From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53])
 by mx.groups.io with SMTP id smtpd.web08.731.1640050454801596164
 for <devel@edk2.groups.io>;
 Mon, 20 Dec 2021 17:34:14 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=GDfROlgZ;
 spf=pass (domain: gmail.com, ip: 209.85.216.53, mailfrom: kuqin12@gmail.com)
Received: by mail-pj1-f53.google.com with SMTP id iy13so5610311pjb.5
        for <devel@edk2.groups.io>; Mon, 20 Dec 2021 17:34:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=HnBXaakJWz1zLJYnsVxuWYPV+TcgfmFlBYKV2fIGh4o=;
        b=GDfROlgZHRqHFv177fjwM76MdLwKIp3JOB1kznSs3TG2WsdY3714JroZSO+3HqNNY4
         cMy7MhMGaerzs/SUAYzetg4HlgGXPWmuiftcBfTdkyeJGu7xNHd04mPaYhd9fSNAt1+T
         WT5jcI0aguh47ZVlVTmto/JdffNE2eQUOxYdcJ1VSWLB/sfYOTcBBgJunAwMg6r1hJOb
         rR+rlvmMlsYHPnaqeQo4Hzpc6YlcEZDF6QFHRM+BvhG7gMVUM6vE9cDFlesJW/7J1Fpt
         aUgyN9K2da7zbuRUVy75Dudkx1L/pZ49kaFuHXNotTKwvaUyOkVaB/0uFCjn5ZE0CuTi
         zt2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=HnBXaakJWz1zLJYnsVxuWYPV+TcgfmFlBYKV2fIGh4o=;
        b=P/JYBt3C/lAVlFcqinuzhwwRWOuJI9UhEwMB8VIq92098u78YQJAYaiS9k0SYM3c3F
         +1wtpJo0ZzIBwE61gY0dt7Dcr/0xxu0CrPh+1WSOjAns1AbjWYKmb/8iGahBXGVfRdSW
         khHS1q90Mkon9IpxuNlP9+cDTGvkPwsfj+iAwE5M2Vww+OWPpBvDAULzAJY8JyKUv9tz
         qhMogxkajS0zdVugOAZhXXXwxDH7xjbOkWuFyKaiFuqjfyNaoFGa59+CLm5vMyPkJHmQ
         eN6ikgWXBufXC+mGujk3D3v3CPpB54BFNxm/GQ+5HXxumfdPhfxAV8x4By0t4fpuizpq
         BbQQ==
X-Gm-Message-State: AOAM533LhZ0zV7U6+QyEipdTFjmdZTgFkxDZoppKuLuGmuhg+kn4GMlW
	Gw/IaO5nP3QeZf2/NbW/XUKs1Ifgqs2+WA==
X-Google-Smtp-Source: ABdhPJz6bWgTj9/98Id3II3c2m5nkLAs2GmBDTeBmdMK4NJZ4KnPvFtKTaczsfqfFi+TosC/KSQ5Ag==
X-Received: by 2002:a17:90b:3d6:: with SMTP id go22mr966966pjb.221.1640050454263;
        Mon, 20 Dec 2021 17:34:14 -0800 (PST)
Return-Path: <kuqin12@gmail.com>
Received: from localhost.localdomain ([50.35.74.198])
        by smtp.gmail.com with ESMTPSA id m10sm17389189pgv.75.2021.12.20.17.34.13
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 20 Dec 2021 17:34:14 -0800 (PST)
From: "Kun Qin" <kuqin12@gmail.com>
To: devel@edk2.groups.io
Cc: Leif Lindholm <leif@nuviainc.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Bret Barkelew <Bret.Barkelew@microsoft.com>,
	Michael Kubacki <michael.kubacki@microsoft.com>
Subject: [PATCH v2 6/6] ArmPkg: MmCommunicationDxe: Update MM communicate `MessageLength` check
Date: Mon, 20 Dec 2021 17:33:34 -0800
Message-Id: <20211221013334.1751-7-kuqin12@gmail.com>
X-Mailer: git-send-email 2.32.0.windows.1
In-Reply-To: <20211221013334.1751-1-kuqin12@gmail.com>
References: <20211221013334.1751-1-kuqin12@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3751

Current MM communicate routine from ArmPkg would conduct few checks prior
to proceeding with SMC calls. However, the inspection step is different
from PI specification.

This patch updated MM communicate input argument inspection routine to
assure that "if the `MessageLength` is zero, or too large for the MM
implementation to manage, the MM implementation must update the
`MessageLength` to reflect the size of the `Data` buffer that it can
tolerate", as described by `EFI_MM_COMMUNICATION_PROTOCOL.Communicate()`
section in PI specification.

Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Michael Kubacki <michael.kubacki@microsoft.com>

Signed-off-by: Kun Qin <kuqin12@gmail.com>
---

Notes:
    v2:
    - Splitting patch into 4 of 4 [Ard]
    - Uncrustify style update

 ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.c b/ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.c
index 2f89b7c5b6c4..85d9034555f0 100644
--- a/ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.c
+++ b/ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.c
@@ -92,6 +92,7 @@ MmCommunication2Communicate (
     return EFI_INVALID_PARAMETER;
   }
 
+  Status            = EFI_SUCCESS;
   CommunicateHeader = CommBufferVirtual;
   // CommBuffer is a mandatory parameter. Hence, Rely on
   // MessageLength + Header to ascertain the
@@ -109,28 +110,33 @@ MmCommunication2Communicate (
         (*CommSize > mNsCommBuffMemRegion.Length))
     {
       *CommSize = mNsCommBuffMemRegion.Length;
-      return EFI_BAD_BUFFER_SIZE;
+      Status    = EFI_BAD_BUFFER_SIZE;
     }
 
     //
     // CommSize should cover at least MessageLength + sizeof (EFI_MM_COMMUNICATE_HEADER);
     //
     if (*CommSize < BufferSize) {
-      return EFI_INVALID_PARAMETER;
+      Status = EFI_INVALID_PARAMETER;
     }
   }
 
   //
-  // If the buffer size is 0 or greater than what can be tolerated by the MM
+  // If the message length is 0 or greater than what can be tolerated by the MM
   // environment then return the expected size.
   //
-  if ((BufferSize == 0) ||
+  if ((CommunicateHeader->MessageLength == 0) ||
       (BufferSize > mNsCommBuffMemRegion.Length))
   {
     CommunicateHeader->MessageLength = mNsCommBuffMemRegion.Length -
                                        sizeof (CommunicateHeader->HeaderGuid) -
                                        sizeof (CommunicateHeader->MessageLength);
-    return EFI_BAD_BUFFER_SIZE;
+    Status = EFI_BAD_BUFFER_SIZE;
+  }
+
+  // MessageLength or CommSize check has failed, return here.
+  if (EFI_ERROR (Status)) {
+    return Status;
   }
 
   // SMC Function ID
-- 
2.32.0.windows.1