From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com [209.85.216.47])
 by mx.groups.io with SMTP id smtpd.web08.683.1618249418730653788
 for <devel@edk2.groups.io>;
 Mon, 12 Apr 2021 10:43:38 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20161025 header.b=vYJRPVly;
 spf=pass (domain: gmail.com, ip: 209.85.216.47, mailfrom: kuqin12@gmail.com)
Received: by mail-pj1-f47.google.com with SMTP id u14-20020a17090a1f0eb029014e38011b09so2702160pja.5
        for <devel@edk2.groups.io>; Mon, 12 Apr 2021 10:43:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=subject:to:cc:references:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-language:content-transfer-encoding;
        bh=bpIbV/lqhjCQHNecOqc69Vl1YA3p7k7DuBPsbE1W6iY=;
        b=vYJRPVlyrxN9Lk4rUWy0m59X92KRzn7nFRrcefbePUX2fdr+/z+7Eh5Wo9gaqmKCMq
         YNbRGD+CT5cWLqBWmmd0xSiySBxIwt9nAqCJvt9ttlZssqocebEaUzL2zGD02Cl6PE31
         vNx+R+iNMB2yEf/qLwtkB6Edje+bGAGBcZfmUEmBu/AKCooy6M1ezF7edB5vcqaYuNuT
         mOhGljJRGBMNoFlCPWndinxpu13kX4faVle4BOtstmzjxiIIkPRbB3gE1FZYwQ7/06tj
         aFNUalX6i7tbvaDeoomJdECYrWAInu5QB7gC+R3SoybWQiv/lOMmRzK1g559V7JtNUVk
         zwxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=bpIbV/lqhjCQHNecOqc69Vl1YA3p7k7DuBPsbE1W6iY=;
        b=WL3fGGYyLimEWdigAV3EIMhemN887kP1SRzBWafBP6Sv22RoNG2SOiS3DVpiUvyBCd
         /GBzVivgR0ZbEbmaxHjNciY5jdc8KfOJY6E/lqgcUmUFNCxC4sXeAaxsJpgl0YMWCHnW
         SEqissuRdeqvCQ4qtlu0rzZ0WtpEIcP/ZEx/7cqf2IH6FUTXf2674I5+N2N6DvO+6rOs
         hK1TOZtM10j3srwY0ADK8cKj3qKqwVAGJieKmU9EhBchLv18Q8MLhvX7BFSqQyyhu+iT
         uaxTW+fFpwS6A/5YGtAAEiywhJ8aX35TDX648oNwTA5MFyD1x1VYc62p5X3nx6kASLBv
         lSAg==
X-Gm-Message-State: AOAM530Lwv6hDtRuBfB7ksVmkhrgMU0CLy37NGlZi53s9A8IXM0wb9mB
	9Uq8fBsg1s+LdUXQed6asB8=
X-Google-Smtp-Source: ABdhPJzhwVnzmrVjSvrrMp9bgYTwu59goe1WvFwDK/RVnSK9YhVMy2w2zYe/CKypAbS0Pa7b7z6tWw==
X-Received: by 2002:a17:902:d70f:b029:ea:83ae:2336 with SMTP id w15-20020a170902d70fb02900ea83ae2336mr16306746ply.4.1618249418298;
        Mon, 12 Apr 2021 10:43:38 -0700 (PDT)
Return-Path: <kuqin12@gmail.com>
Received: from [192.168.50.18] ([50.35.88.161])
        by smtp.gmail.com with ESMTPSA id z18sm10299258pfa.39.2021.04.12.10.43.37
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Mon, 12 Apr 2021 10:43:37 -0700 (PDT)
Subject: Re: [edk2-devel] [PATCH v1 1/1] UefiCpuPkg: PiSmmCpuDxeSmm: Check buffer size before accessing
To: devel@edk2.groups.io, lersek@redhat.com
Cc: Eric Dong <eric.dong@intel.com>, Ray Ni <ray.ni@intel.com>,
 Rahul Kumar <rahul1.kumar@intel.com>
References: <20210406195254.1018-1-kuqin12@gmail.com>
 <20210406195254.1018-2-kuqin12@gmail.com>
 <d6b7634b-278a-cf69-190f-0eeae7707166@redhat.com>
 <a44775b4-18b6-4e9d-aaa6-dc0b925d94df@redhat.com>
From: "Kun Qin" <kuqin12@gmail.com>
Message-ID: <c8ebddfb-6eaf-6bce-08ed-eec423024f03@gmail.com>
Date: Mon, 12 Apr 2021 10:43:37 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.9.1
MIME-Version: 1.0
In-Reply-To: <a44775b4-18b6-4e9d-aaa6-dc0b925d94df@redhat.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit

Hi Laszlo,

Thanks for the help.

Regards,
Kun

On 04/12/2021 10:36, Laszlo Ersek wrote:
> On 04/07/21 18:08, Laszlo Ersek wrote:
>> On 04/06/21 21:52, Kun Qin wrote:
>>> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3283
>>>
>>> Current SMM Save State routine does not check the number of bytes to be
>>> read, when it comse to read IO_INFO, before casting the incoming buffer
>>> to EFI_SMM_SAVE_STATE_IO_INFO. This could potentially cause memory
>>> corruption due to extra bytes are written out of buffer boundary.
>>>
>>> This change adds a width check before copying IoInfo into output buffer.
>>>
>>> Cc: Eric Dong <eric.dong@intel.com>
>>> Cc: Ray Ni <ray.ni@intel.com>
>>> Cc: Laszlo Ersek <lersek@redhat.com>
>>> Cc: Rahul Kumar <rahul1.kumar@intel.com>
>>>
>>> Signed-off-by: Kun Qin <kuqin12@gmail.com>
>>> Reviewed-by: Ray Ni <ray.ni@intel.com>
>>> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>>> ---
>>>
>>> Notes:
>>>      v2:
>>>      - Update return code description [Laszlo]
>>>
>>>   UefiCpuPkg/PiSmmCpuDxeSmm/SmramSaveState.c | 9 ++++++++-
>>>   UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 2 +-
>>>   2 files changed, 9 insertions(+), 2 deletions(-)
>>
>> Thanks, looks OK. I'll let Ray or Eric merge the patch.
> 
> :/
> 
> Merged as commit a7d8e28b29f2, via
> <https://github.com/tianocore/edk2/pull/1554>.
> 
> Laszlo
>