From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175])
 by mx.groups.io with SMTP id smtpd.web10.70144.1638232772313866010
 for <devel@edk2.groups.io>;
 Mon, 29 Nov 2021 16:39:32 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=KpXYH5Kj;
 spf=pass (domain: gmail.com, ip: 209.85.210.175, mailfrom: kuqin12@gmail.com)
Received: by mail-pf1-f175.google.com with SMTP id g19so18721447pfb.8
        for <devel@edk2.groups.io>; Mon, 29 Nov 2021 16:39:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=DyWkWH4yzJev+aQpTw6VKBXmJhRLnl6zzjm7iMBmp4Q=;
        b=KpXYH5KjOSWH+15kJyGhZiD7LKy2EpZhiXkRKntZT8z44BkVbnblcnnX706hg9H29X
         XWrf4+Vhg+VbqxB8EGbHKTjBnhWLp5LhzEPVW3aT1TRZ3ErbToCobFHJl+Bc7HhHSjvI
         sArC74IJ6v7D6lzeVw5BBGINWGogJRgSrK4fh78IHLriBfu9/kMHeYG+vb/tg4g7k2mO
         gDnko3WCWnE9P7h2zT9sB7gixxt8/Ka5YlyhIVT12TclKk3lkZv6ir7DI6vUUSFELB16
         aHYKd3i45oYj7nlEQBOnQQw3hXI58+AZzCfaC1y1ECwHSwRyYsHHGWYhnmPfjfy77x2V
         iHkA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=DyWkWH4yzJev+aQpTw6VKBXmJhRLnl6zzjm7iMBmp4Q=;
        b=ebXCzkM3yLdqGcAwaWosbva86CplCHvRdEDZARNPQ+amlk3ssKV1KQNBXnMt7uoJB1
         qe4I5doKMeTphwclPOAvNs/PJfABjVU9lp3CqRCvLc72X0YPoeWYrLD96teXb2gunTS3
         JREvfjbgkt3n9rAfMjyl8+U7HArkuLZU5x050K10zd15kNqR6bQrRKQLiOPbGUj9/FCj
         Kixx9q5d9r/w23C9btxh7+7PKmS5T+CcObHmVreYF6gP+xSmEbyADI6NaebaxP7QRmOu
         nee0q5BpMfA4i4I9Bu+vx/sYu3oXeNmMMVWSymNpNNLodEotg1ThFbc331vqcpcyux71
         /qDA==
X-Gm-Message-State: AOAM530nkRcHBLt1Srnw5NgDPlpbma8o+neBHVwySli2Hi6srAEwlInK
	JZfOAbxPaItFFs6dyJhZg97c5C6azqj7gw==
X-Google-Smtp-Source: ABdhPJxHj9sUKIcOqX0o9+kfn5tS484xFQBuR3lzx+ittic4HYtdbJg2N76HATr5X9zv4hxKjxMKdQ==
X-Received: by 2002:a63:1d15:: with SMTP id d21mr5492158pgd.541.1638232771691;
        Mon, 29 Nov 2021 16:39:31 -0800 (PST)
Return-Path: <kuqin12@gmail.com>
Received: from localhost.localdomain ([50.35.70.63])
        by smtp.gmail.com with ESMTPSA id v10sm19286119pfu.123.2021.11.29.16.39.31
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 29 Nov 2021 16:39:31 -0800 (PST)
From: "Kun Qin" <kuqin12@gmail.com>
To: devel@edk2.groups.io
Cc: Jian J Wang <jian.j.wang@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Hao A Wu <hao.a.wu@intel.com>,
	Leif Lindholm <leif@nuviainc.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Bret Barkelew <Bret.Barkelew@microsoft.com>,
	Michael Kubacki <michael.kubacki@microsoft.com>
Subject: [PATCH v1 0/2] MM communicate functionality in variable policy
Date: Mon, 29 Nov 2021 16:39:00 -0800
Message-Id: <20211130003902.1884-1-kuqin12@gmail.com>
X-Mailer: git-send-email 2.32.0.windows.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3709
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3751

Currently, setups with variable policy operations used together with MM
communicate from ArmPkg could fail with `EFI_INVALID_PARAMETER`. This was
due to the errors from 2 following aspects: 

1. For variable policy implementations in MdeModulePkg, the DXE runtime
agent would communicate to MM to disable, register or query policies.
However, during these operations, the MessageLength calculation is
including MM communicate header. This could lead to MM agent read data
across the given buffer boundary and/or trigger other errors.

2. On the other hand, current MM communicate routine from ArmPkg would
fail the function if the input message length does not equal to input
buffer size.

As defined in PI specification, the `CommSize`, when as input, should
stand for "The size of the data buffer being passed in", which would mean
the maximal number of bytes `CommBuffer` can hold. In turn, the value of
this input parameter can be used for MM handlers to determine whether the
output data is too large to fit in this buffer. Enforcing the incoming
buffer to hold exactly the number of used bytes mismatches with the PI
spec description.

This change fix MessageLength field calculation from variable policy and
updated input argument inspections from MM communicate routine in ArmPkg
to match PI spec descriptions.

Patch v1 branch: https://github.com/kuqin12/edk2/tree/mm_communicate_check

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Michael Kubacki <michael.kubacki@microsoft.com>

Kun Qin (2):
  MdeModulePkg: VariableSmmRuntimeDxe: Fix Variable Policy Message
    Length
  ArmPkg: MmCommunicationDxe: Update MM communicate input arguments
    checks

 ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.c               | 44 ++++++++++++--------
 MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c | 10 ++---
 2 files changed, 32 insertions(+), 22 deletions(-)

-- 
2.32.0.windows.1