]>
Commit | Line | Data |
---|---|---|
d425764e JY |
1 | /** @file\r |
2 | Instance of SMM memory check library.\r | |
3 | \r | |
4 | SMM memory check library library implementation. This library consumes SMM_ACCESS2_PROTOCOL\r | |
5 | to get SMRAM information. In order to use this library instance, the platform should produce\r | |
6 | all SMRAM range via SMM_ACCESS2_PROTOCOL, including the range for firmware (like SMM Core\r | |
7 | and SMM driver) and/or specific dedicated hardware.\r | |
8 | \r | |
9 | Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>\r | |
10 | This program and the accompanying materials\r | |
11 | are licensed and made available under the terms and conditions of the BSD License\r | |
12 | which accompanies this distribution. The full text of the license may be found at\r | |
13 | http://opensource.org/licenses/bsd-license.php\r | |
14 | \r | |
15 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
16 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
17 | \r | |
18 | **/\r | |
19 | \r | |
20 | \r | |
21 | #include <PiSmm.h>\r | |
22 | \r | |
23 | #include <Library/BaseLib.h>\r | |
24 | #include <Library/BaseMemoryLib.h>\r | |
25 | #include <Library/DebugLib.h>\r | |
26 | #include <Library/MemoryAllocationLib.h>\r | |
27 | #include <Library/UefiBootServicesTableLib.h>\r | |
28 | #include <Library/SmmServicesTableLib.h>\r | |
29 | #include <Library/HobLib.h>\r | |
30 | #include <Protocol/SmmAccess2.h>\r | |
31 | \r | |
32 | EFI_SMRAM_DESCRIPTOR *mSmmMemLibInternalSmramRanges;\r | |
33 | UINTN mSmmMemLibInternalSmramCount;\r | |
34 | \r | |
35 | //\r | |
36 | // Maximum support address used to check input buffer\r | |
37 | //\r | |
38 | EFI_PHYSICAL_ADDRESS mSmmMemLibInternalMaximumSupportAddress = 0;\r | |
39 | \r | |
40 | /**\r | |
2a93f2c3 | 41 | Calculate and save the maximum support address.\r |
d425764e JY |
42 | \r |
43 | **/\r | |
44 | VOID\r | |
2a93f2c3 | 45 | SmmMemLibInternalCalculateMaximumSupportAddress (\r |
d425764e JY |
46 | VOID\r |
47 | )\r | |
48 | {\r | |
49 | VOID *Hob;\r | |
50 | UINT32 RegEax;\r | |
51 | UINT8 PhysicalAddressBits;\r | |
52 | \r | |
53 | //\r | |
54 | // Get physical address bits supported.\r | |
55 | //\r | |
56 | Hob = GetFirstHob (EFI_HOB_TYPE_CPU);\r | |
57 | if (Hob != NULL) {\r | |
58 | PhysicalAddressBits = ((EFI_HOB_CPU *) Hob)->SizeOfMemorySpace;\r | |
59 | } else {\r | |
60 | AsmCpuid (0x80000000, &RegEax, NULL, NULL, NULL);\r | |
61 | if (RegEax >= 0x80000008) {\r | |
62 | AsmCpuid (0x80000008, &RegEax, NULL, NULL, NULL);\r | |
63 | PhysicalAddressBits = (UINT8) RegEax;\r | |
64 | } else {\r | |
65 | PhysicalAddressBits = 36;\r | |
66 | }\r | |
67 | }\r | |
68 | //\r | |
69 | // IA-32e paging translates 48-bit linear addresses to 52-bit physical addresses.\r | |
70 | //\r | |
71 | ASSERT (PhysicalAddressBits <= 52);\r | |
72 | if (PhysicalAddressBits > 48) {\r | |
73 | PhysicalAddressBits = 48;\r | |
74 | }\r | |
75 | \r | |
76 | //\r | |
77 | // Save the maximum support address in one global variable \r | |
78 | //\r | |
79 | mSmmMemLibInternalMaximumSupportAddress = (EFI_PHYSICAL_ADDRESS)(UINTN)(LShiftU64 (1, PhysicalAddressBits) - 1);\r | |
80 | DEBUG ((EFI_D_INFO, "mSmmMemLibInternalMaximumSupportAddress = 0x%lx\n", mSmmMemLibInternalMaximumSupportAddress));\r | |
81 | }\r | |
82 | \r | |
83 | /**\r | |
84 | This function check if the buffer is valid per processor architecture and not overlap with SMRAM.\r | |
85 | \r | |
86 | @param Buffer The buffer start address to be checked.\r | |
87 | @param Length The buffer length to be checked.\r | |
88 | \r | |
89 | @retval TRUE This buffer is valid per processor architecture and not overlap with SMRAM.\r | |
90 | @retval FALSE This buffer is not valid per processor architecture or overlap with SMRAM.\r | |
91 | **/\r | |
92 | BOOLEAN\r | |
93 | EFIAPI\r | |
94 | SmmIsBufferOutsideSmmValid (\r | |
95 | IN EFI_PHYSICAL_ADDRESS Buffer,\r | |
96 | IN UINT64 Length\r | |
97 | )\r | |
98 | {\r | |
99 | UINTN Index;\r | |
100 | \r | |
101 | //\r | |
102 | // Check override.\r | |
103 | // NOTE: (B:0->L:4G) is invalid for IA32, but (B:1->L:4G-1)/(B:4G-1->L:1) is valid.\r | |
104 | //\r | |
105 | if ((Length > mSmmMemLibInternalMaximumSupportAddress) ||\r | |
106 | (Buffer > mSmmMemLibInternalMaximumSupportAddress) ||\r | |
107 | ((Length != 0) && (Buffer > (mSmmMemLibInternalMaximumSupportAddress - (Length - 1)))) ) {\r | |
108 | //\r | |
109 | // Overflow happen\r | |
110 | //\r | |
111 | DEBUG ((\r | |
112 | EFI_D_ERROR,\r | |
113 | "SmmIsBufferOutsideSmmValid: Overflow: Buffer (0x%lx) - Length (0x%lx), MaximumSupportAddress (0x%lx)\n",\r | |
114 | Buffer,\r | |
115 | Length,\r | |
116 | mSmmMemLibInternalMaximumSupportAddress\r | |
117 | ));\r | |
118 | return FALSE;\r | |
119 | }\r | |
120 | \r | |
121 | for (Index = 0; Index < mSmmMemLibInternalSmramCount; Index ++) {\r | |
122 | if (((Buffer >= mSmmMemLibInternalSmramRanges[Index].CpuStart) && (Buffer < mSmmMemLibInternalSmramRanges[Index].CpuStart + mSmmMemLibInternalSmramRanges[Index].PhysicalSize)) ||\r | |
123 | ((mSmmMemLibInternalSmramRanges[Index].CpuStart >= Buffer) && (mSmmMemLibInternalSmramRanges[Index].CpuStart < Buffer + Length))) {\r | |
124 | DEBUG ((\r | |
125 | EFI_D_ERROR,\r | |
126 | "SmmIsBufferOutsideSmmValid: Overlap: Buffer (0x%lx) - Length (0x%lx), ",\r | |
127 | Buffer,\r | |
128 | Length\r | |
129 | ));\r | |
130 | DEBUG ((\r | |
131 | EFI_D_ERROR,\r | |
132 | "CpuStart (0x%lx) - PhysicalSize (0x%lx)\n",\r | |
133 | mSmmMemLibInternalSmramRanges[Index].CpuStart,\r | |
134 | mSmmMemLibInternalSmramRanges[Index].PhysicalSize\r | |
135 | ));\r | |
136 | return FALSE;\r | |
137 | }\r | |
138 | }\r | |
139 | \r | |
140 | return TRUE;\r | |
141 | }\r | |
142 | \r | |
143 | /**\r | |
144 | Copies a source buffer (non-SMRAM) to a destination buffer (SMRAM).\r | |
145 | \r | |
146 | This function copies a source buffer (non-SMRAM) to a destination buffer (SMRAM).\r | |
147 | It checks if source buffer is valid per processor architecture and not overlap with SMRAM.\r | |
148 | If the check passes, it copies memory and returns EFI_SUCCESS.\r | |
149 | If the check fails, it return EFI_SECURITY_VIOLATION.\r | |
150 | The implementation must be reentrant.\r | |
151 | \r | |
152 | @param DestinationBuffer The pointer to the destination buffer of the memory copy.\r | |
153 | @param SourceBuffer The pointer to the source buffer of the memory copy.\r | |
154 | @param Length The number of bytes to copy from SourceBuffer to DestinationBuffer.\r | |
155 | \r | |
156 | @retval EFI_SECURITY_VIOLATION The SourceBuffer is invalid per processor architecture or overlap with SMRAM.\r | |
157 | @retval EFI_SUCCESS Memory is copied.\r | |
158 | \r | |
159 | **/\r | |
160 | EFI_STATUS\r | |
161 | EFIAPI\r | |
162 | SmmCopyMemToSmram (\r | |
163 | OUT VOID *DestinationBuffer,\r | |
164 | IN CONST VOID *SourceBuffer,\r | |
165 | IN UINTN Length\r | |
166 | )\r | |
167 | {\r | |
168 | if (!SmmIsBufferOutsideSmmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)SourceBuffer, Length)) {\r | |
169 | DEBUG ((EFI_D_ERROR, "SmmCopyMemToSmram: Security Violation: Source (0x%x), Length (0x%x)\n", SourceBuffer, Length));\r | |
170 | return EFI_SECURITY_VIOLATION;\r | |
171 | }\r | |
172 | CopyMem (DestinationBuffer, SourceBuffer, Length);\r | |
173 | return EFI_SUCCESS;\r | |
174 | }\r | |
175 | \r | |
176 | /**\r | |
177 | Copies a source buffer (SMRAM) to a destination buffer (NON-SMRAM).\r | |
178 | \r | |
179 | This function copies a source buffer (non-SMRAM) to a destination buffer (SMRAM).\r | |
180 | It checks if destination buffer is valid per processor architecture and not overlap with SMRAM.\r | |
181 | If the check passes, it copies memory and returns EFI_SUCCESS.\r | |
182 | If the check fails, it returns EFI_SECURITY_VIOLATION.\r | |
183 | The implementation must be reentrant.\r | |
184 | \r | |
185 | @param DestinationBuffer The pointer to the destination buffer of the memory copy.\r | |
186 | @param SourceBuffer The pointer to the source buffer of the memory copy.\r | |
187 | @param Length The number of bytes to copy from SourceBuffer to DestinationBuffer.\r | |
188 | \r | |
189 | @retval EFI_SECURITY_VIOLATION The DesinationBuffer is invalid per processor architecture or overlap with SMRAM.\r | |
190 | @retval EFI_SUCCESS Memory is copied.\r | |
191 | \r | |
192 | **/\r | |
193 | EFI_STATUS\r | |
194 | EFIAPI\r | |
195 | SmmCopyMemFromSmram (\r | |
196 | OUT VOID *DestinationBuffer,\r | |
197 | IN CONST VOID *SourceBuffer,\r | |
198 | IN UINTN Length\r | |
199 | )\r | |
200 | {\r | |
201 | if (!SmmIsBufferOutsideSmmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)DestinationBuffer, Length)) {\r | |
202 | DEBUG ((EFI_D_ERROR, "SmmCopyMemFromSmram: Security Violation: Destination (0x%x), Length (0x%x)\n", DestinationBuffer, Length));\r | |
203 | return EFI_SECURITY_VIOLATION;\r | |
204 | }\r | |
205 | CopyMem (DestinationBuffer, SourceBuffer, Length);\r | |
206 | return EFI_SUCCESS;\r | |
207 | }\r | |
208 | \r | |
209 | /**\r | |
210 | Copies a source buffer (NON-SMRAM) to a destination buffer (NON-SMRAM).\r | |
211 | \r | |
212 | This function copies a source buffer (non-SMRAM) to a destination buffer (SMRAM).\r | |
213 | It checks if source buffer and destination buffer are valid per processor architecture and not overlap with SMRAM.\r | |
214 | If the check passes, it copies memory and returns EFI_SUCCESS.\r | |
215 | If the check fails, it returns EFI_SECURITY_VIOLATION.\r | |
216 | The implementation must be reentrant, and it must handle the case where source buffer overlaps destination buffer.\r | |
217 | \r | |
218 | @param DestinationBuffer The pointer to the destination buffer of the memory copy.\r | |
219 | @param SourceBuffer The pointer to the source buffer of the memory copy.\r | |
220 | @param Length The number of bytes to copy from SourceBuffer to DestinationBuffer.\r | |
221 | \r | |
222 | @retval EFI_SECURITY_VIOLATION The DesinationBuffer is invalid per processor architecture or overlap with SMRAM.\r | |
223 | @retval EFI_SECURITY_VIOLATION The SourceBuffer is invalid per processor architecture or overlap with SMRAM.\r | |
224 | @retval EFI_SUCCESS Memory is copied.\r | |
225 | \r | |
226 | **/\r | |
227 | EFI_STATUS\r | |
228 | EFIAPI\r | |
229 | SmmCopyMem (\r | |
230 | OUT VOID *DestinationBuffer,\r | |
231 | IN CONST VOID *SourceBuffer,\r | |
232 | IN UINTN Length\r | |
233 | )\r | |
234 | {\r | |
235 | if (!SmmIsBufferOutsideSmmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)DestinationBuffer, Length)) {\r | |
236 | DEBUG ((EFI_D_ERROR, "SmmCopyMem: Security Violation: Destination (0x%x), Length (0x%x)\n", DestinationBuffer, Length));\r | |
237 | return EFI_SECURITY_VIOLATION;\r | |
238 | }\r | |
239 | if (!SmmIsBufferOutsideSmmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)SourceBuffer, Length)) {\r | |
240 | DEBUG ((EFI_D_ERROR, "SmmCopyMem: Security Violation: Source (0x%x), Length (0x%x)\n", SourceBuffer, Length));\r | |
241 | return EFI_SECURITY_VIOLATION;\r | |
242 | }\r | |
243 | CopyMem (DestinationBuffer, SourceBuffer, Length);\r | |
244 | return EFI_SUCCESS;\r | |
245 | }\r | |
246 | \r | |
247 | /**\r | |
248 | Fills a target buffer (NON-SMRAM) with a byte value.\r | |
249 | \r | |
250 | This function fills a target buffer (non-SMRAM) with a byte value.\r | |
251 | It checks if target buffer is valid per processor architecture and not overlap with SMRAM.\r | |
252 | If the check passes, it fills memory and returns EFI_SUCCESS.\r | |
253 | If the check fails, it returns EFI_SECURITY_VIOLATION.\r | |
254 | \r | |
255 | @param Buffer The memory to set.\r | |
256 | @param Length The number of bytes to set.\r | |
257 | @param Value The value with which to fill Length bytes of Buffer.\r | |
258 | \r | |
259 | @retval EFI_SECURITY_VIOLATION The Buffer is invalid per processor architecture or overlap with SMRAM.\r | |
260 | @retval EFI_SUCCESS Memory is set.\r | |
261 | \r | |
262 | **/\r | |
263 | EFI_STATUS\r | |
264 | EFIAPI\r | |
265 | SmmSetMem (\r | |
266 | OUT VOID *Buffer,\r | |
267 | IN UINTN Length,\r | |
268 | IN UINT8 Value\r | |
269 | )\r | |
270 | {\r | |
271 | if (!SmmIsBufferOutsideSmmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)Buffer, Length)) {\r | |
272 | DEBUG ((EFI_D_ERROR, "SmmSetMem: Security Violation: Source (0x%x), Length (0x%x)\n", Buffer, Length));\r | |
273 | return EFI_SECURITY_VIOLATION;\r | |
274 | }\r | |
275 | SetMem (Buffer, Length, Value);\r | |
276 | return EFI_SUCCESS;\r | |
277 | }\r | |
278 | \r | |
279 | /**\r | |
280 | The constructor function initializes the Smm Mem library\r | |
281 | \r | |
282 | @param ImageHandle The firmware allocated handle for the EFI image.\r | |
283 | @param SystemTable A pointer to the EFI System Table.\r | |
284 | \r | |
285 | @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS.\r | |
286 | \r | |
287 | **/\r | |
288 | EFI_STATUS\r | |
289 | EFIAPI\r | |
290 | SmmMemLibConstructor (\r | |
291 | IN EFI_HANDLE ImageHandle,\r | |
292 | IN EFI_SYSTEM_TABLE *SystemTable\r | |
293 | )\r | |
294 | {\r | |
295 | EFI_STATUS Status;\r | |
296 | EFI_SMM_ACCESS2_PROTOCOL *SmmAccess;\r | |
297 | UINTN Size;\r | |
298 | \r | |
299 | //\r | |
300 | // Get SMRAM information\r | |
301 | //\r | |
302 | Status = gBS->LocateProtocol (&gEfiSmmAccess2ProtocolGuid, NULL, (VOID **)&SmmAccess);\r | |
303 | ASSERT_EFI_ERROR (Status);\r | |
304 | \r | |
305 | Size = 0;\r | |
306 | Status = SmmAccess->GetCapabilities (SmmAccess, &Size, NULL);\r | |
307 | ASSERT (Status == EFI_BUFFER_TOO_SMALL);\r | |
308 | \r | |
309 | mSmmMemLibInternalSmramRanges = AllocatePool (Size);\r | |
310 | ASSERT (mSmmMemLibInternalSmramRanges != NULL);\r | |
311 | \r | |
312 | Status = SmmAccess->GetCapabilities (SmmAccess, &Size, mSmmMemLibInternalSmramRanges);\r | |
313 | ASSERT_EFI_ERROR (Status);\r | |
314 | \r | |
315 | mSmmMemLibInternalSmramCount = Size / sizeof (EFI_SMRAM_DESCRIPTOR);\r | |
316 | \r | |
317 | //\r | |
2a93f2c3 | 318 | // Calculate and save maximum support address\r |
d425764e | 319 | //\r |
2a93f2c3 | 320 | SmmMemLibInternalCalculateMaximumSupportAddress ();\r |
d425764e JY |
321 | \r |
322 | return EFI_SUCCESS;\r | |
323 | }\r | |
324 | \r | |
325 | /**\r | |
326 | The destructor function frees resource used in the Smm Mem library\r | |
327 | \r | |
328 | @param[in] ImageHandle The firmware allocated handle for the EFI image.\r | |
329 | @param[in] SystemTable A pointer to the EFI System Table.\r | |
330 | \r | |
331 | @retval EFI_SUCCESS The deconstructor always returns EFI_SUCCESS.\r | |
332 | **/\r | |
333 | EFI_STATUS\r | |
334 | EFIAPI\r | |
335 | SmmMemLibDestructor (\r | |
336 | IN EFI_HANDLE ImageHandle,\r | |
337 | IN EFI_SYSTEM_TABLE *SystemTable\r | |
338 | )\r | |
339 | {\r | |
340 | FreePool (mSmmMemLibInternalSmramRanges);\r | |
341 | \r | |
342 | return EFI_SUCCESS;\r | |
343 | }\r |