2 Instance of MM memory check library.
4 MM memory check library library implementation. This library consumes MM_ACCESS_PROTOCOL
5 to get MMRAM information. In order to use this library instance, the platform should produce
6 all MMRAM range via MM_ACCESS_PROTOCOL, including the range for firmware (like MM Core
7 and MM driver) and/or specific dedicated hardware.
9 Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
10 Copyright (c) 2016 - 2021, Arm Limited. All rights reserved.<BR>
12 SPDX-License-Identifier: BSD-2-Clause-Patent
19 #include <Library/BaseLib.h>
20 #include <Library/BaseMemoryLib.h>
21 #include <Library/DebugLib.h>
23 EFI_MMRAM_DESCRIPTOR
*mMmMemLibInternalMmramRanges
;
24 UINTN mMmMemLibInternalMmramCount
;
27 // Maximum support address used to check input buffer
29 EFI_PHYSICAL_ADDRESS mMmMemLibInternalMaximumSupportAddress
= 0;
32 Calculate and save the maximum support address.
36 MmMemLibInternalCalculateMaximumSupportAddress (
41 This function check if the buffer is valid per processor architecture and not overlap with MMRAM.
43 @param Buffer The buffer start address to be checked.
44 @param Length The buffer length to be checked.
46 @retval TRUE This buffer is valid per processor architecture and not overlap with MMRAM.
47 @retval FALSE This buffer is not valid per processor architecture or overlap with MMRAM.
51 MmIsBufferOutsideMmValid (
52 IN EFI_PHYSICAL_ADDRESS Buffer
,
60 // NOTE: (B:0->L:4G) is invalid for IA32, but (B:1->L:4G-1)/(B:4G-1->L:1) is valid.
62 if ((Length
> mMmMemLibInternalMaximumSupportAddress
) ||
63 (Buffer
> mMmMemLibInternalMaximumSupportAddress
) ||
64 ((Length
!= 0) && (Buffer
> (mMmMemLibInternalMaximumSupportAddress
- (Length
- 1)))) ) {
70 "MmIsBufferOutsideMmValid: Overflow: Buffer (0x%lx) - Length (0x%lx), MaximumSupportAddress (0x%lx)\n",
73 mMmMemLibInternalMaximumSupportAddress
78 for (Index
= 0; Index
< mMmMemLibInternalMmramCount
; Index
++) {
79 if (((Buffer
>= mMmMemLibInternalMmramRanges
[Index
].CpuStart
) &&
80 (Buffer
< mMmMemLibInternalMmramRanges
[Index
].CpuStart
+ mMmMemLibInternalMmramRanges
[Index
].PhysicalSize
)) ||
81 ((mMmMemLibInternalMmramRanges
[Index
].CpuStart
>= Buffer
) &&
82 (mMmMemLibInternalMmramRanges
[Index
].CpuStart
< Buffer
+ Length
))) {
85 "MmIsBufferOutsideMmValid: Overlap: Buffer (0x%lx) - Length (0x%lx), ",
91 "CpuStart (0x%lx) - PhysicalSize (0x%lx)\n",
92 mMmMemLibInternalMmramRanges
[Index
].CpuStart
,
93 mMmMemLibInternalMmramRanges
[Index
].PhysicalSize
103 Copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).
105 This function copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).
106 It checks if source buffer is valid per processor architecture and not overlap with MMRAM.
107 If the check passes, it copies memory and returns EFI_SUCCESS.
108 If the check fails, it return EFI_SECURITY_VIOLATION.
109 The implementation must be reentrant.
111 @param DestinationBuffer The pointer to the destination buffer of the memory copy.
112 @param SourceBuffer The pointer to the source buffer of the memory copy.
113 @param Length The number of bytes to copy from SourceBuffer to DestinationBuffer.
115 @retval EFI_SECURITY_VIOLATION The SourceBuffer is invalid per processor architecture or overlap with MMRAM.
116 @retval EFI_SUCCESS Memory is copied.
122 OUT VOID
*DestinationBuffer
,
123 IN CONST VOID
*SourceBuffer
,
127 if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS
)(UINTN
)SourceBuffer
, Length
)) {
128 DEBUG ((DEBUG_ERROR
, "MmCopyMemToMmram: Security Violation: Source (0x%x), Length (0x%x)\n", SourceBuffer
, Length
));
129 return EFI_SECURITY_VIOLATION
;
131 CopyMem (DestinationBuffer
, SourceBuffer
, Length
);
136 Copies a source buffer (MMRAM) to a destination buffer (NON-MMRAM).
138 This function copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).
139 It checks if destination buffer is valid per processor architecture and not overlap with MMRAM.
140 If the check passes, it copies memory and returns EFI_SUCCESS.
141 If the check fails, it returns EFI_SECURITY_VIOLATION.
142 The implementation must be reentrant.
144 @param DestinationBuffer The pointer to the destination buffer of the memory copy.
145 @param SourceBuffer The pointer to the source buffer of the memory copy.
146 @param Length The number of bytes to copy from SourceBuffer to DestinationBuffer.
148 @retval EFI_SECURITY_VIOLATION The DestinationBuffer is invalid per processor architecture or overlap with MMRAM.
149 @retval EFI_SUCCESS Memory is copied.
155 OUT VOID
*DestinationBuffer
,
156 IN CONST VOID
*SourceBuffer
,
160 if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS
)(UINTN
)DestinationBuffer
, Length
)) {
161 DEBUG ((DEBUG_ERROR
, "MmCopyMemFromMmram: Security Violation: Destination (0x%x), Length (0x%x)\n",
162 DestinationBuffer
, Length
));
163 return EFI_SECURITY_VIOLATION
;
165 CopyMem (DestinationBuffer
, SourceBuffer
, Length
);
170 Copies a source buffer (NON-MMRAM) to a destination buffer (NON-MMRAM).
172 This function copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).
173 It checks if source buffer and destination buffer are valid per processor architecture and not overlap with MMRAM.
174 If the check passes, it copies memory and returns EFI_SUCCESS.
175 If the check fails, it returns EFI_SECURITY_VIOLATION.
176 The implementation must be reentrant, and it must handle the case where source buffer overlaps destination buffer.
178 @param DestinationBuffer The pointer to the destination buffer of the memory copy.
179 @param SourceBuffer The pointer to the source buffer of the memory copy.
180 @param Length The number of bytes to copy from SourceBuffer to DestinationBuffer.
182 @retval EFI_SECURITY_VIOLATION The DestinationBuffer is invalid per processor architecture or overlap with MMRAM.
183 @retval EFI_SECURITY_VIOLATION The SourceBuffer is invalid per processor architecture or overlap with MMRAM.
184 @retval EFI_SUCCESS Memory is copied.
190 OUT VOID
*DestinationBuffer
,
191 IN CONST VOID
*SourceBuffer
,
195 if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS
)(UINTN
)DestinationBuffer
, Length
)) {
196 DEBUG ((DEBUG_ERROR
, "MmCopyMem: Security Violation: Destination (0x%x), Length (0x%x)\n",
197 DestinationBuffer
, Length
));
198 return EFI_SECURITY_VIOLATION
;
200 if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS
)(UINTN
)SourceBuffer
, Length
)) {
201 DEBUG ((DEBUG_ERROR
, "MmCopyMem: Security Violation: Source (0x%x), Length (0x%x)\n", SourceBuffer
, Length
));
202 return EFI_SECURITY_VIOLATION
;
204 CopyMem (DestinationBuffer
, SourceBuffer
, Length
);
209 Fills a target buffer (NON-MMRAM) with a byte value.
211 This function fills a target buffer (non-MMRAM) with a byte value.
212 It checks if target buffer is valid per processor architecture and not overlap with MMRAM.
213 If the check passes, it fills memory and returns EFI_SUCCESS.
214 If the check fails, it returns EFI_SECURITY_VIOLATION.
216 @param Buffer The memory to set.
217 @param Length The number of bytes to set.
218 @param Value The value with which to fill Length bytes of Buffer.
220 @retval EFI_SECURITY_VIOLATION The Buffer is invalid per processor architecture or overlap with MMRAM.
221 @retval EFI_SUCCESS Memory is set.
232 if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS
)(UINTN
)Buffer
, Length
)) {
233 DEBUG ((DEBUG_ERROR
, "MmSetMem: Security Violation: Source (0x%x), Length (0x%x)\n", Buffer
, Length
));
234 return EFI_SECURITY_VIOLATION
;
236 SetMem (Buffer
, Length
, Value
);
241 The constructor function initializes the Mm Mem library
243 @param ImageHandle The firmware allocated handle for the EFI image.
244 @param SystemTable A pointer to the EFI System Table.
246 @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS.
252 IN EFI_HANDLE ImageHandle
,
253 IN EFI_MM_SYSTEM_TABLE
*MmSystemTable
258 // Calculate and save maximum support address
260 MmMemLibInternalCalculateMaximumSupportAddress ();