From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=eric.dong@intel.com; receiver=edk2-devel@lists.01.org Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C334F21A02937 for ; Tue, 21 Aug 2018 05:24:43 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Aug 2018 05:24:43 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,269,1531810800"; d="scan'208";a="83613049" Received: from ydong10-win10.ccr.corp.intel.com ([10.239.9.125]) by orsmga001.jf.intel.com with ESMTP; 21 Aug 2018 05:24:42 -0700 From: Eric Dong To: edk2-devel@lists.01.org Cc: Star Zeng Date: Tue, 21 Aug 2018 20:24:40 +0800 Message-Id: <20180821122440.10384-1-eric.dong@intel.com> X-Mailer: git-send-email 2.15.0.windows.1 Subject: [Patch v2] MdeModulePkg/PiSmmCore: Check valid memory range. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Aug 2018 12:24:44 -0000 Call BS.AllocatePages in DXE driver and call SMM FreePages with the address of the buffer allocated in the DXE driver. SMM FreePages success and add a non-SMRAM range into SMM heap list. This is not an expected behavior. SMM FreePages should return error for this case and not free the pages. V2 changes: Adjust "Last" variable value from "Last = Memory + EFI_PAGES_TO_SIZE (NumberOfPages);" to "Last = Memory + EFI_PAGES_TO_SIZE (NumberOfPages) - 1;" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1098 Pass test: 1. Call SmmAllocatePages, to allocate pages, then call SmmFreePages to free same pages return success. 2. Call AllocatePages in Dxe then call SmmFreePages to free same pages, return failure. Cc: Star Zeng Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Eric Dong --- MdeModulePkg/Core/PiSmmCore/Page.c | 39 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/MdeModulePkg/Core/PiSmmCore/Page.c b/MdeModulePkg/Core/PiSmmCore/Page.c index 3699af7424..e9fcf01ecc 100644 --- a/MdeModulePkg/Core/PiSmmCore/Page.c +++ b/MdeModulePkg/Core/PiSmmCore/Page.c @@ -983,6 +983,41 @@ SmmInternalFreePages ( return SmmInternalFreePagesEx (Memory, NumberOfPages, FALSE); } +/** + Check whether the input range is in smram. + + @param Memory Base address of memory being inputed. + @param NumberOfPages The number of pages. + + @retval TRUE In the smram. + @retval FALSE Not in the smram. + +**/ +BOOLEAN +InSmmRange ( + IN EFI_PHYSICAL_ADDRESS Memory, + IN UINTN NumberOfPages + ) +{ + LIST_ENTRY *Link; + MEMORY_MAP *Entry; + EFI_PHYSICAL_ADDRESS Last; + + Last = Memory + EFI_PAGES_TO_SIZE (NumberOfPages) - 1; + + Link = gMemoryMap.ForwardLink; + while (Link != &gMemoryMap) { + Entry = CR (Link, MEMORY_MAP, Link, MEMORY_MAP_SIGNATURE); + Link = Link->ForwardLink; + + if ((Entry->Start <= Memory) && (Entry->End >= Last)) { + return TRUE; + } + } + + return FALSE; +} + /** Frees previous allocated pages. @@ -1004,6 +1039,10 @@ SmmFreePages ( EFI_STATUS Status; BOOLEAN IsGuarded; + if (!InSmmRange(Memory, NumberOfPages)) { + return EFI_NOT_FOUND; + } + IsGuarded = IsHeapGuardEnabled () && IsMemoryGuarded (Memory); Status = SmmInternalFreePages (Memory, NumberOfPages, IsGuarded); if (!EFI_ERROR (Status)) { -- 2.15.0.windows.1