From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web12.579.1618249012641354499 for ; Mon, 12 Apr 2021 10:36:53 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=YWw5Hd6W; spf=pass (domain: redhat.com, ip: 170.10.133.124, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1618249011; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5EhEgfGqC+giN/o8QhaCEpF0/oiW6z3yij6QTAeXr6M=; b=YWw5Hd6WI3eIT4abRGIf5tEA2R8kFbehGZXL9ZNQ/E5YyKAySS/SDBMjz3z2EN8+/YmB5c 7suNltMd+bV51++dTI2Web4iL0xrkZOcGGlniSkM5SivX/PF4kpPSFjwkrm+B0V3e3amvp WIwqcgw5SP4wfHPbFr5FJAZ0wvr6hNg= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-374-yQ7hIxM1PFmBB5LvT13Mqw-1; Mon, 12 Apr 2021 13:36:48 -0400 X-MC-Unique: yQ7hIxM1PFmBB5LvT13Mqw-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 05E2A800D53; Mon, 12 Apr 2021 17:36:47 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-115-23.ams2.redhat.com [10.36.115.23]) by smtp.corp.redhat.com (Postfix) with ESMTP id B94AA5C1C2; Mon, 12 Apr 2021 17:36:45 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH v1 1/1] UefiCpuPkg: PiSmmCpuDxeSmm: Check buffer size before accessing From: "Laszlo Ersek" To: Kun Qin , devel@edk2.groups.io Cc: Eric Dong , Ray Ni , Rahul Kumar Reply-To: devel@edk2.groups.io, lersek@redhat.com References: <20210406195254.1018-1-kuqin12@gmail.com> <20210406195254.1018-2-kuqin12@gmail.com> Message-ID: Date: Mon, 12 Apr 2021 19:36:44 +0200 MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 04/07/21 18:08, Laszlo Ersek wrote: > On 04/06/21 21:52, Kun Qin wrote: >> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3283 >> >> Current SMM Save State routine does not check the number of bytes to be >> read, when it comse to read IO_INFO, before casting the incoming buffer >> to EFI_SMM_SAVE_STATE_IO_INFO. This could potentially cause memory >> corruption due to extra bytes are written out of buffer boundary. >> >> This change adds a width check before copying IoInfo into output buffer. >> >> Cc: Eric Dong >> Cc: Ray Ni >> Cc: Laszlo Ersek >> Cc: Rahul Kumar >> >> Signed-off-by: Kun Qin >> Reviewed-by: Ray Ni >> Reviewed-by: Laszlo Ersek >> --- >> >> Notes: >> v2: >> - Update return code description [Laszlo] >> >> UefiCpuPkg/PiSmmCpuDxeSmm/SmramSaveState.c | 9 ++++++++- >> UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 2 +- >> 2 files changed, 9 insertions(+), 2 deletions(-) > > Thanks, looks OK. I'll let Ray or Eric merge the patch. :/ Merged as commit a7d8e28b29f2, via . Laszlo