/** @file\r
LockBox SMM driver.\r
- \r
+\r
Caution: This module requires additional review when modified.\r
This driver will have external input - communicate buffer in SMM mode.\r
This external input must be validated carefully to avoid security issue like\r
buffer overflow, integer overflow.\r
- \r
+\r
SmmLockBoxHandler(), SmmLockBoxRestore(), SmmLockBoxUpdate(), SmmLockBoxSave()\r
will receive untrusted input and do basic validation.\r
\r
-Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>\r
\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions\r
#include <Library/BaseLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/DebugLib.h>\r
+#include <Library/SmmMemLib.h>\r
#include <Library/LockBoxLib.h>\r
+\r
#include <Protocol/SmmReadyToLock.h>\r
#include <Protocol/SmmCommunication.h>\r
-#include <Protocol/SmmAccess2.h>\r
#include <Protocol/LockBox.h>\r
#include <Guid/SmmLockBox.h>\r
\r
BOOLEAN mLocked = FALSE;\r
\r
-EFI_SMRAM_DESCRIPTOR *mSmramRanges;\r
-UINTN mSmramRangeCount;\r
-\r
-/**\r
- This function check if the address is in SMRAM.\r
-\r
- @param Buffer the buffer address to be checked.\r
- @param Length the buffer length to be checked.\r
-\r
- @retval TRUE this address is in SMRAM.\r
- @retval FALSE this address is NOT in SMRAM.\r
-**/\r
-BOOLEAN\r
-IsAddressInSmram (\r
- IN EFI_PHYSICAL_ADDRESS Buffer,\r
- IN UINT64 Length\r
- )\r
-{\r
- UINTN Index;\r
-\r
- for (Index = 0; Index < mSmramRangeCount; Index ++) {\r
- if (((Buffer >= mSmramRanges[Index].CpuStart) && (Buffer < mSmramRanges[Index].CpuStart + mSmramRanges[Index].PhysicalSize)) ||\r
- ((mSmramRanges[Index].CpuStart >= Buffer) && (mSmramRanges[Index].CpuStart < Buffer + Length))) {\r
- return TRUE;\r
- }\r
- }\r
-\r
- return FALSE;\r
-}\r
-\r
-/**\r
- This function check if the address refered by Buffer and Length is valid.\r
-\r
- @param Buffer the buffer address to be checked.\r
- @param Length the buffer length to be checked.\r
-\r
- @retval TRUE this address is valid.\r
- @retval FALSE this address is NOT valid.\r
-**/\r
-BOOLEAN\r
-IsAddressValid (\r
- IN UINTN Buffer,\r
- IN UINTN Length\r
- )\r
-{\r
- if (Buffer > (MAX_ADDRESS - Length)) {\r
- //\r
- // Overflow happen\r
- //\r
- return FALSE;\r
- }\r
- if (IsAddressInSmram ((EFI_PHYSICAL_ADDRESS)Buffer, (UINT64)Length)) {\r
- return FALSE;\r
- }\r
- return TRUE;\r
-}\r
-\r
/**\r
Dispatch function for SMM lock box save.\r
\r
Restore buffer and length are external input, so this function will validate\r
it is in SMRAM.\r
\r
- @param LockBoxParameterSave parameter of lock box save \r
+ @param LockBoxParameterSave parameter of lock box save\r
**/\r
VOID\r
SmmLockBoxSave (\r
//\r
// Sanity check\r
//\r
- if (!IsAddressValid ((UINTN)TempLockBoxParameterSave.Buffer, (UINTN)TempLockBoxParameterSave.Length)) {\r
+ if (!SmmIsBufferOutsideSmmValid ((UINTN)TempLockBoxParameterSave.Buffer, (UINTN)TempLockBoxParameterSave.Length)) {\r
DEBUG ((EFI_D_ERROR, "SmmLockBox Save address in SMRAM or buffer overflow!\n"));\r
LockBoxParameterSave->Header.ReturnStatus = (UINT64)EFI_ACCESS_DENIED;\r
return ;\r
Restore buffer and length are external input, so this function will validate\r
it is in SMRAM.\r
\r
- @param LockBoxParameterUpdate parameter of lock box update \r
+ @param LockBoxParameterUpdate parameter of lock box update\r
**/\r
VOID\r
SmmLockBoxUpdate (\r
//\r
// Sanity check\r
//\r
- if (!IsAddressValid ((UINTN)TempLockBoxParameterUpdate.Buffer, (UINTN)TempLockBoxParameterUpdate.Length)) {\r
+ if (!SmmIsBufferOutsideSmmValid ((UINTN)TempLockBoxParameterUpdate.Buffer, (UINTN)TempLockBoxParameterUpdate.Length)) {\r
DEBUG ((EFI_D_ERROR, "SmmLockBox Update address in SMRAM or buffer overflow!\n"));\r
LockBoxParameterUpdate->Header.ReturnStatus = (UINT64)EFI_ACCESS_DENIED;\r
return ;\r
Restore buffer and length are external input, so this function will validate\r
it is in SMRAM.\r
\r
- @param LockBoxParameterRestore parameter of lock box restore \r
+ @param LockBoxParameterRestore parameter of lock box restore\r
**/\r
VOID\r
SmmLockBoxRestore (\r
//\r
// Sanity check\r
//\r
- if (!IsAddressValid ((UINTN)TempLockBoxParameterRestore.Buffer, (UINTN)TempLockBoxParameterRestore.Length)) {\r
+ if (!SmmIsBufferOutsideSmmValid ((UINTN)TempLockBoxParameterRestore.Buffer, (UINTN)TempLockBoxParameterRestore.Length)) {\r
DEBUG ((EFI_D_ERROR, "SmmLockBox Restore address in SMRAM or buffer overflow!\n"));\r
LockBoxParameterRestore->Header.ReturnStatus = (UINT64)EFI_ACCESS_DENIED;\r
return ;\r
(VOID *)(UINTN)TempLockBoxParameterRestore.Buffer,\r
(UINTN *)&TempLockBoxParameterRestore.Length\r
);\r
+ if (Status == EFI_BUFFER_TOO_SMALL) {\r
+ LockBoxParameterRestore->Length = TempLockBoxParameterRestore.Length;\r
+ }\r
}\r
LockBoxParameterRestore->Header.ReturnStatus = (UINT64)Status;\r
return ;\r
EFI_SMM_LOCK_BOX_PARAMETER_HEADER *LockBoxParameterHeader;\r
UINTN TempCommBufferSize;\r
\r
- DEBUG ((EFI_D_ERROR, "SmmLockBox SmmLockBoxHandler Enter\n"));\r
+ DEBUG ((DEBUG_INFO, "SmmLockBox SmmLockBoxHandler Enter\n"));\r
\r
//\r
// If input is invalid, stop processing this SMI\r
DEBUG ((EFI_D_ERROR, "SmmLockBox Command Buffer Size invalid!\n"));\r
return EFI_SUCCESS;\r
}\r
- if (!IsAddressValid ((UINTN)CommBuffer, TempCommBufferSize)) {\r
+ if (!SmmIsBufferOutsideSmmValid ((UINTN)CommBuffer, TempCommBufferSize)) {\r
DEBUG ((EFI_D_ERROR, "SmmLockBox Command Buffer in SMRAM or overflow!\n"));\r
return EFI_SUCCESS;\r
}\r
\r
LockBoxParameterHeader->ReturnStatus = (UINT64)-1;\r
\r
- DEBUG ((EFI_D_ERROR, "SmmLockBox LockBoxParameterHeader - %x\n", (UINTN)LockBoxParameterHeader));\r
+ DEBUG ((DEBUG_INFO, "SmmLockBox LockBoxParameterHeader - %x\n", (UINTN)LockBoxParameterHeader));\r
\r
- DEBUG ((EFI_D_ERROR, "SmmLockBox Command - %x\n", (UINTN)LockBoxParameterHeader->Command));\r
+ DEBUG ((DEBUG_INFO, "SmmLockBox Command - %x\n", (UINTN)LockBoxParameterHeader->Command));\r
\r
switch (LockBoxParameterHeader->Command) {\r
case EFI_SMM_LOCK_BOX_COMMAND_SAVE:\r
\r
LockBoxParameterHeader->Command = (UINT32)-1;\r
\r
- DEBUG ((EFI_D_ERROR, "SmmLockBox SmmLockBoxHandler Exit\n"));\r
+ DEBUG ((DEBUG_INFO, "SmmLockBox SmmLockBoxHandler Exit\n"));\r
\r
return EFI_SUCCESS;\r
}\r
Smm Ready To Lock event notification handler.\r
\r
It sets a flag indicating that SMRAM has been locked.\r
- \r
+\r
@param[in] Protocol Points to the protocol's unique identifier.\r
@param[in] Interface Points to the interface instance.\r
@param[in] Handle The handle on which the interface was installed.\r
@param[in] ImageHandle Image handle of this driver.\r
@param[in] SystemTable A Pointer to the EFI System Table.\r
\r
- @retval EFI_SUCEESS \r
+ @retval EFI_SUCEESS\r
@return Others Some error occurs.\r
**/\r
EFI_STATUS\r
EFI_STATUS Status;\r
EFI_HANDLE DispatchHandle;\r
VOID *Registration;\r
- EFI_SMM_ACCESS2_PROTOCOL *SmmAccess;\r
- UINTN Size;\r
-\r
- //\r
- // Get SMRAM information\r
- //\r
- Status = gBS->LocateProtocol (&gEfiSmmAccess2ProtocolGuid, NULL, (VOID **)&SmmAccess);\r
- ASSERT_EFI_ERROR (Status);\r
-\r
- Size = 0;\r
- Status = SmmAccess->GetCapabilities (SmmAccess, &Size, NULL);\r
- ASSERT (Status == EFI_BUFFER_TOO_SMALL);\r
-\r
- Status = gSmst->SmmAllocatePool (\r
- EfiRuntimeServicesData,\r
- Size,\r
- (VOID **)&mSmramRanges\r
- );\r
- ASSERT_EFI_ERROR (Status);\r
-\r
- Status = SmmAccess->GetCapabilities (SmmAccess, &Size, mSmramRanges);\r
- ASSERT_EFI_ERROR (Status);\r
-\r
- mSmramRangeCount = Size / sizeof (EFI_SMRAM_DESCRIPTOR);\r
\r
//\r
// Register LockBox communication handler\r