From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 9080F81EBA for ; Thu, 17 Nov 2016 23:01:52 -0800 (PST) Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga105.jf.intel.com with ESMTP; 17 Nov 2016 23:01:57 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,655,1473145200"; d="scan'208";a="32143525" Received: from jfan12-desk.ccr.corp.intel.com ([10.239.9.5]) by orsmga004.jf.intel.com with ESMTP; 17 Nov 2016 23:01:56 -0800 From: Jeff Fan To: edk2-devel@lists.01.org Cc: Jiewen Yao , Feng Tian , Michael D Kinney Date: Fri, 18 Nov 2016 15:01:52 +0800 Message-Id: <20161118070152.16716-1-jeff.fan@intel.com> X-Mailer: git-send-email 2.9.3.windows.2 Subject: [PATCH] MdeModulePkg/PiSmmCore: Cache CommunicationBuffer info before using it X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Nov 2016 07:01:52 -0000 gSmmCorePrivate->CommunicationBuffer and gSmmCorePrivate->BufferSize locate at runtime memory region. That means they could be modified by non-SMM code during runtime. We should cache them into SMM local variables before we verify them. After verification, we should use the cached ones directly instead of the ones in gSmmCorePrivate. Cc: Jiewen Yao Cc: Feng Tian Cc: Michael D Kinney Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jeff Fan --- MdeModulePkg/Core/PiSmmCore/PiSmmCore.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c index b877a33..de8db65 100644 --- a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c +++ b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c @@ -432,6 +432,8 @@ SmmEntryPoint ( EFI_SMM_COMMUNICATE_HEADER *CommunicateHeader; BOOLEAN InLegacyBoot; BOOLEAN IsOverlapped; + VOID *CommunicationBuffer; + UINTN BufferSize; PERF_START (NULL, "SMM", NULL, 0) ; @@ -463,17 +465,19 @@ SmmEntryPoint ( // Check to see if this is a Synchronous SMI sent through the SMM Communication // Protocol or an Asynchronous SMI // - if (gSmmCorePrivate->CommunicationBuffer != NULL) { + CommunicationBuffer = gSmmCorePrivate->CommunicationBuffer; + BufferSize = gSmmCorePrivate->BufferSize; + if (CommunicationBuffer != NULL) { // // Synchronous SMI for SMM Core or request from Communicate protocol // IsOverlapped = InternalIsBufferOverlapped ( - (UINT8 *) gSmmCorePrivate->CommunicationBuffer, - gSmmCorePrivate->BufferSize, + (UINT8 *) CommunicationBuffer, + BufferSize, (UINT8 *) gSmmCorePrivate, sizeof (*gSmmCorePrivate) ); - if (!SmmIsBufferOutsideSmmValid ((UINTN)gSmmCorePrivate->CommunicationBuffer, gSmmCorePrivate->BufferSize) || IsOverlapped) { + if (!SmmIsBufferOutsideSmmValid ((UINTN)CommunicationBuffer, BufferSize) || IsOverlapped) { // // If CommunicationBuffer is not in valid address scope, // or there is overlap between gSmmCorePrivate and CommunicationBuffer, @@ -482,19 +486,19 @@ SmmEntryPoint ( gSmmCorePrivate->CommunicationBuffer = NULL; gSmmCorePrivate->ReturnStatus = EFI_INVALID_PARAMETER; } else { - CommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *)gSmmCorePrivate->CommunicationBuffer; - gSmmCorePrivate->BufferSize -= OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data); + CommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *)CommunicationBuffer; + BufferSize -= OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data); Status = SmiManage ( &CommunicateHeader->HeaderGuid, NULL, CommunicateHeader->Data, - &gSmmCorePrivate->BufferSize + &BufferSize ); // // Update CommunicationBuffer, BufferSize and ReturnStatus // Communicate service finished, reset the pointer to CommBuffer to NULL // - gSmmCorePrivate->BufferSize += OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data); + gSmmCorePrivate->BufferSize = BufferSize + OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data); gSmmCorePrivate->CommunicationBuffer = NULL; gSmmCorePrivate->ReturnStatus = (Status == EFI_SUCCESS) ? EFI_SUCCESS : EFI_NOT_FOUND; } -- 2.9.3.windows.2