diff options
| author | Star Zeng <star.zeng@intel.com> | 2016-12-12 09:37:36 +0800 |
|---|---|---|
| committer | Star Zeng <star.zeng@intel.com> | 2016-12-12 09:39:07 +0800 |
| commit | e643e66fdf99924a250282ce45a1cc38076e2cfe (patch) | |
| tree | 57f92dcf4c03bcc9cc7e464352fc9ac4864f739b | |
| parent | e71ee2151fa5acabfb944f60898ae8132cf39811 (diff) | |
| download | edk2-e643e66fdf99924a250282ce45a1cc38076e2cfe.tar.gz | |
SecurityPkg VariableSmm: Do not need check CommBufferSize buffer
Current code in SmmVariableHandler() checks CommBufferSize
buffer to make sure it points to outside SMRAM in
"case SMM_VARIABLE_FUNCTION_GET_STATISTICS".
But after eaae7b33b1cf6b9f21db1636f219c2b6a8d88afd,
CommBufferSize buffer points to SMRAM that was used by
SMM core to cache CommSize from SmmCommunication protocol,
then the check will fail definitely and GET_STATISTICS
feature breaks.
In fact, do not need check CommBufferSize buffer at all
even before eaae7b33b1cf6b9f21db1636f219c2b6a8d88afd.
Before eaae7b33b1cf6b9f21db1636f219c2b6a8d88afd,
CommBufferSize buffer pointed to gSmmCorePrivate->BufferSize
that is outside SMRAM, the check will success definitely;
after eaae7b33b1cf6b9f21db1636f219c2b6a8d88afd,
CommBufferSize buffer points to local variable BufferSize
(in SMRAM) in SmmEntryPoint(), the check is not needed
definitely.
The patch is to remove the check.
NOTE: This patch comes from 62016c1e898434a0326f658912b1e7e0a9c5575e
in master. Since master already has variable driver merged from
SecurityPkg to MdeModulePkg, 62016c1e898434a0326f658912b1e7e0a9c5575e
in master only updated MdeModulePkg. But variable drivers in UDK2014.SP1
are not merged, so both MdeModulePkg and SecurityPkg need to be updated,
e71ee2151fa5acabfb944f60898ae8132cf39811 is to cover MdeModulePkg update,
this patch is to cover SecurityPkg update.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jeff Fan <jeff.fan@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
| -rw-r--r-- | SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c index e739ae6161..5cc3fe2a6c 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c @@ -14,7 +14,7 @@ VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
SmmVariableGetStatistics() should also do validation based on its own knowledge.
-Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -675,11 +675,10 @@ SmmVariableHandler ( // It is covered by previous CommBuffer check
//
- if (!SmmIsBufferOutsideSmmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)CommBufferSize, sizeof(UINTN))) {
- DEBUG ((EFI_D_ERROR, "GetStatistics: SMM communication buffer in SMRAM!\n"));
- Status = EFI_ACCESS_DENIED;
- goto EXIT;
- }
+ //
+ // Do not need to check CommBufferSize buffer as it should point to SMRAM
+ // that was used by SMM core to cache CommSize from SmmCommunication protocol.
+ //
Status = SmmVariableGetStatistics (VariableInfo, &InfoSize);
*CommBufferSize = InfoSize + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
|