]> git.proxmox.com Git - mirror_edk2.git/blob - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
MdeModulePkg: Cleanup gEfiSmmAccess2ProtocolGuid reference.
[mirror_edk2.git] / MdeModulePkg / Universal / Variable / RuntimeDxe / VariableSmm.c
1 /** @file
2
3 The sample implementation for SMM variable protocol. And this driver
4 implements an SMI handler to communicate with the DXE runtime driver
5 to provide variable services.
6
7 Caution: This module requires additional review when modified.
8 This driver will have external input - variable data and communicate buffer in SMM mode.
9 This external input must be validated carefully to avoid security issue like
10 buffer overflow, integer overflow.
11
12 SmmVariableHandler() will receive untrusted input and do basic validation.
13
14 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(),
15 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
16 SmmVariableGetStatistics() should also do validation based on its own knowledge.
17
18 Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
19 This program and the accompanying materials
20 are licensed and made available under the terms and conditions of the BSD License
21 which accompanies this distribution. The full text of the license may be found at
22 http://opensource.org/licenses/bsd-license.php
23
24 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
25 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
26
27 **/
28 #include <Protocol/SmmVariable.h>
29 #include <Protocol/SmmFirmwareVolumeBlock.h>
30 #include <Protocol/SmmFaultTolerantWrite.h>
31 #include <Protocol/SmmEndOfDxe.h>
32 #include <Protocol/SmmVarCheck.h>
33
34 #include <Library/SmmServicesTableLib.h>
35 #include <Library/SmmMemLib.h>
36
37 #include <Guid/VariableFormat.h>
38 #include <Guid/SmmVariableCommon.h>
39 #include "Variable.h"
40
41 extern VARIABLE_INFO_ENTRY *gVariableInfo;
42 EFI_HANDLE mSmmVariableHandle = NULL;
43 EFI_HANDLE mVariableHandle = NULL;
44 BOOLEAN mAtRuntime = FALSE;
45 EFI_GUID mZeroGuid = {0, 0, 0, {0, 0, 0, 0, 0, 0, 0, 0}};
46 UINT8 *mVariableBufferPayload = NULL;
47 UINTN mVariableBufferPayloadSize;
48 extern BOOLEAN mEndOfDxe;
49 extern BOOLEAN mEnableLocking;
50
51 /**
52
53 This code sets variable in storage blocks (Volatile or Non-Volatile).
54
55 @param VariableName Name of Variable to be found.
56 @param VendorGuid Variable vendor GUID.
57 @param Attributes Attribute value of the variable found
58 @param DataSize Size of Data found. If size is less than the
59 data, this value contains the required size.
60 @param Data Data pointer.
61
62 @return EFI_INVALID_PARAMETER Invalid parameter.
63 @return EFI_SUCCESS Set successfully.
64 @return EFI_OUT_OF_RESOURCES Resource not enough to set variable.
65 @return EFI_NOT_FOUND Not found.
66 @return EFI_WRITE_PROTECTED Variable is read-only.
67
68 **/
69 EFI_STATUS
70 EFIAPI
71 SmmVariableSetVariable (
72 IN CHAR16 *VariableName,
73 IN EFI_GUID *VendorGuid,
74 IN UINT32 Attributes,
75 IN UINTN DataSize,
76 IN VOID *Data
77 )
78 {
79 EFI_STATUS Status;
80
81 //
82 // Disable write protection when the calling SetVariable() through EFI_SMM_VARIABLE_PROTOCOL.
83 //
84 mEnableLocking = FALSE;
85 Status = VariableServiceSetVariable (
86 VariableName,
87 VendorGuid,
88 Attributes,
89 DataSize,
90 Data
91 );
92 mEnableLocking = TRUE;
93 return Status;
94 }
95
96 EFI_SMM_VARIABLE_PROTOCOL gSmmVariable = {
97 VariableServiceGetVariable,
98 VariableServiceGetNextVariableName,
99 SmmVariableSetVariable,
100 VariableServiceQueryVariableInfo
101 };
102
103 EDKII_SMM_VAR_CHECK_PROTOCOL mSmmVarCheck = { VarCheckRegisterSetVariableCheckHandler,
104 VarCheckVariablePropertySet,
105 VarCheckVariablePropertyGet };
106
107 /**
108 Return TRUE if ExitBootServices () has been called.
109
110 @retval TRUE If ExitBootServices () has been called.
111 **/
112 BOOLEAN
113 AtRuntime (
114 VOID
115 )
116 {
117 return mAtRuntime;
118 }
119
120 /**
121 Initializes a basic mutual exclusion lock.
122
123 This function initializes a basic mutual exclusion lock to the released state
124 and returns the lock. Each lock provides mutual exclusion access at its task
125 priority level. Since there is no preemption or multiprocessor support in EFI,
126 acquiring the lock only consists of raising to the locks TPL.
127 If Lock is NULL, then ASSERT().
128 If Priority is not a valid TPL value, then ASSERT().
129
130 @param Lock A pointer to the lock data structure to initialize.
131 @param Priority EFI TPL is associated with the lock.
132
133 @return The lock.
134
135 **/
136 EFI_LOCK *
137 InitializeLock (
138 IN OUT EFI_LOCK *Lock,
139 IN EFI_TPL Priority
140 )
141 {
142 return Lock;
143 }
144
145 /**
146 Acquires lock only at boot time. Simply returns at runtime.
147
148 This is a temperary function that will be removed when
149 EfiAcquireLock() in UefiLib can handle the call in UEFI
150 Runtimer driver in RT phase.
151 It calls EfiAcquireLock() at boot time, and simply returns
152 at runtime.
153
154 @param Lock A pointer to the lock to acquire.
155
156 **/
157 VOID
158 AcquireLockOnlyAtBootTime (
159 IN EFI_LOCK *Lock
160 )
161 {
162
163 }
164
165
166 /**
167 Releases lock only at boot time. Simply returns at runtime.
168
169 This is a temperary function which will be removed when
170 EfiReleaseLock() in UefiLib can handle the call in UEFI
171 Runtimer driver in RT phase.
172 It calls EfiReleaseLock() at boot time and simply returns
173 at runtime.
174
175 @param Lock A pointer to the lock to release.
176
177 **/
178 VOID
179 ReleaseLockOnlyAtBootTime (
180 IN EFI_LOCK *Lock
181 )
182 {
183
184 }
185
186 /**
187 Retrive the SMM Fault Tolerent Write protocol interface.
188
189 @param[out] FtwProtocol The interface of SMM Ftw protocol
190
191 @retval EFI_SUCCESS The SMM FTW protocol instance was found and returned in FtwProtocol.
192 @retval EFI_NOT_FOUND The SMM FTW protocol instance was not found.
193 @retval EFI_INVALID_PARAMETER SarProtocol is NULL.
194
195 **/
196 EFI_STATUS
197 GetFtwProtocol (
198 OUT VOID **FtwProtocol
199 )
200 {
201 EFI_STATUS Status;
202
203 //
204 // Locate Smm Fault Tolerent Write protocol
205 //
206 Status = gSmst->SmmLocateProtocol (
207 &gEfiSmmFaultTolerantWriteProtocolGuid,
208 NULL,
209 FtwProtocol
210 );
211 return Status;
212 }
213
214
215 /**
216 Retrive the SMM FVB protocol interface by HANDLE.
217
218 @param[in] FvBlockHandle The handle of SMM FVB protocol that provides services for
219 reading, writing, and erasing the target block.
220 @param[out] FvBlock The interface of SMM FVB protocol
221
222 @retval EFI_SUCCESS The interface information for the specified protocol was returned.
223 @retval EFI_UNSUPPORTED The device does not support the SMM FVB protocol.
224 @retval EFI_INVALID_PARAMETER FvBlockHandle is not a valid EFI_HANDLE or FvBlock is NULL.
225
226 **/
227 EFI_STATUS
228 GetFvbByHandle (
229 IN EFI_HANDLE FvBlockHandle,
230 OUT EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL **FvBlock
231 )
232 {
233 //
234 // To get the SMM FVB protocol interface on the handle
235 //
236 return gSmst->SmmHandleProtocol (
237 FvBlockHandle,
238 &gEfiSmmFirmwareVolumeBlockProtocolGuid,
239 (VOID **) FvBlock
240 );
241 }
242
243
244 /**
245 Function returns an array of handles that support the SMM FVB protocol
246 in a buffer allocated from pool.
247
248 @param[out] NumberHandles The number of handles returned in Buffer.
249 @param[out] Buffer A pointer to the buffer to return the requested
250 array of handles that support SMM FVB protocol.
251
252 @retval EFI_SUCCESS The array of handles was returned in Buffer, and the number of
253 handles in Buffer was returned in NumberHandles.
254 @retval EFI_NOT_FOUND No SMM FVB handle was found.
255 @retval EFI_OUT_OF_RESOURCES There is not enough pool memory to store the matching results.
256 @retval EFI_INVALID_PARAMETER NumberHandles is NULL or Buffer is NULL.
257
258 **/
259 EFI_STATUS
260 GetFvbCountAndBuffer (
261 OUT UINTN *NumberHandles,
262 OUT EFI_HANDLE **Buffer
263 )
264 {
265 EFI_STATUS Status;
266 UINTN BufferSize;
267
268 if ((NumberHandles == NULL) || (Buffer == NULL)) {
269 return EFI_INVALID_PARAMETER;
270 }
271
272 BufferSize = 0;
273 *NumberHandles = 0;
274 *Buffer = NULL;
275 Status = gSmst->SmmLocateHandle (
276 ByProtocol,
277 &gEfiSmmFirmwareVolumeBlockProtocolGuid,
278 NULL,
279 &BufferSize,
280 *Buffer
281 );
282 if (EFI_ERROR(Status) && Status != EFI_BUFFER_TOO_SMALL) {
283 return EFI_NOT_FOUND;
284 }
285
286 *Buffer = AllocatePool (BufferSize);
287 if (*Buffer == NULL) {
288 return EFI_OUT_OF_RESOURCES;
289 }
290
291 Status = gSmst->SmmLocateHandle (
292 ByProtocol,
293 &gEfiSmmFirmwareVolumeBlockProtocolGuid,
294 NULL,
295 &BufferSize,
296 *Buffer
297 );
298
299 *NumberHandles = BufferSize / sizeof(EFI_HANDLE);
300 if (EFI_ERROR(Status)) {
301 *NumberHandles = 0;
302 FreePool (*Buffer);
303 *Buffer = NULL;
304 }
305
306 return Status;
307 }
308
309
310 /**
311 Get the variable statistics information from the information buffer pointed by gVariableInfo.
312
313 Caution: This function may be invoked at SMM runtime.
314 InfoEntry and InfoSize are external input. Care must be taken to make sure not security issue at runtime.
315
316 @param[in, out] InfoEntry A pointer to the buffer of variable information entry.
317 On input, point to the variable information returned last time. if
318 InfoEntry->VendorGuid is zero, return the first information.
319 On output, point to the next variable information.
320 @param[in, out] InfoSize On input, the size of the variable information buffer.
321 On output, the returned variable information size.
322
323 @retval EFI_SUCCESS The variable information is found and returned successfully.
324 @retval EFI_UNSUPPORTED No variable inoformation exists in variable driver. The
325 PcdVariableCollectStatistics should be set TRUE to support it.
326 @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the next variable information.
327
328 **/
329 EFI_STATUS
330 SmmVariableGetStatistics (
331 IN OUT VARIABLE_INFO_ENTRY *InfoEntry,
332 IN OUT UINTN *InfoSize
333 )
334 {
335 VARIABLE_INFO_ENTRY *VariableInfo;
336 UINTN NameLength;
337 UINTN StatisticsInfoSize;
338 CHAR16 *InfoName;
339 EFI_GUID VendorGuid;
340
341 ASSERT (InfoEntry != NULL);
342 VariableInfo = gVariableInfo;
343 if (VariableInfo == NULL) {
344 return EFI_UNSUPPORTED;
345 }
346
347 StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + StrSize (VariableInfo->Name);
348 if (*InfoSize < StatisticsInfoSize) {
349 *InfoSize = StatisticsInfoSize;
350 return EFI_BUFFER_TOO_SMALL;
351 }
352 InfoName = (CHAR16 *)(InfoEntry + 1);
353
354 CopyGuid (&VendorGuid, &InfoEntry->VendorGuid);
355
356 if (CompareGuid (&VendorGuid, &mZeroGuid)) {
357 //
358 // Return the first variable info
359 //
360 CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY));
361 CopyMem (InfoName, VariableInfo->Name, StrSize (VariableInfo->Name));
362 *InfoSize = StatisticsInfoSize;
363 return EFI_SUCCESS;
364 }
365
366 //
367 // Get the next variable info
368 //
369 while (VariableInfo != NULL) {
370 if (CompareGuid (&VariableInfo->VendorGuid, &VendorGuid)) {
371 NameLength = StrSize (VariableInfo->Name);
372 if (NameLength == StrSize (InfoName)) {
373 if (CompareMem (VariableInfo->Name, InfoName, NameLength) == 0) {
374 //
375 // Find the match one
376 //
377 VariableInfo = VariableInfo->Next;
378 break;
379 }
380 }
381 }
382 VariableInfo = VariableInfo->Next;
383 };
384
385 if (VariableInfo == NULL) {
386 *InfoSize = 0;
387 return EFI_SUCCESS;
388 }
389
390 //
391 // Output the new variable info
392 //
393 StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + StrSize (VariableInfo->Name);
394 if (*InfoSize < StatisticsInfoSize) {
395 *InfoSize = StatisticsInfoSize;
396 return EFI_BUFFER_TOO_SMALL;
397 }
398
399 CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY));
400 CopyMem (InfoName, VariableInfo->Name, StrSize (VariableInfo->Name));
401 *InfoSize = StatisticsInfoSize;
402
403 return EFI_SUCCESS;
404 }
405
406
407 /**
408 Communication service SMI Handler entry.
409
410 This SMI handler provides services for the variable wrapper driver.
411
412 Caution: This function may receive untrusted input.
413 This variable data and communicate buffer are external input, so this function will do basic validation.
414 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(),
415 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
416 SmmVariableGetStatistics() should also do validation based on its own knowledge.
417
418 @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().
419 @param[in] RegisterContext Points to an optional handler context which was specified when the
420 handler was registered.
421 @param[in, out] CommBuffer A pointer to a collection of data in memory that will
422 be conveyed from a non-SMM environment into an SMM environment.
423 @param[in, out] CommBufferSize The size of the CommBuffer.
424
425 @retval EFI_SUCCESS The interrupt was handled and quiesced. No other handlers
426 should still be called.
427 @retval EFI_WARN_INTERRUPT_SOURCE_QUIESCED The interrupt has been quiesced but other handlers should
428 still be called.
429 @retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still pending and other handlers should still
430 be called.
431 @retval EFI_INTERRUPT_PENDING The interrupt could not be quiesced.
432 **/
433 EFI_STATUS
434 EFIAPI
435 SmmVariableHandler (
436 IN EFI_HANDLE DispatchHandle,
437 IN CONST VOID *RegisterContext,
438 IN OUT VOID *CommBuffer,
439 IN OUT UINTN *CommBufferSize
440 )
441 {
442 EFI_STATUS Status;
443 SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHeader;
444 SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *SmmVariableHeader;
445 SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *GetNextVariableName;
446 SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *QueryVariableInfo;
447 VARIABLE_INFO_ENTRY *VariableInfo;
448 SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *VariableToLock;
449 SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *CommVariableProperty;
450 UINTN InfoSize;
451 UINTN NameBufferSize;
452 UINTN CommBufferPayloadSize;
453 UINTN TempCommBufferSize;
454
455 //
456 // If input is invalid, stop processing this SMI
457 //
458 if (CommBuffer == NULL || CommBufferSize == NULL) {
459 return EFI_SUCCESS;
460 }
461
462 TempCommBufferSize = *CommBufferSize;
463
464 if (TempCommBufferSize < SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {
465 DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer size invalid!\n"));
466 return EFI_SUCCESS;
467 }
468 CommBufferPayloadSize = TempCommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
469 if (CommBufferPayloadSize > mVariableBufferPayloadSize) {
470 DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer payload size invalid!\n"));
471 return EFI_SUCCESS;
472 }
473
474 if (!SmmIsBufferOutsideSmmValid ((UINTN)CommBuffer, TempCommBufferSize)) {
475 DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer in SMRAM or overflow!\n"));
476 return EFI_SUCCESS;
477 }
478
479 SmmVariableFunctionHeader = (SMM_VARIABLE_COMMUNICATE_HEADER *)CommBuffer;
480 switch (SmmVariableFunctionHeader->Function) {
481 case SMM_VARIABLE_FUNCTION_GET_VARIABLE:
482 if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) {
483 DEBUG ((EFI_D_ERROR, "GetVariable: SMM communication buffer size invalid!\n"));
484 return EFI_SUCCESS;
485 }
486 //
487 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
488 //
489 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);
490 SmmVariableHeader = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *) mVariableBufferPayload;
491 if (((UINTN)(~0) - SmmVariableHeader->DataSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) ||
492 ((UINTN)(~0) - SmmVariableHeader->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + SmmVariableHeader->DataSize)) {
493 //
494 // Prevent InfoSize overflow happen
495 //
496 Status = EFI_ACCESS_DENIED;
497 goto EXIT;
498 }
499 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)
500 + SmmVariableHeader->DataSize + SmmVariableHeader->NameSize;
501
502 //
503 // SMRAM range check already covered before
504 //
505 if (InfoSize > CommBufferPayloadSize) {
506 DEBUG ((EFI_D_ERROR, "GetVariable: Data size exceed communication buffer size limit!\n"));
507 Status = EFI_ACCESS_DENIED;
508 goto EXIT;
509 }
510
511 if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {
512 //
513 // Make sure VariableName is A Null-terminated string.
514 //
515 Status = EFI_ACCESS_DENIED;
516 goto EXIT;
517 }
518
519 Status = VariableServiceGetVariable (
520 SmmVariableHeader->Name,
521 &SmmVariableHeader->Guid,
522 &SmmVariableHeader->Attributes,
523 &SmmVariableHeader->DataSize,
524 (UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->NameSize
525 );
526 CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);
527 break;
528
529 case SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME:
530 if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {
531 DEBUG ((EFI_D_ERROR, "GetNextVariableName: SMM communication buffer size invalid!\n"));
532 return EFI_SUCCESS;
533 }
534 //
535 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
536 //
537 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);
538 GetNextVariableName = (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *) mVariableBufferPayload;
539 if ((UINTN)(~0) - GetNextVariableName->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {
540 //
541 // Prevent InfoSize overflow happen
542 //
543 Status = EFI_ACCESS_DENIED;
544 goto EXIT;
545 }
546 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name) + GetNextVariableName->NameSize;
547
548 //
549 // SMRAM range check already covered before
550 //
551 if (InfoSize > CommBufferPayloadSize) {
552 DEBUG ((EFI_D_ERROR, "GetNextVariableName: Data size exceed communication buffer size limit!\n"));
553 Status = EFI_ACCESS_DENIED;
554 goto EXIT;
555 }
556
557 NameBufferSize = CommBufferPayloadSize - OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name);
558 if (NameBufferSize < sizeof (CHAR16) || GetNextVariableName->Name[NameBufferSize/sizeof (CHAR16) - 1] != L'\0') {
559 //
560 // Make sure input VariableName is A Null-terminated string.
561 //
562 Status = EFI_ACCESS_DENIED;
563 goto EXIT;
564 }
565
566 Status = VariableServiceGetNextVariableName (
567 &GetNextVariableName->NameSize,
568 GetNextVariableName->Name,
569 &GetNextVariableName->Guid
570 );
571 CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);
572 break;
573
574 case SMM_VARIABLE_FUNCTION_SET_VARIABLE:
575 if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) {
576 DEBUG ((EFI_D_ERROR, "SetVariable: SMM communication buffer size invalid!\n"));
577 return EFI_SUCCESS;
578 }
579 //
580 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
581 //
582 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);
583 SmmVariableHeader = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *) mVariableBufferPayload;
584 if (((UINTN)(~0) - SmmVariableHeader->DataSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) ||
585 ((UINTN)(~0) - SmmVariableHeader->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + SmmVariableHeader->DataSize)) {
586 //
587 // Prevent InfoSize overflow happen
588 //
589 Status = EFI_ACCESS_DENIED;
590 goto EXIT;
591 }
592 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)
593 + SmmVariableHeader->DataSize + SmmVariableHeader->NameSize;
594
595 //
596 // SMRAM range check already covered before
597 // Data buffer should not contain SMM range
598 //
599 if (InfoSize > CommBufferPayloadSize) {
600 DEBUG ((EFI_D_ERROR, "SetVariable: Data size exceed communication buffer size limit!\n"));
601 Status = EFI_ACCESS_DENIED;
602 goto EXIT;
603 }
604
605 if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {
606 //
607 // Make sure VariableName is A Null-terminated string.
608 //
609 Status = EFI_ACCESS_DENIED;
610 goto EXIT;
611 }
612
613 Status = VariableServiceSetVariable (
614 SmmVariableHeader->Name,
615 &SmmVariableHeader->Guid,
616 SmmVariableHeader->Attributes,
617 SmmVariableHeader->DataSize,
618 (UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->NameSize
619 );
620 break;
621
622 case SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO:
623 if (CommBufferPayloadSize < sizeof (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO)) {
624 DEBUG ((EFI_D_ERROR, "QueryVariableInfo: SMM communication buffer size invalid!\n"));
625 return EFI_SUCCESS;
626 }
627 QueryVariableInfo = (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *) SmmVariableFunctionHeader->Data;
628
629 Status = VariableServiceQueryVariableInfo (
630 QueryVariableInfo->Attributes,
631 &QueryVariableInfo->MaximumVariableStorageSize,
632 &QueryVariableInfo->RemainingVariableStorageSize,
633 &QueryVariableInfo->MaximumVariableSize
634 );
635 break;
636
637 case SMM_VARIABLE_FUNCTION_READY_TO_BOOT:
638 mEndOfDxe = TRUE;
639 //
640 // The initialization for variable quota.
641 //
642 InitializeVariableQuota ();
643 if (AtRuntime()) {
644 Status = EFI_UNSUPPORTED;
645 break;
646 }
647 ReclaimForOS ();
648 Status = EFI_SUCCESS;
649 break;
650
651 case SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE:
652 mAtRuntime = TRUE;
653 Status = EFI_SUCCESS;
654 break;
655
656 case SMM_VARIABLE_FUNCTION_GET_STATISTICS:
657 VariableInfo = (VARIABLE_INFO_ENTRY *) SmmVariableFunctionHeader->Data;
658 InfoSize = TempCommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
659
660 //
661 // Do not need to check SmmVariableFunctionHeader->Data in SMRAM here.
662 // It is covered by previous CommBuffer check
663 //
664
665 if (!SmmIsBufferOutsideSmmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)CommBufferSize, sizeof(UINTN))) {
666 DEBUG ((EFI_D_ERROR, "GetStatistics: SMM communication buffer in SMRAM!\n"));
667 Status = EFI_ACCESS_DENIED;
668 goto EXIT;
669 }
670
671 Status = SmmVariableGetStatistics (VariableInfo, &InfoSize);
672 *CommBufferSize = InfoSize + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
673 break;
674
675 case SMM_VARIABLE_FUNCTION_LOCK_VARIABLE:
676 if (mEndOfDxe) {
677 Status = EFI_ACCESS_DENIED;
678 } else {
679 VariableToLock = (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *) SmmVariableFunctionHeader->Data;
680 Status = VariableLockRequestToLock (
681 NULL,
682 VariableToLock->Name,
683 &VariableToLock->Guid
684 );
685 }
686 break;
687 case SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_SET:
688 if (mEndOfDxe) {
689 Status = EFI_ACCESS_DENIED;
690 } else {
691 CommVariableProperty = (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *) SmmVariableFunctionHeader->Data;
692 Status = VarCheckVariablePropertySet (
693 CommVariableProperty->Name,
694 &CommVariableProperty->Guid,
695 &CommVariableProperty->VariableProperty
696 );
697 }
698 break;
699 case SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_GET:
700 if (CommBufferPayloadSize < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) {
701 DEBUG ((EFI_D_ERROR, "VarCheckVariablePropertyGet: SMM communication buffer size invalid!\n"));
702 return EFI_SUCCESS;
703 }
704 //
705 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
706 //
707 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);
708 CommVariableProperty = (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *) mVariableBufferPayload;
709 if ((UINTN) (~0) - CommVariableProperty->NameSize < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) {
710 //
711 // Prevent InfoSize overflow happen
712 //
713 Status = EFI_ACCESS_DENIED;
714 goto EXIT;
715 }
716 InfoSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) + CommVariableProperty->NameSize;
717
718 //
719 // SMRAM range check already covered before
720 //
721 if (InfoSize > CommBufferPayloadSize) {
722 DEBUG ((EFI_D_ERROR, "VarCheckVariablePropertyGet: Data size exceed communication buffer size limit!\n"));
723 Status = EFI_ACCESS_DENIED;
724 goto EXIT;
725 }
726
727 if (CommVariableProperty->NameSize < sizeof (CHAR16) || CommVariableProperty->Name[CommVariableProperty->NameSize/sizeof (CHAR16) - 1] != L'\0') {
728 //
729 // Make sure VariableName is A Null-terminated string.
730 //
731 Status = EFI_ACCESS_DENIED;
732 goto EXIT;
733 }
734
735 Status = VarCheckVariablePropertyGet (
736 CommVariableProperty->Name,
737 &CommVariableProperty->Guid,
738 &CommVariableProperty->VariableProperty
739 );
740 CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);
741 break;
742
743 default:
744 Status = EFI_UNSUPPORTED;
745 }
746
747 EXIT:
748
749 SmmVariableFunctionHeader->ReturnStatus = Status;
750
751 return EFI_SUCCESS;
752 }
753
754 /**
755 SMM END_OF_DXE protocol notification event handler.
756
757 @param Protocol Points to the protocol's unique identifier
758 @param Interface Points to the interface instance
759 @param Handle The handle on which the interface was installed
760
761 @retval EFI_SUCCESS SmmEndOfDxeCallback runs successfully
762
763 **/
764 EFI_STATUS
765 EFIAPI
766 SmmEndOfDxeCallback (
767 IN CONST EFI_GUID *Protocol,
768 IN VOID *Interface,
769 IN EFI_HANDLE Handle
770 )
771 {
772 DEBUG ((EFI_D_INFO, "[Variable]END_OF_DXE is signaled\n"));
773 mEndOfDxe = TRUE;
774 //
775 // The initialization for variable quota.
776 //
777 InitializeVariableQuota ();
778 if (PcdGetBool (PcdReclaimVariableSpaceAtEndOfDxe)) {
779 ReclaimForOS ();
780 }
781 return EFI_SUCCESS;
782 }
783
784 /**
785 SMM Fault Tolerant Write protocol notification event handler.
786
787 Non-Volatile variable write may needs FTW protocol to reclaim when
788 writting variable.
789
790 @param Protocol Points to the protocol's unique identifier
791 @param Interface Points to the interface instance
792 @param Handle The handle on which the interface was installed
793
794 @retval EFI_SUCCESS SmmEventCallback runs successfully
795 @retval EFI_NOT_FOUND The Fvb protocol for variable is not found.
796
797 **/
798 EFI_STATUS
799 EFIAPI
800 SmmFtwNotificationEvent (
801 IN CONST EFI_GUID *Protocol,
802 IN VOID *Interface,
803 IN EFI_HANDLE Handle
804 )
805 {
806 EFI_STATUS Status;
807 EFI_SMM_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbProtocol;
808 EFI_SMM_FAULT_TOLERANT_WRITE_PROTOCOL *FtwProtocol;
809 EFI_PHYSICAL_ADDRESS NvStorageVariableBase;
810 UINTN FtwMaxBlockSize;
811
812 if (mVariableModuleGlobal->FvbInstance != NULL) {
813 return EFI_SUCCESS;
814 }
815
816 //
817 // Ensure SMM FTW protocol is installed.
818 //
819 Status = GetFtwProtocol ((VOID **)&FtwProtocol);
820 if (EFI_ERROR (Status)) {
821 return Status;
822 }
823
824 Status = FtwProtocol->GetMaxBlockSize (FtwProtocol, &FtwMaxBlockSize);
825 if (!EFI_ERROR (Status)) {
826 ASSERT (PcdGet32 (PcdFlashNvStorageVariableSize) <= FtwMaxBlockSize);
827 }
828
829 //
830 // Find the proper FVB protocol for variable.
831 //
832 NvStorageVariableBase = (EFI_PHYSICAL_ADDRESS) PcdGet64 (PcdFlashNvStorageVariableBase64);
833 if (NvStorageVariableBase == 0) {
834 NvStorageVariableBase = (EFI_PHYSICAL_ADDRESS) PcdGet32 (PcdFlashNvStorageVariableBase);
835 }
836 Status = GetFvbInfoByAddress (NvStorageVariableBase, NULL, &FvbProtocol);
837 if (EFI_ERROR (Status)) {
838 return EFI_NOT_FOUND;
839 }
840
841 mVariableModuleGlobal->FvbInstance = FvbProtocol;
842
843 Status = VariableWriteServiceInitialize ();
844 ASSERT_EFI_ERROR (Status);
845
846 //
847 // Notify the variable wrapper driver the variable write service is ready
848 //
849 Status = gBS->InstallProtocolInterface (
850 &mSmmVariableHandle,
851 &gSmmVariableWriteGuid,
852 EFI_NATIVE_INTERFACE,
853 NULL
854 );
855 ASSERT_EFI_ERROR (Status);
856
857 return EFI_SUCCESS;
858 }
859
860
861 /**
862 Variable Driver main entry point. The Variable driver places the 4 EFI
863 runtime services in the EFI System Table and installs arch protocols
864 for variable read and write services being available. It also registers
865 a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
866
867 @param[in] ImageHandle The firmware allocated handle for the EFI image.
868 @param[in] SystemTable A pointer to the EFI System Table.
869
870 @retval EFI_SUCCESS Variable service successfully initialized.
871
872 **/
873 EFI_STATUS
874 EFIAPI
875 VariableServiceInitialize (
876 IN EFI_HANDLE ImageHandle,
877 IN EFI_SYSTEM_TABLE *SystemTable
878 )
879 {
880 EFI_STATUS Status;
881 EFI_HANDLE VariableHandle;
882 VOID *SmmFtwRegistration;
883 VOID *SmmEndOfDxeRegistration;
884
885 //
886 // Variable initialize.
887 //
888 Status = VariableCommonInitialize ();
889 ASSERT_EFI_ERROR (Status);
890
891 //
892 // Install the Smm Variable Protocol on a new handle.
893 //
894 VariableHandle = NULL;
895 Status = gSmst->SmmInstallProtocolInterface (
896 &VariableHandle,
897 &gEfiSmmVariableProtocolGuid,
898 EFI_NATIVE_INTERFACE,
899 &gSmmVariable
900 );
901 ASSERT_EFI_ERROR (Status);
902
903 Status = gSmst->SmmInstallProtocolInterface (
904 &VariableHandle,
905 &gEdkiiSmmVarCheckProtocolGuid,
906 EFI_NATIVE_INTERFACE,
907 &mSmmVarCheck
908 );
909 ASSERT_EFI_ERROR (Status);
910
911 mVariableBufferPayloadSize = MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize)) +
912 OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) - sizeof (VARIABLE_HEADER);
913
914 Status = gSmst->SmmAllocatePool (
915 EfiRuntimeServicesData,
916 mVariableBufferPayloadSize,
917 (VOID **)&mVariableBufferPayload
918 );
919 ASSERT_EFI_ERROR (Status);
920
921 ///
922 /// Register SMM variable SMI handler
923 ///
924 VariableHandle = NULL;
925 Status = gSmst->SmiHandlerRegister (SmmVariableHandler, &gEfiSmmVariableProtocolGuid, &VariableHandle);
926 ASSERT_EFI_ERROR (Status);
927
928 //
929 // Notify the variable wrapper driver the variable service is ready
930 //
931 Status = SystemTable->BootServices->InstallProtocolInterface (
932 &mVariableHandle,
933 &gEfiSmmVariableProtocolGuid,
934 EFI_NATIVE_INTERFACE,
935 &gSmmVariable
936 );
937 ASSERT_EFI_ERROR (Status);
938
939 //
940 // Register EFI_SMM_END_OF_DXE_PROTOCOL_GUID notify function.
941 //
942 Status = gSmst->SmmRegisterProtocolNotify (
943 &gEfiSmmEndOfDxeProtocolGuid,
944 SmmEndOfDxeCallback,
945 &SmmEndOfDxeRegistration
946 );
947 ASSERT_EFI_ERROR (Status);
948
949 //
950 // Register FtwNotificationEvent () notify function.
951 //
952 Status = gSmst->SmmRegisterProtocolNotify (
953 &gEfiSmmFaultTolerantWriteProtocolGuid,
954 SmmFtwNotificationEvent,
955 &SmmFtwRegistration
956 );
957 ASSERT_EFI_ERROR (Status);
958
959 SmmFtwNotificationEvent (NULL, NULL, NULL);
960
961 return EFI_SUCCESS;
962 }
963
964
EFI Development Kit II mirror for PVE