UINTN InfoSize;\r
UINTN NameBufferSize;\r
UINTN CommBufferPayloadSize;\r
+ UINTN TempCommBufferSize;\r
\r
//\r
// If input is invalid, stop processing this SMI\r
return EFI_SUCCESS;\r
}\r
\r
- if (*CommBufferSize < SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {\r
+ TempCommBufferSize = *CommBufferSize;\r
+\r
+ if (TempCommBufferSize < SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {\r
DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer size invalid!\n"));\r
return EFI_SUCCESS;\r
}\r
- CommBufferPayloadSize = *CommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;\r
+ CommBufferPayloadSize = TempCommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;\r
if (CommBufferPayloadSize > mVariableBufferPayloadSize) {\r
DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer payload size invalid!\n"));\r
return EFI_SUCCESS;\r
}\r
\r
- if (!InternalIsAddressValid ((UINTN)CommBuffer, *CommBufferSize)) {\r
+ if (!InternalIsAddressValid ((UINTN)CommBuffer, TempCommBufferSize)) {\r
DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer in SMRAM or overflow!\n"));\r
return EFI_SUCCESS;\r
}\r
\r
case SMM_VARIABLE_FUNCTION_GET_STATISTICS:\r
VariableInfo = (VARIABLE_INFO_ENTRY *) SmmVariableFunctionHeader->Data;\r
- InfoSize = *CommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;\r
+ InfoSize = TempCommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;\r
\r
//\r
// Do not need to check SmmVariableFunctionHeader->Data in SMRAM here. \r
break;\r
\r
case SMM_VARIABLE_FUNCTION_LOCK_VARIABLE:\r
- if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name)) {\r
- DEBUG ((EFI_D_ERROR, "RequestToLock: SMM communication buffer size invalid!\n"));\r
- return EFI_SUCCESS;\r
- }\r
- //\r
- // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.\r
- //\r
- CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);\r
- VariableToLock = (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *) mVariableBufferPayload;\r
-\r
- if (VariableToLock->NameSize > MAX_ADDRESS - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name)) {\r
- //\r
- // Prevent InfoSize overflow happen\r
- //\r
- Status = EFI_ACCESS_DENIED;\r
- goto EXIT;\r
- }\r
-\r
- if (VariableToLock->NameSize < sizeof (CHAR16) || VariableToLock->Name[VariableToLock->NameSize/sizeof (CHAR16) - 1] != L'\0') {\r
- //\r
- // Make sure VariableName is A Null-terminated string.\r
- //\r
- Status = EFI_ACCESS_DENIED;\r
- goto EXIT;\r
- }\r
- \r
- InfoSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name) + VariableToLock->NameSize;\r
- \r
- //\r
- // SMRAM range check already covered before\r
- //\r
- if (InfoSize > CommBufferPayloadSize) {\r
- DEBUG ((EFI_D_ERROR, "Data size exceed communication buffer size limit!\n"));\r
+ if (mEndOfDxe) {\r
Status = EFI_ACCESS_DENIED;\r
- goto EXIT;\r
+ } else {\r
+ VariableToLock = (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *) SmmVariableFunctionHeader->Data;\r
+ Status = VariableLockRequestToLock (\r
+ NULL,\r
+ VariableToLock->Name,\r
+ &VariableToLock->Guid\r
+ );\r
}\r
-\r
- Status = VariableLockRequestToLock (\r
- NULL,\r
- VariableToLock->Name,\r
- &VariableToLock->Guid\r
- );\r
break;\r
\r
default:\r
EFI_SMM_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbProtocol;\r
EFI_SMM_FAULT_TOLERANT_WRITE_PROTOCOL *FtwProtocol;\r
EFI_PHYSICAL_ADDRESS NvStorageVariableBase;\r
+ UINTN FtwMaxBlockSize;\r
\r
if (mVariableModuleGlobal->FvbInstance != NULL) {\r
return EFI_SUCCESS;\r
return Status;\r
}\r
\r
+ Status = FtwProtocol->GetMaxBlockSize (FtwProtocol, &FtwMaxBlockSize);\r
+ if (!EFI_ERROR (Status)) {\r
+ ASSERT (PcdGet32 (PcdFlashNvStorageVariableSize) <= FtwMaxBlockSize);\r
+ }\r
+\r
//\r
// Find the proper FVB protocol for variable.\r
//\r