all SMRAM range via SMM_ACCESS2_PROTOCOL, including the range for firmware (like SMM Core\r
and SMM driver) and/or specific dedicated hardware.\r
\r
- Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>\r
+ Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
#include <Library/DebugLib.h>\r
#include <Library/MemoryAllocationLib.h>\r
#include <Library/UefiBootServicesTableLib.h>\r
+#include <Library/DxeServicesTableLib.h>\r
#include <Library/SmmServicesTableLib.h>\r
+#include <Library/UefiLib.h>\r
#include <Library/HobLib.h>\r
#include <Protocol/SmmAccess2.h>\r
+#include <Protocol/SmmReadyToLock.h>\r
+#include <Protocol/SmmEndOfDxe.h>\r
+#include <Guid/MemoryAttributesTable.h>\r
+\r
+//\r
+// attributes for reserved memory before it is promoted to system memory\r
+//\r
+#define EFI_MEMORY_PRESENT 0x0100000000000000ULL\r
+#define EFI_MEMORY_INITIALIZED 0x0200000000000000ULL\r
+#define EFI_MEMORY_TESTED 0x0400000000000000ULL\r
\r
EFI_SMRAM_DESCRIPTOR *mSmmMemLibInternalSmramRanges;\r
UINTN mSmmMemLibInternalSmramCount;\r
//\r
EFI_PHYSICAL_ADDRESS mSmmMemLibInternalMaximumSupportAddress = 0;\r
\r
+UINTN mMemoryMapEntryCount;\r
+EFI_MEMORY_DESCRIPTOR *mMemoryMap;\r
+UINTN mDescriptorSize;\r
+\r
+EFI_GCD_MEMORY_SPACE_DESCRIPTOR *mSmmMemLibGcdMemSpace = NULL;\r
+UINTN mSmmMemLibGcdMemNumberOfDesc = 0;\r
+\r
+EFI_MEMORY_ATTRIBUTES_TABLE *mSmmMemLibMemoryAttributesTable = NULL;\r
+\r
+VOID *mRegistrationEndOfDxe;\r
+VOID *mRegistrationReadyToLock;\r
+\r
+BOOLEAN mSmmMemLibSmmReadyToLock = FALSE;\r
+\r
/**\r
- Caculate and save the maximum support address.\r
+ Calculate and save the maximum support address.\r
\r
**/\r
VOID\r
-SmmMemLibInternalCaculateMaximumSupportAddress (\r
+SmmMemLibInternalCalculateMaximumSupportAddress (\r
VOID\r
)\r
{\r
if (PhysicalAddressBits > 48) {\r
PhysicalAddressBits = 48;\r
}\r
- \r
+\r
//\r
- // Save the maximum support address in one global variable \r
+ // Save the maximum support address in one global variable\r
//\r
mSmmMemLibInternalMaximumSupportAddress = (EFI_PHYSICAL_ADDRESS)(UINTN)(LShiftU64 (1, PhysicalAddressBits) - 1);\r
DEBUG ((EFI_D_INFO, "mSmmMemLibInternalMaximumSupportAddress = 0x%lx\n", mSmmMemLibInternalMaximumSupportAddress));\r
)\r
{\r
UINTN Index;\r
- \r
+\r
//\r
// Check override.\r
// NOTE: (B:0->L:4G) is invalid for IA32, but (B:1->L:4G-1)/(B:4G-1->L:1) is valid.\r
));\r
return FALSE;\r
}\r
- \r
+\r
for (Index = 0; Index < mSmmMemLibInternalSmramCount; Index ++) {\r
if (((Buffer >= mSmmMemLibInternalSmramRanges[Index].CpuStart) && (Buffer < mSmmMemLibInternalSmramRanges[Index].CpuStart + mSmmMemLibInternalSmramRanges[Index].PhysicalSize)) ||\r
((mSmmMemLibInternalSmramRanges[Index].CpuStart >= Buffer) && (mSmmMemLibInternalSmramRanges[Index].CpuStart < Buffer + Length))) {\r
}\r
}\r
\r
+ //\r
+ // Check override for Valid Communication Region\r
+ //\r
+ if (mSmmMemLibSmmReadyToLock) {\r
+ EFI_MEMORY_DESCRIPTOR *MemoryMap;\r
+ BOOLEAN InValidCommunicationRegion;\r
+\r
+ InValidCommunicationRegion = FALSE;\r
+ MemoryMap = mMemoryMap;\r
+ for (Index = 0; Index < mMemoryMapEntryCount; Index++) {\r
+ if ((Buffer >= MemoryMap->PhysicalStart) &&\r
+ (Buffer + Length <= MemoryMap->PhysicalStart + LShiftU64 (MemoryMap->NumberOfPages, EFI_PAGE_SHIFT))) {\r
+ InValidCommunicationRegion = TRUE;\r
+ }\r
+ MemoryMap = NEXT_MEMORY_DESCRIPTOR(MemoryMap, mDescriptorSize);\r
+ }\r
+\r
+ if (!InValidCommunicationRegion) {\r
+ DEBUG ((\r
+ EFI_D_ERROR,\r
+ "SmmIsBufferOutsideSmmValid: Not in ValidCommunicationRegion: Buffer (0x%lx) - Length (0x%lx)\n",\r
+ Buffer,\r
+ Length\r
+ ));\r
+ return FALSE;\r
+ }\r
+\r
+ //\r
+ // Check untested memory as invalid communication buffer.\r
+ //\r
+ for (Index = 0; Index < mSmmMemLibGcdMemNumberOfDesc; Index++) {\r
+ if (((Buffer >= mSmmMemLibGcdMemSpace[Index].BaseAddress) && (Buffer < mSmmMemLibGcdMemSpace[Index].BaseAddress + mSmmMemLibGcdMemSpace[Index].Length)) ||\r
+ ((mSmmMemLibGcdMemSpace[Index].BaseAddress >= Buffer) && (mSmmMemLibGcdMemSpace[Index].BaseAddress < Buffer + Length))) {\r
+ DEBUG ((\r
+ EFI_D_ERROR,\r
+ "SmmIsBufferOutsideSmmValid: In Untested Memory Region: Buffer (0x%lx) - Length (0x%lx)\n",\r
+ Buffer,\r
+ Length\r
+ ));\r
+ return FALSE;\r
+ }\r
+ }\r
+\r
+ //\r
+ // Check UEFI runtime memory with EFI_MEMORY_RO as invalid communication buffer.\r
+ //\r
+ if (mSmmMemLibMemoryAttributesTable != NULL) {\r
+ EFI_MEMORY_DESCRIPTOR *Entry;\r
+\r
+ Entry = (EFI_MEMORY_DESCRIPTOR *)(mSmmMemLibMemoryAttributesTable + 1);\r
+ for (Index = 0; Index < mSmmMemLibMemoryAttributesTable->NumberOfEntries; Index++) {\r
+ if (Entry->Type == EfiRuntimeServicesCode || Entry->Type == EfiRuntimeServicesData) {\r
+ if ((Entry->Attribute & EFI_MEMORY_RO) != 0) {\r
+ if (((Buffer >= Entry->PhysicalStart) && (Buffer < Entry->PhysicalStart + LShiftU64 (Entry->NumberOfPages, EFI_PAGE_SHIFT))) ||\r
+ ((Entry->PhysicalStart >= Buffer) && (Entry->PhysicalStart < Buffer + Length))) {\r
+ DEBUG ((\r
+ EFI_D_ERROR,\r
+ "SmmIsBufferOutsideSmmValid: In RuntimeCode Region: Buffer (0x%lx) - Length (0x%lx)\n",\r
+ Buffer,\r
+ Length\r
+ ));\r
+ return FALSE;\r
+ }\r
+ }\r
+ }\r
+ Entry = NEXT_MEMORY_DESCRIPTOR (Entry, mSmmMemLibMemoryAttributesTable->DescriptorSize);\r
+ }\r
+ }\r
+ }\r
return TRUE;\r
}\r
\r
If the check passes, it copies memory and returns EFI_SUCCESS.\r
If the check fails, it returns EFI_SECURITY_VIOLATION.\r
The implementation must be reentrant.\r
- \r
+\r
@param DestinationBuffer The pointer to the destination buffer of the memory copy.\r
@param SourceBuffer The pointer to the source buffer of the memory copy.\r
@param Length The number of bytes to copy from SourceBuffer to DestinationBuffer.\r
If the check passes, it copies memory and returns EFI_SUCCESS.\r
If the check fails, it returns EFI_SECURITY_VIOLATION.\r
The implementation must be reentrant, and it must handle the case where source buffer overlaps destination buffer.\r
- \r
+\r
@param DestinationBuffer The pointer to the destination buffer of the memory copy.\r
@param SourceBuffer The pointer to the source buffer of the memory copy.\r
@param Length The number of bytes to copy from SourceBuffer to DestinationBuffer.\r
It checks if target buffer is valid per processor architecture and not overlap with SMRAM.\r
If the check passes, it fills memory and returns EFI_SUCCESS.\r
If the check fails, it returns EFI_SECURITY_VIOLATION.\r
- \r
+\r
@param Buffer The memory to set.\r
@param Length The number of bytes to set.\r
@param Value The value with which to fill Length bytes of Buffer.\r
- \r
+\r
@retval EFI_SECURITY_VIOLATION The Buffer is invalid per processor architecture or overlap with SMRAM.\r
@retval EFI_SUCCESS Memory is set.\r
\r
return EFI_SUCCESS;\r
}\r
\r
+/**\r
+ Get GCD memory map.\r
+ Only record untested memory as invalid communication buffer.\r
+**/\r
+VOID\r
+SmmMemLibInternalGetGcdMemoryMap (\r
+ VOID\r
+ )\r
+{\r
+ UINTN NumberOfDescriptors;\r
+ EFI_GCD_MEMORY_SPACE_DESCRIPTOR *MemSpaceMap;\r
+ EFI_STATUS Status;\r
+ UINTN Index;\r
+\r
+ Status = gDS->GetMemorySpaceMap (&NumberOfDescriptors, &MemSpaceMap);\r
+ if (EFI_ERROR (Status)) {\r
+ return ;\r
+ }\r
+\r
+ mSmmMemLibGcdMemNumberOfDesc = 0;\r
+ for (Index = 0; Index < NumberOfDescriptors; Index++) {\r
+ if (MemSpaceMap[Index].GcdMemoryType == EfiGcdMemoryTypeReserved &&\r
+ (MemSpaceMap[Index].Capabilities & (EFI_MEMORY_PRESENT | EFI_MEMORY_INITIALIZED | EFI_MEMORY_TESTED)) ==\r
+ (EFI_MEMORY_PRESENT | EFI_MEMORY_INITIALIZED)\r
+ ) {\r
+ mSmmMemLibGcdMemNumberOfDesc++;\r
+ }\r
+ }\r
+\r
+ mSmmMemLibGcdMemSpace = AllocateZeroPool (mSmmMemLibGcdMemNumberOfDesc * sizeof (EFI_GCD_MEMORY_SPACE_DESCRIPTOR));\r
+ ASSERT (mSmmMemLibGcdMemSpace != NULL);\r
+ if (mSmmMemLibGcdMemSpace == NULL) {\r
+ mSmmMemLibGcdMemNumberOfDesc = 0;\r
+ gBS->FreePool (MemSpaceMap);\r
+ return ;\r
+ }\r
+\r
+ mSmmMemLibGcdMemNumberOfDesc = 0;\r
+ for (Index = 0; Index < NumberOfDescriptors; Index++) {\r
+ if (MemSpaceMap[Index].GcdMemoryType == EfiGcdMemoryTypeReserved &&\r
+ (MemSpaceMap[Index].Capabilities & (EFI_MEMORY_PRESENT | EFI_MEMORY_INITIALIZED | EFI_MEMORY_TESTED)) ==\r
+ (EFI_MEMORY_PRESENT | EFI_MEMORY_INITIALIZED)\r
+ ) {\r
+ CopyMem (\r
+ &mSmmMemLibGcdMemSpace[mSmmMemLibGcdMemNumberOfDesc],\r
+ &MemSpaceMap[Index],\r
+ sizeof(EFI_GCD_MEMORY_SPACE_DESCRIPTOR)\r
+ );\r
+ mSmmMemLibGcdMemNumberOfDesc++;\r
+ }\r
+ }\r
+\r
+ gBS->FreePool (MemSpaceMap);\r
+}\r
+\r
+/**\r
+ Get UEFI MemoryAttributesTable.\r
+**/\r
+VOID\r
+SmmMemLibInternalGetUefiMemoryAttributesTable (\r
+ VOID\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ EFI_MEMORY_ATTRIBUTES_TABLE *MemoryAttributesTable;\r
+ UINTN MemoryAttributesTableSize;\r
+\r
+ Status = EfiGetSystemConfigurationTable (&gEfiMemoryAttributesTableGuid, (VOID **)&MemoryAttributesTable);\r
+ if (!EFI_ERROR (Status) && (MemoryAttributesTable != NULL)) {\r
+ MemoryAttributesTableSize = sizeof(EFI_MEMORY_ATTRIBUTES_TABLE) + MemoryAttributesTable->DescriptorSize * MemoryAttributesTable->NumberOfEntries;\r
+ mSmmMemLibMemoryAttributesTable = AllocateCopyPool (MemoryAttributesTableSize, MemoryAttributesTable);\r
+ ASSERT (mSmmMemLibMemoryAttributesTable != NULL);\r
+ }\r
+}\r
+\r
+/**\r
+ Notification for SMM EndOfDxe protocol.\r
+\r
+ @param[in] Protocol Points to the protocol's unique identifier.\r
+ @param[in] Interface Points to the interface instance.\r
+ @param[in] Handle The handle on which the interface was installed.\r
+\r
+ @retval EFI_SUCCESS Notification runs successfully.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SmmLibInternalEndOfDxeNotify (\r
+ IN CONST EFI_GUID *Protocol,\r
+ IN VOID *Interface,\r
+ IN EFI_HANDLE Handle\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ UINTN MapKey;\r
+ UINTN MemoryMapSize;\r
+ EFI_MEMORY_DESCRIPTOR *MemoryMap;\r
+ EFI_MEMORY_DESCRIPTOR *MemoryMapStart;\r
+ EFI_MEMORY_DESCRIPTOR *SmmMemoryMapStart;\r
+ UINTN MemoryMapEntryCount;\r
+ UINTN DescriptorSize;\r
+ UINT32 DescriptorVersion;\r
+ UINTN Index;\r
+\r
+ MemoryMapSize = 0;\r
+ MemoryMap = NULL;\r
+ Status = gBS->GetMemoryMap (\r
+ &MemoryMapSize,\r
+ MemoryMap,\r
+ &MapKey,\r
+ &DescriptorSize,\r
+ &DescriptorVersion\r
+ );\r
+ ASSERT (Status == EFI_BUFFER_TOO_SMALL);\r
+\r
+ do {\r
+ Status = gBS->AllocatePool (EfiBootServicesData, MemoryMapSize, (VOID **)&MemoryMap);\r
+ ASSERT (MemoryMap != NULL);\r
+\r
+ Status = gBS->GetMemoryMap (\r
+ &MemoryMapSize,\r
+ MemoryMap,\r
+ &MapKey,\r
+ &DescriptorSize,\r
+ &DescriptorVersion\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ gBS->FreePool (MemoryMap);\r
+ }\r
+ } while (Status == EFI_BUFFER_TOO_SMALL);\r
+\r
+ //\r
+ // Get Count\r
+ //\r
+ mDescriptorSize = DescriptorSize;\r
+ MemoryMapEntryCount = MemoryMapSize/DescriptorSize;\r
+ MemoryMapStart = MemoryMap;\r
+ mMemoryMapEntryCount = 0;\r
+ for (Index = 0; Index < MemoryMapEntryCount; Index++) {\r
+ switch (MemoryMap->Type) {\r
+ case EfiReservedMemoryType:\r
+ case EfiRuntimeServicesCode:\r
+ case EfiRuntimeServicesData:\r
+ case EfiACPIMemoryNVS:\r
+ mMemoryMapEntryCount++;\r
+ break;\r
+ }\r
+ MemoryMap = NEXT_MEMORY_DESCRIPTOR(MemoryMap, DescriptorSize);\r
+ }\r
+ MemoryMap = MemoryMapStart;\r
+\r
+ //\r
+ // Get Data\r
+ //\r
+ mMemoryMap = AllocatePool (mMemoryMapEntryCount*DescriptorSize);\r
+ ASSERT (mMemoryMap != NULL);\r
+ SmmMemoryMapStart = mMemoryMap;\r
+ for (Index = 0; Index < MemoryMapEntryCount; Index++) {\r
+ switch (MemoryMap->Type) {\r
+ case EfiReservedMemoryType:\r
+ case EfiRuntimeServicesCode:\r
+ case EfiRuntimeServicesData:\r
+ case EfiACPIMemoryNVS:\r
+ CopyMem (mMemoryMap, MemoryMap, DescriptorSize);\r
+ mMemoryMap = NEXT_MEMORY_DESCRIPTOR(mMemoryMap, DescriptorSize);\r
+ break;\r
+ }\r
+ MemoryMap = NEXT_MEMORY_DESCRIPTOR(MemoryMap, DescriptorSize);\r
+ }\r
+ mMemoryMap = SmmMemoryMapStart;\r
+ MemoryMap = MemoryMapStart;\r
+\r
+ gBS->FreePool (MemoryMap);\r
+\r
+ //\r
+ // Get additional information from GCD memory map.\r
+ //\r
+ SmmMemLibInternalGetGcdMemoryMap ();\r
+\r
+ //\r
+ // Get UEFI memory attributes table.\r
+ //\r
+ SmmMemLibInternalGetUefiMemoryAttributesTable ();\r
+\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ Notification for SMM ReadyToLock protocol.\r
+\r
+ @param[in] Protocol Points to the protocol's unique identifier.\r
+ @param[in] Interface Points to the interface instance.\r
+ @param[in] Handle The handle on which the interface was installed.\r
+\r
+ @retval EFI_SUCCESS Notification runs successfully.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SmmLibInternalReadyToLockNotify (\r
+ IN CONST EFI_GUID *Protocol,\r
+ IN VOID *Interface,\r
+ IN EFI_HANDLE Handle\r
+ )\r
+{\r
+ mSmmMemLibSmmReadyToLock = TRUE;\r
+ return EFI_SUCCESS;\r
+}\r
/**\r
The constructor function initializes the Smm Mem library\r
\r
EFI_STATUS Status;\r
EFI_SMM_ACCESS2_PROTOCOL *SmmAccess;\r
UINTN Size;\r
- \r
+\r
//\r
// Get SMRAM information\r
//\r
mSmmMemLibInternalSmramCount = Size / sizeof (EFI_SMRAM_DESCRIPTOR);\r
\r
//\r
- // Caculate and save maximum support address\r
+ // Calculate and save maximum support address\r
+ //\r
+ SmmMemLibInternalCalculateMaximumSupportAddress ();\r
+\r
+ //\r
+ // Register EndOfDxe to get UEFI memory map\r
//\r
- SmmMemLibInternalCaculateMaximumSupportAddress ();\r
+ Status = gSmst->SmmRegisterProtocolNotify (&gEfiSmmEndOfDxeProtocolGuid, SmmLibInternalEndOfDxeNotify, &mRegistrationEndOfDxe);\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
+ //\r
+ // Register ready to lock so that we can know when to check valid SMRAM region\r
+ //\r
+ Status = gSmst->SmmRegisterProtocolNotify (&gEfiSmmReadyToLockProtocolGuid, SmmLibInternalReadyToLockNotify, &mRegistrationReadyToLock);\r
+ ASSERT_EFI_ERROR (Status);\r
\r
return EFI_SUCCESS;\r
}\r
{\r
FreePool (mSmmMemLibInternalSmramRanges);\r
\r
+ gSmst->SmmRegisterProtocolNotify (&gEfiSmmEndOfDxeProtocolGuid, NULL, &mRegistrationEndOfDxe);\r
+ gSmst->SmmRegisterProtocolNotify (&gEfiSmmReadyToLockProtocolGuid, NULL, &mRegistrationReadyToLock);\r
return EFI_SUCCESS;\r
}\r