StandaloneMmPkg: Fix check buffer address failed issue from TF-A

[mirror_edk2.git] / StandaloneMmPkg / Drivers / StandaloneMmCpu / EventHandle.c

diff --git a/StandaloneMmPkg/Drivers/StandaloneMmCpu/EventHandle.c b/StandaloneMmPkg/Drivers/StandaloneMmCpu/EventHandle.c
index 556fd21451dab7ac3a2d9d4cfa51b001aa92faec..818e147f874c26d4bce8c1ed1c0a0848a564815e 100644 (file)
--- a/StandaloneMmPkg/Drivers/StandaloneMmCpu/EventHandle.c
+++ b/StandaloneMmPkg/Drivers/StandaloneMmCpu/EventHandle.c
@@ -49,6 +49,7 @@ EFI_MM_COMMUNICATE_HEADER  **PerCpuGuidedEventContext = NULL;
 \r
 // Descriptor with whereabouts of memory used for communication with the normal world\r
 EFI_MMRAM_DESCRIPTOR  mNsCommBuffer;\r
+EFI_MMRAM_DESCRIPTOR  mSCommBuffer;\r
 \r
 MP_INFORMATION_HOB_DATA  *mMpInformationHobData;\r
 \r
@@ -59,6 +60,53 @@ EFI_MM_CONFIGURATION_PROTOCOL  mMmConfig = {
 \r
 STATIC EFI_MM_ENTRY_POINT  mMmEntryPoint = NULL;\r
 \r
+/**\r
+  Perform bounds check on the common buffer.\r
+\r
+  @param  [in] BufferAddr   Address of the common buffer.\r
+\r
+  @retval   EFI_SUCCESS             Success.\r
+  @retval   EFI_ACCESS_DENIED       Access not permitted.\r
+**/\r
+STATIC\r
+EFI_STATUS\r
+CheckBufferAddr (\r
+  IN UINTN  BufferAddr\r
+  )\r
+{\r
+  UINT64  NsCommBufferEnd;\r
+  UINT64  SCommBufferEnd;\r
+  UINT64  CommBufferEnd;\r
+\r
+  NsCommBufferEnd = mNsCommBuffer.PhysicalStart + mNsCommBuffer.PhysicalSize;\r
+  SCommBufferEnd  = mSCommBuffer.PhysicalStart + mSCommBuffer.PhysicalSize;\r
+\r
+  if ((BufferAddr >= mNsCommBuffer.PhysicalStart) &&\r
+      (BufferAddr < NsCommBufferEnd))\r
+  {\r
+    CommBufferEnd = NsCommBufferEnd;\r
+  } else if ((BufferAddr >= mSCommBuffer.PhysicalStart) &&\r
+             (BufferAddr < SCommBufferEnd))\r
+  {\r
+    CommBufferEnd = SCommBufferEnd;\r
+  } else {\r
+    return EFI_ACCESS_DENIED;\r
+  }\r
+\r
+  if ((CommBufferEnd - BufferAddr) < sizeof (EFI_MM_COMMUNICATE_HEADER)) {\r
+    return EFI_ACCESS_DENIED;\r
+  }\r
+\r
+  // perform bounds check.\r
+  if ((CommBufferEnd - BufferAddr - sizeof (EFI_MM_COMMUNICATE_HEADER)) <\r
+      ((EFI_MM_COMMUNICATE_HEADER *)BufferAddr)->MessageLength)\r
+  {\r
+    return EFI_ACCESS_DENIED;\r
+  }\r
+\r
+  return EFI_SUCCESS;\r
+}\r
+\r
 /**\r
   The PI Standalone MM entry point for the TF-A CPU driver.\r
 \r
@@ -104,27 +152,16 @@ PiMmStandaloneArmTfCpuDriverEntry (
     return EFI_INVALID_PARAMETER;\r
   }\r
 \r
-  if (NsCommBufferAddr < mNsCommBuffer.PhysicalStart) {\r
-    return EFI_ACCESS_DENIED;\r
-  }\r
-\r
-  if ((NsCommBufferAddr + sizeof (EFI_MM_COMMUNICATE_HEADER)) >=\r
-      (mNsCommBuffer.PhysicalStart + mNsCommBuffer.PhysicalSize))\r
-  {\r
-    return EFI_INVALID_PARAMETER;\r
+  Status = CheckBufferAddr (NsCommBufferAddr);\r
+  if (EFI_ERROR (Status)) {\r
+    DEBUG ((DEBUG_ERROR, "Check Buffer failed: %r\n", Status));\r
+    return Status;\r
   }\r
 \r
   // Find out the size of the buffer passed\r
   NsCommBufferSize = ((EFI_MM_COMMUNICATE_HEADER *)NsCommBufferAddr)->MessageLength +\r
                      sizeof (EFI_MM_COMMUNICATE_HEADER);\r
 \r
-  // perform bounds check.\r
-  if (NsCommBufferAddr + NsCommBufferSize >=\r
-      mNsCommBuffer.PhysicalStart + mNsCommBuffer.PhysicalSize)\r
-  {\r
-    return EFI_ACCESS_DENIED;\r
-  }\r
-\r
   GuidedEventContext = NULL;\r
   // Now that the secure world can see the normal world buffer, allocate\r
   // memory to copy the communication buffer to the secure world.\r