diff options
| author | Eric Dong <eric.dong@intel.com> | 2018-08-21 14:44:41 +0800 |
|---|---|---|
| committer | Eric Dong <eric.dong@intel.com> | 2018-08-28 10:24:25 +0800 |
| commit | f965b772fcc4bdc5f207998126d93d80c085d5f5 (patch) | |
| tree | 0abf459180395efa30fe63a13135b3c2a4c0826a /MdeModulePkg/Core/PiSmmCore | |
| parent | 17da1b91089d1da8a0b9fbbb8d29e4586fa13e46 (diff) | |
| download | edk2-f965b772fcc4bdc5f207998126d93d80c085d5f5.tar.gz edk2-f965b772fcc4bdc5f207998126d93d80c085d5f5.tar.bz2 edk2-f965b772fcc4bdc5f207998126d93d80c085d5f5.zip | |
MdeModulePkg/PiSmmCore: Check valid memory range.
Call BS.AllocatePages in DXE driver and call SMM FreePages with the address of the buffer allocated in the DXE driver. SMM FreePages success and add a non-SMRAM range into SMM heap list. This is not an expected behavior. SMM FreePages should return error for this case and not free the pages.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1098
Change-Id: Ie5ffa1ac62c558aa418a8a3d7d0e8158b846e13b
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Diffstat (limited to 'MdeModulePkg/Core/PiSmmCore')
| -rw-r--r-- | MdeModulePkg/Core/PiSmmCore/Page.c | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/MdeModulePkg/Core/PiSmmCore/Page.c b/MdeModulePkg/Core/PiSmmCore/Page.c index cd7d7ece0c..25f72d309b 100644 --- a/MdeModulePkg/Core/PiSmmCore/Page.c +++ b/MdeModulePkg/Core/PiSmmCore/Page.c @@ -863,6 +863,41 @@ SmmInternalFreePages ( }
/**
+ Check whether the input range is in memory map.
+
+ @param Memory Base address of memory being inputed.
+ @param NumberOfPages The number of pages.
+
+ @retval TRUE In memory map.
+ @retval FALSE Not in memory map.
+
+**/
+BOOLEAN
+InMemMap (
+ IN EFI_PHYSICAL_ADDRESS Memory,
+ IN UINTN NumberOfPages
+ )
+{
+ LIST_ENTRY *Link;
+ MEMORY_MAP *Entry;
+ EFI_PHYSICAL_ADDRESS Last;
+
+ Last = Memory + EFI_PAGES_TO_SIZE (NumberOfPages) - 1;
+
+ Link = gMemoryMap.ForwardLink;
+ while (Link != &gMemoryMap) {
+ Entry = CR (Link, MEMORY_MAP, Link, MEMORY_MAP_SIGNATURE);
+ Link = Link->ForwardLink;
+
+ if ((Entry->Start <= Memory) && (Entry->End >= Last)) {
+ return TRUE;
+ }
+ }
+
+ return FALSE;
+}
+
+/**
Frees previous allocated pages.
@param Memory Base address of memory being freed.
@@ -883,6 +918,10 @@ SmmFreePages ( EFI_STATUS Status;
BOOLEAN IsGuarded;
+ if (!InMemMap(Memory, NumberOfPages)) {
+ return EFI_NOT_FOUND;
+ }
+
IsGuarded = IsHeapGuardEnabled () && IsMemoryGuarded (Memory);
Status = SmmInternalFreePages (Memory, NumberOfPages, IsGuarded);
if (!EFI_ERROR (Status)) {
|