summaryrefslogtreecommitdiff
path: root/MdeModulePkg/Universal
diff options
context:
space:
mode:
authorniruiyu <niruiyu@6f19259b-4bc3-4df7-8a09-765794883524>2013-05-20 07:04:56 +0000
committerniruiyu <niruiyu@6f19259b-4bc3-4df7-8a09-765794883524>2013-05-20 07:04:56 +0000
commit51547bb879f66d3b4e46d69c112047d39dc234cc (patch)
tree56dfc78d6c4171c109779b6349191d211aaa4918 /MdeModulePkg/Universal
parent0ba17ade477cda3cac9419f6b00996b3b45135c5 (diff)
downloadedk2-platforms-51547bb879f66d3b4e46d69c112047d39dc234cc.tar.xz
Remove the complex buffer since the _LOCK_VARIABLE won't be allowed after leaving DXE phase.
Add the variable name size check in the RequestToLock wrapper. Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14377 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'MdeModulePkg/Universal')
-rw-r--r--MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c1
-rw-r--r--MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c48
-rw-r--r--MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c14
3 files changed, 20 insertions, 43 deletions
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
index 9e371c0a85..3cb2c6bcf3 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
@@ -22,7 +22,6 @@ EFI_HANDLE mHandle = NULL;
EFI_EVENT mVirtualAddressChangeEvent = NULL;
EFI_EVENT mFtwRegistration = NULL;
extern BOOLEAN mEndOfDxe;
-extern BOOLEAN mEnableLocking;
EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock = { VariableLockRequestToLock };
/**
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
index 4009fcb171..aea9d4bcfe 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
@@ -717,48 +717,16 @@ SmmVariableHandler (
break;
case SMM_VARIABLE_FUNCTION_LOCK_VARIABLE:
- if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name)) {
- DEBUG ((EFI_D_ERROR, "RequestToLock: SMM communication buffer size invalid!\n"));
- return EFI_SUCCESS;
- }
- //
- // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
- //
- CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);
- VariableToLock = (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *) mVariableBufferPayload;
-
- if (VariableToLock->NameSize > MAX_ADDRESS - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name)) {
- //
- // Prevent InfoSize overflow happen
- //
+ if (mEndOfDxe) {
Status = EFI_ACCESS_DENIED;
- goto EXIT;
+ } else {
+ VariableToLock = (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *) SmmVariableFunctionHeader->Data;
+ Status = VariableLockRequestToLock (
+ NULL,
+ VariableToLock->Name,
+ &VariableToLock->Guid
+ );
}
-
- if (VariableToLock->NameSize < sizeof (CHAR16) || VariableToLock->Name[VariableToLock->NameSize/sizeof (CHAR16) - 1] != L'\0') {
- //
- // Make sure VariableName is A Null-terminated string.
- //
- Status = EFI_ACCESS_DENIED;
- goto EXIT;
- }
-
- InfoSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name) + VariableToLock->NameSize;
-
- //
- // SMRAM range check already covered before
- //
- if (InfoSize > CommBufferPayloadSize) {
- DEBUG ((EFI_D_ERROR, "Data size exceed communication buffer size limit!\n"));
- Status = EFI_ACCESS_DENIED;
- goto EXIT;
- }
-
- Status = VariableLockRequestToLock (
- NULL,
- VariableToLock->Name,
- &VariableToLock->Guid
- );
break;
default:
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
index 865b9ad1a4..e7b10149fb 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
@@ -186,6 +186,7 @@ VariableLockRequestToLock (
)
{
EFI_STATUS Status;
+ UINTN VariableNameSize;
UINTN PayloadSize;
SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *VariableToLock;
@@ -193,13 +194,22 @@ VariableLockRequestToLock (
return EFI_INVALID_PARAMETER;
}
+ VariableNameSize = StrSize (VariableName);
+
+ //
+ // If VariableName exceeds SMM payload limit. Return failure
+ //
+ if (VariableNameSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
AcquireLockOnlyAtBootTime(&mVariableServicesLock);
//
// Init the communicate buffer. The buffer data size is:
// SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
//
- PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name) + StrSize (VariableName);
+ PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name) + VariableNameSize;
Status = InitCommunicateBuffer ((VOID **) &VariableToLock, PayloadSize, SMM_VARIABLE_FUNCTION_LOCK_VARIABLE);
if (EFI_ERROR (Status)) {
goto Done;
@@ -207,7 +217,7 @@ VariableLockRequestToLock (
ASSERT (VariableToLock != NULL);
CopyGuid (&VariableToLock->Guid, VendorGuid);
- VariableToLock->NameSize = StrSize (VariableName);
+ VariableToLock->NameSize = VariableNameSize;
CopyMem (VariableToLock->Name, VariableName, VariableToLock->NameSize);
//