From 9622df63df976e2f58eadd65c3cc1c4d30767ea8 Mon Sep 17 00:00:00 2001 From: lzeng14 Date: Fri, 30 Mar 2012 07:19:44 +0000 Subject: [PATCH] If setting variable in Runtime and there has been a same GUID and name variable existed in system without RT attribute, return EFI_WRITE_PROTECTED. Signed-off-by: lzeng14 Reviewed-by: tye git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13156 6f19259b-4bc3-4df7-8a09-765794883524 --- .../Universal/Variable/RuntimeDxe/Variable.c | 42 ++++++++++++------- .../RuntimeDxe/Variable.c | 20 +++++---- .../RuntimeDxe/Variable.h | 11 ++--- 3 files changed, 45 insertions(+), 28 deletions(-) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c index 5aa6e3273d..94ec660c04 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c @@ -3,7 +3,7 @@ The common variable operation routines shared by DXE_RINTIME variable module and DXE_SMM variable module. -Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -718,6 +718,8 @@ Reclaim ( @param VariableName Name of the variable to be found @param VendorGuid Vendor GUID to be found. + @param IgnoreRtCheck Ignore EFI_VARIABLE_RUNTIME_ACCESS attribute + check at runtime when searching variable. @param PtrTrack Variable Track Pointer structure that contains Variable Information. @retval EFI_SUCCESS Variable found successfully @@ -727,6 +729,7 @@ EFI_STATUS FindVariableEx ( IN CHAR16 *VariableName, IN EFI_GUID *VendorGuid, + IN BOOLEAN IgnoreRtCheck, IN OUT VARIABLE_POINTER_TRACK *PtrTrack ) { @@ -745,7 +748,7 @@ FindVariableEx ( if (PtrTrack->CurrPtr->State == VAR_ADDED || PtrTrack->CurrPtr->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED) ) { - if (!AtRuntime () || ((PtrTrack->CurrPtr->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) != 0)) { + if (IgnoreRtCheck || !AtRuntime () || ((PtrTrack->CurrPtr->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) != 0)) { if (VariableName[0] == 0) { if (PtrTrack->CurrPtr->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) { InDeletedVariable = PtrTrack->CurrPtr; @@ -781,7 +784,9 @@ FindVariableEx ( This code finds variable in storage blocks of volatile and non-volatile storage areas. If VariableName is an empty string, then we just return the first qualified variable without comparing VariableName and VendorGuid. - Otherwise, VariableName and VendorGuid are compared. + If IgnoreRtCheck is TRUE, then we ignore the EFI_VARIABLE_RUNTIME_ACCESS attribute check + at runtime when searching existing variable, only VariableName and VendorGuid are compared. + Otherwise, variables without EFI_VARIABLE_RUNTIME_ACCESS are not visible at runtime. @param VariableName Name of the variable to be found. @param VendorGuid Vendor GUID to be found. @@ -790,6 +795,8 @@ FindVariableEx ( @param Global Pointer to VARIABLE_GLOBAL structure, including base of volatile variable storage area, base of NV variable storage area, and a lock. + @param IgnoreRtCheck Ignore EFI_VARIABLE_RUNTIME_ACCESS attribute + check at runtime when searching variable. @retval EFI_INVALID_PARAMETER If VariableName is not an empty string, while VendorGuid is NULL. @@ -802,7 +809,8 @@ FindVariable ( IN CHAR16 *VariableName, IN EFI_GUID *VendorGuid, OUT VARIABLE_POINTER_TRACK *PtrTrack, - IN VARIABLE_GLOBAL *Global + IN VARIABLE_GLOBAL *Global, + IN BOOLEAN IgnoreRtCheck ) { EFI_STATUS Status; @@ -834,7 +842,7 @@ FindVariable ( PtrTrack->EndPtr = GetEndPointer (VariableStoreHeader[Type]); PtrTrack->Volatile = (BOOLEAN) (Type == VariableStoreTypeVolatile); - Status = FindVariableEx (VariableName, VendorGuid, PtrTrack); + Status = FindVariableEx (VariableName, VendorGuid, IgnoreRtCheck, PtrTrack); if (!EFI_ERROR (Status)) { return Status; } @@ -1234,7 +1242,7 @@ AutoUpdateLangVariable ( // Update Lang if PlatformLang is already set // Update PlatformLang if Lang is already set // - Status = FindVariable (L"PlatformLang", &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal); + Status = FindVariable (L"PlatformLang", &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE); if (!EFI_ERROR (Status)) { // // Update Lang @@ -1243,7 +1251,7 @@ AutoUpdateLangVariable ( Data = GetVariableDataPtr (Variable.CurrPtr); DataSize = Variable.CurrPtr->DataSize; } else { - Status = FindVariable (L"Lang", &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal); + Status = FindVariable (L"Lang", &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE); if (!EFI_ERROR (Status)) { // // Update PlatformLang @@ -1288,7 +1296,7 @@ AutoUpdateLangVariable ( // // Successfully convert PlatformLang to Lang, and set the BestLang value into Lang variable simultaneously. // - FindVariable (L"Lang", &gEfiGlobalVariableGuid, &Variable, (VARIABLE_GLOBAL *)mVariableModuleGlobal); + FindVariable (L"Lang", &gEfiGlobalVariableGuid, &Variable, (VARIABLE_GLOBAL *)mVariableModuleGlobal, FALSE); Status = UpdateVariable (L"Lang", &gEfiGlobalVariableGuid, BestLang, ISO_639_2_ENTRY_SIZE + 1, Attributes, &Variable); @@ -1322,7 +1330,7 @@ AutoUpdateLangVariable ( // // Successfully convert Lang to PlatformLang, and set the BestPlatformLang value into PlatformLang variable simultaneously. // - FindVariable (L"PlatformLang", &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal); + FindVariable (L"PlatformLang", &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE); Status = UpdateVariable (L"PlatformLang", &gEfiGlobalVariableGuid, BestPlatformLang, AsciiStrSize (BestPlatformLang), Attributes, &Variable); @@ -1418,9 +1426,9 @@ UpdateVariable ( goto Done; } // - // Only variable that have NV attributes can be updated/deleted in Runtime. + // Only variable that have NV|RT attributes can be updated/deleted in Runtime. // - if ((Variable->CurrPtr->Attributes & EFI_VARIABLE_NON_VOLATILE) == 0) { + if (((Variable->CurrPtr->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) == 0) || ((Variable->CurrPtr->Attributes & EFI_VARIABLE_NON_VOLATILE) == 0)) { Status = EFI_INVALID_PARAMETER; goto Done; } @@ -1789,7 +1797,7 @@ VariableServiceGetVariable ( AcquireLockOnlyAtBootTime(&mVariableModuleGlobal->VariableGlobal.VariableServicesLock); - Status = FindVariable (VariableName, VendorGuid, &Variable, &mVariableModuleGlobal->VariableGlobal); + Status = FindVariable (VariableName, VendorGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE); if (Variable.CurrPtr == NULL || EFI_ERROR (Status)) { goto Done; } @@ -1864,7 +1872,7 @@ VariableServiceGetNextVariableName ( AcquireLockOnlyAtBootTime(&mVariableModuleGlobal->VariableGlobal.VariableServicesLock); - Status = FindVariable (VariableName, VendorGuid, &Variable, &mVariableModuleGlobal->VariableGlobal); + Status = FindVariable (VariableName, VendorGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE); if (Variable.CurrPtr == NULL || EFI_ERROR (Status)) { goto Done; } @@ -1941,6 +1949,7 @@ VariableServiceGetNextVariableName ( Status = FindVariableEx ( GetVariableNamePtr (Variable.CurrPtr), &Variable.CurrPtr->VendorGuid, + FALSE, &VariableInHob ); if (!EFI_ERROR (Status)) { @@ -2079,7 +2088,12 @@ VariableServiceSetVariable ( // // Check whether the input variable is already existed. // - FindVariable (VariableName, VendorGuid, &Variable, &mVariableModuleGlobal->VariableGlobal); + Status = FindVariable (VariableName, VendorGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, TRUE); + if (!EFI_ERROR (Status)) { + if (((Variable.CurrPtr->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) == 0) && AtRuntime ()) { + return EFI_WRITE_PROTECTED; + } + } // // Hook the operation of setting PlatformLangCodes/PlatformLang and LangCodes/Lang. diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c index 22ded16819..4c88eb6ff6 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c @@ -720,7 +720,8 @@ Reclaim ( @param[in] VariableName Name of the variable to be found @param[in] VendorGuid Vendor GUID to be found. - @param[in] IgnoreRtAttribute Ignore RUNTIME_ACCESS attribute when searching variable. + @param[in] IgnoreRtCheck Ignore EFI_VARIABLE_RUNTIME_ACCESS attribute + check at runtime when searching variable. @param[in, out] PtrTrack Variable Track Pointer structure that contains Variable Information. @retval EFI_SUCCESS Variable found successfully @@ -730,7 +731,7 @@ EFI_STATUS FindVariableEx ( IN CHAR16 *VariableName, IN EFI_GUID *VendorGuid, - IN BOOLEAN IgnoreRtAttribute, + IN BOOLEAN IgnoreRtCheck, IN OUT VARIABLE_POINTER_TRACK *PtrTrack ) { @@ -749,7 +750,7 @@ FindVariableEx ( if (PtrTrack->CurrPtr->State == VAR_ADDED || PtrTrack->CurrPtr->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED) ) { - if (IgnoreRtAttribute || !AtRuntime () || ((PtrTrack->CurrPtr->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) != 0)) { + if (IgnoreRtCheck || !AtRuntime () || ((PtrTrack->CurrPtr->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) != 0)) { if (VariableName[0] == 0) { if (PtrTrack->CurrPtr->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) { InDeletedVariable = PtrTrack->CurrPtr; @@ -785,9 +786,9 @@ FindVariableEx ( This code finds variable in storage blocks of volatile and non-volatile storage areas. If VariableName is an empty string, then we just return the first qualified variable without comparing VariableName and VendorGuid. - If IgnoreRtAttribute is TRUE, then we ignore the EFI_VARIABLE_RUNTIME_ACCESS Attribute - when searching existing variable, only VariableName and VendorGuid are compared. - Otherwise, variables with EFI_VARIABLE_RUNTIME_ACCESS are not visible at runtime. + If IgnoreRtCheck is TRUE, then we ignore the EFI_VARIABLE_RUNTIME_ACCESS attribute check + at runtime when searching existing variable, only VariableName and VendorGuid are compared. + Otherwise, variables without EFI_VARIABLE_RUNTIME_ACCESS are not visible at runtime. @param[in] VariableName Name of the variable to be found. @param[in] VendorGuid Vendor GUID to be found. @@ -796,7 +797,8 @@ FindVariableEx ( @param[in] Global Pointer to VARIABLE_GLOBAL structure, including base of volatile variable storage area, base of NV variable storage area, and a lock. - @param[in] IgnoreRtAttribute Ignore RUNTIME_ACCESS attribute when searching variable. + @param[in] IgnoreRtCheck Ignore EFI_VARIABLE_RUNTIME_ACCESS attribute + check at runtime when searching variable. @retval EFI_INVALID_PARAMETER If VariableName is not an empty string, while VendorGuid is NULL. @@ -810,7 +812,7 @@ FindVariable ( IN EFI_GUID *VendorGuid, OUT VARIABLE_POINTER_TRACK *PtrTrack, IN VARIABLE_GLOBAL *Global, - IN BOOLEAN IgnoreRtAttribute + IN BOOLEAN IgnoreRtCheck ) { EFI_STATUS Status; @@ -842,7 +844,7 @@ FindVariable ( PtrTrack->EndPtr = GetEndPointer (VariableStoreHeader[Type]); PtrTrack->Volatile = (BOOLEAN) (Type == VariableStoreTypeVolatile); - Status = FindVariableEx (VariableName, VendorGuid, IgnoreRtAttribute, PtrTrack); + Status = FindVariableEx (VariableName, VendorGuid, IgnoreRtCheck, PtrTrack); if (!EFI_ERROR (Status)) { return Status; } diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h index d58203739f..be3e632a2a 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h @@ -120,9 +120,9 @@ FtwVariableSpace ( This code finds variable in storage blocks of volatile and non-volatile storage areas. If VariableName is an empty string, then we just return the first qualified variable without comparing VariableName and VendorGuid. - If IgnoreRtAttribute is TRUE, then we ignore the EFI_VARIABLE_RUNTIME_ACCESS Attribute - when searching existing variable, only VariableName and VendorGuid are compared. - Otherwise, variables with EFI_VARIABLE_RUNTIME_ACCESS are not visible at runtime. + If IgnoreRtCheck is TRUE, then we ignore the EFI_VARIABLE_RUNTIME_ACCESS attribute check + at runtime when searching existing variable, only VariableName and VendorGuid are compared. + Otherwise, variables without EFI_VARIABLE_RUNTIME_ACCESS are not visible at runtime. @param[in] VariableName Name of the variable to be found. @param[in] VendorGuid Vendor GUID to be found. @@ -131,7 +131,8 @@ FtwVariableSpace ( @param[in] Global Pointer to VARIABLE_GLOBAL structure, including base of volatile variable storage area, base of NV variable storage area, and a lock. - @param[in] IgnoreRtAttribute Ignore RUNTIME_ACCESS attribute when searching variable. + @param[in] IgnoreRtCheck Ignore EFI_VARIABLE_RUNTIME_ACCESS attribute + check at runtime when searching variable. @retval EFI_INVALID_PARAMETER If VariableName is not an empty string, while VendorGuid is NULL. @@ -145,7 +146,7 @@ FindVariable ( IN EFI_GUID *VendorGuid, OUT VARIABLE_POINTER_TRACK *PtrTrack, IN VARIABLE_GLOBAL *Global, - IN BOOLEAN IgnoreRtAttribute + IN BOOLEAN IgnoreRtCheck ); /** -- 2.39.2