Use SmmMemLib to check communication buffer.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Gao, Liming" <liming.gao@intel.com> Reviewed-by: "Fan, Jeff" <jeff.fan@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16694 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
@@ -85,11 +85,6 @@ SMM_CORE_SMI_HANDLERS mSmmCoreSmiHandlers[] = {
|
||||
UINTN mFullSmramRangeCount;
|
||||
EFI_SMRAM_DESCRIPTOR *mFullSmramRanges;
|
||||
|
||||
//
|
||||
// Maximum support address used to check input CommunicationBuffer
|
||||
//
|
||||
UINTN mMaximumSupportAddress = 0;
|
||||
|
||||
/**
|
||||
Place holder function until all the SMM System Table Service are available.
|
||||
|
||||
@@ -279,76 +274,6 @@ SmmEndOfDxeHandler (
|
||||
return Status;
|
||||
}
|
||||
|
||||
/**
|
||||
Caculate and save the maximum support address.
|
||||
|
||||
**/
|
||||
VOID
|
||||
CaculateMaximumSupportAddress (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
VOID *Hob;
|
||||
UINT32 RegEax;
|
||||
UINT8 PhysicalAddressBits;
|
||||
|
||||
//
|
||||
// Get physical address bits supported.
|
||||
//
|
||||
Hob = GetFirstHob (EFI_HOB_TYPE_CPU);
|
||||
if (Hob != NULL) {
|
||||
PhysicalAddressBits = ((EFI_HOB_CPU *) Hob)->SizeOfMemorySpace;
|
||||
} else {
|
||||
AsmCpuid (0x80000000, &RegEax, NULL, NULL, NULL);
|
||||
if (RegEax >= 0x80000008) {
|
||||
AsmCpuid (0x80000008, &RegEax, NULL, NULL, NULL);
|
||||
PhysicalAddressBits = (UINT8) RegEax;
|
||||
} else {
|
||||
PhysicalAddressBits = 36;
|
||||
}
|
||||
}
|
||||
//
|
||||
// IA-32e paging translates 48-bit linear addresses to 52-bit physical addresses.
|
||||
//
|
||||
ASSERT (PhysicalAddressBits <= 52);
|
||||
if (PhysicalAddressBits > 48) {
|
||||
PhysicalAddressBits = 48;
|
||||
}
|
||||
|
||||
//
|
||||
// Save the maximum support address in one global variable
|
||||
//
|
||||
mMaximumSupportAddress = (UINTN) (LShiftU64 (1, PhysicalAddressBits) - 1);
|
||||
DEBUG ((EFI_D_INFO, "mMaximumSupportAddress = 0x%lx\n", mMaximumSupportAddress));
|
||||
}
|
||||
|
||||
/**
|
||||
Check if input buffer is in valid address scope or not.
|
||||
|
||||
@param[in] Pointer Pointer to the input buffer.
|
||||
@param[in] BufferSize Input buffer size in bytes.
|
||||
|
||||
@retval TRUE The input buffer is in valid address scope.
|
||||
@retval FALSE The input buffer is not in valid address scope.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
IsValidPointer (
|
||||
IN VOID *Pointer,
|
||||
IN UINTN BufferSize
|
||||
)
|
||||
{
|
||||
if ((UINTN) Pointer > mMaximumSupportAddress) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (BufferSize > (mMaximumSupportAddress - (UINTN) Pointer)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
The main entry point to SMM Foundation.
|
||||
|
||||
@@ -398,7 +323,7 @@ SmmEntryPoint (
|
||||
//
|
||||
// Synchronous SMI for SMM Core or request from Communicate protocol
|
||||
//
|
||||
if (!IsValidPointer (gSmmCorePrivate->CommunicationBuffer, gSmmCorePrivate->BufferSize)) {
|
||||
if (!SmmIsBufferOutsideSmmValid ((UINTN)gSmmCorePrivate->CommunicationBuffer, gSmmCorePrivate->BufferSize)) {
|
||||
//
|
||||
// If CommunicationBuffer is not in valid address scope, return EFI_INVALID_PARAMETER
|
||||
//
|
||||
@@ -484,9 +409,10 @@ SmmMain (
|
||||
gSmmCorePrivate->SmmEntryPoint = SmmEntryPoint;
|
||||
|
||||
//
|
||||
// Initialize memory service using free SMRAM
|
||||
// No need to initialize memory service.
|
||||
// It is done in constructor of PiSmmCoreMemoryAllocationLib(),
|
||||
// so that the library linked with PiSmmCore can use AllocatePool() in constuctor.
|
||||
//
|
||||
SmmInitializeMemoryServices (gSmmCorePrivate->SmramRangeCount, gSmmCorePrivate->SmramRanges);
|
||||
|
||||
SmramProfileInit ();
|
||||
|
||||
@@ -512,10 +438,5 @@ SmmMain (
|
||||
|
||||
RegisterSmramProfileHandler ();
|
||||
|
||||
//
|
||||
// Caculate and save maximum support address used in SmmEntryPoint().
|
||||
//
|
||||
CaculateMaximumSupportAddress ();
|
||||
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
|
Reference in New Issue
Block a user