MdeModulePkg/VarCheckPolicyLib: implement standalone MM version

This commit adds the VarCheckPolicyLib that will be able to
execute in the context of standalone MM.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Co-authored-by: Kun Qin <kun.q@outlook.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Supreeth Venkatesh <supreeth.venkatesh@arm.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>

diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
index 257aa95913039799917884d3caf902dedb89b0c6..14e1904e96d366106053a0ca4058d79918ea0114 100644 (file)
--- a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
+++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
@@ -12,7 +12,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Library/DebugLib.h>\r
 #include <Library/SafeIntLib.h>\r
 #include <Library/MmServicesTableLib.h>\r
-#include <Library/SmmMemLib.h>\r
 #include <Library/BaseMemoryLib.h>\r
 #include <Library/MemoryAllocationLib.h>\r
 \r
@@ -23,6 +22,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 \r
 #include <Guid/VarCheckPolicyMmi.h>\r
 \r
+#include "VarCheckPolicyLib.h"\r
+\r
 //================================================\r
 // As a VarCheck library, we're linked into the VariableServices\r
 // and may not be able to call them indirectly. To get around this,\r
@@ -102,7 +103,8 @@ VarCheckPolicyLibMmiHandler (
   // Make sure that the buffer does not overlap SMM.\r
   // This should be covered by the SmiManage infrastructure, but just to be safe...\r
   InternalCommBufferSize = *CommBufferSize;\r
-  if (InternalCommBufferSize > VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE || !SmmIsBufferOutsideSmmValid((UINTN)CommBuffer, (UINT64)InternalCommBufferSize)) {\r
+  if (InternalCommBufferSize > VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE ||\r
+      !VarCheckPolicyIsBufferOutsideValid((UINTN)CommBuffer, (UINT64)InternalCommBufferSize)) {\r
     DEBUG ((DEBUG_ERROR, "%a - Invalid CommBuffer supplied! 0x%016lX[0x%016lX]\n", __FUNCTION__, CommBuffer, InternalCommBufferSize));\r
     return EFI_INVALID_PARAMETER;\r
   }\r
@@ -305,17 +307,13 @@ VarCheckPolicyLibMmiHandler (
   Constructor function of VarCheckPolicyLib to register VarCheck handler and\r
   SW MMI handlers.\r
 \r
-  @param[in] ImageHandle    The firmware allocated handle for the EFI image.\r
-  @param[in] SystemTable    A pointer to the EFI System Table.\r
-\r
   @retval EFI_SUCCESS       The constructor executed correctly.\r
 \r
 **/\r
 EFI_STATUS\r
 EFIAPI\r
-VarCheckPolicyLibConstructor (\r
-  IN EFI_HANDLE             ImageHandle,\r
-  IN EFI_SYSTEM_TABLE       *SystemTable\r
+VarCheckPolicyLibCommonConstructor (\r
+  VOID\r
   )\r
 {\r
   EFI_STATUS    Status;\r

diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.h b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.h
new file mode 100644 (file)
index 0000000..2226c8a
--- /dev/null
+++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.h
@@ -0,0 +1,42 @@
+/** @file -- VarCheckPolicyLib.h\r
+This internal header file defines the common interface of constructor for\r
+VarCheckPolicyLib.\r
+\r
+Copyright (c) Microsoft Corporation. All rights reserved.\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#ifndef _VAR_CHECK_POLICY_LIB_H_\r
+#define _VAR_CHECK_POLICY_LIB_H_\r
+\r
+/**\r
+  Common constructor function of VarCheckPolicyLib to register VarCheck handler\r
+  and SW MMI handlers.\r
+\r
+  @retval EFI_SUCCESS       The constructor executed correctly.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+VarCheckPolicyLibCommonConstructor (\r
+  VOID\r
+  );\r
+\r
+/**\r
+  This function is wrapper function to validate the buffer.\r
+\r
+  @param Buffer  The buffer start address to be checked.\r
+  @param Length  The buffer length to be checked.\r
+\r
+  @retval TRUE  This buffer is valid per processor architecture and not overlap with SMRAM/MMRAM.\r
+  @retval FALSE This buffer is not valid per processor architecture or overlap with SMRAM/MMRAM.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+VarCheckPolicyIsBufferOutsideValid (\r
+  IN EFI_PHYSICAL_ADDRESS  Buffer,\r
+  IN UINT64                Length\r
+  );\r
+\r
+#endif // _VAR_CHECK_POLICY_LIB_H_\r

diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
index 077bcc8990ca949b9e1390684ddf95dbf6df9079..9af436d25f81d1c4baaaa1a76f1207dc89693e47 100644 (file)
--- a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
+++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
@@ -13,11 +13,13 @@
   MODULE_TYPE                    = DXE_RUNTIME_DRIVER\r
   VERSION_STRING                 = 1.0\r
   LIBRARY_CLASS                  = NULL|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER\r
-  CONSTRUCTOR                    = VarCheckPolicyLibConstructor\r
+  CONSTRUCTOR                    = VarCheckPolicyLibTraditionalConstructor\r
 \r
 \r
 [Sources]\r
   VarCheckPolicyLib.c\r
+  VarCheckPolicyLibTraditional.c\r
+  VarCheckPolicyLib.h\r
 \r
 \r
 [Packages]\r
@@ -29,7 +31,6 @@
   BaseLib\r
   DebugLib\r
   BaseMemoryLib\r
-  DxeServicesLib\r
   MemoryAllocationLib\r
   VarCheckLib\r
   VariablePolicyLib\r

diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.c b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.c
new file mode 100644 (file)
index 0000000..b283ced
--- /dev/null
+++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.c
@@ -0,0 +1,50 @@
+/** @file -- VarCheckPolicyLibStandaloneMm.c\r
+This is an instance of a VarCheck lib constructor for Standalone MM.\r
+\r
+Copyright (c) Microsoft Corporation. All rights reserved.\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#include <Library/StandaloneMmMemLib.h>\r
+\r
+#include "VarCheckPolicyLib.h"\r
+\r
+/**\r
+  Standalone MM constructor function of VarCheckPolicyLib to invoke common\r
+  constructor routine.\r
+\r
+  @param[in] ImageHandle    The firmware allocated handle for the EFI image.\r
+  @param[in] SystemTable    A pointer to the EFI System Table.\r
+\r
+  @retval EFI_SUCCESS       The constructor executed correctly.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+VarCheckPolicyLibStandaloneConstructor (\r
+  IN EFI_HANDLE             ImageHandle,\r
+  IN EFI_MM_SYSTEM_TABLE    *SystemTable\r
+  )\r
+{\r
+  return VarCheckPolicyLibCommonConstructor ();\r
+}\r
+\r
+/**\r
+  This function is wrapper function to validate the buffer.\r
+\r
+  @param Buffer  The buffer start address to be checked.\r
+  @param Length  The buffer length to be checked.\r
+\r
+  @retval TRUE  This buffer is valid per processor architectureand not overlap with MMRAM.\r
+  @retval FALSE This buffer is not valid per processor architecture or overlap with MMRAM.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+VarCheckPolicyIsBufferOutsideValid (\r
+  IN EFI_PHYSICAL_ADDRESS  Buffer,\r
+  IN UINT64                Length\r
+  )\r
+{\r
+  return MmIsBufferOutsideMmValid (Buffer, Length);\r
+}\r

diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.inf b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.inf
new file mode 100644 (file)
index 0000000..d8d7ae5
--- /dev/null
+++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.inf
@@ -0,0 +1,47 @@
+## @file VarCheckPolicyLibStandaloneMm.inf\r
+# This is an instance of a VarCheck lib that leverages the business logic behind\r
+# the VariablePolicy code to make its decisions.\r
+#\r
+#\r
+# Copyright (c) Microsoft Corporation. All rights reserved.\r
+# SPDX-License-Identifier: BSD-2-Clause-Patent\r
+#\r
+##\r
+\r
+[Defines]\r
+  INF_VERSION                    = 0x00010005\r
+  BASE_NAME                      = VarCheckPolicyLibStandaloneMm\r
+  FILE_GUID                      = 44B09E3D-5EDA-4673-ABCF-C8AE4560C8EC\r
+  MODULE_TYPE                    = MM_STANDALONE\r
+  PI_SPECIFICATION_VERSION       = 0x00010032\r
+  VERSION_STRING                 = 1.0\r
+  LIBRARY_CLASS                  = NULL|MM_STANDALONE\r
+  CONSTRUCTOR                    = VarCheckPolicyLibStandaloneConstructor\r
+\r
+\r
+[Sources]\r
+  VarCheckPolicyLib.c\r
+  VarCheckPolicyLibStandaloneMm.c\r
+  VarCheckPolicyLib.h\r
+\r
+\r
+[Packages]\r
+  MdePkg/MdePkg.dec\r
+  MdeModulePkg/MdeModulePkg.dec\r
+  StandaloneMmPkg/StandaloneMmPkg.dec\r
+\r
+\r
+[LibraryClasses]\r
+  BaseLib\r
+  DebugLib\r
+  BaseMemoryLib\r
+  MemLib\r
+  MemoryAllocationLib\r
+  VarCheckLib\r
+  VariablePolicyLib\r
+  VariablePolicyHelperLib\r
+  SafeIntLib\r
+  MmServicesTableLib\r
+\r
+[Guids]\r
+  gVarCheckPolicyLibMmiHandlerGuid        ## CONSUME ## Used to register for MM Communication events.\r

diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibTraditional.c b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibTraditional.c
new file mode 100644 (file)
index 0000000..f404aaa
--- /dev/null
+++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibTraditional.c
@@ -0,0 +1,50 @@
+/** @file -- VarCheckPolicyLibTraditional.c\r
+This is an instance of a VarCheck lib constructor for traditional SMM.\r
+\r
+Copyright (c) Microsoft Corporation. All rights reserved.\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#include <Library/SmmMemLib.h>\r
+\r
+#include "VarCheckPolicyLib.h"\r
+\r
+/**\r
+  Traditional constructor function of VarCheckPolicyLib to invoke common\r
+  constructor routine.\r
+\r
+  @param[in] ImageHandle    The firmware allocated handle for the EFI image.\r
+  @param[in] SystemTable    A pointer to the EFI System Table.\r
+\r
+  @retval EFI_SUCCESS       The constructor executed correctly.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+VarCheckPolicyLibTraditionalConstructor (\r
+  IN EFI_HANDLE             ImageHandle,\r
+  IN EFI_SYSTEM_TABLE       *SystemTable\r
+  )\r
+{\r
+  return VarCheckPolicyLibCommonConstructor ();\r
+}\r
+\r
+/**\r
+  This function is wrapper function to validate the buffer.\r
+\r
+  @param Buffer  The buffer start address to be checked.\r
+  @param Length  The buffer length to be checked.\r
+\r
+  @retval TRUE  This buffer is valid per processor architecture and not overlap with SMRAM.\r
+  @retval FALSE This buffer is not valid per processor architecture or overlap with SMRAM.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+VarCheckPolicyIsBufferOutsideValid (\r
+  IN EFI_PHYSICAL_ADDRESS  Buffer,\r
+  IN UINT64                Length\r
+  )\r
+{\r
+  return SmmIsBufferOutsideSmmValid (Buffer, Length);\r
+}\r

diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc
index 90165ca443bfc9953aead7315374c4884f90d65d..6d4e361afd51a005ce7ec30fa272d170f9337f3f 100644 (file)
--- a/MdeModulePkg/MdeModulePkg.dsc
+++ b/MdeModulePkg/MdeModulePkg.dsc
@@ -314,6 +314,7 @@
   MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf\r
   MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf\r
   MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf\r
+  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.inf\r
   MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf\r
   MdeModulePkg/Library/VarCheckHiiLib/VarCheckHiiLib.inf\r
   MdeModulePkg/Library/VarCheckPcdLib/VarCheckPcdLib.inf\r