SecurityPkg/Tcg: Correct buffer valid check func

For SMM, the SMM Handlers is to validate the buffer outside MMRAM including the Primary & NonPrimary buffer. For MM, the MM Handlers do not need to validate the Primary buffer if it is passed from MmCore through the MmiHandler() parameter. Return TRUE directly in this case. But need to validate NonPrimary buffer that outside MMRAM. Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Star Zeng <star.zeng@intel.com> Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com> Cc: Wei6 Xu <wei6.xu@intel.com> Cc: Dun Tan <dun.tan@intel.com> Cc: Yuanhao Xie <yuanhao.xie@intel.com>
author: Jiaxin Wu <jiaxin.wu@intel.com> 2024-05-27 13:25:15 +0800
committer: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> 2024-07-07 08:40:03 +0000
commit: d5fad2176cb14283922e07ff1758118d16b17383 (patch)
tree: 664327a1635dfc9465408cf679c1d39b93a05ed1 /SecurityPkg/Tcg
parent: 0986faad973c8d2e98cb8733f9c58d0210f458f4 (diff)
download: edk2-d5fad2176cb14283922e07ff1758118d16b17383.tar.gz
edk2-d5fad2176cb14283922e07ff1758118d16b17383.tar.bz2
edk2-d5fad2176cb14283922e07ff1758118d16b17383.zip
4 files changed, 88 insertions, 13 deletions
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
index c2cef764e0..0c2799b42a 100644
--- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
+++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
@@ -73,16 +73,28 @@ TpmNvsCommunciate (
     return EFI_ACCESS_DENIED;
   }
 
-  if (!IsBufferOutsideMmValid ((UINTN)CommBuffer, TempCommBufferSize)) {
+  CommParams = (TPM_NVS_MM_COMM_BUFFER *)CommBuffer;
+
+  //
+  // The Primary Buffer validation
+  //
+  if (!Tcg2IsPrimaryBufferValid ((UINTN)CommBuffer, TempCommBufferSize)) {
     DEBUG ((DEBUG_ERROR, "[%a] - MM Communication buffer in invalid location!\n", __func__));
     return EFI_ACCESS_DENIED;
   }
 
   //
+  // The NonPrimary Buffer validation
+  //
+  if (!Tcg2IsNonPrimaryBufferValid (CommParams->TargetAddress, EFI_PAGES_TO_SIZE (EFI_SIZE_TO_PAGES (sizeof (TCG_NVS))))) {
+    DEBUG ((DEBUG_ERROR, "[%a] - MM NonPrimary buffer pointed from Communication buffer in invalid location!\n", __func__));
+    return EFI_ACCESS_DENIED;
+  }
+
+  //
   // Farm out the job to individual functions based on what was requested.
   //
-  CommParams = (TPM_NVS_MM_COMM_BUFFER *)CommBuffer;
-  Status     = EFI_SUCCESS;
+  Status = EFI_SUCCESS;
   switch (CommParams->Function) {
     case TpmNvsMmExchangeInfo:
       DEBUG ((DEBUG_VERBOSE, "[%a] - Function requested: MM_EXCHANGE_NVS_INFO\n", __func__));
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h
index 3672db939b..0be4984f87 100644
--- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h
+++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h
@@ -55,16 +55,35 @@ Tcg2NotifyMmReady (
   );
 
 /**
-  This function is an abstraction layer for implementation specific Mm buffer validation routine.
+  This function is for the Primary Buffer validation routine.
+  The Primary Buffer is the communication buffer requested from
+  Communicate protocol/PPI.
 
   @param Buffer  The buffer start address to be checked.
   @param Length  The buffer length to be checked.
 
-  @retval TRUE  This buffer is valid per processor architecture and not overlap with SMRAM.
-  @retval FALSE This buffer is not valid per processor architecture or overlap with SMRAM.
+  @retval TRUE  This buffer is valid.
+  @retval FALSE This buffer is not valid.
 **/
 BOOLEAN
-IsBufferOutsideMmValid (
+Tcg2IsPrimaryBufferValid (
+  IN EFI_PHYSICAL_ADDRESS  Buffer,
+  IN UINT64                Length
+  );
+
+/**
+  This function is for the NonPrimary Buffer validation routine.
+  The NonPrimary Buffer is the buffer which might be pointed from the
+  communication buffer.
+
+  @param Buffer  The buffer start address to be checked.
+  @param Length  The buffer length to be checked.
+
+  @retval TRUE  This buffer is valid.
+  @retval FALSE This buffer is not valid.
+**/
+BOOLEAN
+Tcg2IsNonPrimaryBufferValid (
   IN EFI_PHYSICAL_ADDRESS  Buffer,
   IN UINT64                Length
   );
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c
index 9320053224..0f23662ff8 100644
--- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c
+++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c
@@ -31,16 +31,38 @@ Tcg2NotifyMmReady (
 }
 
 /**
-  This function is an abstraction layer for implementation specific Mm buffer validation routine.
+  This function is for the Primary Buffer validation routine.
+  The Primary Buffer is the communication buffer requested from
+  Communicate protocol/PPI.
 
   @param Buffer  The buffer start address to be checked.
   @param Length  The buffer length to be checked.
 
-  @retval TRUE  This buffer is valid per processor architecture and not overlap with SMRAM.
-  @retval FALSE This buffer is not valid per processor architecture or overlap with SMRAM.
+  @retval TRUE  This buffer is valid.
+  @retval FALSE This buffer is not valid.
 **/
 BOOLEAN
-IsBufferOutsideMmValid (
+Tcg2IsPrimaryBufferValid (
+  IN EFI_PHYSICAL_ADDRESS  Buffer,
+  IN UINT64                Length
+  )
+{
+  return TRUE;
+}
+
+/**
+  This function is for the Secondary Buffer validation routine.
+  The Secondary Buffer is the buffer which is pointed from the
+  communication buffer.
+
+  @param Buffer  The buffer start address to be checked.
+  @param Length  The buffer length to be checked.
+
+  @retval TRUE  This buffer is valid.
+  @retval FALSE This buffer is not valid.
+**/
+BOOLEAN
+Tcg2IsNonPrimaryBufferValid (
   IN EFI_PHYSICAL_ADDRESS  Buffer,
   IN UINT64                Length
   )
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c
index f7d595e7f3..fd8a51bfd0 100644
--- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c
+++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c
@@ -41,7 +41,9 @@ Tcg2NotifyMmReady (
 }
 
 /**
-  This function is an abstraction layer for implementation specific Mm buffer validation routine.
+  This function is for the Primary Buffer validation routine.
+  The Primary Buffer is the communication buffer requested from
+  Communicate protocol/PPI.
 
   @param Buffer  The buffer start address to be checked.
   @param Length  The buffer length to be checked.
@@ -50,7 +52,27 @@ Tcg2NotifyMmReady (
   @retval FALSE This buffer is not valid per processor architecture or overlap with SMRAM.
 **/
 BOOLEAN
-IsBufferOutsideMmValid (
+Tcg2IsPrimaryBufferValid (
+  IN EFI_PHYSICAL_ADDRESS  Buffer,
+  IN UINT64                Length
+  )
+{
+  return SmmIsBufferOutsideSmmValid (Buffer, Length);
+}
+
+/**
+  This function is for the NonPrimary Buffer validation routine.
+  The NonPrimary Buffer is the buffer which is pointed from the
+  communication buffer.
+
+  @param Buffer  The buffer start address to be checked.
+  @param Length  The buffer length to be checked.
+
+  @retval TRUE  This buffer is valid.
+  @retval FALSE This buffer is not valid.
+**/
+BOOLEAN
+Tcg2IsNonPrimaryBufferValid (
   IN EFI_PHYSICAL_ADDRESS  Buffer,
   IN UINT64                Length
   )
author	Jiaxin Wu <jiaxin.wu@intel.com>	2024-05-27 13:25:15 +0800
committer	mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>	2024-07-07 08:40:03 +0000
commit	d5fad2176cb14283922e07ff1758118d16b17383 (patch)
tree	664327a1635dfc9465408cf679c1d39b93a05ed1 /SecurityPkg/Tcg
parent	0986faad973c8d2e98cb8733f9c58d0210f458f4 (diff)
download	edk2-d5fad2176cb14283922e07ff1758118d16b17383.tar.gz edk2-d5fad2176cb14283922e07ff1758118d16b17383.tar.bz2 edk2-d5fad2176cb14283922e07ff1758118d16b17383.zip