]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
SecurityPkg Variable: Implement variable quota management.
[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / RuntimeDxe / VariableSmm.c
1 /** @file
2 The sample implementation for SMM variable protocol. And this driver
3 implements an SMI handler to communicate with the DXE runtime driver
4 to provide variable services.
5
6 Caution: This module requires additional review when modified.
7 This driver will have external input - variable data and communicate buffer in SMM mode.
8 This external input must be validated carefully to avoid security issue like
9 buffer overflow, integer overflow.
10
11 SmmVariableHandler() will receive untrusted input and do basic validation.
12
13 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(),
14 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
15 SmmVariableGetStatistics() should also do validation based on its own knowledge.
16
17 Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
18 This program and the accompanying materials
19 are licensed and made available under the terms and conditions of the BSD License
20 which accompanies this distribution. The full text of the license may be found at
21 http://opensource.org/licenses/bsd-license.php
22
23 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
24 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
25
26 **/
27
28 #include <Protocol/SmmVariable.h>
29 #include <Protocol/SmmFirmwareVolumeBlock.h>
30 #include <Protocol/SmmFaultTolerantWrite.h>
31 #include <Protocol/SmmAccess2.h>
32 #include <Protocol/SmmEndOfDxe.h>
33 #include <Protocol/SmmVarCheck.h>
34
35 #include <Library/SmmServicesTableLib.h>
36
37 #include <Guid/AuthenticatedVariableFormat.h>
38 #include <Guid/SmmVariableCommon.h>
39 #include "Variable.h"
40
41 EFI_SMRAM_DESCRIPTOR *mSmramRanges;
42 UINTN mSmramRangeCount;
43
44 extern VARIABLE_INFO_ENTRY *gVariableInfo;
45 EFI_HANDLE mSmmVariableHandle = NULL;
46 EFI_HANDLE mVariableHandle = NULL;
47 BOOLEAN mAtRuntime = FALSE;
48 EFI_GUID mZeroGuid = {0, 0, 0, {0, 0, 0, 0, 0, 0, 0, 0}};
49 UINT8 *mVariableBufferPayload = NULL;
50 UINTN mVariableBufferPayloadSize;
51 extern BOOLEAN mEndOfDxe;
52 extern BOOLEAN mEnableLocking;
53
54 /**
55 SecureBoot Hook for SetVariable.
56
57 @param[in] VariableName Name of Variable to be found.
58 @param[in] VendorGuid Variable vendor GUID.
59
60 **/
61 VOID
62 EFIAPI
63 SecureBootHook (
64 IN CHAR16 *VariableName,
65 IN EFI_GUID *VendorGuid
66 )
67 {
68 return ;
69 }
70
71 /**
72
73 This code sets variable in storage blocks (Volatile or Non-Volatile).
74
75 @param VariableName Name of Variable to be found.
76 @param VendorGuid Variable vendor GUID.
77 @param Attributes Attribute value of the variable found
78 @param DataSize Size of Data found. If size is less than the
79 data, this value contains the required size.
80 @param Data Data pointer.
81
82 @return EFI_INVALID_PARAMETER Invalid parameter.
83 @return EFI_SUCCESS Set successfully.
84 @return EFI_OUT_OF_RESOURCES Resource not enough to set variable.
85 @return EFI_NOT_FOUND Not found.
86 @return EFI_WRITE_PROTECTED Variable is read-only.
87
88 **/
89 EFI_STATUS
90 EFIAPI
91 SmmVariableSetVariable (
92 IN CHAR16 *VariableName,
93 IN EFI_GUID *VendorGuid,
94 IN UINT32 Attributes,
95 IN UINTN DataSize,
96 IN VOID *Data
97 )
98 {
99 EFI_STATUS Status;
100
101 //
102 // Disable write protection when the calling SetVariable() through EFI_SMM_VARIABLE_PROTOCOL.
103 //
104 mEnableLocking = FALSE;
105 Status = VariableServiceSetVariable (
106 VariableName,
107 VendorGuid,
108 Attributes,
109 DataSize,
110 Data
111 );
112 mEnableLocking = TRUE;
113 return Status;
114 }
115
116 EFI_SMM_VARIABLE_PROTOCOL gSmmVariable = {
117 VariableServiceGetVariable,
118 VariableServiceGetNextVariableName,
119 SmmVariableSetVariable,
120 VariableServiceQueryVariableInfo
121 };
122
123 EDKII_SMM_VAR_CHECK_PROTOCOL mSmmVarCheck = { VarCheckRegisterSetVariableCheckHandler,
124 VarCheckVariablePropertySet,
125 VarCheckVariablePropertyGet };
126
127 /**
128 Return TRUE if ExitBootServices () has been called.
129
130 @retval TRUE If ExitBootServices () has been called.
131 **/
132 BOOLEAN
133 AtRuntime (
134 VOID
135 )
136 {
137 return mAtRuntime;
138 }
139
140 /**
141 This function check if the address is in SMRAM.
142
143 @param Buffer the buffer address to be checked.
144 @param Length the buffer length to be checked.
145
146 @retval TRUE this address is in SMRAM.
147 @retval FALSE this address is NOT in SMRAM.
148 **/
149 BOOLEAN
150 InternalIsAddressInSmram (
151 IN EFI_PHYSICAL_ADDRESS Buffer,
152 IN UINT64 Length
153 )
154 {
155 UINTN Index;
156
157 for (Index = 0; Index < mSmramRangeCount; Index ++) {
158 if (((Buffer >= mSmramRanges[Index].CpuStart) && (Buffer < mSmramRanges[Index].CpuStart + mSmramRanges[Index].PhysicalSize)) ||
159 ((mSmramRanges[Index].CpuStart >= Buffer) && (mSmramRanges[Index].CpuStart < Buffer + Length))) {
160 return TRUE;
161 }
162 }
163
164 return FALSE;
165 }
166
167 /**
168 This function check if the address refered by Buffer and Length is valid.
169
170 @param Buffer the buffer address to be checked.
171 @param Length the buffer length to be checked.
172
173 @retval TRUE this address is valid.
174 @retval FALSE this address is NOT valid.
175 **/
176 BOOLEAN
177 InternalIsAddressValid (
178 IN UINTN Buffer,
179 IN UINTN Length
180 )
181 {
182 if (Buffer > (MAX_ADDRESS - Length)) {
183 //
184 // Overflow happen
185 //
186 return FALSE;
187 }
188 if (InternalIsAddressInSmram ((EFI_PHYSICAL_ADDRESS)Buffer, (UINT64)Length)) {
189 return FALSE;
190 }
191 return TRUE;
192 }
193
194 /**
195 Initializes a basic mutual exclusion lock.
196
197 This function initializes a basic mutual exclusion lock to the released state
198 and returns the lock. Each lock provides mutual exclusion access at its task
199 priority level. Since there is no preemption or multiprocessor support in EFI,
200 acquiring the lock only consists of raising to the locks TPL.
201 If Lock is NULL, then ASSERT().
202 If Priority is not a valid TPL value, then ASSERT().
203
204 @param Lock A pointer to the lock data structure to initialize.
205 @param Priority EFI TPL is associated with the lock.
206
207 @return The lock.
208
209 **/
210 EFI_LOCK *
211 InitializeLock (
212 IN OUT EFI_LOCK *Lock,
213 IN EFI_TPL Priority
214 )
215 {
216 return Lock;
217 }
218
219 /**
220 Acquires lock only at boot time. Simply returns at runtime.
221
222 This is a temperary function that will be removed when
223 EfiAcquireLock() in UefiLib can handle the call in UEFI
224 Runtimer driver in RT phase.
225 It calls EfiAcquireLock() at boot time, and simply returns
226 at runtime.
227
228 @param Lock A pointer to the lock to acquire.
229
230 **/
231 VOID
232 AcquireLockOnlyAtBootTime (
233 IN EFI_LOCK *Lock
234 )
235 {
236
237 }
238
239
240 /**
241 Releases lock only at boot time. Simply returns at runtime.
242
243 This is a temperary function which will be removed when
244 EfiReleaseLock() in UefiLib can handle the call in UEFI
245 Runtimer driver in RT phase.
246 It calls EfiReleaseLock() at boot time and simply returns
247 at runtime.
248
249 @param Lock A pointer to the lock to release.
250
251 **/
252 VOID
253 ReleaseLockOnlyAtBootTime (
254 IN EFI_LOCK *Lock
255 )
256 {
257
258 }
259
260 /**
261 Retrive the SMM Fault Tolerent Write protocol interface.
262
263 @param[out] FtwProtocol The interface of SMM Ftw protocol
264
265 @retval EFI_SUCCESS The SMM FTW protocol instance was found and returned in FtwProtocol.
266 @retval EFI_NOT_FOUND The SMM FTW protocol instance was not found.
267 @retval EFI_INVALID_PARAMETER SarProtocol is NULL.
268
269 **/
270 EFI_STATUS
271 GetFtwProtocol (
272 OUT VOID **FtwProtocol
273 )
274 {
275 EFI_STATUS Status;
276
277 //
278 // Locate Smm Fault Tolerent Write protocol
279 //
280 Status = gSmst->SmmLocateProtocol (
281 &gEfiSmmFaultTolerantWriteProtocolGuid,
282 NULL,
283 FtwProtocol
284 );
285 return Status;
286 }
287
288
289 /**
290 Retrive the SMM FVB protocol interface by HANDLE.
291
292 @param[in] FvBlockHandle The handle of SMM FVB protocol that provides services for
293 reading, writing, and erasing the target block.
294 @param[out] FvBlock The interface of SMM FVB protocol
295
296 @retval EFI_SUCCESS The interface information for the specified protocol was returned.
297 @retval EFI_UNSUPPORTED The device does not support the SMM FVB protocol.
298 @retval EFI_INVALID_PARAMETER FvBlockHandle is not a valid EFI_HANDLE or FvBlock is NULL.
299
300 **/
301 EFI_STATUS
302 GetFvbByHandle (
303 IN EFI_HANDLE FvBlockHandle,
304 OUT EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL **FvBlock
305 )
306 {
307 //
308 // To get the SMM FVB protocol interface on the handle
309 //
310 return gSmst->SmmHandleProtocol (
311 FvBlockHandle,
312 &gEfiSmmFirmwareVolumeBlockProtocolGuid,
313 (VOID **) FvBlock
314 );
315 }
316
317
318 /**
319 Function returns an array of handles that support the SMM FVB protocol
320 in a buffer allocated from pool.
321
322 @param[out] NumberHandles The number of handles returned in Buffer.
323 @param[out] Buffer A pointer to the buffer to return the requested
324 array of handles that support SMM FVB protocol.
325
326 @retval EFI_SUCCESS The array of handles was returned in Buffer, and the number of
327 handles in Buffer was returned in NumberHandles.
328 @retval EFI_NOT_FOUND No SMM FVB handle was found.
329 @retval EFI_OUT_OF_RESOURCES There is not enough pool memory to store the matching results.
330 @retval EFI_INVALID_PARAMETER NumberHandles is NULL or Buffer is NULL.
331
332 **/
333 EFI_STATUS
334 GetFvbCountAndBuffer (
335 OUT UINTN *NumberHandles,
336 OUT EFI_HANDLE **Buffer
337 )
338 {
339 EFI_STATUS Status;
340 UINTN BufferSize;
341
342 if ((NumberHandles == NULL) || (Buffer == NULL)) {
343 return EFI_INVALID_PARAMETER;
344 }
345
346 BufferSize = 0;
347 *NumberHandles = 0;
348 *Buffer = NULL;
349 Status = gSmst->SmmLocateHandle (
350 ByProtocol,
351 &gEfiSmmFirmwareVolumeBlockProtocolGuid,
352 NULL,
353 &BufferSize,
354 *Buffer
355 );
356 if (EFI_ERROR(Status) && Status != EFI_BUFFER_TOO_SMALL) {
357 return EFI_NOT_FOUND;
358 }
359
360 *Buffer = AllocatePool (BufferSize);
361 if (*Buffer == NULL) {
362 return EFI_OUT_OF_RESOURCES;
363 }
364
365 Status = gSmst->SmmLocateHandle (
366 ByProtocol,
367 &gEfiSmmFirmwareVolumeBlockProtocolGuid,
368 NULL,
369 &BufferSize,
370 *Buffer
371 );
372
373 *NumberHandles = BufferSize / sizeof(EFI_HANDLE);
374 if (EFI_ERROR(Status)) {
375 *NumberHandles = 0;
376 FreePool (*Buffer);
377 *Buffer = NULL;
378 }
379
380 return Status;
381 }
382
383
384 /**
385 Get the variable statistics information from the information buffer pointed by gVariableInfo.
386
387 Caution: This function may be invoked at SMM runtime.
388 InfoEntry and InfoSize are external input. Care must be taken to make sure not security issue at runtime.
389
390 @param[in, out] InfoEntry A pointer to the buffer of variable information entry.
391 On input, point to the variable information returned last time. if
392 InfoEntry->VendorGuid is zero, return the first information.
393 On output, point to the next variable information.
394 @param[in, out] InfoSize On input, the size of the variable information buffer.
395 On output, the returned variable information size.
396
397 @retval EFI_SUCCESS The variable information is found and returned successfully.
398 @retval EFI_UNSUPPORTED No variable inoformation exists in variable driver. The
399 PcdVariableCollectStatistics should be set TRUE to support it.
400 @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the next variable information.
401 @retval EFI_INVALID_PARAMETER Input parameter is invalid.
402
403 **/
404 EFI_STATUS
405 SmmVariableGetStatistics (
406 IN OUT VARIABLE_INFO_ENTRY *InfoEntry,
407 IN OUT UINTN *InfoSize
408 )
409 {
410 VARIABLE_INFO_ENTRY *VariableInfo;
411 UINTN NameLength;
412 UINTN StatisticsInfoSize;
413 CHAR16 *InfoName;
414 EFI_GUID VendorGuid;
415
416 if (InfoEntry == NULL) {
417 return EFI_INVALID_PARAMETER;
418 }
419
420 VariableInfo = gVariableInfo;
421 if (VariableInfo == NULL) {
422 return EFI_UNSUPPORTED;
423 }
424
425 StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + StrSize (VariableInfo->Name);
426 if (*InfoSize < StatisticsInfoSize) {
427 *InfoSize = StatisticsInfoSize;
428 return EFI_BUFFER_TOO_SMALL;
429 }
430 InfoName = (CHAR16 *)(InfoEntry + 1);
431
432 CopyGuid (&VendorGuid, &InfoEntry->VendorGuid);
433
434 if (CompareGuid (&VendorGuid, &mZeroGuid)) {
435 //
436 // Return the first variable info
437 //
438 CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY));
439 CopyMem (InfoName, VariableInfo->Name, StrSize (VariableInfo->Name));
440 *InfoSize = StatisticsInfoSize;
441 return EFI_SUCCESS;
442 }
443
444 //
445 // Get the next variable info
446 //
447 while (VariableInfo != NULL) {
448 if (CompareGuid (&VariableInfo->VendorGuid, &VendorGuid)) {
449 NameLength = StrSize (VariableInfo->Name);
450 if (NameLength == StrSize (InfoName)) {
451 if (CompareMem (VariableInfo->Name, InfoName, NameLength) == 0) {
452 //
453 // Find the match one
454 //
455 VariableInfo = VariableInfo->Next;
456 break;
457 }
458 }
459 }
460 VariableInfo = VariableInfo->Next;
461 };
462
463 if (VariableInfo == NULL) {
464 *InfoSize = 0;
465 return EFI_SUCCESS;
466 }
467
468 //
469 // Output the new variable info
470 //
471 StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + StrSize (VariableInfo->Name);
472 if (*InfoSize < StatisticsInfoSize) {
473 *InfoSize = StatisticsInfoSize;
474 return EFI_BUFFER_TOO_SMALL;
475 }
476
477 CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY));
478 CopyMem (InfoName, VariableInfo->Name, StrSize (VariableInfo->Name));
479 *InfoSize = StatisticsInfoSize;
480
481 return EFI_SUCCESS;
482 }
483
484
485 /**
486 Communication service SMI Handler entry.
487
488 This SMI handler provides services for the variable wrapper driver.
489
490 Caution: This function may receive untrusted input.
491 This variable data and communicate buffer are external input, so this function will do basic validation.
492 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(),
493 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
494 SmmVariableGetStatistics() should also do validation based on its own knowledge.
495
496 @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().
497 @param[in] RegisterContext Points to an optional handler context which was specified when the
498 handler was registered.
499 @param[in, out] CommBuffer A pointer to a collection of data in memory that will
500 be conveyed from a non-SMM environment into an SMM environment.
501 @param[in, out] CommBufferSize The size of the CommBuffer.
502
503 @retval EFI_SUCCESS The interrupt was handled and quiesced. No other handlers
504 should still be called.
505 @retval EFI_WARN_INTERRUPT_SOURCE_QUIESCED The interrupt has been quiesced but other handlers should
506 still be called.
507 @retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still pending and other handlers should still
508 be called.
509 @retval EFI_INTERRUPT_PENDING The interrupt could not be quiesced.
510
511 **/
512 EFI_STATUS
513 EFIAPI
514 SmmVariableHandler (
515 IN EFI_HANDLE DispatchHandle,
516 IN CONST VOID *RegisterContext,
517 IN OUT VOID *CommBuffer,
518 IN OUT UINTN *CommBufferSize
519 )
520 {
521 EFI_STATUS Status;
522 SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHeader;
523 SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *SmmVariableHeader;
524 SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *GetNextVariableName;
525 SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *QueryVariableInfo;
526 VARIABLE_INFO_ENTRY *VariableInfo;
527 SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *VariableToLock;
528 SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *CommVariableProperty;
529 UINTN InfoSize;
530 UINTN NameBufferSize;
531 UINTN CommBufferPayloadSize;
532 UINTN TempCommBufferSize;
533
534 //
535 // If input is invalid, stop processing this SMI
536 //
537 if (CommBuffer == NULL || CommBufferSize == NULL) {
538 return EFI_SUCCESS;
539 }
540
541 TempCommBufferSize = *CommBufferSize;
542
543 if (TempCommBufferSize < SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {
544 DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer size invalid!\n"));
545 return EFI_SUCCESS;
546 }
547 CommBufferPayloadSize = TempCommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
548 if (CommBufferPayloadSize > mVariableBufferPayloadSize) {
549 DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer payload size invalid!\n"));
550 return EFI_SUCCESS;
551 }
552
553 if (!InternalIsAddressValid ((UINTN)CommBuffer, TempCommBufferSize)) {
554 DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer in SMRAM or overflow!\n"));
555 return EFI_SUCCESS;
556 }
557
558 SmmVariableFunctionHeader = (SMM_VARIABLE_COMMUNICATE_HEADER *)CommBuffer;
559
560 switch (SmmVariableFunctionHeader->Function) {
561 case SMM_VARIABLE_FUNCTION_GET_VARIABLE:
562 if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) {
563 DEBUG ((EFI_D_ERROR, "GetVariable: SMM communication buffer size invalid!\n"));
564 return EFI_SUCCESS;
565 }
566 //
567 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
568 //
569 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);
570 SmmVariableHeader = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *) mVariableBufferPayload;
571 if (((UINTN)(~0) - SmmVariableHeader->DataSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) ||
572 ((UINTN)(~0) - SmmVariableHeader->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + SmmVariableHeader->DataSize)) {
573 //
574 // Prevent InfoSize overflow happen
575 //
576 Status = EFI_ACCESS_DENIED;
577 goto EXIT;
578 }
579 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)
580 + SmmVariableHeader->DataSize + SmmVariableHeader->NameSize;
581
582 //
583 // SMRAM range check already covered before
584 //
585 if (InfoSize > CommBufferPayloadSize) {
586 DEBUG ((EFI_D_ERROR, "GetVariable: Data size exceed communication buffer size limit!\n"));
587 Status = EFI_ACCESS_DENIED;
588 goto EXIT;
589 }
590
591 if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {
592 //
593 // Make sure VariableName is A Null-terminated string.
594 //
595 Status = EFI_ACCESS_DENIED;
596 goto EXIT;
597 }
598
599 Status = VariableServiceGetVariable (
600 SmmVariableHeader->Name,
601 &SmmVariableHeader->Guid,
602 &SmmVariableHeader->Attributes,
603 &SmmVariableHeader->DataSize,
604 (UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->NameSize
605 );
606 CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);
607 break;
608
609 case SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME:
610 if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {
611 DEBUG ((EFI_D_ERROR, "GetNextVariableName: SMM communication buffer size invalid!\n"));
612 return EFI_SUCCESS;
613 }
614 //
615 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
616 //
617 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);
618 GetNextVariableName = (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *) mVariableBufferPayload;
619 if ((UINTN)(~0) - GetNextVariableName->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {
620 //
621 // Prevent InfoSize overflow happen
622 //
623 Status = EFI_ACCESS_DENIED;
624 goto EXIT;
625 }
626 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name) + GetNextVariableName->NameSize;
627
628 //
629 // SMRAM range check already covered before
630 //
631 if (InfoSize > CommBufferPayloadSize) {
632 DEBUG ((EFI_D_ERROR, "GetNextVariableName: Data size exceed communication buffer size limit!\n"));
633 Status = EFI_ACCESS_DENIED;
634 goto EXIT;
635 }
636
637 NameBufferSize = CommBufferPayloadSize - OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name);
638 if (NameBufferSize < sizeof (CHAR16) || GetNextVariableName->Name[NameBufferSize/sizeof (CHAR16) - 1] != L'\0') {
639 //
640 // Make sure input VariableName is A Null-terminated string.
641 //
642 Status = EFI_ACCESS_DENIED;
643 goto EXIT;
644 }
645
646 Status = VariableServiceGetNextVariableName (
647 &GetNextVariableName->NameSize,
648 GetNextVariableName->Name,
649 &GetNextVariableName->Guid
650 );
651 CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);
652 break;
653
654 case SMM_VARIABLE_FUNCTION_SET_VARIABLE:
655 if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) {
656 DEBUG ((EFI_D_ERROR, "SetVariable: SMM communication buffer size invalid!\n"));
657 return EFI_SUCCESS;
658 }
659 //
660 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
661 //
662 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);
663 SmmVariableHeader = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *) mVariableBufferPayload;
664 if (((UINTN)(~0) - SmmVariableHeader->DataSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) ||
665 ((UINTN)(~0) - SmmVariableHeader->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + SmmVariableHeader->DataSize)) {
666 //
667 // Prevent InfoSize overflow happen
668 //
669 Status = EFI_ACCESS_DENIED;
670 goto EXIT;
671 }
672 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)
673 + SmmVariableHeader->DataSize + SmmVariableHeader->NameSize;
674
675 //
676 // SMRAM range check already covered before
677 // Data buffer should not contain SMM range
678 //
679 if (InfoSize > CommBufferPayloadSize) {
680 DEBUG ((EFI_D_ERROR, "SetVariable: Data size exceed communication buffer size limit!\n"));
681 Status = EFI_ACCESS_DENIED;
682 goto EXIT;
683 }
684
685 if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {
686 //
687 // Make sure VariableName is A Null-terminated string.
688 //
689 Status = EFI_ACCESS_DENIED;
690 goto EXIT;
691 }
692
693 Status = VariableServiceSetVariable (
694 SmmVariableHeader->Name,
695 &SmmVariableHeader->Guid,
696 SmmVariableHeader->Attributes,
697 SmmVariableHeader->DataSize,
698 (UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->NameSize
699 );
700 break;
701
702 case SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO:
703 if (CommBufferPayloadSize < sizeof (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO)) {
704 DEBUG ((EFI_D_ERROR, "QueryVariableInfo: SMM communication buffer size invalid!\n"));
705 return EFI_SUCCESS;
706 }
707 QueryVariableInfo = (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *) SmmVariableFunctionHeader->Data;
708
709 Status = VariableServiceQueryVariableInfo (
710 QueryVariableInfo->Attributes,
711 &QueryVariableInfo->MaximumVariableStorageSize,
712 &QueryVariableInfo->RemainingVariableStorageSize,
713 &QueryVariableInfo->MaximumVariableSize
714 );
715 break;
716
717 case SMM_VARIABLE_FUNCTION_READY_TO_BOOT:
718 mEndOfDxe = TRUE;
719 //
720 // The initialization for variable quota.
721 //
722 InitializeVariableQuota ();
723 if (AtRuntime()) {
724 Status = EFI_UNSUPPORTED;
725 break;
726 }
727 ReclaimForOS ();
728 Status = EFI_SUCCESS;
729 break;
730
731 case SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE:
732 mAtRuntime = TRUE;
733 Status = EFI_SUCCESS;
734 break;
735
736 case SMM_VARIABLE_FUNCTION_GET_STATISTICS:
737 VariableInfo = (VARIABLE_INFO_ENTRY *) SmmVariableFunctionHeader->Data;
738 InfoSize = TempCommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
739
740 //
741 // Do not need to check SmmVariableFunctionHeader->Data in SMRAM here.
742 // It is covered by previous CommBuffer check
743 //
744
745 if (InternalIsAddressInSmram ((EFI_PHYSICAL_ADDRESS)(UINTN)CommBufferSize, sizeof(UINTN))) {
746 DEBUG ((EFI_D_ERROR, "GetStatistics: SMM communication buffer in SMRAM!\n"));
747 Status = EFI_ACCESS_DENIED;
748 goto EXIT;
749 }
750
751 Status = SmmVariableGetStatistics (VariableInfo, &InfoSize);
752 *CommBufferSize = InfoSize + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
753 break;
754
755 case SMM_VARIABLE_FUNCTION_LOCK_VARIABLE:
756 if (mEndOfDxe) {
757 Status = EFI_ACCESS_DENIED;
758 } else {
759 VariableToLock = (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *) SmmVariableFunctionHeader->Data;
760 Status = VariableLockRequestToLock (
761 NULL,
762 VariableToLock->Name,
763 &VariableToLock->Guid
764 );
765 }
766 break;
767 case SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_SET:
768 if (mEndOfDxe) {
769 Status = EFI_ACCESS_DENIED;
770 } else {
771 CommVariableProperty = (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *) SmmVariableFunctionHeader->Data;
772 Status = VarCheckVariablePropertySet (
773 CommVariableProperty->Name,
774 &CommVariableProperty->Guid,
775 &CommVariableProperty->VariableProperty
776 );
777 }
778 break;
779 case SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_GET:
780 if (CommBufferPayloadSize < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) {
781 DEBUG ((EFI_D_ERROR, "VarCheckVariablePropertyGet: SMM communication buffer size invalid!\n"));
782 return EFI_SUCCESS;
783 }
784 //
785 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
786 //
787 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);
788 CommVariableProperty = (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *) mVariableBufferPayload;
789 if ((UINTN) (~0) - CommVariableProperty->NameSize < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) {
790 //
791 // Prevent InfoSize overflow happen
792 //
793 Status = EFI_ACCESS_DENIED;
794 goto EXIT;
795 }
796 InfoSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) + CommVariableProperty->NameSize;
797
798 //
799 // SMRAM range check already covered before
800 //
801 if (InfoSize > CommBufferPayloadSize) {
802 DEBUG ((EFI_D_ERROR, "VarCheckVariablePropertyGet: Data size exceed communication buffer size limit!\n"));
803 Status = EFI_ACCESS_DENIED;
804 goto EXIT;
805 }
806
807 if (CommVariableProperty->NameSize < sizeof (CHAR16) || CommVariableProperty->Name[CommVariableProperty->NameSize/sizeof (CHAR16) - 1] != L'\0') {
808 //
809 // Make sure VariableName is A Null-terminated string.
810 //
811 Status = EFI_ACCESS_DENIED;
812 goto EXIT;
813 }
814
815 Status = VarCheckVariablePropertyGet (
816 CommVariableProperty->Name,
817 &CommVariableProperty->Guid,
818 &CommVariableProperty->VariableProperty
819 );
820 CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);
821 break;
822
823 default:
824 Status = EFI_UNSUPPORTED;
825 }
826
827 EXIT:
828
829 SmmVariableFunctionHeader->ReturnStatus = Status;
830 return EFI_SUCCESS;
831 }
832
833 /**
834 SMM END_OF_DXE protocol notification event handler.
835
836 @param Protocol Points to the protocol's unique identifier
837 @param Interface Points to the interface instance
838 @param Handle The handle on which the interface was installed
839
840 @retval EFI_SUCCESS SmmEndOfDxeCallback runs successfully
841
842 **/
843 EFI_STATUS
844 EFIAPI
845 SmmEndOfDxeCallback (
846 IN CONST EFI_GUID *Protocol,
847 IN VOID *Interface,
848 IN EFI_HANDLE Handle
849 )
850 {
851 DEBUG ((EFI_D_INFO, "[Variable]END_OF_DXE is signaled\n"));
852 mEndOfDxe = TRUE;
853 //
854 // The initialization for variable quota.
855 //
856 InitializeVariableQuota ();
857 return EFI_SUCCESS;
858 }
859
860 /**
861 SMM Fault Tolerant Write protocol notification event handler.
862
863 Non-Volatile variable write may needs FTW protocol to reclaim when
864 writting variable.
865
866 @param Protocol Points to the protocol's unique identifier
867 @param Interface Points to the interface instance
868 @param Handle The handle on which the interface was installed
869
870 @retval EFI_SUCCESS SmmEventCallback runs successfully
871 @retval EFI_NOT_FOUND The Fvb protocol for variable is not found.
872
873 **/
874 EFI_STATUS
875 EFIAPI
876 SmmFtwNotificationEvent (
877 IN CONST EFI_GUID *Protocol,
878 IN VOID *Interface,
879 IN EFI_HANDLE Handle
880 )
881 {
882 EFI_STATUS Status;
883 EFI_SMM_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbProtocol;
884 EFI_SMM_FAULT_TOLERANT_WRITE_PROTOCOL *FtwProtocol;
885 EFI_PHYSICAL_ADDRESS NvStorageVariableBase;
886 UINTN FtwMaxBlockSize;
887
888 if (mVariableModuleGlobal->FvbInstance != NULL) {
889 return EFI_SUCCESS;
890 }
891
892 //
893 // Ensure SMM FTW protocol is installed.
894 //
895 Status = GetFtwProtocol ((VOID **)&FtwProtocol);
896 if (EFI_ERROR (Status)) {
897 return Status;
898 }
899
900 Status = FtwProtocol->GetMaxBlockSize (FtwProtocol, &FtwMaxBlockSize);
901 if (!EFI_ERROR (Status)) {
902 ASSERT (PcdGet32 (PcdFlashNvStorageVariableSize) <= FtwMaxBlockSize);
903 }
904
905 //
906 // Find the proper FVB protocol for variable.
907 //
908 NvStorageVariableBase = (EFI_PHYSICAL_ADDRESS) PcdGet64 (PcdFlashNvStorageVariableBase64);
909 if (NvStorageVariableBase == 0) {
910 NvStorageVariableBase = (EFI_PHYSICAL_ADDRESS) PcdGet32 (PcdFlashNvStorageVariableBase);
911 }
912 Status = GetFvbInfoByAddress (NvStorageVariableBase, NULL, &FvbProtocol);
913 if (EFI_ERROR (Status)) {
914 return EFI_NOT_FOUND;
915 }
916
917 mVariableModuleGlobal->FvbInstance = FvbProtocol;
918
919 Status = VariableWriteServiceInitialize ();
920 if (EFI_ERROR (Status)) {
921 DEBUG ((DEBUG_ERROR, "Variable write service initialization failed. Status = %r\n", Status));
922 }
923
924 //
925 // Notify the variable wrapper driver the variable write service is ready
926 //
927 Status = gBS->InstallProtocolInterface (
928 &mSmmVariableHandle,
929 &gSmmVariableWriteGuid,
930 EFI_NATIVE_INTERFACE,
931 NULL
932 );
933 ASSERT_EFI_ERROR (Status);
934
935 return EFI_SUCCESS;
936 }
937
938
939 /**
940 Variable Driver main entry point. The Variable driver places the 4 EFI
941 runtime services in the EFI System Table and installs arch protocols
942 for variable read and write services being available. It also registers
943 a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
944
945 @param[in] ImageHandle The firmware allocated handle for the EFI image.
946 @param[in] SystemTable A pointer to the EFI System Table.
947
948 @retval EFI_SUCCESS Variable service successfully initialized.
949
950 **/
951 EFI_STATUS
952 EFIAPI
953 VariableServiceInitialize (
954 IN EFI_HANDLE ImageHandle,
955 IN EFI_SYSTEM_TABLE *SystemTable
956 )
957 {
958 EFI_STATUS Status;
959 EFI_HANDLE VariableHandle;
960 VOID *SmmFtwRegistration;
961 EFI_SMM_ACCESS2_PROTOCOL *SmmAccess;
962 UINTN Size;
963 VOID *SmmEndOfDxeRegistration;
964
965 //
966 // Variable initialize.
967 //
968 Status = VariableCommonInitialize ();
969 ASSERT_EFI_ERROR (Status);
970
971 //
972 // Install the Smm Variable Protocol on a new handle.
973 //
974 VariableHandle = NULL;
975 Status = gSmst->SmmInstallProtocolInterface (
976 &VariableHandle,
977 &gEfiSmmVariableProtocolGuid,
978 EFI_NATIVE_INTERFACE,
979 &gSmmVariable
980 );
981 ASSERT_EFI_ERROR (Status);
982
983 Status = gSmst->SmmInstallProtocolInterface (
984 &VariableHandle,
985 &gEdkiiSmmVarCheckProtocolGuid,
986 EFI_NATIVE_INTERFACE,
987 &mSmmVarCheck
988 );
989 ASSERT_EFI_ERROR (Status);
990
991 //
992 // Get SMRAM information
993 //
994 Status = gBS->LocateProtocol (&gEfiSmmAccess2ProtocolGuid, NULL, (VOID **)&SmmAccess);
995 ASSERT_EFI_ERROR (Status);
996
997 Size = 0;
998 Status = SmmAccess->GetCapabilities (SmmAccess, &Size, NULL);
999 ASSERT (Status == EFI_BUFFER_TOO_SMALL);
1000
1001 Status = gSmst->SmmAllocatePool (
1002 EfiRuntimeServicesData,
1003 Size,
1004 (VOID **)&mSmramRanges
1005 );
1006 ASSERT_EFI_ERROR (Status);
1007
1008 Status = SmmAccess->GetCapabilities (SmmAccess, &Size, mSmramRanges);
1009 ASSERT_EFI_ERROR (Status);
1010
1011 mSmramRangeCount = Size / sizeof (EFI_SMRAM_DESCRIPTOR);
1012
1013 mVariableBufferPayloadSize = MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize)) +
1014 OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) - sizeof (VARIABLE_HEADER);
1015
1016 Status = gSmst->SmmAllocatePool (
1017 EfiRuntimeServicesData,
1018 mVariableBufferPayloadSize,
1019 (VOID **)&mVariableBufferPayload
1020 );
1021 ASSERT_EFI_ERROR (Status);
1022
1023 ///
1024 /// Register SMM variable SMI handler
1025 ///
1026 VariableHandle = NULL;
1027 Status = gSmst->SmiHandlerRegister (SmmVariableHandler, &gEfiSmmVariableProtocolGuid, &VariableHandle);
1028 ASSERT_EFI_ERROR (Status);
1029
1030 //
1031 // Notify the variable wrapper driver the variable service is ready
1032 //
1033 Status = SystemTable->BootServices->InstallProtocolInterface (
1034 &mVariableHandle,
1035 &gEfiSmmVariableProtocolGuid,
1036 EFI_NATIVE_INTERFACE,
1037 &gSmmVariable
1038 );
1039 ASSERT_EFI_ERROR (Status);
1040
1041 //
1042 // Register EFI_SMM_END_OF_DXE_PROTOCOL_GUID notify function.
1043 //
1044 Status = gSmst->SmmRegisterProtocolNotify (
1045 &gEfiSmmEndOfDxeProtocolGuid,
1046 SmmEndOfDxeCallback,
1047 &SmmEndOfDxeRegistration
1048 );
1049 ASSERT_EFI_ERROR (Status);
1050
1051 //
1052 // Register FtwNotificationEvent () notify function.
1053 //
1054 Status = gSmst->SmmRegisterProtocolNotify (
1055 &gEfiSmmFaultTolerantWriteProtocolGuid,
1056 SmmFtwNotificationEvent,
1057 &SmmFtwRegistration
1058 );
1059 ASSERT_EFI_ERROR (Status);
1060
1061 SmmFtwNotificationEvent (NULL, NULL, NULL);
1062
1063 return EFI_SUCCESS;
1064 }
1065
1066
EFI Development Kit II mirror for PVE