From nobody Tue May  7 00:28:08 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+95779+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+95779+1787277+3901457@groups.io;
	arc=fail (BodyHash is different from the expected one);
	dmarc=fail(p=none dis=none)  header.from=intel.com
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1667255563373942.4599302322854;
 Mon, 31 Oct 2022 15:32:43 -0700 (PDT)
Return-Path: <bounce+27952+95779+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id 7KnGYY1788612xVUTwQF9WuU;
 Mon, 31 Oct 2022 15:32:42 -0700
X-Received: from mga12.intel.com (mga12.intel.com [192.55.52.136])
 by mx.groups.io with SMTP id smtpd.web10.53.1667255560678590778
 for <devel@edk2.groups.io>;
 Mon, 31 Oct 2022 15:32:41 -0700
X-IronPort-AV: E=McAfee;i="6500,9779,10517"; a="288728099"
X-IronPort-AV: E=Sophos;i="5.95,229,1661842800";
   d="scan'208,217";a="288728099"
X-Received: from fmsmga003.fm.intel.com ([10.253.24.29])
  by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 31 Oct 2022 15:32:32 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6500,9779,10517"; a="722966749"
X-IronPort-AV: E=Sophos;i="5.95,229,1661842800";
   d="scan'208,217";a="722966749"
X-Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15])
  by FMSMGA003.fm.intel.com with ESMTP; 31 Oct 2022 15:32:31 -0700
X-Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by
 ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2375.31; Mon, 31 Oct 2022 15:32:31 -0700
X-Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by
 ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2375.31; Mon, 31 Oct 2022 15:32:31 -0700
X-Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by
 orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2375.31 via Frontend Transport; Mon, 31 Oct 2022 15:32:31 -0700
X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.170)
 by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2375.31; Mon, 31 Oct 2022 15:32:30 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=KGtN6s4NevTfN7a9Mma0V2FEkmEQkk3eSJCGaB+nMDKYSTwa+Okg+vFFWKEV6ByCPkUcYk3c05hX/+eIuKhHxse8fxErgwsvaOxFdi+MQ5dOk8/GyRnc94o7Zj/Y2TeJoX/WmXBdh9U7R64vtLGLS9z1EdZKfgSC+0RA8hrqJ6tGmTGiMT+d5ULv3eEcQyhxzPBol2nWy1puMZhzy8AslsWTh2zvA5Mfq6uHsUAcGQ76OBlOywUEMvEkUL7Ee5+8KJ5FyL2B+8vqW+bf8MOJD9icrAovd+8uc/ML5FLHbeJdEjRqrYTVXfOm3Lz7vIQt3w6mWCybyl4ci8PN+TWzZw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=OBPS+NzGAm0yFfvVCBfi4Hci5hyZLk2fUlNPOw/3U+Q=;
 b=jZ/C0SyG1kuNpSMldLvwfI+DX7p1dvGjnshSvo04S00Dqrf2L2uKnbb5ZX6O9WWl9XZ0j6VtSnOMPDC3a7Kx5/LslZ2AIFHJ7y6PW3wA0jMsOy/qTRNQvUriMaKET62P8cgmE/VsbJ45h/R6LjkrjQrKtHBte37s8FAQ+q2Z9lnVuw/gN1qzMygNT0PE2W0wrWpj9wAappi5Z04KtPlLPO+seKcpW1/brWzIg1UgqVy7+3+5tRac5xIX45vLTEV66sPKZ3oGPAZdpTUYWIM9YQ63Jwmr7VhQac9iKNyqEXCTDDCw0NZg/eaHDXgDb73w73kUqaZ+comphKr8E5eRLg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
X-Received: from DS0PR11MB6445.namprd11.prod.outlook.com (2603:10b6:8:c6::11)
 by
 CH0PR11MB5409.namprd11.prod.outlook.com (2603:10b6:610:d0::7) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.5769.21; Mon, 31 Oct 2022 22:32:26 +0000
X-Received: from DS0PR11MB6445.namprd11.prod.outlook.com
 ([fe80::65ad:50c9:7c98:1a35]) by DS0PR11MB6445.namprd11.prod.outlook.com
 ([fe80::65ad:50c9:7c98:1a35%4]) with mapi id 15.20.5769.015; Mon, 31 Oct 2022
 22:32:26 +0000
From: "Demeter, Miki" <miki.demeter@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>
CC: "Kinney, Michael D" <michael.d.kinney@intel.com>, "Gao, Liming"
	<gaoliming@byosoft.com.cn>, "Wang, Jian J" <jian.j.wang@intel.com>
Subject: [edk2-devel] [Patch v4] MdeModulePkg/PiSmmCoreSmmEntryPoint
 underflow(CVE-2021-38578)
Thread-Topic: [Patch v4] MdeModulePkg/PiSmmCoreSmmEntryPoint
 underflow(CVE-2021-38578)
Thread-Index: AQHY7XgcfUj9X4Cq3EGvv+abewVBPg==
Date: Mon, 31 Oct 2022 22:32:25 +0000
Message-ID: 
 <DS0PR11MB6445C4CCBF58221FFFADD41A8D379@DS0PR11MB6445.namprd11.prod.outlook.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DS0PR11MB6445:EE_|CH0PR11MB5409:EE_
x-ms-office365-filtering-correlation-id: 71475acd-149b-48ac-2e8e-08dabb8fc966
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam-message-info: 
 bOggn818VgzcmszJnnp6pfsfi617X5HbGzSYDcJSRZqGqALwIvAUznChRgvv84mjXapM+zSfILBp+sfACA/WsRGMTFprKzFB3eOwm7qUJtlzJvKjA0o9Kk+lk8OdrITe1ub2p51w1DbZxu5CyGTqHJjXMPiZBMtU9B4BNKUPnJg6wgHPAmRCmvR4ptKIExgbtsgoy08yz2NwHgMEubXcpDq9HIZEo+QeqgeCVhv9RiQ5QT9srpvqNWK41hveuvXVytZFNm/+hyDMET4Qj8uNZAkL/p3gGkhSjmKj2fQxGFc8CpLxyZcQ271W0bjybIQfzf32h2MLUGrtFNjJPolgWU4rLkz95Xe3QOQZYUz3gH2t0sJRHYrXrdWbLm5ozuVEznOZrdToXexZAeqiwVmSKjmEeMWJL2JfLl4UzwgS3MC9/TqF07rpKjE7GWnT6sn0QnUUJtdENARnCmSFGMDZR5ReqS1uinAr9VfuKaIdKvIPXrV1Idj0WHtmm0pM3v4SOcH2pFFGs91w/Px6ANYGqKLu4u7kJVzEZCLjp7+UFncI4AQn/yxIhg6C1W9K4tjQU1kJuxomJl0OpPXxBqmn6CD2ogOT8QhdoYzJi+4NuWOYZ5Um91hlVhqUl4IyLQAz/E4uLk9ZIm5x5XSfBxXH+hzixZwu7aWvUcU3ykTSWP08VGc7vxps7CWGtBYKnccn+dXlwvBvbOHME4L/3JE9wFJZQSusl1QKdgg0suIIYEQ1EDErabzZUy4jRIw7DGAXTI6II7Gy/30qeuxxq4/TojtnHx3Do6AE9c2jyr6TrJhIYx+zBnLwEfDiRr6CnqkusJPvoj1/LUj6LAm0X5JVnQ==
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 
 =?us-ascii?Q?WpBcxGJfxFurojMOhJsrx8RnkpwfxY5MFG76/rxfFaiTT/LDc4bDAnM4tJ23?=
 =?us-ascii?Q?9JM3/DlAE+UNCUvbQLUPJ1/w6TP/WmspOgOhX7y6cb1IBu5aWJfJTWjSJgJ4?=
 =?us-ascii?Q?m3Q1pJM3vqsmeRqDeW1HL5DXo+1wU8W25fACdo2r+CTXTD47ejar3zTYGEzo?=
 =?us-ascii?Q?kLzgbtH4GXYmz7HlkHZkrCbYI5VyFC+l4nkXY6RRsPOCLlEBGkpw4zrcvS+E?=
 =?us-ascii?Q?/v9w5GOUVRWvZ1cCQ3BhhZ5tCnxPX9KxVYrn32Q11T5HWJ+rAsP5WZnIXjWi?=
 =?us-ascii?Q?9sBh4ybM99HGY9PNjfDM1paL2jTIWdNyefkekXmhFJbo+rSRDSGHfRUFhxKL?=
 =?us-ascii?Q?1VhcwkOxiqWJyaJeUUmB0t19S6QtU5Gk//DQPE2A5YJS42U0uOQu6USRnQiH?=
 =?us-ascii?Q?eOvI6bZL2guJkpS5I4eOGN+tO1zlbPq0E2hNZ/sTfUXR4//TshYHQ1hwhEel?=
 =?us-ascii?Q?df5bdTbv+ap+coCtfIUZRNTsVZNw4ZbHnMgZAlxPoJigivjQ8fAB/KTnkGSB?=
 =?us-ascii?Q?M31rpcrqH70JLy8u+TeEFnF5Y5HPrVtANez8at2bYKj7CP2q4oeG5ZvlcCCK?=
 =?us-ascii?Q?to9yngFnnmNMx6SAqG18rz0K2496kYkpUijXodqeTVDDl76Nt/7TClYGUUlK?=
 =?us-ascii?Q?oIojmcciKhIfrPKJLdmlNTABesaISiZjiA/UoQfcxnyU4ndQJzgoVr9tVg4c?=
 =?us-ascii?Q?hA86DSZ9xB2wEVTcGOfuL5YYH9qzRkTzm+P0wttEKT6xhKf86weenrQRgIjn?=
 =?us-ascii?Q?8QkJsHc3eHnOXFyH8aM4cStUu+4rMi7ui9QrDEtQbLbf3JOnRck/jPo/ZWIQ?=
 =?us-ascii?Q?WmEn3ZjOFjeuQA2c29vcngNKZ+6UuLuA7LzkmzcFfEyOC5B60O5xdVWOB5Qd?=
 =?us-ascii?Q?5isJTt1UnStVw1o1RIS7suAyqo1WTaZHqnFgwslm7ugrr0W/DvwsDJ6re4bI?=
 =?us-ascii?Q?8cJ8aLl6INzyrDmx5ZoeBZRXT4jFT3tS4c7Ep/nfRVjEBzmvng8sTi/j37qP?=
 =?us-ascii?Q?g9p6epLpkrtwfXnBK3Vlv5yJcHtz9Pmq2TA+zxmO5dZWQXZgVx5VT5sBVAZV?=
 =?us-ascii?Q?pJcJ4cleedpZc1ulafCaJ+9NiF62uCWLmE9ZdmFck+XfeK8bTbNvFkNwPe13?=
 =?us-ascii?Q?OozO4bLyqn2oPaBT+S/cfGMtYWLZH6Deo9yMBYGIMLqf9rqtyC0ux3BMleEG?=
 =?us-ascii?Q?dDTRjkCz2VQEX7ttjJLsUr4Af6+gfwreIjGgsZXVJ27a+RYMJLouG+27mmZH?=
 =?us-ascii?Q?pk7MaJB6Z2+rb2x5UQgBvz2M6SxMsNvZ4btsDJZW1bOpm42h49vt3pzJ1Cg2?=
 =?us-ascii?Q?rZ+DCsGZlzQMOH1hHITdrIm+z8XAO4CijZTY7/ECkvPa4nKBaYSIBHVntfdj?=
 =?us-ascii?Q?lF0864/ar2rt5SByDfPIlmYZ54w/GCKcakeMGGHKP9vUZc3Xh3Q4tM6Uu1fq?=
 =?us-ascii?Q?dKuMSAOFErZ/hJNgBKmejRk8QfzecczrRQKRAvnqeNP/Dl1sF88vbxXDkKMp?=
 =?us-ascii?Q?jx3lDTZ38AZQadtL1laxXsSl+b14FlUa+z5JbOVyNOkl+F66PJeLiEwSxFGn?=
 =?us-ascii?Q?EBdr4SadYoFB4aUiaJBmWxx146hJCln6SBi7/kcbq4SzsS+1+qVhNi0xq+Y2?=
 =?us-ascii?Q?Zg=3D=3D?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DS0PR11MB6445.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 71475acd-149b-48ac-2e8e-08dabb8fc966
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2022 22:32:25.9356
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 
 F4lcTAv5WJRe5dd3hdtY4CWjBhiCxHYL1OYBR/C5i0cWuOtSeqfPfmmeIHEyrtJM4n6NpsSCqutn460hfUYVOQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR11MB5409
X-OriginatorOrg: intel.com
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,miki.demeter@intel.com
X-Gm-Message-State: lUz2sfx07xa4SdwyjWBJwPxUx1787277AA=
Content-Language: en-US
Content-Type: multipart/alternative;
	boundary="_000_DS0PR11MB6445C4CCBF58221FFFADD41A8D379DS0PR11MB6445namp_"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1667255562;
 bh=nVgxpfRarvUCR5EaYxw1jIeQyJjyhEbSNWsW1sWNjNU=;
 h=CC:Content-Type:Date:From:Reply-To:Subject:To;
 b=No9Qr18rJYMYW7vFYiriem/94U5rSaPlHY3dWS+IHgiVwt0SmXN0c+iuS/iLlnG0peJ
 z7YfxiEOX46oooBNXbnpC5SKBUwv+XwFCJ1GttC6eKcFfDc6S/7cZl2A7R8H7Az0PvM9Q
 b+SDvYZNxmrxZ+hH/nF25c3n664qsRZxvQU=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1667255564549100001

--_000_DS0PR11MB6445C4CCBF58221FFFADD41A8D379DS0PR11MB6445namp_
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D3387



Added use of SafeIntLib to validate values are not causing overflows or

underflows in user controlled values when calculating buffer sizes.



Signed-off-by: Miki Demeter <miki.demeter@intel.com>

Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>

Cc: Jian J Wang <jian.j.wang@intel.com>

Cc: Liming Gao <gaoliming@byosoft.com.cn>

---

 MdeModulePkg/Core/PiSmmCore/PiSmmCore.c   | 41 ++++++++++++++++++-----

 MdeModulePkg/Core/PiSmmCore/PiSmmCore.h   |  1 +

 MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf |  1 +

 MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c    | 31 +++++++++++++----

 MdeModulePkg/Core/PiSmmCore/PiSmmIpl.inf  |  1 +

 5 files changed, 60 insertions(+), 15 deletions(-)



diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c b/MdeModulePkg/Core/Pi=
SmmCore/PiSmmCore.c

index 9e5c6cbe33..875c7c0258 100644

--- a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c

+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c

@@ -610,6 +610,7 @@ SmmEndOfS3ResumeHandler (

   @param[in] Size2  Size of Buff2



   @retval TRUE      Buffers overlap in memory.

+  @retval TRUE      Math error.     Prevents potential math over and under=
flows.

   @retval FALSE     Buffer doesn't overlap.



 **/

@@ -621,11 +622,24 @@ InternalIsBufferOverlapped (

   IN UINTN  Size2

   )

 {

+  UINTN    End1;

+  UINTN    End2;

+  BOOLEAN  IsOverUnderflow1;

+  BOOLEAN  IsOverUnderflow2;

+

+  // Check for over or underflow

+  IsOverUnderflow1 =3D EFI_ERROR (SafeUintnAdd ((UINTN)Buff1, Size1, &End1=
));

+  IsOverUnderflow2 =3D EFI_ERROR (SafeUintnAdd ((UINTN)Buff2, Size2, &End2=
));

+

+  if (IsOverUnderflow1 || IsOverUnderflow2) {

+    return TRUE;

+  }

+

   //

   // If buff1's end is less than the start of buff2, then it's ok.

   // Also, if buff1's start is beyond buff2's end, then it's ok.

   //

-  if (((Buff1 + Size1) <=3D Buff2) || (Buff1 >=3D (Buff2 + Size2))) {

+  if ((End1 <=3D (UINTN)Buff2) || ((UINTN)Buff1 >=3D End2)) {

     return FALSE;

   }



@@ -651,6 +665,7 @@ SmmEntryPoint (

   EFI_SMM_COMMUNICATE_HEADER  *CommunicateHeader;

   BOOLEAN                     InLegacyBoot;

   BOOLEAN                     IsOverlapped;

+  BOOLEAN                     IsOverUnderflow;

   VOID                        *CommunicationBuffer;

   UINTN                       BufferSize;



@@ -699,23 +714,31 @@ SmmEntryPoint (

                        (UINT8 *)gSmmCorePrivate,

                        sizeof (*gSmmCorePrivate)

                        );

-      if (!SmmIsBufferOutsideSmmValid ((UINTN)CommunicationBuffer, BufferS=
ize) || IsOverlapped) {

+      //

+      // Check for over or underflows

+      //

+      IsOverUnderflow =3D EFI_ERROR (SafeUintnSub (BufferSize, OFFSET_OF (=
EFI_SMM_COMMUNICATE_HEADER, Data), &BufferSize));

+

+      if (!SmmIsBufferOutsideSmmValid ((UINTN)CommunicationBuffer, BufferS=
ize) ||

+          IsOverlapped || IsOverUnderflow)

+      {

         //

         // If CommunicationBuffer is not in valid address scope,

         // or there is overlap between gSmmCorePrivate and CommunicationBu=
ffer,

+        // or there is over or underflow,

         // return EFI_INVALID_PARAMETER

         //

         gSmmCorePrivate->CommunicationBuffer =3D NULL;

         gSmmCorePrivate->ReturnStatus        =3D EFI_ACCESS_DENIED;

       } else {

         CommunicateHeader =3D (EFI_SMM_COMMUNICATE_HEADER *)CommunicationB=
uffer;

-        BufferSize       -=3D OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data);

-        Status            =3D SmiManage (

-                              &CommunicateHeader->HeaderGuid,

-                              NULL,

-                              CommunicateHeader->Data,

-                              &BufferSize

-                              );

+        // BufferSize was updated by the SafeUintnSub() call above.

+        Status =3D SmiManage (

+                   &CommunicateHeader->HeaderGuid,

+                   NULL,

+                   CommunicateHeader->Data,

+                   &BufferSize

+                   );

         //

         // Update CommunicationBuffer, BufferSize and ReturnStatus

         // Communicate service finished, reset the pointer to CommBuffer t=
o NULL

diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h b/MdeModulePkg/Core/Pi=
SmmCore/PiSmmCore.h

index 71422b9dfc..b8a490a8c3 100644

--- a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h

+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h

@@ -54,6 +54,7 @@

 #include <Library/PerformanceLib.h>

 #include <Library/HobLib.h>

 #include <Library/SmmMemLib.h>

+#include <Library/SafeIntLib.h>



 #include "PiSmmCorePrivateData.h"

 #include "HeapGuard.h"

diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf b/MdeModulePkg/Core/=
PiSmmCore/PiSmmCore.inf

index c8bfae3860..3df44b38f1 100644

--- a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf

+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf

@@ -60,6 +60,7 @@

   PerformanceLib

   HobLib

   SmmMemLib

+  SafeIntLib



 [Protocols]

   gEfiDxeSmmReadyToLockProtocolGuid             ## UNDEFINED # SmiHandlerR=
egister

diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c b/MdeModulePkg/Core/PiS=
mmCore/PiSmmIpl.c

index 4f00cebaf5..fbba868fd0 100644

--- a/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c

+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c

@@ -34,8 +34,8 @@

 #include <Library/UefiRuntimeLib.h>

 #include <Library/PcdLib.h>

 #include <Library/ReportStatusCodeLib.h>

-

 #include "PiSmmCorePrivateData.h"

+#include <Library/SafeIntLib.h>



 #define SMRAM_CAPABILITIES  (EFI_MEMORY_WB | EFI_MEMORY_UC)



@@ -1354,6 +1354,7 @@ SmmSplitSmramEntry (

   @param[in] ReservedRangeToCompare     Pointer to EFI_SMM_RESERVED_SMRAM_=
REGION to compare.



   @retval TRUE  There is overlap.

+  @retval TRUE  Math error.

   @retval FALSE There is no overlap.



 **/

@@ -1363,11 +1364,29 @@ SmmIsSmramOverlap (

   IN EFI_SMM_RESERVED_SMRAM_REGION  *ReservedRangeToCompare

   )

 {

-  UINT64  RangeToCompareEnd;

-  UINT64  ReservedRangeToCompareEnd;

-

-  RangeToCompareEnd         =3D RangeToCompare->CpuStart + RangeToCompare-=
>PhysicalSize;

-  ReservedRangeToCompareEnd =3D ReservedRangeToCompare->SmramReservedStart=
 + ReservedRangeToCompare->SmramReservedSize;

+  UINT64   RangeToCompareEnd;

+  UINT64   ReservedRangeToCompareEnd;

+  BOOLEAN  IsOverUnderflow1;

+  BOOLEAN  IsOverUnderflow2;

+

+  // Check for over or underflow.

+  IsOverUnderflow1 =3D EFI_ERROR (

+                       SafeUint64Add (

+                         (UINT64)RangeToCompare->CpuStart,

+                         RangeToCompare->PhysicalSize,

+                         &RangeToCompareEnd

+                         )

+                       );

+  IsOverUnderflow2 =3D EFI_ERROR (

+                       SafeUint64Add (

+                         (UINT64)ReservedRangeToCompare->SmramReservedStar=
t,

+                         ReservedRangeToCompare->SmramReservedSize,

+                         &ReservedRangeToCompareEnd

+                         )

+                       );

+  if (IsOverUnderflow1 || IsOverUnderflow2) {

+    return TRUE;

+  }



   if ((RangeToCompare->CpuStart >=3D ReservedRangeToCompare->SmramReserved=
Start) &&

       (RangeToCompare->CpuStart < ReservedRangeToCompareEnd))

diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.inf b/MdeModulePkg/Core/P=
iSmmCore/PiSmmIpl.inf

index 6109d6b544..ddeb39cee2 100644

--- a/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.inf

+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.inf

@@ -46,6 +46,7 @@

   DxeServicesLib

   PcdLib

   ReportStatusCodeLib

+  SafeIntLib



 [Protocols]

   gEfiSmmBase2ProtocolGuid                      ## PRODUCES

--

2.21.0


--



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#95779): https://edk2.groups.io/g/devel/message/95779
Mute This Topic: https://groups.io/mt/94697674/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-


--_000_DS0PR11MB6445C4CCBF58221FFFADD41A8D379DS0PR11MB6445namp_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" xmlns:w=3D"urn:sc=
hemas-microsoft-com:office:word" xmlns:m=3D"http://schemas.microsoft.com/of=
fice/2004/12/omml" xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Menlo;
	panose-1:2 11 6 9 3 8 4 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	font-size:12.0pt;
	font-family:"Calibri",sans-serif;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
p.p1, li.p1, div.p1
	{mso-style-name:p1;
	margin:0in;
	font-size:8.5pt;
	font-family:Menlo;
	color:black;}
p.p2, li.p2, div.p2
	{mso-style-name:p2;
	margin:0in;
	font-size:8.5pt;
	font-family:Menlo;
	color:black;}
span.s1
	{mso-style-name:s1;}
span.apple-converted-space
	{mso-style-name:apple-converted-space;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:12.0pt;
	font-family:"Calibri",sans-serif;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style>
</head>
<body lang=3D"EN-US" link=3D"#0563C1" vlink=3D"#954F72" style=3D"word-wrap:=
break-word">
<div class=3D"WordSection1">
<p class=3D"p1"><span class=3D"s1">REF:https://bugzilla.tianocore.org/show_=
bug.cgi?id=3D3387</span><o:p></o:p></p>
<p class=3D"p2"><o:p>&nbsp;</o:p></p>
<p class=3D"p1"><span class=3D"s1">Added use of SafeIntLib to validate valu=
es are not causing overflows or</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">underflows in user controlled values whe=
n calculating buffer sizes.</span><o:p></o:p></p>
<p class=3D"p2"><o:p>&nbsp;</o:p></p>
<p class=3D"p1"><span class=3D"s1">Signed-off-by: Miki Demeter &lt;miki.dem=
eter@intel.com&gt;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">Reviewed-by: Michael D Kinney &lt;michae=
l.d.kinney@intel.com&gt;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">Cc: Jian J Wang &lt;jian.j.wang@intel.co=
m&gt;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">Cc: Liming Gao &lt;gaoliming@byosoft.com=
.cn&gt;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">---</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;</span><span cl=
ass=3D"s1">MdeModulePkg/Core/PiSmmCore/PiSmmCore.c
</span><span class=3D"apple-converted-space">&nbsp; </span><span class=3D"s=
1">| 41 ++++++++++++++++++-----</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;</span><span cl=
ass=3D"s1">MdeModulePkg/Core/PiSmmCore/PiSmmCore.h
</span><span class=3D"apple-converted-space">&nbsp; </span><span class=3D"s=
1">|</span><span class=3D"apple-converted-space">&nbsp;
</span><span class=3D"s1">1 +</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;</span><span cl=
ass=3D"s1">MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf |</span><span class=3D=
"apple-converted-space">&nbsp;
</span><span class=3D"s1">1 +</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;</span><span cl=
ass=3D"s1">MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c</span><span class=3D"appl=
e-converted-space">&nbsp; &nbsp;
</span><span class=3D"s1">| 31 +++++++++++++----</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;</span><span cl=
ass=3D"s1">MdeModulePkg/Core/PiSmmCore/PiSmmIpl.inf</span><span class=3D"ap=
ple-converted-space">&nbsp;
</span><span class=3D"s1">|</span><span class=3D"apple-converted-space">&nb=
sp; </span><span class=3D"s1">1 +</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;</span><span cl=
ass=3D"s1">5 files changed, 60 insertions(+), 15 deletions(-)</span><o:p></=
o:p></p>
<p class=3D"p2"><o:p>&nbsp;</o:p></p>
<p class=3D"p1"><span class=3D"s1">diff --git a/MdeModulePkg/Core/PiSmmCore=
/PiSmmCore.c b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c</span><o:p></o:p></p=
>
<p class=3D"p1"><span class=3D"s1">index 9e5c6cbe33..875c7c0258 100644</spa=
n><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">--- a/MdeModulePkg/Core/PiSmmCore/PiSmmC=
ore.c</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmC=
ore.c</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">@@ -610,6 +610,7 @@ SmmEndOfS3ResumeHand=
ler (</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">@param[in] Size2</span><span class=3D"apple-converted-spa=
ce">&nbsp;
</span><span class=3D"s1">Size of Buff2</span><o:p></o:p></p>
<p class=3D"p2"><span class=3D"apple-converted-space">&nbsp;</span><o:p></o=
:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">@retval TRUE</span><span class=3D"apple-converted-space">=
&nbsp; &nbsp; &nbsp;
</span><span class=3D"s1">Buffers overlap in memory.</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">@retval TRUE</span><span class=3D"apple-converted-space"=
>&nbsp; &nbsp; &nbsp; </span>
<span class=3D"s1">Math error. </span><span class=3D"apple-converted-space"=
>&nbsp; &nbsp; </span>
<span class=3D"s1">Prevents potential math over and underflows.</span><o:p>=
</o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">@retval FALSE
</span><span class=3D"apple-converted-space">&nbsp; &nbsp; </span><span cla=
ss=3D"s1">Buffer doesn't overlap.</span><o:p></o:p></p>
<p class=3D"p2"><span class=3D"apple-converted-space">&nbsp;</span><o:p></o=
:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;</span><span cl=
ass=3D"s1">**/</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">@@ -621,11 +622,24 @@ InternalIsBufferOv=
erlapped (</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">IN UINTN</span><span class=3D"apple-converted-space">&nbs=
p;
</span><span class=3D"s1">Size2</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">)</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;</span><span cl=
ass=3D"s1">{</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">UINTN</span><span class=3D"apple-converted-space">&nbsp;=
 &nbsp; </span><span class=3D"s1">End1;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">UINTN</span><span class=3D"apple-converted-space">&nbsp;=
 &nbsp; </span><span class=3D"s1">End2;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">BOOLEAN</span><span class=3D"apple-converted-space">&nbs=
p; </span><span class=3D"s1">IsOverUnderflow1;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">BOOLEAN</span><span class=3D"apple-converted-space">&nbs=
p; </span><span class=3D"s1">IsOverUnderflow2;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">// Check for over or underflow</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">IsOverUnderflow1 =3D EFI_ERROR (SafeUintnAdd ((UINTN)Buf=
f1, Size1, &amp;End1));</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">IsOverUnderflow2 =3D EFI_ERROR (SafeUintnAdd ((UINTN)Buf=
f2, Size2, &amp;End2));</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">if (IsOverUnderflow1 || IsOverUnderflow2) {</span><o:p><=
/o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; &nbsp; </span>
<span class=3D"s1">return TRUE;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">}</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">//</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">// If buff1's end is less than the start of buff2, then i=
t's ok.</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">// Also, if buff1's start is beyond buff2's end, then it'=
s ok.</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">//</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">-</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">if (((Buff1 + Size1) &lt;=3D Buff2) || (Buff1 &gt;=3D (B=
uff2 + Size2))) {</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">if ((End1 &lt;=3D (UINTN)Buff2) || ((UINTN)Buff1 &gt;=3D=
 End2)) {</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; &nbsp; <=
/span><span class=3D"s1">return FALSE;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">}</span><o:p></o:p></p>
<p class=3D"p2"><span class=3D"apple-converted-space">&nbsp;</span><o:p></o=
:p></p>
<p class=3D"p1"><span class=3D"s1">@@ -651,6 +665,7 @@ SmmEntryPoint (</spa=
n><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">EFI_SMM_COMMUNICATE_HEADER</span><span class=3D"apple-con=
verted-space">&nbsp;
</span><span class=3D"s1">*CommunicateHeader;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">BOOLEAN
</span><span class=3D"apple-converted-space">&nbsp; &nbsp; &nbsp; &nbsp; &n=
bsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </span><span class=3D"s1">InLegacyB=
oot;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">BOOLEAN
</span><span class=3D"apple-converted-space">&nbsp; &nbsp; &nbsp; &nbsp; &n=
bsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </span><span class=3D"s1">IsOverlap=
ped;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">BOOLEAN </span><span class=3D"apple-converted-space">&nb=
sp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
</span><span class=3D"s1">IsOverUnderflow;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">VOID</span><span class=3D"apple-converted-space">&nbsp; &=
nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
</span><span class=3D"s1">*CommunicationBuffer;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">UINTN
</span><span class=3D"apple-converted-space">&nbsp; &nbsp; &nbsp; &nbsp; &n=
bsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </span><span class=3D"s1">Bu=
fferSize;</span><o:p></o:p></p>
<p class=3D"p2"><span class=3D"apple-converted-space">&nbsp;</span><o:p></o=
:p></p>
<p class=3D"p1"><span class=3D"s1">@@ -699,23 +714,31 @@ SmmEntryPoint (</s=
pan><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp; &nbsp; &nbsp; =
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </span>
<span class=3D"s1">(UINT8 *)gSmmCorePrivate,</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp; &nbsp; &nbsp; =
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </span>
<span class=3D"s1">sizeof (*gSmmCorePrivate)</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp; &nbsp; &nbsp; =
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </span>
<span class=3D"s1">);</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">-</span><span class=3D"apple-converted-s=
pace">&nbsp; &nbsp; &nbsp; </span>
<span class=3D"s1">if (!SmmIsBufferOutsideSmmValid ((UINTN)CommunicationBuf=
fer, BufferSize) || IsOverlapped) {</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; &nbsp; &nbsp; </span>
<span class=3D"s1">//</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; &nbsp; &nbsp; </span>
<span class=3D"s1">// Check for over or underflows</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; &nbsp; &nbsp; </span>
<span class=3D"s1">//</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; &nbsp; &nbsp; </span>
<span class=3D"s1">IsOverUnderflow =3D EFI_ERROR (SafeUintnSub (BufferSize,=
 OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data), &amp;BufferSize));</span><o:=
p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; &nbsp; &nbsp; </span>
<span class=3D"s1">if (!SmmIsBufferOutsideSmmValid ((UINTN)CommunicationBuf=
fer, BufferSize) ||</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
</span><span class=3D"s1">IsOverlapped || IsOverUnderflow)</span><o:p></o:p=
></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; &nbsp; &nbsp; </span>
<span class=3D"s1">{</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; &nbsp; &=
nbsp; &nbsp; </span><span class=3D"s1">//</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; &nbsp; &=
nbsp; &nbsp; </span><span class=3D"s1">// If CommunicationBuffer is not in =
valid address scope,</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; &nbsp; &=
nbsp; &nbsp; </span><span class=3D"s1">// or there is overlap between gSmmC=
orePrivate and CommunicationBuffer,</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; &nbsp; &nbsp; &nbsp;
</span><span class=3D"s1">// or there is over or underflow,</span><o:p></o:=
p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; &nbsp; &=
nbsp; &nbsp; </span><span class=3D"s1">// return EFI_INVALID_PARAMETER</spa=
n><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; &nbsp; &=
nbsp; &nbsp; </span><span class=3D"s1">//</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; &nbsp; &=
nbsp; &nbsp; </span><span class=3D"s1">gSmmCorePrivate-&gt;CommunicationBuf=
fer =3D NULL;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; &nbsp; &=
nbsp; &nbsp; </span><span class=3D"s1">gSmmCorePrivate-&gt;ReturnStatus</sp=
an><span class=3D"apple-converted-space">&nbsp; &nbsp; &nbsp; &nbsp;
</span><span class=3D"s1">=3D EFI_ACCESS_DENIED;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; &nbsp; &=
nbsp; </span><span class=3D"s1">} else {</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; &nbsp; &=
nbsp; &nbsp; </span><span class=3D"s1">CommunicateHeader =3D (EFI_SMM_COMMU=
NICATE_HEADER *)CommunicationBuffer;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">-</span><span class=3D"apple-converted-s=
pace">&nbsp; &nbsp; &nbsp; &nbsp;
</span><span class=3D"s1">BufferSize </span><span class=3D"apple-converted-=
space">&nbsp; &nbsp; &nbsp;
</span><span class=3D"s1">-=3D OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data)=
;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">-</span><span class=3D"apple-converted-s=
pace">&nbsp; &nbsp; &nbsp; &nbsp;
</span><span class=3D"s1">Status</span><span class=3D"apple-converted-space=
">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
</span><span class=3D"s1">=3D SmiManage (</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">-</span><span class=3D"apple-converted-s=
pace">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;=
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
</span><span class=3D"s1">&amp;CommunicateHeader-&gt;HeaderGuid,</span><o:p=
></o:p></p>
<p class=3D"p1"><span class=3D"s1">-</span><span class=3D"apple-converted-s=
pace">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;=
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
</span><span class=3D"s1">NULL,</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">-</span><span class=3D"apple-converted-s=
pace">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;=
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
</span><span class=3D"s1">CommunicateHeader-&gt;Data,</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">-</span><span class=3D"apple-converted-s=
pace">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;=
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
</span><span class=3D"s1">&amp;BufferSize</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">-</span><span class=3D"apple-converted-s=
pace">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;=
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
</span><span class=3D"s1">);</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; &nbsp; &nbsp; &nbsp;
</span><span class=3D"s1">// BufferSize was updated by the SafeUintnSub() c=
all above.</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; &nbsp; &nbsp; &nbsp;
</span><span class=3D"s1">Status =3D SmiManage (</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+ </span><span class=3D"apple-converted-=
space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
</span><span class=3D"s1">&amp;CommunicateHeader-&gt;HeaderGuid,</span><o:p=
></o:p></p>
<p class=3D"p1"><span class=3D"s1">+ </span><span class=3D"apple-converted-=
space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
</span><span class=3D"s1">NULL,</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+ </span><span class=3D"apple-converted-=
space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
</span><span class=3D"s1">CommunicateHeader-&gt;Data,</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+ </span><span class=3D"apple-converted-=
space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
</span><span class=3D"s1">&amp;BufferSize</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+ </span><span class=3D"apple-converted-=
space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
</span><span class=3D"s1">);</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; &nbsp; &=
nbsp; &nbsp; </span><span class=3D"s1">//</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; &nbsp; &=
nbsp; &nbsp; </span><span class=3D"s1">// Update CommunicationBuffer, Buffe=
rSize and ReturnStatus</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; &nbsp; &=
nbsp; &nbsp; </span><span class=3D"s1">// Communicate service finished, res=
et the pointer to CommBuffer to NULL</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">diff --git a/MdeModulePkg/Core/PiSmmCore=
/PiSmmCore.h b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h</span><o:p></o:p></p=
>
<p class=3D"p1"><span class=3D"s1">index 71422b9dfc..b8a490a8c3 100644</spa=
n><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">--- a/MdeModulePkg/Core/PiSmmCore/PiSmmC=
ore.h</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmC=
ore.h</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">@@ -54,6 +54,7 @@</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;</span><span cl=
ass=3D"s1">#include &lt;Library/PerformanceLib.h&gt;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;</span><span cl=
ass=3D"s1">#include &lt;Library/HobLib.h&gt;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;</span><span cl=
ass=3D"s1">#include &lt;Library/SmmMemLib.h&gt;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+#include &lt;Library/SafeIntLib.h&gt;</=
span><o:p></o:p></p>
<p class=3D"p2"><span class=3D"apple-converted-space">&nbsp;</span><o:p></o=
:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;</span><span cl=
ass=3D"s1">#include &quot;PiSmmCorePrivateData.h&quot;</span><o:p></o:p></p=
>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;</span><span cl=
ass=3D"s1">#include &quot;HeapGuard.h&quot;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">diff --git a/MdeModulePkg/Core/PiSmmCore=
/PiSmmCore.inf b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf</span><o:p></o:p=
></p>
<p class=3D"p1"><span class=3D"s1">index c8bfae3860..3df44b38f1 100644</spa=
n><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">--- a/MdeModulePkg/Core/PiSmmCore/PiSmmC=
ore.inf</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmC=
ore.inf</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">@@ -60,6 +60,7 @@</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">PerformanceLib</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">HobLib</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">SmmMemLib</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">SafeIntLib</span><o:p></o:p></p>
<p class=3D"p2"><span class=3D"apple-converted-space">&nbsp;</span><o:p></o=
:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;</span><span cl=
ass=3D"s1">[Protocols]</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">gEfiDxeSmmReadyToLockProtocolGuid
</span><span class=3D"apple-converted-space">&nbsp; &nbsp; &nbsp; &nbsp; &n=
bsp; &nbsp; </span><span class=3D"s1">## UNDEFINED # SmiHandlerRegister</sp=
an><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">diff --git a/MdeModulePkg/Core/PiSmmCore=
/PiSmmIpl.c b/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">index 4f00cebaf5..fbba868fd0 100644</spa=
n><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">--- a/MdeModulePkg/Core/PiSmmCore/PiSmmI=
pl.c</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmI=
pl.c</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">@@ -34,8 +34,8 @@</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;</span><span cl=
ass=3D"s1">#include &lt;Library/UefiRuntimeLib.h&gt;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;</span><span cl=
ass=3D"s1">#include &lt;Library/PcdLib.h&gt;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;</span><span cl=
ass=3D"s1">#include &lt;Library/ReportStatusCodeLib.h&gt;</span><o:p></o:p>=
</p>
<p class=3D"p1"><span class=3D"s1">-</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;</span><span cl=
ass=3D"s1">#include &quot;PiSmmCorePrivateData.h&quot;</span><o:p></o:p></p=
>
<p class=3D"p1"><span class=3D"s1">+#include &lt;Library/SafeIntLib.h&gt;</=
span><o:p></o:p></p>
<p class=3D"p2"><span class=3D"apple-converted-space">&nbsp;</span><o:p></o=
:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;</span><span cl=
ass=3D"s1">#define SMRAM_CAPABILITIES</span><span class=3D"apple-converted-=
space">&nbsp;
</span><span class=3D"s1">(EFI_MEMORY_WB | EFI_MEMORY_UC)</span><o:p></o:p>=
</p>
<p class=3D"p2"><span class=3D"apple-converted-space">&nbsp;</span><o:p></o=
:p></p>
<p class=3D"p1"><span class=3D"s1">@@ -1354,6 +1354,7 @@ SmmSplitSmramEntry=
 (</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">@param[in] ReservedRangeToCompare
</span><span class=3D"apple-converted-space">&nbsp; &nbsp; </span><span cla=
ss=3D"s1">Pointer to EFI_SMM_RESERVED_SMRAM_REGION to compare.</span><o:p><=
/o:p></p>
<p class=3D"p2"><span class=3D"apple-converted-space">&nbsp;</span><o:p></o=
:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">@retval TRUE</span><span class=3D"apple-converted-space">=
&nbsp;
</span><span class=3D"s1">There is overlap.</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">@retval TRUE</span><span class=3D"apple-converted-space"=
>&nbsp; </span>
<span class=3D"s1">Math error.</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">@retval FALSE There is no overlap.</span><o:p></o:p></p>
<p class=3D"p2"><span class=3D"apple-converted-space">&nbsp;</span><o:p></o=
:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;</span><span cl=
ass=3D"s1">**/</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">@@ -1363,11 +1364,29 @@ SmmIsSmramOverla=
p (</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">IN EFI_SMM_RESERVED_SMRAM_REGION</span><span class=3D"app=
le-converted-space">&nbsp;
</span><span class=3D"s1">*ReservedRangeToCompare</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">)</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;</span><span cl=
ass=3D"s1">{</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">-</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">UINT64</span><span class=3D"apple-converted-space">&nbsp=
; </span><span class=3D"s1">RangeToCompareEnd;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">-</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">UINT64</span><span class=3D"apple-converted-space">&nbsp=
; </span><span class=3D"s1">ReservedRangeToCompareEnd;</span><o:p></o:p></p=
>
<p class=3D"p1"><span class=3D"s1">-</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">-</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">RangeToCompareEnd </span><span class=3D"apple-converted-=
space">&nbsp; &nbsp; &nbsp; &nbsp;
</span><span class=3D"s1">=3D RangeToCompare-&gt;CpuStart + RangeToCompare-=
&gt;PhysicalSize;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">-</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">ReservedRangeToCompareEnd =3D ReservedRangeToCompare-&gt=
;SmramReservedStart + ReservedRangeToCompare-&gt;SmramReservedSize;</span><=
o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">UINT64 </span><span class=3D"apple-converted-space">&nbs=
p; </span><span class=3D"s1">RangeToCompareEnd;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">UINT64 </span><span class=3D"apple-converted-space">&nbs=
p; </span><span class=3D"s1">ReservedRangeToCompareEnd;</span><o:p></o:p></=
p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">BOOLEAN</span><span class=3D"apple-converted-space">&nbs=
p; </span><span class=3D"s1">IsOverUnderflow1;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">BOOLEAN</span><span class=3D"apple-converted-space">&nbs=
p; </span><span class=3D"s1">IsOverUnderflow2;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">// Check for over or underflow.</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">IsOverUnderflow1 =3D EFI_ERROR (</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+ </span><span class=3D"apple-converted-=
space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp=
; &nbsp;
</span><span class=3D"s1">SafeUint64Add (</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+ </span><span class=3D"apple-converted-=
space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp=
; &nbsp; &nbsp;
</span><span class=3D"s1">(UINT64)RangeToCompare-&gt;CpuStart,</span><o:p><=
/o:p></p>
<p class=3D"p1"><span class=3D"s1">+ </span><span class=3D"apple-converted-=
space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp=
; &nbsp; &nbsp;
</span><span class=3D"s1">RangeToCompare-&gt;PhysicalSize,</span><o:p></o:p=
></p>
<p class=3D"p1"><span class=3D"s1">+ </span><span class=3D"apple-converted-=
space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp=
; &nbsp; &nbsp;
</span><span class=3D"s1">&amp;RangeToCompareEnd</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+ </span><span class=3D"apple-converted-=
space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp=
; &nbsp; &nbsp;
</span><span class=3D"s1">)</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+ </span><span class=3D"apple-converted-=
space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp=
; &nbsp;
</span><span class=3D"s1">);</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">IsOverUnderflow2 =3D EFI_ERROR (</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+ </span><span class=3D"apple-converted-=
space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp=
; &nbsp;
</span><span class=3D"s1">SafeUint64Add (</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+ </span><span class=3D"apple-converted-=
space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp=
; &nbsp; &nbsp;
</span><span class=3D"s1">(UINT64)ReservedRangeToCompare-&gt;SmramReservedS=
tart,</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+ </span><span class=3D"apple-converted-=
space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp=
; &nbsp; &nbsp;
</span><span class=3D"s1">ReservedRangeToCompare-&gt;SmramReservedSize,</sp=
an><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+ </span><span class=3D"apple-converted-=
space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp=
; &nbsp; &nbsp;
</span><span class=3D"s1">&amp;ReservedRangeToCompareEnd</span><o:p></o:p><=
/p>
<p class=3D"p1"><span class=3D"s1">+ </span><span class=3D"apple-converted-=
space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp=
; &nbsp; &nbsp;
</span><span class=3D"s1">)</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+ </span><span class=3D"apple-converted-=
space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp=
; &nbsp;
</span><span class=3D"s1">);</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">if (IsOverUnderflow1 || IsOverUnderflow2) {</span><o:p><=
/o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; &nbsp; </span>
<span class=3D"s1">return TRUE;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">}</span><o:p></o:p></p>
<p class=3D"p2"><span class=3D"apple-converted-space">&nbsp;</span><o:p></o=
:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">if ((RangeToCompare-&gt;CpuStart &gt;=3D ReservedRangeToC=
ompare-&gt;SmramReservedStart) &amp;&amp;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; &nbsp; &=
nbsp; </span><span class=3D"s1">(RangeToCompare-&gt;CpuStart &lt; ReservedR=
angeToCompareEnd))</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">diff --git a/MdeModulePkg/Core/PiSmmCore=
/PiSmmIpl.inf b/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.inf</span><o:p></o:p><=
/p>
<p class=3D"p1"><span class=3D"s1">index 6109d6b544..ddeb39cee2 100644</spa=
n><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">--- a/MdeModulePkg/Core/PiSmmCore/PiSmmI=
pl.inf</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmI=
pl.inf</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">@@ -46,6 +46,7 @@</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">DxeServicesLib</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">PcdLib</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">ReportStatusCodeLib</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">+</span><span class=3D"apple-converted-s=
pace">&nbsp; </span>
<span class=3D"s1">SafeIntLib</span><o:p></o:p></p>
<p class=3D"p2"><span class=3D"apple-converted-space">&nbsp;</span><o:p></o=
:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;</span><span cl=
ass=3D"s1">[Protocols]</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"apple-converted-space">&nbsp;&nbsp; </span><=
span class=3D"s1">gEfiSmmBase2ProtocolGuid</span><span class=3D"apple-conve=
rted-space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; =
&nbsp; &nbsp;
</span><span class=3D"s1">## PRODUCES</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">--</span><span class=3D"apple-converted-=
space">&nbsp;</span><o:p></o:p></p>
<p class=3D"p1"><span class=3D"s1">2.21.0</span><o:p></o:p></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt"><o:p>&nbsp;</o:p></=
span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt"><o:p>&nbsp;</o:p></=
span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt">--&nbsp;<o:p></o:p>=
</span></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</body>
</html>


 <div width=3D"1" style=3D"color:white;clear:both">_._,_._,_</div> <hr>   G=
roups.io Links:<p>   You receive all messages sent to this group.    <p> <a=
 target=3D"_blank" href=3D"https://edk2.groups.io/g/devel/message/95779">Vi=
ew/Reply Online (#95779)</a> |    |  <a target=3D"_blank" href=3D"https://g=
roups.io/mt/94697674/1787277">Mute This Topic</a>  | <a href=3D"https://edk=
2.groups.io/g/devel/post">New Topic</a><br>    <a href=3D"https://edk2.grou=
ps.io/g/devel/editsub/1787277">Your Subscription</a> | <a href=3D"mailto:de=
vel+owner@edk2.groups.io">Contact Group Owner</a> |  <a href=3D"https://edk=
2.groups.io/g/devel/unsub">Unsubscribe</a>  [importer@patchew.org]<br> <div=
 width=3D"1" style=3D"color:white;clear:both">_._,_._,_</div>=20


--_000_DS0PR11MB6445C4CCBF58221FFFADD41A8D379DS0PR11MB6445namp_--