1 files changed, 12 insertions, 7 deletions

diff --git a/ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.c b/ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.c
index 0283be430d..2f89b7c5b6 100644
--- a/ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.c
+++ b/ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.c
@@ -44,13 +44,18 @@ STATIC EFI_HANDLE  mMmCommunicateHandle;
   @param[in] This                     The EFI_MM_COMMUNICATION_PROTOCOL instance.

   @param[in, out] CommBufferPhysical  Physical address of the MM communication buffer

   @param[in, out] CommBufferVirtual   Virtual address of the MM communication buffer

-  @param[in, out] CommSize            The size of the data buffer being passed in. On exit, the

-                                      size of data being returned. Zero if the handler does not

+  @param[in, out] CommSize            The size of the data buffer being passed in. On input,

+                                      when not omitted, the buffer should cover EFI_MM_COMMUNICATE_HEADER

+                                      and the value of MessageLength field. On exit, the size

+                                      of data being returned. Zero if the handler does not

                                       wish to reply with any data. This parameter is optional

                                       and may be NULL.

 

   @retval EFI_SUCCESS            The message was successfully posted.

-  @retval EFI_INVALID_PARAMETER  CommBufferPhysical was NULL or CommBufferVirtual was NULL.

+  @retval EFI_INVALID_PARAMETER  CommBufferPhysical or CommBufferVirtual was NULL, or

+                                 integer value pointed by CommSize does not cover

+                                 EFI_MM_COMMUNICATE_HEADER and the value of MessageLength

+                                 field.

   @retval EFI_BAD_BUFFER_SIZE    The buffer is too large for the MM implementation.

                                  If this error is returned, the MessageLength field

                                  in the CommBuffer header or the integer pointed by

@@ -96,8 +101,8 @@ MmCommunication2Communicate (
                sizeof (CommunicateHeader->HeaderGuid) +

                sizeof (CommunicateHeader->MessageLength);

 

-  // If the length of the CommBuffer is 0 then return the expected length.

-  if (CommSize != 0) {

+  // If CommSize is not omitted, perform size inspection before proceeding.

+  if (CommSize != NULL) {

     // This case can be used by the consumer of this driver to find out the

     // max size that can be used for allocating CommBuffer.

     if ((*CommSize == 0) ||

@@ -108,9 +113,9 @@ MmCommunication2Communicate (
     }

 

     //

-    // CommSize must match MessageLength + sizeof (EFI_MM_COMMUNICATE_HEADER);

+    // CommSize should cover at least MessageLength + sizeof (EFI_MM_COMMUNICATE_HEADER);

     //

-    if (*CommSize != BufferSize) {

+    if (*CommSize < BufferSize) {

       return EFI_INVALID_PARAMETER;

     }

   }