From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com [209.85.216.54]) by mx.groups.io with SMTP id smtpd.web10.749.1640050454139681830 for ; Mon, 20 Dec 2021 17:34:14 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=Y20jWlgl; spf=pass (domain: gmail.com, ip: 209.85.216.54, mailfrom: kuqin12@gmail.com) Received: by mail-pj1-f54.google.com with SMTP id f18-20020a17090aa79200b001ad9cb23022so1663334pjq.4 for ; Mon, 20 Dec 2021 17:34:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=8rdfoLoxl8+79ESdpdVkI8Vpl2eqB1r9acNByn5/fUQ=; b=Y20jWlgl9cxVfHY9VfjCRwgZkEjz4cV/ukJFhAPdy1O9zw8r6TD5MIyHe6odTcM8Dj 3DDN3u4eme/MdpViWL8dmgPA/8+JMlRfjiI1pQ+nniq0MvsXyjHeJguTNcs/wWTI57zQ MUrynbkQTFmj2L5f8FZeU+IQiWauW1+l9icPaoU9qsb5sxRIGbfMKWixRM9nuPgO/utN TfDPMcsYCPWaJ8Tr5Zl6s1gikeoQRNCzUz2+xs0VLP4qIZobUequf25O9VmzEtWEwJyD m9MZtirxuLRNNeQSZEu5NtNzT6bBRBnMMX+KrOYABsvdr7OuewJg0tTsoCcwpf3UlKJ1 AXSQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=8rdfoLoxl8+79ESdpdVkI8Vpl2eqB1r9acNByn5/fUQ=; b=z46oqpj3+ESXTVmRq9xNpdPc/3Dff6uSI5kAzJHgoGr3lfwbieghhBTg1+K6a//X8T plQastriFhfy3rTmB2zRMQBadEy0dDZsgBs1VrvA7yDSZRwdSdW1HPkAJjZkgr0YloHt 5xpHTgYAZt0FUTNRNPJ58DfC8YMBmQrVDaEXmBgJU21+9Ltt26Sv6A3+nJLq+Hf/qjbm dqc0FWlvaOX5SnahrpcKKCF7SPQAYzdLohrOApR+FV+MKPRPIg7KJRol+kEpWlRqt6qy BB/ndHBMlroD92KS8Or4fFyhTSukoL029YvSEfW8qQS5RRMIHfrP7xjJT3TvXnSNv3bn mXmg== X-Gm-Message-State: AOAM533RvccPThmm9p9hv9VKlsz7tNaAzBZbbqLCEOamHXn7gNbjDkQN vMKUTHYf83CzeAD7fgLnMlvqih9QMKDcmQ== X-Google-Smtp-Source: ABdhPJxTnBnkRVWtb1SF1HQcgpZcDiAzTjZ/kBcXVdpaKTsQeJj7xkEH9xfqmngJlpKOhkNyI1jHow== X-Received: by 2002:a17:90b:17cc:: with SMTP id me12mr989822pjb.179.1640050453593; Mon, 20 Dec 2021 17:34:13 -0800 (PST) Return-Path: Received: from localhost.localdomain ([50.35.74.198]) by smtp.gmail.com with ESMTPSA id m10sm17389189pgv.75.2021.12.20.17.34.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Dec 2021 17:34:13 -0800 (PST) From: "Kun Qin" To: devel@edk2.groups.io Cc: Leif Lindholm , Ard Biesheuvel , Bret Barkelew , Michael Kubacki Subject: [PATCH v2 5/6] ArmPkg: MmCommunicationDxe: Update MM communicate `CommSize` check Date: Mon, 20 Dec 2021 17:33:33 -0800 Message-Id: <20211221013334.1751-6-kuqin12@gmail.com> X-Mailer: git-send-email 2.32.0.windows.1 In-Reply-To: <20211221013334.1751-1-kuqin12@gmail.com> References: <20211221013334.1751-1-kuqin12@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3751 Current MM communicate routine from ArmPkg would conduct few checks prior to proceeding with SMC calls. However, the inspection step is different from PI specification. This patch updated MM communicate input argument inspection routine to assure `CommSize` represents "the size of the data buffer being passed in" instead of the size of the data being used from data buffer, as described by section `EFI_MM_COMMUNICATION2_PROTOCOL.Communicate()` in PI specification. Cc: Leif Lindholm Cc: Ard Biesheuvel Cc: Bret Barkelew Cc: Michael Kubacki Signed-off-by: Kun Qin --- Notes: v2: - Splitting patch into 3 of 4 [Ard] ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.c b/ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.c index 0283be430dff..2f89b7c5b6c4 100644 --- a/ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.c +++ b/ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.c @@ -44,13 +44,18 @@ STATIC EFI_HANDLE mMmCommunicateHandle; @param[in] This The EFI_MM_COMMUNICATION_PROTOCOL instance. @param[in, out] CommBufferPhysical Physical address of the MM communication buffer @param[in, out] CommBufferVirtual Virtual address of the MM communication buffer - @param[in, out] CommSize The size of the data buffer being passed in. On exit, the - size of data being returned. Zero if the handler does not + @param[in, out] CommSize The size of the data buffer being passed in. On input, + when not omitted, the buffer should cover EFI_MM_COMMUNICATE_HEADER + and the value of MessageLength field. On exit, the size + of data being returned. Zero if the handler does not wish to reply with any data. This parameter is optional and may be NULL. @retval EFI_SUCCESS The message was successfully posted. - @retval EFI_INVALID_PARAMETER CommBufferPhysical was NULL or CommBufferVirtual was NULL. + @retval EFI_INVALID_PARAMETER CommBufferPhysical or CommBufferVirtual was NULL, or + integer value pointed by CommSize does not cover + EFI_MM_COMMUNICATE_HEADER and the value of MessageLength + field. @retval EFI_BAD_BUFFER_SIZE The buffer is too large for the MM implementation. If this error is returned, the MessageLength field in the CommBuffer header or the integer pointed by @@ -96,8 +101,8 @@ MmCommunication2Communicate ( sizeof (CommunicateHeader->HeaderGuid) + sizeof (CommunicateHeader->MessageLength); - // If the length of the CommBuffer is 0 then return the expected length. - if (CommSize != 0) { + // If CommSize is not omitted, perform size inspection before proceeding. + if (CommSize != NULL) { // This case can be used by the consumer of this driver to find out the // max size that can be used for allocating CommBuffer. if ((*CommSize == 0) || @@ -108,9 +113,9 @@ MmCommunication2Communicate ( } // - // CommSize must match MessageLength + sizeof (EFI_MM_COMMUNICATE_HEADER); + // CommSize should cover at least MessageLength + sizeof (EFI_MM_COMMUNICATE_HEADER); // - if (*CommSize != BufferSize) { + if (*CommSize < BufferSize) { return EFI_INVALID_PARAMETER; } } -- 2.32.0.windows.1