 'Ard Biesheuvel' Cc: 'Jian J Wang' , 'Hao A Wu' , 'Leif Lindholm' , 'Ard Biesheuvel' , 'Bret Barkelew' , 'Michael Kubacki' References: <16BC2C06E438B403.26361@groups.io> <6fcb7f10-c113-1c9d-2b4d-264b81ed6ad1@gmail.com> <02f401d7eb07$746d7d70$5d487850$@byosoft.com.cn> From: "Kun Qin" In-Reply-To: <02f401d7eb07$746d7d70$5d487850$@byosoft.com.cn> Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Hi Liming, The strict check on MessageLength is only existent in `MmCommunication` driver from ArmPkg (https://github.com/tianocore/edk2/blob/e1e7306b54147e65cb7347b060e94f336d4a82d2/ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.c#L110). The x86 version does not seem to check MessageLength. So the behavior does not change on X86 systems, but the MdeModulePkg change alone will fix the failure to proceed with variable policy on Arm system. We also proposed a change in ArmPkg regarding the MessageLength check to stick closer to PI spec in this patch series. Regards, Kun On 12/06/2021 17:12, gaoliming wrote: > Kun: > Does this change impact current behavior? Seemly, there is no strict check on MessageLength. > > Thanks > Liming >> -----邮件原件----- >> 发件人: Kun Qin >> 发送时间: 2021年12月7日 2:47 >> 收件人: Ard Biesheuvel >> 抄送: edk2-devel-groups-io ; Jian J Wang >> ; Liming Gao ; Hao A >> Wu ; Leif Lindholm ; Ard >> Biesheuvel ; Bret Barkelew >> ; Michael Kubacki >> >> 主题: Re: [edk2-devel] [PATCH v1 0/2] MM communicate functionality in >> variable policy >> >> Thanks for the information, Ard. I just meant to plan ahead so that I >> can work on the feedback for these patches, if any. >> >> I can ping back the thread again once the stable tag is created. >> >> Regards, >> Kun >> >> On 12/06/2021 10:41, Ard Biesheuvel wrote: >>> On Mon, 6 Dec 2021 at 19:35, Kun Qin wrote: >>>> >>>> Hi ArmPkg and MdeModulePkg maintainers, >>>> >>>> It has been a week since the patches were sent. Could you please review >>>> the changes and let me know if there is any feedback? Any input is >>>> appreciated. >>>> >>> >>> As far as I know, we are still in hard freeze for the upcoming stable tag. >>> >>>> >>>> On 11/29/2021 16:39, Kun Qin via groups.io wrote: >>>>> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3709 >>>>> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3751 >>>>> >>>>> Currently, setups with variable policy operations used together with MM >>>>> communicate from ArmPkg could fail with `EFI_INVALID_PARAMETER`. >> This was >>>>> due to the errors from 2 following aspects: >>>>> >>>>> 1. For variable policy implementations in MdeModulePkg, the DXE >> runtime >>>>> agent would communicate to MM to disable, register or query policies. >>>>> However, during these operations, the MessageLength calculation is >>>>> including MM communicate header. This could lead to MM agent read >> data >>>>> across the given buffer boundary and/or trigger other errors. >>>>> >>>>> 2. On the other hand, current MM communicate routine from ArmPkg >> would >>>>> fail the function if the input message length does not equal to input >>>>> buffer size. >>>>> >>>>> As defined in PI specification, the `CommSize`, when as input, should >>>>> stand for "The size of the data buffer being passed in", which would mean >>>>> the maximal number of bytes `CommBuffer` can hold. In turn, the value of >>>>> this input parameter can be used for MM handlers to determine whether >> the >>>>> output data is too large to fit in this buffer. Enforcing the incoming >>>>> buffer to hold exactly the number of used bytes mismatches with the PI >>>>> spec description. >>>>> >>>>> This change fix MessageLength field calculation from variable policy and >>>>> updated input argument inspections from MM communicate routine in >> ArmPkg >>>>> to match PI spec descriptions. >>>>> >>>>> Patch v1 branch: >> https://github.com/kuqin12/edk2/tree/mm_communicate_check >>>>> >>>>> Cc: Jian J Wang >>>>> Cc: Liming Gao >>>>> Cc: Hao A Wu >>>>> Cc: Leif Lindholm >>>>> Cc: Ard Biesheuvel >>>>> Cc: Bret Barkelew >>>>> Cc: Michael Kubacki >>>>> >>>>> Kun Qin (2): >>>>> MdeModulePkg: VariableSmmRuntimeDxe: Fix Variable Policy >> Message >>>>> Length >>>>> ArmPkg: MmCommunicationDxe: Update MM communicate input >> arguments >>>>> checks >>>>> >>>>> ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.c >> | 44 ++++++++++++-------- >>>>> >> MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c | >> 10 ++--- >>>>> 2 files changed, 32 insertions(+), 22 deletions(-) >>>>> > > > > > > >