2 Instance of MM memory check library.
4 MM memory check library implementation. This library consumes MM_ACCESS_PROTOCOL
5 to get MMRAM information. In order to use this library instance, the platform should produce
6 all MMRAM range via MM_ACCESS_PROTOCOL, including the range for firmware (like MM Core
7 and MM driver) and/or specific dedicated hardware.
9 Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
10 Copyright (c) 2016 - 2021, Arm Limited. All rights reserved.<BR>
12 SPDX-License-Identifier: BSD-2-Clause-Patent
18 #include <Library/BaseLib.h>
19 #include <Library/BaseMemoryLib.h>
20 #include <Library/DebugLib.h>
22 EFI_MMRAM_DESCRIPTOR
*mMmMemLibInternalMmramRanges
;
23 UINTN mMmMemLibInternalMmramCount
;
26 // Maximum support address used to check input buffer
28 EFI_PHYSICAL_ADDRESS mMmMemLibInternalMaximumSupportAddress
= 0;
31 Calculate and save the maximum support address.
35 MmMemLibInternalCalculateMaximumSupportAddress (
40 Initialize cached Mmram Ranges from HOB.
42 @retval EFI_UNSUPPORTED The routine is unable to extract MMRAM information.
43 @retval EFI_SUCCESS MmRanges are populated successfully.
47 MmMemLibInternalPopulateMmramRanges (
52 Deinitialize cached Mmram Ranges.
56 MmMemLibInternalFreeMmramRanges (
61 This function check if the buffer is valid per processor architecture and not overlap with MMRAM.
63 @param Buffer The buffer start address to be checked.
64 @param Length The buffer length to be checked.
66 @retval TRUE This buffer is valid per processor architecture and not overlap with MMRAM.
67 @retval FALSE This buffer is not valid per processor architecture or overlap with MMRAM.
71 MmIsBufferOutsideMmValid (
72 IN EFI_PHYSICAL_ADDRESS Buffer
,
80 // NOTE: (B:0->L:4G) is invalid for IA32, but (B:1->L:4G-1)/(B:4G-1->L:1) is valid.
82 if ((Length
> mMmMemLibInternalMaximumSupportAddress
) ||
83 (Buffer
> mMmMemLibInternalMaximumSupportAddress
) ||
84 ((Length
!= 0) && (Buffer
> (mMmMemLibInternalMaximumSupportAddress
- (Length
- 1)))))
91 "MmIsBufferOutsideMmValid: Overflow: Buffer (0x%lx) - Length (0x%lx), MaximumSupportAddress (0x%lx)\n",
94 mMmMemLibInternalMaximumSupportAddress
99 for (Index
= 0; Index
< mMmMemLibInternalMmramCount
; Index
++) {
100 if (((Buffer
>= mMmMemLibInternalMmramRanges
[Index
].CpuStart
) &&
101 (Buffer
< mMmMemLibInternalMmramRanges
[Index
].CpuStart
+ mMmMemLibInternalMmramRanges
[Index
].PhysicalSize
)) ||
102 ((mMmMemLibInternalMmramRanges
[Index
].CpuStart
>= Buffer
) &&
103 (mMmMemLibInternalMmramRanges
[Index
].CpuStart
< Buffer
+ Length
)))
107 "MmIsBufferOutsideMmValid: Overlap: Buffer (0x%lx) - Length (0x%lx), ",
113 "CpuStart (0x%lx) - PhysicalSize (0x%lx)\n",
114 mMmMemLibInternalMmramRanges
[Index
].CpuStart
,
115 mMmMemLibInternalMmramRanges
[Index
].PhysicalSize
125 Copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).
127 This function copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).
128 It checks if source buffer is valid per processor architecture and not overlap with MMRAM.
129 If the check passes, it copies memory and returns EFI_SUCCESS.
130 If the check fails, it return EFI_SECURITY_VIOLATION.
131 The implementation must be reentrant.
133 @param DestinationBuffer The pointer to the destination buffer of the memory copy.
134 @param SourceBuffer The pointer to the source buffer of the memory copy.
135 @param Length The number of bytes to copy from SourceBuffer to DestinationBuffer.
137 @retval EFI_SECURITY_VIOLATION The SourceBuffer is invalid per processor architecture or overlap with MMRAM.
138 @retval EFI_SUCCESS Memory is copied.
144 OUT VOID
*DestinationBuffer
,
145 IN CONST VOID
*SourceBuffer
,
149 if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS
)(UINTN
)SourceBuffer
, Length
)) {
150 DEBUG ((DEBUG_ERROR
, "MmCopyMemToMmram: Security Violation: Source (0x%x), Length (0x%x)\n", SourceBuffer
, Length
));
151 return EFI_SECURITY_VIOLATION
;
154 CopyMem (DestinationBuffer
, SourceBuffer
, Length
);
159 Copies a source buffer (MMRAM) to a destination buffer (NON-MMRAM).
161 This function copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).
162 It checks if destination buffer is valid per processor architecture and not overlap with MMRAM.
163 If the check passes, it copies memory and returns EFI_SUCCESS.
164 If the check fails, it returns EFI_SECURITY_VIOLATION.
165 The implementation must be reentrant.
167 @param DestinationBuffer The pointer to the destination buffer of the memory copy.
168 @param SourceBuffer The pointer to the source buffer of the memory copy.
169 @param Length The number of bytes to copy from SourceBuffer to DestinationBuffer.
171 @retval EFI_SECURITY_VIOLATION The DestinationBuffer is invalid per processor architecture or overlap with MMRAM.
172 @retval EFI_SUCCESS Memory is copied.
178 OUT VOID
*DestinationBuffer
,
179 IN CONST VOID
*SourceBuffer
,
183 if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS
)(UINTN
)DestinationBuffer
, Length
)) {
186 "MmCopyMemFromMmram: Security Violation: Destination (0x%x), Length (0x%x)\n",
190 return EFI_SECURITY_VIOLATION
;
193 CopyMem (DestinationBuffer
, SourceBuffer
, Length
);
198 Copies a source buffer (NON-MMRAM) to a destination buffer (NON-MMRAM).
200 This function copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).
201 It checks if source buffer and destination buffer are valid per processor architecture and not overlap with MMRAM.
202 If the check passes, it copies memory and returns EFI_SUCCESS.
203 If the check fails, it returns EFI_SECURITY_VIOLATION.
204 The implementation must be reentrant, and it must handle the case where source buffer overlaps destination buffer.
206 @param DestinationBuffer The pointer to the destination buffer of the memory copy.
207 @param SourceBuffer The pointer to the source buffer of the memory copy.
208 @param Length The number of bytes to copy from SourceBuffer to DestinationBuffer.
210 @retval EFI_SECURITY_VIOLATION The DestinationBuffer is invalid per processor architecture or overlap with MMRAM.
211 @retval EFI_SECURITY_VIOLATION The SourceBuffer is invalid per processor architecture or overlap with MMRAM.
212 @retval EFI_SUCCESS Memory is copied.
218 OUT VOID
*DestinationBuffer
,
219 IN CONST VOID
*SourceBuffer
,
223 if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS
)(UINTN
)DestinationBuffer
, Length
)) {
226 "MmCopyMem: Security Violation: Destination (0x%x), Length (0x%x)\n",
230 return EFI_SECURITY_VIOLATION
;
233 if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS
)(UINTN
)SourceBuffer
, Length
)) {
234 DEBUG ((DEBUG_ERROR
, "MmCopyMem: Security Violation: Source (0x%x), Length (0x%x)\n", SourceBuffer
, Length
));
235 return EFI_SECURITY_VIOLATION
;
238 CopyMem (DestinationBuffer
, SourceBuffer
, Length
);
243 Fills a target buffer (NON-MMRAM) with a byte value.
245 This function fills a target buffer (non-MMRAM) with a byte value.
246 It checks if target buffer is valid per processor architecture and not overlap with MMRAM.
247 If the check passes, it fills memory and returns EFI_SUCCESS.
248 If the check fails, it returns EFI_SECURITY_VIOLATION.
250 @param Buffer The memory to set.
251 @param Length The number of bytes to set.
252 @param Value The value with which to fill Length bytes of Buffer.
254 @retval EFI_SECURITY_VIOLATION The Buffer is invalid per processor architecture or overlap with MMRAM.
255 @retval EFI_SUCCESS Memory is set.
266 if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS
)(UINTN
)Buffer
, Length
)) {
267 DEBUG ((DEBUG_ERROR
, "MmSetMem: Security Violation: Source (0x%x), Length (0x%x)\n", Buffer
, Length
));
268 return EFI_SECURITY_VIOLATION
;
271 SetMem (Buffer
, Length
, Value
);
276 The constructor function initializes the Mm Mem library
278 @param [in] ImageHandle The firmware allocated handle for the EFI image.
279 @param [in] MmSystemTable A pointer to the EFI System Table.
281 @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS.
287 IN EFI_HANDLE ImageHandle
,
288 IN EFI_MM_SYSTEM_TABLE
*MmSystemTable
294 // Calculate and save maximum support address
296 MmMemLibInternalCalculateMaximumSupportAddress ();
299 // Initialize cached Mmram Ranges from HOB.
301 Status
= MmMemLibInternalPopulateMmramRanges ();
307 Destructor for Mm Mem library.
309 @param ImageHandle The image handle of the process.
310 @param MmSystemTable The EFI System Table pointer.
312 @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS.
318 IN EFI_HANDLE ImageHandle
,
319 IN EFI_MM_SYSTEM_TABLE
*MmSystemTable
323 // Deinitialize cached Mmram Ranges.
325 MmMemLibInternalFreeMmramRanges ();