edk2[18312] MdeModulePkg PiSmmCore: Prevent overlap for gSmmCorePrivate and CommBuffer

Tue, 25 Aug 2015 18:11:59 -0700 

Revision: 18312
          http://sourceforge.net/p/edk2/code/18312
Author:   lzeng14
Date:     2015-08-26 01:10:39 +0000 (Wed, 26 Aug 2015)
Log Message:
-----------
MdeModulePkg PiSmmCore: Prevent overlap for gSmmCorePrivate and CommBuffer

InternalIsBufferOverlapped() is created to check overlap between buffers.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <[email protected]>
Reviewed-by: Jiewen Yao <[email protected]>

Modified Paths:
--------------
    trunk/edk2/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c

Modified: trunk/edk2/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c
===================================================================
--- trunk/edk2/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c  2015-08-26 00:59:17 UTC 
(rev 18311)
+++ trunk/edk2/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c  2015-08-26 01:10:39 UTC 
(rev 18312)
@@ -379,6 +379,37 @@
 }
 
 /**
+  Determine if two buffers overlap in memory.
+
+  @param[in] Buff1  Pointer to first buffer
+  @param[in] Size1  Size of Buff1
+  @param[in] Buff2  Pointer to second buffer
+  @param[in] Size2  Size of Buff2
+
+  @retval TRUE      Buffers overlap in memory.
+  @retval FALSE     Buffer doesn't overlap.
+
+**/
+BOOLEAN
+InternalIsBufferOverlapped (
+  IN UINT8      *Buff1,
+  IN UINTN      Size1,
+  IN UINT8      *Buff2,
+  IN UINTN      Size2
+  )
+{
+  //
+  // If buff1's end is less than the start of buff2, then it's ok.
+  // Also, if buff1's start is beyond buff2's end, then it's ok.
+  //
+  if (((Buff1 + Size1) <= Buff2) || (Buff1 >= (Buff2 + Size2))) {
+    return FALSE;
+  }
+
+  return TRUE;
+}
+
+/**
   The main entry point to SMM Foundation.
 
   Note: This function is only used by SMRAM invocation.  It is never used by 
DXE invocation.
@@ -396,6 +427,7 @@
   EFI_STATUS                  Status;
   EFI_SMM_COMMUNICATE_HEADER  *CommunicateHeader;
   BOOLEAN                     InLegacyBoot;
+  BOOLEAN                     IsOverlapped;
 
   PERF_START (NULL, "SMM", NULL, 0) ;
 
@@ -427,9 +459,17 @@
       //
       // Synchronous SMI for SMM Core or request from Communicate protocol
       //
-      if (!SmmIsBufferOutsideSmmValid 
((UINTN)gSmmCorePrivate->CommunicationBuffer, gSmmCorePrivate->BufferSize)) {
+      IsOverlapped = InternalIsBufferOverlapped (
+                       (UINT8 *) gSmmCorePrivate->CommunicationBuffer,
+                       gSmmCorePrivate->BufferSize,
+                       (UINT8 *) gSmmCorePrivate,
+                       sizeof (*gSmmCorePrivate)
+                       );
+      if (!SmmIsBufferOutsideSmmValid 
((UINTN)gSmmCorePrivate->CommunicationBuffer, gSmmCorePrivate->BufferSize) || 
IsOverlapped) {
         //
-        // If CommunicationBuffer is not in valid address scope, return 
EFI_INVALID_PARAMETER
+        // If CommunicationBuffer is not in valid address scope,
+        // or there is overlap between gSmmCorePrivate and CommunicationBuffer,
+        // return EFI_INVALID_PARAMETER
         //
         gSmmCorePrivate->CommunicationBuffer = NULL;
         gSmmCorePrivate->ReturnStatus = EFI_INVALID_PARAMETER;


------------------------------------------------------------------------------
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits

Reply via email to