From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 9875F740046 for ; Fri, 18 Apr 2025 06:44:59 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=N+EyPBGFrRG6CQzIGXXG4dsr88pQaJ1X2bdw6H7pQ44=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:Accept-Language:msip_labels:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type; s=20240830; t=1744958699; v=1; x=1745217898; b=g16MV1jCeTe+MyF2aiQef1OeV5uHSjeoTATeK+hyvNK8GQdjMCImbYM9aMAKwdvOxHeEjmXS dnl1lxotPd+KpblyLoT2sCgGXYPVT0pvxJQVqBcOrmMgT2sxCpyTMsAG4xankE4WDQcz0d/ONhA QnClVEpOj9xBNPwdzgGNa1Ey8rSw/F7qKw5wKbNzgn8Y6KS4s2uKngTl0eYOZbJxI8DA1sYoRj5 OMNFT7PqDUFryLqD6KkYxHuWp9mMM3PGm5pZuoVn/kl2mFbK762osQszROk7oYLHopPU4m4iExG bCxLehmxgB8Sgqpuh8lPv0++8CG0r/H5EhKtGlxRvtZRQ== X-Received: by 127.0.0.2 with SMTP id wwsyYY7687511x8CWvgllD4D; Thu, 17 Apr 2025 23:44:58 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.19]) by mx.groups.io with SMTP id smtpd.web10.6492.1744958697311147939 for ; Thu, 17 Apr 2025 23:44:57 -0700 X-CSE-ConnectionGUID: hIHpQhfkS16MbGhPff3frw== X-CSE-MsgGUID: VVMNt9HpQGCZyp019ixsyQ== X-IronPort-AV: E=McAfee;i="6700,10204,11406"; a="45707638" X-IronPort-AV: E=Sophos;i="6.15,221,1739865600"; d="scan'208,217";a="45707638" X-Received: from fmviesa007.fm.intel.com ([10.60.135.147]) by fmvoesa113.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Apr 2025 23:44:57 -0700 X-CSE-ConnectionGUID: C06hGqjZTPiMiTsuCYjmSg== X-CSE-MsgGUID: b7ueTxE1TrqHiAMXgDzbgQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.15,221,1739865600"; d="scan'208,217";a="131062775" X-Received: from orsmsx901.amr.corp.intel.com ([10.22.229.23]) by fmviesa007.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Apr 2025 23:44:57 -0700 X-Received: from ORSMSX901.amr.corp.intel.com (10.22.229.23) by ORSMSX901.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.14; Thu, 17 Apr 2025 23:44:56 -0700 X-Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by ORSMSX901.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.14 via Frontend Transport; Thu, 17 Apr 2025 23:44:56 -0700 X-Received: from NAM02-DM3-obe.outbound.protection.outlook.com (104.47.56.46) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.44; Thu, 17 Apr 2025 23:44:54 -0700 X-Received: from MN6PR11MB8244.namprd11.prod.outlook.com (2603:10b6:208:470::14) by SJ0PR11MB8294.namprd11.prod.outlook.com (2603:10b6:a03:478::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8632.42; Fri, 18 Apr 2025 06:44:51 +0000 X-Received: from MN6PR11MB8244.namprd11.prod.outlook.com ([fe80::41a4:c775:32e6:76a8]) by MN6PR11MB8244.namprd11.prod.outlook.com ([fe80::41a4:c775:32e6:76a8%6]) with mapi id 15.20.8655.022; Fri, 18 Apr 2025 06:44:51 +0000 From: "Ni, Ray via groups.io" To: "kuqin@microsoft.com" CC: "Kinney, Michael D" , "devel@edk2.groups.io" , "Ni, Ray" Subject: [edk2-devel] A bug in the SmmCommunication V3 logic Thread-Topic: A bug in the SmmCommunication V3 logic Thread-Index: AQHbsCxo5nQBH4RMRk+1qEepe02xqA== Date: Fri, 18 Apr 2025 06:44:51 +0000 Message-ID: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MN6PR11MB8244:EE_|SJ0PR11MB8294:EE_ x-ms-office365-filtering-correlation-id: 893c636d-bfb4-4be2-85a7-08dd7e448513 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: =?iso-8859-1?Q?H1Q36Vh3j7ppvFS8Kc3FDnNM7+gmmTatvz0zPysHHV081p31yV8qxWG1wE?= =?iso-8859-1?Q?cOXvg+ynWOPJFsJQQsFk0lq6fqaP4/i/HkwXmP8QHr2LF/+RabvNjzoGkv?= =?iso-8859-1?Q?xhqa238gZyujMeKyXEtg3pW1MK2PX272hBOsjW67U+WlW0BWb5Tk9EF7cZ?= =?iso-8859-1?Q?FzNZxYX/l6E4vqztfND30E7seTjyx2E5GblJwS5Nkrexf51tfO+oetp0KB?= =?iso-8859-1?Q?GmAkYJlieC59N97xRC3HDtPogr5mldrsKLVSMNUEnPfDlCKPQ4QbnX8ch8?= =?iso-8859-1?Q?SSJc/WvVIULe5EHIPrWXkUjtIZVtEL/Oa4GsdOv7qW6YxYHEJRkgA0l9j9?= =?iso-8859-1?Q?q2Q0BXloddDp7S8MdmZQja8zF9M4ZBBl/cqRNDko56/tqv6TBFqiQ/z2bc?= =?iso-8859-1?Q?pZc9lzXUqHvGPdnY4GGJ/W3sg1WU7zB0qOAucr0gP6/LTdSIgHv641cs35?= =?iso-8859-1?Q?pI3ysLSZB0DNBvzhBURFR7yZEmawy6mjaY94YjFq4rSku8XpoG/gezKsBI?= =?iso-8859-1?Q?VFwpl4ScsrohQoPjmPdECThhvsAooxTgxc9U9MR7c8gCWl3k858vKSNbPB?= =?iso-8859-1?Q?AUKaf8Bd+zvzUKN6MFcRcjf9ZPE/O/IgpvLXeEGNO6nJ+3feUTyWrIwewd?= =?iso-8859-1?Q?/aH3qoxVPWEBDS2xpE1TBbk5SvIIcg2uizNQkbIktl1+vy3x2ylP/EExvY?= =?iso-8859-1?Q?GQy2ua3M9raz40vqxVOEQkQSBOl1wb2rmbWPmjJnBDcHUTwI7q08drVr28?= =?iso-8859-1?Q?H/bKP3COjLkmteKbel+rrChLD9kWNb9+n6J6V/OMX3wkDJeRXFoCXsF2VI?= =?iso-8859-1?Q?AVN+rn65l+xbqHPKE1OyHfDo3irZra4Nr6aP9ogOw/98Xo0S6rhwXvyESA?= =?iso-8859-1?Q?CiFw7/pNu64OYsM/mCOBhTR+5TSeQPABxa7XxIl1VeO7UhvV7Azt5GVU9R?= =?iso-8859-1?Q?/T9Ya4wVE3L7iFCo800yh0mAVuRm6dkenEnb5x1gzYmGWK8Is8U+ljxfFJ?= =?iso-8859-1?Q?USwa6y0KYoFxhwKZP/2cvnR4iZsVS3iD04+6w0cI6VwtOHkQyp5xQzCDOg?= =?iso-8859-1?Q?1cTwiRylsDNYqE2CMYZphqQaOmJBv0Cf6BXx0O+v2by1wD6z8p53GTgLYf?= =?iso-8859-1?Q?jWNdVHWqS12u/w4yamFslrHalx5BWQWqDwgHIO6naA+5QvdAXPJoYzEZYx?= =?iso-8859-1?Q?6TLN3+MZe54Yy/FEW6kWL6skKV1Gc17/3dsHyothAmU/zXI519vP7DeF7i?= =?iso-8859-1?Q?TfNnA/OcbN5H5VjgLtgZEfVtY06JcomZiaWXteis7hkH541EVHcdijFKvp?= =?iso-8859-1?Q?V40r+skbPEaEa/qx2wb14bGSB03wfJjpH78jHR0oVbjPYO1CzZ85NO932J?= =?iso-8859-1?Q?t0UhMELf9sJmCt5P1dxRC8rWRaj/+1UqHsu+PzCATc7FhaCV0UIuXlxHyn?= =?iso-8859-1?Q?L1+OJALBoz7xuqYv5vfC2RP6rCiFclBH+UcqivZeyj/wDY1lJWNopUdFgL?= =?iso-8859-1?Q?YyvGcQJwurYfxfPHZlcXy/OwdJiXv9X6pmkfOjTrwREYVULYroWGhmqSKo?= =?iso-8859-1?Q?6zkdFmw=3D?= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?RD1k1eYQTSDu4UN2uTDx4qPcKFax/02OOWVTQD6RauV/YClR7Ad3+mCvjV?= =?iso-8859-1?Q?YuxLlxwNpwHzwkjA8tdKi2JeWsszuAjSuKp/9e13m1q7agcrtyhrL655Mp?= =?iso-8859-1?Q?q1/w54D7zEv4Nt0kvl7OsuOLyM+W7QyDO6jhu0kJeXm3I7bONjejPA4oiU?= =?iso-8859-1?Q?QYwkTsCDlQGo0U+BeInSQ+Z0/qtKEirPzOoLTBJrFBEwh/drQUuNHPFkiA?= =?iso-8859-1?Q?vuDfLu9X1Qrqr8uNjukToX65zdxaAbeyUZQnWL0hUIysMH4SAxDNzcwsJ1?= =?iso-8859-1?Q?BvSgwZ+9hTUUeD9qgVdlRU5gUFwIwSe+wtCHBmpHJFxIRqIUxDL/XUFfAO?= =?iso-8859-1?Q?Dq78uSV6sgzO0cNnb+Gg7PKy0ELqBlM91uTkI7FRNk+MjVCMz6tIbmHcLw?= =?iso-8859-1?Q?ZOvf3SlU+olNxOT6D+hmGgxfInm68Eg46YQjc1LJ70nTvMYAiK6UrLDgBr?= =?iso-8859-1?Q?U+kgZvPL+fT/MFg9VFNfuagmUHGFlw1UHfOC8E0msC5iFMm7+sWN1dkzDL?= =?iso-8859-1?Q?3UJdBiY0D0eLQoF696AQ/E8OCmBLpZnGitNRjbdlzLFg2YcPEqk2AVFpBu?= =?iso-8859-1?Q?9QMV6pq6PmHsfmwvNiLUT93dWeY2WSchFZGV5DjqdITTmK9Mi9HoAR+v+L?= =?iso-8859-1?Q?8SYJwE/VizXq9dvYfw7u9EsfuAoqdV9IcJkyWKODSce1X2iIwnr/eSS3S1?= =?iso-8859-1?Q?Sy2qEhWm9R95BdASfifbOPNrvY/ViDP3NV3SfSanA3TXOgL/9HDcVc7yU1?= =?iso-8859-1?Q?gr4BNqEaFKYmiUDiAFO5u2XGl0+881PupfP+tJZz1wKLnneSF9c18AOPTN?= =?iso-8859-1?Q?NZ2BnpxzIzbHhPzHlwQ0u6iN1z838+bjK0nv8cetF3fRrrdAQTQddviYok?= =?iso-8859-1?Q?bbquv4h+19w4qtWUIBRsR+JmjAaHzYa9xqtqormW0vVDaxv6OuxTV1RtMR?= =?iso-8859-1?Q?TTqNfuVTC2rzRgAO93oOSzDrebEBgFkDLJr84eKy/iZdzCmnXBUQJxnpqH?= =?iso-8859-1?Q?PXXWfwHNRidyjujag3RVow/FWdRLpw+uIOfS2MBqL3KPMOivIgU4/3FtcJ?= =?iso-8859-1?Q?iazVBTomsvnEb6ecZ18fOeyyMd8HsHKUgFUxpJMt8fnfLkqebh5dj7nYy4?= =?iso-8859-1?Q?fLlDzUb2mJeE/nBmYUO3ne9ymE0TTJPQ73ePa9TElRuFLPcgiedGBbaccn?= =?iso-8859-1?Q?2jAaV55kj1jTkmHbm0LccUCmfrM8+YPz6U5dEEeYHvT7nqVYDabzAxfXbA?= =?iso-8859-1?Q?wV3UIGadmp+8dNTqt12xxjpDkomBxpsFX1YxLcp/eVyQPlkfY+/Vj/X1L9?= =?iso-8859-1?Q?y+EZmmnG6HJV6ff390s1jLBr2O7pWWMXoAIhbzPATVW/VZNC7bBSWONB+b?= =?iso-8859-1?Q?uwQat63uE+4EBxXJCCvSk556ZG2deR7qq4kXdPzZ5raOYcBTIUX52hzz5d?= =?iso-8859-1?Q?y1ohFXWdFqqFfgJinw8UprTJaWkcw5tZGO2iPSKvm77Ka0CnvIo+5VaRTw?= =?iso-8859-1?Q?Xxn4UG/nPLxNP8ELky3bQtdyjRC5CNzri2vUzJdhAMd19wcAc7l7ja5BJ4?= =?iso-8859-1?Q?2bUkpzXHDGVq9RtS8T4CXra1GfLtt+4QHZNIojQn64P7+oB7eAmWdJlqJI?= =?iso-8859-1?Q?Ca2/adq6jSJPQ=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MN6PR11MB8244.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 893c636d-bfb4-4be2-85a7-08dd7e448513 X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Apr 2025 06:44:51.1476 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: z3yvxZxnO8/lrb4+Sj58NF4Ma2V8er+pH74dmGaLyRQ918kKbkXIURxwKAEZJ0+xO0xjCQLoSLelFwP9oGjYPg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR11MB8294 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Thu, 17 Apr 2025 23:44:57 -0700 Resent-From: ray.ni@intel.com Reply-To: devel@edk2.groups.io,ray.ni@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: HDp0VZOHD2ait76xQS8Yk0cWx7686176AA= Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_MN6PR11MB8244F17EEB897171F69C40E18CBF2MN6PR11MB8244namp_" X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240830 header.b=g16MV1jC; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io --_000_MN6PR11MB8244F17EEB897171F69C40E18CBF2MN6PR11MB8244namp_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Qin, I think there is a bug in the SmmCommunication protocol implementation. All 3 communication protocol calls go to the same communicate() function th= at tests the HeaderGuid against the V3 GUID. But when the call is from runtime, reading the HeaderGuid using the physica= l address of communication buffer would cause page fault. The virtual addre= ss should be used. The bug was not there without your patch because the communicate routines h= appened not to read any bytes from the communication buffer but simply pass= the address to SMM. SMM expects the physical address because the virtual-t= o-physical mapping in SMM is identical. The bug exists in both the SmmIpl.c in MdeModulePkg and the MmCommunication= Dxe.c in StandaloneMmPkg. The bug would cause OS boot failure if there is any communication protocol = invocation after ExitBootService. I guess the bug might not be there in your first version of patch, but was = introduced when I asked you to consolidate the logic together. Can you kindly reproduce it locally and send out a fix after confirming? Thanks, Ray -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#121264): https://edk2.groups.io/g/devel/message/121264 Mute This Topic: https://groups.io/mt/112327494/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- --_000_MN6PR11MB8244F17EEB897171F69C40E18CBF2MN6PR11MB8244namp_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi Qin,
I think there is a bug in the SmmCommunication protocol implementation.

All 3 communication protocol calls go to the same communicate() function th= at tests the HeaderGuid against the V3 GUID.
But when the call is from runtime, reading the HeaderGuid using the physica= l address of communication buffer would cause page fault. The virtual addre= ss should be used.
The bug was not there without your patch because the communicate routines h= appened not to read any bytes from the communication buffer but simply pass= the address to SMM. SMM expects the physical address because the virtual-t= o-physical mapping in SMM is identical.

The bug exists in both the SmmIpl.c in MdeModulePkg and the MmCommunication= Dxe.c in StandaloneMmPkg.
The bug would cause OS boot failure if there is any communication protocol = invocation after ExitBootService.

I guess the bug might not be there in your first version of patch, but was = introduced when I asked you to consolidate the logic together.

Can you kindly reproduce it locally and send out a fix after confirming?

Thanks,
Ray
_._,_._,_
Groups.io Links:

=20 You receive all messages sent to this group. =20 =20

View/Reply Online (#121264) | =20 | Mute= This Topic | New Topic
Your Subscriptio= n | Contact Group Owner | Unsubscribe [rebecca@openfw.io]

_._,_._,_
--_000_MN6PR11MB8244F17EEB897171F69C40E18CBF2MN6PR11MB8244namp_--