From e71ee2151fa5acabfb944f60898ae8132cf39811 Mon Sep 17 00:00:00 2001 From: Star Zeng Date: Fri, 9 Dec 2016 14:47:03 +0800 Subject: MdeModulePkg VariableSmm: Do not need check CommBufferSize buffer Current code in SmmVariableHandler() checks CommBufferSize buffer to make sure it points to outside SMRAM in "case SMM_VARIABLE_FUNCTION_GET_STATISTICS". But after eaae7b33b1cf6b9f21db1636f219c2b6a8d88afd, CommBufferSize buffer points to SMRAM that was used by SMM core to cache CommSize from SmmCommunication protocol, then the check will fail definitely and GET_STATISTICS feature breaks. In fact, do not need check CommBufferSize buffer at all even before eaae7b33b1cf6b9f21db1636f219c2b6a8d88afd. Before eaae7b33b1cf6b9f21db1636f219c2b6a8d88afd, CommBufferSize buffer pointed to gSmmCorePrivate->BufferSize that is outside SMRAM, the check will success definitely; after eaae7b33b1cf6b9f21db1636f219c2b6a8d88afd, CommBufferSize buffer points to local variable BufferSize (in SMRAM) in SmmEntryPoint(), the check is not needed definitely. The patch is to remove the check. Cc: Jiewen Yao Cc: Jeff Fan Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng Reviewed-by: Jiewen Yao (cherry picked from commit 62016c1e898434a0326f658912b1e7e0a9c5575e) --- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c index 35c9e20..7bd1862 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c @@ -15,7 +15,7 @@ VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(), SmmVariableGetStatistics() should also do validation based on its own knowledge. -Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -652,11 +652,10 @@ SmmVariableHandler ( // It is covered by previous CommBuffer check // - if (!SmmIsBufferOutsideSmmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)CommBufferSize, sizeof(UINTN))) { - DEBUG ((EFI_D_ERROR, "GetStatistics: SMM communication buffer in SMRAM!\n")); - Status = EFI_ACCESS_DENIED; - goto EXIT; - } + // + // Do not need to check CommBufferSize buffer as it should point to SMRAM + // that was used by SMM core to cache CommSize from SmmCommunication protocol. + // Status = SmmVariableGetStatistics (VariableInfo, &InfoSize); *CommBufferSize = InfoSize + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE; -- cgit v1.1