return Status;\r
}\r
\r
+/**\r
+ Determine if two buffers overlap in memory.\r
+\r
+ @param[in] Buff1 Pointer to first buffer\r
+ @param[in] Size1 Size of Buff1\r
+ @param[in] Buff2 Pointer to second buffer\r
+ @param[in] Size2 Size of Buff2\r
+\r
+ @retval TRUE Buffers overlap in memory.\r
+ @retval FALSE Buffer doesn't overlap.\r
+\r
+**/\r
+BOOLEAN\r
+InternalIsBufferOverlapped (\r
+ IN UINT8 *Buff1,\r
+ IN UINTN Size1,\r
+ IN UINT8 *Buff2,\r
+ IN UINTN Size2\r
+ )\r
+{\r
+ //\r
+ // If buff1's end is less than the start of buff2, then it's ok.\r
+ // Also, if buff1's start is beyond buff2's end, then it's ok.\r
+ //\r
+ if (((Buff1 + Size1) <= Buff2) || (Buff1 >= (Buff2 + Size2))) {\r
+ return FALSE;\r
+ }\r
+\r
+ return TRUE;\r
+}\r
+\r
/**\r
The main entry point to SMM Foundation.\r
\r
EFI_STATUS Status;\r
EFI_SMM_COMMUNICATE_HEADER *CommunicateHeader;\r
BOOLEAN InLegacyBoot;\r
+ BOOLEAN IsOverlapped;\r
\r
PERF_START (NULL, "SMM", NULL, 0) ;\r
\r
//\r
// Synchronous SMI for SMM Core or request from Communicate protocol\r
//\r
- if (!SmmIsBufferOutsideSmmValid ((UINTN)gSmmCorePrivate->CommunicationBuffer, gSmmCorePrivate->BufferSize)) {\r
+ IsOverlapped = InternalIsBufferOverlapped (\r
+ (UINT8 *) gSmmCorePrivate->CommunicationBuffer,\r
+ gSmmCorePrivate->BufferSize,\r
+ (UINT8 *) gSmmCorePrivate,\r
+ sizeof (*gSmmCorePrivate)\r
+ );\r
+ if (!SmmIsBufferOutsideSmmValid ((UINTN)gSmmCorePrivate->CommunicationBuffer, gSmmCorePrivate->BufferSize) || IsOverlapped) {\r
//\r
- // If CommunicationBuffer is not in valid address scope, return EFI_INVALID_PARAMETER\r
+ // If CommunicationBuffer is not in valid address scope,\r
+ // or there is overlap between gSmmCorePrivate and CommunicationBuffer,\r
+ // return EFI_INVALID_PARAMETER\r
//\r
gSmmCorePrivate->CommunicationBuffer = NULL;\r
gSmmCorePrivate->ReturnStatus = EFI_INVALID_PARAMETER;\r