lzeng14 
							
						 
					 
					
						
						
							
						
						164a9b6752 
					 
					
						
						
							
							Fix the TOCTOU issue of CommBufferSize itself for SMM communicate handler input.  
						
						... 
						
						
						
						Signed-off-by: Star Zeng <star.zeng@intel.com >
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com >
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14379  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2013-05-21 02:22:02 +00:00 
						 
				 
			
				
					
						
							
							
								lzeng14 
							
						 
					 
					
						
						
							
						
						5e5bb2a9ba 
					 
					
						
						
							
							1. Fix TOCTOU issue in VariableSmm, FtwSmm, FpdtSmm, SmmCorePerformance SMM handler. For VariableSmm, pre-allocate a mVariableBufferPayload buffer with mVariableBufferPayloadSize(match with mVariableBufferPayloadSize in VariableSmmRuntimeDxe) to hold communicate buffer payload to avoid TOCTOU issue.  
						
						... 
						
						
						
						2. Add check to ensure CommBufferPayloadSize not exceed mVariableBufferPayloadSize or is enough to hold function structure in VariableSmm and FtwSmm.
3. Align FtwGetLastWrite() in FaultTolerantWriteSmmDxe.c to FtwGetLastWrite() in FaultTolerantWrite.c.
Signed-off-by: Star Zeng <star.zeng@intel.com >
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com >
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14325  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2013-05-07 05:38:32 +00:00 
						 
				 
			
				
					
						
							
							
								lzeng14 
							
						 
					 
					
						
						
							
						
						9d00d20ed4 
					 
					
						
						
							
							1. Use the check IsAddressValid() to prevent SMM communication buffer overflow in SmmVariable, FtwSmm, FpdtSmm, SmmCorePerformance and SmmBaseHelper, and add check to prevent InfoSize overflows in SmmVariableHandler.  
						
						... 
						
						
						
						2. Refine the debug message.
3. Add check to make sure the input VariableName is A Null-terminated string.
4. Use local variable to hold StrSize (VariableName) to avoid duplicated StrSize calculation.
Signed-off-by: Star Zeng <star.zeng@intel.com >
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com >
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com >
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14317  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2013-04-25 10:49:45 +00:00 
						 
				 
			
				
					
						
							
							
								lzeng14 
							
						 
					 
					
						
						
							
						
						f07268bd0f 
					 
					
						
						
							
							Mallicious code may use SmmFaultTolerantWriteHandler() to update some flash area directly, like Variable region, so return EFI_ACCESS_DENIED after End Of Dxe in SmmFaultTolerantWriteHandler().  
						
						... 
						
						
						
						And add code to prevent InfoSize overflow.
Signed-off-by: Star Zeng <star.zeng@intel.com >
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com >
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14312  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2013-04-24 09:33:48 +00:00 
						 
				 
			
				
					
						
							
							
								lzeng14 
							
						 
					 
					
						
						
							
						
						7ea4cf3f59 
					 
					
						
						
							
							Add more exact SMM check in SmmFaultTolerantWriteHandler.  
						
						... 
						
						
						
						Signed-off-by: Star Zeng <star.zeng@intel.com >
Reviewed-by: Elvin Li <elvin.li@intel.com >
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13763  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2012-09-28 02:30:25 +00:00 
						 
				 
			
				
					
						
							
							
								lzeng14 
							
						 
					 
					
						
						
							
						
						d26c7e82f2 
					 
					
						
						
							
							Fix the issue that FTW driver fail to reclaim WorkSpace.  
						
						... 
						
						
						
						Signed-off-by: Star Zeng <star.zeng@intel.com >
Reviewed-by: Liming Gao <liming.gao@intel.com >
Reviewed-by: Hengyan Tao <hengyan.tao@intel.com >
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13732  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2012-09-14 06:54:35 +00:00 
						 
				 
			
				
					
						
							
							
								ydong10 
							
						 
					 
					
						
						
							
						
						c219324cc5 
					 
					
						
						
							
							Add SMRAM range check to fault tolerant write SMM SMI handler.  
						
						... 
						
						
						
						Signed-off-by: Eric Dong <eric.dong@intel.com >
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com >
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13518  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2012-07-10 08:09:09 +00:00 
						 
				 
			
				
					
						
							
							
								gdong1 
							
						 
					 
					
						
						
							
						
						f3b80a8eab 
					 
					
						
						
							
							Add SMM FTW wrapper driver since non-SMM FTW protocol can be used by some consumers (Such as capsule update) when SMM FTW driver is applied.  
						
						... 
						
						
						
						git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11246  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2011-01-12 09:05:27 +00:00 
						 
				 
			
				
					
						
							
							
								gdong1 
							
						 
					 
					
						
						
							
						
						8a2d49964e 
					 
					
						
						
							
							Add SMM Variable implementation.  
						
						... 
						
						
						
						git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11151  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2010-12-10 09:27:54 +00:00