From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga03.intel.com (mga03.intel.com []) by mx.groups.io with SMTP id smtpd.web09.387.1577083689070836499 for ; Sun, 22 Dec 2019 22:48:10 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=fail (domain: intel.com, ip: , mailfrom: eric.dong@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 Dec 2019 22:48:10 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.69,346,1571727600"; d="scan'208";a="417163289" Received: from ydong10-desktop.ccr.corp.intel.com ([10.239.158.133]) by fmsmga005.fm.intel.com with ESMTP; 22 Dec 2019 22:48:09 -0800 From: "Dong, Eric" To: devel@edk2.groups.io Cc: Ray Ni , Laszlo Ersek Subject: [PATCH v2 2/2] UefiCpuPkg/PiSmmCpuDxeSmm: Fix buffer overflow issue. Date: Mon, 23 Dec 2019 14:48:06 +0800 Message-Id: <20191223064806.682-3-eric.dong@intel.com> X-Mailer: git-send-email 2.23.0.windows.1 In-Reply-To: <20191223064806.682-1-eric.dong@intel.com> References: <20191223064806.682-1-eric.dong@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable The size for the array of mSmmMpSyncData->CpuData[] is 0 ~ mMaxNumberOfCpus -1. But current code may use mSmmMpSyncData->CpuData[mMaxNumberOfCpus]. This patch fixed this issue. Cc: Ray Ni Cc: Laszlo Ersek Signed-off-by: Eric Dong --- UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c b/UefiCpuPkg/PiSmmCpuDxe= Smm/MpService.c index 5ad12db980..e5324f8f84 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c @@ -137,7 +137,7 @@ ReleaseAllAPs ( {=0D UINTN Index;=0D =0D - for (Index =3D mMaxNumberOfCpus; Index-- > 0;) {=0D + for (Index =3D 0; Index < mMaxNumberOfCpus; Index++) {=0D if (IsPresentAp (Index)) {=0D ReleaseSemaphore (mSmmMpSyncData->CpuData[Index].Run);=0D }=0D @@ -170,7 +170,7 @@ AllCpusInSmmWithExceptions ( =0D CpuData =3D mSmmMpSyncData->CpuData;=0D ProcessorInfo =3D gSmmCpuPrivate->ProcessorInfo;=0D - for (Index =3D mMaxNumberOfCpus; Index-- > 0;) {=0D + for (Index =3D 0; Index < mMaxNumberOfCpus; Index++) {=0D if (!(*(CpuData[Index].Present)) && ProcessorInfo[Index].ProcessorId != =3D INVALID_APIC_ID) {=0D if (((Exceptions & ARRIVAL_EXCEPTION_DELAYED) !=3D 0) && SmmCpuFeatu= resGetSmmRegister (Index, SmmRegSmmDelayed) !=3D 0) {=0D continue;=0D @@ -305,7 +305,7 @@ SmmWaitForApArrival ( //=0D // Send SMI IPIs to bring outside processors in=0D //=0D - for (Index =3D mMaxNumberOfCpus; Index-- > 0;) {=0D + for (Index =3D 0; Index < mMaxNumberOfCpus; Index++) {=0D if (!(*(mSmmMpSyncData->CpuData[Index].Present)) && gSmmCpuPrivate->= ProcessorInfo[Index].ProcessorId !=3D INVALID_APIC_ID) {=0D SendSmiIpi ((UINT32)gSmmCpuPrivate->ProcessorInfo[Index].Processor= Id);=0D }=0D @@ -361,7 +361,7 @@ WaitForAllAPsNotBusy ( {=0D UINTN Index;=0D =0D - for (Index =3D mMaxNumberOfCpus; Index-- > 0;) {=0D + for (Index =3D 0; Index < mMaxNumberOfCpus; Index++) {=0D //=0D // Ignore BSP and APs which not call in SMM.=0D //=0D @@ -619,7 +619,7 @@ BSPHandler ( //=0D while (TRUE) {=0D PresentCount =3D 0;=0D - for (Index =3D mMaxNumberOfCpus; Index-- > 0;) {=0D + for (Index =3D 0; Index < mMaxNumberOfCpus; Index++) {=0D if (*(mSmmMpSyncData->CpuData[Index].Present)) {=0D PresentCount ++;=0D }=0D @@ -1303,7 +1303,7 @@ InternalSmmStartupAllAPs ( }=0D =0D CpuCount =3D 0;=0D - for (Index =3D mMaxNumberOfCpus; Index-- > 0;) {=0D + for (Index =3D 0; Index < mMaxNumberOfCpus; Index++) {=0D if (IsPresentAp (Index)) {=0D CpuCount ++;=0D =0D @@ -1335,13 +1335,13 @@ InternalSmmStartupAllAPs ( // Here code always use AcquireSpinLock instead of AcquireSpinLockOrFail= for not=0D // block mode.=0D //=0D - for (Index =3D mMaxNumberOfCpus; Index-- > 0;) {=0D + for (Index =3D 0; Index < mMaxNumberOfCpus; Index++) {=0D if (IsPresentAp (Index)) {=0D AcquireSpinLock (mSmmMpSyncData->CpuData[Index].Busy);=0D }=0D }=0D =0D - for (Index =3D mMaxNumberOfCpus; Index-- > 0;) {=0D + for (Index =3D 0; Index < mMaxNumberOfCpus; Index++) {=0D if (IsPresentAp (Index)) {=0D mSmmMpSyncData->CpuData[Index].Procedure =3D (EFI_AP_PROCEDURE2) Pro= cedure;=0D mSmmMpSyncData->CpuData[Index].Parameter =3D ProcedureArguments;=0D --=20 2.23.0.windows.1