sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

1. Fix TOCTOU issue in VariableSmm, FtwSmm, FpdtSmm, SmmCorePerformance SMM handler. For VariableSmm, pre-allocate a mVariableBufferPayload buffer with mVariableBufferPayloadSize(match with mVariableBufferPayloadSize in VariableSmmRuntimeDxe) to hold communicate buffer payload to avoid TOCTOU issue.

Browse Source 
2. Add check to ensure CommBufferPayloadSize not exceed mVariableBufferPayloadSize or is enough to hold function structure in VariableSmm and FtwSmm.
3. Align FtwGetLastWrite() in FaultTolerantWriteSmmDxe.c to FtwGetLastWrite() in FaultTolerantWrite.c.

Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14325 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
lzeng14
2013-05-07 05:38:32 +00:00
parent 845a7fe028
commit 5e5bb2a9ba
9 changed files with 311 additions and 187 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmmDxe.c
View File

@@ -3,7 +3,7 @@
Implement the Fault Tolerant Write (FTW) protocol based on SMM FTW
module.
Copyright (c) 2011, Intel Corporation. All rights reserved. <BR>
Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -463,13 +463,17 @@ FtwGetLastWrite (
// Get data from SMM
//
*PrivateDataSize = SmmFtwGetLastWriteHeader->PrivateDataSize;
if (!EFI_ERROR (Status)) {
if (Status == EFI_SUCCESS || Status == EFI_BUFFER_TOO_SMALL) {
*Lba = SmmFtwGetLastWriteHeader->Lba;
*Offset = SmmFtwGetLastWriteHeader->Offset;
*Length = SmmFtwGetLastWriteHeader->Length;
*Complete = SmmFtwGetLastWriteHeader->Complete;
CopyGuid (CallerId, &SmmFtwGetLastWriteHeader->CallerId);
CopyMem (PrivateData, SmmFtwGetLastWriteHeader->Data, *PrivateDataSize);
if (Status == EFI_SUCCESS) {
CopyMem (PrivateData, SmmFtwGetLastWriteHeader->Data, *PrivateDataSize);
}
} else if (Status == EFI_NOT_FOUND) {
*Complete = SmmFtwGetLastWriteHeader->Complete;
}
FreePool (SmmCommunicateHeader);