]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Did proper error handling when SetVariable failed, and put RTC write operation at...
[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / RuntimeDxe / VariableSmm.c
1 /** @file
2 The sample implementation for SMM variable protocol. And this driver
3 implements an SMI handler to communicate with the DXE runtime driver
4 to provide variable services.
5
6 Caution: This module requires additional review when modified.
7 This driver will have external input - variable data and communicate buffer in SMM mode.
8 This external input must be validated carefully to avoid security issue like
9 buffer overflow, integer overflow.
10
11 SmmVariableHandler() will receive untrusted input and do basic validation.
12
13 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(),
14 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
15 SmmVariableGetStatistics() should also do validation based on its own knowledge.
16
17 Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>
18 This program and the accompanying materials
19 are licensed and made available under the terms and conditions of the BSD License
20 which accompanies this distribution. The full text of the license may be found at
21 http://opensource.org/licenses/bsd-license.php
22
23 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
24 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
25
26 **/
27
28 #include <Protocol/SmmVariable.h>
29 #include <Protocol/SmmFirmwareVolumeBlock.h>
30 #include <Protocol/SmmFaultTolerantWrite.h>
31 #include <Protocol/SmmAccess2.h>
32 #include <Protocol/SmmEndOfDxe.h>
33
34 #include <Library/SmmServicesTableLib.h>
35
36 #include <Guid/AuthenticatedVariableFormat.h>
37 #include <Guid/SmmVariableCommon.h>
38 #include "Variable.h"
39
40 EFI_SMRAM_DESCRIPTOR *mSmramRanges;
41 UINTN mSmramRangeCount;
42
43 extern VARIABLE_INFO_ENTRY *gVariableInfo;
44 EFI_HANDLE mSmmVariableHandle = NULL;
45 EFI_HANDLE mVariableHandle = NULL;
46 BOOLEAN mAtRuntime = FALSE;
47 EFI_GUID mZeroGuid = {0, 0, 0, {0, 0, 0, 0, 0, 0, 0, 0}};
48 UINT8 *mVariableBufferPayload = NULL;
49 UINTN mVariableBufferPayloadSize;
50 extern BOOLEAN mEndOfDxe;
51 extern BOOLEAN mEnableLocking;
52
53 /**
54 SecureBoot Hook for SetVariable.
55
56 @param[in] VariableName Name of Variable to be found.
57 @param[in] VendorGuid Variable vendor GUID.
58
59 **/
60 VOID
61 EFIAPI
62 SecureBootHook (
63 IN CHAR16 *VariableName,
64 IN EFI_GUID *VendorGuid
65 )
66 {
67 return ;
68 }
69
70 /**
71
72 This code sets variable in storage blocks (Volatile or Non-Volatile).
73
74 @param VariableName Name of Variable to be found.
75 @param VendorGuid Variable vendor GUID.
76 @param Attributes Attribute value of the variable found
77 @param DataSize Size of Data found. If size is less than the
78 data, this value contains the required size.
79 @param Data Data pointer.
80
81 @return EFI_INVALID_PARAMETER Invalid parameter.
82 @return EFI_SUCCESS Set successfully.
83 @return EFI_OUT_OF_RESOURCES Resource not enough to set variable.
84 @return EFI_NOT_FOUND Not found.
85 @return EFI_WRITE_PROTECTED Variable is read-only.
86
87 **/
88 EFI_STATUS
89 EFIAPI
90 SmmVariableSetVariable (
91 IN CHAR16 *VariableName,
92 IN EFI_GUID *VendorGuid,
93 IN UINT32 Attributes,
94 IN UINTN DataSize,
95 IN VOID *Data
96 )
97 {
98 EFI_STATUS Status;
99
100 //
101 // Disable write protection when the calling SetVariable() through EFI_SMM_VARIABLE_PROTOCOL.
102 //
103 mEnableLocking = FALSE;
104 Status = VariableServiceSetVariable (
105 VariableName,
106 VendorGuid,
107 Attributes,
108 DataSize,
109 Data
110 );
111 mEnableLocking = TRUE;
112 return Status;
113 }
114
115 EFI_SMM_VARIABLE_PROTOCOL gSmmVariable = {
116 VariableServiceGetVariable,
117 VariableServiceGetNextVariableName,
118 SmmVariableSetVariable,
119 VariableServiceQueryVariableInfo
120 };
121
122 /**
123 Return TRUE if ExitBootServices () has been called.
124
125 @retval TRUE If ExitBootServices () has been called.
126 **/
127 BOOLEAN
128 AtRuntime (
129 VOID
130 )
131 {
132 return mAtRuntime;
133 }
134
135 /**
136 This function check if the address is in SMRAM.
137
138 @param Buffer the buffer address to be checked.
139 @param Length the buffer length to be checked.
140
141 @retval TRUE this address is in SMRAM.
142 @retval FALSE this address is NOT in SMRAM.
143 **/
144 BOOLEAN
145 InternalIsAddressInSmram (
146 IN EFI_PHYSICAL_ADDRESS Buffer,
147 IN UINT64 Length
148 )
149 {
150 UINTN Index;
151
152 for (Index = 0; Index < mSmramRangeCount; Index ++) {
153 if (((Buffer >= mSmramRanges[Index].CpuStart) && (Buffer < mSmramRanges[Index].CpuStart + mSmramRanges[Index].PhysicalSize)) ||
154 ((mSmramRanges[Index].CpuStart >= Buffer) && (mSmramRanges[Index].CpuStart < Buffer + Length))) {
155 return TRUE;
156 }
157 }
158
159 return FALSE;
160 }
161
162 /**
163 This function check if the address refered by Buffer and Length is valid.
164
165 @param Buffer the buffer address to be checked.
166 @param Length the buffer length to be checked.
167
168 @retval TRUE this address is valid.
169 @retval FALSE this address is NOT valid.
170 **/
171 BOOLEAN
172 InternalIsAddressValid (
173 IN UINTN Buffer,
174 IN UINTN Length
175 )
176 {
177 if (Buffer > (MAX_ADDRESS - Length)) {
178 //
179 // Overflow happen
180 //
181 return FALSE;
182 }
183 if (InternalIsAddressInSmram ((EFI_PHYSICAL_ADDRESS)Buffer, (UINT64)Length)) {
184 return FALSE;
185 }
186 return TRUE;
187 }
188
189 /**
190 Initializes a basic mutual exclusion lock.
191
192 This function initializes a basic mutual exclusion lock to the released state
193 and returns the lock. Each lock provides mutual exclusion access at its task
194 priority level. Since there is no preemption or multiprocessor support in EFI,
195 acquiring the lock only consists of raising to the locks TPL.
196 If Lock is NULL, then ASSERT().
197 If Priority is not a valid TPL value, then ASSERT().
198
199 @param Lock A pointer to the lock data structure to initialize.
200 @param Priority EFI TPL is associated with the lock.
201
202 @return The lock.
203
204 **/
205 EFI_LOCK *
206 InitializeLock (
207 IN OUT EFI_LOCK *Lock,
208 IN EFI_TPL Priority
209 )
210 {
211 return Lock;
212 }
213
214 /**
215 Acquires lock only at boot time. Simply returns at runtime.
216
217 This is a temperary function that will be removed when
218 EfiAcquireLock() in UefiLib can handle the call in UEFI
219 Runtimer driver in RT phase.
220 It calls EfiAcquireLock() at boot time, and simply returns
221 at runtime.
222
223 @param Lock A pointer to the lock to acquire.
224
225 **/
226 VOID
227 AcquireLockOnlyAtBootTime (
228 IN EFI_LOCK *Lock
229 )
230 {
231
232 }
233
234
235 /**
236 Releases lock only at boot time. Simply returns at runtime.
237
238 This is a temperary function which will be removed when
239 EfiReleaseLock() in UefiLib can handle the call in UEFI
240 Runtimer driver in RT phase.
241 It calls EfiReleaseLock() at boot time and simply returns
242 at runtime.
243
244 @param Lock A pointer to the lock to release.
245
246 **/
247 VOID
248 ReleaseLockOnlyAtBootTime (
249 IN EFI_LOCK *Lock
250 )
251 {
252
253 }
254
255 /**
256 Retrive the SMM Fault Tolerent Write protocol interface.
257
258 @param[out] FtwProtocol The interface of SMM Ftw protocol
259
260 @retval EFI_SUCCESS The SMM FTW protocol instance was found and returned in FtwProtocol.
261 @retval EFI_NOT_FOUND The SMM FTW protocol instance was not found.
262 @retval EFI_INVALID_PARAMETER SarProtocol is NULL.
263
264 **/
265 EFI_STATUS
266 GetFtwProtocol (
267 OUT VOID **FtwProtocol
268 )
269 {
270 EFI_STATUS Status;
271
272 //
273 // Locate Smm Fault Tolerent Write protocol
274 //
275 Status = gSmst->SmmLocateProtocol (
276 &gEfiSmmFaultTolerantWriteProtocolGuid,
277 NULL,
278 FtwProtocol
279 );
280 return Status;
281 }
282
283
284 /**
285 Retrive the SMM FVB protocol interface by HANDLE.
286
287 @param[in] FvBlockHandle The handle of SMM FVB protocol that provides services for
288 reading, writing, and erasing the target block.
289 @param[out] FvBlock The interface of SMM FVB protocol
290
291 @retval EFI_SUCCESS The interface information for the specified protocol was returned.
292 @retval EFI_UNSUPPORTED The device does not support the SMM FVB protocol.
293 @retval EFI_INVALID_PARAMETER FvBlockHandle is not a valid EFI_HANDLE or FvBlock is NULL.
294
295 **/
296 EFI_STATUS
297 GetFvbByHandle (
298 IN EFI_HANDLE FvBlockHandle,
299 OUT EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL **FvBlock
300 )
301 {
302 //
303 // To get the SMM FVB protocol interface on the handle
304 //
305 return gSmst->SmmHandleProtocol (
306 FvBlockHandle,
307 &gEfiSmmFirmwareVolumeBlockProtocolGuid,
308 (VOID **) FvBlock
309 );
310 }
311
312
313 /**
314 Function returns an array of handles that support the SMM FVB protocol
315 in a buffer allocated from pool.
316
317 @param[out] NumberHandles The number of handles returned in Buffer.
318 @param[out] Buffer A pointer to the buffer to return the requested
319 array of handles that support SMM FVB protocol.
320
321 @retval EFI_SUCCESS The array of handles was returned in Buffer, and the number of
322 handles in Buffer was returned in NumberHandles.
323 @retval EFI_NOT_FOUND No SMM FVB handle was found.
324 @retval EFI_OUT_OF_RESOURCES There is not enough pool memory to store the matching results.
325 @retval EFI_INVALID_PARAMETER NumberHandles is NULL or Buffer is NULL.
326
327 **/
328 EFI_STATUS
329 GetFvbCountAndBuffer (
330 OUT UINTN *NumberHandles,
331 OUT EFI_HANDLE **Buffer
332 )
333 {
334 EFI_STATUS Status;
335 UINTN BufferSize;
336
337 if ((NumberHandles == NULL) || (Buffer == NULL)) {
338 return EFI_INVALID_PARAMETER;
339 }
340
341 BufferSize = 0;
342 *NumberHandles = 0;
343 *Buffer = NULL;
344 Status = gSmst->SmmLocateHandle (
345 ByProtocol,
346 &gEfiSmmFirmwareVolumeBlockProtocolGuid,
347 NULL,
348 &BufferSize,
349 *Buffer
350 );
351 if (EFI_ERROR(Status) && Status != EFI_BUFFER_TOO_SMALL) {
352 return EFI_NOT_FOUND;
353 }
354
355 *Buffer = AllocatePool (BufferSize);
356 if (*Buffer == NULL) {
357 return EFI_OUT_OF_RESOURCES;
358 }
359
360 Status = gSmst->SmmLocateHandle (
361 ByProtocol,
362 &gEfiSmmFirmwareVolumeBlockProtocolGuid,
363 NULL,
364 &BufferSize,
365 *Buffer
366 );
367
368 *NumberHandles = BufferSize / sizeof(EFI_HANDLE);
369 if (EFI_ERROR(Status)) {
370 *NumberHandles = 0;
371 FreePool (*Buffer);
372 *Buffer = NULL;
373 }
374
375 return Status;
376 }
377
378
379 /**
380 Get the variable statistics information from the information buffer pointed by gVariableInfo.
381
382 Caution: This function may be invoked at SMM runtime.
383 InfoEntry and InfoSize are external input. Care must be taken to make sure not security issue at runtime.
384
385 @param[in, out] InfoEntry A pointer to the buffer of variable information entry.
386 On input, point to the variable information returned last time. if
387 InfoEntry->VendorGuid is zero, return the first information.
388 On output, point to the next variable information.
389 @param[in, out] InfoSize On input, the size of the variable information buffer.
390 On output, the returned variable information size.
391
392 @retval EFI_SUCCESS The variable information is found and returned successfully.
393 @retval EFI_UNSUPPORTED No variable inoformation exists in variable driver. The
394 PcdVariableCollectStatistics should be set TRUE to support it.
395 @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the next variable information.
396 @retval EFI_INVALID_PARAMETER Input parameter is invalid.
397
398 **/
399 EFI_STATUS
400 SmmVariableGetStatistics (
401 IN OUT VARIABLE_INFO_ENTRY *InfoEntry,
402 IN OUT UINTN *InfoSize
403 )
404 {
405 VARIABLE_INFO_ENTRY *VariableInfo;
406 UINTN NameLength;
407 UINTN StatisticsInfoSize;
408 CHAR16 *InfoName;
409 EFI_GUID VendorGuid;
410
411 if (InfoEntry == NULL) {
412 return EFI_INVALID_PARAMETER;
413 }
414
415 VariableInfo = gVariableInfo;
416 if (VariableInfo == NULL) {
417 return EFI_UNSUPPORTED;
418 }
419
420 StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + StrSize (VariableInfo->Name);
421 if (*InfoSize < StatisticsInfoSize) {
422 *InfoSize = StatisticsInfoSize;
423 return EFI_BUFFER_TOO_SMALL;
424 }
425 InfoName = (CHAR16 *)(InfoEntry + 1);
426
427 CopyGuid (&VendorGuid, &InfoEntry->VendorGuid);
428
429 if (CompareGuid (&VendorGuid, &mZeroGuid)) {
430 //
431 // Return the first variable info
432 //
433 CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY));
434 CopyMem (InfoName, VariableInfo->Name, StrSize (VariableInfo->Name));
435 *InfoSize = StatisticsInfoSize;
436 return EFI_SUCCESS;
437 }
438
439 //
440 // Get the next variable info
441 //
442 while (VariableInfo != NULL) {
443 if (CompareGuid (&VariableInfo->VendorGuid, &VendorGuid)) {
444 NameLength = StrSize (VariableInfo->Name);
445 if (NameLength == StrSize (InfoName)) {
446 if (CompareMem (VariableInfo->Name, InfoName, NameLength) == 0) {
447 //
448 // Find the match one
449 //
450 VariableInfo = VariableInfo->Next;
451 break;
452 }
453 }
454 }
455 VariableInfo = VariableInfo->Next;
456 };
457
458 if (VariableInfo == NULL) {
459 *InfoSize = 0;
460 return EFI_SUCCESS;
461 }
462
463 //
464 // Output the new variable info
465 //
466 StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + StrSize (VariableInfo->Name);
467 if (*InfoSize < StatisticsInfoSize) {
468 *InfoSize = StatisticsInfoSize;
469 return EFI_BUFFER_TOO_SMALL;
470 }
471
472 CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY));
473 CopyMem (InfoName, VariableInfo->Name, StrSize (VariableInfo->Name));
474 *InfoSize = StatisticsInfoSize;
475
476 return EFI_SUCCESS;
477 }
478
479
480 /**
481 Communication service SMI Handler entry.
482
483 This SMI handler provides services for the variable wrapper driver.
484
485 Caution: This function may receive untrusted input.
486 This variable data and communicate buffer are external input, so this function will do basic validation.
487 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(),
488 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
489 SmmVariableGetStatistics() should also do validation based on its own knowledge.
490
491 @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().
492 @param[in] RegisterContext Points to an optional handler context which was specified when the
493 handler was registered.
494 @param[in, out] CommBuffer A pointer to a collection of data in memory that will
495 be conveyed from a non-SMM environment into an SMM environment.
496 @param[in, out] CommBufferSize The size of the CommBuffer.
497
498 @retval EFI_SUCCESS The interrupt was handled and quiesced. No other handlers
499 should still be called.
500 @retval EFI_WARN_INTERRUPT_SOURCE_QUIESCED The interrupt has been quiesced but other handlers should
501 still be called.
502 @retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still pending and other handlers should still
503 be called.
504 @retval EFI_INTERRUPT_PENDING The interrupt could not be quiesced.
505
506 **/
507 EFI_STATUS
508 EFIAPI
509 SmmVariableHandler (
510 IN EFI_HANDLE DispatchHandle,
511 IN CONST VOID *RegisterContext,
512 IN OUT VOID *CommBuffer,
513 IN OUT UINTN *CommBufferSize
514 )
515 {
516 EFI_STATUS Status;
517 SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHeader;
518 SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *SmmVariableHeader;
519 SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *GetNextVariableName;
520 SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *QueryVariableInfo;
521 VARIABLE_INFO_ENTRY *VariableInfo;
522 SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *VariableToLock;
523 UINTN InfoSize;
524 UINTN NameBufferSize;
525 UINTN CommBufferPayloadSize;
526 UINTN TempCommBufferSize;
527
528 //
529 // If input is invalid, stop processing this SMI
530 //
531 if (CommBuffer == NULL || CommBufferSize == NULL) {
532 return EFI_SUCCESS;
533 }
534
535 TempCommBufferSize = *CommBufferSize;
536
537 if (TempCommBufferSize < SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {
538 DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer size invalid!\n"));
539 return EFI_SUCCESS;
540 }
541 CommBufferPayloadSize = TempCommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
542 if (CommBufferPayloadSize > mVariableBufferPayloadSize) {
543 DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer payload size invalid!\n"));
544 return EFI_SUCCESS;
545 }
546
547 if (!InternalIsAddressValid ((UINTN)CommBuffer, TempCommBufferSize)) {
548 DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer in SMRAM or overflow!\n"));
549 return EFI_SUCCESS;
550 }
551
552 SmmVariableFunctionHeader = (SMM_VARIABLE_COMMUNICATE_HEADER *)CommBuffer;
553
554 switch (SmmVariableFunctionHeader->Function) {
555 case SMM_VARIABLE_FUNCTION_GET_VARIABLE:
556 if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) {
557 DEBUG ((EFI_D_ERROR, "GetVariable: SMM communication buffer size invalid!\n"));
558 return EFI_SUCCESS;
559 }
560 //
561 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
562 //
563 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);
564 SmmVariableHeader = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *) mVariableBufferPayload;
565 if (((UINTN)(~0) - SmmVariableHeader->DataSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) ||
566 ((UINTN)(~0) - SmmVariableHeader->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + SmmVariableHeader->DataSize)) {
567 //
568 // Prevent InfoSize overflow happen
569 //
570 Status = EFI_ACCESS_DENIED;
571 goto EXIT;
572 }
573 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)
574 + SmmVariableHeader->DataSize + SmmVariableHeader->NameSize;
575
576 //
577 // SMRAM range check already covered before
578 //
579 if (InfoSize > CommBufferPayloadSize) {
580 DEBUG ((EFI_D_ERROR, "GetVariable: Data size exceed communication buffer size limit!\n"));
581 Status = EFI_ACCESS_DENIED;
582 goto EXIT;
583 }
584
585 if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {
586 //
587 // Make sure VariableName is A Null-terminated string.
588 //
589 Status = EFI_ACCESS_DENIED;
590 goto EXIT;
591 }
592
593 Status = VariableServiceGetVariable (
594 SmmVariableHeader->Name,
595 &SmmVariableHeader->Guid,
596 &SmmVariableHeader->Attributes,
597 &SmmVariableHeader->DataSize,
598 (UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->NameSize
599 );
600 CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);
601 break;
602
603 case SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME:
604 if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {
605 DEBUG ((EFI_D_ERROR, "GetNextVariableName: SMM communication buffer size invalid!\n"));
606 return EFI_SUCCESS;
607 }
608 //
609 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
610 //
611 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);
612 GetNextVariableName = (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *) mVariableBufferPayload;
613 if ((UINTN)(~0) - GetNextVariableName->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {
614 //
615 // Prevent InfoSize overflow happen
616 //
617 Status = EFI_ACCESS_DENIED;
618 goto EXIT;
619 }
620 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name) + GetNextVariableName->NameSize;
621
622 //
623 // SMRAM range check already covered before
624 //
625 if (InfoSize > CommBufferPayloadSize) {
626 DEBUG ((EFI_D_ERROR, "GetNextVariableName: Data size exceed communication buffer size limit!\n"));
627 Status = EFI_ACCESS_DENIED;
628 goto EXIT;
629 }
630
631 NameBufferSize = CommBufferPayloadSize - OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name);
632 if (NameBufferSize < sizeof (CHAR16) || GetNextVariableName->Name[NameBufferSize/sizeof (CHAR16) - 1] != L'\0') {
633 //
634 // Make sure input VariableName is A Null-terminated string.
635 //
636 Status = EFI_ACCESS_DENIED;
637 goto EXIT;
638 }
639
640 Status = VariableServiceGetNextVariableName (
641 &GetNextVariableName->NameSize,
642 GetNextVariableName->Name,
643 &GetNextVariableName->Guid
644 );
645 CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);
646 break;
647
648 case SMM_VARIABLE_FUNCTION_SET_VARIABLE:
649 if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) {
650 DEBUG ((EFI_D_ERROR, "SetVariable: SMM communication buffer size invalid!\n"));
651 return EFI_SUCCESS;
652 }
653 //
654 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
655 //
656 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);
657 SmmVariableHeader = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *) mVariableBufferPayload;
658 if (((UINTN)(~0) - SmmVariableHeader->DataSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) ||
659 ((UINTN)(~0) - SmmVariableHeader->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + SmmVariableHeader->DataSize)) {
660 //
661 // Prevent InfoSize overflow happen
662 //
663 Status = EFI_ACCESS_DENIED;
664 goto EXIT;
665 }
666 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)
667 + SmmVariableHeader->DataSize + SmmVariableHeader->NameSize;
668
669 //
670 // SMRAM range check already covered before
671 // Data buffer should not contain SMM range
672 //
673 if (InfoSize > CommBufferPayloadSize) {
674 DEBUG ((EFI_D_ERROR, "SetVariable: Data size exceed communication buffer size limit!\n"));
675 Status = EFI_ACCESS_DENIED;
676 goto EXIT;
677 }
678
679 if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {
680 //
681 // Make sure VariableName is A Null-terminated string.
682 //
683 Status = EFI_ACCESS_DENIED;
684 goto EXIT;
685 }
686
687 Status = VariableServiceSetVariable (
688 SmmVariableHeader->Name,
689 &SmmVariableHeader->Guid,
690 SmmVariableHeader->Attributes,
691 SmmVariableHeader->DataSize,
692 (UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->NameSize
693 );
694 break;
695
696 case SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO:
697 if (CommBufferPayloadSize < sizeof (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO)) {
698 DEBUG ((EFI_D_ERROR, "QueryVariableInfo: SMM communication buffer size invalid!\n"));
699 return EFI_SUCCESS;
700 }
701 QueryVariableInfo = (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *) SmmVariableFunctionHeader->Data;
702
703 Status = VariableServiceQueryVariableInfo (
704 QueryVariableInfo->Attributes,
705 &QueryVariableInfo->MaximumVariableStorageSize,
706 &QueryVariableInfo->RemainingVariableStorageSize,
707 &QueryVariableInfo->MaximumVariableSize
708 );
709 break;
710
711 case SMM_VARIABLE_FUNCTION_READY_TO_BOOT:
712 mEndOfDxe = TRUE;
713 if (AtRuntime()) {
714 Status = EFI_UNSUPPORTED;
715 break;
716 }
717 ReclaimForOS ();
718 Status = EFI_SUCCESS;
719 break;
720
721 case SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE:
722 mAtRuntime = TRUE;
723 Status = EFI_SUCCESS;
724 break;
725
726 case SMM_VARIABLE_FUNCTION_GET_STATISTICS:
727 VariableInfo = (VARIABLE_INFO_ENTRY *) SmmVariableFunctionHeader->Data;
728 InfoSize = TempCommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
729
730 //
731 // Do not need to check SmmVariableFunctionHeader->Data in SMRAM here.
732 // It is covered by previous CommBuffer check
733 //
734
735 if (InternalIsAddressInSmram ((EFI_PHYSICAL_ADDRESS)(UINTN)CommBufferSize, sizeof(UINTN))) {
736 DEBUG ((EFI_D_ERROR, "GetStatistics: SMM communication buffer in SMRAM!\n"));
737 Status = EFI_ACCESS_DENIED;
738 goto EXIT;
739 }
740
741 Status = SmmVariableGetStatistics (VariableInfo, &InfoSize);
742 *CommBufferSize = InfoSize + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
743 break;
744
745 case SMM_VARIABLE_FUNCTION_LOCK_VARIABLE:
746 if (mEndOfDxe) {
747 Status = EFI_ACCESS_DENIED;
748 } else {
749 VariableToLock = (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *) SmmVariableFunctionHeader->Data;
750 Status = VariableLockRequestToLock (
751 NULL,
752 VariableToLock->Name,
753 &VariableToLock->Guid
754 );
755 }
756 break;
757
758 default:
759 Status = EFI_UNSUPPORTED;
760 }
761
762 EXIT:
763
764 SmmVariableFunctionHeader->ReturnStatus = Status;
765 return EFI_SUCCESS;
766 }
767
768 /**
769 SMM END_OF_DXE protocol notification event handler.
770
771 @param Protocol Points to the protocol's unique identifier
772 @param Interface Points to the interface instance
773 @param Handle The handle on which the interface was installed
774
775 @retval EFI_SUCCESS SmmEndOfDxeCallback runs successfully
776
777 **/
778 EFI_STATUS
779 EFIAPI
780 SmmEndOfDxeCallback (
781 IN CONST EFI_GUID *Protocol,
782 IN VOID *Interface,
783 IN EFI_HANDLE Handle
784 )
785 {
786 DEBUG ((EFI_D_INFO, "[Variable]END_OF_DXE is signaled\n"));
787 mEndOfDxe = TRUE;
788 return EFI_SUCCESS;
789 }
790
791 /**
792 SMM Fault Tolerant Write protocol notification event handler.
793
794 Non-Volatile variable write may needs FTW protocol to reclaim when
795 writting variable.
796
797 @param Protocol Points to the protocol's unique identifier
798 @param Interface Points to the interface instance
799 @param Handle The handle on which the interface was installed
800
801 @retval EFI_SUCCESS SmmEventCallback runs successfully
802 @retval EFI_NOT_FOUND The Fvb protocol for variable is not found.
803
804 **/
805 EFI_STATUS
806 EFIAPI
807 SmmFtwNotificationEvent (
808 IN CONST EFI_GUID *Protocol,
809 IN VOID *Interface,
810 IN EFI_HANDLE Handle
811 )
812 {
813 EFI_STATUS Status;
814 EFI_SMM_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbProtocol;
815 EFI_SMM_FAULT_TOLERANT_WRITE_PROTOCOL *FtwProtocol;
816 EFI_PHYSICAL_ADDRESS NvStorageVariableBase;
817 UINTN FtwMaxBlockSize;
818
819 if (mVariableModuleGlobal->FvbInstance != NULL) {
820 return EFI_SUCCESS;
821 }
822
823 //
824 // Ensure SMM FTW protocol is installed.
825 //
826 Status = GetFtwProtocol ((VOID **)&FtwProtocol);
827 if (EFI_ERROR (Status)) {
828 return Status;
829 }
830
831 Status = FtwProtocol->GetMaxBlockSize (FtwProtocol, &FtwMaxBlockSize);
832 if (!EFI_ERROR (Status)) {
833 ASSERT (PcdGet32 (PcdFlashNvStorageVariableSize) <= FtwMaxBlockSize);
834 }
835
836 //
837 // Find the proper FVB protocol for variable.
838 //
839 NvStorageVariableBase = (EFI_PHYSICAL_ADDRESS) PcdGet64 (PcdFlashNvStorageVariableBase64);
840 if (NvStorageVariableBase == 0) {
841 NvStorageVariableBase = (EFI_PHYSICAL_ADDRESS) PcdGet32 (PcdFlashNvStorageVariableBase);
842 }
843 Status = GetFvbInfoByAddress (NvStorageVariableBase, NULL, &FvbProtocol);
844 if (EFI_ERROR (Status)) {
845 return EFI_NOT_FOUND;
846 }
847
848 mVariableModuleGlobal->FvbInstance = FvbProtocol;
849
850 Status = VariableWriteServiceInitialize ();
851 ASSERT_EFI_ERROR (Status);
852
853 //
854 // Notify the variable wrapper driver the variable write service is ready
855 //
856 Status = gBS->InstallProtocolInterface (
857 &mSmmVariableHandle,
858 &gSmmVariableWriteGuid,
859 EFI_NATIVE_INTERFACE,
860 NULL
861 );
862 ASSERT_EFI_ERROR (Status);
863
864 return EFI_SUCCESS;
865 }
866
867
868 /**
869 Variable Driver main entry point. The Variable driver places the 4 EFI
870 runtime services in the EFI System Table and installs arch protocols
871 for variable read and write services being available. It also registers
872 a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
873
874 @param[in] ImageHandle The firmware allocated handle for the EFI image.
875 @param[in] SystemTable A pointer to the EFI System Table.
876
877 @retval EFI_SUCCESS Variable service successfully initialized.
878
879 **/
880 EFI_STATUS
881 EFIAPI
882 VariableServiceInitialize (
883 IN EFI_HANDLE ImageHandle,
884 IN EFI_SYSTEM_TABLE *SystemTable
885 )
886 {
887 EFI_STATUS Status;
888 EFI_HANDLE VariableHandle;
889 VOID *SmmFtwRegistration;
890 EFI_SMM_ACCESS2_PROTOCOL *SmmAccess;
891 UINTN Size;
892 VOID *SmmEndOfDxeRegistration;
893
894 //
895 // Variable initialize.
896 //
897 Status = VariableCommonInitialize ();
898 ASSERT_EFI_ERROR (Status);
899
900 //
901 // Install the Smm Variable Protocol on a new handle.
902 //
903 VariableHandle = NULL;
904 Status = gSmst->SmmInstallProtocolInterface (
905 &VariableHandle,
906 &gEfiSmmVariableProtocolGuid,
907 EFI_NATIVE_INTERFACE,
908 &gSmmVariable
909 );
910 ASSERT_EFI_ERROR (Status);
911
912 //
913 // Get SMRAM information
914 //
915 Status = gBS->LocateProtocol (&gEfiSmmAccess2ProtocolGuid, NULL, (VOID **)&SmmAccess);
916 ASSERT_EFI_ERROR (Status);
917
918 Size = 0;
919 Status = SmmAccess->GetCapabilities (SmmAccess, &Size, NULL);
920 ASSERT (Status == EFI_BUFFER_TOO_SMALL);
921
922 Status = gSmst->SmmAllocatePool (
923 EfiRuntimeServicesData,
924 Size,
925 (VOID **)&mSmramRanges
926 );
927 ASSERT_EFI_ERROR (Status);
928
929 Status = SmmAccess->GetCapabilities (SmmAccess, &Size, mSmramRanges);
930 ASSERT_EFI_ERROR (Status);
931
932 mSmramRangeCount = Size / sizeof (EFI_SMRAM_DESCRIPTOR);
933
934 mVariableBufferPayloadSize = MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize)) +
935 OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) - sizeof (VARIABLE_HEADER);
936
937 Status = gSmst->SmmAllocatePool (
938 EfiRuntimeServicesData,
939 mVariableBufferPayloadSize,
940 (VOID **)&mVariableBufferPayload
941 );
942 ASSERT_EFI_ERROR (Status);
943
944 ///
945 /// Register SMM variable SMI handler
946 ///
947 VariableHandle = NULL;
948 Status = gSmst->SmiHandlerRegister (SmmVariableHandler, &gEfiSmmVariableProtocolGuid, &VariableHandle);
949 ASSERT_EFI_ERROR (Status);
950
951 //
952 // Notify the variable wrapper driver the variable service is ready
953 //
954 Status = SystemTable->BootServices->InstallProtocolInterface (
955 &mVariableHandle,
956 &gEfiSmmVariableProtocolGuid,
957 EFI_NATIVE_INTERFACE,
958 &gSmmVariable
959 );
960 ASSERT_EFI_ERROR (Status);
961
962 //
963 // Register EFI_SMM_END_OF_DXE_PROTOCOL_GUID notify function.
964 //
965 Status = gSmst->SmmRegisterProtocolNotify (
966 &gEfiSmmEndOfDxeProtocolGuid,
967 SmmEndOfDxeCallback,
968 &SmmEndOfDxeRegistration
969 );
970 ASSERT_EFI_ERROR (Status);
971
972 //
973 // Register FtwNotificationEvent () notify function.
974 //
975 Status = gSmst->SmmRegisterProtocolNotify (
976 &gEfiSmmFaultTolerantWriteProtocolGuid,
977 SmmFtwNotificationEvent,
978 &SmmFtwRegistration
979 );
980 ASSERT_EFI_ERROR (Status);
981
982 SmmFtwNotificationEvent (NULL, NULL, NULL);
983
984 return EFI_SUCCESS;
985 }
986
987
EFI Development Kit II mirror for PVE