Remove the complex buffer since the _LOCK_VARIABLE won't be allowed after leaving DXE phase.

Add the variable name size check in the RequestToLock wrapper.

Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14377 6f19259b-4bc3-4df7-8a09-765794883524

MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c

@@ -186,6 +186,7 @@ VariableLockRequestToLock (
   )
 {
   EFI_STATUS                                Status;
+  UINTN                                     VariableNameSize;
   UINTN                                     PayloadSize;
   SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE    *VariableToLock;
 
@@ -193,13 +194,22 @@ VariableLockRequestToLock (
     return EFI_INVALID_PARAMETER;
   }
 
+  VariableNameSize = StrSize (VariableName);
+
+  //
+  // If VariableName exceeds SMM payload limit. Return failure
+  //
+  if (VariableNameSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name)) {
+    return EFI_INVALID_PARAMETER;
+  }
+
   AcquireLockOnlyAtBootTime(&mVariableServicesLock);
 
   //
   // Init the communicate buffer. The buffer data size is:
   // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
   //
-  PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name) + StrSize (VariableName);
+  PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name) + VariableNameSize;
   Status = InitCommunicateBuffer ((VOID **) &VariableToLock, PayloadSize, SMM_VARIABLE_FUNCTION_LOCK_VARIABLE);
   if (EFI_ERROR (Status)) {
     goto Done;
@@ -207,7 +217,7 @@ VariableLockRequestToLock (
   ASSERT (VariableToLock != NULL);
 
   CopyGuid (&VariableToLock->Guid, VendorGuid);
-  VariableToLock->NameSize = StrSize (VariableName);
+  VariableToLock->NameSize = VariableNameSize;
   CopyMem (VariableToLock->Name, VariableName, VariableToLock->NameSize);
 
   //