]> git.proxmox.com Git - mirror_edk2.git/blob - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
projects / mirror_edk2.git / blob
? search:


f8e6bd58828ae592e205d4fdeafe94961cee767b
[mirror_edk2.git] / MdeModulePkg / Universal / Variable / RuntimeDxe / VariableSmm.c
1 /** @file
2
3 The sample implementation for SMM variable protocol. And this driver
4 implements an SMI handler to communicate with the DXE runtime driver
5 to provide variable services.
6
7 Caution: This module requires additional review when modified.
8 This driver will have external input - variable data and communicate buffer in SMM mode.
9 This external input must be validated carefully to avoid security issue like
10 buffer overflow, integer overflow.
11
12 SmmVariableHandler() will receive untrusted input and do basic validation.
13
14 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(),
15 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
16 SmmVariableGetStatistics() should also do validation based on its own knowledge.
17
18 Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
19 This program and the accompanying materials
20 are licensed and made available under the terms and conditions of the BSD License
21 which accompanies this distribution. The full text of the license may be found at
22 http://opensource.org/licenses/bsd-license.php
23
24 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
25 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
26
27 **/
28 #include <Protocol/SmmVariable.h>
29 #include <Protocol/SmmFirmwareVolumeBlock.h>
30 #include <Protocol/SmmFaultTolerantWrite.h>
31 #include <Protocol/SmmAccess2.h>
32
33 #include <Library/SmmServicesTableLib.h>
34
35 #include <Guid/VariableFormat.h>
36 #include <Guid/SmmVariableCommon.h>
37 #include "Variable.h"
38
39 EFI_SMRAM_DESCRIPTOR *mSmramRanges;
40 UINTN mSmramRangeCount;
41
42 extern VARIABLE_INFO_ENTRY *gVariableInfo;
43 EFI_HANDLE mSmmVariableHandle = NULL;
44 EFI_HANDLE mVariableHandle = NULL;
45 BOOLEAN mAtRuntime = FALSE;
46 EFI_GUID mZeroGuid = {0, 0, 0, {0, 0, 0, 0, 0, 0, 0, 0}};
47
48 EFI_SMM_VARIABLE_PROTOCOL gSmmVariable = {
49 VariableServiceGetVariable,
50 VariableServiceGetNextVariableName,
51 VariableServiceSetVariable,
52 VariableServiceQueryVariableInfo
53 };
54
55
56 /**
57 Return TRUE if ExitBootServices () has been called.
58
59 @retval TRUE If ExitBootServices () has been called.
60 **/
61 BOOLEAN
62 AtRuntime (
63 VOID
64 )
65 {
66 return mAtRuntime;
67 }
68
69 /**
70 This function check if the address is in SMRAM.
71
72 @param Buffer the buffer address to be checked.
73 @param Length the buffer length to be checked.
74
75 @retval TRUE this address is in SMRAM.
76 @retval FALSE this address is NOT in SMRAM.
77 **/
78 BOOLEAN
79 InternalIsAddressInSmram (
80 IN EFI_PHYSICAL_ADDRESS Buffer,
81 IN UINT64 Length
82 )
83 {
84 UINTN Index;
85
86 for (Index = 0; Index < mSmramRangeCount; Index ++) {
87 if (((Buffer >= mSmramRanges[Index].CpuStart) && (Buffer < mSmramRanges[Index].CpuStart + mSmramRanges[Index].PhysicalSize)) ||
88 ((mSmramRanges[Index].CpuStart >= Buffer) && (mSmramRanges[Index].CpuStart < Buffer + Length))) {
89 return TRUE;
90 }
91 }
92
93 return FALSE;
94 }
95
96 /**
97 This function check if the address refered by Buffer and Length is valid.
98
99 @param Buffer the buffer address to be checked.
100 @param Length the buffer length to be checked.
101
102 @retval TRUE this address is valid.
103 @retval FALSE this address is NOT valid.
104 **/
105 BOOLEAN
106 InternalIsAddressValid (
107 IN UINTN Buffer,
108 IN UINTN Length
109 )
110 {
111 if (Buffer > (MAX_ADDRESS - Length)) {
112 //
113 // Overflow happen
114 //
115 return FALSE;
116 }
117 if (InternalIsAddressInSmram ((EFI_PHYSICAL_ADDRESS)Buffer, (UINT64)Length)) {
118 return FALSE;
119 }
120 return TRUE;
121 }
122
123 /**
124 Initializes a basic mutual exclusion lock.
125
126 This function initializes a basic mutual exclusion lock to the released state
127 and returns the lock. Each lock provides mutual exclusion access at its task
128 priority level. Since there is no preemption or multiprocessor support in EFI,
129 acquiring the lock only consists of raising to the locks TPL.
130 If Lock is NULL, then ASSERT().
131 If Priority is not a valid TPL value, then ASSERT().
132
133 @param Lock A pointer to the lock data structure to initialize.
134 @param Priority EFI TPL is associated with the lock.
135
136 @return The lock.
137
138 **/
139 EFI_LOCK *
140 InitializeLock (
141 IN OUT EFI_LOCK *Lock,
142 IN EFI_TPL Priority
143 )
144 {
145 return Lock;
146 }
147
148 /**
149 Acquires lock only at boot time. Simply returns at runtime.
150
151 This is a temperary function that will be removed when
152 EfiAcquireLock() in UefiLib can handle the call in UEFI
153 Runtimer driver in RT phase.
154 It calls EfiAcquireLock() at boot time, and simply returns
155 at runtime.
156
157 @param Lock A pointer to the lock to acquire.
158
159 **/
160 VOID
161 AcquireLockOnlyAtBootTime (
162 IN EFI_LOCK *Lock
163 )
164 {
165
166 }
167
168
169 /**
170 Releases lock only at boot time. Simply returns at runtime.
171
172 This is a temperary function which will be removed when
173 EfiReleaseLock() in UefiLib can handle the call in UEFI
174 Runtimer driver in RT phase.
175 It calls EfiReleaseLock() at boot time and simply returns
176 at runtime.
177
178 @param Lock A pointer to the lock to release.
179
180 **/
181 VOID
182 ReleaseLockOnlyAtBootTime (
183 IN EFI_LOCK *Lock
184 )
185 {
186
187 }
188
189 /**
190 Retrive the SMM Fault Tolerent Write protocol interface.
191
192 @param[out] FtwProtocol The interface of SMM Ftw protocol
193
194 @retval EFI_SUCCESS The SMM FTW protocol instance was found and returned in FtwProtocol.
195 @retval EFI_NOT_FOUND The SMM FTW protocol instance was not found.
196 @retval EFI_INVALID_PARAMETER SarProtocol is NULL.
197
198 **/
199 EFI_STATUS
200 GetFtwProtocol (
201 OUT VOID **FtwProtocol
202 )
203 {
204 EFI_STATUS Status;
205
206 //
207 // Locate Smm Fault Tolerent Write protocol
208 //
209 Status = gSmst->SmmLocateProtocol (
210 &gEfiSmmFaultTolerantWriteProtocolGuid,
211 NULL,
212 FtwProtocol
213 );
214 return Status;
215 }
216
217
218 /**
219 Retrive the SMM FVB protocol interface by HANDLE.
220
221 @param[in] FvBlockHandle The handle of SMM FVB protocol that provides services for
222 reading, writing, and erasing the target block.
223 @param[out] FvBlock The interface of SMM FVB protocol
224
225 @retval EFI_SUCCESS The interface information for the specified protocol was returned.
226 @retval EFI_UNSUPPORTED The device does not support the SMM FVB protocol.
227 @retval EFI_INVALID_PARAMETER FvBlockHandle is not a valid EFI_HANDLE or FvBlock is NULL.
228
229 **/
230 EFI_STATUS
231 GetFvbByHandle (
232 IN EFI_HANDLE FvBlockHandle,
233 OUT EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL **FvBlock
234 )
235 {
236 //
237 // To get the SMM FVB protocol interface on the handle
238 //
239 return gSmst->SmmHandleProtocol (
240 FvBlockHandle,
241 &gEfiSmmFirmwareVolumeBlockProtocolGuid,
242 (VOID **) FvBlock
243 );
244 }
245
246
247 /**
248 Function returns an array of handles that support the SMM FVB protocol
249 in a buffer allocated from pool.
250
251 @param[out] NumberHandles The number of handles returned in Buffer.
252 @param[out] Buffer A pointer to the buffer to return the requested
253 array of handles that support SMM FVB protocol.
254
255 @retval EFI_SUCCESS The array of handles was returned in Buffer, and the number of
256 handles in Buffer was returned in NumberHandles.
257 @retval EFI_NOT_FOUND No SMM FVB handle was found.
258 @retval EFI_OUT_OF_RESOURCES There is not enough pool memory to store the matching results.
259 @retval EFI_INVALID_PARAMETER NumberHandles is NULL or Buffer is NULL.
260
261 **/
262 EFI_STATUS
263 GetFvbCountAndBuffer (
264 OUT UINTN *NumberHandles,
265 OUT EFI_HANDLE **Buffer
266 )
267 {
268 EFI_STATUS Status;
269 UINTN BufferSize;
270
271 if ((NumberHandles == NULL) || (Buffer == NULL)) {
272 return EFI_INVALID_PARAMETER;
273 }
274
275 BufferSize = 0;
276 *NumberHandles = 0;
277 *Buffer = NULL;
278 Status = gSmst->SmmLocateHandle (
279 ByProtocol,
280 &gEfiSmmFirmwareVolumeBlockProtocolGuid,
281 NULL,
282 &BufferSize,
283 *Buffer
284 );
285 if (EFI_ERROR(Status) && Status != EFI_BUFFER_TOO_SMALL) {
286 return EFI_NOT_FOUND;
287 }
288
289 *Buffer = AllocatePool (BufferSize);
290 if (*Buffer == NULL) {
291 return EFI_OUT_OF_RESOURCES;
292 }
293
294 Status = gSmst->SmmLocateHandle (
295 ByProtocol,
296 &gEfiSmmFirmwareVolumeBlockProtocolGuid,
297 NULL,
298 &BufferSize,
299 *Buffer
300 );
301
302 *NumberHandles = BufferSize / sizeof(EFI_HANDLE);
303 if (EFI_ERROR(Status)) {
304 *NumberHandles = 0;
305 }
306
307 return Status;
308 }
309
310
311 /**
312 Get the variable statistics information from the information buffer pointed by gVariableInfo.
313
314 Caution: This function may be invoked at SMM runtime.
315 InfoEntry and InfoSize are external input. Care must be taken to make sure not security issue at runtime.
316
317 @param[in, out] InfoEntry A pointer to the buffer of variable information entry.
318 On input, point to the variable information returned last time. if
319 InfoEntry->VendorGuid is zero, return the first information.
320 On output, point to the next variable information.
321 @param[in, out] InfoSize On input, the size of the variable information buffer.
322 On output, the returned variable information size.
323
324 @retval EFI_SUCCESS The variable information is found and returned successfully.
325 @retval EFI_UNSUPPORTED No variable inoformation exists in variable driver. The
326 PcdVariableCollectStatistics should be set TRUE to support it.
327 @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the next variable information.
328
329 **/
330 EFI_STATUS
331 SmmVariableGetStatistics (
332 IN OUT VARIABLE_INFO_ENTRY *InfoEntry,
333 IN OUT UINTN *InfoSize
334 )
335 {
336 VARIABLE_INFO_ENTRY *VariableInfo;
337 UINTN NameLength;
338 UINTN StatisticsInfoSize;
339 CHAR16 *InfoName;
340
341 ASSERT (InfoEntry != NULL);
342 VariableInfo = gVariableInfo;
343 if (VariableInfo == NULL) {
344 return EFI_UNSUPPORTED;
345 }
346
347 StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + StrSize (VariableInfo->Name);
348 if (*InfoSize < StatisticsInfoSize) {
349 *InfoSize = StatisticsInfoSize;
350 return EFI_BUFFER_TOO_SMALL;
351 }
352 InfoName = (CHAR16 *)(InfoEntry + 1);
353
354 if (CompareGuid (&InfoEntry->VendorGuid, &mZeroGuid)) {
355 //
356 // Return the first variable info
357 //
358 CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY));
359 CopyMem (InfoName, VariableInfo->Name, StrSize (VariableInfo->Name));
360 *InfoSize = StatisticsInfoSize;
361 return EFI_SUCCESS;
362 }
363
364 //
365 // Get the next variable info
366 //
367 while (VariableInfo != NULL) {
368 if (CompareGuid (&VariableInfo->VendorGuid, &InfoEntry->VendorGuid)) {
369 NameLength = StrSize (VariableInfo->Name);
370 if (NameLength == StrSize (InfoName)) {
371 if (CompareMem (VariableInfo->Name, InfoName, NameLength) == 0) {
372 //
373 // Find the match one
374 //
375 VariableInfo = VariableInfo->Next;
376 break;
377 }
378 }
379 }
380 VariableInfo = VariableInfo->Next;
381 };
382
383 if (VariableInfo == NULL) {
384 *InfoSize = 0;
385 return EFI_SUCCESS;
386 }
387
388 //
389 // Output the new variable info
390 //
391 StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + StrSize (VariableInfo->Name);
392 if (*InfoSize < StatisticsInfoSize) {
393 *InfoSize = StatisticsInfoSize;
394 return EFI_BUFFER_TOO_SMALL;
395 }
396
397 CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY));
398 CopyMem (InfoName, VariableInfo->Name, StrSize (VariableInfo->Name));
399 *InfoSize = StatisticsInfoSize;
400
401 return EFI_SUCCESS;
402 }
403
404
405 /**
406 Communication service SMI Handler entry.
407
408 This SMI handler provides services for the variable wrapper driver.
409
410 Caution: This function may receive untrusted input.
411 This variable data and communicate buffer are external input, so this function will do basic validation.
412 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(),
413 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
414 SmmVariableGetStatistics() should also do validation based on its own knowledge.
415
416 @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().
417 @param[in] RegisterContext Points to an optional handler context which was specified when the
418 handler was registered.
419 @param[in, out] CommBuffer A pointer to a collection of data in memory that will
420 be conveyed from a non-SMM environment into an SMM environment.
421 @param[in, out] CommBufferSize The size of the CommBuffer.
422
423 @retval EFI_SUCCESS The interrupt was handled and quiesced. No other handlers
424 should still be called.
425 @retval EFI_WARN_INTERRUPT_SOURCE_QUIESCED The interrupt has been quiesced but other handlers should
426 still be called.
427 @retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still pending and other handlers should still
428 be called.
429 @retval EFI_INTERRUPT_PENDING The interrupt could not be quiesced.
430 **/
431 EFI_STATUS
432 EFIAPI
433 SmmVariableHandler (
434 IN EFI_HANDLE DispatchHandle,
435 IN CONST VOID *RegisterContext,
436 IN OUT VOID *CommBuffer,
437 IN OUT UINTN *CommBufferSize
438 )
439 {
440 EFI_STATUS Status;
441 SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHeader;
442 SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *SmmVariableHeader;
443 SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *GetNextVariableName;
444 SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *QueryVariableInfo;
445 VARIABLE_INFO_ENTRY *VariableInfo;
446 UINTN InfoSize;
447 UINTN NameBufferSize;
448
449 //
450 // If input is invalid, stop processing this SMI
451 //
452 if (CommBuffer == NULL || CommBufferSize == NULL) {
453 return EFI_SUCCESS;
454 }
455
456 if (*CommBufferSize < SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {
457 return EFI_SUCCESS;
458 }
459
460 if (!InternalIsAddressValid ((UINTN)CommBuffer, *CommBufferSize)) {
461 DEBUG ((EFI_D_ERROR, "SMM communication buffer in SMRAM or overflow!\n"));
462 return EFI_SUCCESS;
463 }
464
465 SmmVariableFunctionHeader = (SMM_VARIABLE_COMMUNICATE_HEADER *)CommBuffer;
466 switch (SmmVariableFunctionHeader->Function) {
467 case SMM_VARIABLE_FUNCTION_GET_VARIABLE:
468 SmmVariableHeader = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *) SmmVariableFunctionHeader->Data;
469 if (((UINTN)(~0) - SmmVariableHeader->DataSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) ||
470 ((UINTN)(~0) - SmmVariableHeader->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + SmmVariableHeader->DataSize)) {
471 //
472 // Prevent InfoSize overflow happen
473 //
474 Status = EFI_ACCESS_DENIED;
475 goto EXIT;
476 }
477 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)
478 + SmmVariableHeader->DataSize + SmmVariableHeader->NameSize;
479
480 //
481 // SMRAM range check already covered before
482 //
483 if (InfoSize > *CommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {
484 DEBUG ((EFI_D_ERROR, "Data size exceed communication buffer size limit!\n"));
485 Status = EFI_ACCESS_DENIED;
486 goto EXIT;
487 }
488
489 if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {
490 //
491 // Make sure VariableName is A Null-terminated string.
492 //
493 Status = EFI_ACCESS_DENIED;
494 goto EXIT;
495 }
496
497 Status = VariableServiceGetVariable (
498 SmmVariableHeader->Name,
499 &SmmVariableHeader->Guid,
500 &SmmVariableHeader->Attributes,
501 &SmmVariableHeader->DataSize,
502 (UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->NameSize
503 );
504 break;
505
506 case SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME:
507 GetNextVariableName = (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *) SmmVariableFunctionHeader->Data;
508 if ((UINTN)(~0) - GetNextVariableName->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {
509 //
510 // Prevent InfoSize overflow happen
511 //
512 Status = EFI_ACCESS_DENIED;
513 goto EXIT;
514 }
515 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name) + GetNextVariableName->NameSize;
516
517 //
518 // SMRAM range check already covered before
519 //
520 if (InfoSize > *CommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {
521 DEBUG ((EFI_D_ERROR, "Data size exceed communication buffer size limit!\n"));
522 Status = EFI_ACCESS_DENIED;
523 goto EXIT;
524 }
525
526 NameBufferSize = *CommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE - OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name);
527 if (NameBufferSize < sizeof (CHAR16) || GetNextVariableName->Name[NameBufferSize/sizeof (CHAR16) - 1] != L'\0') {
528 //
529 // Make sure input VariableName is A Null-terminated string.
530 //
531 Status = EFI_ACCESS_DENIED;
532 goto EXIT;
533 }
534
535 Status = VariableServiceGetNextVariableName (
536 &GetNextVariableName->NameSize,
537 GetNextVariableName->Name,
538 &GetNextVariableName->Guid
539 );
540 break;
541
542 case SMM_VARIABLE_FUNCTION_SET_VARIABLE:
543 SmmVariableHeader = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *) SmmVariableFunctionHeader->Data;
544 if (((UINTN)(~0) - SmmVariableHeader->DataSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) ||
545 ((UINTN)(~0) - SmmVariableHeader->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + SmmVariableHeader->DataSize)) {
546 //
547 // Prevent InfoSize overflow happen
548 //
549 Status = EFI_ACCESS_DENIED;
550 goto EXIT;
551 }
552 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)
553 + SmmVariableHeader->DataSize + SmmVariableHeader->NameSize;
554
555 //
556 // SMRAM range check already covered before
557 // Data buffer should not contain SMM range
558 //
559 if (InfoSize > *CommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {
560 DEBUG ((EFI_D_ERROR, "Data size exceed communication buffer size limit!\n"));
561 Status = EFI_ACCESS_DENIED;
562 goto EXIT;
563 }
564
565 if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {
566 //
567 // Make sure VariableName is A Null-terminated string.
568 //
569 Status = EFI_ACCESS_DENIED;
570 goto EXIT;
571 }
572
573 Status = VariableServiceSetVariable (
574 SmmVariableHeader->Name,
575 &SmmVariableHeader->Guid,
576 SmmVariableHeader->Attributes,
577 SmmVariableHeader->DataSize,
578 (UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->NameSize
579 );
580 break;
581
582 case SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO:
583 QueryVariableInfo = (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *) SmmVariableFunctionHeader->Data;
584 InfoSize = sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO);
585
586 //
587 // SMRAM range check already covered before
588 //
589 if (InfoSize > *CommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {
590 DEBUG ((EFI_D_ERROR, "Data size exceed communication buffer size limit!\n"));
591 Status = EFI_ACCESS_DENIED;
592 goto EXIT;
593 }
594
595 Status = VariableServiceQueryVariableInfo (
596 QueryVariableInfo->Attributes,
597 &QueryVariableInfo->MaximumVariableStorageSize,
598 &QueryVariableInfo->RemainingVariableStorageSize,
599 &QueryVariableInfo->MaximumVariableSize
600 );
601 break;
602
603 case SMM_VARIABLE_FUNCTION_READY_TO_BOOT:
604 if (AtRuntime()) {
605 Status = EFI_UNSUPPORTED;
606 break;
607 }
608 ReclaimForOS ();
609 Status = EFI_SUCCESS;
610 break;
611
612 case SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE:
613 mAtRuntime = TRUE;
614 Status = EFI_SUCCESS;
615 break;
616
617 case SMM_VARIABLE_FUNCTION_GET_STATISTICS:
618 VariableInfo = (VARIABLE_INFO_ENTRY *) SmmVariableFunctionHeader->Data;
619 InfoSize = *CommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
620
621 //
622 // Do not need to check SmmVariableFunctionHeader->Data in SMRAM here.
623 // It is covered by previous CommBuffer check
624 //
625
626 if (InternalIsAddressInSmram ((EFI_PHYSICAL_ADDRESS)(UINTN)CommBufferSize, sizeof(UINTN))) {
627 DEBUG ((EFI_D_ERROR, "SMM communication buffer in SMRAM!\n"));
628 Status = EFI_ACCESS_DENIED;
629 goto EXIT;
630 }
631
632 Status = SmmVariableGetStatistics (VariableInfo, &InfoSize);
633 *CommBufferSize = InfoSize + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
634 break;
635
636 default:
637 Status = EFI_UNSUPPORTED;
638 }
639
640 EXIT:
641
642 SmmVariableFunctionHeader->ReturnStatus = Status;
643
644 return EFI_SUCCESS;
645 }
646
647
648 /**
649 SMM Fault Tolerant Write protocol notification event handler.
650
651 Non-Volatile variable write may needs FTW protocol to reclaim when
652 writting variable.
653
654 @param Protocol Points to the protocol's unique identifier
655 @param Interface Points to the interface instance
656 @param Handle The handle on which the interface was installed
657
658 @retval EFI_SUCCESS SmmEventCallback runs successfully
659 @retval EFI_NOT_FOUND The Fvb protocol for variable is not found.
660
661 **/
662 EFI_STATUS
663 EFIAPI
664 SmmFtwNotificationEvent (
665 IN CONST EFI_GUID *Protocol,
666 IN VOID *Interface,
667 IN EFI_HANDLE Handle
668 )
669 {
670 EFI_STATUS Status;
671 EFI_SMM_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbProtocol;
672 EFI_SMM_FAULT_TOLERANT_WRITE_PROTOCOL *FtwProtocol;
673 EFI_PHYSICAL_ADDRESS NvStorageVariableBase;
674
675 if (mVariableModuleGlobal->FvbInstance != NULL) {
676 return EFI_SUCCESS;
677 }
678
679 //
680 // Ensure SMM FTW protocol is installed.
681 //
682 Status = GetFtwProtocol ((VOID **)&FtwProtocol);
683 if (EFI_ERROR (Status)) {
684 return Status;
685 }
686
687 //
688 // Find the proper FVB protocol for variable.
689 //
690 NvStorageVariableBase = (EFI_PHYSICAL_ADDRESS) PcdGet64 (PcdFlashNvStorageVariableBase64);
691 if (NvStorageVariableBase == 0) {
692 NvStorageVariableBase = (EFI_PHYSICAL_ADDRESS) PcdGet32 (PcdFlashNvStorageVariableBase);
693 }
694 Status = GetFvbInfoByAddress (NvStorageVariableBase, NULL, &FvbProtocol);
695 if (EFI_ERROR (Status)) {
696 return EFI_NOT_FOUND;
697 }
698
699 mVariableModuleGlobal->FvbInstance = FvbProtocol;
700
701 Status = VariableWriteServiceInitialize ();
702 ASSERT_EFI_ERROR (Status);
703
704 //
705 // Notify the variable wrapper driver the variable write service is ready
706 //
707 Status = gBS->InstallProtocolInterface (
708 &mSmmVariableHandle,
709 &gSmmVariableWriteGuid,
710 EFI_NATIVE_INTERFACE,
711 NULL
712 );
713 ASSERT_EFI_ERROR (Status);
714
715 return EFI_SUCCESS;
716 }
717
718
719 /**
720 Variable Driver main entry point. The Variable driver places the 4 EFI
721 runtime services in the EFI System Table and installs arch protocols
722 for variable read and write services being available. It also registers
723 a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
724
725 @param[in] ImageHandle The firmware allocated handle for the EFI image.
726 @param[in] SystemTable A pointer to the EFI System Table.
727
728 @retval EFI_SUCCESS Variable service successfully initialized.
729
730 **/
731 EFI_STATUS
732 EFIAPI
733 VariableServiceInitialize (
734 IN EFI_HANDLE ImageHandle,
735 IN EFI_SYSTEM_TABLE *SystemTable
736 )
737 {
738 EFI_STATUS Status;
739 EFI_HANDLE VariableHandle;
740 VOID *SmmFtwRegistration;
741 EFI_SMM_ACCESS2_PROTOCOL *SmmAccess;
742 UINTN Size;
743
744 //
745 // Variable initialize.
746 //
747 Status = VariableCommonInitialize ();
748 ASSERT_EFI_ERROR (Status);
749
750 //
751 // Install the Smm Variable Protocol on a new handle.
752 //
753 VariableHandle = NULL;
754 Status = gSmst->SmmInstallProtocolInterface (
755 &VariableHandle,
756 &gEfiSmmVariableProtocolGuid,
757 EFI_NATIVE_INTERFACE,
758 &gSmmVariable
759 );
760 ASSERT_EFI_ERROR (Status);
761
762 //
763 // Get SMRAM information
764 //
765 Status = gBS->LocateProtocol (&gEfiSmmAccess2ProtocolGuid, NULL, (VOID **)&SmmAccess);
766 ASSERT_EFI_ERROR (Status);
767
768 Size = 0;
769 Status = SmmAccess->GetCapabilities (SmmAccess, &Size, NULL);
770 ASSERT (Status == EFI_BUFFER_TOO_SMALL);
771
772 Status = gSmst->SmmAllocatePool (
773 EfiRuntimeServicesData,
774 Size,
775 (VOID **)&mSmramRanges
776 );
777 ASSERT_EFI_ERROR (Status);
778
779 Status = SmmAccess->GetCapabilities (SmmAccess, &Size, mSmramRanges);
780 ASSERT_EFI_ERROR (Status);
781
782 mSmramRangeCount = Size / sizeof (EFI_SMRAM_DESCRIPTOR);
783
784 ///
785 /// Register SMM variable SMI handler
786 ///
787 VariableHandle = NULL;
788 Status = gSmst->SmiHandlerRegister (SmmVariableHandler, &gEfiSmmVariableProtocolGuid, &VariableHandle);
789 ASSERT_EFI_ERROR (Status);
790
791 //
792 // Notify the variable wrapper driver the variable service is ready
793 //
794 Status = SystemTable->BootServices->InstallProtocolInterface (
795 &mVariableHandle,
796 &gEfiSmmVariableProtocolGuid,
797 EFI_NATIVE_INTERFACE,
798 &gSmmVariable
799 );
800 ASSERT_EFI_ERROR (Status);
801
802 //
803 // Register FtwNotificationEvent () notify function.
804 //
805 Status = gSmst->SmmRegisterProtocolNotify (
806 &gEfiSmmFaultTolerantWriteProtocolGuid,
807 SmmFtwNotificationEvent,
808 &SmmFtwRegistration
809 );
810 ASSERT_EFI_ERROR (Status);
811
812 SmmFtwNotificationEvent (NULL, NULL, NULL);
813
814 return EFI_SUCCESS;
815 }
816
817
EFI Development Kit II mirror for PVE