From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) by mx.groups.io with SMTP id smtpd.web08.731.1640050454801596164 for ; Mon, 20 Dec 2021 17:34:14 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=GDfROlgZ; spf=pass (domain: gmail.com, ip: 209.85.216.53, mailfrom: kuqin12@gmail.com) Received: by mail-pj1-f53.google.com with SMTP id iy13so5610311pjb.5 for ; Mon, 20 Dec 2021 17:34:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=HnBXaakJWz1zLJYnsVxuWYPV+TcgfmFlBYKV2fIGh4o=; b=GDfROlgZHRqHFv177fjwM76MdLwKIp3JOB1kznSs3TG2WsdY3714JroZSO+3HqNNY4 cMy7MhMGaerzs/SUAYzetg4HlgGXPWmuiftcBfTdkyeJGu7xNHd04mPaYhd9fSNAt1+T WT5jcI0aguh47ZVlVTmto/JdffNE2eQUOxYdcJ1VSWLB/sfYOTcBBgJunAwMg6r1hJOb rR+rlvmMlsYHPnaqeQo4Hzpc6YlcEZDF6QFHRM+BvhG7gMVUM6vE9cDFlesJW/7J1Fpt aUgyN9K2da7zbuRUVy75Dudkx1L/pZ49kaFuHXNotTKwvaUyOkVaB/0uFCjn5ZE0CuTi zt2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=HnBXaakJWz1zLJYnsVxuWYPV+TcgfmFlBYKV2fIGh4o=; b=P/JYBt3C/lAVlFcqinuzhwwRWOuJI9UhEwMB8VIq92098u78YQJAYaiS9k0SYM3c3F +1wtpJo0ZzIBwE61gY0dt7Dcr/0xxu0CrPh+1WSOjAns1AbjWYKmb/8iGahBXGVfRdSW khHS1q90Mkon9IpxuNlP9+cDTGvkPwsfj+iAwE5M2Vww+OWPpBvDAULzAJY8JyKUv9tz qhMogxkajS0zdVugOAZhXXXwxDH7xjbOkWuFyKaiFuqjfyNaoFGa59+CLm5vMyPkJHmQ eN6ikgWXBufXC+mGujk3D3v3CPpB54BFNxm/GQ+5HXxumfdPhfxAV8x4By0t4fpuizpq BbQQ== X-Gm-Message-State: AOAM533LhZ0zV7U6+QyEipdTFjmdZTgFkxDZoppKuLuGmuhg+kn4GMlW Gw/IaO5nP3QeZf2/NbW/XUKs1Ifgqs2+WA== X-Google-Smtp-Source: ABdhPJz6bWgTj9/98Id3II3c2m5nkLAs2GmBDTeBmdMK4NJZ4KnPvFtKTaczsfqfFi+TosC/KSQ5Ag== X-Received: by 2002:a17:90b:3d6:: with SMTP id go22mr966966pjb.221.1640050454263; Mon, 20 Dec 2021 17:34:14 -0800 (PST) Return-Path: Received: from localhost.localdomain ([50.35.74.198]) by smtp.gmail.com with ESMTPSA id m10sm17389189pgv.75.2021.12.20.17.34.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Dec 2021 17:34:14 -0800 (PST) From: "Kun Qin" To: devel@edk2.groups.io Cc: Leif Lindholm , Ard Biesheuvel , Bret Barkelew , Michael Kubacki Subject: [PATCH v2 6/6] ArmPkg: MmCommunicationDxe: Update MM communicate `MessageLength` check Date: Mon, 20 Dec 2021 17:33:34 -0800 Message-Id: <20211221013334.1751-7-kuqin12@gmail.com> X-Mailer: git-send-email 2.32.0.windows.1 In-Reply-To: <20211221013334.1751-1-kuqin12@gmail.com> References: <20211221013334.1751-1-kuqin12@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3751 Current MM communicate routine from ArmPkg would conduct few checks prior to proceeding with SMC calls. However, the inspection step is different from PI specification. This patch updated MM communicate input argument inspection routine to assure that "if the `MessageLength` is zero, or too large for the MM implementation to manage, the MM implementation must update the `MessageLength` to reflect the size of the `Data` buffer that it can tolerate", as described by `EFI_MM_COMMUNICATION_PROTOCOL.Communicate()` section in PI specification. Cc: Leif Lindholm Cc: Ard Biesheuvel Cc: Bret Barkelew Cc: Michael Kubacki Signed-off-by: Kun Qin --- Notes: v2: - Splitting patch into 4 of 4 [Ard] - Uncrustify style update ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.c b/ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.c index 2f89b7c5b6c4..85d9034555f0 100644 --- a/ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.c +++ b/ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.c @@ -92,6 +92,7 @@ MmCommunication2Communicate ( return EFI_INVALID_PARAMETER; } + Status = EFI_SUCCESS; CommunicateHeader = CommBufferVirtual; // CommBuffer is a mandatory parameter. Hence, Rely on // MessageLength + Header to ascertain the @@ -109,28 +110,33 @@ MmCommunication2Communicate ( (*CommSize > mNsCommBuffMemRegion.Length)) { *CommSize = mNsCommBuffMemRegion.Length; - return EFI_BAD_BUFFER_SIZE; + Status = EFI_BAD_BUFFER_SIZE; } // // CommSize should cover at least MessageLength + sizeof (EFI_MM_COMMUNICATE_HEADER); // if (*CommSize < BufferSize) { - return EFI_INVALID_PARAMETER; + Status = EFI_INVALID_PARAMETER; } } // - // If the buffer size is 0 or greater than what can be tolerated by the MM + // If the message length is 0 or greater than what can be tolerated by the MM // environment then return the expected size. // - if ((BufferSize == 0) || + if ((CommunicateHeader->MessageLength == 0) || (BufferSize > mNsCommBuffMemRegion.Length)) { CommunicateHeader->MessageLength = mNsCommBuffMemRegion.Length - sizeof (CommunicateHeader->HeaderGuid) - sizeof (CommunicateHeader->MessageLength); - return EFI_BAD_BUFFER_SIZE; + Status = EFI_BAD_BUFFER_SIZE; + } + + // MessageLength or CommSize check has failed, return here. + if (EFI_ERROR (Status)) { + return Status; } // SMC Function ID -- 2.32.0.windows.1