]> git.proxmox.com Git - mirror_edk2.git/blob - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
MdeModulePkg Variable: Introduce PcdReclaimVariableSpaceAtEndOfDxe
[mirror_edk2.git] / MdeModulePkg / Universal / Variable / RuntimeDxe / VariableSmm.c
1 /** @file
2
3 The sample implementation for SMM variable protocol. And this driver
4 implements an SMI handler to communicate with the DXE runtime driver
5 to provide variable services.
6
7 Caution: This module requires additional review when modified.
8 This driver will have external input - variable data and communicate buffer in SMM mode.
9 This external input must be validated carefully to avoid security issue like
10 buffer overflow, integer overflow.
11
12 SmmVariableHandler() will receive untrusted input and do basic validation.
13
14 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(),
15 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
16 SmmVariableGetStatistics() should also do validation based on its own knowledge.
17
18 Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
19 This program and the accompanying materials
20 are licensed and made available under the terms and conditions of the BSD License
21 which accompanies this distribution. The full text of the license may be found at
22 http://opensource.org/licenses/bsd-license.php
23
24 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
25 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
26
27 **/
28 #include <Protocol/SmmVariable.h>
29 #include <Protocol/SmmFirmwareVolumeBlock.h>
30 #include <Protocol/SmmFaultTolerantWrite.h>
31 #include <Protocol/SmmAccess2.h>
32 #include <Protocol/SmmEndOfDxe.h>
33 #include <Protocol/SmmVarCheck.h>
34
35 #include <Library/SmmServicesTableLib.h>
36
37 #include <Guid/VariableFormat.h>
38 #include <Guid/SmmVariableCommon.h>
39 #include "Variable.h"
40
41 EFI_SMRAM_DESCRIPTOR *mSmramRanges;
42 UINTN mSmramRangeCount;
43
44 extern VARIABLE_INFO_ENTRY *gVariableInfo;
45 EFI_HANDLE mSmmVariableHandle = NULL;
46 EFI_HANDLE mVariableHandle = NULL;
47 BOOLEAN mAtRuntime = FALSE;
48 EFI_GUID mZeroGuid = {0, 0, 0, {0, 0, 0, 0, 0, 0, 0, 0}};
49 UINT8 *mVariableBufferPayload = NULL;
50 UINTN mVariableBufferPayloadSize;
51 extern BOOLEAN mEndOfDxe;
52 extern BOOLEAN mEnableLocking;
53
54 /**
55
56 This code sets variable in storage blocks (Volatile or Non-Volatile).
57
58 @param VariableName Name of Variable to be found.
59 @param VendorGuid Variable vendor GUID.
60 @param Attributes Attribute value of the variable found
61 @param DataSize Size of Data found. If size is less than the
62 data, this value contains the required size.
63 @param Data Data pointer.
64
65 @return EFI_INVALID_PARAMETER Invalid parameter.
66 @return EFI_SUCCESS Set successfully.
67 @return EFI_OUT_OF_RESOURCES Resource not enough to set variable.
68 @return EFI_NOT_FOUND Not found.
69 @return EFI_WRITE_PROTECTED Variable is read-only.
70
71 **/
72 EFI_STATUS
73 EFIAPI
74 SmmVariableSetVariable (
75 IN CHAR16 *VariableName,
76 IN EFI_GUID *VendorGuid,
77 IN UINT32 Attributes,
78 IN UINTN DataSize,
79 IN VOID *Data
80 )
81 {
82 EFI_STATUS Status;
83
84 //
85 // Disable write protection when the calling SetVariable() through EFI_SMM_VARIABLE_PROTOCOL.
86 //
87 mEnableLocking = FALSE;
88 Status = VariableServiceSetVariable (
89 VariableName,
90 VendorGuid,
91 Attributes,
92 DataSize,
93 Data
94 );
95 mEnableLocking = TRUE;
96 return Status;
97 }
98
99 EFI_SMM_VARIABLE_PROTOCOL gSmmVariable = {
100 VariableServiceGetVariable,
101 VariableServiceGetNextVariableName,
102 SmmVariableSetVariable,
103 VariableServiceQueryVariableInfo
104 };
105
106 EDKII_SMM_VAR_CHECK_PROTOCOL mSmmVarCheck = { VarCheckRegisterSetVariableCheckHandler,
107 VarCheckVariablePropertySet,
108 VarCheckVariablePropertyGet };
109
110 /**
111 Return TRUE if ExitBootServices () has been called.
112
113 @retval TRUE If ExitBootServices () has been called.
114 **/
115 BOOLEAN
116 AtRuntime (
117 VOID
118 )
119 {
120 return mAtRuntime;
121 }
122
123 /**
124 This function check if the address is in SMRAM.
125
126 @param Buffer the buffer address to be checked.
127 @param Length the buffer length to be checked.
128
129 @retval TRUE this address is in SMRAM.
130 @retval FALSE this address is NOT in SMRAM.
131 **/
132 BOOLEAN
133 InternalIsAddressInSmram (
134 IN EFI_PHYSICAL_ADDRESS Buffer,
135 IN UINT64 Length
136 )
137 {
138 UINTN Index;
139
140 for (Index = 0; Index < mSmramRangeCount; Index ++) {
141 if (((Buffer >= mSmramRanges[Index].CpuStart) && (Buffer < mSmramRanges[Index].CpuStart + mSmramRanges[Index].PhysicalSize)) ||
142 ((mSmramRanges[Index].CpuStart >= Buffer) && (mSmramRanges[Index].CpuStart < Buffer + Length))) {
143 return TRUE;
144 }
145 }
146
147 return FALSE;
148 }
149
150 /**
151 This function check if the address refered by Buffer and Length is valid.
152
153 @param Buffer the buffer address to be checked.
154 @param Length the buffer length to be checked.
155
156 @retval TRUE this address is valid.
157 @retval FALSE this address is NOT valid.
158 **/
159 BOOLEAN
160 InternalIsAddressValid (
161 IN UINTN Buffer,
162 IN UINTN Length
163 )
164 {
165 if (Buffer > (MAX_ADDRESS - Length)) {
166 //
167 // Overflow happen
168 //
169 return FALSE;
170 }
171 if (InternalIsAddressInSmram ((EFI_PHYSICAL_ADDRESS)Buffer, (UINT64)Length)) {
172 return FALSE;
173 }
174 return TRUE;
175 }
176
177 /**
178 Initializes a basic mutual exclusion lock.
179
180 This function initializes a basic mutual exclusion lock to the released state
181 and returns the lock. Each lock provides mutual exclusion access at its task
182 priority level. Since there is no preemption or multiprocessor support in EFI,
183 acquiring the lock only consists of raising to the locks TPL.
184 If Lock is NULL, then ASSERT().
185 If Priority is not a valid TPL value, then ASSERT().
186
187 @param Lock A pointer to the lock data structure to initialize.
188 @param Priority EFI TPL is associated with the lock.
189
190 @return The lock.
191
192 **/
193 EFI_LOCK *
194 InitializeLock (
195 IN OUT EFI_LOCK *Lock,
196 IN EFI_TPL Priority
197 )
198 {
199 return Lock;
200 }
201
202 /**
203 Acquires lock only at boot time. Simply returns at runtime.
204
205 This is a temperary function that will be removed when
206 EfiAcquireLock() in UefiLib can handle the call in UEFI
207 Runtimer driver in RT phase.
208 It calls EfiAcquireLock() at boot time, and simply returns
209 at runtime.
210
211 @param Lock A pointer to the lock to acquire.
212
213 **/
214 VOID
215 AcquireLockOnlyAtBootTime (
216 IN EFI_LOCK *Lock
217 )
218 {
219
220 }
221
222
223 /**
224 Releases lock only at boot time. Simply returns at runtime.
225
226 This is a temperary function which will be removed when
227 EfiReleaseLock() in UefiLib can handle the call in UEFI
228 Runtimer driver in RT phase.
229 It calls EfiReleaseLock() at boot time and simply returns
230 at runtime.
231
232 @param Lock A pointer to the lock to release.
233
234 **/
235 VOID
236 ReleaseLockOnlyAtBootTime (
237 IN EFI_LOCK *Lock
238 )
239 {
240
241 }
242
243 /**
244 Retrive the SMM Fault Tolerent Write protocol interface.
245
246 @param[out] FtwProtocol The interface of SMM Ftw protocol
247
248 @retval EFI_SUCCESS The SMM FTW protocol instance was found and returned in FtwProtocol.
249 @retval EFI_NOT_FOUND The SMM FTW protocol instance was not found.
250 @retval EFI_INVALID_PARAMETER SarProtocol is NULL.
251
252 **/
253 EFI_STATUS
254 GetFtwProtocol (
255 OUT VOID **FtwProtocol
256 )
257 {
258 EFI_STATUS Status;
259
260 //
261 // Locate Smm Fault Tolerent Write protocol
262 //
263 Status = gSmst->SmmLocateProtocol (
264 &gEfiSmmFaultTolerantWriteProtocolGuid,
265 NULL,
266 FtwProtocol
267 );
268 return Status;
269 }
270
271
272 /**
273 Retrive the SMM FVB protocol interface by HANDLE.
274
275 @param[in] FvBlockHandle The handle of SMM FVB protocol that provides services for
276 reading, writing, and erasing the target block.
277 @param[out] FvBlock The interface of SMM FVB protocol
278
279 @retval EFI_SUCCESS The interface information for the specified protocol was returned.
280 @retval EFI_UNSUPPORTED The device does not support the SMM FVB protocol.
281 @retval EFI_INVALID_PARAMETER FvBlockHandle is not a valid EFI_HANDLE or FvBlock is NULL.
282
283 **/
284 EFI_STATUS
285 GetFvbByHandle (
286 IN EFI_HANDLE FvBlockHandle,
287 OUT EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL **FvBlock
288 )
289 {
290 //
291 // To get the SMM FVB protocol interface on the handle
292 //
293 return gSmst->SmmHandleProtocol (
294 FvBlockHandle,
295 &gEfiSmmFirmwareVolumeBlockProtocolGuid,
296 (VOID **) FvBlock
297 );
298 }
299
300
301 /**
302 Function returns an array of handles that support the SMM FVB protocol
303 in a buffer allocated from pool.
304
305 @param[out] NumberHandles The number of handles returned in Buffer.
306 @param[out] Buffer A pointer to the buffer to return the requested
307 array of handles that support SMM FVB protocol.
308
309 @retval EFI_SUCCESS The array of handles was returned in Buffer, and the number of
310 handles in Buffer was returned in NumberHandles.
311 @retval EFI_NOT_FOUND No SMM FVB handle was found.
312 @retval EFI_OUT_OF_RESOURCES There is not enough pool memory to store the matching results.
313 @retval EFI_INVALID_PARAMETER NumberHandles is NULL or Buffer is NULL.
314
315 **/
316 EFI_STATUS
317 GetFvbCountAndBuffer (
318 OUT UINTN *NumberHandles,
319 OUT EFI_HANDLE **Buffer
320 )
321 {
322 EFI_STATUS Status;
323 UINTN BufferSize;
324
325 if ((NumberHandles == NULL) || (Buffer == NULL)) {
326 return EFI_INVALID_PARAMETER;
327 }
328
329 BufferSize = 0;
330 *NumberHandles = 0;
331 *Buffer = NULL;
332 Status = gSmst->SmmLocateHandle (
333 ByProtocol,
334 &gEfiSmmFirmwareVolumeBlockProtocolGuid,
335 NULL,
336 &BufferSize,
337 *Buffer
338 );
339 if (EFI_ERROR(Status) && Status != EFI_BUFFER_TOO_SMALL) {
340 return EFI_NOT_FOUND;
341 }
342
343 *Buffer = AllocatePool (BufferSize);
344 if (*Buffer == NULL) {
345 return EFI_OUT_OF_RESOURCES;
346 }
347
348 Status = gSmst->SmmLocateHandle (
349 ByProtocol,
350 &gEfiSmmFirmwareVolumeBlockProtocolGuid,
351 NULL,
352 &BufferSize,
353 *Buffer
354 );
355
356 *NumberHandles = BufferSize / sizeof(EFI_HANDLE);
357 if (EFI_ERROR(Status)) {
358 *NumberHandles = 0;
359 FreePool (*Buffer);
360 *Buffer = NULL;
361 }
362
363 return Status;
364 }
365
366
367 /**
368 Get the variable statistics information from the information buffer pointed by gVariableInfo.
369
370 Caution: This function may be invoked at SMM runtime.
371 InfoEntry and InfoSize are external input. Care must be taken to make sure not security issue at runtime.
372
373 @param[in, out] InfoEntry A pointer to the buffer of variable information entry.
374 On input, point to the variable information returned last time. if
375 InfoEntry->VendorGuid is zero, return the first information.
376 On output, point to the next variable information.
377 @param[in, out] InfoSize On input, the size of the variable information buffer.
378 On output, the returned variable information size.
379
380 @retval EFI_SUCCESS The variable information is found and returned successfully.
381 @retval EFI_UNSUPPORTED No variable inoformation exists in variable driver. The
382 PcdVariableCollectStatistics should be set TRUE to support it.
383 @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the next variable information.
384
385 **/
386 EFI_STATUS
387 SmmVariableGetStatistics (
388 IN OUT VARIABLE_INFO_ENTRY *InfoEntry,
389 IN OUT UINTN *InfoSize
390 )
391 {
392 VARIABLE_INFO_ENTRY *VariableInfo;
393 UINTN NameLength;
394 UINTN StatisticsInfoSize;
395 CHAR16 *InfoName;
396 EFI_GUID VendorGuid;
397
398 ASSERT (InfoEntry != NULL);
399 VariableInfo = gVariableInfo;
400 if (VariableInfo == NULL) {
401 return EFI_UNSUPPORTED;
402 }
403
404 StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + StrSize (VariableInfo->Name);
405 if (*InfoSize < StatisticsInfoSize) {
406 *InfoSize = StatisticsInfoSize;
407 return EFI_BUFFER_TOO_SMALL;
408 }
409 InfoName = (CHAR16 *)(InfoEntry + 1);
410
411 CopyGuid (&VendorGuid, &InfoEntry->VendorGuid);
412
413 if (CompareGuid (&VendorGuid, &mZeroGuid)) {
414 //
415 // Return the first variable info
416 //
417 CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY));
418 CopyMem (InfoName, VariableInfo->Name, StrSize (VariableInfo->Name));
419 *InfoSize = StatisticsInfoSize;
420 return EFI_SUCCESS;
421 }
422
423 //
424 // Get the next variable info
425 //
426 while (VariableInfo != NULL) {
427 if (CompareGuid (&VariableInfo->VendorGuid, &VendorGuid)) {
428 NameLength = StrSize (VariableInfo->Name);
429 if (NameLength == StrSize (InfoName)) {
430 if (CompareMem (VariableInfo->Name, InfoName, NameLength) == 0) {
431 //
432 // Find the match one
433 //
434 VariableInfo = VariableInfo->Next;
435 break;
436 }
437 }
438 }
439 VariableInfo = VariableInfo->Next;
440 };
441
442 if (VariableInfo == NULL) {
443 *InfoSize = 0;
444 return EFI_SUCCESS;
445 }
446
447 //
448 // Output the new variable info
449 //
450 StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + StrSize (VariableInfo->Name);
451 if (*InfoSize < StatisticsInfoSize) {
452 *InfoSize = StatisticsInfoSize;
453 return EFI_BUFFER_TOO_SMALL;
454 }
455
456 CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY));
457 CopyMem (InfoName, VariableInfo->Name, StrSize (VariableInfo->Name));
458 *InfoSize = StatisticsInfoSize;
459
460 return EFI_SUCCESS;
461 }
462
463
464 /**
465 Communication service SMI Handler entry.
466
467 This SMI handler provides services for the variable wrapper driver.
468
469 Caution: This function may receive untrusted input.
470 This variable data and communicate buffer are external input, so this function will do basic validation.
471 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(),
472 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
473 SmmVariableGetStatistics() should also do validation based on its own knowledge.
474
475 @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().
476 @param[in] RegisterContext Points to an optional handler context which was specified when the
477 handler was registered.
478 @param[in, out] CommBuffer A pointer to a collection of data in memory that will
479 be conveyed from a non-SMM environment into an SMM environment.
480 @param[in, out] CommBufferSize The size of the CommBuffer.
481
482 @retval EFI_SUCCESS The interrupt was handled and quiesced. No other handlers
483 should still be called.
484 @retval EFI_WARN_INTERRUPT_SOURCE_QUIESCED The interrupt has been quiesced but other handlers should
485 still be called.
486 @retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still pending and other handlers should still
487 be called.
488 @retval EFI_INTERRUPT_PENDING The interrupt could not be quiesced.
489 **/
490 EFI_STATUS
491 EFIAPI
492 SmmVariableHandler (
493 IN EFI_HANDLE DispatchHandle,
494 IN CONST VOID *RegisterContext,
495 IN OUT VOID *CommBuffer,
496 IN OUT UINTN *CommBufferSize
497 )
498 {
499 EFI_STATUS Status;
500 SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHeader;
501 SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *SmmVariableHeader;
502 SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *GetNextVariableName;
503 SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *QueryVariableInfo;
504 VARIABLE_INFO_ENTRY *VariableInfo;
505 SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *VariableToLock;
506 SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *CommVariableProperty;
507 UINTN InfoSize;
508 UINTN NameBufferSize;
509 UINTN CommBufferPayloadSize;
510 UINTN TempCommBufferSize;
511
512 //
513 // If input is invalid, stop processing this SMI
514 //
515 if (CommBuffer == NULL || CommBufferSize == NULL) {
516 return EFI_SUCCESS;
517 }
518
519 TempCommBufferSize = *CommBufferSize;
520
521 if (TempCommBufferSize < SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {
522 DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer size invalid!\n"));
523 return EFI_SUCCESS;
524 }
525 CommBufferPayloadSize = TempCommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
526 if (CommBufferPayloadSize > mVariableBufferPayloadSize) {
527 DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer payload size invalid!\n"));
528 return EFI_SUCCESS;
529 }
530
531 if (!InternalIsAddressValid ((UINTN)CommBuffer, TempCommBufferSize)) {
532 DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer in SMRAM or overflow!\n"));
533 return EFI_SUCCESS;
534 }
535
536 SmmVariableFunctionHeader = (SMM_VARIABLE_COMMUNICATE_HEADER *)CommBuffer;
537 switch (SmmVariableFunctionHeader->Function) {
538 case SMM_VARIABLE_FUNCTION_GET_VARIABLE:
539 if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) {
540 DEBUG ((EFI_D_ERROR, "GetVariable: SMM communication buffer size invalid!\n"));
541 return EFI_SUCCESS;
542 }
543 //
544 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
545 //
546 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);
547 SmmVariableHeader = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *) mVariableBufferPayload;
548 if (((UINTN)(~0) - SmmVariableHeader->DataSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) ||
549 ((UINTN)(~0) - SmmVariableHeader->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + SmmVariableHeader->DataSize)) {
550 //
551 // Prevent InfoSize overflow happen
552 //
553 Status = EFI_ACCESS_DENIED;
554 goto EXIT;
555 }
556 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)
557 + SmmVariableHeader->DataSize + SmmVariableHeader->NameSize;
558
559 //
560 // SMRAM range check already covered before
561 //
562 if (InfoSize > CommBufferPayloadSize) {
563 DEBUG ((EFI_D_ERROR, "GetVariable: Data size exceed communication buffer size limit!\n"));
564 Status = EFI_ACCESS_DENIED;
565 goto EXIT;
566 }
567
568 if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {
569 //
570 // Make sure VariableName is A Null-terminated string.
571 //
572 Status = EFI_ACCESS_DENIED;
573 goto EXIT;
574 }
575
576 Status = VariableServiceGetVariable (
577 SmmVariableHeader->Name,
578 &SmmVariableHeader->Guid,
579 &SmmVariableHeader->Attributes,
580 &SmmVariableHeader->DataSize,
581 (UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->NameSize
582 );
583 CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);
584 break;
585
586 case SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME:
587 if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {
588 DEBUG ((EFI_D_ERROR, "GetNextVariableName: SMM communication buffer size invalid!\n"));
589 return EFI_SUCCESS;
590 }
591 //
592 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
593 //
594 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);
595 GetNextVariableName = (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *) mVariableBufferPayload;
596 if ((UINTN)(~0) - GetNextVariableName->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {
597 //
598 // Prevent InfoSize overflow happen
599 //
600 Status = EFI_ACCESS_DENIED;
601 goto EXIT;
602 }
603 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name) + GetNextVariableName->NameSize;
604
605 //
606 // SMRAM range check already covered before
607 //
608 if (InfoSize > CommBufferPayloadSize) {
609 DEBUG ((EFI_D_ERROR, "GetNextVariableName: Data size exceed communication buffer size limit!\n"));
610 Status = EFI_ACCESS_DENIED;
611 goto EXIT;
612 }
613
614 NameBufferSize = CommBufferPayloadSize - OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name);
615 if (NameBufferSize < sizeof (CHAR16) || GetNextVariableName->Name[NameBufferSize/sizeof (CHAR16) - 1] != L'\0') {
616 //
617 // Make sure input VariableName is A Null-terminated string.
618 //
619 Status = EFI_ACCESS_DENIED;
620 goto EXIT;
621 }
622
623 Status = VariableServiceGetNextVariableName (
624 &GetNextVariableName->NameSize,
625 GetNextVariableName->Name,
626 &GetNextVariableName->Guid
627 );
628 CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);
629 break;
630
631 case SMM_VARIABLE_FUNCTION_SET_VARIABLE:
632 if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) {
633 DEBUG ((EFI_D_ERROR, "SetVariable: SMM communication buffer size invalid!\n"));
634 return EFI_SUCCESS;
635 }
636 //
637 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
638 //
639 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);
640 SmmVariableHeader = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *) mVariableBufferPayload;
641 if (((UINTN)(~0) - SmmVariableHeader->DataSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) ||
642 ((UINTN)(~0) - SmmVariableHeader->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + SmmVariableHeader->DataSize)) {
643 //
644 // Prevent InfoSize overflow happen
645 //
646 Status = EFI_ACCESS_DENIED;
647 goto EXIT;
648 }
649 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)
650 + SmmVariableHeader->DataSize + SmmVariableHeader->NameSize;
651
652 //
653 // SMRAM range check already covered before
654 // Data buffer should not contain SMM range
655 //
656 if (InfoSize > CommBufferPayloadSize) {
657 DEBUG ((EFI_D_ERROR, "SetVariable: Data size exceed communication buffer size limit!\n"));
658 Status = EFI_ACCESS_DENIED;
659 goto EXIT;
660 }
661
662 if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {
663 //
664 // Make sure VariableName is A Null-terminated string.
665 //
666 Status = EFI_ACCESS_DENIED;
667 goto EXIT;
668 }
669
670 Status = VariableServiceSetVariable (
671 SmmVariableHeader->Name,
672 &SmmVariableHeader->Guid,
673 SmmVariableHeader->Attributes,
674 SmmVariableHeader->DataSize,
675 (UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->NameSize
676 );
677 break;
678
679 case SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO:
680 if (CommBufferPayloadSize < sizeof (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO)) {
681 DEBUG ((EFI_D_ERROR, "QueryVariableInfo: SMM communication buffer size invalid!\n"));
682 return EFI_SUCCESS;
683 }
684 QueryVariableInfo = (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *) SmmVariableFunctionHeader->Data;
685
686 Status = VariableServiceQueryVariableInfo (
687 QueryVariableInfo->Attributes,
688 &QueryVariableInfo->MaximumVariableStorageSize,
689 &QueryVariableInfo->RemainingVariableStorageSize,
690 &QueryVariableInfo->MaximumVariableSize
691 );
692 break;
693
694 case SMM_VARIABLE_FUNCTION_READY_TO_BOOT:
695 mEndOfDxe = TRUE;
696 //
697 // The initialization for variable quota.
698 //
699 InitializeVariableQuota ();
700 if (AtRuntime()) {
701 Status = EFI_UNSUPPORTED;
702 break;
703 }
704 ReclaimForOS ();
705 Status = EFI_SUCCESS;
706 break;
707
708 case SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE:
709 mAtRuntime = TRUE;
710 Status = EFI_SUCCESS;
711 break;
712
713 case SMM_VARIABLE_FUNCTION_GET_STATISTICS:
714 VariableInfo = (VARIABLE_INFO_ENTRY *) SmmVariableFunctionHeader->Data;
715 InfoSize = TempCommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
716
717 //
718 // Do not need to check SmmVariableFunctionHeader->Data in SMRAM here.
719 // It is covered by previous CommBuffer check
720 //
721
722 if (InternalIsAddressInSmram ((EFI_PHYSICAL_ADDRESS)(UINTN)CommBufferSize, sizeof(UINTN))) {
723 DEBUG ((EFI_D_ERROR, "GetStatistics: SMM communication buffer in SMRAM!\n"));
724 Status = EFI_ACCESS_DENIED;
725 goto EXIT;
726 }
727
728 Status = SmmVariableGetStatistics (VariableInfo, &InfoSize);
729 *CommBufferSize = InfoSize + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
730 break;
731
732 case SMM_VARIABLE_FUNCTION_LOCK_VARIABLE:
733 if (mEndOfDxe) {
734 Status = EFI_ACCESS_DENIED;
735 } else {
736 VariableToLock = (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *) SmmVariableFunctionHeader->Data;
737 Status = VariableLockRequestToLock (
738 NULL,
739 VariableToLock->Name,
740 &VariableToLock->Guid
741 );
742 }
743 break;
744 case SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_SET:
745 if (mEndOfDxe) {
746 Status = EFI_ACCESS_DENIED;
747 } else {
748 CommVariableProperty = (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *) SmmVariableFunctionHeader->Data;
749 Status = VarCheckVariablePropertySet (
750 CommVariableProperty->Name,
751 &CommVariableProperty->Guid,
752 &CommVariableProperty->VariableProperty
753 );
754 }
755 break;
756 case SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_GET:
757 if (CommBufferPayloadSize < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) {
758 DEBUG ((EFI_D_ERROR, "VarCheckVariablePropertyGet: SMM communication buffer size invalid!\n"));
759 return EFI_SUCCESS;
760 }
761 //
762 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
763 //
764 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);
765 CommVariableProperty = (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *) mVariableBufferPayload;
766 if ((UINTN) (~0) - CommVariableProperty->NameSize < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) {
767 //
768 // Prevent InfoSize overflow happen
769 //
770 Status = EFI_ACCESS_DENIED;
771 goto EXIT;
772 }
773 InfoSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) + CommVariableProperty->NameSize;
774
775 //
776 // SMRAM range check already covered before
777 //
778 if (InfoSize > CommBufferPayloadSize) {
779 DEBUG ((EFI_D_ERROR, "VarCheckVariablePropertyGet: Data size exceed communication buffer size limit!\n"));
780 Status = EFI_ACCESS_DENIED;
781 goto EXIT;
782 }
783
784 if (CommVariableProperty->NameSize < sizeof (CHAR16) || CommVariableProperty->Name[CommVariableProperty->NameSize/sizeof (CHAR16) - 1] != L'\0') {
785 //
786 // Make sure VariableName is A Null-terminated string.
787 //
788 Status = EFI_ACCESS_DENIED;
789 goto EXIT;
790 }
791
792 Status = VarCheckVariablePropertyGet (
793 CommVariableProperty->Name,
794 &CommVariableProperty->Guid,
795 &CommVariableProperty->VariableProperty
796 );
797 CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);
798 break;
799
800 default:
801 Status = EFI_UNSUPPORTED;
802 }
803
804 EXIT:
805
806 SmmVariableFunctionHeader->ReturnStatus = Status;
807
808 return EFI_SUCCESS;
809 }
810
811 /**
812 SMM END_OF_DXE protocol notification event handler.
813
814 @param Protocol Points to the protocol's unique identifier
815 @param Interface Points to the interface instance
816 @param Handle The handle on which the interface was installed
817
818 @retval EFI_SUCCESS SmmEndOfDxeCallback runs successfully
819
820 **/
821 EFI_STATUS
822 EFIAPI
823 SmmEndOfDxeCallback (
824 IN CONST EFI_GUID *Protocol,
825 IN VOID *Interface,
826 IN EFI_HANDLE Handle
827 )
828 {
829 DEBUG ((EFI_D_INFO, "[Variable]END_OF_DXE is signaled\n"));
830 mEndOfDxe = TRUE;
831 //
832 // The initialization for variable quota.
833 //
834 InitializeVariableQuota ();
835 if (PcdGetBool (PcdReclaimVariableSpaceAtEndOfDxe)) {
836 ReclaimForOS ();
837 }
838 return EFI_SUCCESS;
839 }
840
841 /**
842 SMM Fault Tolerant Write protocol notification event handler.
843
844 Non-Volatile variable write may needs FTW protocol to reclaim when
845 writting variable.
846
847 @param Protocol Points to the protocol's unique identifier
848 @param Interface Points to the interface instance
849 @param Handle The handle on which the interface was installed
850
851 @retval EFI_SUCCESS SmmEventCallback runs successfully
852 @retval EFI_NOT_FOUND The Fvb protocol for variable is not found.
853
854 **/
855 EFI_STATUS
856 EFIAPI
857 SmmFtwNotificationEvent (
858 IN CONST EFI_GUID *Protocol,
859 IN VOID *Interface,
860 IN EFI_HANDLE Handle
861 )
862 {
863 EFI_STATUS Status;
864 EFI_SMM_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbProtocol;
865 EFI_SMM_FAULT_TOLERANT_WRITE_PROTOCOL *FtwProtocol;
866 EFI_PHYSICAL_ADDRESS NvStorageVariableBase;
867 UINTN FtwMaxBlockSize;
868
869 if (mVariableModuleGlobal->FvbInstance != NULL) {
870 return EFI_SUCCESS;
871 }
872
873 //
874 // Ensure SMM FTW protocol is installed.
875 //
876 Status = GetFtwProtocol ((VOID **)&FtwProtocol);
877 if (EFI_ERROR (Status)) {
878 return Status;
879 }
880
881 Status = FtwProtocol->GetMaxBlockSize (FtwProtocol, &FtwMaxBlockSize);
882 if (!EFI_ERROR (Status)) {
883 ASSERT (PcdGet32 (PcdFlashNvStorageVariableSize) <= FtwMaxBlockSize);
884 }
885
886 //
887 // Find the proper FVB protocol for variable.
888 //
889 NvStorageVariableBase = (EFI_PHYSICAL_ADDRESS) PcdGet64 (PcdFlashNvStorageVariableBase64);
890 if (NvStorageVariableBase == 0) {
891 NvStorageVariableBase = (EFI_PHYSICAL_ADDRESS) PcdGet32 (PcdFlashNvStorageVariableBase);
892 }
893 Status = GetFvbInfoByAddress (NvStorageVariableBase, NULL, &FvbProtocol);
894 if (EFI_ERROR (Status)) {
895 return EFI_NOT_FOUND;
896 }
897
898 mVariableModuleGlobal->FvbInstance = FvbProtocol;
899
900 Status = VariableWriteServiceInitialize ();
901 ASSERT_EFI_ERROR (Status);
902
903 //
904 // Notify the variable wrapper driver the variable write service is ready
905 //
906 Status = gBS->InstallProtocolInterface (
907 &mSmmVariableHandle,
908 &gSmmVariableWriteGuid,
909 EFI_NATIVE_INTERFACE,
910 NULL
911 );
912 ASSERT_EFI_ERROR (Status);
913
914 return EFI_SUCCESS;
915 }
916
917
918 /**
919 Variable Driver main entry point. The Variable driver places the 4 EFI
920 runtime services in the EFI System Table and installs arch protocols
921 for variable read and write services being available. It also registers
922 a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
923
924 @param[in] ImageHandle The firmware allocated handle for the EFI image.
925 @param[in] SystemTable A pointer to the EFI System Table.
926
927 @retval EFI_SUCCESS Variable service successfully initialized.
928
929 **/
930 EFI_STATUS
931 EFIAPI
932 VariableServiceInitialize (
933 IN EFI_HANDLE ImageHandle,
934 IN EFI_SYSTEM_TABLE *SystemTable
935 )
936 {
937 EFI_STATUS Status;
938 EFI_HANDLE VariableHandle;
939 VOID *SmmFtwRegistration;
940 EFI_SMM_ACCESS2_PROTOCOL *SmmAccess;
941 UINTN Size;
942 VOID *SmmEndOfDxeRegistration;
943
944 //
945 // Variable initialize.
946 //
947 Status = VariableCommonInitialize ();
948 ASSERT_EFI_ERROR (Status);
949
950 //
951 // Install the Smm Variable Protocol on a new handle.
952 //
953 VariableHandle = NULL;
954 Status = gSmst->SmmInstallProtocolInterface (
955 &VariableHandle,
956 &gEfiSmmVariableProtocolGuid,
957 EFI_NATIVE_INTERFACE,
958 &gSmmVariable
959 );
960 ASSERT_EFI_ERROR (Status);
961
962 Status = gSmst->SmmInstallProtocolInterface (
963 &VariableHandle,
964 &gEdkiiSmmVarCheckProtocolGuid,
965 EFI_NATIVE_INTERFACE,
966 &mSmmVarCheck
967 );
968 ASSERT_EFI_ERROR (Status);
969
970 //
971 // Get SMRAM information
972 //
973 Status = gBS->LocateProtocol (&gEfiSmmAccess2ProtocolGuid, NULL, (VOID **)&SmmAccess);
974 ASSERT_EFI_ERROR (Status);
975
976 Size = 0;
977 Status = SmmAccess->GetCapabilities (SmmAccess, &Size, NULL);
978 ASSERT (Status == EFI_BUFFER_TOO_SMALL);
979
980 Status = gSmst->SmmAllocatePool (
981 EfiRuntimeServicesData,
982 Size,
983 (VOID **)&mSmramRanges
984 );
985 ASSERT_EFI_ERROR (Status);
986
987 Status = SmmAccess->GetCapabilities (SmmAccess, &Size, mSmramRanges);
988 ASSERT_EFI_ERROR (Status);
989
990 mSmramRangeCount = Size / sizeof (EFI_SMRAM_DESCRIPTOR);
991
992 mVariableBufferPayloadSize = MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize)) +
993 OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) - sizeof (VARIABLE_HEADER);
994
995 Status = gSmst->SmmAllocatePool (
996 EfiRuntimeServicesData,
997 mVariableBufferPayloadSize,
998 (VOID **)&mVariableBufferPayload
999 );
1000 ASSERT_EFI_ERROR (Status);
1001
1002 ///
1003 /// Register SMM variable SMI handler
1004 ///
1005 VariableHandle = NULL;
1006 Status = gSmst->SmiHandlerRegister (SmmVariableHandler, &gEfiSmmVariableProtocolGuid, &VariableHandle);
1007 ASSERT_EFI_ERROR (Status);
1008
1009 //
1010 // Notify the variable wrapper driver the variable service is ready
1011 //
1012 Status = SystemTable->BootServices->InstallProtocolInterface (
1013 &mVariableHandle,
1014 &gEfiSmmVariableProtocolGuid,
1015 EFI_NATIVE_INTERFACE,
1016 &gSmmVariable
1017 );
1018 ASSERT_EFI_ERROR (Status);
1019
1020 //
1021 // Register EFI_SMM_END_OF_DXE_PROTOCOL_GUID notify function.
1022 //
1023 Status = gSmst->SmmRegisterProtocolNotify (
1024 &gEfiSmmEndOfDxeProtocolGuid,
1025 SmmEndOfDxeCallback,
1026 &SmmEndOfDxeRegistration
1027 );
1028 ASSERT_EFI_ERROR (Status);
1029
1030 //
1031 // Register FtwNotificationEvent () notify function.
1032 //
1033 Status = gSmst->SmmRegisterProtocolNotify (
1034 &gEfiSmmFaultTolerantWriteProtocolGuid,
1035 SmmFtwNotificationEvent,
1036 &SmmFtwRegistration
1037 );
1038 ASSERT_EFI_ERROR (Status);
1039
1040 SmmFtwNotificationEvent (NULL, NULL, NULL);
1041
1042 return EFI_SUCCESS;
1043 }
1044
1045
EFI Development Kit II mirror for PVE