Fix a security hole in shell binaries:

[mirror_edk2.git] / OvmfPkg / PlatformPei / Platform.c

diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
index 2219ebb7eedd2c4c48862f30b0bfc02fe55570a3..a886a00d7504b077005786ae722a9be5fbd63ed4 100644 (file)
--- a/OvmfPkg/PlatformPei/Platform.c
+++ b/OvmfPkg/PlatformPei/Platform.c
@@ -23,6 +23,8 @@
 #include <Library/DebugLib.h>\r
 #include <Library/HobLib.h>\r
 #include <Library/IoLib.h>\r
+#include <Library/MemoryAllocationLib.h>\r
+#include <Library/PcdLib.h>\r
 #include <Library/PciLib.h>\r
 #include <Library/PeimEntryPoint.h>\r
 #include <Library/ResourcePublicationLib.h>\r
@@ -136,8 +138,7 @@ MemMapInitialization (
   //\r
   // Video memory + Legacy BIOS region\r
   //\r
-  AddMemoryRangeHob (0x0A0000, 0x0B0000);\r
-  AddIoMemoryRangeHob (0x0B0000, 0x100000);\r
+  AddIoMemoryRangeHob (0x0A0000, 0x100000);\r
 }\r
 \r
 \r
@@ -157,6 +158,32 @@ MiscInitialization (
 }\r
 \r
 \r
+VOID\r
+ReserveEmuVariableNvStore (\r
+  )\r
+{\r
+  EFI_PHYSICAL_ADDRESS VariableStore;\r
+\r
+  //\r
+  // Allocate storage for NV variables early on so it will be\r
+  // at a consistent address.  Since VM memory is preserved\r
+  // across reboots, this allows the NV variable storage to survive\r
+  // a VM reboot.\r
+  //\r
+  VariableStore =\r
+    (EFI_PHYSICAL_ADDRESS)(UINTN)\r
+      AllocateRuntimePool (\r
+        2 * FixedPcdGet32(PcdFlashNvStorageFtwSpareSize)\r
+        );\r
+  DEBUG ((EFI_D_INFO,\r
+          "Reserved variable store memory: 0x%lX; size: %dkb\n",\r
+          VariableStore,\r
+          (2 * FixedPcdGet32(PcdFlashNvStorageFtwSpareSize)) / 1024\r
+        ));\r
+  PcdSet64 (PcdEmuVariableNvStoreReserved, VariableStore);\r
+}\r
+\r
+\r
 /**\r
   Perform Platform PEI initialization.\r
 \r
@@ -177,6 +204,8 @@ InitializePlatform (
 \r
   MemDetect ();\r
 \r
+  ReserveEmuVariableNvStore ();\r
+\r
   PeiFvInitialization ();\r
 \r
   MemMapInitialization ();\r