SecurityPkg/Tcg: Correct buffer valid check func

For SMM, the SMM Handlers is to validate the buffer outside MMRAM including the Primary & NonPrimary buffer. For MM, the MM Handlers do not need to validate the Primary buffer if it is passed from MmCore through the MmiHandler() parameter. Return TRUE directly in this case. But need to validate NonPrimary buffer that outside MMRAM. Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Star Zeng <star.zeng@intel.com> Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com> Cc: Wei6 Xu <wei6.xu@intel.com> Cc: Dun Tan <dun.tan@intel.com> Cc: Yuanhao Xie <yuanhao.xie@intel.com>
author: Jiaxin Wu <jiaxin.wu@intel.com> 2024-05-27 13:25:15 +0800
committer: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> 2024-07-07 08:40:03 +0000
commit: d5fad2176cb14283922e07ff1758118d16b17383 (patch)
tree: 664327a1635dfc9465408cf679c1d39b93a05ed1
parent: 0986faad973c8d2e98cb8733f9c58d0210f458f4 (diff)
download: edk2-d5fad2176cb14283922e07ff1758118d16b17383.zip
edk2-d5fad2176cb14283922e07ff1758118d16b17383.tar.gz
edk2-d5fad2176cb14283922e07ff1758118d16b17383.tar.bz2
4 files changed, 88 insertions, 13 deletions
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
index c2cef76..0c2799b 100644
--- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
+++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
@@ -73,16 +73,28 @@ TpmNvsCommunciate (
     return EFI_ACCESS_DENIED;
   }
 
-  if (!IsBufferOutsideMmValid ((UINTN)CommBuffer, TempCommBufferSize)) {
+  CommParams = (TPM_NVS_MM_COMM_BUFFER *)CommBuffer;
+
+  //
+  // The Primary Buffer validation
+  //
+  if (!Tcg2IsPrimaryBufferValid ((UINTN)CommBuffer, TempCommBufferSize)) {
     DEBUG ((DEBUG_ERROR, "[%a] - MM Communication buffer in invalid location!\n", __func__));
     return EFI_ACCESS_DENIED;
   }
 
   //
+  // The NonPrimary Buffer validation
+  //
+  if (!Tcg2IsNonPrimaryBufferValid (CommParams->TargetAddress, EFI_PAGES_TO_SIZE (EFI_SIZE_TO_PAGES (sizeof (TCG_NVS))))) {
+    DEBUG ((DEBUG_ERROR, "[%a] - MM NonPrimary buffer pointed from Communication buffer in invalid location!\n", __func__));
+    return EFI_ACCESS_DENIED;
+  }
+
+  //
   // Farm out the job to individual functions based on what was requested.
   //
-  CommParams = (TPM_NVS_MM_COMM_BUFFER *)CommBuffer;
-  Status     = EFI_SUCCESS;
+  Status = EFI_SUCCESS;
   switch (CommParams->Function) {
     case TpmNvsMmExchangeInfo:
       DEBUG ((DEBUG_VERBOSE, "[%a] - Function requested: MM_EXCHANGE_NVS_INFO\n", __func__));
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h
index 3672db9..0be4984 100644
--- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h
+++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h
@@ -55,16 +55,35 @@ Tcg2NotifyMmReady (
   );
 
 /**
-  This function is an abstraction layer for implementation specific Mm buffer validation routine.
+  This function is for the Primary Buffer validation routine.
+  The Primary Buffer is the communication buffer requested from
+  Communicate protocol/PPI.
 
   @param Buffer  The buffer start address to be checked.
   @param Length  The buffer length to be checked.
 
-  @retval TRUE  This buffer is valid per processor architecture and not overlap with SMRAM.
-  @retval FALSE This buffer is not valid per processor architecture or overlap with SMRAM.
+  @retval TRUE  This buffer is valid.
+  @retval FALSE This buffer is not valid.
 **/
 BOOLEAN
-IsBufferOutsideMmValid (
+Tcg2IsPrimaryBufferValid (
+  IN EFI_PHYSICAL_ADDRESS  Buffer,
+  IN UINT64                Length
+  );
+
+/**
+  This function is for the NonPrimary Buffer validation routine.
+  The NonPrimary Buffer is the buffer which might be pointed from the
+  communication buffer.
+
+  @param Buffer  The buffer start address to be checked.
+  @param Length  The buffer length to be checked.
+
+  @retval TRUE  This buffer is valid.
+  @retval FALSE This buffer is not valid.
+**/
+BOOLEAN
+Tcg2IsNonPrimaryBufferValid (
   IN EFI_PHYSICAL_ADDRESS  Buffer,
   IN UINT64                Length
   );
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c
index 9320053..0f23662 100644
--- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c
+++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c
@@ -31,16 +31,38 @@ Tcg2NotifyMmReady (
 }
 
 /**
-  This function is an abstraction layer for implementation specific Mm buffer validation routine.
+  This function is for the Primary Buffer validation routine.
+  The Primary Buffer is the communication buffer requested from
+  Communicate protocol/PPI.
 
   @param Buffer  The buffer start address to be checked.
   @param Length  The buffer length to be checked.
 
-  @retval TRUE  This buffer is valid per processor architecture and not overlap with SMRAM.
-  @retval FALSE This buffer is not valid per processor architecture or overlap with SMRAM.
+  @retval TRUE  This buffer is valid.
+  @retval FALSE This buffer is not valid.
 **/
 BOOLEAN
-IsBufferOutsideMmValid (
+Tcg2IsPrimaryBufferValid (
+  IN EFI_PHYSICAL_ADDRESS  Buffer,
+  IN UINT64                Length
+  )
+{
+  return TRUE;
+}
+
+/**
+  This function is for the Secondary Buffer validation routine.
+  The Secondary Buffer is the buffer which is pointed from the
+  communication buffer.
+
+  @param Buffer  The buffer start address to be checked.
+  @param Length  The buffer length to be checked.
+
+  @retval TRUE  This buffer is valid.
+  @retval FALSE This buffer is not valid.
+**/
+BOOLEAN
+Tcg2IsNonPrimaryBufferValid (
   IN EFI_PHYSICAL_ADDRESS  Buffer,
   IN UINT64                Length
   )
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c
index f7d595e..fd8a51b 100644
--- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c
+++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c
@@ -41,7 +41,9 @@ Tcg2NotifyMmReady (
 }
 
 /**
-  This function is an abstraction layer for implementation specific Mm buffer validation routine.
+  This function is for the Primary Buffer validation routine.
+  The Primary Buffer is the communication buffer requested from
+  Communicate protocol/PPI.
 
   @param Buffer  The buffer start address to be checked.
   @param Length  The buffer length to be checked.
@@ -50,7 +52,27 @@ Tcg2NotifyMmReady (
   @retval FALSE This buffer is not valid per processor architecture or overlap with SMRAM.
 **/
 BOOLEAN
-IsBufferOutsideMmValid (
+Tcg2IsPrimaryBufferValid (
+  IN EFI_PHYSICAL_ADDRESS  Buffer,
+  IN UINT64                Length
+  )
+{
+  return SmmIsBufferOutsideSmmValid (Buffer, Length);
+}
+
+/**
+  This function is for the NonPrimary Buffer validation routine.
+  The NonPrimary Buffer is the buffer which is pointed from the
+  communication buffer.
+
+  @param Buffer  The buffer start address to be checked.
+  @param Length  The buffer length to be checked.
+
+  @retval TRUE  This buffer is valid.
+  @retval FALSE This buffer is not valid.
+**/
+BOOLEAN
+Tcg2IsNonPrimaryBufferValid (
   IN EFI_PHYSICAL_ADDRESS  Buffer,
   IN UINT64                Length
   )
author	Jiaxin Wu <jiaxin.wu@intel.com>	2024-05-27 13:25:15 +0800
committer	mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>	2024-07-07 08:40:03 +0000
commit	d5fad2176cb14283922e07ff1758118d16b17383 (patch)
tree	664327a1635dfc9465408cf679c1d39b93a05ed1
parent	0986faad973c8d2e98cb8733f9c58d0210f458f4 (diff)
download	edk2-d5fad2176cb14283922e07ff1758118d16b17383.zip edk2-d5fad2176cb14283922e07ff1758118d16b17383.tar.gz edk2-d5fad2176cb14283922e07ff1758118d16b17383.tar.bz2