VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),\r
SmmVariableGetStatistics() should also do validation based on its own knowledge.\r
\r
-Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
#include <Library/SmmMemLib.h>\r
\r
#include <Guid/SmmVariableCommon.h>\r
-#include <Guid/ZeroGuid.h>\r
#include "Variable.h"\r
\r
extern VARIABLE_INFO_ENTRY *gVariableInfo;\r
UINT8 *mVariableBufferPayload = NULL;\r
UINTN mVariableBufferPayloadSize;\r
extern BOOLEAN mEndOfDxe;\r
-extern BOOLEAN mEnableLocking;\r
+extern VAR_CHECK_REQUEST_SOURCE mRequestSource;\r
\r
/**\r
SecureBoot Hook for SetVariable.\r
//\r
// Disable write protection when the calling SetVariable() through EFI_SMM_VARIABLE_PROTOCOL.\r
//\r
- mEnableLocking = FALSE;\r
+ mRequestSource = VarCheckFromTrusted;\r
Status = VariableServiceSetVariable (\r
VariableName,\r
VendorGuid,\r
DataSize,\r
Data\r
);\r
- mEnableLocking = TRUE;\r
+ mRequestSource = VarCheckFromUntrusted;\r
return Status;\r
}\r
\r
}\r
\r
/**\r
- Retrive the SMM Fault Tolerent Write protocol interface.\r
+ Retrieve the SMM Fault Tolerent Write protocol interface.\r
\r
@param[out] FtwProtocol The interface of SMM Ftw protocol\r
\r
\r
\r
/**\r
- Retrive the SMM FVB protocol interface by HANDLE.\r
+ Retrieve the SMM FVB protocol interface by HANDLE.\r
\r
@param[in] FvBlockHandle The handle of SMM FVB protocol that provides services for\r
reading, writing, and erasing the target block.\r
)\r
{\r
VARIABLE_INFO_ENTRY *VariableInfo;\r
- UINTN NameLength;\r
+ UINTN NameSize;\r
UINTN StatisticsInfoSize;\r
CHAR16 *InfoName;\r
+ UINTN InfoNameMaxSize;\r
EFI_GUID VendorGuid;\r
\r
if (InfoEntry == NULL) {\r
return EFI_UNSUPPORTED;\r
}\r
\r
- StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + StrSize (VariableInfo->Name);\r
+ StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY);\r
if (*InfoSize < StatisticsInfoSize) {\r
*InfoSize = StatisticsInfoSize;\r
return EFI_BUFFER_TOO_SMALL;\r
}\r
InfoName = (CHAR16 *)(InfoEntry + 1);\r
+ InfoNameMaxSize = (*InfoSize - sizeof (VARIABLE_INFO_ENTRY));\r
\r
CopyGuid (&VendorGuid, &InfoEntry->VendorGuid);\r
\r
- if (CompareGuid (&VendorGuid, &gZeroGuid)) {\r
+ if (IsZeroGuid (&VendorGuid)) {\r
//\r
// Return the first variable info\r
//\r
+ NameSize = StrSize (VariableInfo->Name);\r
+ StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + NameSize;\r
+ if (*InfoSize < StatisticsInfoSize) {\r
+ *InfoSize = StatisticsInfoSize;\r
+ return EFI_BUFFER_TOO_SMALL;\r
+ }\r
CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY));\r
- CopyMem (InfoName, VariableInfo->Name, StrSize (VariableInfo->Name));\r
+ CopyMem (InfoName, VariableInfo->Name, NameSize);\r
*InfoSize = StatisticsInfoSize;\r
return EFI_SUCCESS;\r
}\r
//\r
while (VariableInfo != NULL) {\r
if (CompareGuid (&VariableInfo->VendorGuid, &VendorGuid)) {\r
- NameLength = StrSize (VariableInfo->Name);\r
- if (NameLength == StrSize (InfoName)) {\r
- if (CompareMem (VariableInfo->Name, InfoName, NameLength) == 0) {\r
+ NameSize = StrSize (VariableInfo->Name);\r
+ if (NameSize <= InfoNameMaxSize) {\r
+ if (CompareMem (VariableInfo->Name, InfoName, NameSize) == 0) {\r
//\r
// Find the match one\r
//\r
//\r
// Output the new variable info\r
//\r
- StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + StrSize (VariableInfo->Name);\r
+ NameSize = StrSize (VariableInfo->Name);\r
+ StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + NameSize;\r
if (*InfoSize < StatisticsInfoSize) {\r
*InfoSize = StatisticsInfoSize;\r
return EFI_BUFFER_TOO_SMALL;\r
}\r
\r
CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY));\r
- CopyMem (InfoName, VariableInfo->Name, StrSize (VariableInfo->Name));\r
+ CopyMem (InfoName, VariableInfo->Name, NameSize);\r
*InfoSize = StatisticsInfoSize;\r
\r
return EFI_SUCCESS;\r
break;\r
\r
case SMM_VARIABLE_FUNCTION_READY_TO_BOOT:\r
- mEndOfDxe = TRUE;\r
- //\r
- // The initialization for variable quota.\r
- //\r
- InitializeVariableQuota ();\r
if (AtRuntime()) {\r
Status = EFI_UNSUPPORTED;\r
break;\r
}\r
+ if (!mEndOfDxe) {\r
+ MorLockInitAtEndOfDxe ();\r
+ mEndOfDxe = TRUE;\r
+ VarCheckLibInitializeAtEndOfDxe (NULL);\r
+ //\r
+ // The initialization for variable quota.\r
+ //\r
+ InitializeVariableQuota ();\r
+ }\r
ReclaimForOS ();\r
Status = EFI_SUCCESS;\r
break;\r
// It is covered by previous CommBuffer check\r
//\r
\r
- if (!SmmIsBufferOutsideSmmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)CommBufferSize, sizeof(UINTN))) {\r
- DEBUG ((EFI_D_ERROR, "GetStatistics: SMM communication buffer in SMRAM!\n"));\r
- Status = EFI_ACCESS_DENIED;\r
- goto EXIT;\r
- }\r
+ //\r
+ // Do not need to check CommBufferSize buffer as it should point to SMRAM\r
+ // that was used by SMM core to cache CommSize from SmmCommunication protocol.\r
+ //\r
\r
Status = SmmVariableGetStatistics (VariableInfo, &InfoSize);\r
*CommBufferSize = InfoSize + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;\r
IN EFI_HANDLE Handle\r
)\r
{\r
- DEBUG ((EFI_D_INFO, "[Variable]END_OF_DXE is signaled\n"));\r
+ DEBUG ((EFI_D_INFO, "[Variable]SMM_END_OF_DXE is signaled\n"));\r
+ MorLockInitAtEndOfDxe ();\r
mEndOfDxe = TRUE;\r
+ VarCheckLibInitializeAtEndOfDxe (NULL);\r
//\r
// The initialization for variable quota.\r
//\r
if (PcdGetBool (PcdReclaimVariableSpaceAtEndOfDxe)) {\r
ReclaimForOS ();\r
}\r
+\r
return EFI_SUCCESS;\r
}\r
\r
);\r
ASSERT_EFI_ERROR (Status);\r
\r
- mVariableBufferPayloadSize = GetNonVolatileMaxVariableSize () +\r
+ mVariableBufferPayloadSize = GetMaxVariableSize () +\r
OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) - GetVariableHeaderSize ();\r
\r
Status = gSmst->SmmAllocatePool (\r