diff options
author | Star Zeng <star.zeng@intel.com> | 2015-08-26 01:10:39 +0000 |
---|---|---|
committer | lzeng14 <lzeng14@Edk2> | 2015-08-26 01:10:39 +0000 |
commit | 3b657538dc4e83cc304b4036dc5d63969a0c10db (patch) | |
tree | a15ea935dc425d0ce8fd391fb7e4c149c97c2ff6 /MdeModulePkg | |
parent | 173a1e688c258e2fbf4f9df19ce734a5def8f065 (diff) | |
download | edk2-platforms-3b657538dc4e83cc304b4036dc5d63969a0c10db.tar.xz |
MdeModulePkg PiSmmCore: Prevent overlap for gSmmCorePrivate and CommBuffer
InternalIsBufferOverlapped() is created to check overlap between buffers.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18312 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'MdeModulePkg')
-rw-r--r-- | MdeModulePkg/Core/PiSmmCore/PiSmmCore.c | 44 |
1 files changed, 42 insertions, 2 deletions
diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c index 55dcf31713..496638a17e 100644 --- a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c +++ b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c @@ -379,6 +379,37 @@ SmmEndOfDxeHandler ( }
/**
+ Determine if two buffers overlap in memory.
+
+ @param[in] Buff1 Pointer to first buffer
+ @param[in] Size1 Size of Buff1
+ @param[in] Buff2 Pointer to second buffer
+ @param[in] Size2 Size of Buff2
+
+ @retval TRUE Buffers overlap in memory.
+ @retval FALSE Buffer doesn't overlap.
+
+**/
+BOOLEAN
+InternalIsBufferOverlapped (
+ IN UINT8 *Buff1,
+ IN UINTN Size1,
+ IN UINT8 *Buff2,
+ IN UINTN Size2
+ )
+{
+ //
+ // If buff1's end is less than the start of buff2, then it's ok.
+ // Also, if buff1's start is beyond buff2's end, then it's ok.
+ //
+ if (((Buff1 + Size1) <= Buff2) || (Buff1 >= (Buff2 + Size2))) {
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/**
The main entry point to SMM Foundation.
Note: This function is only used by SMRAM invocation. It is never used by DXE invocation.
@@ -396,6 +427,7 @@ SmmEntryPoint ( EFI_STATUS Status;
EFI_SMM_COMMUNICATE_HEADER *CommunicateHeader;
BOOLEAN InLegacyBoot;
+ BOOLEAN IsOverlapped;
PERF_START (NULL, "SMM", NULL, 0) ;
@@ -427,9 +459,17 @@ SmmEntryPoint ( //
// Synchronous SMI for SMM Core or request from Communicate protocol
//
- if (!SmmIsBufferOutsideSmmValid ((UINTN)gSmmCorePrivate->CommunicationBuffer, gSmmCorePrivate->BufferSize)) {
+ IsOverlapped = InternalIsBufferOverlapped (
+ (UINT8 *) gSmmCorePrivate->CommunicationBuffer,
+ gSmmCorePrivate->BufferSize,
+ (UINT8 *) gSmmCorePrivate,
+ sizeof (*gSmmCorePrivate)
+ );
+ if (!SmmIsBufferOutsideSmmValid ((UINTN)gSmmCorePrivate->CommunicationBuffer, gSmmCorePrivate->BufferSize) || IsOverlapped) {
//
- // If CommunicationBuffer is not in valid address scope, return EFI_INVALID_PARAMETER
+ // If CommunicationBuffer is not in valid address scope,
+ // or there is overlap between gSmmCorePrivate and CommunicationBuffer,
+ // return EFI_INVALID_PARAMETER
//
gSmmCorePrivate->CommunicationBuffer = NULL;
gSmmCorePrivate->ReturnStatus = EFI_INVALID_PARAMETER;
|