2 Instance of MM memory check library.
4 MM memory check library library implementation. This library consumes MM_ACCESS_PROTOCOL
5 to get MMRAM information. In order to use this library instance, the platform should produce
6 all MMRAM range via MM_ACCESS_PROTOCOL, including the range for firmware (like MM Core
7 and MM driver) and/or specific dedicated hardware.
9 Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
10 Copyright (c) 2016 - 2018, ARM Limited. All rights reserved.<BR>
12 This program and the accompanying materials
13 are licensed and made available under the terms and conditions of the BSD License
14 which accompanies this distribution. The full text of the license may be found at
15 http://opensource.org/licenses/bsd-license.php
17 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
18 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
25 #include <Library/BaseLib.h>
26 #include <Library/BaseMemoryLib.h>
27 #include <Library/DebugLib.h>
29 EFI_MMRAM_DESCRIPTOR
*mMmMemLibInternalMmramRanges
;
30 UINTN mMmMemLibInternalMmramCount
;
33 // Maximum support address used to check input buffer
35 EFI_PHYSICAL_ADDRESS mMmMemLibInternalMaximumSupportAddress
= 0;
38 Calculate and save the maximum support address.
42 MmMemLibInternalCalculateMaximumSupportAddress (
47 This function check if the buffer is valid per processor architecture and not overlap with MMRAM.
49 @param Buffer The buffer start address to be checked.
50 @param Length The buffer length to be checked.
52 @retval TRUE This buffer is valid per processor architecture and not overlap with MMRAM.
53 @retval FALSE This buffer is not valid per processor architecture or overlap with MMRAM.
57 MmIsBufferOutsideMmValid (
58 IN EFI_PHYSICAL_ADDRESS Buffer
,
66 // NOTE: (B:0->L:4G) is invalid for IA32, but (B:1->L:4G-1)/(B:4G-1->L:1) is valid.
68 if ((Length
> mMmMemLibInternalMaximumSupportAddress
) ||
69 (Buffer
> mMmMemLibInternalMaximumSupportAddress
) ||
70 ((Length
!= 0) && (Buffer
> (mMmMemLibInternalMaximumSupportAddress
- (Length
- 1)))) ) {
76 "MmIsBufferOutsideMmValid: Overflow: Buffer (0x%lx) - Length (0x%lx), MaximumSupportAddress (0x%lx)\n",
79 mMmMemLibInternalMaximumSupportAddress
84 for (Index
= 0; Index
< mMmMemLibInternalMmramCount
; Index
++) {
85 if (((Buffer
>= mMmMemLibInternalMmramRanges
[Index
].CpuStart
) &&
86 (Buffer
< mMmMemLibInternalMmramRanges
[Index
].CpuStart
+ mMmMemLibInternalMmramRanges
[Index
].PhysicalSize
)) ||
87 ((mMmMemLibInternalMmramRanges
[Index
].CpuStart
>= Buffer
) &&
88 (mMmMemLibInternalMmramRanges
[Index
].CpuStart
< Buffer
+ Length
))) {
91 "MmIsBufferOutsideMmValid: Overlap: Buffer (0x%lx) - Length (0x%lx), ",
97 "CpuStart (0x%lx) - PhysicalSize (0x%lx)\n",
98 mMmMemLibInternalMmramRanges
[Index
].CpuStart
,
99 mMmMemLibInternalMmramRanges
[Index
].PhysicalSize
109 Copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).
111 This function copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).
112 It checks if source buffer is valid per processor architecture and not overlap with MMRAM.
113 If the check passes, it copies memory and returns EFI_SUCCESS.
114 If the check fails, it return EFI_SECURITY_VIOLATION.
115 The implementation must be reentrant.
117 @param DestinationBuffer The pointer to the destination buffer of the memory copy.
118 @param SourceBuffer The pointer to the source buffer of the memory copy.
119 @param Length The number of bytes to copy from SourceBuffer to DestinationBuffer.
121 @retval EFI_SECURITY_VIOLATION The SourceBuffer is invalid per processor architecture or overlap with MMRAM.
122 @retval EFI_SUCCESS Memory is copied.
128 OUT VOID
*DestinationBuffer
,
129 IN CONST VOID
*SourceBuffer
,
133 if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS
)(UINTN
)SourceBuffer
, Length
)) {
134 DEBUG ((DEBUG_ERROR
, "MmCopyMemToMmram: Security Violation: Source (0x%x), Length (0x%x)\n", SourceBuffer
, Length
));
135 return EFI_SECURITY_VIOLATION
;
137 CopyMem (DestinationBuffer
, SourceBuffer
, Length
);
142 Copies a source buffer (MMRAM) to a destination buffer (NON-MMRAM).
144 This function copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).
145 It checks if destination buffer is valid per processor architecture and not overlap with MMRAM.
146 If the check passes, it copies memory and returns EFI_SUCCESS.
147 If the check fails, it returns EFI_SECURITY_VIOLATION.
148 The implementation must be reentrant.
150 @param DestinationBuffer The pointer to the destination buffer of the memory copy.
151 @param SourceBuffer The pointer to the source buffer of the memory copy.
152 @param Length The number of bytes to copy from SourceBuffer to DestinationBuffer.
154 @retval EFI_SECURITY_VIOLATION The DesinationBuffer is invalid per processor architecture or overlap with MMRAM.
155 @retval EFI_SUCCESS Memory is copied.
161 OUT VOID
*DestinationBuffer
,
162 IN CONST VOID
*SourceBuffer
,
166 if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS
)(UINTN
)DestinationBuffer
, Length
)) {
167 DEBUG ((DEBUG_ERROR
, "MmCopyMemFromMmram: Security Violation: Destination (0x%x), Length (0x%x)\n",
168 DestinationBuffer
, Length
));
169 return EFI_SECURITY_VIOLATION
;
171 CopyMem (DestinationBuffer
, SourceBuffer
, Length
);
176 Copies a source buffer (NON-MMRAM) to a destination buffer (NON-MMRAM).
178 This function copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).
179 It checks if source buffer and destination buffer are valid per processor architecture and not overlap with MMRAM.
180 If the check passes, it copies memory and returns EFI_SUCCESS.
181 If the check fails, it returns EFI_SECURITY_VIOLATION.
182 The implementation must be reentrant, and it must handle the case where source buffer overlaps destination buffer.
184 @param DestinationBuffer The pointer to the destination buffer of the memory copy.
185 @param SourceBuffer The pointer to the source buffer of the memory copy.
186 @param Length The number of bytes to copy from SourceBuffer to DestinationBuffer.
188 @retval EFI_SECURITY_VIOLATION The DesinationBuffer is invalid per processor architecture or overlap with MMRAM.
189 @retval EFI_SECURITY_VIOLATION The SourceBuffer is invalid per processor architecture or overlap with MMRAM.
190 @retval EFI_SUCCESS Memory is copied.
196 OUT VOID
*DestinationBuffer
,
197 IN CONST VOID
*SourceBuffer
,
201 if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS
)(UINTN
)DestinationBuffer
, Length
)) {
202 DEBUG ((DEBUG_ERROR
, "MmCopyMem: Security Violation: Destination (0x%x), Length (0x%x)\n",
203 DestinationBuffer
, Length
));
204 return EFI_SECURITY_VIOLATION
;
206 if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS
)(UINTN
)SourceBuffer
, Length
)) {
207 DEBUG ((DEBUG_ERROR
, "MmCopyMem: Security Violation: Source (0x%x), Length (0x%x)\n", SourceBuffer
, Length
));
208 return EFI_SECURITY_VIOLATION
;
210 CopyMem (DestinationBuffer
, SourceBuffer
, Length
);
215 Fills a target buffer (NON-MMRAM) with a byte value.
217 This function fills a target buffer (non-MMRAM) with a byte value.
218 It checks if target buffer is valid per processor architecture and not overlap with MMRAM.
219 If the check passes, it fills memory and returns EFI_SUCCESS.
220 If the check fails, it returns EFI_SECURITY_VIOLATION.
222 @param Buffer The memory to set.
223 @param Length The number of bytes to set.
224 @param Value The value with which to fill Length bytes of Buffer.
226 @retval EFI_SECURITY_VIOLATION The Buffer is invalid per processor architecture or overlap with MMRAM.
227 @retval EFI_SUCCESS Memory is set.
238 if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS
)(UINTN
)Buffer
, Length
)) {
239 DEBUG ((DEBUG_ERROR
, "MmSetMem: Security Violation: Source (0x%x), Length (0x%x)\n", Buffer
, Length
));
240 return EFI_SECURITY_VIOLATION
;
242 SetMem (Buffer
, Length
, Value
);
247 The constructor function initializes the Mm Mem library
249 @param ImageHandle The firmware allocated handle for the EFI image.
250 @param SystemTable A pointer to the EFI System Table.
252 @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS.
258 IN EFI_HANDLE ImageHandle
,
259 IN EFI_MM_SYSTEM_TABLE
*MmSystemTable
264 // Calculate and save maximum support address
266 MmMemLibInternalCalculateMaximumSupportAddress ();