From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55])
 by mx.groups.io with SMTP id smtpd.web10.56021.1638816115952602617
 for <devel@edk2.groups.io>;
 Mon, 06 Dec 2021 10:41:56 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Nq+ZaOvw;
 spf=pass (domain: kernel.org, ip: 145.40.73.55, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sin.source.kernel.org (Postfix) with ESMTPS id 6790ACE177C
	for <devel@edk2.groups.io>; Mon,  6 Dec 2021 18:41:52 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 982FCC341C2
	for <devel@edk2.groups.io>; Mon,  6 Dec 2021 18:41:50 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1638816110;
	bh=NGdNeyOh2YHxz2xXfs57xyy1HrkpQ0g6DU4otDmlyV8=;
	h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
	b=Nq+ZaOvwg2XH1lnKAh1ihgk2oPC7oJRqQQRjxiC191Gu8VInSVOwWoepRtu9/lkjU
	 EFHGzKKh2nXYnNJd83Y2yJS+G/wtSm0KdafywvIXFk0/bwSy7RYgMdgw1QxgvxERDH
	 o/wtOAfqYC9Xkga8H25uI1LV4EPoV0B3dPKnIBjsy/2Y07xj8DavJi8AFcHnKRIRhI
	 mHzBWFndtqz+UI8x6qsR9GbT1d4vP/+v5nmFwZ24Li2CtRZCnYYWLZD50hTaAttdEI
	 D8U577Hof1TodXgGN16qFnCjAvmDJWdAya+Pr4x0JewLxUdAR9qVX8qfqnTYhApDPN
	 oKVXbnSWCRQ5Q==
Received: by mail-oi1-f173.google.com with SMTP id t23so23161778oiw.3
        for <devel@edk2.groups.io>; Mon, 06 Dec 2021 10:41:50 -0800 (PST)
X-Gm-Message-State: AOAM531adBSookilFcKU7S/BrOG3z1tlSSTQuwsRtuKIW1t6CppskYYM
	1A0KVy0BpwbouGP64KG53pFQKfFezyrxdpIpCiA=
X-Google-Smtp-Source: ABdhPJwiVnnd78RnQAPyawpn+1q1bNR+Lq1TmTNTOrKMOLeclfI9qMl+3gxtxWZ+OF3Bq5wFKhP+Gusn9QNNUSsq9CQ=
X-Received: by 2002:aca:ad95:: with SMTP id w143mr288795oie.47.1638816109854;
 Mon, 06 Dec 2021 10:41:49 -0800 (PST)
MIME-Version: 1.0
References: <16BC2C06E438B403.26361@groups.io> <6fcb7f10-c113-1c9d-2b4d-264b81ed6ad1@gmail.com>
In-Reply-To: <6fcb7f10-c113-1c9d-2b4d-264b81ed6ad1@gmail.com>
From: "Ard Biesheuvel" <ardb@kernel.org>
Date: Mon, 6 Dec 2021 19:41:38 +0100
X-Gmail-Original-Message-ID: <CAMj1kXEgHuj79sXsA5BKUOa9U30a_mD3E6_W6RwBu_=TaaYikg@mail.gmail.com>
Message-ID: <CAMj1kXEgHuj79sXsA5BKUOa9U30a_mD3E6_W6RwBu_=TaaYikg@mail.gmail.com>
Subject: Re: [edk2-devel] [PATCH v1 0/2] MM communicate functionality in variable policy
To: Kun Qin <kuqin12@gmail.com>
Cc: edk2-devel-groups-io <devel@edk2.groups.io>, Jian J Wang <jian.j.wang@intel.com>, 
	Liming Gao <gaoliming@byosoft.com.cn>, Hao A Wu <hao.a.wu@intel.com>, 
	Leif Lindholm <leif@nuviainc.com>, Ard Biesheuvel <ardb+tianocore@kernel.org>, 
	Bret Barkelew <Bret.Barkelew@microsoft.com>, 
	Michael Kubacki <michael.kubacki@microsoft.com>
Content-Type: text/plain; charset="UTF-8"

On Mon, 6 Dec 2021 at 19:35, Kun Qin <kuqin12@gmail.com> wrote:
>
> Hi ArmPkg and MdeModulePkg maintainers,
>
> It has been a week since the patches were sent. Could you please review
> the changes and let me know if there is any feedback? Any input is
> appreciated.
>

As far as I know, we are still in hard freeze for the upcoming stable tag.

>
> On 11/29/2021 16:39, Kun Qin via groups.io wrote:
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3709
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3751
> >
> > Currently, setups with variable policy operations used together with MM
> > communicate from ArmPkg could fail with `EFI_INVALID_PARAMETER`. This was
> > due to the errors from 2 following aspects:
> >
> > 1. For variable policy implementations in MdeModulePkg, the DXE runtime
> > agent would communicate to MM to disable, register or query policies.
> > However, during these operations, the MessageLength calculation is
> > including MM communicate header. This could lead to MM agent read data
> > across the given buffer boundary and/or trigger other errors.
> >
> > 2. On the other hand, current MM communicate routine from ArmPkg would
> > fail the function if the input message length does not equal to input
> > buffer size.
> >
> > As defined in PI specification, the `CommSize`, when as input, should
> > stand for "The size of the data buffer being passed in", which would mean
> > the maximal number of bytes `CommBuffer` can hold. In turn, the value of
> > this input parameter can be used for MM handlers to determine whether the
> > output data is too large to fit in this buffer. Enforcing the incoming
> > buffer to hold exactly the number of used bytes mismatches with the PI
> > spec description.
> >
> > This change fix MessageLength field calculation from variable policy and
> > updated input argument inspections from MM communicate routine in ArmPkg
> > to match PI spec descriptions.
> >
> > Patch v1 branch: https://github.com/kuqin12/edk2/tree/mm_communicate_check
> >
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Liming Gao <gaoliming@byosoft.com.cn>
> > Cc: Hao A Wu <hao.a.wu@intel.com>
> > Cc: Leif Lindholm <leif@nuviainc.com>
> > Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> > Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
> > Cc: Michael Kubacki <michael.kubacki@microsoft.com>
> >
> > Kun Qin (2):
> >    MdeModulePkg: VariableSmmRuntimeDxe: Fix Variable Policy Message
> >      Length
> >    ArmPkg: MmCommunicationDxe: Update MM communicate input arguments
> >      checks
> >
> >   ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.c               | 44 ++++++++++++--------
> >   MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c | 10 ++---
> >   2 files changed, 32 insertions(+), 22 deletions(-)
> >