]> git.proxmox.com Git - mirror_edk2.git/blame - SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Vlv2TbltDevicePkg: Use the merged Variable driver
[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / RuntimeDxe / VariableSmm.c
CommitLineData
0c18794e 1/** @file\r
2 The sample implementation for SMM variable protocol. And this driver \r
3 implements an SMI handler to communicate with the DXE runtime driver \r
4 to provide variable services.\r
5\r
dc204d5a
JY		 6 Caution: This module requires additional review when modified.\r
7 This driver will have external input - variable data and communicate buffer in SMM mode.\r
8 This external input must be validated carefully to avoid security issue like\r
9 buffer overflow, integer overflow.\r
10\r
11 SmmVariableHandler() will receive untrusted input and do basic validation.\r
12\r
13 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(), \r
14 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(), \r
15 SmmVariableGetStatistics() should also do validation based on its own knowledge.\r
16\r
17409b7a 17Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>\r
0c18794e 18This program and the accompanying materials \r
19are licensed and made available under the terms and conditions of the BSD License \r
20which accompanies this distribution. The full text of the license may be found at \r
21http://opensource.org/licenses/bsd-license.php\r
22\r
23THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
24WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
25\r
26**/\r
27\r
28#include <Protocol/SmmVariable.h>\r
29#include <Protocol/SmmFirmwareVolumeBlock.h>\r
30#include <Protocol/SmmFaultTolerantWrite.h>\r
6ab9f441 31#include <Protocol/SmmEndOfDxe.h>\r
17409b7a 32#include <Protocol/SmmVarCheck.h>\r
25a4e71a 33\r
0c18794e 34#include <Library/SmmServicesTableLib.h>\r
9054e55a 35#include <Library/SmmMemLib.h>\r
0c18794e 36\r
37#include <Guid/AuthenticatedVariableFormat.h>\r
38#include <Guid/SmmVariableCommon.h>\r
39#include "Variable.h"\r
40\r
41extern VARIABLE_INFO_ENTRY *gVariableInfo;\r
42EFI_HANDLE mSmmVariableHandle = NULL;\r
43EFI_HANDLE mVariableHandle = NULL;\r
44BOOLEAN mAtRuntime = FALSE;\r
45EFI_GUID mZeroGuid = {0, 0, 0, {0, 0, 0, 0, 0, 0, 0, 0}};\r
5e5bb2a9
SZ		 46UINT8 *mVariableBufferPayload = NULL;\r
47UINTN mVariableBufferPayloadSize;\r
6ab9f441
RN		 48extern BOOLEAN mEndOfDxe;\r
49extern BOOLEAN mEnableLocking;\r
50\r
c1d93242
JY		 51/**\r
52 SecureBoot Hook for SetVariable.\r
53\r
54 @param[in] VariableName Name of Variable to be found.\r
55 @param[in] VendorGuid Variable vendor GUID.\r
56\r
57**/\r
58VOID\r
59EFIAPI\r
60SecureBootHook (\r
61 IN CHAR16 *VariableName,\r
62 IN EFI_GUID *VendorGuid\r
63 )\r
64{\r
65 return ;\r
66}\r
67\r
6ab9f441
RN		 68/**\r
69\r
70 This code sets variable in storage blocks (Volatile or Non-Volatile).\r
71\r
72 @param VariableName Name of Variable to be found.\r
73 @param VendorGuid Variable vendor GUID.\r
74 @param Attributes Attribute value of the variable found\r
75 @param DataSize Size of Data found. If size is less than the\r
76 data, this value contains the required size.\r
77 @param Data Data pointer.\r
78\r
79 @return EFI_INVALID_PARAMETER Invalid parameter.\r
80 @return EFI_SUCCESS Set successfully.\r
81 @return EFI_OUT_OF_RESOURCES Resource not enough to set variable.\r
82 @return EFI_NOT_FOUND Not found.\r
83 @return EFI_WRITE_PROTECTED Variable is read-only.\r
84\r
85**/\r
86EFI_STATUS\r
87EFIAPI\r
88SmmVariableSetVariable (\r
89 IN CHAR16 *VariableName,\r
90 IN EFI_GUID *VendorGuid,\r
91 IN UINT32 Attributes,\r
92 IN UINTN DataSize,\r
93 IN VOID *Data\r
94 )\r
95{\r
96 EFI_STATUS Status;\r
97\r
98 //\r
99 // Disable write protection when the calling SetVariable() through EFI_SMM_VARIABLE_PROTOCOL.\r
100 //\r
101 mEnableLocking = FALSE;\r
102 Status = VariableServiceSetVariable (\r
103 VariableName,\r
104 VendorGuid,\r
105 Attributes,\r
106 DataSize,\r
107 Data\r
108 );\r
109 mEnableLocking = TRUE;\r
110 return Status;\r
111}\r
5e5bb2a9 112\r
0c18794e 113EFI_SMM_VARIABLE_PROTOCOL gSmmVariable = {\r
114 VariableServiceGetVariable,\r
115 VariableServiceGetNextVariableName,\r
6ab9f441 116 SmmVariableSetVariable,\r
0c18794e 117 VariableServiceQueryVariableInfo\r
118};\r
119\r
17409b7a
SZ		 120EDKII_SMM_VAR_CHECK_PROTOCOL mSmmVarCheck = { VarCheckRegisterSetVariableCheckHandler,\r
121 VarCheckVariablePropertySet,\r
122 VarCheckVariablePropertyGet };\r
123\r
0c18794e 124/**\r
125 Return TRUE if ExitBootServices () has been called.\r
126 \r
127 @retval TRUE If ExitBootServices () has been called.\r
128**/\r
129BOOLEAN\r
130AtRuntime (\r
131 VOID\r
132 )\r
133{\r
134 return mAtRuntime;\r
135}\r
136\r
137/**\r
138 Initializes a basic mutual exclusion lock.\r
139\r
140 This function initializes a basic mutual exclusion lock to the released state \r
141 and returns the lock. Each lock provides mutual exclusion access at its task \r
142 priority level. Since there is no preemption or multiprocessor support in EFI,\r
143 acquiring the lock only consists of raising to the locks TPL.\r
144 If Lock is NULL, then ASSERT().\r
145 If Priority is not a valid TPL value, then ASSERT().\r
146\r
147 @param Lock A pointer to the lock data structure to initialize.\r
148 @param Priority EFI TPL is associated with the lock.\r
149\r
150 @return The lock.\r
151\r
152**/\r
153EFI_LOCK *\r
154InitializeLock (\r
155 IN OUT EFI_LOCK *Lock,\r
156 IN EFI_TPL Priority\r
157 )\r
158{\r
159 return Lock;\r
160}\r
161\r
162/**\r
163 Acquires lock only at boot time. Simply returns at runtime.\r
164\r
165 This is a temperary function that will be removed when\r
166 EfiAcquireLock() in UefiLib can handle the call in UEFI\r
167 Runtimer driver in RT phase.\r
168 It calls EfiAcquireLock() at boot time, and simply returns\r
169 at runtime.\r
170\r
171 @param Lock A pointer to the lock to acquire.\r
172\r
173**/\r
174VOID\r
175AcquireLockOnlyAtBootTime (\r
176 IN EFI_LOCK *Lock\r
177 )\r
178{\r
179\r
180}\r
181\r
182\r
183/**\r
184 Releases lock only at boot time. Simply returns at runtime.\r
185\r
186 This is a temperary function which will be removed when\r
187 EfiReleaseLock() in UefiLib can handle the call in UEFI\r
188 Runtimer driver in RT phase.\r
189 It calls EfiReleaseLock() at boot time and simply returns\r
190 at runtime.\r
191\r
192 @param Lock A pointer to the lock to release.\r
193\r
194**/\r
195VOID\r
196ReleaseLockOnlyAtBootTime (\r
197 IN EFI_LOCK *Lock\r
198 )\r
199{\r
200\r
201}\r
202\r
203/**\r
204 Retrive the SMM Fault Tolerent Write protocol interface.\r
205\r
206 @param[out] FtwProtocol The interface of SMM Ftw protocol\r
207\r
208 @retval EFI_SUCCESS The SMM FTW protocol instance was found and returned in FtwProtocol.\r
209 @retval EFI_NOT_FOUND The SMM FTW protocol instance was not found.\r
210 @retval EFI_INVALID_PARAMETER SarProtocol is NULL.\r
211\r
212**/\r
213EFI_STATUS\r
214GetFtwProtocol (\r
215 OUT VOID **FtwProtocol\r
216 )\r
217{\r
218 EFI_STATUS Status;\r
219\r
220 //\r
221 // Locate Smm Fault Tolerent Write protocol\r
222 //\r
223 Status = gSmst->SmmLocateProtocol (\r
224 &gEfiSmmFaultTolerantWriteProtocolGuid, \r
225 NULL, \r
226 FtwProtocol\r
227 );\r
228 return Status;\r
229}\r
230\r
231\r
232/**\r
233 Retrive the SMM FVB protocol interface by HANDLE.\r
234\r
235 @param[in] FvBlockHandle The handle of SMM FVB protocol that provides services for\r
236 reading, writing, and erasing the target block.\r
237 @param[out] FvBlock The interface of SMM FVB protocol\r
238\r
239 @retval EFI_SUCCESS The interface information for the specified protocol was returned.\r
240 @retval EFI_UNSUPPORTED The device does not support the SMM FVB protocol.\r
241 @retval EFI_INVALID_PARAMETER FvBlockHandle is not a valid EFI_HANDLE or FvBlock is NULL.\r
242\r
243**/\r
244EFI_STATUS\r
245GetFvbByHandle (\r
246 IN EFI_HANDLE FvBlockHandle,\r
247 OUT EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL **FvBlock\r
248 )\r
249{\r
250 //\r
251 // To get the SMM FVB protocol interface on the handle\r
252 //\r
253 return gSmst->SmmHandleProtocol (\r
254 FvBlockHandle,\r
255 &gEfiSmmFirmwareVolumeBlockProtocolGuid,\r
256 (VOID **) FvBlock\r
257 );\r
258}\r
259\r
260\r
261/**\r
262 Function returns an array of handles that support the SMM FVB protocol\r
263 in a buffer allocated from pool. \r
264\r
265 @param[out] NumberHandles The number of handles returned in Buffer.\r
266 @param[out] Buffer A pointer to the buffer to return the requested\r
267 array of handles that support SMM FVB protocol.\r
268\r
269 @retval EFI_SUCCESS The array of handles was returned in Buffer, and the number of\r
270 handles in Buffer was returned in NumberHandles.\r
271 @retval EFI_NOT_FOUND No SMM FVB handle was found.\r
272 @retval EFI_OUT_OF_RESOURCES There is not enough pool memory to store the matching results.\r
273 @retval EFI_INVALID_PARAMETER NumberHandles is NULL or Buffer is NULL.\r
274\r
275**/\r
276EFI_STATUS\r
277GetFvbCountAndBuffer (\r
278 OUT UINTN *NumberHandles,\r
279 OUT EFI_HANDLE **Buffer\r
280 )\r
281{\r
282 EFI_STATUS Status;\r
283 UINTN BufferSize;\r
284\r
285 if ((NumberHandles == NULL) || (Buffer == NULL)) {\r
286 return EFI_INVALID_PARAMETER;\r
287 }\r
288\r
289 BufferSize = 0;\r
290 *NumberHandles = 0;\r
291 *Buffer = NULL;\r
292 Status = gSmst->SmmLocateHandle (\r
293 ByProtocol,\r
294 &gEfiSmmFirmwareVolumeBlockProtocolGuid,\r
295 NULL,\r
296 &BufferSize,\r
297 *Buffer\r
298 );\r
299 if (EFI_ERROR(Status) && Status != EFI_BUFFER_TOO_SMALL) {\r
300 return EFI_NOT_FOUND;\r
301 }\r
302\r
303 *Buffer = AllocatePool (BufferSize);\r
304 if (*Buffer == NULL) {\r
305 return EFI_OUT_OF_RESOURCES;\r
306 }\r
307\r
308 Status = gSmst->SmmLocateHandle (\r
309 ByProtocol,\r
310 &gEfiSmmFirmwareVolumeBlockProtocolGuid,\r
311 NULL,\r
312 &BufferSize,\r
313 *Buffer\r
314 );\r
315\r
316 *NumberHandles = BufferSize / sizeof(EFI_HANDLE);\r
317 if (EFI_ERROR(Status)) {\r
318 *NumberHandles = 0;\r
5e5bb2a9
SZ		 319 FreePool (*Buffer);\r
320 *Buffer = NULL;\r
0c18794e 321 }\r
322\r
323 return Status;\r
324}\r
325\r
326\r
327/**\r
328 Get the variable statistics information from the information buffer pointed by gVariableInfo.\r
329\r
dc204d5a
JY		 330 Caution: This function may be invoked at SMM runtime.\r
331 InfoEntry and InfoSize are external input. Care must be taken to make sure not security issue at runtime.\r
332\r
648f98d1 333 @param[in, out] InfoEntry A pointer to the buffer of variable information entry.\r
334 On input, point to the variable information returned last time. if \r
335 InfoEntry->VendorGuid is zero, return the first information.\r
336 On output, point to the next variable information.\r
337 @param[in, out] InfoSize On input, the size of the variable information buffer.\r
338 On output, the returned variable information size.\r
339\r
340 @retval EFI_SUCCESS The variable information is found and returned successfully.\r
341 @retval EFI_UNSUPPORTED No variable inoformation exists in variable driver. The \r
342 PcdVariableCollectStatistics should be set TRUE to support it.\r
343 @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the next variable information.\r
344 @retval EFI_INVALID_PARAMETER Input parameter is invalid.\r
0c18794e 345\r
346**/\r
347EFI_STATUS\r
348SmmVariableGetStatistics (\r
349 IN OUT VARIABLE_INFO_ENTRY *InfoEntry,\r
350 IN OUT UINTN *InfoSize\r
351 )\r
352{\r
353 VARIABLE_INFO_ENTRY *VariableInfo;\r
354 UINTN NameLength;\r
355 UINTN StatisticsInfoSize;\r
356 CHAR16 *InfoName;\r
5e5bb2a9 357 EFI_GUID VendorGuid;\r
0c18794e 358 \r
648f98d1 359 if (InfoEntry == NULL) {\r
360 return EFI_INVALID_PARAMETER;\r
361 }\r
362 \r
0c18794e 363 VariableInfo = gVariableInfo; \r
364 if (VariableInfo == NULL) {\r
365 return EFI_UNSUPPORTED;\r
366 }\r
367\r
368 StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + StrSize (VariableInfo->Name);\r
12373f2c 369 if (*InfoSize < StatisticsInfoSize) {\r
0c18794e 370 *InfoSize = StatisticsInfoSize;\r
371 return EFI_BUFFER_TOO_SMALL;\r
372 }\r
373 InfoName = (CHAR16 *)(InfoEntry + 1);\r
374\r
5e5bb2a9
SZ		 375 CopyGuid (&VendorGuid, &InfoEntry->VendorGuid);\r
376\r
377 if (CompareGuid (&VendorGuid, &mZeroGuid)) {\r
0c18794e 378 //\r
379 // Return the first variable info\r
380 //\r
381 CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY));\r
382 CopyMem (InfoName, VariableInfo->Name, StrSize (VariableInfo->Name));\r
383 *InfoSize = StatisticsInfoSize;\r
384 return EFI_SUCCESS;\r
385 }\r
386\r
387 //\r
388 // Get the next variable info\r
389 //\r
390 while (VariableInfo != NULL) {\r
5e5bb2a9 391 if (CompareGuid (&VariableInfo->VendorGuid, &VendorGuid)) {\r
0c18794e 392 NameLength = StrSize (VariableInfo->Name);\r
393 if (NameLength == StrSize (InfoName)) {\r
394 if (CompareMem (VariableInfo->Name, InfoName, NameLength) == 0) {\r
395 //\r
396 // Find the match one\r
397 //\r
398 VariableInfo = VariableInfo->Next;\r
399 break;\r
400 }\r
401 }\r
402 }\r
403 VariableInfo = VariableInfo->Next;\r
404 };\r
405 \r
406 if (VariableInfo == NULL) {\r
407 *InfoSize = 0;\r
408 return EFI_SUCCESS;\r
409 }\r
410\r
411 //\r
412 // Output the new variable info\r
413 //\r
414 StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + StrSize (VariableInfo->Name);\r
415 if (*InfoSize < StatisticsInfoSize) {\r
416 *InfoSize = StatisticsInfoSize;\r
417 return EFI_BUFFER_TOO_SMALL;\r
418 }\r
419\r
420 CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY));\r
421 CopyMem (InfoName, VariableInfo->Name, StrSize (VariableInfo->Name));\r
422 *InfoSize = StatisticsInfoSize;\r
423 \r
424 return EFI_SUCCESS;\r
425}\r
426\r
427\r
428/**\r
429 Communication service SMI Handler entry.\r
430\r
431 This SMI handler provides services for the variable wrapper driver.\r
432\r
dc204d5a
JY		 433 Caution: This function may receive untrusted input.\r
434 This variable data and communicate buffer are external input, so this function will do basic validation.\r
435 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(), \r
436 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(), \r
437 SmmVariableGetStatistics() should also do validation based on its own knowledge.\r
438\r
0c18794e 439 @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().\r
440 @param[in] RegisterContext Points to an optional handler context which was specified when the\r
441 handler was registered.\r
442 @param[in, out] CommBuffer A pointer to a collection of data in memory that will\r
443 be conveyed from a non-SMM environment into an SMM environment.\r
444 @param[in, out] CommBufferSize The size of the CommBuffer.\r
445\r
446 @retval EFI_SUCCESS The interrupt was handled and quiesced. No other handlers \r
447 should still be called.\r
448 @retval EFI_WARN_INTERRUPT_SOURCE_QUIESCED The interrupt has been quiesced but other handlers should \r
449 still be called.\r
450 @retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still pending and other handlers should still \r
451 be called.\r
452 @retval EFI_INTERRUPT_PENDING The interrupt could not be quiesced.\r
648f98d1 453\r
0c18794e 454**/\r
455EFI_STATUS\r
456EFIAPI\r
457SmmVariableHandler (\r
458 IN EFI_HANDLE DispatchHandle,\r
459 IN CONST VOID *RegisterContext,\r
460 IN OUT VOID *CommBuffer,\r
461 IN OUT UINTN *CommBufferSize\r
462 )\r
463{\r
464 EFI_STATUS Status;\r
465 SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHeader;\r
466 SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *SmmVariableHeader;\r
467 SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *GetNextVariableName;\r
468 SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *QueryVariableInfo;\r
469 VARIABLE_INFO_ENTRY *VariableInfo;\r
6ab9f441 470 SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *VariableToLock;\r
17409b7a 471 SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *CommVariableProperty;\r
0c18794e 472 UINTN InfoSize;\r
9d00d20e 473 UINTN NameBufferSize;\r
5e5bb2a9 474 UINTN CommBufferPayloadSize;\r
164a9b67 475 UINTN TempCommBufferSize;\r
0c18794e 476\r
25a4e71a 477 //\r
478 // If input is invalid, stop processing this SMI\r
479 //\r
480 if (CommBuffer == NULL || CommBufferSize == NULL) {\r
481 return EFI_SUCCESS;\r
648f98d1 482 }\r
0c18794e 483\r
164a9b67
SZ		 484 TempCommBufferSize = *CommBufferSize;\r
485\r
486 if (TempCommBufferSize < SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {\r
5e5bb2a9
SZ		 487 DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer size invalid!\n"));\r
488 return EFI_SUCCESS;\r
489 }\r
164a9b67 490 CommBufferPayloadSize = TempCommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;\r
5e5bb2a9
SZ		 491 if (CommBufferPayloadSize > mVariableBufferPayloadSize) {\r
492 DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer payload size invalid!\n"));\r
25a4e71a 493 return EFI_SUCCESS;\r
494 }\r
495\r
9054e55a 496 if (!SmmIsBufferOutsideSmmValid ((UINTN)CommBuffer, TempCommBufferSize)) {\r
5e5bb2a9 497 DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer in SMRAM or overflow!\n"));\r
25a4e71a 498 return EFI_SUCCESS;\r
499 }\r
500 \r
0c18794e 501 SmmVariableFunctionHeader = (SMM_VARIABLE_COMMUNICATE_HEADER *)CommBuffer;\r
25a4e71a 502 \r
0c18794e 503 switch (SmmVariableFunctionHeader->Function) {\r
504 case SMM_VARIABLE_FUNCTION_GET_VARIABLE:\r
5e5bb2a9
SZ		 505 if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) {\r
506 DEBUG ((EFI_D_ERROR, "GetVariable: SMM communication buffer size invalid!\n"));\r
507 return EFI_SUCCESS;\r
508 }\r
509 //\r
510 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.\r
511 //\r
512 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);\r
513 SmmVariableHeader = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *) mVariableBufferPayload;\r
9d00d20e
SZ		 514 if (((UINTN)(~0) - SmmVariableHeader->DataSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) ||\r
515 ((UINTN)(~0) - SmmVariableHeader->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + SmmVariableHeader->DataSize)) {\r
516 //\r
517 // Prevent InfoSize overflow happen\r
518 //\r
519 Status = EFI_ACCESS_DENIED;\r
520 goto EXIT;\r
521 }\r
25a4e71a 522 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) \r
523 + SmmVariableHeader->DataSize + SmmVariableHeader->NameSize;\r
524\r
525 //\r
526 // SMRAM range check already covered before\r
527 //\r
5e5bb2a9
SZ		 528 if (InfoSize > CommBufferPayloadSize) {\r
529 DEBUG ((EFI_D_ERROR, "GetVariable: Data size exceed communication buffer size limit!\n"));\r
25a4e71a 530 Status = EFI_ACCESS_DENIED;\r
531 goto EXIT;\r
532 }\r
533\r
9d00d20e
SZ		 534 if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {\r
535 //\r
536 // Make sure VariableName is A Null-terminated string.\r
537 //\r
538 Status = EFI_ACCESS_DENIED;\r
539 goto EXIT;\r
540 }\r
541\r
0c18794e 542 Status = VariableServiceGetVariable (\r
543 SmmVariableHeader->Name,\r
544 &SmmVariableHeader->Guid,\r
545 &SmmVariableHeader->Attributes,\r
546 &SmmVariableHeader->DataSize,\r
547 (UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->NameSize\r
548 );\r
5e5bb2a9 549 CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);\r
0c18794e 550 break;\r
551 \r
552 case SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME:\r
5e5bb2a9
SZ		 553 if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {\r
554 DEBUG ((EFI_D_ERROR, "GetNextVariableName: SMM communication buffer size invalid!\n"));\r
555 return EFI_SUCCESS;\r
556 }\r
557 //\r
558 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.\r
559 //\r
560 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);\r
561 GetNextVariableName = (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *) mVariableBufferPayload;\r
9d00d20e
SZ		 562 if ((UINTN)(~0) - GetNextVariableName->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {\r
563 //\r
564 // Prevent InfoSize overflow happen\r
565 //\r
566 Status = EFI_ACCESS_DENIED;\r
567 goto EXIT;\r
568 }\r
25a4e71a 569 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name) + GetNextVariableName->NameSize;\r
570\r
571 //\r
572 // SMRAM range check already covered before\r
573 //\r
5e5bb2a9
SZ		 574 if (InfoSize > CommBufferPayloadSize) {\r
575 DEBUG ((EFI_D_ERROR, "GetNextVariableName: Data size exceed communication buffer size limit!\n"));\r
25a4e71a 576 Status = EFI_ACCESS_DENIED;\r
577 goto EXIT;\r
578 }\r
579\r
5e5bb2a9 580 NameBufferSize = CommBufferPayloadSize - OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name);\r
9d00d20e
SZ		 581 if (NameBufferSize < sizeof (CHAR16) || GetNextVariableName->Name[NameBufferSize/sizeof (CHAR16) - 1] != L'\0') {\r
582 //\r
583 // Make sure input VariableName is A Null-terminated string.\r
584 //\r
585 Status = EFI_ACCESS_DENIED;\r
586 goto EXIT;\r
587 }\r
588\r
0c18794e 589 Status = VariableServiceGetNextVariableName (\r
590 &GetNextVariableName->NameSize,\r
591 GetNextVariableName->Name,\r
592 &GetNextVariableName->Guid\r
593 );\r
5e5bb2a9 594 CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);\r
0c18794e 595 break;\r
596 \r
597 case SMM_VARIABLE_FUNCTION_SET_VARIABLE:\r
5e5bb2a9
SZ		 598 if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) {\r
599 DEBUG ((EFI_D_ERROR, "SetVariable: SMM communication buffer size invalid!\n"));\r
600 return EFI_SUCCESS;\r
601 }\r
602 //\r
603 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.\r
604 //\r
605 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);\r
606 SmmVariableHeader = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *) mVariableBufferPayload;\r
9d00d20e
SZ		 607 if (((UINTN)(~0) - SmmVariableHeader->DataSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) ||\r
608 ((UINTN)(~0) - SmmVariableHeader->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + SmmVariableHeader->DataSize)) {\r
609 //\r
610 // Prevent InfoSize overflow happen\r
611 //\r
612 Status = EFI_ACCESS_DENIED;\r
613 goto EXIT;\r
614 }\r
d17c4eac 615 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)\r
616 + SmmVariableHeader->DataSize + SmmVariableHeader->NameSize;\r
617\r
618 //\r
619 // SMRAM range check already covered before\r
620 // Data buffer should not contain SMM range\r
621 //\r
5e5bb2a9
SZ		 622 if (InfoSize > CommBufferPayloadSize) {\r
623 DEBUG ((EFI_D_ERROR, "SetVariable: Data size exceed communication buffer size limit!\n"));\r
d17c4eac 624 Status = EFI_ACCESS_DENIED;\r
625 goto EXIT;\r
626 }\r
627\r
9d00d20e
SZ		 628 if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {\r
629 //\r
630 // Make sure VariableName is A Null-terminated string.\r
631 //\r
632 Status = EFI_ACCESS_DENIED;\r
633 goto EXIT;\r
634 }\r
635\r
0c18794e 636 Status = VariableServiceSetVariable (\r
637 SmmVariableHeader->Name,\r
638 &SmmVariableHeader->Guid,\r
639 SmmVariableHeader->Attributes,\r
640 SmmVariableHeader->DataSize,\r
641 (UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->NameSize\r
642 );\r
643 break;\r
644 \r
645 case SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO:\r
5e5bb2a9
SZ		 646 if (CommBufferPayloadSize < sizeof (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO)) {\r
647 DEBUG ((EFI_D_ERROR, "QueryVariableInfo: SMM communication buffer size invalid!\n"));\r
648 return EFI_SUCCESS;\r
25a4e71a 649 }\r
5e5bb2a9 650 QueryVariableInfo = (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *) SmmVariableFunctionHeader->Data;\r
25a4e71a 651 \r
0c18794e 652 Status = VariableServiceQueryVariableInfo (\r
653 QueryVariableInfo->Attributes,\r
654 &QueryVariableInfo->MaximumVariableStorageSize,\r
655 &QueryVariableInfo->RemainingVariableStorageSize,\r
656 &QueryVariableInfo->MaximumVariableSize\r
657 );\r
658 break;\r
659\r
660 case SMM_VARIABLE_FUNCTION_READY_TO_BOOT:\r
6ab9f441 661 mEndOfDxe = TRUE;\r
952ba83c
SZ		 662 //\r
663 // The initialization for variable quota.\r
664 //\r
665 InitializeVariableQuota ();\r
876ac395 666 if (AtRuntime()) {\r
667 Status = EFI_UNSUPPORTED;\r
668 break;\r
669 }\r
0c18794e 670 ReclaimForOS ();\r
671 Status = EFI_SUCCESS;\r
672 break;\r
673 \r
674 case SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE:\r
675 mAtRuntime = TRUE;\r
676 Status = EFI_SUCCESS;\r
677 break;\r
678\r
679 case SMM_VARIABLE_FUNCTION_GET_STATISTICS:\r
680 VariableInfo = (VARIABLE_INFO_ENTRY *) SmmVariableFunctionHeader->Data;\r
164a9b67 681 InfoSize = TempCommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;\r
25a4e71a 682\r
683 //\r
684 // Do not need to check SmmVariableFunctionHeader->Data in SMRAM here. \r
685 // It is covered by previous CommBuffer check \r
686 //\r
687 \r
9054e55a 688 if (!SmmIsBufferOutsideSmmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)CommBufferSize, sizeof(UINTN))) {\r
5e5bb2a9 689 DEBUG ((EFI_D_ERROR, "GetStatistics: SMM communication buffer in SMRAM!\n"));\r
25a4e71a 690 Status = EFI_ACCESS_DENIED;\r
691 goto EXIT;\r
692 } \r
693\r
0c18794e 694 Status = SmmVariableGetStatistics (VariableInfo, &InfoSize);\r
3f5c168f 695 *CommBufferSize = InfoSize + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;\r
0c18794e 696 break;\r
697\r
6ab9f441
RN		 698 case SMM_VARIABLE_FUNCTION_LOCK_VARIABLE:\r
699 if (mEndOfDxe) {\r
700 Status = EFI_ACCESS_DENIED;\r
701 } else {\r
702 VariableToLock = (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *) SmmVariableFunctionHeader->Data;\r
703 Status = VariableLockRequestToLock (\r
704 NULL,\r
705 VariableToLock->Name,\r
706 &VariableToLock->Guid\r
707 );\r
708 }\r
709 break;\r
17409b7a
SZ		 710 case SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_SET:\r
711 if (mEndOfDxe) {\r
712 Status = EFI_ACCESS_DENIED;\r
713 } else {\r
714 CommVariableProperty = (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *) SmmVariableFunctionHeader->Data;\r
715 Status = VarCheckVariablePropertySet (\r
716 CommVariableProperty->Name,\r
717 &CommVariableProperty->Guid,\r
718 &CommVariableProperty->VariableProperty\r
719 );\r
720 }\r
721 break;\r
722 case SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_GET:\r
723 if (CommBufferPayloadSize < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) {\r
724 DEBUG ((EFI_D_ERROR, "VarCheckVariablePropertyGet: SMM communication buffer size invalid!\n"));\r
725 return EFI_SUCCESS;\r
726 }\r
727 //\r
728 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.\r
729 //\r
730 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);\r
731 CommVariableProperty = (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *) mVariableBufferPayload;\r
732 if ((UINTN) (~0) - CommVariableProperty->NameSize < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) {\r
733 //\r
734 // Prevent InfoSize overflow happen\r
735 //\r
736 Status = EFI_ACCESS_DENIED;\r
737 goto EXIT;\r
738 }\r
739 InfoSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) + CommVariableProperty->NameSize;\r
740\r
741 //\r
742 // SMRAM range check already covered before\r
743 //\r
744 if (InfoSize > CommBufferPayloadSize) {\r
745 DEBUG ((EFI_D_ERROR, "VarCheckVariablePropertyGet: Data size exceed communication buffer size limit!\n"));\r
746 Status = EFI_ACCESS_DENIED;\r
747 goto EXIT;\r
748 }\r
749\r
750 if (CommVariableProperty->NameSize < sizeof (CHAR16) || CommVariableProperty->Name[CommVariableProperty->NameSize/sizeof (CHAR16) - 1] != L'\0') {\r
751 //\r
752 // Make sure VariableName is A Null-terminated string.\r
753 //\r
754 Status = EFI_ACCESS_DENIED;\r
755 goto EXIT;\r
756 }\r
757\r
758 Status = VarCheckVariablePropertyGet (\r
759 CommVariableProperty->Name,\r
760 &CommVariableProperty->Guid,\r
761 &CommVariableProperty->VariableProperty\r
762 );\r
763 CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);\r
764 break;\r
6ab9f441 765\r
0c18794e 766 default:\r
0c18794e 767 Status = EFI_UNSUPPORTED;\r
768 }\r
769\r
25a4e71a 770EXIT:\r
0c18794e 771\r
25a4e71a 772 SmmVariableFunctionHeader->ReturnStatus = Status;\r
0c18794e 773 return EFI_SUCCESS;\r
774}\r
775\r
6ab9f441
RN		 776/**\r
777 SMM END_OF_DXE protocol notification event handler.\r
778\r
779 @param Protocol Points to the protocol's unique identifier\r
780 @param Interface Points to the interface instance\r
781 @param Handle The handle on which the interface was installed\r
782\r
783 @retval EFI_SUCCESS SmmEndOfDxeCallback runs successfully\r
784\r
785**/\r
786EFI_STATUS\r
787EFIAPI\r
788SmmEndOfDxeCallback (\r
789 IN CONST EFI_GUID *Protocol,\r
790 IN VOID *Interface,\r
791 IN EFI_HANDLE Handle\r
792 )\r
793{\r
794 DEBUG ((EFI_D_INFO, "[Variable]END_OF_DXE is signaled\n"));\r
795 mEndOfDxe = TRUE;\r
952ba83c
SZ		 796 //\r
797 // The initialization for variable quota.\r
798 //\r
799 InitializeVariableQuota ();\r
93626a53
SZ		 800 if (PcdGetBool (PcdReclaimVariableSpaceAtEndOfDxe)) {\r
801 ReclaimForOS ();\r
802 }\r
6ab9f441
RN		 803 return EFI_SUCCESS;\r
804}\r
0c18794e 805\r
806/**\r
807 SMM Fault Tolerant Write protocol notification event handler.\r
808\r
809 Non-Volatile variable write may needs FTW protocol to reclaim when \r
810 writting variable.\r
811 \r
812 @param Protocol Points to the protocol's unique identifier\r
813 @param Interface Points to the interface instance\r
814 @param Handle The handle on which the interface was installed\r
815\r
816 @retval EFI_SUCCESS SmmEventCallback runs successfully\r
817 @retval EFI_NOT_FOUND The Fvb protocol for variable is not found.\r
818 \r
819 **/\r
820EFI_STATUS\r
821EFIAPI\r
822SmmFtwNotificationEvent (\r
823 IN CONST EFI_GUID *Protocol,\r
824 IN VOID *Interface,\r
825 IN EFI_HANDLE Handle\r
826 )\r
827{\r
828 EFI_STATUS Status;\r
829 EFI_SMM_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbProtocol;\r
830 EFI_SMM_FAULT_TOLERANT_WRITE_PROTOCOL *FtwProtocol;\r
831 EFI_PHYSICAL_ADDRESS NvStorageVariableBase;\r
41982ebb 832 UINTN FtwMaxBlockSize;\r
0c18794e 833 \r
834 if (mVariableModuleGlobal->FvbInstance != NULL) {\r
835 return EFI_SUCCESS;\r
836 }\r
837\r
838 //\r
839 // Ensure SMM FTW protocol is installed.\r
840 //\r
841 Status = GetFtwProtocol ((VOID **)&FtwProtocol);\r
842 if (EFI_ERROR (Status)) {\r
843 return Status;\r
844 }\r
845\r
41982ebb
SZ		 846 Status = FtwProtocol->GetMaxBlockSize (FtwProtocol, &FtwMaxBlockSize);\r
847 if (!EFI_ERROR (Status)) {\r
848 ASSERT (PcdGet32 (PcdFlashNvStorageVariableSize) <= FtwMaxBlockSize);\r
849 }\r
850\r
0c18794e 851 //\r
852 // Find the proper FVB protocol for variable.\r
853 //\r
854 NvStorageVariableBase = (EFI_PHYSICAL_ADDRESS) PcdGet64 (PcdFlashNvStorageVariableBase64);\r
855 if (NvStorageVariableBase == 0) {\r
856 NvStorageVariableBase = (EFI_PHYSICAL_ADDRESS) PcdGet32 (PcdFlashNvStorageVariableBase);\r
857 }\r
858 Status = GetFvbInfoByAddress (NvStorageVariableBase, NULL, &FvbProtocol);\r
859 if (EFI_ERROR (Status)) {\r
860 return EFI_NOT_FOUND;\r
861 }\r
862\r
863 mVariableModuleGlobal->FvbInstance = FvbProtocol;\r
864 \r
865 Status = VariableWriteServiceInitialize ();\r
25da08c8
DG		 866 if (EFI_ERROR (Status)) {\r
867 DEBUG ((DEBUG_ERROR, "Variable write service initialization failed. Status = %r\n", Status));\r
868 }\r
0c18794e 869 \r
870 //\r
871 // Notify the variable wrapper driver the variable write service is ready\r
872 //\r
873 Status = gBS->InstallProtocolInterface (\r
874 &mSmmVariableHandle,\r
875 &gSmmVariableWriteGuid,\r
876 EFI_NATIVE_INTERFACE,\r
877 NULL\r
878 );\r
879 ASSERT_EFI_ERROR (Status);\r
880 \r
881 return EFI_SUCCESS;\r
882}\r
883\r
884\r
885/**\r
886 Variable Driver main entry point. The Variable driver places the 4 EFI\r
887 runtime services in the EFI System Table and installs arch protocols \r
888 for variable read and write services being available. It also registers\r
889 a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.\r
890\r
891 @param[in] ImageHandle The firmware allocated handle for the EFI image. \r
892 @param[in] SystemTable A pointer to the EFI System Table.\r
893 \r
894 @retval EFI_SUCCESS Variable service successfully initialized.\r
895\r
896**/\r
897EFI_STATUS\r
898EFIAPI\r
899VariableServiceInitialize (\r
900 IN EFI_HANDLE ImageHandle,\r
901 IN EFI_SYSTEM_TABLE *SystemTable\r
902 )\r
903{\r
904 EFI_STATUS Status;\r
905 EFI_HANDLE VariableHandle;\r
906 VOID *SmmFtwRegistration;\r
6ab9f441 907 VOID *SmmEndOfDxeRegistration;\r
25a4e71a 908\r
0c18794e 909 //\r
910 // Variable initialize.\r
911 //\r
912 Status = VariableCommonInitialize ();\r
913 ASSERT_EFI_ERROR (Status);\r
914\r
915 //\r
916 // Install the Smm Variable Protocol on a new handle.\r
917 //\r
918 VariableHandle = NULL;\r
919 Status = gSmst->SmmInstallProtocolInterface (\r
920 &VariableHandle,\r
921 &gEfiSmmVariableProtocolGuid,\r
922 EFI_NATIVE_INTERFACE,\r
923 &gSmmVariable\r
924 );\r
925 ASSERT_EFI_ERROR (Status);\r
926\r
17409b7a
SZ		 927 Status = gSmst->SmmInstallProtocolInterface (\r
928 &VariableHandle,\r
929 &gEdkiiSmmVarCheckProtocolGuid,\r
930 EFI_NATIVE_INTERFACE,\r
931 &mSmmVarCheck\r
932 );\r
933 ASSERT_EFI_ERROR (Status);\r
934\r
13af4ab0 935 mVariableBufferPayloadSize = MAX_NV_VARIABLE_SIZE +\r
17409b7a 936 OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) - sizeof (VARIABLE_HEADER);\r
5e5bb2a9
SZ		 937\r
938 Status = gSmst->SmmAllocatePool (\r
939 EfiRuntimeServicesData,\r
940 mVariableBufferPayloadSize,\r
941 (VOID **)&mVariableBufferPayload\r
942 );\r
943 ASSERT_EFI_ERROR (Status);\r
944\r
0c18794e 945 ///\r
946 /// Register SMM variable SMI handler\r
947 ///\r
948 VariableHandle = NULL;\r
949 Status = gSmst->SmiHandlerRegister (SmmVariableHandler, &gEfiSmmVariableProtocolGuid, &VariableHandle);\r
950 ASSERT_EFI_ERROR (Status);\r
951 \r
952 //\r
953 // Notify the variable wrapper driver the variable service is ready\r
954 //\r
955 Status = SystemTable->BootServices->InstallProtocolInterface (\r
956 &mVariableHandle,\r
957 &gEfiSmmVariableProtocolGuid,\r
958 EFI_NATIVE_INTERFACE,\r
959 &gSmmVariable\r
960 );\r
961 ASSERT_EFI_ERROR (Status);\r
962 \r
6ab9f441
RN		 963 //\r
964 // Register EFI_SMM_END_OF_DXE_PROTOCOL_GUID notify function.\r
965 //\r
966 Status = gSmst->SmmRegisterProtocolNotify (\r
967 &gEfiSmmEndOfDxeProtocolGuid,\r
968 SmmEndOfDxeCallback,\r
969 &SmmEndOfDxeRegistration\r
970 );\r
971 ASSERT_EFI_ERROR (Status);\r
972\r
0c18794e 973 //\r
974 // Register FtwNotificationEvent () notify function.\r
975 // \r
976 Status = gSmst->SmmRegisterProtocolNotify (\r
977 &gEfiSmmFaultTolerantWriteProtocolGuid,\r
978 SmmFtwNotificationEvent,\r
979 &SmmFtwRegistration\r
980 );\r
981 ASSERT_EFI_ERROR (Status);\r
982\r
983 SmmFtwNotificationEvent (NULL, NULL, NULL);\r
984 \r
985 return EFI_SUCCESS;\r
986}\r
987\r
988\r
EFI Development Kit II mirror for PVE