all SMRAM range via SMM_ACCESS2_PROTOCOL, including the range for firmware (like SMM Core\r
and SMM driver) and/or specific dedicated hardware.\r
\r
- Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>\r
+ Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
#include <Library/DebugLib.h>\r
#include <Library/MemoryAllocationLib.h>\r
#include <Library/UefiBootServicesTableLib.h>\r
+#include <Library/DxeServicesTableLib.h>\r
#include <Library/SmmServicesTableLib.h>\r
+#include <Library/UefiLib.h>\r
#include <Library/HobLib.h>\r
#include <Protocol/SmmAccess2.h>\r
#include <Protocol/SmmReadyToLock.h>\r
#include <Protocol/SmmEndOfDxe.h>\r
+#include <Guid/MemoryAttributesTable.h>\r
\r
-#define NEXT_MEMORY_DESCRIPTOR(MemoryDescriptor, Size) \\r
- ((EFI_MEMORY_DESCRIPTOR *)((UINT8 *)(MemoryDescriptor) + (Size)))\r
+//\r
+// attributes for reserved memory before it is promoted to system memory\r
+//\r
+#define EFI_MEMORY_PRESENT 0x0100000000000000ULL\r
+#define EFI_MEMORY_INITIALIZED 0x0200000000000000ULL\r
+#define EFI_MEMORY_TESTED 0x0400000000000000ULL\r
\r
EFI_SMRAM_DESCRIPTOR *mSmmMemLibInternalSmramRanges;\r
UINTN mSmmMemLibInternalSmramCount;\r
EFI_MEMORY_DESCRIPTOR *mMemoryMap;\r
UINTN mDescriptorSize;\r
\r
+EFI_GCD_MEMORY_SPACE_DESCRIPTOR *mSmmMemLibGcdMemSpace = NULL;\r
+UINTN mSmmMemLibGcdMemNumberOfDesc = 0;\r
+\r
+EFI_MEMORY_ATTRIBUTES_TABLE *mSmmMemLibMemoryAttributesTable = NULL;\r
+\r
VOID *mRegistrationEndOfDxe;\r
VOID *mRegistrationReadyToLock;\r
\r
-BOOLEAN mSmmReadyToLock = FALSE;\r
+BOOLEAN mSmmMemLibSmmReadyToLock = FALSE;\r
\r
/**\r
Calculate and save the maximum support address.\r
if (PhysicalAddressBits > 48) {\r
PhysicalAddressBits = 48;\r
}\r
- \r
+\r
//\r
- // Save the maximum support address in one global variable \r
+ // Save the maximum support address in one global variable\r
//\r
mSmmMemLibInternalMaximumSupportAddress = (EFI_PHYSICAL_ADDRESS)(UINTN)(LShiftU64 (1, PhysicalAddressBits) - 1);\r
DEBUG ((EFI_D_INFO, "mSmmMemLibInternalMaximumSupportAddress = 0x%lx\n", mSmmMemLibInternalMaximumSupportAddress));\r
)\r
{\r
UINTN Index;\r
- \r
+\r
//\r
// Check override.\r
// NOTE: (B:0->L:4G) is invalid for IA32, but (B:1->L:4G-1)/(B:4G-1->L:1) is valid.\r
));\r
return FALSE;\r
}\r
- \r
+\r
for (Index = 0; Index < mSmmMemLibInternalSmramCount; Index ++) {\r
if (((Buffer >= mSmmMemLibInternalSmramRanges[Index].CpuStart) && (Buffer < mSmmMemLibInternalSmramRanges[Index].CpuStart + mSmmMemLibInternalSmramRanges[Index].PhysicalSize)) ||\r
((mSmmMemLibInternalSmramRanges[Index].CpuStart >= Buffer) && (mSmmMemLibInternalSmramRanges[Index].CpuStart < Buffer + Length))) {\r
//\r
// Check override for Valid Communication Region\r
//\r
- if (mSmmReadyToLock) {\r
+ if (mSmmMemLibSmmReadyToLock) {\r
EFI_MEMORY_DESCRIPTOR *MemoryMap;\r
BOOLEAN InValidCommunicationRegion;\r
- \r
+\r
InValidCommunicationRegion = FALSE;\r
MemoryMap = mMemoryMap;\r
for (Index = 0; Index < mMemoryMapEntryCount; Index++) {\r
if (!InValidCommunicationRegion) {\r
DEBUG ((\r
EFI_D_ERROR,\r
- "SmmIsBufferOutsideSmmValid: Not in ValidCommunicationRegion: Buffer (0x%lx) - Length (0x%lx), ",\r
+ "SmmIsBufferOutsideSmmValid: Not in ValidCommunicationRegion: Buffer (0x%lx) - Length (0x%lx)\n",\r
Buffer,\r
Length\r
));\r
- ASSERT (FALSE);\r
return FALSE;\r
}\r
+\r
+ //\r
+ // Check untested memory as invalid communication buffer.\r
+ //\r
+ for (Index = 0; Index < mSmmMemLibGcdMemNumberOfDesc; Index++) {\r
+ if (((Buffer >= mSmmMemLibGcdMemSpace[Index].BaseAddress) && (Buffer < mSmmMemLibGcdMemSpace[Index].BaseAddress + mSmmMemLibGcdMemSpace[Index].Length)) ||\r
+ ((mSmmMemLibGcdMemSpace[Index].BaseAddress >= Buffer) && (mSmmMemLibGcdMemSpace[Index].BaseAddress < Buffer + Length))) {\r
+ DEBUG ((\r
+ EFI_D_ERROR,\r
+ "SmmIsBufferOutsideSmmValid: In Untested Memory Region: Buffer (0x%lx) - Length (0x%lx)\n",\r
+ Buffer,\r
+ Length\r
+ ));\r
+ return FALSE;\r
+ }\r
+ }\r
+\r
+ //\r
+ // Check UEFI runtime memory with EFI_MEMORY_RO as invalid communication buffer.\r
+ //\r
+ if (mSmmMemLibMemoryAttributesTable != NULL) {\r
+ EFI_MEMORY_DESCRIPTOR *Entry;\r
+\r
+ Entry = (EFI_MEMORY_DESCRIPTOR *)(mSmmMemLibMemoryAttributesTable + 1);\r
+ for (Index = 0; Index < mSmmMemLibMemoryAttributesTable->NumberOfEntries; Index++) {\r
+ if (Entry->Type == EfiRuntimeServicesCode || Entry->Type == EfiRuntimeServicesData) {\r
+ if ((Entry->Attribute & EFI_MEMORY_RO) != 0) {\r
+ if (((Buffer >= Entry->PhysicalStart) && (Buffer < Entry->PhysicalStart + LShiftU64 (Entry->NumberOfPages, EFI_PAGE_SHIFT))) ||\r
+ ((Entry->PhysicalStart >= Buffer) && (Entry->PhysicalStart < Buffer + Length))) {\r
+ DEBUG ((\r
+ EFI_D_ERROR,\r
+ "SmmIsBufferOutsideSmmValid: In RuntimeCode Region: Buffer (0x%lx) - Length (0x%lx)\n",\r
+ Buffer,\r
+ Length\r
+ ));\r
+ return FALSE;\r
+ }\r
+ }\r
+ }\r
+ Entry = NEXT_MEMORY_DESCRIPTOR (Entry, mSmmMemLibMemoryAttributesTable->DescriptorSize);\r
+ }\r
+ }\r
}\r
return TRUE;\r
}\r
If the check passes, it copies memory and returns EFI_SUCCESS.\r
If the check fails, it returns EFI_SECURITY_VIOLATION.\r
The implementation must be reentrant.\r
- \r
+\r
@param DestinationBuffer The pointer to the destination buffer of the memory copy.\r
@param SourceBuffer The pointer to the source buffer of the memory copy.\r
@param Length The number of bytes to copy from SourceBuffer to DestinationBuffer.\r
If the check passes, it copies memory and returns EFI_SUCCESS.\r
If the check fails, it returns EFI_SECURITY_VIOLATION.\r
The implementation must be reentrant, and it must handle the case where source buffer overlaps destination buffer.\r
- \r
+\r
@param DestinationBuffer The pointer to the destination buffer of the memory copy.\r
@param SourceBuffer The pointer to the source buffer of the memory copy.\r
@param Length The number of bytes to copy from SourceBuffer to DestinationBuffer.\r
It checks if target buffer is valid per processor architecture and not overlap with SMRAM.\r
If the check passes, it fills memory and returns EFI_SUCCESS.\r
If the check fails, it returns EFI_SECURITY_VIOLATION.\r
- \r
+\r
@param Buffer The memory to set.\r
@param Length The number of bytes to set.\r
@param Value The value with which to fill Length bytes of Buffer.\r
- \r
+\r
@retval EFI_SECURITY_VIOLATION The Buffer is invalid per processor architecture or overlap with SMRAM.\r
@retval EFI_SUCCESS Memory is set.\r
\r
return EFI_SUCCESS;\r
}\r
\r
+/**\r
+ Get GCD memory map.\r
+ Only record untested memory as invalid communication buffer.\r
+**/\r
+VOID\r
+SmmMemLibInternalGetGcdMemoryMap (\r
+ VOID\r
+ )\r
+{\r
+ UINTN NumberOfDescriptors;\r
+ EFI_GCD_MEMORY_SPACE_DESCRIPTOR *MemSpaceMap;\r
+ EFI_STATUS Status;\r
+ UINTN Index;\r
+\r
+ Status = gDS->GetMemorySpaceMap (&NumberOfDescriptors, &MemSpaceMap);\r
+ if (EFI_ERROR (Status)) {\r
+ return ;\r
+ }\r
+\r
+ mSmmMemLibGcdMemNumberOfDesc = 0;\r
+ for (Index = 0; Index < NumberOfDescriptors; Index++) {\r
+ if (MemSpaceMap[Index].GcdMemoryType == EfiGcdMemoryTypeReserved &&\r
+ (MemSpaceMap[Index].Capabilities & (EFI_MEMORY_PRESENT | EFI_MEMORY_INITIALIZED | EFI_MEMORY_TESTED)) ==\r
+ (EFI_MEMORY_PRESENT | EFI_MEMORY_INITIALIZED)\r
+ ) {\r
+ mSmmMemLibGcdMemNumberOfDesc++;\r
+ }\r
+ }\r
+\r
+ mSmmMemLibGcdMemSpace = AllocateZeroPool (mSmmMemLibGcdMemNumberOfDesc * sizeof (EFI_GCD_MEMORY_SPACE_DESCRIPTOR));\r
+ ASSERT (mSmmMemLibGcdMemSpace != NULL);\r
+ if (mSmmMemLibGcdMemSpace == NULL) {\r
+ mSmmMemLibGcdMemNumberOfDesc = 0;\r
+ gBS->FreePool (MemSpaceMap);\r
+ return ;\r
+ }\r
+\r
+ mSmmMemLibGcdMemNumberOfDesc = 0;\r
+ for (Index = 0; Index < NumberOfDescriptors; Index++) {\r
+ if (MemSpaceMap[Index].GcdMemoryType == EfiGcdMemoryTypeReserved &&\r
+ (MemSpaceMap[Index].Capabilities & (EFI_MEMORY_PRESENT | EFI_MEMORY_INITIALIZED | EFI_MEMORY_TESTED)) ==\r
+ (EFI_MEMORY_PRESENT | EFI_MEMORY_INITIALIZED)\r
+ ) {\r
+ CopyMem (\r
+ &mSmmMemLibGcdMemSpace[mSmmMemLibGcdMemNumberOfDesc],\r
+ &MemSpaceMap[Index],\r
+ sizeof(EFI_GCD_MEMORY_SPACE_DESCRIPTOR)\r
+ );\r
+ mSmmMemLibGcdMemNumberOfDesc++;\r
+ }\r
+ }\r
+\r
+ gBS->FreePool (MemSpaceMap);\r
+}\r
+\r
+/**\r
+ Get UEFI MemoryAttributesTable.\r
+**/\r
+VOID\r
+SmmMemLibInternalGetUefiMemoryAttributesTable (\r
+ VOID\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ EFI_MEMORY_ATTRIBUTES_TABLE *MemoryAttributesTable;\r
+ UINTN MemoryAttributesTableSize;\r
+\r
+ Status = EfiGetSystemConfigurationTable (&gEfiMemoryAttributesTableGuid, (VOID **)&MemoryAttributesTable);\r
+ if (!EFI_ERROR (Status) && (MemoryAttributesTable != NULL)) {\r
+ MemoryAttributesTableSize = sizeof(EFI_MEMORY_ATTRIBUTES_TABLE) + MemoryAttributesTable->DescriptorSize * MemoryAttributesTable->NumberOfEntries;\r
+ mSmmMemLibMemoryAttributesTable = AllocateCopyPool (MemoryAttributesTableSize, MemoryAttributesTable);\r
+ ASSERT (mSmmMemLibMemoryAttributesTable != NULL);\r
+ }\r
+}\r
+\r
/**\r
Notification for SMM EndOfDxe protocol.\r
\r
do {\r
Status = gBS->AllocatePool (EfiBootServicesData, MemoryMapSize, (VOID **)&MemoryMap);\r
ASSERT (MemoryMap != NULL);\r
- \r
+\r
Status = gBS->GetMemoryMap (\r
&MemoryMapSize,\r
MemoryMap,\r
MemoryMap = NEXT_MEMORY_DESCRIPTOR(MemoryMap, DescriptorSize);\r
}\r
MemoryMap = MemoryMapStart;\r
- \r
+\r
//\r
// Get Data\r
//\r
}\r
mMemoryMap = SmmMemoryMapStart;\r
MemoryMap = MemoryMapStart;\r
- \r
+\r
gBS->FreePool (MemoryMap);\r
\r
+ //\r
+ // Get additional information from GCD memory map.\r
+ //\r
+ SmmMemLibInternalGetGcdMemoryMap ();\r
+\r
+ //\r
+ // Get UEFI memory attributes table.\r
+ //\r
+ SmmMemLibInternalGetUefiMemoryAttributesTable ();\r
+\r
return EFI_SUCCESS;\r
}\r
\r
-\r
/**\r
Notification for SMM ReadyToLock protocol.\r
\r
IN EFI_HANDLE Handle\r
)\r
{\r
- mSmmReadyToLock = TRUE;\r
+ mSmmMemLibSmmReadyToLock = TRUE;\r
return EFI_SUCCESS;\r
}\r
/**\r
EFI_STATUS Status;\r
EFI_SMM_ACCESS2_PROTOCOL *SmmAccess;\r
UINTN Size;\r
- \r
+\r
//\r
// Get SMRAM information\r
//\r
projects / mirror_edk2.git / blobdiff