]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
1. Use the check IsAddressValid() to prevent SMM communication buffer overflow in...
[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / RuntimeDxe / VariableSmm.c
1 /** @file
2 The sample implementation for SMM variable protocol. And this driver
3 implements an SMI handler to communicate with the DXE runtime driver
4 to provide variable services.
5
6 Caution: This module requires additional review when modified.
7 This driver will have external input - variable data and communicate buffer in SMM mode.
8 This external input must be validated carefully to avoid security issue like
9 buffer overflow, integer overflow.
10
11 SmmVariableHandler() will receive untrusted input and do basic validation.
12
13 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(),
14 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
15 SmmVariableGetStatistics() should also do validation based on its own knowledge.
16
17 Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
18 This program and the accompanying materials
19 are licensed and made available under the terms and conditions of the BSD License
20 which accompanies this distribution. The full text of the license may be found at
21 http://opensource.org/licenses/bsd-license.php
22
23 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
24 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
25
26 **/
27
28 #include <Protocol/SmmVariable.h>
29 #include <Protocol/SmmFirmwareVolumeBlock.h>
30 #include <Protocol/SmmFaultTolerantWrite.h>
31 #include <Protocol/SmmAccess2.h>
32
33 #include <Library/SmmServicesTableLib.h>
34
35 #include <Guid/AuthenticatedVariableFormat.h>
36 #include <Guid/SmmVariableCommon.h>
37 #include "Variable.h"
38
39 EFI_SMRAM_DESCRIPTOR *mSmramRanges;
40 UINTN mSmramRangeCount;
41
42 extern VARIABLE_INFO_ENTRY *gVariableInfo;
43 EFI_HANDLE mSmmVariableHandle = NULL;
44 EFI_HANDLE mVariableHandle = NULL;
45 BOOLEAN mAtRuntime = FALSE;
46 EFI_GUID mZeroGuid = {0, 0, 0, {0, 0, 0, 0, 0, 0, 0, 0}};
47
48 EFI_SMM_VARIABLE_PROTOCOL gSmmVariable = {
49 VariableServiceGetVariable,
50 VariableServiceGetNextVariableName,
51 VariableServiceSetVariable,
52 VariableServiceQueryVariableInfo
53 };
54
55
56 /**
57 Return TRUE if ExitBootServices () has been called.
58
59 @retval TRUE If ExitBootServices () has been called.
60 **/
61 BOOLEAN
62 AtRuntime (
63 VOID
64 )
65 {
66 return mAtRuntime;
67 }
68
69 /**
70 This function check if the address is in SMRAM.
71
72 @param Buffer the buffer address to be checked.
73 @param Length the buffer length to be checked.
74
75 @retval TRUE this address is in SMRAM.
76 @retval FALSE this address is NOT in SMRAM.
77 **/
78 BOOLEAN
79 InternalIsAddressInSmram (
80 IN EFI_PHYSICAL_ADDRESS Buffer,
81 IN UINT64 Length
82 )
83 {
84 UINTN Index;
85
86 for (Index = 0; Index < mSmramRangeCount; Index ++) {
87 if (((Buffer >= mSmramRanges[Index].CpuStart) && (Buffer < mSmramRanges[Index].CpuStart + mSmramRanges[Index].PhysicalSize)) ||
88 ((mSmramRanges[Index].CpuStart >= Buffer) && (mSmramRanges[Index].CpuStart < Buffer + Length))) {
89 return TRUE;
90 }
91 }
92
93 return FALSE;
94 }
95
96 /**
97 This function check if the address refered by Buffer and Length is valid.
98
99 @param Buffer the buffer address to be checked.
100 @param Length the buffer length to be checked.
101
102 @retval TRUE this address is valid.
103 @retval FALSE this address is NOT valid.
104 **/
105 BOOLEAN
106 InternalIsAddressValid (
107 IN UINTN Buffer,
108 IN UINTN Length
109 )
110 {
111 if (Buffer > (MAX_ADDRESS - Length)) {
112 //
113 // Overflow happen
114 //
115 return FALSE;
116 }
117 if (InternalIsAddressInSmram ((EFI_PHYSICAL_ADDRESS)Buffer, (UINT64)Length)) {
118 return FALSE;
119 }
120 return TRUE;
121 }
122
123 /**
124 Initializes a basic mutual exclusion lock.
125
126 This function initializes a basic mutual exclusion lock to the released state
127 and returns the lock. Each lock provides mutual exclusion access at its task
128 priority level. Since there is no preemption or multiprocessor support in EFI,
129 acquiring the lock only consists of raising to the locks TPL.
130 If Lock is NULL, then ASSERT().
131 If Priority is not a valid TPL value, then ASSERT().
132
133 @param Lock A pointer to the lock data structure to initialize.
134 @param Priority EFI TPL is associated with the lock.
135
136 @return The lock.
137
138 **/
139 EFI_LOCK *
140 InitializeLock (
141 IN OUT EFI_LOCK *Lock,
142 IN EFI_TPL Priority
143 )
144 {
145 return Lock;
146 }
147
148 /**
149 Acquires lock only at boot time. Simply returns at runtime.
150
151 This is a temperary function that will be removed when
152 EfiAcquireLock() in UefiLib can handle the call in UEFI
153 Runtimer driver in RT phase.
154 It calls EfiAcquireLock() at boot time, and simply returns
155 at runtime.
156
157 @param Lock A pointer to the lock to acquire.
158
159 **/
160 VOID
161 AcquireLockOnlyAtBootTime (
162 IN EFI_LOCK *Lock
163 )
164 {
165
166 }
167
168
169 /**
170 Releases lock only at boot time. Simply returns at runtime.
171
172 This is a temperary function which will be removed when
173 EfiReleaseLock() in UefiLib can handle the call in UEFI
174 Runtimer driver in RT phase.
175 It calls EfiReleaseLock() at boot time and simply returns
176 at runtime.
177
178 @param Lock A pointer to the lock to release.
179
180 **/
181 VOID
182 ReleaseLockOnlyAtBootTime (
183 IN EFI_LOCK *Lock
184 )
185 {
186
187 }
188
189 /**
190 Retrive the SMM Fault Tolerent Write protocol interface.
191
192 @param[out] FtwProtocol The interface of SMM Ftw protocol
193
194 @retval EFI_SUCCESS The SMM FTW protocol instance was found and returned in FtwProtocol.
195 @retval EFI_NOT_FOUND The SMM FTW protocol instance was not found.
196 @retval EFI_INVALID_PARAMETER SarProtocol is NULL.
197
198 **/
199 EFI_STATUS
200 GetFtwProtocol (
201 OUT VOID **FtwProtocol
202 )
203 {
204 EFI_STATUS Status;
205
206 //
207 // Locate Smm Fault Tolerent Write protocol
208 //
209 Status = gSmst->SmmLocateProtocol (
210 &gEfiSmmFaultTolerantWriteProtocolGuid,
211 NULL,
212 FtwProtocol
213 );
214 return Status;
215 }
216
217
218 /**
219 Retrive the SMM FVB protocol interface by HANDLE.
220
221 @param[in] FvBlockHandle The handle of SMM FVB protocol that provides services for
222 reading, writing, and erasing the target block.
223 @param[out] FvBlock The interface of SMM FVB protocol
224
225 @retval EFI_SUCCESS The interface information for the specified protocol was returned.
226 @retval EFI_UNSUPPORTED The device does not support the SMM FVB protocol.
227 @retval EFI_INVALID_PARAMETER FvBlockHandle is not a valid EFI_HANDLE or FvBlock is NULL.
228
229 **/
230 EFI_STATUS
231 GetFvbByHandle (
232 IN EFI_HANDLE FvBlockHandle,
233 OUT EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL **FvBlock
234 )
235 {
236 //
237 // To get the SMM FVB protocol interface on the handle
238 //
239 return gSmst->SmmHandleProtocol (
240 FvBlockHandle,
241 &gEfiSmmFirmwareVolumeBlockProtocolGuid,
242 (VOID **) FvBlock
243 );
244 }
245
246
247 /**
248 Function returns an array of handles that support the SMM FVB protocol
249 in a buffer allocated from pool.
250
251 @param[out] NumberHandles The number of handles returned in Buffer.
252 @param[out] Buffer A pointer to the buffer to return the requested
253 array of handles that support SMM FVB protocol.
254
255 @retval EFI_SUCCESS The array of handles was returned in Buffer, and the number of
256 handles in Buffer was returned in NumberHandles.
257 @retval EFI_NOT_FOUND No SMM FVB handle was found.
258 @retval EFI_OUT_OF_RESOURCES There is not enough pool memory to store the matching results.
259 @retval EFI_INVALID_PARAMETER NumberHandles is NULL or Buffer is NULL.
260
261 **/
262 EFI_STATUS
263 GetFvbCountAndBuffer (
264 OUT UINTN *NumberHandles,
265 OUT EFI_HANDLE **Buffer
266 )
267 {
268 EFI_STATUS Status;
269 UINTN BufferSize;
270
271 if ((NumberHandles == NULL) || (Buffer == NULL)) {
272 return EFI_INVALID_PARAMETER;
273 }
274
275 BufferSize = 0;
276 *NumberHandles = 0;
277 *Buffer = NULL;
278 Status = gSmst->SmmLocateHandle (
279 ByProtocol,
280 &gEfiSmmFirmwareVolumeBlockProtocolGuid,
281 NULL,
282 &BufferSize,
283 *Buffer
284 );
285 if (EFI_ERROR(Status) && Status != EFI_BUFFER_TOO_SMALL) {
286 return EFI_NOT_FOUND;
287 }
288
289 *Buffer = AllocatePool (BufferSize);
290 if (*Buffer == NULL) {
291 return EFI_OUT_OF_RESOURCES;
292 }
293
294 Status = gSmst->SmmLocateHandle (
295 ByProtocol,
296 &gEfiSmmFirmwareVolumeBlockProtocolGuid,
297 NULL,
298 &BufferSize,
299 *Buffer
300 );
301
302 *NumberHandles = BufferSize / sizeof(EFI_HANDLE);
303 if (EFI_ERROR(Status)) {
304 *NumberHandles = 0;
305 }
306
307 return Status;
308 }
309
310
311 /**
312 Get the variable statistics information from the information buffer pointed by gVariableInfo.
313
314 Caution: This function may be invoked at SMM runtime.
315 InfoEntry and InfoSize are external input. Care must be taken to make sure not security issue at runtime.
316
317 @param[in, out] InfoEntry A pointer to the buffer of variable information entry.
318 On input, point to the variable information returned last time. if
319 InfoEntry->VendorGuid is zero, return the first information.
320 On output, point to the next variable information.
321 @param[in, out] InfoSize On input, the size of the variable information buffer.
322 On output, the returned variable information size.
323
324 @retval EFI_SUCCESS The variable information is found and returned successfully.
325 @retval EFI_UNSUPPORTED No variable inoformation exists in variable driver. The
326 PcdVariableCollectStatistics should be set TRUE to support it.
327 @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the next variable information.
328 @retval EFI_INVALID_PARAMETER Input parameter is invalid.
329
330 **/
331 EFI_STATUS
332 SmmVariableGetStatistics (
333 IN OUT VARIABLE_INFO_ENTRY *InfoEntry,
334 IN OUT UINTN *InfoSize
335 )
336 {
337 VARIABLE_INFO_ENTRY *VariableInfo;
338 UINTN NameLength;
339 UINTN StatisticsInfoSize;
340 CHAR16 *InfoName;
341
342 if (InfoEntry == NULL) {
343 return EFI_INVALID_PARAMETER;
344 }
345
346 VariableInfo = gVariableInfo;
347 if (VariableInfo == NULL) {
348 return EFI_UNSUPPORTED;
349 }
350
351 StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + StrSize (VariableInfo->Name);
352 if (*InfoSize < StatisticsInfoSize) {
353 *InfoSize = StatisticsInfoSize;
354 return EFI_BUFFER_TOO_SMALL;
355 }
356 InfoName = (CHAR16 *)(InfoEntry + 1);
357
358 if (CompareGuid (&InfoEntry->VendorGuid, &mZeroGuid)) {
359 //
360 // Return the first variable info
361 //
362 CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY));
363 CopyMem (InfoName, VariableInfo->Name, StrSize (VariableInfo->Name));
364 *InfoSize = StatisticsInfoSize;
365 return EFI_SUCCESS;
366 }
367
368 //
369 // Get the next variable info
370 //
371 while (VariableInfo != NULL) {
372 if (CompareGuid (&VariableInfo->VendorGuid, &InfoEntry->VendorGuid)) {
373 NameLength = StrSize (VariableInfo->Name);
374 if (NameLength == StrSize (InfoName)) {
375 if (CompareMem (VariableInfo->Name, InfoName, NameLength) == 0) {
376 //
377 // Find the match one
378 //
379 VariableInfo = VariableInfo->Next;
380 break;
381 }
382 }
383 }
384 VariableInfo = VariableInfo->Next;
385 };
386
387 if (VariableInfo == NULL) {
388 *InfoSize = 0;
389 return EFI_SUCCESS;
390 }
391
392 //
393 // Output the new variable info
394 //
395 StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + StrSize (VariableInfo->Name);
396 if (*InfoSize < StatisticsInfoSize) {
397 *InfoSize = StatisticsInfoSize;
398 return EFI_BUFFER_TOO_SMALL;
399 }
400
401 CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY));
402 CopyMem (InfoName, VariableInfo->Name, StrSize (VariableInfo->Name));
403 *InfoSize = StatisticsInfoSize;
404
405 return EFI_SUCCESS;
406 }
407
408
409 /**
410 Communication service SMI Handler entry.
411
412 This SMI handler provides services for the variable wrapper driver.
413
414 Caution: This function may receive untrusted input.
415 This variable data and communicate buffer are external input, so this function will do basic validation.
416 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(),
417 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
418 SmmVariableGetStatistics() should also do validation based on its own knowledge.
419
420 @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().
421 @param[in] RegisterContext Points to an optional handler context which was specified when the
422 handler was registered.
423 @param[in, out] CommBuffer A pointer to a collection of data in memory that will
424 be conveyed from a non-SMM environment into an SMM environment.
425 @param[in, out] CommBufferSize The size of the CommBuffer.
426
427 @retval EFI_SUCCESS The interrupt was handled and quiesced. No other handlers
428 should still be called.
429 @retval EFI_WARN_INTERRUPT_SOURCE_QUIESCED The interrupt has been quiesced but other handlers should
430 still be called.
431 @retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still pending and other handlers should still
432 be called.
433 @retval EFI_INTERRUPT_PENDING The interrupt could not be quiesced.
434
435 **/
436 EFI_STATUS
437 EFIAPI
438 SmmVariableHandler (
439 IN EFI_HANDLE DispatchHandle,
440 IN CONST VOID *RegisterContext,
441 IN OUT VOID *CommBuffer,
442 IN OUT UINTN *CommBufferSize
443 )
444 {
445 EFI_STATUS Status;
446 SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHeader;
447 SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *SmmVariableHeader;
448 SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *GetNextVariableName;
449 SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *QueryVariableInfo;
450 VARIABLE_INFO_ENTRY *VariableInfo;
451 UINTN InfoSize;
452 UINTN NameBufferSize;
453
454 //
455 // If input is invalid, stop processing this SMI
456 //
457 if (CommBuffer == NULL || CommBufferSize == NULL) {
458 return EFI_SUCCESS;
459 }
460
461 if (*CommBufferSize < SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {
462 return EFI_SUCCESS;
463 }
464
465 if (!InternalIsAddressValid ((UINTN)CommBuffer, *CommBufferSize)) {
466 DEBUG ((EFI_D_ERROR, "SMM communication buffer in SMRAM or overflow!\n"));
467 return EFI_SUCCESS;
468 }
469
470 SmmVariableFunctionHeader = (SMM_VARIABLE_COMMUNICATE_HEADER *)CommBuffer;
471
472 switch (SmmVariableFunctionHeader->Function) {
473 case SMM_VARIABLE_FUNCTION_GET_VARIABLE:
474 SmmVariableHeader = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *) SmmVariableFunctionHeader->Data;
475 if (((UINTN)(~0) - SmmVariableHeader->DataSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) ||
476 ((UINTN)(~0) - SmmVariableHeader->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + SmmVariableHeader->DataSize)) {
477 //
478 // Prevent InfoSize overflow happen
479 //
480 Status = EFI_ACCESS_DENIED;
481 goto EXIT;
482 }
483 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)
484 + SmmVariableHeader->DataSize + SmmVariableHeader->NameSize;
485
486 //
487 // SMRAM range check already covered before
488 //
489 if (InfoSize > *CommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {
490 DEBUG ((EFI_D_ERROR, "Data size exceed communication buffer size limit!\n"));
491 Status = EFI_ACCESS_DENIED;
492 goto EXIT;
493 }
494
495 if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {
496 //
497 // Make sure VariableName is A Null-terminated string.
498 //
499 Status = EFI_ACCESS_DENIED;
500 goto EXIT;
501 }
502
503 Status = VariableServiceGetVariable (
504 SmmVariableHeader->Name,
505 &SmmVariableHeader->Guid,
506 &SmmVariableHeader->Attributes,
507 &SmmVariableHeader->DataSize,
508 (UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->NameSize
509 );
510 break;
511
512 case SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME:
513 GetNextVariableName = (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *) SmmVariableFunctionHeader->Data;
514 if ((UINTN)(~0) - GetNextVariableName->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {
515 //
516 // Prevent InfoSize overflow happen
517 //
518 Status = EFI_ACCESS_DENIED;
519 goto EXIT;
520 }
521 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name) + GetNextVariableName->NameSize;
522
523 //
524 // SMRAM range check already covered before
525 //
526 if (InfoSize > *CommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {
527 DEBUG ((EFI_D_ERROR, "Data size exceed communication buffer size limit!\n"));
528 Status = EFI_ACCESS_DENIED;
529 goto EXIT;
530 }
531
532 NameBufferSize = *CommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE - OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name);
533 if (NameBufferSize < sizeof (CHAR16) || GetNextVariableName->Name[NameBufferSize/sizeof (CHAR16) - 1] != L'\0') {
534 //
535 // Make sure input VariableName is A Null-terminated string.
536 //
537 Status = EFI_ACCESS_DENIED;
538 goto EXIT;
539 }
540
541 Status = VariableServiceGetNextVariableName (
542 &GetNextVariableName->NameSize,
543 GetNextVariableName->Name,
544 &GetNextVariableName->Guid
545 );
546 break;
547
548 case SMM_VARIABLE_FUNCTION_SET_VARIABLE:
549 SmmVariableHeader = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *) SmmVariableFunctionHeader->Data;
550 if (((UINTN)(~0) - SmmVariableHeader->DataSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) ||
551 ((UINTN)(~0) - SmmVariableHeader->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + SmmVariableHeader->DataSize)) {
552 //
553 // Prevent InfoSize overflow happen
554 //
555 Status = EFI_ACCESS_DENIED;
556 goto EXIT;
557 }
558 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)
559 + SmmVariableHeader->DataSize + SmmVariableHeader->NameSize;
560
561 //
562 // SMRAM range check already covered before
563 // Data buffer should not contain SMM range
564 //
565 if (InfoSize > *CommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {
566 DEBUG ((EFI_D_ERROR, "Data size exceed communication buffer size limit!\n"));
567 Status = EFI_ACCESS_DENIED;
568 goto EXIT;
569 }
570
571 if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {
572 //
573 // Make sure VariableName is A Null-terminated string.
574 //
575 Status = EFI_ACCESS_DENIED;
576 goto EXIT;
577 }
578
579 Status = VariableServiceSetVariable (
580 SmmVariableHeader->Name,
581 &SmmVariableHeader->Guid,
582 SmmVariableHeader->Attributes,
583 SmmVariableHeader->DataSize,
584 (UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->NameSize
585 );
586 break;
587
588 case SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO:
589 QueryVariableInfo = (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *) SmmVariableFunctionHeader->Data;
590 InfoSize = sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO);
591
592 //
593 // SMRAM range check already covered before
594 //
595 if (InfoSize > *CommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {
596 DEBUG ((EFI_D_ERROR, "Data size exceed communication buffer size limit!\n"));
597 Status = EFI_ACCESS_DENIED;
598 goto EXIT;
599 }
600
601 Status = VariableServiceQueryVariableInfo (
602 QueryVariableInfo->Attributes,
603 &QueryVariableInfo->MaximumVariableStorageSize,
604 &QueryVariableInfo->RemainingVariableStorageSize,
605 &QueryVariableInfo->MaximumVariableSize
606 );
607 break;
608
609 case SMM_VARIABLE_FUNCTION_READY_TO_BOOT:
610 if (AtRuntime()) {
611 Status = EFI_UNSUPPORTED;
612 break;
613 }
614 ReclaimForOS ();
615 Status = EFI_SUCCESS;
616 break;
617
618 case SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE:
619 mAtRuntime = TRUE;
620 Status = EFI_SUCCESS;
621 break;
622
623 case SMM_VARIABLE_FUNCTION_GET_STATISTICS:
624 VariableInfo = (VARIABLE_INFO_ENTRY *) SmmVariableFunctionHeader->Data;
625 InfoSize = *CommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
626
627 //
628 // Do not need to check SmmVariableFunctionHeader->Data in SMRAM here.
629 // It is covered by previous CommBuffer check
630 //
631
632 if (InternalIsAddressInSmram ((EFI_PHYSICAL_ADDRESS)(UINTN)CommBufferSize, sizeof(UINTN))) {
633 DEBUG ((EFI_D_ERROR, "SMM communication buffer in SMRAM!\n"));
634 Status = EFI_ACCESS_DENIED;
635 goto EXIT;
636 }
637
638 Status = SmmVariableGetStatistics (VariableInfo, &InfoSize);
639 *CommBufferSize = InfoSize + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
640 break;
641
642 default:
643 Status = EFI_UNSUPPORTED;
644 }
645
646 EXIT:
647
648 SmmVariableFunctionHeader->ReturnStatus = Status;
649 return EFI_SUCCESS;
650 }
651
652
653 /**
654 SMM Fault Tolerant Write protocol notification event handler.
655
656 Non-Volatile variable write may needs FTW protocol to reclaim when
657 writting variable.
658
659 @param Protocol Points to the protocol's unique identifier
660 @param Interface Points to the interface instance
661 @param Handle The handle on which the interface was installed
662
663 @retval EFI_SUCCESS SmmEventCallback runs successfully
664 @retval EFI_NOT_FOUND The Fvb protocol for variable is not found.
665
666 **/
667 EFI_STATUS
668 EFIAPI
669 SmmFtwNotificationEvent (
670 IN CONST EFI_GUID *Protocol,
671 IN VOID *Interface,
672 IN EFI_HANDLE Handle
673 )
674 {
675 EFI_STATUS Status;
676 EFI_SMM_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbProtocol;
677 EFI_SMM_FAULT_TOLERANT_WRITE_PROTOCOL *FtwProtocol;
678 EFI_PHYSICAL_ADDRESS NvStorageVariableBase;
679
680 if (mVariableModuleGlobal->FvbInstance != NULL) {
681 return EFI_SUCCESS;
682 }
683
684 //
685 // Ensure SMM FTW protocol is installed.
686 //
687 Status = GetFtwProtocol ((VOID **)&FtwProtocol);
688 if (EFI_ERROR (Status)) {
689 return Status;
690 }
691
692 //
693 // Find the proper FVB protocol for variable.
694 //
695 NvStorageVariableBase = (EFI_PHYSICAL_ADDRESS) PcdGet64 (PcdFlashNvStorageVariableBase64);
696 if (NvStorageVariableBase == 0) {
697 NvStorageVariableBase = (EFI_PHYSICAL_ADDRESS) PcdGet32 (PcdFlashNvStorageVariableBase);
698 }
699 Status = GetFvbInfoByAddress (NvStorageVariableBase, NULL, &FvbProtocol);
700 if (EFI_ERROR (Status)) {
701 return EFI_NOT_FOUND;
702 }
703
704 mVariableModuleGlobal->FvbInstance = FvbProtocol;
705
706 Status = VariableWriteServiceInitialize ();
707 ASSERT_EFI_ERROR (Status);
708
709 //
710 // Notify the variable wrapper driver the variable write service is ready
711 //
712 Status = gBS->InstallProtocolInterface (
713 &mSmmVariableHandle,
714 &gSmmVariableWriteGuid,
715 EFI_NATIVE_INTERFACE,
716 NULL
717 );
718 ASSERT_EFI_ERROR (Status);
719
720 return EFI_SUCCESS;
721 }
722
723
724 /**
725 Variable Driver main entry point. The Variable driver places the 4 EFI
726 runtime services in the EFI System Table and installs arch protocols
727 for variable read and write services being available. It also registers
728 a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
729
730 @param[in] ImageHandle The firmware allocated handle for the EFI image.
731 @param[in] SystemTable A pointer to the EFI System Table.
732
733 @retval EFI_SUCCESS Variable service successfully initialized.
734
735 **/
736 EFI_STATUS
737 EFIAPI
738 VariableServiceInitialize (
739 IN EFI_HANDLE ImageHandle,
740 IN EFI_SYSTEM_TABLE *SystemTable
741 )
742 {
743 EFI_STATUS Status;
744 EFI_HANDLE VariableHandle;
745 VOID *SmmFtwRegistration;
746 EFI_SMM_ACCESS2_PROTOCOL *SmmAccess;
747 UINTN Size;
748
749 //
750 // Variable initialize.
751 //
752 Status = VariableCommonInitialize ();
753 ASSERT_EFI_ERROR (Status);
754
755 //
756 // Install the Smm Variable Protocol on a new handle.
757 //
758 VariableHandle = NULL;
759 Status = gSmst->SmmInstallProtocolInterface (
760 &VariableHandle,
761 &gEfiSmmVariableProtocolGuid,
762 EFI_NATIVE_INTERFACE,
763 &gSmmVariable
764 );
765 ASSERT_EFI_ERROR (Status);
766
767 //
768 // Get SMRAM information
769 //
770 Status = gBS->LocateProtocol (&gEfiSmmAccess2ProtocolGuid, NULL, (VOID **)&SmmAccess);
771 ASSERT_EFI_ERROR (Status);
772
773 Size = 0;
774 Status = SmmAccess->GetCapabilities (SmmAccess, &Size, NULL);
775 ASSERT (Status == EFI_BUFFER_TOO_SMALL);
776
777 Status = gSmst->SmmAllocatePool (
778 EfiRuntimeServicesData,
779 Size,
780 (VOID **)&mSmramRanges
781 );
782 ASSERT_EFI_ERROR (Status);
783
784 Status = SmmAccess->GetCapabilities (SmmAccess, &Size, mSmramRanges);
785 ASSERT_EFI_ERROR (Status);
786
787 mSmramRangeCount = Size / sizeof (EFI_SMRAM_DESCRIPTOR);
788
789 ///
790 /// Register SMM variable SMI handler
791 ///
792 VariableHandle = NULL;
793 Status = gSmst->SmiHandlerRegister (SmmVariableHandler, &gEfiSmmVariableProtocolGuid, &VariableHandle);
794 ASSERT_EFI_ERROR (Status);
795
796 //
797 // Notify the variable wrapper driver the variable service is ready
798 //
799 Status = SystemTable->BootServices->InstallProtocolInterface (
800 &mVariableHandle,
801 &gEfiSmmVariableProtocolGuid,
802 EFI_NATIVE_INTERFACE,
803 &gSmmVariable
804 );
805 ASSERT_EFI_ERROR (Status);
806
807 //
808 // Register FtwNotificationEvent () notify function.
809 //
810 Status = gSmst->SmmRegisterProtocolNotify (
811 &gEfiSmmFaultTolerantWriteProtocolGuid,
812 SmmFtwNotificationEvent,
813 &SmmFtwRegistration
814 );
815 ASSERT_EFI_ERROR (Status);
816
817 SmmFtwNotificationEvent (NULL, NULL, NULL);
818
819 return EFI_SUCCESS;
820 }
821
822
EFI Development Kit II mirror for PVE