]> git.proxmox.com Git - mirror_edk2.git/blame - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Read/Write memory space including MMIO range with the width requested from HOST.
[mirror_edk2.git] / MdeModulePkg / Universal / Variable / RuntimeDxe / VariableSmm.c
CommitLineData
8a2d4996 1/** @file\r
2\r
3 The sample implementation for SMM variable protocol. And this driver \r
4 implements an SMI handler to communicate with the DXE runtime driver \r
5 to provide variable services.\r
6\r
2445a70e 7 Caution: This module requires additional review when modified.\r
8 This driver will have external input - variable data and communicate buffer in SMM mode.\r
9 This external input must be validated carefully to avoid security issue like\r
10 buffer overflow, integer overflow.\r
11\r
12 SmmVariableHandler() will receive untrusted input and do basic validation.\r
13\r
14 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(), \r
15 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(), \r
16 SmmVariableGetStatistics() should also do validation based on its own knowledge.\r
17\r
18Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>\r
19This program and the accompanying materials \r
20are licensed and made available under the terms and conditions of the BSD License \r
21which accompanies this distribution. The full text of the license may be found at \r
22http://opensource.org/licenses/bsd-license.php\r
8a2d4996 23\r
24THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
25WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. \r
26\r
27**/\r
d00ed85e 28#include <Protocol/SmmVariable.h>\r
29#include <Protocol/SmmFirmwareVolumeBlock.h>\r
8a2d4996 30#include <Protocol/SmmFaultTolerantWrite.h>\r
2445a70e 31#include <Protocol/SmmAccess2.h>\r
32\r
8a2d4996 33#include <Library/SmmServicesTableLib.h>\r
34\r
d00ed85e 35#include <Guid/VariableFormat.h>\r
36#include <Guid/SmmVariableCommon.h>\r
8a2d4996 37#include "Variable.h"\r
8a2d4996 38\r
2445a70e 39EFI_SMRAM_DESCRIPTOR *mSmramRanges;\r
40UINTN mSmramRangeCount;\r
41\r
d00ed85e 42extern VARIABLE_INFO_ENTRY *gVariableInfo;\r
8a2d4996 43EFI_HANDLE mSmmVariableHandle = NULL;\r
44EFI_HANDLE mVariableHandle = NULL;\r
45BOOLEAN mAtRuntime = FALSE;\r
46EFI_GUID mZeroGuid = {0, 0, 0, {0, 0, 0, 0, 0, 0, 0, 0}};\r
8a2d4996 47 \r
48EFI_SMM_VARIABLE_PROTOCOL gSmmVariable = {\r
49 VariableServiceGetVariable,\r
50 VariableServiceGetNextVariableName,\r
51 VariableServiceSetVariable,\r
52 VariableServiceQueryVariableInfo\r
53};\r
54\r
55\r
56/**\r
57 Return TRUE if ExitBootServices () has been called.\r
58 \r
59 @retval TRUE If ExitBootServices () has been called.\r
60**/\r
61BOOLEAN\r
62AtRuntime (\r
63 VOID\r
64 )\r
65{\r
66 return mAtRuntime;\r
67}\r
68\r
2445a70e 69/**\r
70 This function check if the address is in SMRAM.\r
71\r
72 @param Buffer the buffer address to be checked.\r
73 @param Length the buffer length to be checked.\r
74\r
75 @retval TRUE this address is in SMRAM.\r
76 @retval FALSE this address is NOT in SMRAM.\r
77**/\r
78BOOLEAN\r
79InternalIsAddressInSmram (\r
80 IN EFI_PHYSICAL_ADDRESS Buffer,\r
81 IN UINT64 Length\r
82 )\r
83{\r
84 UINTN Index;\r
85\r
86 for (Index = 0; Index < mSmramRangeCount; Index ++) {\r
87 if (((Buffer >= mSmramRanges[Index].CpuStart) && (Buffer < mSmramRanges[Index].CpuStart + mSmramRanges[Index].PhysicalSize)) ||\r
88 ((mSmramRanges[Index].CpuStart >= Buffer) && (mSmramRanges[Index].CpuStart < Buffer + Length))) {\r
89 return TRUE;\r
90 }\r
91 }\r
92\r
93 return FALSE;\r
94}\r
95\r
9d00d20e
SZ		 96/**\r
97 This function check if the address refered by Buffer and Length is valid.\r
98\r
99 @param Buffer the buffer address to be checked.\r
100 @param Length the buffer length to be checked.\r
101\r
102 @retval TRUE this address is valid.\r
103 @retval FALSE this address is NOT valid.\r
104**/\r
105BOOLEAN\r
106InternalIsAddressValid (\r
107 IN UINTN Buffer,\r
108 IN UINTN Length\r
109 )\r
110{\r
111 if (Buffer > (MAX_ADDRESS - Length)) {\r
112 //\r
113 // Overflow happen\r
114 //\r
115 return FALSE;\r
116 }\r
117 if (InternalIsAddressInSmram ((EFI_PHYSICAL_ADDRESS)Buffer, (UINT64)Length)) {\r
118 return FALSE;\r
119 }\r
120 return TRUE;\r
121}\r
2445a70e 122\r
8a2d4996 123/**\r
124 Initializes a basic mutual exclusion lock.\r
125\r
126 This function initializes a basic mutual exclusion lock to the released state \r
127 and returns the lock. Each lock provides mutual exclusion access at its task \r
128 priority level. Since there is no preemption or multiprocessor support in EFI,\r
129 acquiring the lock only consists of raising to the locks TPL.\r
130 If Lock is NULL, then ASSERT().\r
131 If Priority is not a valid TPL value, then ASSERT().\r
132\r
133 @param Lock A pointer to the lock data structure to initialize.\r
134 @param Priority EFI TPL is associated with the lock.\r
135\r
136 @return The lock.\r
137\r
138**/\r
139EFI_LOCK *\r
140InitializeLock (\r
141 IN OUT EFI_LOCK *Lock,\r
142 IN EFI_TPL Priority\r
143 )\r
144{\r
145 return Lock;\r
146}\r
147\r
148/**\r
149 Acquires lock only at boot time. Simply returns at runtime.\r
150\r
151 This is a temperary function that will be removed when\r
152 EfiAcquireLock() in UefiLib can handle the call in UEFI\r
153 Runtimer driver in RT phase.\r
154 It calls EfiAcquireLock() at boot time, and simply returns\r
155 at runtime.\r
156\r
157 @param Lock A pointer to the lock to acquire.\r
158\r
159**/\r
160VOID\r
161AcquireLockOnlyAtBootTime (\r
162 IN EFI_LOCK *Lock\r
163 )\r
164{\r
165\r
166}\r
167\r
168\r
169/**\r
170 Releases lock only at boot time. Simply returns at runtime.\r
171\r
172 This is a temperary function which will be removed when\r
173 EfiReleaseLock() in UefiLib can handle the call in UEFI\r
174 Runtimer driver in RT phase.\r
175 It calls EfiReleaseLock() at boot time and simply returns\r
176 at runtime.\r
177\r
178 @param Lock A pointer to the lock to release.\r
179\r
180**/\r
181VOID\r
182ReleaseLockOnlyAtBootTime (\r
183 IN EFI_LOCK *Lock\r
184 )\r
185{\r
186\r
187}\r
188\r
189/**\r
190 Retrive the SMM Fault Tolerent Write protocol interface.\r
191\r
192 @param[out] FtwProtocol The interface of SMM Ftw protocol\r
193\r
194 @retval EFI_SUCCESS The SMM FTW protocol instance was found and returned in FtwProtocol.\r
195 @retval EFI_NOT_FOUND The SMM FTW protocol instance was not found.\r
196 @retval EFI_INVALID_PARAMETER SarProtocol is NULL.\r
197\r
198**/\r
199EFI_STATUS\r
200GetFtwProtocol (\r
201 OUT VOID **FtwProtocol\r
202 )\r
203{\r
204 EFI_STATUS Status;\r
205\r
206 //\r
207 // Locate Smm Fault Tolerent Write protocol\r
208 //\r
209 Status = gSmst->SmmLocateProtocol (\r
210 &gEfiSmmFaultTolerantWriteProtocolGuid, \r
211 NULL, \r
212 FtwProtocol\r
213 );\r
214 return Status;\r
215}\r
216\r
217\r
218/**\r
219 Retrive the SMM FVB protocol interface by HANDLE.\r
220\r
221 @param[in] FvBlockHandle The handle of SMM FVB protocol that provides services for\r
222 reading, writing, and erasing the target block.\r
223 @param[out] FvBlock The interface of SMM FVB protocol\r
224\r
225 @retval EFI_SUCCESS The interface information for the specified protocol was returned.\r
226 @retval EFI_UNSUPPORTED The device does not support the SMM FVB protocol.\r
227 @retval EFI_INVALID_PARAMETER FvBlockHandle is not a valid EFI_HANDLE or FvBlock is NULL.\r
228\r
229**/\r
230EFI_STATUS\r
231GetFvbByHandle (\r
232 IN EFI_HANDLE FvBlockHandle,\r
233 OUT EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL **FvBlock\r
234 )\r
235{\r
236 //\r
237 // To get the SMM FVB protocol interface on the handle\r
238 //\r
239 return gSmst->SmmHandleProtocol (\r
240 FvBlockHandle,\r
241 &gEfiSmmFirmwareVolumeBlockProtocolGuid,\r
242 (VOID **) FvBlock\r
243 );\r
244}\r
245\r
246\r
247/**\r
248 Function returns an array of handles that support the SMM FVB protocol\r
249 in a buffer allocated from pool. \r
250\r
251 @param[out] NumberHandles The number of handles returned in Buffer.\r
252 @param[out] Buffer A pointer to the buffer to return the requested\r
253 array of handles that support SMM FVB protocol.\r
254\r
255 @retval EFI_SUCCESS The array of handles was returned in Buffer, and the number of\r
256 handles in Buffer was returned in NumberHandles.\r
257 @retval EFI_NOT_FOUND No SMM FVB handle was found.\r
258 @retval EFI_OUT_OF_RESOURCES There is not enough pool memory to store the matching results.\r
259 @retval EFI_INVALID_PARAMETER NumberHandles is NULL or Buffer is NULL.\r
260\r
261**/\r
262EFI_STATUS\r
263GetFvbCountAndBuffer (\r
264 OUT UINTN *NumberHandles,\r
265 OUT EFI_HANDLE **Buffer\r
266 )\r
267{\r
268 EFI_STATUS Status;\r
269 UINTN BufferSize;\r
270\r
271 if ((NumberHandles == NULL) || (Buffer == NULL)) {\r
272 return EFI_INVALID_PARAMETER;\r
273 }\r
274\r
275 BufferSize = 0;\r
276 *NumberHandles = 0;\r
277 *Buffer = NULL;\r
278 Status = gSmst->SmmLocateHandle (\r
279 ByProtocol,\r
280 &gEfiSmmFirmwareVolumeBlockProtocolGuid,\r
281 NULL,\r
282 &BufferSize,\r
283 *Buffer\r
284 );\r
285 if (EFI_ERROR(Status) && Status != EFI_BUFFER_TOO_SMALL) {\r
286 return EFI_NOT_FOUND;\r
287 }\r
288\r
289 *Buffer = AllocatePool (BufferSize);\r
290 if (*Buffer == NULL) {\r
291 return EFI_OUT_OF_RESOURCES;\r
292 }\r
293\r
294 Status = gSmst->SmmLocateHandle (\r
295 ByProtocol,\r
296 &gEfiSmmFirmwareVolumeBlockProtocolGuid,\r
297 NULL,\r
298 &BufferSize,\r
299 *Buffer\r
300 );\r
301\r
302 *NumberHandles = BufferSize / sizeof(EFI_HANDLE);\r
303 if (EFI_ERROR(Status)) {\r
304 *NumberHandles = 0;\r
305 }\r
306\r
307 return Status;\r
308}\r
309\r
310\r
311/**\r
312 Get the variable statistics information from the information buffer pointed by gVariableInfo.\r
313\r
2445a70e 314 Caution: This function may be invoked at SMM runtime.\r
315 InfoEntry and InfoSize are external input. Care must be taken to make sure not security issue at runtime.\r
316\r
317 @param[in, out] InfoEntry A pointer to the buffer of variable information entry.\r
318 On input, point to the variable information returned last time. if \r
319 InfoEntry->VendorGuid is zero, return the first information.\r
320 On output, point to the next variable information.\r
321 @param[in, out] InfoSize On input, the size of the variable information buffer.\r
322 On output, the returned variable information size.\r
8a2d4996 323\r
324 @retval EFI_SUCCESS The variable information is found and returned successfully.\r
325 @retval EFI_UNSUPPORTED No variable inoformation exists in variable driver. The \r
326 PcdVariableCollectStatistics should be set TRUE to support it.\r
327 @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the next variable information.\r
328\r
329**/\r
330EFI_STATUS\r
331SmmVariableGetStatistics (\r
d00ed85e 332 IN OUT VARIABLE_INFO_ENTRY *InfoEntry,\r
8a2d4996 333 IN OUT UINTN *InfoSize\r
334 )\r
335{\r
d00ed85e 336 VARIABLE_INFO_ENTRY *VariableInfo;\r
8a2d4996 337 UINTN NameLength;\r
338 UINTN StatisticsInfoSize;\r
339 CHAR16 *InfoName;\r
340 \r
341 ASSERT (InfoEntry != NULL);\r
342 VariableInfo = gVariableInfo; \r
343 if (VariableInfo == NULL) {\r
344 return EFI_UNSUPPORTED;\r
345 }\r
346\r
d00ed85e 347 StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + StrSize (VariableInfo->Name);\r
eb96e4f2 348 if (*InfoSize < StatisticsInfoSize) {\r
8a2d4996 349 *InfoSize = StatisticsInfoSize;\r
350 return EFI_BUFFER_TOO_SMALL;\r
351 }\r
352 InfoName = (CHAR16 *)(InfoEntry + 1);\r
353\r
354 if (CompareGuid (&InfoEntry->VendorGuid, &mZeroGuid)) {\r
355 //\r
356 // Return the first variable info\r
357 //\r
d00ed85e 358 CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY));\r
8a2d4996 359 CopyMem (InfoName, VariableInfo->Name, StrSize (VariableInfo->Name));\r
360 *InfoSize = StatisticsInfoSize;\r
361 return EFI_SUCCESS;\r
362 }\r
363\r
364 //\r
365 // Get the next variable info\r
366 //\r
367 while (VariableInfo != NULL) {\r
368 if (CompareGuid (&VariableInfo->VendorGuid, &InfoEntry->VendorGuid)) {\r
369 NameLength = StrSize (VariableInfo->Name);\r
370 if (NameLength == StrSize (InfoName)) {\r
371 if (CompareMem (VariableInfo->Name, InfoName, NameLength) == 0) {\r
372 //\r
373 // Find the match one\r
374 //\r
375 VariableInfo = VariableInfo->Next;\r
376 break;\r
377 }\r
378 }\r
379 }\r
380 VariableInfo = VariableInfo->Next;\r
381 };\r
382 \r
383 if (VariableInfo == NULL) {\r
384 *InfoSize = 0;\r
385 return EFI_SUCCESS;\r
386 }\r
387\r
388 //\r
389 // Output the new variable info\r
390 //\r
d00ed85e 391 StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + StrSize (VariableInfo->Name);\r
8a2d4996 392 if (*InfoSize < StatisticsInfoSize) {\r
393 *InfoSize = StatisticsInfoSize;\r
394 return EFI_BUFFER_TOO_SMALL;\r
395 }\r
396\r
d00ed85e 397 CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY));\r
8a2d4996 398 CopyMem (InfoName, VariableInfo->Name, StrSize (VariableInfo->Name));\r
399 *InfoSize = StatisticsInfoSize;\r
400 \r
401 return EFI_SUCCESS;\r
402}\r
403\r
404\r
405/**\r
406 Communication service SMI Handler entry.\r
407\r
408 This SMI handler provides services for the variable wrapper driver.\r
409\r
2445a70e 410 Caution: This function may receive untrusted input.\r
411 This variable data and communicate buffer are external input, so this function will do basic validation.\r
412 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(), \r
413 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(), \r
414 SmmVariableGetStatistics() should also do validation based on its own knowledge.\r
415\r
8a2d4996 416 @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().\r
417 @param[in] RegisterContext Points to an optional handler context which was specified when the\r
418 handler was registered.\r
419 @param[in, out] CommBuffer A pointer to a collection of data in memory that will\r
420 be conveyed from a non-SMM environment into an SMM environment.\r
421 @param[in, out] CommBufferSize The size of the CommBuffer.\r
422\r
423 @retval EFI_SUCCESS The interrupt was handled and quiesced. No other handlers \r
424 should still be called.\r
425 @retval EFI_WARN_INTERRUPT_SOURCE_QUIESCED The interrupt has been quiesced but other handlers should \r
426 still be called.\r
427 @retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still pending and other handlers should still \r
428 be called.\r
429 @retval EFI_INTERRUPT_PENDING The interrupt could not be quiesced.\r
430**/\r
431EFI_STATUS\r
432EFIAPI\r
433SmmVariableHandler (\r
434 IN EFI_HANDLE DispatchHandle,\r
435 IN CONST VOID *RegisterContext,\r
436 IN OUT VOID *CommBuffer,\r
437 IN OUT UINTN *CommBufferSize\r
438 )\r
439{\r
440 EFI_STATUS Status;\r
441 SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHeader;\r
442 SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *SmmVariableHeader;\r
443 SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *GetNextVariableName;\r
444 SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *QueryVariableInfo;\r
d00ed85e 445 VARIABLE_INFO_ENTRY *VariableInfo;\r
8a2d4996 446 UINTN InfoSize;\r
9d00d20e 447 UINTN NameBufferSize;\r
8a2d4996 448\r
2445a70e 449 //\r
450 // If input is invalid, stop processing this SMI\r
451 //\r
452 if (CommBuffer == NULL || CommBufferSize == NULL) {\r
453 return EFI_SUCCESS;\r
454 }\r
455\r
d294b9a4 456 if (*CommBufferSize < SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {\r
2445a70e 457 return EFI_SUCCESS;\r
458 }\r
459\r
9d00d20e
SZ		 460 if (!InternalIsAddressValid ((UINTN)CommBuffer, *CommBufferSize)) {\r
461 DEBUG ((EFI_D_ERROR, "SMM communication buffer in SMRAM or overflow!\n"));\r
2445a70e 462 return EFI_SUCCESS;\r
463 }\r
8a2d4996 464\r
465 SmmVariableFunctionHeader = (SMM_VARIABLE_COMMUNICATE_HEADER *)CommBuffer;\r
466 switch (SmmVariableFunctionHeader->Function) {\r
467 case SMM_VARIABLE_FUNCTION_GET_VARIABLE:\r
2445a70e 468 SmmVariableHeader = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *) SmmVariableFunctionHeader->Data;\r
9d00d20e
SZ		 469 if (((UINTN)(~0) - SmmVariableHeader->DataSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) ||\r
470 ((UINTN)(~0) - SmmVariableHeader->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + SmmVariableHeader->DataSize)) {\r
471 //\r
472 // Prevent InfoSize overflow happen\r
473 //\r
474 Status = EFI_ACCESS_DENIED;\r
475 goto EXIT;\r
476 }\r
2445a70e 477 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) \r
478 + SmmVariableHeader->DataSize + SmmVariableHeader->NameSize;\r
479\r
480 //\r
481 // SMRAM range check already covered before\r
482 //\r
3f5c168f 483 if (InfoSize > *CommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {\r
2445a70e 484 DEBUG ((EFI_D_ERROR, "Data size exceed communication buffer size limit!\n"));\r
485 Status = EFI_ACCESS_DENIED;\r
486 goto EXIT;\r
487 }\r
488\r
9d00d20e
SZ		 489 if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {\r
490 //\r
491 // Make sure VariableName is A Null-terminated string.\r
492 //\r
493 Status = EFI_ACCESS_DENIED;\r
494 goto EXIT;\r
495 }\r
496\r
8a2d4996 497 Status = VariableServiceGetVariable (\r
498 SmmVariableHeader->Name,\r
499 &SmmVariableHeader->Guid,\r
500 &SmmVariableHeader->Attributes,\r
501 &SmmVariableHeader->DataSize,\r
502 (UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->NameSize\r
503 );\r
504 break;\r
505 \r
506 case SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME:\r
507 GetNextVariableName = (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *) SmmVariableFunctionHeader->Data;\r
9d00d20e
SZ		 508 if ((UINTN)(~0) - GetNextVariableName->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {\r
509 //\r
510 // Prevent InfoSize overflow happen\r
511 //\r
512 Status = EFI_ACCESS_DENIED;\r
513 goto EXIT;\r
514 }\r
2445a70e 515 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name) + GetNextVariableName->NameSize;\r
516\r
517 //\r
518 // SMRAM range check already covered before\r
519 //\r
3f5c168f 520 if (InfoSize > *CommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {\r
2445a70e 521 DEBUG ((EFI_D_ERROR, "Data size exceed communication buffer size limit!\n"));\r
522 Status = EFI_ACCESS_DENIED;\r
523 goto EXIT;\r
524 }\r
525\r
9d00d20e
SZ		 526 NameBufferSize = *CommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE - OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name);\r
527 if (NameBufferSize < sizeof (CHAR16) || GetNextVariableName->Name[NameBufferSize/sizeof (CHAR16) - 1] != L'\0') {\r
528 //\r
529 // Make sure input VariableName is A Null-terminated string.\r
530 //\r
531 Status = EFI_ACCESS_DENIED;\r
532 goto EXIT;\r
533 }\r
534\r
8a2d4996 535 Status = VariableServiceGetNextVariableName (\r
536 &GetNextVariableName->NameSize,\r
537 GetNextVariableName->Name,\r
538 &GetNextVariableName->Guid\r
539 );\r
540 break;\r
541 \r
542 case SMM_VARIABLE_FUNCTION_SET_VARIABLE:\r
543 SmmVariableHeader = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *) SmmVariableFunctionHeader->Data;\r
9d00d20e
SZ		 544 if (((UINTN)(~0) - SmmVariableHeader->DataSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) ||\r
545 ((UINTN)(~0) - SmmVariableHeader->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + SmmVariableHeader->DataSize)) {\r
546 //\r
547 // Prevent InfoSize overflow happen\r
548 //\r
549 Status = EFI_ACCESS_DENIED;\r
550 goto EXIT;\r
551 }\r
d17c4eac 552 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)\r
553 + SmmVariableHeader->DataSize + SmmVariableHeader->NameSize;\r
554\r
555 //\r
556 // SMRAM range check already covered before\r
557 // Data buffer should not contain SMM range\r
558 //\r
559 if (InfoSize > *CommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {\r
560 DEBUG ((EFI_D_ERROR, "Data size exceed communication buffer size limit!\n"));\r
561 Status = EFI_ACCESS_DENIED;\r
562 goto EXIT;\r
563 }\r
564\r
9d00d20e
SZ		 565 if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {\r
566 //\r
567 // Make sure VariableName is A Null-terminated string.\r
568 //\r
569 Status = EFI_ACCESS_DENIED;\r
570 goto EXIT;\r
571 }\r
572\r
8a2d4996 573 Status = VariableServiceSetVariable (\r
574 SmmVariableHeader->Name,\r
575 &SmmVariableHeader->Guid,\r
576 SmmVariableHeader->Attributes,\r
577 SmmVariableHeader->DataSize,\r
578 (UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->NameSize\r
579 );\r
580 break;\r
581 \r
582 case SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO:\r
583 QueryVariableInfo = (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *) SmmVariableFunctionHeader->Data;\r
2445a70e 584 InfoSize = sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO);\r
585\r
586 //\r
587 // SMRAM range check already covered before\r
588 //\r
3f5c168f 589 if (InfoSize > *CommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {\r
2445a70e 590 DEBUG ((EFI_D_ERROR, "Data size exceed communication buffer size limit!\n"));\r
591 Status = EFI_ACCESS_DENIED;\r
592 goto EXIT;\r
593 }\r
594\r
8a2d4996 595 Status = VariableServiceQueryVariableInfo (\r
596 QueryVariableInfo->Attributes,\r
597 &QueryVariableInfo->MaximumVariableStorageSize,\r
598 &QueryVariableInfo->RemainingVariableStorageSize,\r
599 &QueryVariableInfo->MaximumVariableSize\r
600 );\r
601 break;\r
602\r
603 case SMM_VARIABLE_FUNCTION_READY_TO_BOOT:\r
876ac395 604 if (AtRuntime()) {\r
605 Status = EFI_UNSUPPORTED;\r
606 break;\r
607 }\r
8a2d4996 608 ReclaimForOS ();\r
609 Status = EFI_SUCCESS;\r
610 break;\r
611 \r
612 case SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE:\r
613 mAtRuntime = TRUE;\r
614 Status = EFI_SUCCESS;\r
615 break;\r
616\r
617 case SMM_VARIABLE_FUNCTION_GET_STATISTICS:\r
d00ed85e 618 VariableInfo = (VARIABLE_INFO_ENTRY *) SmmVariableFunctionHeader->Data;\r
3f5c168f 619 InfoSize = *CommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;\r
2445a70e 620\r
621 //\r
622 // Do not need to check SmmVariableFunctionHeader->Data in SMRAM here. \r
623 // It is covered by previous CommBuffer check \r
624 //\r
625 \r
626 if (InternalIsAddressInSmram ((EFI_PHYSICAL_ADDRESS)(UINTN)CommBufferSize, sizeof(UINTN))) {\r
9d00d20e 627 DEBUG ((EFI_D_ERROR, "SMM communication buffer in SMRAM!\n"));\r
2445a70e 628 Status = EFI_ACCESS_DENIED;\r
629 goto EXIT;\r
630 } \r
631\r
8a2d4996 632 Status = SmmVariableGetStatistics (VariableInfo, &InfoSize);\r
3f5c168f 633 *CommBufferSize = InfoSize + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;\r
8a2d4996 634 break;\r
635\r
636 default:\r
8a2d4996 637 Status = EFI_UNSUPPORTED;\r
638 }\r
639\r
2445a70e 640EXIT:\r
641\r
8a2d4996 642 SmmVariableFunctionHeader->ReturnStatus = Status;\r
643\r
644 return EFI_SUCCESS;\r
645}\r
646\r
647\r
648/**\r
649 SMM Fault Tolerant Write protocol notification event handler.\r
650\r
651 Non-Volatile variable write may needs FTW protocol to reclaim when \r
652 writting variable.\r
653 \r
654 @param Protocol Points to the protocol's unique identifier\r
655 @param Interface Points to the interface instance\r
656 @param Handle The handle on which the interface was installed\r
657\r
658 @retval EFI_SUCCESS SmmEventCallback runs successfully\r
659 @retval EFI_NOT_FOUND The Fvb protocol for variable is not found.\r
660 \r
661 **/\r
662EFI_STATUS\r
663EFIAPI\r
664SmmFtwNotificationEvent (\r
665 IN CONST EFI_GUID *Protocol,\r
666 IN VOID *Interface,\r
667 IN EFI_HANDLE Handle\r
668 )\r
669{\r
670 EFI_STATUS Status;\r
671 EFI_SMM_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbProtocol;\r
672 EFI_SMM_FAULT_TOLERANT_WRITE_PROTOCOL *FtwProtocol;\r
673 EFI_PHYSICAL_ADDRESS NvStorageVariableBase;\r
674 \r
675 if (mVariableModuleGlobal->FvbInstance != NULL) {\r
676 return EFI_SUCCESS;\r
677 }\r
678\r
679 //\r
680 // Ensure SMM FTW protocol is installed.\r
681 //\r
5c7fa429 682 Status = GetFtwProtocol ((VOID **)&FtwProtocol);\r
8a2d4996 683 if (EFI_ERROR (Status)) {\r
684 return Status;\r
685 }\r
686\r
687 //\r
688 // Find the proper FVB protocol for variable.\r
689 //\r
690 NvStorageVariableBase = (EFI_PHYSICAL_ADDRESS) PcdGet64 (PcdFlashNvStorageVariableBase64);\r
691 if (NvStorageVariableBase == 0) {\r
692 NvStorageVariableBase = (EFI_PHYSICAL_ADDRESS) PcdGet32 (PcdFlashNvStorageVariableBase);\r
693 }\r
694 Status = GetFvbInfoByAddress (NvStorageVariableBase, NULL, &FvbProtocol);\r
695 if (EFI_ERROR (Status)) {\r
696 return EFI_NOT_FOUND;\r
697 }\r
698\r
699 mVariableModuleGlobal->FvbInstance = FvbProtocol;\r
700 \r
701 Status = VariableWriteServiceInitialize ();\r
702 ASSERT_EFI_ERROR (Status);\r
703 \r
704 //\r
705 // Notify the variable wrapper driver the variable write service is ready\r
706 //\r
707 Status = gBS->InstallProtocolInterface (\r
708 &mSmmVariableHandle,\r
d00ed85e 709 &gSmmVariableWriteGuid,\r
8a2d4996 710 EFI_NATIVE_INTERFACE,\r
711 NULL\r
712 );\r
713 ASSERT_EFI_ERROR (Status);\r
714 \r
715 return EFI_SUCCESS;\r
716}\r
717\r
718\r
719/**\r
720 Variable Driver main entry point. The Variable driver places the 4 EFI\r
721 runtime services in the EFI System Table and installs arch protocols \r
d00ed85e 722 for variable read and write services being available. It also registers\r
8a2d4996 723 a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.\r
724\r
725 @param[in] ImageHandle The firmware allocated handle for the EFI image. \r
726 @param[in] SystemTable A pointer to the EFI System Table.\r
727 \r
728 @retval EFI_SUCCESS Variable service successfully initialized.\r
729\r
730**/\r
731EFI_STATUS\r
732EFIAPI\r
733VariableServiceInitialize (\r
734 IN EFI_HANDLE ImageHandle,\r
735 IN EFI_SYSTEM_TABLE *SystemTable\r
736 )\r
737{\r
738 EFI_STATUS Status;\r
739 EFI_HANDLE VariableHandle;\r
740 VOID *SmmFtwRegistration;\r
2445a70e 741 EFI_SMM_ACCESS2_PROTOCOL *SmmAccess;\r
742 UINTN Size;\r
743\r
8a2d4996 744 //\r
745 // Variable initialize.\r
746 //\r
747 Status = VariableCommonInitialize ();\r
748 ASSERT_EFI_ERROR (Status);\r
749\r
750 //\r
751 // Install the Smm Variable Protocol on a new handle.\r
752 //\r
753 VariableHandle = NULL;\r
754 Status = gSmst->SmmInstallProtocolInterface (\r
755 &VariableHandle,\r
756 &gEfiSmmVariableProtocolGuid,\r
757 EFI_NATIVE_INTERFACE,\r
758 &gSmmVariable\r
759 );\r
760 ASSERT_EFI_ERROR (Status);\r
761\r
2445a70e 762 //\r
763 // Get SMRAM information\r
764 //\r
765 Status = gBS->LocateProtocol (&gEfiSmmAccess2ProtocolGuid, NULL, (VOID **)&SmmAccess);\r
766 ASSERT_EFI_ERROR (Status);\r
767\r
768 Size = 0;\r
769 Status = SmmAccess->GetCapabilities (SmmAccess, &Size, NULL);\r
770 ASSERT (Status == EFI_BUFFER_TOO_SMALL);\r
771\r
772 Status = gSmst->SmmAllocatePool (\r
773 EfiRuntimeServicesData,\r
774 Size,\r
775 (VOID **)&mSmramRanges\r
776 );\r
777 ASSERT_EFI_ERROR (Status);\r
778\r
779 Status = SmmAccess->GetCapabilities (SmmAccess, &Size, mSmramRanges);\r
780 ASSERT_EFI_ERROR (Status);\r
781\r
782 mSmramRangeCount = Size / sizeof (EFI_SMRAM_DESCRIPTOR);\r
783\r
8a2d4996 784 ///\r
785 /// Register SMM variable SMI handler\r
786 ///\r
787 VariableHandle = NULL;\r
788 Status = gSmst->SmiHandlerRegister (SmmVariableHandler, &gEfiSmmVariableProtocolGuid, &VariableHandle);\r
789 ASSERT_EFI_ERROR (Status);\r
790 \r
791 //\r
792 // Notify the variable wrapper driver the variable service is ready\r
793 //\r
794 Status = SystemTable->BootServices->InstallProtocolInterface (\r
795 &mVariableHandle,\r
796 &gEfiSmmVariableProtocolGuid,\r
797 EFI_NATIVE_INTERFACE,\r
798 &gSmmVariable\r
799 );\r
800 ASSERT_EFI_ERROR (Status);\r
801 \r
802 //\r
803 // Register FtwNotificationEvent () notify function.\r
804 // \r
805 Status = gSmst->SmmRegisterProtocolNotify (\r
806 &gEfiSmmFaultTolerantWriteProtocolGuid,\r
807 SmmFtwNotificationEvent,\r
808 &SmmFtwRegistration\r
809 );\r
810 ASSERT_EFI_ERROR (Status);\r
811\r
812 SmmFtwNotificationEvent (NULL, NULL, NULL);\r
813 \r
814 return EFI_SUCCESS;\r
815}\r
816\r
817\r
EFI Development Kit II mirror for PVE