\r
// Descriptor with whereabouts of memory used for communication with the normal world\r
EFI_MMRAM_DESCRIPTOR mNsCommBuffer;\r
+EFI_MMRAM_DESCRIPTOR mSCommBuffer;\r
\r
MP_INFORMATION_HOB_DATA *mMpInformationHobData;\r
\r
\r
STATIC EFI_MM_ENTRY_POINT mMmEntryPoint = NULL;\r
\r
+/**\r
+ Perform bounds check on the common buffer.\r
+\r
+ @param [in] BufferAddr Address of the common buffer.\r
+\r
+ @retval EFI_SUCCESS Success.\r
+ @retval EFI_ACCESS_DENIED Access not permitted.\r
+**/\r
+STATIC\r
+EFI_STATUS\r
+CheckBufferAddr (\r
+ IN UINTN BufferAddr\r
+ )\r
+{\r
+ UINT64 NsCommBufferEnd;\r
+ UINT64 SCommBufferEnd;\r
+ UINT64 CommBufferEnd;\r
+\r
+ NsCommBufferEnd = mNsCommBuffer.PhysicalStart + mNsCommBuffer.PhysicalSize;\r
+ SCommBufferEnd = mSCommBuffer.PhysicalStart + mSCommBuffer.PhysicalSize;\r
+\r
+ if ((BufferAddr >= mNsCommBuffer.PhysicalStart) &&\r
+ (BufferAddr < NsCommBufferEnd))\r
+ {\r
+ CommBufferEnd = NsCommBufferEnd;\r
+ } else if ((BufferAddr >= mSCommBuffer.PhysicalStart) &&\r
+ (BufferAddr < SCommBufferEnd))\r
+ {\r
+ CommBufferEnd = SCommBufferEnd;\r
+ } else {\r
+ return EFI_ACCESS_DENIED;\r
+ }\r
+\r
+ if ((CommBufferEnd - BufferAddr) < sizeof (EFI_MM_COMMUNICATE_HEADER)) {\r
+ return EFI_ACCESS_DENIED;\r
+ }\r
+\r
+ // perform bounds check.\r
+ if ((CommBufferEnd - BufferAddr - sizeof (EFI_MM_COMMUNICATE_HEADER)) <\r
+ ((EFI_MM_COMMUNICATE_HEADER *)BufferAddr)->MessageLength)\r
+ {\r
+ return EFI_ACCESS_DENIED;\r
+ }\r
+\r
+ return EFI_SUCCESS;\r
+}\r
+\r
/**\r
The PI Standalone MM entry point for the TF-A CPU driver.\r
\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
- if (NsCommBufferAddr < mNsCommBuffer.PhysicalStart) {\r
- return EFI_ACCESS_DENIED;\r
- }\r
-\r
- if ((NsCommBufferAddr + sizeof (EFI_MM_COMMUNICATE_HEADER)) >=\r
- (mNsCommBuffer.PhysicalStart + mNsCommBuffer.PhysicalSize))\r
- {\r
- return EFI_INVALID_PARAMETER;\r
+ Status = CheckBufferAddr (NsCommBufferAddr);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "Check Buffer failed: %r\n", Status));\r
+ return Status;\r
}\r
\r
// Find out the size of the buffer passed\r
NsCommBufferSize = ((EFI_MM_COMMUNICATE_HEADER *)NsCommBufferAddr)->MessageLength +\r
sizeof (EFI_MM_COMMUNICATE_HEADER);\r
\r
- // perform bounds check.\r
- if (NsCommBufferAddr + NsCommBufferSize >=\r
- mNsCommBuffer.PhysicalStart + mNsCommBuffer.PhysicalSize)\r
- {\r
- return EFI_ACCESS_DENIED;\r
- }\r
-\r
GuidedEventContext = NULL;\r
// Now that the secure world can see the normal world buffer, allocate\r
// memory to copy the communication buffer to the secure world.\r
UINTN Index;\r
UINTN ArraySize;\r
VOID *HobStart;\r
+ EFI_MMRAM_HOB_DESCRIPTOR_BLOCK *MmramRangesHob;\r
\r
ASSERT (SystemTable != NULL);\r
mMmst = SystemTable;\r
CopyMem (&mNsCommBuffer, NsCommBufMmramRange, sizeof (EFI_MMRAM_DESCRIPTOR));\r
DEBUG ((DEBUG_INFO, "mNsCommBuffer: 0x%016lx - 0x%lx\n", mNsCommBuffer.CpuStart, mNsCommBuffer.PhysicalSize));\r
\r
+ Status = GetGuidedHobData (\r
+ HobStart,\r
+ &gEfiMmPeiMmramMemoryReserveGuid,\r
+ (VOID **)&MmramRangesHob\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "MmramRangesHob data extraction failed - 0x%x\n", Status));\r
+ return Status;\r
+ }\r
+\r
+ //\r
+ // As CreateHobListFromBootInfo(), the base and size of buffer shared with\r
+ // privileged Secure world software is in second one.\r
+ //\r
+ CopyMem (\r
+ &mSCommBuffer,\r
+ &MmramRangesHob->Descriptor[0] + 1,\r
+ sizeof (EFI_MMRAM_DESCRIPTOR)\r
+ );\r
+\r
//\r
// Extract the MP information from the Hoblist\r
//\r