}\r
\r
/**\r
- Retrive the SMM Fault Tolerent Write protocol interface.\r
+ Retrieve the SMM Fault Tolerent Write protocol interface.\r
\r
@param[out] FtwProtocol The interface of SMM Ftw protocol\r
\r
\r
\r
/**\r
- Retrive the SMM FVB protocol interface by HANDLE.\r
+ Retrieve the SMM FVB protocol interface by HANDLE.\r
\r
@param[in] FvBlockHandle The handle of SMM FVB protocol that provides services for\r
reading, writing, and erasing the target block.\r
)\r
{\r
VARIABLE_INFO_ENTRY *VariableInfo;\r
- UINTN NameLength;\r
+ UINTN NameSize;\r
UINTN StatisticsInfoSize;\r
CHAR16 *InfoName;\r
+ UINTN InfoNameMaxSize;\r
EFI_GUID VendorGuid;\r
\r
if (InfoEntry == NULL) {\r
return EFI_UNSUPPORTED;\r
}\r
\r
- StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + StrSize (VariableInfo->Name);\r
+ StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY);\r
if (*InfoSize < StatisticsInfoSize) {\r
*InfoSize = StatisticsInfoSize;\r
return EFI_BUFFER_TOO_SMALL;\r
}\r
InfoName = (CHAR16 *)(InfoEntry + 1);\r
+ InfoNameMaxSize = (*InfoSize - sizeof (VARIABLE_INFO_ENTRY));\r
\r
CopyGuid (&VendorGuid, &InfoEntry->VendorGuid);\r
\r
//\r
// Return the first variable info\r
//\r
+ NameSize = StrSize (VariableInfo->Name);\r
+ StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + NameSize;\r
+ if (*InfoSize < StatisticsInfoSize) {\r
+ *InfoSize = StatisticsInfoSize;\r
+ return EFI_BUFFER_TOO_SMALL;\r
+ }\r
CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY));\r
- CopyMem (InfoName, VariableInfo->Name, StrSize (VariableInfo->Name));\r
+ CopyMem (InfoName, VariableInfo->Name, NameSize);\r
*InfoSize = StatisticsInfoSize;\r
return EFI_SUCCESS;\r
}\r
//\r
while (VariableInfo != NULL) {\r
if (CompareGuid (&VariableInfo->VendorGuid, &VendorGuid)) {\r
- NameLength = StrSize (VariableInfo->Name);\r
- if (NameLength == StrSize (InfoName)) {\r
- if (CompareMem (VariableInfo->Name, InfoName, NameLength) == 0) {\r
+ NameSize = StrSize (VariableInfo->Name);\r
+ if (NameSize <= InfoNameMaxSize) {\r
+ if (CompareMem (VariableInfo->Name, InfoName, NameSize) == 0) {\r
//\r
// Find the match one\r
//\r
//\r
// Output the new variable info\r
//\r
- StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + StrSize (VariableInfo->Name);\r
+ NameSize = StrSize (VariableInfo->Name);\r
+ StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + NameSize;\r
if (*InfoSize < StatisticsInfoSize) {\r
*InfoSize = StatisticsInfoSize;\r
return EFI_BUFFER_TOO_SMALL;\r
}\r
\r
CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY));\r
- CopyMem (InfoName, VariableInfo->Name, StrSize (VariableInfo->Name));\r
+ CopyMem (InfoName, VariableInfo->Name, NameSize);\r
*InfoSize = StatisticsInfoSize;\r
\r
return EFI_SUCCESS;\r
break;\r
}\r
if (!mEndOfDxe) {\r
+ MorLockInitAtEndOfDxe ();\r
mEndOfDxe = TRUE;\r
VarCheckLibInitializeAtEndOfDxe (NULL);\r
//\r
// It is covered by previous CommBuffer check\r
//\r
\r
- if (!SmmIsBufferOutsideSmmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)CommBufferSize, sizeof(UINTN))) {\r
- DEBUG ((EFI_D_ERROR, "GetStatistics: SMM communication buffer in SMRAM!\n"));\r
- Status = EFI_ACCESS_DENIED;\r
- goto EXIT;\r
- }\r
+ //\r
+ // Do not need to check CommBufferSize buffer as it should point to SMRAM\r
+ // that was used by SMM core to cache CommSize from SmmCommunication protocol.\r
+ //\r
\r
Status = SmmVariableGetStatistics (VariableInfo, &InfoSize);\r
*CommBufferSize = InfoSize + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;\r
)\r
{\r
DEBUG ((EFI_D_INFO, "[Variable]SMM_END_OF_DXE is signaled\n"));\r
+ MorLockInitAtEndOfDxe ();\r
mEndOfDxe = TRUE;\r
VarCheckLibInitializeAtEndOfDxe (NULL);\r
//\r
);\r
ASSERT_EFI_ERROR (Status);\r
\r
- mVariableBufferPayloadSize = GetNonVolatileMaxVariableSize () +\r
+ mVariableBufferPayloadSize = GetMaxVariableSize () +\r
OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) - GetVariableHeaderSize ();\r
\r
Status = gSmst->SmmAllocatePool (\r