]> git.proxmox.com Git - mirror_edk2.git/blob - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
MdeModulePkg: Replace BSD License with BSD+Patent License
[mirror_edk2.git] / MdeModulePkg / Universal / Variable / RuntimeDxe / VariableSmm.c
1 /** @file
2 The sample implementation for SMM variable protocol. And this driver
3 implements an SMI handler to communicate with the DXE runtime driver
4 to provide variable services.
5
6 Caution: This module requires additional review when modified.
7 This driver will have external input - variable data and communicate buffer in SMM mode.
8 This external input must be validated carefully to avoid security issue like
9 buffer overflow, integer overflow.
10
11 SmmVariableHandler() will receive untrusted input and do basic validation.
12
13 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(),
14 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
15 SmmVariableGetStatistics() should also do validation based on its own knowledge.
16
17 Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR>
18 Copyright (c) 2018, Linaro, Ltd. All rights reserved.<BR>
19 SPDX-License-Identifier: BSD-2-Clause-Patent
20
21 **/
22
23 #include <Protocol/SmmVariable.h>
24 #include <Protocol/SmmFirmwareVolumeBlock.h>
25 #include <Protocol/SmmFaultTolerantWrite.h>
26 #include <Protocol/MmEndOfDxe.h>
27 #include <Protocol/SmmVarCheck.h>
28
29 #include <Library/MmServicesTableLib.h>
30
31 #include <Guid/SmmVariableCommon.h>
32 #include "Variable.h"
33
34 BOOLEAN mAtRuntime = FALSE;
35 UINT8 *mVariableBufferPayload = NULL;
36 UINTN mVariableBufferPayloadSize;
37
38 /**
39 SecureBoot Hook for SetVariable.
40
41 @param[in] VariableName Name of Variable to be found.
42 @param[in] VendorGuid Variable vendor GUID.
43
44 **/
45 VOID
46 EFIAPI
47 SecureBootHook (
48 IN CHAR16 *VariableName,
49 IN EFI_GUID *VendorGuid
50 )
51 {
52 return ;
53 }
54
55 /**
56
57 This code sets variable in storage blocks (Volatile or Non-Volatile).
58
59 @param VariableName Name of Variable to be found.
60 @param VendorGuid Variable vendor GUID.
61 @param Attributes Attribute value of the variable found
62 @param DataSize Size of Data found. If size is less than the
63 data, this value contains the required size.
64 @param Data Data pointer.
65
66 @return EFI_INVALID_PARAMETER Invalid parameter.
67 @return EFI_SUCCESS Set successfully.
68 @return EFI_OUT_OF_RESOURCES Resource not enough to set variable.
69 @return EFI_NOT_FOUND Not found.
70 @return EFI_WRITE_PROTECTED Variable is read-only.
71
72 **/
73 EFI_STATUS
74 EFIAPI
75 SmmVariableSetVariable (
76 IN CHAR16 *VariableName,
77 IN EFI_GUID *VendorGuid,
78 IN UINT32 Attributes,
79 IN UINTN DataSize,
80 IN VOID *Data
81 )
82 {
83 EFI_STATUS Status;
84
85 //
86 // Disable write protection when the calling SetVariable() through EFI_SMM_VARIABLE_PROTOCOL.
87 //
88 mRequestSource = VarCheckFromTrusted;
89 Status = VariableServiceSetVariable (
90 VariableName,
91 VendorGuid,
92 Attributes,
93 DataSize,
94 Data
95 );
96 mRequestSource = VarCheckFromUntrusted;
97 return Status;
98 }
99
100 EFI_SMM_VARIABLE_PROTOCOL gSmmVariable = {
101 VariableServiceGetVariable,
102 VariableServiceGetNextVariableName,
103 SmmVariableSetVariable,
104 VariableServiceQueryVariableInfo
105 };
106
107 EDKII_SMM_VAR_CHECK_PROTOCOL mSmmVarCheck = { VarCheckRegisterSetVariableCheckHandler,
108 VarCheckVariablePropertySet,
109 VarCheckVariablePropertyGet };
110
111 /**
112 Return TRUE if ExitBootServices () has been called.
113
114 @retval TRUE If ExitBootServices () has been called.
115 **/
116 BOOLEAN
117 AtRuntime (
118 VOID
119 )
120 {
121 return mAtRuntime;
122 }
123
124 /**
125 Initializes a basic mutual exclusion lock.
126
127 This function initializes a basic mutual exclusion lock to the released state
128 and returns the lock. Each lock provides mutual exclusion access at its task
129 priority level. Since there is no preemption or multiprocessor support in EFI,
130 acquiring the lock only consists of raising to the locks TPL.
131 If Lock is NULL, then ASSERT().
132 If Priority is not a valid TPL value, then ASSERT().
133
134 @param Lock A pointer to the lock data structure to initialize.
135 @param Priority EFI TPL is associated with the lock.
136
137 @return The lock.
138
139 **/
140 EFI_LOCK *
141 InitializeLock (
142 IN OUT EFI_LOCK *Lock,
143 IN EFI_TPL Priority
144 )
145 {
146 return Lock;
147 }
148
149 /**
150 Acquires lock only at boot time. Simply returns at runtime.
151
152 This is a temperary function that will be removed when
153 EfiAcquireLock() in UefiLib can handle the call in UEFI
154 Runtimer driver in RT phase.
155 It calls EfiAcquireLock() at boot time, and simply returns
156 at runtime.
157
158 @param Lock A pointer to the lock to acquire.
159
160 **/
161 VOID
162 AcquireLockOnlyAtBootTime (
163 IN EFI_LOCK *Lock
164 )
165 {
166
167 }
168
169
170 /**
171 Releases lock only at boot time. Simply returns at runtime.
172
173 This is a temperary function which will be removed when
174 EfiReleaseLock() in UefiLib can handle the call in UEFI
175 Runtimer driver in RT phase.
176 It calls EfiReleaseLock() at boot time and simply returns
177 at runtime.
178
179 @param Lock A pointer to the lock to release.
180
181 **/
182 VOID
183 ReleaseLockOnlyAtBootTime (
184 IN EFI_LOCK *Lock
185 )
186 {
187
188 }
189
190 /**
191 Retrieve the SMM Fault Tolerent Write protocol interface.
192
193 @param[out] FtwProtocol The interface of SMM Ftw protocol
194
195 @retval EFI_SUCCESS The SMM FTW protocol instance was found and returned in FtwProtocol.
196 @retval EFI_NOT_FOUND The SMM FTW protocol instance was not found.
197 @retval EFI_INVALID_PARAMETER SarProtocol is NULL.
198
199 **/
200 EFI_STATUS
201 GetFtwProtocol (
202 OUT VOID **FtwProtocol
203 )
204 {
205 EFI_STATUS Status;
206
207 //
208 // Locate Smm Fault Tolerent Write protocol
209 //
210 Status = gMmst->MmLocateProtocol (
211 &gEfiSmmFaultTolerantWriteProtocolGuid,
212 NULL,
213 FtwProtocol
214 );
215 return Status;
216 }
217
218
219 /**
220 Retrieve the SMM FVB protocol interface by HANDLE.
221
222 @param[in] FvBlockHandle The handle of SMM FVB protocol that provides services for
223 reading, writing, and erasing the target block.
224 @param[out] FvBlock The interface of SMM FVB protocol
225
226 @retval EFI_SUCCESS The interface information for the specified protocol was returned.
227 @retval EFI_UNSUPPORTED The device does not support the SMM FVB protocol.
228 @retval EFI_INVALID_PARAMETER FvBlockHandle is not a valid EFI_HANDLE or FvBlock is NULL.
229
230 **/
231 EFI_STATUS
232 GetFvbByHandle (
233 IN EFI_HANDLE FvBlockHandle,
234 OUT EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL **FvBlock
235 )
236 {
237 //
238 // To get the SMM FVB protocol interface on the handle
239 //
240 return gMmst->MmHandleProtocol (
241 FvBlockHandle,
242 &gEfiSmmFirmwareVolumeBlockProtocolGuid,
243 (VOID **) FvBlock
244 );
245 }
246
247
248 /**
249 Function returns an array of handles that support the SMM FVB protocol
250 in a buffer allocated from pool.
251
252 @param[out] NumberHandles The number of handles returned in Buffer.
253 @param[out] Buffer A pointer to the buffer to return the requested
254 array of handles that support SMM FVB protocol.
255
256 @retval EFI_SUCCESS The array of handles was returned in Buffer, and the number of
257 handles in Buffer was returned in NumberHandles.
258 @retval EFI_NOT_FOUND No SMM FVB handle was found.
259 @retval EFI_OUT_OF_RESOURCES There is not enough pool memory to store the matching results.
260 @retval EFI_INVALID_PARAMETER NumberHandles is NULL or Buffer is NULL.
261
262 **/
263 EFI_STATUS
264 GetFvbCountAndBuffer (
265 OUT UINTN *NumberHandles,
266 OUT EFI_HANDLE **Buffer
267 )
268 {
269 EFI_STATUS Status;
270 UINTN BufferSize;
271
272 if ((NumberHandles == NULL) || (Buffer == NULL)) {
273 return EFI_INVALID_PARAMETER;
274 }
275
276 BufferSize = 0;
277 *NumberHandles = 0;
278 *Buffer = NULL;
279 Status = gMmst->MmLocateHandle (
280 ByProtocol,
281 &gEfiSmmFirmwareVolumeBlockProtocolGuid,
282 NULL,
283 &BufferSize,
284 *Buffer
285 );
286 if (EFI_ERROR(Status) && Status != EFI_BUFFER_TOO_SMALL) {
287 return EFI_NOT_FOUND;
288 }
289
290 *Buffer = AllocatePool (BufferSize);
291 if (*Buffer == NULL) {
292 return EFI_OUT_OF_RESOURCES;
293 }
294
295 Status = gMmst->MmLocateHandle (
296 ByProtocol,
297 &gEfiSmmFirmwareVolumeBlockProtocolGuid,
298 NULL,
299 &BufferSize,
300 *Buffer
301 );
302
303 *NumberHandles = BufferSize / sizeof(EFI_HANDLE);
304 if (EFI_ERROR(Status)) {
305 *NumberHandles = 0;
306 FreePool (*Buffer);
307 *Buffer = NULL;
308 }
309
310 return Status;
311 }
312
313
314 /**
315 Get the variable statistics information from the information buffer pointed by gVariableInfo.
316
317 Caution: This function may be invoked at SMM runtime.
318 InfoEntry and InfoSize are external input. Care must be taken to make sure not security issue at runtime.
319
320 @param[in, out] InfoEntry A pointer to the buffer of variable information entry.
321 On input, point to the variable information returned last time. if
322 InfoEntry->VendorGuid is zero, return the first information.
323 On output, point to the next variable information.
324 @param[in, out] InfoSize On input, the size of the variable information buffer.
325 On output, the returned variable information size.
326
327 @retval EFI_SUCCESS The variable information is found and returned successfully.
328 @retval EFI_UNSUPPORTED No variable inoformation exists in variable driver. The
329 PcdVariableCollectStatistics should be set TRUE to support it.
330 @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the next variable information.
331 @retval EFI_INVALID_PARAMETER Input parameter is invalid.
332
333 **/
334 EFI_STATUS
335 SmmVariableGetStatistics (
336 IN OUT VARIABLE_INFO_ENTRY *InfoEntry,
337 IN OUT UINTN *InfoSize
338 )
339 {
340 VARIABLE_INFO_ENTRY *VariableInfo;
341 UINTN NameSize;
342 UINTN StatisticsInfoSize;
343 CHAR16 *InfoName;
344 UINTN InfoNameMaxSize;
345 EFI_GUID VendorGuid;
346
347 if (InfoEntry == NULL) {
348 return EFI_INVALID_PARAMETER;
349 }
350
351 VariableInfo = gVariableInfo;
352 if (VariableInfo == NULL) {
353 return EFI_UNSUPPORTED;
354 }
355
356 StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY);
357 if (*InfoSize < StatisticsInfoSize) {
358 *InfoSize = StatisticsInfoSize;
359 return EFI_BUFFER_TOO_SMALL;
360 }
361 InfoName = (CHAR16 *)(InfoEntry + 1);
362 InfoNameMaxSize = (*InfoSize - sizeof (VARIABLE_INFO_ENTRY));
363
364 CopyGuid (&VendorGuid, &InfoEntry->VendorGuid);
365
366 if (IsZeroGuid (&VendorGuid)) {
367 //
368 // Return the first variable info
369 //
370 NameSize = StrSize (VariableInfo->Name);
371 StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + NameSize;
372 if (*InfoSize < StatisticsInfoSize) {
373 *InfoSize = StatisticsInfoSize;
374 return EFI_BUFFER_TOO_SMALL;
375 }
376 CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY));
377 CopyMem (InfoName, VariableInfo->Name, NameSize);
378 *InfoSize = StatisticsInfoSize;
379 return EFI_SUCCESS;
380 }
381
382 //
383 // Get the next variable info
384 //
385 while (VariableInfo != NULL) {
386 if (CompareGuid (&VariableInfo->VendorGuid, &VendorGuid)) {
387 NameSize = StrSize (VariableInfo->Name);
388 if (NameSize <= InfoNameMaxSize) {
389 if (CompareMem (VariableInfo->Name, InfoName, NameSize) == 0) {
390 //
391 // Find the match one
392 //
393 VariableInfo = VariableInfo->Next;
394 break;
395 }
396 }
397 }
398 VariableInfo = VariableInfo->Next;
399 };
400
401 if (VariableInfo == NULL) {
402 *InfoSize = 0;
403 return EFI_SUCCESS;
404 }
405
406 //
407 // Output the new variable info
408 //
409 NameSize = StrSize (VariableInfo->Name);
410 StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + NameSize;
411 if (*InfoSize < StatisticsInfoSize) {
412 *InfoSize = StatisticsInfoSize;
413 return EFI_BUFFER_TOO_SMALL;
414 }
415
416 CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY));
417 CopyMem (InfoName, VariableInfo->Name, NameSize);
418 *InfoSize = StatisticsInfoSize;
419
420 return EFI_SUCCESS;
421 }
422
423
424 /**
425 Communication service SMI Handler entry.
426
427 This SMI handler provides services for the variable wrapper driver.
428
429 Caution: This function may receive untrusted input.
430 This variable data and communicate buffer are external input, so this function will do basic validation.
431 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(),
432 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
433 SmmVariableGetStatistics() should also do validation based on its own knowledge.
434
435 @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().
436 @param[in] RegisterContext Points to an optional handler context which was specified when the
437 handler was registered.
438 @param[in, out] CommBuffer A pointer to a collection of data in memory that will
439 be conveyed from a non-SMM environment into an SMM environment.
440 @param[in, out] CommBufferSize The size of the CommBuffer.
441
442 @retval EFI_SUCCESS The interrupt was handled and quiesced. No other handlers
443 should still be called.
444 @retval EFI_WARN_INTERRUPT_SOURCE_QUIESCED The interrupt has been quiesced but other handlers should
445 still be called.
446 @retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still pending and other handlers should still
447 be called.
448 @retval EFI_INTERRUPT_PENDING The interrupt could not be quiesced.
449 **/
450 EFI_STATUS
451 EFIAPI
452 SmmVariableHandler (
453 IN EFI_HANDLE DispatchHandle,
454 IN CONST VOID *RegisterContext,
455 IN OUT VOID *CommBuffer,
456 IN OUT UINTN *CommBufferSize
457 )
458 {
459 EFI_STATUS Status;
460 SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHeader;
461 SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *SmmVariableHeader;
462 SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *GetNextVariableName;
463 SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *QueryVariableInfo;
464 SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE *GetPayloadSize;
465 VARIABLE_INFO_ENTRY *VariableInfo;
466 SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *VariableToLock;
467 SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *CommVariableProperty;
468 UINTN InfoSize;
469 UINTN NameBufferSize;
470 UINTN CommBufferPayloadSize;
471 UINTN TempCommBufferSize;
472
473 //
474 // If input is invalid, stop processing this SMI
475 //
476 if (CommBuffer == NULL || CommBufferSize == NULL) {
477 return EFI_SUCCESS;
478 }
479
480 TempCommBufferSize = *CommBufferSize;
481
482 if (TempCommBufferSize < SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {
483 DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer size invalid!\n"));
484 return EFI_SUCCESS;
485 }
486 CommBufferPayloadSize = TempCommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
487 if (CommBufferPayloadSize > mVariableBufferPayloadSize) {
488 DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer payload size invalid!\n"));
489 return EFI_SUCCESS;
490 }
491
492 if (!VariableSmmIsBufferOutsideSmmValid ((UINTN)CommBuffer, TempCommBufferSize)) {
493 DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer in SMRAM or overflow!\n"));
494 return EFI_SUCCESS;
495 }
496
497 SmmVariableFunctionHeader = (SMM_VARIABLE_COMMUNICATE_HEADER *)CommBuffer;
498 switch (SmmVariableFunctionHeader->Function) {
499 case SMM_VARIABLE_FUNCTION_GET_VARIABLE:
500 if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) {
501 DEBUG ((EFI_D_ERROR, "GetVariable: SMM communication buffer size invalid!\n"));
502 return EFI_SUCCESS;
503 }
504 //
505 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
506 //
507 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);
508 SmmVariableHeader = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *) mVariableBufferPayload;
509 if (((UINTN)(~0) - SmmVariableHeader->DataSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) ||
510 ((UINTN)(~0) - SmmVariableHeader->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + SmmVariableHeader->DataSize)) {
511 //
512 // Prevent InfoSize overflow happen
513 //
514 Status = EFI_ACCESS_DENIED;
515 goto EXIT;
516 }
517 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)
518 + SmmVariableHeader->DataSize + SmmVariableHeader->NameSize;
519
520 //
521 // SMRAM range check already covered before
522 //
523 if (InfoSize > CommBufferPayloadSize) {
524 DEBUG ((EFI_D_ERROR, "GetVariable: Data size exceed communication buffer size limit!\n"));
525 Status = EFI_ACCESS_DENIED;
526 goto EXIT;
527 }
528
529 //
530 // The VariableSpeculationBarrier() call here is to ensure the previous
531 // range/content checks for the CommBuffer have been completed before the
532 // subsequent consumption of the CommBuffer content.
533 //
534 VariableSpeculationBarrier ();
535 if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {
536 //
537 // Make sure VariableName is A Null-terminated string.
538 //
539 Status = EFI_ACCESS_DENIED;
540 goto EXIT;
541 }
542
543 Status = VariableServiceGetVariable (
544 SmmVariableHeader->Name,
545 &SmmVariableHeader->Guid,
546 &SmmVariableHeader->Attributes,
547 &SmmVariableHeader->DataSize,
548 (UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->NameSize
549 );
550 CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);
551 break;
552
553 case SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME:
554 if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {
555 DEBUG ((EFI_D_ERROR, "GetNextVariableName: SMM communication buffer size invalid!\n"));
556 return EFI_SUCCESS;
557 }
558 //
559 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
560 //
561 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);
562 GetNextVariableName = (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *) mVariableBufferPayload;
563 if ((UINTN)(~0) - GetNextVariableName->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {
564 //
565 // Prevent InfoSize overflow happen
566 //
567 Status = EFI_ACCESS_DENIED;
568 goto EXIT;
569 }
570 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name) + GetNextVariableName->NameSize;
571
572 //
573 // SMRAM range check already covered before
574 //
575 if (InfoSize > CommBufferPayloadSize) {
576 DEBUG ((EFI_D_ERROR, "GetNextVariableName: Data size exceed communication buffer size limit!\n"));
577 Status = EFI_ACCESS_DENIED;
578 goto EXIT;
579 }
580
581 NameBufferSize = CommBufferPayloadSize - OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name);
582 if (NameBufferSize < sizeof (CHAR16) || GetNextVariableName->Name[NameBufferSize/sizeof (CHAR16) - 1] != L'\0') {
583 //
584 // Make sure input VariableName is A Null-terminated string.
585 //
586 Status = EFI_ACCESS_DENIED;
587 goto EXIT;
588 }
589
590 Status = VariableServiceGetNextVariableName (
591 &GetNextVariableName->NameSize,
592 GetNextVariableName->Name,
593 &GetNextVariableName->Guid
594 );
595 CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);
596 break;
597
598 case SMM_VARIABLE_FUNCTION_SET_VARIABLE:
599 if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) {
600 DEBUG ((EFI_D_ERROR, "SetVariable: SMM communication buffer size invalid!\n"));
601 return EFI_SUCCESS;
602 }
603 //
604 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
605 //
606 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);
607 SmmVariableHeader = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *) mVariableBufferPayload;
608 if (((UINTN)(~0) - SmmVariableHeader->DataSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) ||
609 ((UINTN)(~0) - SmmVariableHeader->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + SmmVariableHeader->DataSize)) {
610 //
611 // Prevent InfoSize overflow happen
612 //
613 Status = EFI_ACCESS_DENIED;
614 goto EXIT;
615 }
616 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)
617 + SmmVariableHeader->DataSize + SmmVariableHeader->NameSize;
618
619 //
620 // SMRAM range check already covered before
621 // Data buffer should not contain SMM range
622 //
623 if (InfoSize > CommBufferPayloadSize) {
624 DEBUG ((EFI_D_ERROR, "SetVariable: Data size exceed communication buffer size limit!\n"));
625 Status = EFI_ACCESS_DENIED;
626 goto EXIT;
627 }
628
629 //
630 // The VariableSpeculationBarrier() call here is to ensure the previous
631 // range/content checks for the CommBuffer have been completed before the
632 // subsequent consumption of the CommBuffer content.
633 //
634 VariableSpeculationBarrier ();
635 if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {
636 //
637 // Make sure VariableName is A Null-terminated string.
638 //
639 Status = EFI_ACCESS_DENIED;
640 goto EXIT;
641 }
642
643 Status = VariableServiceSetVariable (
644 SmmVariableHeader->Name,
645 &SmmVariableHeader->Guid,
646 SmmVariableHeader->Attributes,
647 SmmVariableHeader->DataSize,
648 (UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->NameSize
649 );
650 break;
651
652 case SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO:
653 if (CommBufferPayloadSize < sizeof (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO)) {
654 DEBUG ((EFI_D_ERROR, "QueryVariableInfo: SMM communication buffer size invalid!\n"));
655 return EFI_SUCCESS;
656 }
657 QueryVariableInfo = (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *) SmmVariableFunctionHeader->Data;
658
659 Status = VariableServiceQueryVariableInfo (
660 QueryVariableInfo->Attributes,
661 &QueryVariableInfo->MaximumVariableStorageSize,
662 &QueryVariableInfo->RemainingVariableStorageSize,
663 &QueryVariableInfo->MaximumVariableSize
664 );
665 break;
666
667 case SMM_VARIABLE_FUNCTION_GET_PAYLOAD_SIZE:
668 if (CommBufferPayloadSize < sizeof (SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE)) {
669 DEBUG ((EFI_D_ERROR, "GetPayloadSize: SMM communication buffer size invalid!\n"));
670 return EFI_SUCCESS;
671 }
672 GetPayloadSize = (SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE *) SmmVariableFunctionHeader->Data;
673 GetPayloadSize->VariablePayloadSize = mVariableBufferPayloadSize;
674 Status = EFI_SUCCESS;
675 break;
676
677 case SMM_VARIABLE_FUNCTION_READY_TO_BOOT:
678 if (AtRuntime()) {
679 Status = EFI_UNSUPPORTED;
680 break;
681 }
682 if (!mEndOfDxe) {
683 MorLockInitAtEndOfDxe ();
684 mEndOfDxe = TRUE;
685 VarCheckLibInitializeAtEndOfDxe (NULL);
686 //
687 // The initialization for variable quota.
688 //
689 InitializeVariableQuota ();
690 }
691 ReclaimForOS ();
692 Status = EFI_SUCCESS;
693 break;
694
695 case SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE:
696 mAtRuntime = TRUE;
697 Status = EFI_SUCCESS;
698 break;
699
700 case SMM_VARIABLE_FUNCTION_GET_STATISTICS:
701 VariableInfo = (VARIABLE_INFO_ENTRY *) SmmVariableFunctionHeader->Data;
702 InfoSize = TempCommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
703
704 //
705 // Do not need to check SmmVariableFunctionHeader->Data in SMRAM here.
706 // It is covered by previous CommBuffer check
707 //
708
709 //
710 // Do not need to check CommBufferSize buffer as it should point to SMRAM
711 // that was used by SMM core to cache CommSize from SmmCommunication protocol.
712 //
713
714 Status = SmmVariableGetStatistics (VariableInfo, &InfoSize);
715 *CommBufferSize = InfoSize + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
716 break;
717
718 case SMM_VARIABLE_FUNCTION_LOCK_VARIABLE:
719 if (mEndOfDxe) {
720 Status = EFI_ACCESS_DENIED;
721 } else {
722 VariableToLock = (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *) SmmVariableFunctionHeader->Data;
723 Status = VariableLockRequestToLock (
724 NULL,
725 VariableToLock->Name,
726 &VariableToLock->Guid
727 );
728 }
729 break;
730 case SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_SET:
731 if (mEndOfDxe) {
732 Status = EFI_ACCESS_DENIED;
733 } else {
734 CommVariableProperty = (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *) SmmVariableFunctionHeader->Data;
735 Status = VarCheckVariablePropertySet (
736 CommVariableProperty->Name,
737 &CommVariableProperty->Guid,
738 &CommVariableProperty->VariableProperty
739 );
740 }
741 break;
742 case SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_GET:
743 if (CommBufferPayloadSize < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) {
744 DEBUG ((EFI_D_ERROR, "VarCheckVariablePropertyGet: SMM communication buffer size invalid!\n"));
745 return EFI_SUCCESS;
746 }
747 //
748 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
749 //
750 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);
751 CommVariableProperty = (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *) mVariableBufferPayload;
752 if ((UINTN) (~0) - CommVariableProperty->NameSize < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) {
753 //
754 // Prevent InfoSize overflow happen
755 //
756 Status = EFI_ACCESS_DENIED;
757 goto EXIT;
758 }
759 InfoSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) + CommVariableProperty->NameSize;
760
761 //
762 // SMRAM range check already covered before
763 //
764 if (InfoSize > CommBufferPayloadSize) {
765 DEBUG ((EFI_D_ERROR, "VarCheckVariablePropertyGet: Data size exceed communication buffer size limit!\n"));
766 Status = EFI_ACCESS_DENIED;
767 goto EXIT;
768 }
769
770 //
771 // The VariableSpeculationBarrier() call here is to ensure the previous
772 // range/content checks for the CommBuffer have been completed before the
773 // subsequent consumption of the CommBuffer content.
774 //
775 VariableSpeculationBarrier ();
776 if (CommVariableProperty->NameSize < sizeof (CHAR16) || CommVariableProperty->Name[CommVariableProperty->NameSize/sizeof (CHAR16) - 1] != L'\0') {
777 //
778 // Make sure VariableName is A Null-terminated string.
779 //
780 Status = EFI_ACCESS_DENIED;
781 goto EXIT;
782 }
783
784 Status = VarCheckVariablePropertyGet (
785 CommVariableProperty->Name,
786 &CommVariableProperty->Guid,
787 &CommVariableProperty->VariableProperty
788 );
789 CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);
790 break;
791
792 default:
793 Status = EFI_UNSUPPORTED;
794 }
795
796 EXIT:
797
798 SmmVariableFunctionHeader->ReturnStatus = Status;
799
800 return EFI_SUCCESS;
801 }
802
803 /**
804 SMM END_OF_DXE protocol notification event handler.
805
806 @param Protocol Points to the protocol's unique identifier
807 @param Interface Points to the interface instance
808 @param Handle The handle on which the interface was installed
809
810 @retval EFI_SUCCESS SmmEndOfDxeCallback runs successfully
811
812 **/
813 EFI_STATUS
814 EFIAPI
815 SmmEndOfDxeCallback (
816 IN CONST EFI_GUID *Protocol,
817 IN VOID *Interface,
818 IN EFI_HANDLE Handle
819 )
820 {
821 DEBUG ((EFI_D_INFO, "[Variable]SMM_END_OF_DXE is signaled\n"));
822 MorLockInitAtEndOfDxe ();
823 mEndOfDxe = TRUE;
824 VarCheckLibInitializeAtEndOfDxe (NULL);
825 //
826 // The initialization for variable quota.
827 //
828 InitializeVariableQuota ();
829 if (PcdGetBool (PcdReclaimVariableSpaceAtEndOfDxe)) {
830 ReclaimForOS ();
831 }
832
833 return EFI_SUCCESS;
834 }
835
836 /**
837 Initializes variable write service for SMM.
838
839 **/
840 VOID
841 VariableWriteServiceInitializeSmm (
842 VOID
843 )
844 {
845 EFI_STATUS Status;
846
847 Status = VariableWriteServiceInitialize ();
848 if (EFI_ERROR (Status)) {
849 DEBUG ((DEBUG_ERROR, "Variable write service initialization failed. Status = %r\n", Status));
850 }
851
852 //
853 // Notify the variable wrapper driver the variable write service is ready
854 //
855 VariableNotifySmmWriteReady ();
856 }
857
858 /**
859 SMM Fault Tolerant Write protocol notification event handler.
860
861 Non-Volatile variable write may needs FTW protocol to reclaim when
862 writting variable.
863
864 @param Protocol Points to the protocol's unique identifier
865 @param Interface Points to the interface instance
866 @param Handle The handle on which the interface was installed
867
868 @retval EFI_SUCCESS SmmEventCallback runs successfully
869 @retval EFI_NOT_FOUND The Fvb protocol for variable is not found.
870
871 **/
872 EFI_STATUS
873 EFIAPI
874 SmmFtwNotificationEvent (
875 IN CONST EFI_GUID *Protocol,
876 IN VOID *Interface,
877 IN EFI_HANDLE Handle
878 )
879 {
880 EFI_STATUS Status;
881 EFI_PHYSICAL_ADDRESS VariableStoreBase;
882 EFI_SMM_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbProtocol;
883 EFI_SMM_FAULT_TOLERANT_WRITE_PROTOCOL *FtwProtocol;
884 EFI_PHYSICAL_ADDRESS NvStorageVariableBase;
885 UINTN FtwMaxBlockSize;
886
887 if (mVariableModuleGlobal->FvbInstance != NULL) {
888 return EFI_SUCCESS;
889 }
890
891 //
892 // Ensure SMM FTW protocol is installed.
893 //
894 Status = GetFtwProtocol ((VOID **)&FtwProtocol);
895 if (EFI_ERROR (Status)) {
896 return Status;
897 }
898
899 Status = FtwProtocol->GetMaxBlockSize (FtwProtocol, &FtwMaxBlockSize);
900 if (!EFI_ERROR (Status)) {
901 ASSERT (PcdGet32 (PcdFlashNvStorageVariableSize) <= FtwMaxBlockSize);
902 }
903
904 NvStorageVariableBase = NV_STORAGE_VARIABLE_BASE;
905 VariableStoreBase = NvStorageVariableBase + mNvFvHeaderCache->HeaderLength;
906
907 //
908 // Let NonVolatileVariableBase point to flash variable store base directly after FTW ready.
909 //
910 mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase = VariableStoreBase;
911
912 //
913 // Find the proper FVB protocol for variable.
914 //
915 Status = GetFvbInfoByAddress (NvStorageVariableBase, NULL, &FvbProtocol);
916 if (EFI_ERROR (Status)) {
917 return EFI_NOT_FOUND;
918 }
919
920 mVariableModuleGlobal->FvbInstance = FvbProtocol;
921
922 //
923 // Initializes variable write service after FTW was ready.
924 //
925 VariableWriteServiceInitializeSmm ();
926
927 return EFI_SUCCESS;
928 }
929
930
931 /**
932 Variable Driver main entry point. The Variable driver places the 4 EFI
933 runtime services in the EFI System Table and installs arch protocols
934 for variable read and write services being available. It also registers
935 a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
936
937 @retval EFI_SUCCESS Variable service successfully initialized.
938
939 **/
940 EFI_STATUS
941 EFIAPI
942 MmVariableServiceInitialize (
943 VOID
944 )
945 {
946 EFI_STATUS Status;
947 EFI_HANDLE VariableHandle;
948 VOID *SmmFtwRegistration;
949 VOID *SmmEndOfDxeRegistration;
950
951 //
952 // Variable initialize.
953 //
954 Status = VariableCommonInitialize ();
955 ASSERT_EFI_ERROR (Status);
956
957 //
958 // Install the Smm Variable Protocol on a new handle.
959 //
960 VariableHandle = NULL;
961 Status = gMmst->MmInstallProtocolInterface (
962 &VariableHandle,
963 &gEfiSmmVariableProtocolGuid,
964 EFI_NATIVE_INTERFACE,
965 &gSmmVariable
966 );
967 ASSERT_EFI_ERROR (Status);
968
969 Status = gMmst->MmInstallProtocolInterface (
970 &VariableHandle,
971 &gEdkiiSmmVarCheckProtocolGuid,
972 EFI_NATIVE_INTERFACE,
973 &mSmmVarCheck
974 );
975 ASSERT_EFI_ERROR (Status);
976
977 mVariableBufferPayloadSize = GetMaxVariableSize () +
978 OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) - GetVariableHeaderSize ();
979
980 Status = gMmst->MmAllocatePool (
981 EfiRuntimeServicesData,
982 mVariableBufferPayloadSize,
983 (VOID **)&mVariableBufferPayload
984 );
985 ASSERT_EFI_ERROR (Status);
986
987 ///
988 /// Register SMM variable SMI handler
989 ///
990 VariableHandle = NULL;
991 Status = gMmst->MmiHandlerRegister (SmmVariableHandler, &gEfiSmmVariableProtocolGuid, &VariableHandle);
992 ASSERT_EFI_ERROR (Status);
993
994 //
995 // Notify the variable wrapper driver the variable service is ready
996 //
997 VariableNotifySmmReady ();
998
999 //
1000 // Register EFI_SMM_END_OF_DXE_PROTOCOL_GUID notify function.
1001 //
1002 Status = gMmst->MmRegisterProtocolNotify (
1003 &gEfiMmEndOfDxeProtocolGuid,
1004 SmmEndOfDxeCallback,
1005 &SmmEndOfDxeRegistration
1006 );
1007 ASSERT_EFI_ERROR (Status);
1008
1009 if (!PcdGetBool (PcdEmuVariableNvModeEnable)) {
1010 //
1011 // Register FtwNotificationEvent () notify function.
1012 //
1013 Status = gMmst->MmRegisterProtocolNotify (
1014 &gEfiSmmFaultTolerantWriteProtocolGuid,
1015 SmmFtwNotificationEvent,
1016 &SmmFtwRegistration
1017 );
1018 ASSERT_EFI_ERROR (Status);
1019
1020 SmmFtwNotificationEvent (NULL, NULL, NULL);
1021 } else {
1022 //
1023 // Emulated non-volatile variable mode does not depend on FVB and FTW.
1024 //
1025 VariableWriteServiceInitializeSmm ();
1026 }
1027
1028 return EFI_SUCCESS;
1029 }
1030
1031
EFI Development Kit II mirror for PVE