+/** @file\r
+ Instance of MM memory check library.\r
+\r
+ MM memory check library library implementation. This library consumes MM_ACCESS_PROTOCOL\r
+ to get MMRAM information. In order to use this library instance, the platform should produce\r
+ all MMRAM range via MM_ACCESS_PROTOCOL, including the range for firmware (like MM Core\r
+ and MM driver) and/or specific dedicated hardware.\r
+\r
+ Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>\r
+ Copyright (c) 2016 - 2018, ARM Limited. All rights reserved.<BR>\r
+\r
+ This program and the accompanying materials\r
+ are licensed and made available under the terms and conditions of the BSD License\r
+ which accompanies this distribution. The full text of the license may be found at\r
+ http://opensource.org/licenses/bsd-license.php\r
+\r
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+\r
+#include <PiMm.h>\r
+\r
+#include <Library/BaseLib.h>\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/DebugLib.h>\r
+\r
+EFI_MMRAM_DESCRIPTOR *mMmMemLibInternalMmramRanges;\r
+UINTN mMmMemLibInternalMmramCount;\r
+\r
+//\r
+// Maximum support address used to check input buffer\r
+//\r
+EFI_PHYSICAL_ADDRESS mMmMemLibInternalMaximumSupportAddress = 0;\r
+\r
+/**\r
+ Calculate and save the maximum support address.\r
+\r
+**/\r
+VOID\r
+MmMemLibInternalCalculateMaximumSupportAddress (\r
+ VOID\r
+ );\r
+\r
+/**\r
+ This function check if the buffer is valid per processor architecture and not overlap with MMRAM.\r
+\r
+ @param Buffer The buffer start address to be checked.\r
+ @param Length The buffer length to be checked.\r
+\r
+ @retval TRUE This buffer is valid per processor architecture and not overlap with MMRAM.\r
+ @retval FALSE This buffer is not valid per processor architecture or overlap with MMRAM.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+MmIsBufferOutsideMmValid (\r
+ IN EFI_PHYSICAL_ADDRESS Buffer,\r
+ IN UINT64 Length\r
+ )\r
+{\r
+ UINTN Index;\r
+\r
+ //\r
+ // Check override.\r
+ // NOTE: (B:0->L:4G) is invalid for IA32, but (B:1->L:4G-1)/(B:4G-1->L:1) is valid.\r
+ //\r
+ if ((Length > mMmMemLibInternalMaximumSupportAddress) ||\r
+ (Buffer > mMmMemLibInternalMaximumSupportAddress) ||\r
+ ((Length != 0) && (Buffer > (mMmMemLibInternalMaximumSupportAddress - (Length - 1)))) ) {\r
+ //\r
+ // Overflow happen\r
+ //\r
+ DEBUG ((\r
+ DEBUG_ERROR,\r
+ "MmIsBufferOutsideMmValid: Overflow: Buffer (0x%lx) - Length (0x%lx), MaximumSupportAddress (0x%lx)\n",\r
+ Buffer,\r
+ Length,\r
+ mMmMemLibInternalMaximumSupportAddress\r
+ ));\r
+ return FALSE;\r
+ }\r
+\r
+ for (Index = 0; Index < mMmMemLibInternalMmramCount; Index ++) {\r
+ if (((Buffer >= mMmMemLibInternalMmramRanges[Index].CpuStart) &&\r
+ (Buffer < mMmMemLibInternalMmramRanges[Index].CpuStart + mMmMemLibInternalMmramRanges[Index].PhysicalSize)) ||\r
+ ((mMmMemLibInternalMmramRanges[Index].CpuStart >= Buffer) &&\r
+ (mMmMemLibInternalMmramRanges[Index].CpuStart < Buffer + Length))) {\r
+ DEBUG ((\r
+ DEBUG_ERROR,\r
+ "MmIsBufferOutsideMmValid: Overlap: Buffer (0x%lx) - Length (0x%lx), ",\r
+ Buffer,\r
+ Length\r
+ ));\r
+ DEBUG ((\r
+ DEBUG_ERROR,\r
+ "CpuStart (0x%lx) - PhysicalSize (0x%lx)\n",\r
+ mMmMemLibInternalMmramRanges[Index].CpuStart,\r
+ mMmMemLibInternalMmramRanges[Index].PhysicalSize\r
+ ));\r
+ return FALSE;\r
+ }\r
+ }\r
+\r
+ return TRUE;\r
+}\r
+\r
+/**\r
+ Copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).\r
+\r
+ This function copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).\r
+ It checks if source buffer is valid per processor architecture and not overlap with MMRAM.\r
+ If the check passes, it copies memory and returns EFI_SUCCESS.\r
+ If the check fails, it return EFI_SECURITY_VIOLATION.\r
+ The implementation must be reentrant.\r
+\r
+ @param DestinationBuffer The pointer to the destination buffer of the memory copy.\r
+ @param SourceBuffer The pointer to the source buffer of the memory copy.\r
+ @param Length The number of bytes to copy from SourceBuffer to DestinationBuffer.\r
+\r
+ @retval EFI_SECURITY_VIOLATION The SourceBuffer is invalid per processor architecture or overlap with MMRAM.\r
+ @retval EFI_SUCCESS Memory is copied.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+MmCopyMemToMmram (\r
+ OUT VOID *DestinationBuffer,\r
+ IN CONST VOID *SourceBuffer,\r
+ IN UINTN Length\r
+ )\r
+{\r
+ if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)SourceBuffer, Length)) {\r
+ DEBUG ((DEBUG_ERROR, "MmCopyMemToMmram: Security Violation: Source (0x%x), Length (0x%x)\n", SourceBuffer, Length));\r
+ return EFI_SECURITY_VIOLATION;\r
+ }\r
+ CopyMem (DestinationBuffer, SourceBuffer, Length);\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ Copies a source buffer (MMRAM) to a destination buffer (NON-MMRAM).\r
+\r
+ This function copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).\r
+ It checks if destination buffer is valid per processor architecture and not overlap with MMRAM.\r
+ If the check passes, it copies memory and returns EFI_SUCCESS.\r
+ If the check fails, it returns EFI_SECURITY_VIOLATION.\r
+ The implementation must be reentrant.\r
+\r
+ @param DestinationBuffer The pointer to the destination buffer of the memory copy.\r
+ @param SourceBuffer The pointer to the source buffer of the memory copy.\r
+ @param Length The number of bytes to copy from SourceBuffer to DestinationBuffer.\r
+\r
+ @retval EFI_SECURITY_VIOLATION The DesinationBuffer is invalid per processor architecture or overlap with MMRAM.\r
+ @retval EFI_SUCCESS Memory is copied.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+MmCopyMemFromMmram (\r
+ OUT VOID *DestinationBuffer,\r
+ IN CONST VOID *SourceBuffer,\r
+ IN UINTN Length\r
+ )\r
+{\r
+ if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)DestinationBuffer, Length)) {\r
+ DEBUG ((DEBUG_ERROR, "MmCopyMemFromMmram: Security Violation: Destination (0x%x), Length (0x%x)\n",\r
+ DestinationBuffer, Length));\r
+ return EFI_SECURITY_VIOLATION;\r
+ }\r
+ CopyMem (DestinationBuffer, SourceBuffer, Length);\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ Copies a source buffer (NON-MMRAM) to a destination buffer (NON-MMRAM).\r
+\r
+ This function copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).\r
+ It checks if source buffer and destination buffer are valid per processor architecture and not overlap with MMRAM.\r
+ If the check passes, it copies memory and returns EFI_SUCCESS.\r
+ If the check fails, it returns EFI_SECURITY_VIOLATION.\r
+ The implementation must be reentrant, and it must handle the case where source buffer overlaps destination buffer.\r
+\r
+ @param DestinationBuffer The pointer to the destination buffer of the memory copy.\r
+ @param SourceBuffer The pointer to the source buffer of the memory copy.\r
+ @param Length The number of bytes to copy from SourceBuffer to DestinationBuffer.\r
+\r
+ @retval EFI_SECURITY_VIOLATION The DesinationBuffer is invalid per processor architecture or overlap with MMRAM.\r
+ @retval EFI_SECURITY_VIOLATION The SourceBuffer is invalid per processor architecture or overlap with MMRAM.\r
+ @retval EFI_SUCCESS Memory is copied.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+MmCopyMem (\r
+ OUT VOID *DestinationBuffer,\r
+ IN CONST VOID *SourceBuffer,\r
+ IN UINTN Length\r
+ )\r
+{\r
+ if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)DestinationBuffer, Length)) {\r
+ DEBUG ((DEBUG_ERROR, "MmCopyMem: Security Violation: Destination (0x%x), Length (0x%x)\n",\r
+ DestinationBuffer, Length));\r
+ return EFI_SECURITY_VIOLATION;\r
+ }\r
+ if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)SourceBuffer, Length)) {\r
+ DEBUG ((DEBUG_ERROR, "MmCopyMem: Security Violation: Source (0x%x), Length (0x%x)\n", SourceBuffer, Length));\r
+ return EFI_SECURITY_VIOLATION;\r
+ }\r
+ CopyMem (DestinationBuffer, SourceBuffer, Length);\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ Fills a target buffer (NON-MMRAM) with a byte value.\r
+\r
+ This function fills a target buffer (non-MMRAM) with a byte value.\r
+ It checks if target buffer is valid per processor architecture and not overlap with MMRAM.\r
+ If the check passes, it fills memory and returns EFI_SUCCESS.\r
+ If the check fails, it returns EFI_SECURITY_VIOLATION.\r
+\r
+ @param Buffer The memory to set.\r
+ @param Length The number of bytes to set.\r
+ @param Value The value with which to fill Length bytes of Buffer.\r
+\r
+ @retval EFI_SECURITY_VIOLATION The Buffer is invalid per processor architecture or overlap with MMRAM.\r
+ @retval EFI_SUCCESS Memory is set.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+MmSetMem (\r
+ OUT VOID *Buffer,\r
+ IN UINTN Length,\r
+ IN UINT8 Value\r
+ )\r
+{\r
+ if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)Buffer, Length)) {\r
+ DEBUG ((DEBUG_ERROR, "MmSetMem: Security Violation: Source (0x%x), Length (0x%x)\n", Buffer, Length));\r
+ return EFI_SECURITY_VIOLATION;\r
+ }\r
+ SetMem (Buffer, Length, Value);\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ The constructor function initializes the Mm Mem library\r
+\r
+ @param ImageHandle The firmware allocated handle for the EFI image.\r
+ @param SystemTable A pointer to the EFI System Table.\r
+\r
+ @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+MemLibConstructor (\r
+ IN EFI_HANDLE ImageHandle,\r
+ IN EFI_MM_SYSTEM_TABLE *MmSystemTable\r
+ )\r
+{\r
+\r
+ //\r
+ // Calculate and save maximum support address\r
+ //\r
+ MmMemLibInternalCalculateMaximumSupportAddress ();\r
+\r
+ return EFI_SUCCESS;\r
+}\r