From nobody Mon Feb 9 19:30:25 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+85244+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+85244+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.alibaba.com ARC-Seal: i=1; a=rsa-sha256; t=1640948816; cv=none; d=zohomail.com; s=zohoarc; b=PJ0l9hkhGwFoki6lfNTJJ7HIKzpAoOsEuXwqGknepmc5+PPmyzwJRbHHNk7WDRWfk5S1B//lIDUZqy7qZhMe7iNJcKqHjjg2qLhNTRQPDW1026bRqWWxeJP1D7ZLDdBgNxpF+YZk72VsGIVPNUbnFhFte5QvlPR4FS2L9Nl6iGY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1640948816; h=Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:Message-ID:Reply-To:References:Sender:Subject:To; bh=8nxiT4ZEM3LLh2yQwJG8KW6Tk67BXAI/ss77te9RbRM=; b=H814wJDtKw6/rrempvK24CO/kMZ9T57V9J/LCGq+JFkLGvJ0tonEsnwj/YknvUIRuV7nqb4MI+SumRGmtKSzogq08W8ZS60GHCcJyUCqPQ6roSLalZW/p+GOEhlZUT1AqgA9yumyVS2I+RonL+JKNsYMPErJHx70/N+vd36JQqo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+85244+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1640948816395983.1783213636658; Fri, 31 Dec 2021 03:06:56 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id K9HXYY1788612xcL38Ag3eIk; Fri, 31 Dec 2021 03:06:55 -0800 X-Received: from out30-130.freemail.mail.aliyun.com (out30-130.freemail.mail.aliyun.com [115.124.30.130]) by mx.groups.io with SMTP id smtpd.web12.10720.1640948813640682290 for ; Fri, 31 Dec 2021 03:06:53 -0800 X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R111e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e04400;MF=huangming@linux.alibaba.com;NM=1;PH=DS;RN=7;SR=0;TI=SMTPD_---0V0QXmFy_1640948784; X-Received: from 842effaa37a8.tbsite.net(mailfrom:huangming@linux.alibaba.com fp:SMTPD_---0V0QXmFy_1640948784) by smtp.aliyun-inc.com(127.0.0.1); Fri, 31 Dec 2021 19:06:51 +0800 From: "Ming Huang" To: devel@edk2.groups.io, sami.mujawar@arm.com, ardb+tianocore@kernel.org, jiewen.yao@intel.com, supreeth.venkatesh@arm.com Cc: ming.huang-@outlook.com, Ming Huang Subject: [edk2-devel] [PATCH edk2 v3 3/3] StandaloneMmPkg: Fix check buffer address failed issue from TF-A Date: Fri, 31 Dec 2021 19:06:23 +0800 Message-Id: <20211231110623.128888-4-huangming@linux.alibaba.com> In-Reply-To: <20211231110623.128888-1-huangming@linux.alibaba.com> References: <20211231110623.128888-1-huangming@linux.alibaba.com> Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,huangming@linux.alibaba.com X-Gm-Message-State: LsMdGxN7RgDRtIWDusMqsa56x1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1640948815; bh=0NDtvIMWaa0hF30Pw906eeFplovaOfuzFdK0Lkj0TUM=; h=Cc:Date:From:Reply-To:Subject:To; b=lAhvwrYHl2Fb+z+vgbDf6bWR54tpwyQkVf/2F4upViXWIm0ptFxlON3YFYU8hGReEt0 7SGRo7EIViLy2aZ0pxXfg8E4me9zO2XrqXhhmwKGiHqqS/4lLG2NsRrfMUuHUyUrchSM1 dnjnrEI/oRWvBnq0leg4IOvq8/eVa+Pt1xA= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1640948818556000015 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" There are two scene communicate with StandaloneMm(MM): 1 edk2 -> TF-A -> MM, communicate MM use non-secure buffer which specify by EFI_SECURE_PARTITION_BOOT_INFO.SpNsCommBufBase; 2 RAS scene: fiq -> TF-A -> MM, use secure buffer which specify by EFI_SECURE_PARTITION_BOOT_INFO.SpShareBufBase; For now, the second scene will failed because check buffer address. This patch add CheckBufferAddr() to support check address for secure buffer. Signed-off-by: Ming Huang --- StandaloneMmPkg/Drivers/StandaloneMmCpu/EventHandle.c | 54 +++++++++++= ++++----- StandaloneMmPkg/Drivers/StandaloneMmCpu/StandaloneMmCpu.c | 21 ++++++++ StandaloneMmPkg/Drivers/StandaloneMmCpu/StandaloneMmCpu.h | 1 + 3 files changed, 63 insertions(+), 13 deletions(-) diff --git a/StandaloneMmPkg/Drivers/StandaloneMmCpu/EventHandle.c b/Standa= loneMmPkg/Drivers/StandaloneMmCpu/EventHandle.c index 5dfaf9d751..d0ba415671 100644 --- a/StandaloneMmPkg/Drivers/StandaloneMmCpu/EventHandle.c +++ b/StandaloneMmPkg/Drivers/StandaloneMmCpu/EventHandle.c @@ -50,6 +50,7 @@ EFI_MM_COMMUNICATE_HEADER **PerCpuGuidedEventContext =3D = NULL; =20 // Descriptor with whereabouts of memory used for communication with the n= ormal world EFI_MMRAM_DESCRIPTOR mNsCommBuffer; +EFI_MMRAM_DESCRIPTOR mSCommBuffer; =20 MP_INFORMATION_HOB_DATA *mMpInformationHobData; =20 @@ -60,6 +61,42 @@ EFI_MM_CONFIGURATION_PROTOCOL mMmConfig =3D { =20 STATIC EFI_MM_ENTRY_POINT mMmEntryPoint =3D NULL; =20 +STATIC +EFI_STATUS +CheckBufferAddr ( + IN UINTN BufferAddr + ) +{ + UINT64 NsCommBufferEnd; + UINT64 SCommBufferEnd; + UINT64 CommBufferEnd; + + NsCommBufferEnd =3D mNsCommBuffer.PhysicalStart + mNsCommBuffer.Physical= Size; + SCommBufferEnd =3D mSCommBuffer.PhysicalStart + mSCommBuffer.PhysicalSiz= e; + + if ((BufferAddr >=3D mNsCommBuffer.PhysicalStart) && + (BufferAddr < NsCommBufferEnd)) { + CommBufferEnd =3D NsCommBufferEnd; + } else if ((BufferAddr >=3D mSCommBuffer.PhysicalStart) && + (BufferAddr < SCommBufferEnd)) { + CommBufferEnd =3D SCommBufferEnd; + } else { + return EFI_ACCESS_DENIED; + } + + if ((CommBufferEnd - BufferAddr) < sizeof (EFI_MM_COMMUNICATE_HEADER)) { + return EFI_ACCESS_DENIED; + } + + // perform bounds check. + if ((CommBufferEnd - BufferAddr - sizeof (EFI_MM_COMMUNICATE_HEADER)) < + ((EFI_MM_COMMUNICATE_HEADER *) BufferAddr)->MessageLength) { + return EFI_ACCESS_DENIED; + } + + return EFI_SUCCESS; +} + /** The PI Standalone MM entry point for the TF-A CPU driver. =20 @@ -104,25 +141,16 @@ PiMmStandaloneArmTfCpuDriverEntry ( return EFI_INVALID_PARAMETER; } =20 - if (NsCommBufferAddr < mNsCommBuffer.PhysicalStart) { - return EFI_ACCESS_DENIED; - } - - if ((NsCommBufferAddr + sizeof (EFI_MM_COMMUNICATE_HEADER)) >=3D - (mNsCommBuffer.PhysicalStart + mNsCommBuffer.PhysicalSize)) { - return EFI_INVALID_PARAMETER; + Status =3D CheckBufferAddr (NsCommBufferAddr); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Check Buffer failed: %r\n", Status)); + return Status; } =20 // Find out the size of the buffer passed NsCommBufferSize =3D ((EFI_MM_COMMUNICATE_HEADER *) NsCommBufferAddr)->M= essageLength + sizeof (EFI_MM_COMMUNICATE_HEADER); =20 - // perform bounds check. - if (NsCommBufferAddr + NsCommBufferSize >=3D - mNsCommBuffer.PhysicalStart + mNsCommBuffer.PhysicalSize) { - return EFI_ACCESS_DENIED; - } - GuidedEventContext =3D NULL; // Now that the secure world can see the normal world buffer, allocate // memory to copy the communication buffer to the secure world. diff --git a/StandaloneMmPkg/Drivers/StandaloneMmCpu/StandaloneMmCpu.c b/St= andaloneMmPkg/Drivers/StandaloneMmCpu/StandaloneMmCpu.c index fd9c59b4da..96dad20dd1 100644 --- a/StandaloneMmPkg/Drivers/StandaloneMmCpu/StandaloneMmCpu.c +++ b/StandaloneMmPkg/Drivers/StandaloneMmCpu/StandaloneMmCpu.c @@ -107,6 +107,7 @@ StandaloneMmCpuInitialize ( UINTN Index; UINTN ArraySize; VOID *HobStart; + EFI_MMRAM_HOB_DESCRIPTOR_BLOCK *MmramRangesHob; =20 ASSERT (SystemTable !=3D NULL); mMmst =3D SystemTable; @@ -186,6 +187,26 @@ StandaloneMmCpuInitialize ( CopyMem (&mNsCommBuffer, NsCommBufMmramRange, sizeof(EFI_MMRAM_DESCRIPTO= R)); DEBUG ((DEBUG_INFO, "mNsCommBuffer: 0x%016lx - 0x%lx\n", mNsCommBuffer.C= puStart, mNsCommBuffer.PhysicalSize)); =20 + Status =3D GetGuidedHobData ( + HobStart, + &gEfiMmPeiMmramMemoryReserveGuid, + (VOID **) &MmramRangesHob + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "MmramRangesHob data extraction failed - 0x%x\n",= Status)); + return Status; + } + + // + // As CreateHobListFromBootInfo(), the base and size of buffer shared wi= th + // privileged Secure world software is in second one. + // + CopyMem ( + &mSCommBuffer, + &MmramRangesHob->Descriptor[0] + 1, + sizeof(EFI_MMRAM_DESCRIPTOR) + ); + // // Extract the MP information from the Hoblist // diff --git a/StandaloneMmPkg/Drivers/StandaloneMmCpu/StandaloneMmCpu.h b/St= andaloneMmPkg/Drivers/StandaloneMmCpu/StandaloneMmCpu.h index 2c96439c15..2e03b20d85 100644 --- a/StandaloneMmPkg/Drivers/StandaloneMmCpu/StandaloneMmCpu.h +++ b/StandaloneMmPkg/Drivers/StandaloneMmCpu/StandaloneMmCpu.h @@ -30,6 +30,7 @@ extern EFI_MM_CPU_PROTOCOL mMmCpuState; // extern EFI_MM_COMMUNICATE_HEADER **PerCpuGuidedEventContext; extern EFI_MMRAM_DESCRIPTOR mNsCommBuffer; +extern EFI_MMRAM_DESCRIPTOR mSCommBuffer; extern MP_INFORMATION_HOB_DATA *mMpInformationHobData; extern EFI_MM_CONFIGURATION_PROTOCOL mMmConfig; =20 --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#85244): https://edk2.groups.io/g/devel/message/85244 Mute This Topic: https://groups.io/mt/88052140/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-