MdeModulePkg/PiSmmCore: Cache CommunicationBuffer info before using it

gSmmCorePrivate->CommunicationBuffer and gSmmCorePrivate->BufferSize locate at
runtime memory region. That means they could be modified by non-SMM code during
runtime.

We should cache them into SMM local variables before we verify them. After
verification, we should use the cached ones directly instead of the ones in
gSmmCorePrivate.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
This commit is contained in:
Jeff Fan 2016-11-18 10:46:43 +08:00
parent 01dd077315
commit eaae7b33b1
1 changed files with 12 additions and 8 deletions

View File

@ -432,6 +432,8 @@ SmmEntryPoint (
EFI_SMM_COMMUNICATE_HEADER *CommunicateHeader; EFI_SMM_COMMUNICATE_HEADER *CommunicateHeader;
BOOLEAN InLegacyBoot; BOOLEAN InLegacyBoot;
BOOLEAN IsOverlapped; BOOLEAN IsOverlapped;
VOID *CommunicationBuffer;
UINTN BufferSize;
PERF_START (NULL, "SMM", NULL, 0) ; PERF_START (NULL, "SMM", NULL, 0) ;
@ -463,17 +465,19 @@ SmmEntryPoint (
// Check to see if this is a Synchronous SMI sent through the SMM Communication // Check to see if this is a Synchronous SMI sent through the SMM Communication
// Protocol or an Asynchronous SMI // Protocol or an Asynchronous SMI
// //
if (gSmmCorePrivate->CommunicationBuffer != NULL) { CommunicationBuffer = gSmmCorePrivate->CommunicationBuffer;
BufferSize = gSmmCorePrivate->BufferSize;
if (CommunicationBuffer != NULL) {
// //
// Synchronous SMI for SMM Core or request from Communicate protocol // Synchronous SMI for SMM Core or request from Communicate protocol
// //
IsOverlapped = InternalIsBufferOverlapped ( IsOverlapped = InternalIsBufferOverlapped (
(UINT8 *) gSmmCorePrivate->CommunicationBuffer, (UINT8 *) CommunicationBuffer,
gSmmCorePrivate->BufferSize, BufferSize,
(UINT8 *) gSmmCorePrivate, (UINT8 *) gSmmCorePrivate,
sizeof (*gSmmCorePrivate) sizeof (*gSmmCorePrivate)
); );
if (!SmmIsBufferOutsideSmmValid ((UINTN)gSmmCorePrivate->CommunicationBuffer, gSmmCorePrivate->BufferSize) || IsOverlapped) { if (!SmmIsBufferOutsideSmmValid ((UINTN)CommunicationBuffer, BufferSize) || IsOverlapped) {
// //
// If CommunicationBuffer is not in valid address scope, // If CommunicationBuffer is not in valid address scope,
// or there is overlap between gSmmCorePrivate and CommunicationBuffer, // or there is overlap between gSmmCorePrivate and CommunicationBuffer,
@ -482,19 +486,19 @@ SmmEntryPoint (
gSmmCorePrivate->CommunicationBuffer = NULL; gSmmCorePrivate->CommunicationBuffer = NULL;
gSmmCorePrivate->ReturnStatus = EFI_INVALID_PARAMETER; gSmmCorePrivate->ReturnStatus = EFI_INVALID_PARAMETER;
} else { } else {
CommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *)gSmmCorePrivate->CommunicationBuffer; CommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *)CommunicationBuffer;
gSmmCorePrivate->BufferSize -= OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data); BufferSize -= OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data);
Status = SmiManage ( Status = SmiManage (
&CommunicateHeader->HeaderGuid, &CommunicateHeader->HeaderGuid,
NULL, NULL,
CommunicateHeader->Data, CommunicateHeader->Data,
&gSmmCorePrivate->BufferSize &BufferSize
); );
// //
// Update CommunicationBuffer, BufferSize and ReturnStatus // Update CommunicationBuffer, BufferSize and ReturnStatus
// Communicate service finished, reset the pointer to CommBuffer to NULL // Communicate service finished, reset the pointer to CommBuffer to NULL
// //
gSmmCorePrivate->BufferSize += OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data); gSmmCorePrivate->BufferSize = BufferSize + OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data);
gSmmCorePrivate->CommunicationBuffer = NULL; gSmmCorePrivate->CommunicationBuffer = NULL;
gSmmCorePrivate->ReturnStatus = (Status == EFI_SUCCESS) ? EFI_SUCCESS : EFI_NOT_FOUND; gSmmCorePrivate->ReturnStatus = (Status == EFI_SUCCESS) ? EFI_SUCCESS : EFI_NOT_FOUND;
} }