]> git.proxmox.com Git - mirror_edk2.git/blame - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Use SmmMemLib to check communication buffer.
[mirror_edk2.git] / MdeModulePkg / Universal / Variable / RuntimeDxe / VariableSmm.c
CommitLineData
8a2d4996 1/** @file\r
2\r
3 The sample implementation for SMM variable protocol. And this driver \r
4 implements an SMI handler to communicate with the DXE runtime driver \r
5 to provide variable services.\r
6\r
2445a70e 7 Caution: This module requires additional review when modified.\r
8 This driver will have external input - variable data and communicate buffer in SMM mode.\r
9 This external input must be validated carefully to avoid security issue like\r
10 buffer overflow, integer overflow.\r
11\r
12 SmmVariableHandler() will receive untrusted input and do basic validation.\r
13\r
14 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(), \r
15 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(), \r
16 SmmVariableGetStatistics() should also do validation based on its own knowledge.\r
17\r
efb01a10 18Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>\r
2445a70e 19This program and the accompanying materials \r
20are licensed and made available under the terms and conditions of the BSD License \r
21which accompanies this distribution. The full text of the license may be found at \r
22http://opensource.org/licenses/bsd-license.php\r
8a2d4996 23\r
24THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
25WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. \r
26\r
27**/\r
d00ed85e 28#include <Protocol/SmmVariable.h>\r
29#include <Protocol/SmmFirmwareVolumeBlock.h>\r
8a2d4996 30#include <Protocol/SmmFaultTolerantWrite.h>\r
2445a70e 31#include <Protocol/SmmAccess2.h>\r
ff843847 32#include <Protocol/SmmEndOfDxe.h>\r
efb01a10 33#include <Protocol/SmmVarCheck.h>\r
2445a70e 34\r
8a2d4996 35#include <Library/SmmServicesTableLib.h>\r
842b1242 36#include <Library/SmmMemLib.h>\r
8a2d4996 37\r
d00ed85e 38#include <Guid/VariableFormat.h>\r
39#include <Guid/SmmVariableCommon.h>\r
8a2d4996 40#include "Variable.h"\r
8a2d4996 41\r
d00ed85e 42extern VARIABLE_INFO_ENTRY *gVariableInfo;\r
8a2d4996 43EFI_HANDLE mSmmVariableHandle = NULL;\r
44EFI_HANDLE mVariableHandle = NULL;\r
45BOOLEAN mAtRuntime = FALSE;\r
46EFI_GUID mZeroGuid = {0, 0, 0, {0, 0, 0, 0, 0, 0, 0, 0}};\r
5e5bb2a9
SZ		 47UINT8 *mVariableBufferPayload = NULL;\r
48UINTN mVariableBufferPayloadSize;\r
ff843847
RN		 49extern BOOLEAN mEndOfDxe;\r
50extern BOOLEAN mEnableLocking;\r
51\r
52/**\r
53\r
54 This code sets variable in storage blocks (Volatile or Non-Volatile).\r
55\r
56 @param VariableName Name of Variable to be found.\r
57 @param VendorGuid Variable vendor GUID.\r
58 @param Attributes Attribute value of the variable found\r
59 @param DataSize Size of Data found. If size is less than the\r
60 data, this value contains the required size.\r
61 @param Data Data pointer.\r
62\r
63 @return EFI_INVALID_PARAMETER Invalid parameter.\r
64 @return EFI_SUCCESS Set successfully.\r
65 @return EFI_OUT_OF_RESOURCES Resource not enough to set variable.\r
66 @return EFI_NOT_FOUND Not found.\r
67 @return EFI_WRITE_PROTECTED Variable is read-only.\r
68\r
69**/\r
70EFI_STATUS\r
71EFIAPI\r
72SmmVariableSetVariable (\r
73 IN CHAR16 *VariableName,\r
74 IN EFI_GUID *VendorGuid,\r
75 IN UINT32 Attributes,\r
76 IN UINTN DataSize,\r
77 IN VOID *Data\r
78 )\r
79{\r
80 EFI_STATUS Status;\r
81\r
82 //\r
83 // Disable write protection when the calling SetVariable() through EFI_SMM_VARIABLE_PROTOCOL.\r
84 //\r
85 mEnableLocking = FALSE;\r
86 Status = VariableServiceSetVariable (\r
87 VariableName,\r
88 VendorGuid,\r
89 Attributes,\r
90 DataSize,\r
91 Data\r
92 );\r
93 mEnableLocking = TRUE;\r
94 return Status;\r
95}\r
5e5bb2a9 96\r
8a2d4996 97EFI_SMM_VARIABLE_PROTOCOL gSmmVariable = {\r
98 VariableServiceGetVariable,\r
99 VariableServiceGetNextVariableName,\r
ff843847 100 SmmVariableSetVariable,\r
8a2d4996 101 VariableServiceQueryVariableInfo\r
102};\r
103\r
efb01a10
SZ		 104EDKII_SMM_VAR_CHECK_PROTOCOL mSmmVarCheck = { VarCheckRegisterSetVariableCheckHandler,\r
105 VarCheckVariablePropertySet,\r
106 VarCheckVariablePropertyGet };\r
107\r
8a2d4996 108/**\r
109 Return TRUE if ExitBootServices () has been called.\r
110 \r
111 @retval TRUE If ExitBootServices () has been called.\r
112**/\r
113BOOLEAN\r
114AtRuntime (\r
115 VOID\r
116 )\r
117{\r
118 return mAtRuntime;\r
119}\r
120\r
121/**\r
122 Initializes a basic mutual exclusion lock.\r
123\r
124 This function initializes a basic mutual exclusion lock to the released state \r
125 and returns the lock. Each lock provides mutual exclusion access at its task \r
126 priority level. Since there is no preemption or multiprocessor support in EFI,\r
127 acquiring the lock only consists of raising to the locks TPL.\r
128 If Lock is NULL, then ASSERT().\r
129 If Priority is not a valid TPL value, then ASSERT().\r
130\r
131 @param Lock A pointer to the lock data structure to initialize.\r
132 @param Priority EFI TPL is associated with the lock.\r
133\r
134 @return The lock.\r
135\r
136**/\r
137EFI_LOCK *\r
138InitializeLock (\r
139 IN OUT EFI_LOCK *Lock,\r
140 IN EFI_TPL Priority\r
141 )\r
142{\r
143 return Lock;\r
144}\r
145\r
146/**\r
147 Acquires lock only at boot time. Simply returns at runtime.\r
148\r
149 This is a temperary function that will be removed when\r
150 EfiAcquireLock() in UefiLib can handle the call in UEFI\r
151 Runtimer driver in RT phase.\r
152 It calls EfiAcquireLock() at boot time, and simply returns\r
153 at runtime.\r
154\r
155 @param Lock A pointer to the lock to acquire.\r
156\r
157**/\r
158VOID\r
159AcquireLockOnlyAtBootTime (\r
160 IN EFI_LOCK *Lock\r
161 )\r
162{\r
163\r
164}\r
165\r
166\r
167/**\r
168 Releases lock only at boot time. Simply returns at runtime.\r
169\r
170 This is a temperary function which will be removed when\r
171 EfiReleaseLock() in UefiLib can handle the call in UEFI\r
172 Runtimer driver in RT phase.\r
173 It calls EfiReleaseLock() at boot time and simply returns\r
174 at runtime.\r
175\r
176 @param Lock A pointer to the lock to release.\r
177\r
178**/\r
179VOID\r
180ReleaseLockOnlyAtBootTime (\r
181 IN EFI_LOCK *Lock\r
182 )\r
183{\r
184\r
185}\r
186\r
187/**\r
188 Retrive the SMM Fault Tolerent Write protocol interface.\r
189\r
190 @param[out] FtwProtocol The interface of SMM Ftw protocol\r
191\r
192 @retval EFI_SUCCESS The SMM FTW protocol instance was found and returned in FtwProtocol.\r
193 @retval EFI_NOT_FOUND The SMM FTW protocol instance was not found.\r
194 @retval EFI_INVALID_PARAMETER SarProtocol is NULL.\r
195\r
196**/\r
197EFI_STATUS\r
198GetFtwProtocol (\r
199 OUT VOID **FtwProtocol\r
200 )\r
201{\r
202 EFI_STATUS Status;\r
203\r
204 //\r
205 // Locate Smm Fault Tolerent Write protocol\r
206 //\r
207 Status = gSmst->SmmLocateProtocol (\r
208 &gEfiSmmFaultTolerantWriteProtocolGuid, \r
209 NULL, \r
210 FtwProtocol\r
211 );\r
212 return Status;\r
213}\r
214\r
215\r
216/**\r
217 Retrive the SMM FVB protocol interface by HANDLE.\r
218\r
219 @param[in] FvBlockHandle The handle of SMM FVB protocol that provides services for\r
220 reading, writing, and erasing the target block.\r
221 @param[out] FvBlock The interface of SMM FVB protocol\r
222\r
223 @retval EFI_SUCCESS The interface information for the specified protocol was returned.\r
224 @retval EFI_UNSUPPORTED The device does not support the SMM FVB protocol.\r
225 @retval EFI_INVALID_PARAMETER FvBlockHandle is not a valid EFI_HANDLE or FvBlock is NULL.\r
226\r
227**/\r
228EFI_STATUS\r
229GetFvbByHandle (\r
230 IN EFI_HANDLE FvBlockHandle,\r
231 OUT EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL **FvBlock\r
232 )\r
233{\r
234 //\r
235 // To get the SMM FVB protocol interface on the handle\r
236 //\r
237 return gSmst->SmmHandleProtocol (\r
238 FvBlockHandle,\r
239 &gEfiSmmFirmwareVolumeBlockProtocolGuid,\r
240 (VOID **) FvBlock\r
241 );\r
242}\r
243\r
244\r
245/**\r
246 Function returns an array of handles that support the SMM FVB protocol\r
247 in a buffer allocated from pool. \r
248\r
249 @param[out] NumberHandles The number of handles returned in Buffer.\r
250 @param[out] Buffer A pointer to the buffer to return the requested\r
251 array of handles that support SMM FVB protocol.\r
252\r
253 @retval EFI_SUCCESS The array of handles was returned in Buffer, and the number of\r
254 handles in Buffer was returned in NumberHandles.\r
255 @retval EFI_NOT_FOUND No SMM FVB handle was found.\r
256 @retval EFI_OUT_OF_RESOURCES There is not enough pool memory to store the matching results.\r
257 @retval EFI_INVALID_PARAMETER NumberHandles is NULL or Buffer is NULL.\r
258\r
259**/\r
260EFI_STATUS\r
261GetFvbCountAndBuffer (\r
262 OUT UINTN *NumberHandles,\r
263 OUT EFI_HANDLE **Buffer\r
264 )\r
265{\r
266 EFI_STATUS Status;\r
267 UINTN BufferSize;\r
268\r
269 if ((NumberHandles == NULL) || (Buffer == NULL)) {\r
270 return EFI_INVALID_PARAMETER;\r
271 }\r
272\r
273 BufferSize = 0;\r
274 *NumberHandles = 0;\r
275 *Buffer = NULL;\r
276 Status = gSmst->SmmLocateHandle (\r
277 ByProtocol,\r
278 &gEfiSmmFirmwareVolumeBlockProtocolGuid,\r
279 NULL,\r
280 &BufferSize,\r
281 *Buffer\r
282 );\r
283 if (EFI_ERROR(Status) && Status != EFI_BUFFER_TOO_SMALL) {\r
284 return EFI_NOT_FOUND;\r
285 }\r
286\r
287 *Buffer = AllocatePool (BufferSize);\r
288 if (*Buffer == NULL) {\r
289 return EFI_OUT_OF_RESOURCES;\r
290 }\r
291\r
292 Status = gSmst->SmmLocateHandle (\r
293 ByProtocol,\r
294 &gEfiSmmFirmwareVolumeBlockProtocolGuid,\r
295 NULL,\r
296 &BufferSize,\r
297 *Buffer\r
298 );\r
299\r
300 *NumberHandles = BufferSize / sizeof(EFI_HANDLE);\r
301 if (EFI_ERROR(Status)) {\r
302 *NumberHandles = 0;\r
5e5bb2a9
SZ		 303 FreePool (*Buffer);\r
304 *Buffer = NULL;\r
8a2d4996 305 }\r
306\r
307 return Status;\r
308}\r
309\r
310\r
311/**\r
312 Get the variable statistics information from the information buffer pointed by gVariableInfo.\r
313\r
2445a70e 314 Caution: This function may be invoked at SMM runtime.\r
315 InfoEntry and InfoSize are external input. Care must be taken to make sure not security issue at runtime.\r
316\r
317 @param[in, out] InfoEntry A pointer to the buffer of variable information entry.\r
318 On input, point to the variable information returned last time. if \r
319 InfoEntry->VendorGuid is zero, return the first information.\r
320 On output, point to the next variable information.\r
321 @param[in, out] InfoSize On input, the size of the variable information buffer.\r
322 On output, the returned variable information size.\r
8a2d4996 323\r
324 @retval EFI_SUCCESS The variable information is found and returned successfully.\r
325 @retval EFI_UNSUPPORTED No variable inoformation exists in variable driver. The \r
326 PcdVariableCollectStatistics should be set TRUE to support it.\r
327 @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the next variable information.\r
328\r
329**/\r
330EFI_STATUS\r
331SmmVariableGetStatistics (\r
d00ed85e 332 IN OUT VARIABLE_INFO_ENTRY *InfoEntry,\r
8a2d4996 333 IN OUT UINTN *InfoSize\r
334 )\r
335{\r
d00ed85e 336 VARIABLE_INFO_ENTRY *VariableInfo;\r
8a2d4996 337 UINTN NameLength;\r
338 UINTN StatisticsInfoSize;\r
339 CHAR16 *InfoName;\r
5e5bb2a9
SZ		 340 EFI_GUID VendorGuid;\r
341\r
8a2d4996 342 ASSERT (InfoEntry != NULL);\r
343 VariableInfo = gVariableInfo; \r
344 if (VariableInfo == NULL) {\r
345 return EFI_UNSUPPORTED;\r
346 }\r
347\r
d00ed85e 348 StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + StrSize (VariableInfo->Name);\r
eb96e4f2 349 if (*InfoSize < StatisticsInfoSize) {\r
8a2d4996 350 *InfoSize = StatisticsInfoSize;\r
351 return EFI_BUFFER_TOO_SMALL;\r
352 }\r
353 InfoName = (CHAR16 *)(InfoEntry + 1);\r
354\r
5e5bb2a9
SZ		 355 CopyGuid (&VendorGuid, &InfoEntry->VendorGuid);\r
356\r
357 if (CompareGuid (&VendorGuid, &mZeroGuid)) {\r
8a2d4996 358 //\r
359 // Return the first variable info\r
360 //\r
d00ed85e 361 CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY));\r
8a2d4996 362 CopyMem (InfoName, VariableInfo->Name, StrSize (VariableInfo->Name));\r
363 *InfoSize = StatisticsInfoSize;\r
364 return EFI_SUCCESS;\r
365 }\r
366\r
367 //\r
368 // Get the next variable info\r
369 //\r
370 while (VariableInfo != NULL) {\r
5e5bb2a9 371 if (CompareGuid (&VariableInfo->VendorGuid, &VendorGuid)) {\r
8a2d4996 372 NameLength = StrSize (VariableInfo->Name);\r
373 if (NameLength == StrSize (InfoName)) {\r
374 if (CompareMem (VariableInfo->Name, InfoName, NameLength) == 0) {\r
375 //\r
376 // Find the match one\r
377 //\r
378 VariableInfo = VariableInfo->Next;\r
379 break;\r
380 }\r
381 }\r
382 }\r
383 VariableInfo = VariableInfo->Next;\r
384 };\r
385 \r
386 if (VariableInfo == NULL) {\r
387 *InfoSize = 0;\r
388 return EFI_SUCCESS;\r
389 }\r
390\r
391 //\r
392 // Output the new variable info\r
393 //\r
d00ed85e 394 StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + StrSize (VariableInfo->Name);\r
8a2d4996 395 if (*InfoSize < StatisticsInfoSize) {\r
396 *InfoSize = StatisticsInfoSize;\r
397 return EFI_BUFFER_TOO_SMALL;\r
398 }\r
399\r
d00ed85e 400 CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY));\r
8a2d4996 401 CopyMem (InfoName, VariableInfo->Name, StrSize (VariableInfo->Name));\r
402 *InfoSize = StatisticsInfoSize;\r
403 \r
404 return EFI_SUCCESS;\r
405}\r
406\r
407\r
408/**\r
409 Communication service SMI Handler entry.\r
410\r
411 This SMI handler provides services for the variable wrapper driver.\r
412\r
2445a70e 413 Caution: This function may receive untrusted input.\r
414 This variable data and communicate buffer are external input, so this function will do basic validation.\r
415 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(), \r
416 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(), \r
417 SmmVariableGetStatistics() should also do validation based on its own knowledge.\r
418\r
8a2d4996 419 @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().\r
420 @param[in] RegisterContext Points to an optional handler context which was specified when the\r
421 handler was registered.\r
422 @param[in, out] CommBuffer A pointer to a collection of data in memory that will\r
423 be conveyed from a non-SMM environment into an SMM environment.\r
424 @param[in, out] CommBufferSize The size of the CommBuffer.\r
425\r
426 @retval EFI_SUCCESS The interrupt was handled and quiesced. No other handlers \r
427 should still be called.\r
428 @retval EFI_WARN_INTERRUPT_SOURCE_QUIESCED The interrupt has been quiesced but other handlers should \r
429 still be called.\r
430 @retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still pending and other handlers should still \r
431 be called.\r
432 @retval EFI_INTERRUPT_PENDING The interrupt could not be quiesced.\r
433**/\r
434EFI_STATUS\r
435EFIAPI\r
436SmmVariableHandler (\r
437 IN EFI_HANDLE DispatchHandle,\r
438 IN CONST VOID *RegisterContext,\r
439 IN OUT VOID *CommBuffer,\r
440 IN OUT UINTN *CommBufferSize\r
441 )\r
442{\r
443 EFI_STATUS Status;\r
444 SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHeader;\r
445 SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *SmmVariableHeader;\r
446 SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *GetNextVariableName;\r
447 SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *QueryVariableInfo;\r
d00ed85e 448 VARIABLE_INFO_ENTRY *VariableInfo;\r
ff843847 449 SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *VariableToLock;\r
efb01a10 450 SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *CommVariableProperty;\r
8a2d4996 451 UINTN InfoSize;\r
9d00d20e 452 UINTN NameBufferSize;\r
5e5bb2a9 453 UINTN CommBufferPayloadSize;\r
164a9b67 454 UINTN TempCommBufferSize;\r
8a2d4996 455\r
2445a70e 456 //\r
457 // If input is invalid, stop processing this SMI\r
458 //\r
459 if (CommBuffer == NULL || CommBufferSize == NULL) {\r
460 return EFI_SUCCESS;\r
461 }\r
462\r
164a9b67
SZ		 463 TempCommBufferSize = *CommBufferSize;\r
464\r
465 if (TempCommBufferSize < SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {\r
5e5bb2a9
SZ		 466 DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer size invalid!\n"));\r
467 return EFI_SUCCESS;\r
468 }\r
164a9b67 469 CommBufferPayloadSize = TempCommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;\r
5e5bb2a9
SZ		 470 if (CommBufferPayloadSize > mVariableBufferPayloadSize) {\r
471 DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer payload size invalid!\n"));\r
2445a70e 472 return EFI_SUCCESS;\r
473 }\r
474\r
842b1242 475 if (!SmmIsBufferOutsideSmmValid ((UINTN)CommBuffer, TempCommBufferSize)) {\r
5e5bb2a9 476 DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer in SMRAM or overflow!\n"));\r
2445a70e 477 return EFI_SUCCESS;\r
478 }\r
8a2d4996 479\r
480 SmmVariableFunctionHeader = (SMM_VARIABLE_COMMUNICATE_HEADER *)CommBuffer;\r
481 switch (SmmVariableFunctionHeader->Function) {\r
482 case SMM_VARIABLE_FUNCTION_GET_VARIABLE:\r
5e5bb2a9
SZ		 483 if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) {\r
484 DEBUG ((EFI_D_ERROR, "GetVariable: SMM communication buffer size invalid!\n"));\r
485 return EFI_SUCCESS;\r
486 }\r
487 //\r
488 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.\r
489 //\r
490 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);\r
491 SmmVariableHeader = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *) mVariableBufferPayload;\r
9d00d20e
SZ		 492 if (((UINTN)(~0) - SmmVariableHeader->DataSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) ||\r
493 ((UINTN)(~0) - SmmVariableHeader->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + SmmVariableHeader->DataSize)) {\r
494 //\r
495 // Prevent InfoSize overflow happen\r
496 //\r
497 Status = EFI_ACCESS_DENIED;\r
498 goto EXIT;\r
499 }\r
2445a70e 500 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) \r
501 + SmmVariableHeader->DataSize + SmmVariableHeader->NameSize;\r
502\r
503 //\r
504 // SMRAM range check already covered before\r
505 //\r
5e5bb2a9
SZ		 506 if (InfoSize > CommBufferPayloadSize) {\r
507 DEBUG ((EFI_D_ERROR, "GetVariable: Data size exceed communication buffer size limit!\n"));\r
2445a70e 508 Status = EFI_ACCESS_DENIED;\r
509 goto EXIT;\r
510 }\r
511\r
9d00d20e
SZ		 512 if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {\r
513 //\r
514 // Make sure VariableName is A Null-terminated string.\r
515 //\r
516 Status = EFI_ACCESS_DENIED;\r
517 goto EXIT;\r
518 }\r
519\r
8a2d4996 520 Status = VariableServiceGetVariable (\r
521 SmmVariableHeader->Name,\r
522 &SmmVariableHeader->Guid,\r
523 &SmmVariableHeader->Attributes,\r
524 &SmmVariableHeader->DataSize,\r
525 (UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->NameSize\r
526 );\r
5e5bb2a9 527 CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);\r
8a2d4996 528 break;\r
529 \r
530 case SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME:\r
5e5bb2a9
SZ		 531 if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {\r
532 DEBUG ((EFI_D_ERROR, "GetNextVariableName: SMM communication buffer size invalid!\n"));\r
533 return EFI_SUCCESS;\r
534 }\r
535 //\r
536 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.\r
537 //\r
538 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);\r
539 GetNextVariableName = (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *) mVariableBufferPayload;\r
9d00d20e
SZ		 540 if ((UINTN)(~0) - GetNextVariableName->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {\r
541 //\r
542 // Prevent InfoSize overflow happen\r
543 //\r
544 Status = EFI_ACCESS_DENIED;\r
545 goto EXIT;\r
546 }\r
2445a70e 547 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name) + GetNextVariableName->NameSize;\r
548\r
549 //\r
550 // SMRAM range check already covered before\r
551 //\r
5e5bb2a9
SZ		 552 if (InfoSize > CommBufferPayloadSize) {\r
553 DEBUG ((EFI_D_ERROR, "GetNextVariableName: Data size exceed communication buffer size limit!\n"));\r
2445a70e 554 Status = EFI_ACCESS_DENIED;\r
555 goto EXIT;\r
556 }\r
557\r
5e5bb2a9 558 NameBufferSize = CommBufferPayloadSize - OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name);\r
9d00d20e
SZ		 559 if (NameBufferSize < sizeof (CHAR16) || GetNextVariableName->Name[NameBufferSize/sizeof (CHAR16) - 1] != L'\0') {\r
560 //\r
561 // Make sure input VariableName is A Null-terminated string.\r
562 //\r
563 Status = EFI_ACCESS_DENIED;\r
564 goto EXIT;\r
565 }\r
566\r
8a2d4996 567 Status = VariableServiceGetNextVariableName (\r
568 &GetNextVariableName->NameSize,\r
569 GetNextVariableName->Name,\r
570 &GetNextVariableName->Guid\r
571 );\r
5e5bb2a9 572 CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);\r
8a2d4996 573 break;\r
574 \r
575 case SMM_VARIABLE_FUNCTION_SET_VARIABLE:\r
5e5bb2a9
SZ		 576 if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) {\r
577 DEBUG ((EFI_D_ERROR, "SetVariable: SMM communication buffer size invalid!\n"));\r
578 return EFI_SUCCESS;\r
579 }\r
580 //\r
581 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.\r
582 //\r
583 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);\r
584 SmmVariableHeader = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *) mVariableBufferPayload;\r
9d00d20e
SZ		 585 if (((UINTN)(~0) - SmmVariableHeader->DataSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) ||\r
586 ((UINTN)(~0) - SmmVariableHeader->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + SmmVariableHeader->DataSize)) {\r
587 //\r
588 // Prevent InfoSize overflow happen\r
589 //\r
590 Status = EFI_ACCESS_DENIED;\r
591 goto EXIT;\r
592 }\r
d17c4eac 593 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)\r
594 + SmmVariableHeader->DataSize + SmmVariableHeader->NameSize;\r
595\r
596 //\r
597 // SMRAM range check already covered before\r
598 // Data buffer should not contain SMM range\r
599 //\r
5e5bb2a9
SZ		 600 if (InfoSize > CommBufferPayloadSize) {\r
601 DEBUG ((EFI_D_ERROR, "SetVariable: Data size exceed communication buffer size limit!\n"));\r
d17c4eac 602 Status = EFI_ACCESS_DENIED;\r
603 goto EXIT;\r
604 }\r
605\r
9d00d20e
SZ		 606 if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {\r
607 //\r
608 // Make sure VariableName is A Null-terminated string.\r
609 //\r
610 Status = EFI_ACCESS_DENIED;\r
611 goto EXIT;\r
612 }\r
613\r
8a2d4996 614 Status = VariableServiceSetVariable (\r
615 SmmVariableHeader->Name,\r
616 &SmmVariableHeader->Guid,\r
617 SmmVariableHeader->Attributes,\r
618 SmmVariableHeader->DataSize,\r
619 (UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->NameSize\r
620 );\r
621 break;\r
622 \r
623 case SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO:\r
5e5bb2a9
SZ		 624 if (CommBufferPayloadSize < sizeof (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO)) {\r
625 DEBUG ((EFI_D_ERROR, "QueryVariableInfo: SMM communication buffer size invalid!\n"));\r
626 return EFI_SUCCESS;\r
2445a70e 627 }\r
5e5bb2a9 628 QueryVariableInfo = (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *) SmmVariableFunctionHeader->Data;\r
2445a70e 629\r
8a2d4996 630 Status = VariableServiceQueryVariableInfo (\r
631 QueryVariableInfo->Attributes,\r
632 &QueryVariableInfo->MaximumVariableStorageSize,\r
633 &QueryVariableInfo->RemainingVariableStorageSize,\r
634 &QueryVariableInfo->MaximumVariableSize\r
635 );\r
636 break;\r
637\r
638 case SMM_VARIABLE_FUNCTION_READY_TO_BOOT:\r
ff843847 639 mEndOfDxe = TRUE;\r
4edb1866
SZ		 640 //\r
641 // The initialization for variable quota.\r
642 //\r
643 InitializeVariableQuota ();\r
876ac395 644 if (AtRuntime()) {\r
645 Status = EFI_UNSUPPORTED;\r
646 break;\r
647 }\r
8a2d4996 648 ReclaimForOS ();\r
649 Status = EFI_SUCCESS;\r
650 break;\r
651 \r
652 case SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE:\r
653 mAtRuntime = TRUE;\r
654 Status = EFI_SUCCESS;\r
655 break;\r
656\r
657 case SMM_VARIABLE_FUNCTION_GET_STATISTICS:\r
d00ed85e 658 VariableInfo = (VARIABLE_INFO_ENTRY *) SmmVariableFunctionHeader->Data;\r
164a9b67 659 InfoSize = TempCommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;\r
2445a70e 660\r
661 //\r
662 // Do not need to check SmmVariableFunctionHeader->Data in SMRAM here. \r
663 // It is covered by previous CommBuffer check \r
664 //\r
665 \r
842b1242 666 if (!SmmIsBufferOutsideSmmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)CommBufferSize, sizeof(UINTN))) {\r
5e5bb2a9 667 DEBUG ((EFI_D_ERROR, "GetStatistics: SMM communication buffer in SMRAM!\n"));\r
2445a70e 668 Status = EFI_ACCESS_DENIED;\r
669 goto EXIT;\r
670 } \r
671\r
8a2d4996 672 Status = SmmVariableGetStatistics (VariableInfo, &InfoSize);\r
3f5c168f 673 *CommBufferSize = InfoSize + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;\r
8a2d4996 674 break;\r
675\r
ff843847 676 case SMM_VARIABLE_FUNCTION_LOCK_VARIABLE:\r
51547bb8 677 if (mEndOfDxe) {\r
ff843847 678 Status = EFI_ACCESS_DENIED;\r
51547bb8
RN		 679 } else {\r
680 VariableToLock = (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *) SmmVariableFunctionHeader->Data;\r
681 Status = VariableLockRequestToLock (\r
682 NULL,\r
683 VariableToLock->Name,\r
684 &VariableToLock->Guid\r
685 );\r
ff843847 686 }\r
ff843847 687 break;\r
efb01a10
SZ		 688 case SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_SET:\r
689 if (mEndOfDxe) {\r
690 Status = EFI_ACCESS_DENIED;\r
691 } else {\r
692 CommVariableProperty = (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *) SmmVariableFunctionHeader->Data;\r
693 Status = VarCheckVariablePropertySet (\r
694 CommVariableProperty->Name,\r
695 &CommVariableProperty->Guid,\r
696 &CommVariableProperty->VariableProperty\r
697 );\r
698 }\r
699 break;\r
700 case SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_GET:\r
701 if (CommBufferPayloadSize < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) {\r
702 DEBUG ((EFI_D_ERROR, "VarCheckVariablePropertyGet: SMM communication buffer size invalid!\n"));\r
703 return EFI_SUCCESS;\r
704 }\r
705 //\r
706 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.\r
707 //\r
708 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);\r
709 CommVariableProperty = (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *) mVariableBufferPayload;\r
710 if ((UINTN) (~0) - CommVariableProperty->NameSize < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) {\r
711 //\r
712 // Prevent InfoSize overflow happen\r
713 //\r
714 Status = EFI_ACCESS_DENIED;\r
715 goto EXIT;\r
716 }\r
717 InfoSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) + CommVariableProperty->NameSize;\r
718\r
719 //\r
720 // SMRAM range check already covered before\r
721 //\r
722 if (InfoSize > CommBufferPayloadSize) {\r
723 DEBUG ((EFI_D_ERROR, "VarCheckVariablePropertyGet: Data size exceed communication buffer size limit!\n"));\r
724 Status = EFI_ACCESS_DENIED;\r
725 goto EXIT;\r
726 }\r
727\r
728 if (CommVariableProperty->NameSize < sizeof (CHAR16) || CommVariableProperty->Name[CommVariableProperty->NameSize/sizeof (CHAR16) - 1] != L'\0') {\r
729 //\r
730 // Make sure VariableName is A Null-terminated string.\r
731 //\r
732 Status = EFI_ACCESS_DENIED;\r
733 goto EXIT;\r
734 }\r
735\r
736 Status = VarCheckVariablePropertyGet (\r
737 CommVariableProperty->Name,\r
738 &CommVariableProperty->Guid,\r
739 &CommVariableProperty->VariableProperty\r
740 );\r
741 CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);\r
742 break;\r
ff843847 743\r
8a2d4996 744 default:\r
8a2d4996 745 Status = EFI_UNSUPPORTED;\r
746 }\r
747\r
2445a70e 748EXIT:\r
749\r
8a2d4996 750 SmmVariableFunctionHeader->ReturnStatus = Status;\r
751\r
752 return EFI_SUCCESS;\r
753}\r
754\r
ff843847
RN		 755/**\r
756 SMM END_OF_DXE protocol notification event handler.\r
757\r
758 @param Protocol Points to the protocol's unique identifier\r
759 @param Interface Points to the interface instance\r
760 @param Handle The handle on which the interface was installed\r
761\r
762 @retval EFI_SUCCESS SmmEndOfDxeCallback runs successfully\r
763\r
764**/\r
765EFI_STATUS\r
766EFIAPI\r
767SmmEndOfDxeCallback (\r
768 IN CONST EFI_GUID *Protocol,\r
769 IN VOID *Interface,\r
770 IN EFI_HANDLE Handle\r
771 )\r
772{\r
773 DEBUG ((EFI_D_INFO, "[Variable]END_OF_DXE is signaled\n"));\r
774 mEndOfDxe = TRUE;\r
4edb1866
SZ		 775 //\r
776 // The initialization for variable quota.\r
777 //\r
778 InitializeVariableQuota ();\r
0fb5e515
SZ		 779 if (PcdGetBool (PcdReclaimVariableSpaceAtEndOfDxe)) {\r
780 ReclaimForOS ();\r
781 }\r
ff843847
RN		 782 return EFI_SUCCESS;\r
783}\r
8a2d4996 784\r
785/**\r
786 SMM Fault Tolerant Write protocol notification event handler.\r
787\r
788 Non-Volatile variable write may needs FTW protocol to reclaim when \r
789 writting variable.\r
790 \r
791 @param Protocol Points to the protocol's unique identifier\r
792 @param Interface Points to the interface instance\r
793 @param Handle The handle on which the interface was installed\r
794\r
795 @retval EFI_SUCCESS SmmEventCallback runs successfully\r
796 @retval EFI_NOT_FOUND The Fvb protocol for variable is not found.\r
797 \r
798 **/\r
799EFI_STATUS\r
800EFIAPI\r
801SmmFtwNotificationEvent (\r
802 IN CONST EFI_GUID *Protocol,\r
803 IN VOID *Interface,\r
804 IN EFI_HANDLE Handle\r
805 )\r
806{\r
807 EFI_STATUS Status;\r
808 EFI_SMM_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbProtocol;\r
809 EFI_SMM_FAULT_TOLERANT_WRITE_PROTOCOL *FtwProtocol;\r
810 EFI_PHYSICAL_ADDRESS NvStorageVariableBase;\r
2c4b18e0 811 UINTN FtwMaxBlockSize;\r
8a2d4996 812 \r
813 if (mVariableModuleGlobal->FvbInstance != NULL) {\r
814 return EFI_SUCCESS;\r
815 }\r
816\r
817 //\r
818 // Ensure SMM FTW protocol is installed.\r
819 //\r
5c7fa429 820 Status = GetFtwProtocol ((VOID **)&FtwProtocol);\r
8a2d4996 821 if (EFI_ERROR (Status)) {\r
822 return Status;\r
823 }\r
824\r
2c4b18e0
SZ		 825 Status = FtwProtocol->GetMaxBlockSize (FtwProtocol, &FtwMaxBlockSize);\r
826 if (!EFI_ERROR (Status)) {\r
827 ASSERT (PcdGet32 (PcdFlashNvStorageVariableSize) <= FtwMaxBlockSize);\r
828 }\r
829\r
8a2d4996 830 //\r
831 // Find the proper FVB protocol for variable.\r
832 //\r
833 NvStorageVariableBase = (EFI_PHYSICAL_ADDRESS) PcdGet64 (PcdFlashNvStorageVariableBase64);\r
834 if (NvStorageVariableBase == 0) {\r
835 NvStorageVariableBase = (EFI_PHYSICAL_ADDRESS) PcdGet32 (PcdFlashNvStorageVariableBase);\r
836 }\r
837 Status = GetFvbInfoByAddress (NvStorageVariableBase, NULL, &FvbProtocol);\r
838 if (EFI_ERROR (Status)) {\r
839 return EFI_NOT_FOUND;\r
840 }\r
841\r
842 mVariableModuleGlobal->FvbInstance = FvbProtocol;\r
843 \r
844 Status = VariableWriteServiceInitialize ();\r
845 ASSERT_EFI_ERROR (Status);\r
846 \r
847 //\r
848 // Notify the variable wrapper driver the variable write service is ready\r
849 //\r
850 Status = gBS->InstallProtocolInterface (\r
851 &mSmmVariableHandle,\r
d00ed85e 852 &gSmmVariableWriteGuid,\r
8a2d4996 853 EFI_NATIVE_INTERFACE,\r
854 NULL\r
855 );\r
856 ASSERT_EFI_ERROR (Status);\r
857 \r
858 return EFI_SUCCESS;\r
859}\r
860\r
861\r
862/**\r
863 Variable Driver main entry point. The Variable driver places the 4 EFI\r
864 runtime services in the EFI System Table and installs arch protocols \r
d00ed85e 865 for variable read and write services being available. It also registers\r
8a2d4996 866 a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.\r
867\r
868 @param[in] ImageHandle The firmware allocated handle for the EFI image. \r
869 @param[in] SystemTable A pointer to the EFI System Table.\r
870 \r
871 @retval EFI_SUCCESS Variable service successfully initialized.\r
872\r
873**/\r
874EFI_STATUS\r
875EFIAPI\r
876VariableServiceInitialize (\r
877 IN EFI_HANDLE ImageHandle,\r
878 IN EFI_SYSTEM_TABLE *SystemTable\r
879 )\r
880{\r
881 EFI_STATUS Status;\r
882 EFI_HANDLE VariableHandle;\r
883 VOID *SmmFtwRegistration;\r
ff843847 884 VOID *SmmEndOfDxeRegistration;\r
2445a70e 885\r
8a2d4996 886 //\r
887 // Variable initialize.\r
888 //\r
889 Status = VariableCommonInitialize ();\r
890 ASSERT_EFI_ERROR (Status);\r
891\r
892 //\r
893 // Install the Smm Variable Protocol on a new handle.\r
894 //\r
895 VariableHandle = NULL;\r
896 Status = gSmst->SmmInstallProtocolInterface (\r
897 &VariableHandle,\r
898 &gEfiSmmVariableProtocolGuid,\r
899 EFI_NATIVE_INTERFACE,\r
900 &gSmmVariable\r
901 );\r
902 ASSERT_EFI_ERROR (Status);\r
903\r
efb01a10
SZ		 904 Status = gSmst->SmmInstallProtocolInterface (\r
905 &VariableHandle,\r
906 &gEdkiiSmmVarCheckProtocolGuid,\r
907 EFI_NATIVE_INTERFACE,\r
908 &mSmmVarCheck\r
909 );\r
910 ASSERT_EFI_ERROR (Status);\r
911\r
5e5bb2a9 912 mVariableBufferPayloadSize = MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize)) +\r
efb01a10 913 OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) - sizeof (VARIABLE_HEADER);\r
5e5bb2a9
SZ		 914\r
915 Status = gSmst->SmmAllocatePool (\r
916 EfiRuntimeServicesData,\r
917 mVariableBufferPayloadSize,\r
918 (VOID **)&mVariableBufferPayload\r
919 );\r
920 ASSERT_EFI_ERROR (Status);\r
921\r
8a2d4996 922 ///\r
923 /// Register SMM variable SMI handler\r
924 ///\r
925 VariableHandle = NULL;\r
926 Status = gSmst->SmiHandlerRegister (SmmVariableHandler, &gEfiSmmVariableProtocolGuid, &VariableHandle);\r
927 ASSERT_EFI_ERROR (Status);\r
928 \r
929 //\r
930 // Notify the variable wrapper driver the variable service is ready\r
931 //\r
932 Status = SystemTable->BootServices->InstallProtocolInterface (\r
933 &mVariableHandle,\r
934 &gEfiSmmVariableProtocolGuid,\r
935 EFI_NATIVE_INTERFACE,\r
936 &gSmmVariable\r
937 );\r
938 ASSERT_EFI_ERROR (Status);\r
939 \r
ff843847
RN		 940 //\r
941 // Register EFI_SMM_END_OF_DXE_PROTOCOL_GUID notify function.\r
942 //\r
943 Status = gSmst->SmmRegisterProtocolNotify (\r
944 &gEfiSmmEndOfDxeProtocolGuid,\r
945 SmmEndOfDxeCallback,\r
946 &SmmEndOfDxeRegistration\r
947 );\r
948 ASSERT_EFI_ERROR (Status);\r
949\r
8a2d4996 950 //\r
951 // Register FtwNotificationEvent () notify function.\r
952 // \r
953 Status = gSmst->SmmRegisterProtocolNotify (\r
954 &gEfiSmmFaultTolerantWriteProtocolGuid,\r
955 SmmFtwNotificationEvent,\r
956 &SmmFtwRegistration\r
957 );\r
958 ASSERT_EFI_ERROR (Status);\r
959\r
960 SmmFtwNotificationEvent (NULL, NULL, NULL);\r
961 \r
962 return EFI_SUCCESS;\r
963}\r
964\r
965\r
EFI Development Kit II mirror for PVE