<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Menlo;
panose-1:2 11 6 9 3 8 4 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
p.p1, li.p1, div.p1
{mso-style-name:p1;
margin:0in;
font-size:8.5pt;
font-family:Menlo;
color:black;}
p.p2, li.p2, div.p2
{mso-style-name:p2;
margin:0in;
font-size:8.5pt;
font-family:Menlo;
color:black;}
span.s1
{mso-style-name:s1;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="p1"><span class="s1">REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3387</span><o:p></o:p></p>
<p class="p2"><o:p> </o:p></p>
<p class="p1"><span class="s1">Added use of SafeIntLib to validate values are not causing overflows or</span><o:p></o:p></p>
<p class="p1"><span class="s1">underflows in user controlled values when calculating buffer sizes.</span><o:p></o:p></p>
<p class="p2"><o:p> </o:p></p>
<p class="p1"><span class="s1">Signed-off-by: Miki Demeter <miki.demeter@intel.com></span><o:p></o:p></p>
<p class="p1"><span class="s1">Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com></span><o:p></o:p></p>
<p class="p1"><span class="s1">Cc: Jian J Wang <jian.j.wang@intel.com></span><o:p></o:p></p>
<p class="p1"><span class="s1">Cc: Liming Gao <gaoliming@byosoft.com.cn></span><o:p></o:p></p>
<p class="p1"><span class="s1">---</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">MdeModulePkg/Core/PiSmmCore/PiSmmCore.c
</span><span class="apple-converted-space"> </span><span class="s1">| 41 ++++++++++++++++++-----</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">MdeModulePkg/Core/PiSmmCore/PiSmmCore.h
</span><span class="apple-converted-space"> </span><span class="s1">|</span><span class="apple-converted-space">
</span><span class="s1">1 +</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf |</span><span class="apple-converted-space">
</span><span class="s1">1 +</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c</span><span class="apple-converted-space">
</span><span class="s1">| 31 +++++++++++++----</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">MdeModulePkg/Core/PiSmmCore/PiSmmIpl.inf</span><span class="apple-converted-space">
</span><span class="s1">|</span><span class="apple-converted-space"> </span><span class="s1">1 +</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">5 files changed, 60 insertions(+), 15 deletions(-)</span><o:p></o:p></p>
<p class="p2"><o:p> </o:p></p>
<p class="p1"><span class="s1">diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c</span><o:p></o:p></p>
<p class="p1"><span class="s1">index 9e5c6cbe33..875c7c0258 100644</span><o:p></o:p></p>
<p class="p1"><span class="s1">--- a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c</span><o:p></o:p></p>
<p class="p1"><span class="s1">+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c</span><o:p></o:p></p>
<p class="p1"><span class="s1">@@ -610,6 +610,7 @@ SmmEndOfS3ResumeHandler (</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">@param[in] Size2</span><span class="apple-converted-space">
</span><span class="s1">Size of Buff2</span><o:p></o:p></p>
<p class="p2"><span class="apple-converted-space"> </span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">@retval TRUE</span><span class="apple-converted-space">
</span><span class="s1">Buffers overlap in memory.</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">@retval TRUE</span><span class="apple-converted-space"> </span>
<span class="s1">Math error. </span><span class="apple-converted-space"> </span>
<span class="s1">Prevents potential math over and underflows.</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">@retval FALSE
</span><span class="apple-converted-space"> </span><span class="s1">Buffer doesn't overlap.</span><o:p></o:p></p>
<p class="p2"><span class="apple-converted-space"> </span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">**/</span><o:p></o:p></p>
<p class="p1"><span class="s1">@@ -621,11 +622,24 @@ InternalIsBufferOverlapped (</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">IN UINTN</span><span class="apple-converted-space">
</span><span class="s1">Size2</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">)</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">{</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">UINTN</span><span class="apple-converted-space"> </span><span class="s1">End1;</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">UINTN</span><span class="apple-converted-space"> </span><span class="s1">End2;</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">BOOLEAN</span><span class="apple-converted-space"> </span><span class="s1">IsOverUnderflow1;</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">BOOLEAN</span><span class="apple-converted-space"> </span><span class="s1">IsOverUnderflow2;</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">// Check for over or underflow</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">IsOverUnderflow1 = EFI_ERROR (SafeUintnAdd ((UINTN)Buff1, Size1, &End1));</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">IsOverUnderflow2 = EFI_ERROR (SafeUintnAdd ((UINTN)Buff2, Size2, &End2));</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">if (IsOverUnderflow1 || IsOverUnderflow2) {</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">return TRUE;</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">}</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">//</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">// If buff1's end is less than the start of buff2, then it's ok.</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">// Also, if buff1's start is beyond buff2's end, then it's ok.</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">//</span><o:p></o:p></p>
<p class="p1"><span class="s1">-</span><span class="apple-converted-space"> </span>
<span class="s1">if (((Buff1 + Size1) <= Buff2) || (Buff1 >= (Buff2 + Size2))) {</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">if ((End1 <= (UINTN)Buff2) || ((UINTN)Buff1 >= End2)) {</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">return FALSE;</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">}</span><o:p></o:p></p>
<p class="p2"><span class="apple-converted-space"> </span><o:p></o:p></p>
<p class="p1"><span class="s1">@@ -651,6 +665,7 @@ SmmEntryPoint (</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">EFI_SMM_COMMUNICATE_HEADER</span><span class="apple-converted-space">
</span><span class="s1">*CommunicateHeader;</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">BOOLEAN
</span><span class="apple-converted-space"> </span><span class="s1">InLegacyBoot;</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">BOOLEAN
</span><span class="apple-converted-space"> </span><span class="s1">IsOverlapped;</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">BOOLEAN </span><span class="apple-converted-space">
</span><span class="s1">IsOverUnderflow;</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">VOID</span><span class="apple-converted-space">
</span><span class="s1">*CommunicationBuffer;</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">UINTN
</span><span class="apple-converted-space"> </span><span class="s1">BufferSize;</span><o:p></o:p></p>
<p class="p2"><span class="apple-converted-space"> </span><o:p></o:p></p>
<p class="p1"><span class="s1">@@ -699,23 +714,31 @@ SmmEntryPoint (</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span>
<span class="s1">(UINT8 *)gSmmCorePrivate,</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span>
<span class="s1">sizeof (*gSmmCorePrivate)</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span>
<span class="s1">);</span><o:p></o:p></p>
<p class="p1"><span class="s1">-</span><span class="apple-converted-space"> </span>
<span class="s1">if (!SmmIsBufferOutsideSmmValid ((UINTN)CommunicationBuffer, BufferSize) || IsOverlapped) {</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">//</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">// Check for over or underflows</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">//</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">IsOverUnderflow = EFI_ERROR (SafeUintnSub (BufferSize, OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data), &BufferSize));</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">if (!SmmIsBufferOutsideSmmValid ((UINTN)CommunicationBuffer, BufferSize) ||</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space">
</span><span class="s1">IsOverlapped || IsOverUnderflow)</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">{</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">//</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">// If CommunicationBuffer is not in valid address scope,</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">// or there is overlap between gSmmCorePrivate and CommunicationBuffer,</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space">
</span><span class="s1">// or there is over or underflow,</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">// return EFI_INVALID_PARAMETER</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">//</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">gSmmCorePrivate->CommunicationBuffer = NULL;</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">gSmmCorePrivate->ReturnStatus</span><span class="apple-converted-space">
</span><span class="s1">= EFI_ACCESS_DENIED;</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">} else {</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">CommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *)CommunicationBuffer;</span><o:p></o:p></p>
<p class="p1"><span class="s1">-</span><span class="apple-converted-space">
</span><span class="s1">BufferSize </span><span class="apple-converted-space">
</span><span class="s1">-= OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data);</span><o:p></o:p></p>
<p class="p1"><span class="s1">-</span><span class="apple-converted-space">
</span><span class="s1">Status</span><span class="apple-converted-space">
</span><span class="s1">= SmiManage (</span><o:p></o:p></p>
<p class="p1"><span class="s1">-</span><span class="apple-converted-space">
</span><span class="s1">&CommunicateHeader->HeaderGuid,</span><o:p></o:p></p>
<p class="p1"><span class="s1">-</span><span class="apple-converted-space">
</span><span class="s1">NULL,</span><o:p></o:p></p>
<p class="p1"><span class="s1">-</span><span class="apple-converted-space">
</span><span class="s1">CommunicateHeader->Data,</span><o:p></o:p></p>
<p class="p1"><span class="s1">-</span><span class="apple-converted-space">
</span><span class="s1">&BufferSize</span><o:p></o:p></p>
<p class="p1"><span class="s1">-</span><span class="apple-converted-space">
</span><span class="s1">);</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space">
</span><span class="s1">// BufferSize was updated by the SafeUintnSub() call above.</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space">
</span><span class="s1">Status = SmiManage (</span><o:p></o:p></p>
<p class="p1"><span class="s1">+ </span><span class="apple-converted-space">
</span><span class="s1">&CommunicateHeader->HeaderGuid,</span><o:p></o:p></p>
<p class="p1"><span class="s1">+ </span><span class="apple-converted-space">
</span><span class="s1">NULL,</span><o:p></o:p></p>
<p class="p1"><span class="s1">+ </span><span class="apple-converted-space">
</span><span class="s1">CommunicateHeader->Data,</span><o:p></o:p></p>
<p class="p1"><span class="s1">+ </span><span class="apple-converted-space">
</span><span class="s1">&BufferSize</span><o:p></o:p></p>
<p class="p1"><span class="s1">+ </span><span class="apple-converted-space">
</span><span class="s1">);</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">//</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">// Update CommunicationBuffer, BufferSize and ReturnStatus</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">// Communicate service finished, reset the pointer to CommBuffer to NULL</span><o:p></o:p></p>
<p class="p1"><span class="s1">diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h</span><o:p></o:p></p>
<p class="p1"><span class="s1">index 71422b9dfc..b8a490a8c3 100644</span><o:p></o:p></p>
<p class="p1"><span class="s1">--- a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h</span><o:p></o:p></p>
<p class="p1"><span class="s1">+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h</span><o:p></o:p></p>
<p class="p1"><span class="s1">@@ -54,6 +54,7 @@</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">#include <Library/PerformanceLib.h></span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">#include <Library/HobLib.h></span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">#include <Library/SmmMemLib.h></span><o:p></o:p></p>
<p class="p1"><span class="s1">+#include <Library/SafeIntLib.h></span><o:p></o:p></p>
<p class="p2"><span class="apple-converted-space"> </span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">#include "PiSmmCorePrivateData.h"</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">#include "HeapGuard.h"</span><o:p></o:p></p>
<p class="p1"><span class="s1">diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf</span><o:p></o:p></p>
<p class="p1"><span class="s1">index c8bfae3860..3df44b38f1 100644</span><o:p></o:p></p>
<p class="p1"><span class="s1">--- a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf</span><o:p></o:p></p>
<p class="p1"><span class="s1">+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf</span><o:p></o:p></p>
<p class="p1"><span class="s1">@@ -60,6 +60,7 @@</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">PerformanceLib</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">HobLib</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">SmmMemLib</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">SafeIntLib</span><o:p></o:p></p>
<p class="p2"><span class="apple-converted-space"> </span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">[Protocols]</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">gEfiDxeSmmReadyToLockProtocolGuid
</span><span class="apple-converted-space"> </span><span class="s1">## UNDEFINED # SmiHandlerRegister</span><o:p></o:p></p>
<p class="p1"><span class="s1">diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c b/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c</span><o:p></o:p></p>
<p class="p1"><span class="s1">index 4f00cebaf5..fbba868fd0 100644</span><o:p></o:p></p>
<p class="p1"><span class="s1">--- a/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c</span><o:p></o:p></p>
<p class="p1"><span class="s1">+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c</span><o:p></o:p></p>
<p class="p1"><span class="s1">@@ -34,8 +34,8 @@</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">#include <Library/UefiRuntimeLib.h></span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">#include <Library/PcdLib.h></span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">#include <Library/ReportStatusCodeLib.h></span><o:p></o:p></p>
<p class="p1"><span class="s1">-</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">#include "PiSmmCorePrivateData.h"</span><o:p></o:p></p>
<p class="p1"><span class="s1">+#include <Library/SafeIntLib.h></span><o:p></o:p></p>
<p class="p2"><span class="apple-converted-space"> </span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">#define SMRAM_CAPABILITIES</span><span class="apple-converted-space">
</span><span class="s1">(EFI_MEMORY_WB | EFI_MEMORY_UC)</span><o:p></o:p></p>
<p class="p2"><span class="apple-converted-space"> </span><o:p></o:p></p>
<p class="p1"><span class="s1">@@ -1354,6 +1354,7 @@ SmmSplitSmramEntry (</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">@param[in] ReservedRangeToCompare
</span><span class="apple-converted-space"> </span><span class="s1">Pointer to EFI_SMM_RESERVED_SMRAM_REGION to compare.</span><o:p></o:p></p>
<p class="p2"><span class="apple-converted-space"> </span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">@retval TRUE</span><span class="apple-converted-space">
</span><span class="s1">There is overlap.</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">@retval TRUE</span><span class="apple-converted-space"> </span>
<span class="s1">Math error.</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">@retval FALSE There is no overlap.</span><o:p></o:p></p>
<p class="p2"><span class="apple-converted-space"> </span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">**/</span><o:p></o:p></p>
<p class="p1"><span class="s1">@@ -1363,11 +1364,29 @@ SmmIsSmramOverlap (</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">IN EFI_SMM_RESERVED_SMRAM_REGION</span><span class="apple-converted-space">
</span><span class="s1">*ReservedRangeToCompare</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">)</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">{</span><o:p></o:p></p>
<p class="p1"><span class="s1">-</span><span class="apple-converted-space"> </span>
<span class="s1">UINT64</span><span class="apple-converted-space"> </span><span class="s1">RangeToCompareEnd;</span><o:p></o:p></p>
<p class="p1"><span class="s1">-</span><span class="apple-converted-space"> </span>
<span class="s1">UINT64</span><span class="apple-converted-space"> </span><span class="s1">ReservedRangeToCompareEnd;</span><o:p></o:p></p>
<p class="p1"><span class="s1">-</span><o:p></o:p></p>
<p class="p1"><span class="s1">-</span><span class="apple-converted-space"> </span>
<span class="s1">RangeToCompareEnd </span><span class="apple-converted-space">
</span><span class="s1">= RangeToCompare->CpuStart + RangeToCompare->PhysicalSize;</span><o:p></o:p></p>
<p class="p1"><span class="s1">-</span><span class="apple-converted-space"> </span>
<span class="s1">ReservedRangeToCompareEnd = ReservedRangeToCompare->SmramReservedStart + ReservedRangeToCompare->SmramReservedSize;</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">UINT64 </span><span class="apple-converted-space"> </span><span class="s1">RangeToCompareEnd;</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">UINT64 </span><span class="apple-converted-space"> </span><span class="s1">ReservedRangeToCompareEnd;</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">BOOLEAN</span><span class="apple-converted-space"> </span><span class="s1">IsOverUnderflow1;</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">BOOLEAN</span><span class="apple-converted-space"> </span><span class="s1">IsOverUnderflow2;</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">// Check for over or underflow.</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">IsOverUnderflow1 = EFI_ERROR (</span><o:p></o:p></p>
<p class="p1"><span class="s1">+ </span><span class="apple-converted-space">
</span><span class="s1">SafeUint64Add (</span><o:p></o:p></p>
<p class="p1"><span class="s1">+ </span><span class="apple-converted-space">
</span><span class="s1">(UINT64)RangeToCompare->CpuStart,</span><o:p></o:p></p>
<p class="p1"><span class="s1">+ </span><span class="apple-converted-space">
</span><span class="s1">RangeToCompare->PhysicalSize,</span><o:p></o:p></p>
<p class="p1"><span class="s1">+ </span><span class="apple-converted-space">
</span><span class="s1">&RangeToCompareEnd</span><o:p></o:p></p>
<p class="p1"><span class="s1">+ </span><span class="apple-converted-space">
</span><span class="s1">)</span><o:p></o:p></p>
<p class="p1"><span class="s1">+ </span><span class="apple-converted-space">
</span><span class="s1">);</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">IsOverUnderflow2 = EFI_ERROR (</span><o:p></o:p></p>
<p class="p1"><span class="s1">+ </span><span class="apple-converted-space">
</span><span class="s1">SafeUint64Add (</span><o:p></o:p></p>
<p class="p1"><span class="s1">+ </span><span class="apple-converted-space">
</span><span class="s1">(UINT64)ReservedRangeToCompare->SmramReservedStart,</span><o:p></o:p></p>
<p class="p1"><span class="s1">+ </span><span class="apple-converted-space">
</span><span class="s1">ReservedRangeToCompare->SmramReservedSize,</span><o:p></o:p></p>
<p class="p1"><span class="s1">+ </span><span class="apple-converted-space">
</span><span class="s1">&ReservedRangeToCompareEnd</span><o:p></o:p></p>
<p class="p1"><span class="s1">+ </span><span class="apple-converted-space">
</span><span class="s1">)</span><o:p></o:p></p>
<p class="p1"><span class="s1">+ </span><span class="apple-converted-space">
</span><span class="s1">);</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">if (IsOverUnderflow1 || IsOverUnderflow2) {</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">return TRUE;</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">}</span><o:p></o:p></p>
<p class="p2"><span class="apple-converted-space"> </span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">if ((RangeToCompare->CpuStart >= ReservedRangeToCompare->SmramReservedStart) &&</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">(RangeToCompare->CpuStart < ReservedRangeToCompareEnd))</span><o:p></o:p></p>
<p class="p1"><span class="s1">diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.inf b/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.inf</span><o:p></o:p></p>
<p class="p1"><span class="s1">index 6109d6b544..ddeb39cee2 100644</span><o:p></o:p></p>
<p class="p1"><span class="s1">--- a/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.inf</span><o:p></o:p></p>
<p class="p1"><span class="s1">+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.inf</span><o:p></o:p></p>
<p class="p1"><span class="s1">@@ -46,6 +46,7 @@</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">DxeServicesLib</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">PcdLib</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">ReportStatusCodeLib</span><o:p></o:p></p>
<p class="p1"><span class="s1">+</span><span class="apple-converted-space"> </span>
<span class="s1">SafeIntLib</span><o:p></o:p></p>
<p class="p2"><span class="apple-converted-space"> </span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">[Protocols]</span><o:p></o:p></p>
<p class="p1"><span class="apple-converted-space"> </span><span class="s1">gEfiSmmBase2ProtocolGuid</span><span class="apple-converted-space">
</span><span class="s1">## PRODUCES</span><o:p></o:p></p>
<p class="p1"><span class="s1">--</span><span class="apple-converted-space"> </span><o:p></o:p></p>
<p class="p1"><span class="s1">2.21.0</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">-- <o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>
<div width="1" style="color:white;clear:both">_._,_._,_</div> <hr> Groups.io Links:<p> You receive all messages sent to this group. <p> <a target="_blank" href="https://edk2.groups.io/g/devel/message/95779">View/Reply Online (#95779)</a> | | <a target="_blank" href="https://groups.io/mt/94697674/1813853">Mute This Topic</a> | <a href="https://edk2.groups.io/g/devel/post">New Topic</a><br> <a href="https://edk2.groups.io/g/devel/editsub/1813853">Your Subscription</a> | <a href="mailto:devel+owner@edk2.groups.io">Contact Group Owner</a> | <a href="https://edk2.groups.io/g/devel/unsub">Unsubscribe</a> [edk2-devel-archive@redhat.com]<br> <div width="1" style="color:white;clear:both">_._,_._,_</div>