]> git.proxmox.com Git - mirror_edk2.git/blobdiff - MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c
projects / mirror_edk2.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
MdeModulePkg/FaultTolerantWrite:[CVE-2017-5753]Fix bounds check bypass
[mirror_edk2.git] / MdeModulePkg / Universal / FaultTolerantWriteDxe / FaultTolerantWriteSmm.c
diff --git a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c
index 632313f07640f95b2df0b295fc86ad991b6aee89..27fcab19b62bce0304012772aaa1c69f8b30598d 100644 (file)
--- a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c
+++ b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c
@@ -57,6 +57,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <PiSmm.h>\r
 #include <Library/SmmServicesTableLib.h>\r
 #include <Library/SmmMemLib.h>\r
+#include <Library/BaseLib.h>\r
 #include <Protocol/SmmSwapAddressRange.h>\r
 #include "FaultTolerantWrite.h"\r
 #include "FaultTolerantWriteSmmCommon.h"\r
@@ -417,6 +418,12 @@ SmmFaultTolerantWriteHandler (
                  &SmmFvbHandle\r
                  );\r
       if (!EFI_ERROR (Status)) {\r
+        //\r
+        // The AsmLfence() call here is to ensure the previous range/content\r
+        // checks for the CommBuffer have been completed before calling into\r
+        // FtwWrite().\r
+        //\r
+        AsmLfence ();\r
         Status = FtwWrite(\r
                    &mFtwDevice->FtwInstance,\r
                    SmmFtwWriteHeader->Lba,\r
EFI Development Kit II mirror for PVE