From 50e6bb98ee64af225e152660db2fa5d8711f359a Mon Sep 17 00:00:00 2001 From: Eric Dong Date: Wed, 3 May 2017 09:22:26 +0800 Subject: [PATCH] SecurityPkg OpalPasswordSmm: Consume SmmIoLib. Update code to consume SmmIoLib to check Mmio validation. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong Reviewed-by: Jiewen Yao --- .../Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c | 30 +---------- .../Opal/OpalPasswordSmm/OpalPasswordSmm.c | 51 ------------------- .../Opal/OpalPasswordSmm/OpalPasswordSmm.h | 3 +- .../Opal/OpalPasswordSmm/OpalPasswordSmm.inf | 2 +- 4 files changed, 3 insertions(+), 83 deletions(-) diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c index 33f77bd8a2..e38acfd052 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c @@ -1022,34 +1022,6 @@ GetAhciBarSize ( return Size; } -/** - This function check if the memory region is in GCD MMIO region. - - @param Addr The memory region start address to be checked. - @param Size The memory region length to be checked. - - @retval TRUE This memory region is in GCD MMIO region. - @retval FALSE This memory region is not in GCD MMIO region. -**/ -BOOLEAN -EFIAPI -OpalIsValidMmioSpace ( - IN EFI_PHYSICAL_ADDRESS Addr, - IN UINTN Size - ) -{ - UINTN Index; - EFI_GCD_MEMORY_SPACE_DESCRIPTOR *Desc; - - for (Index = 0; Index < mNumberOfDescriptors; Index ++) { - Desc = &mGcdMemSpace[Index]; - if ((Desc->GcdMemoryType == EfiGcdMemoryTypeMemoryMappedIo) && (Addr >= Desc->BaseAddress) && ((Addr + Size) <= (Desc->BaseAddress + Desc->Length))) { - return TRUE; - } - } - - return FALSE; -} /** Get AHCI mode base address registers' Value. @@ -1083,7 +1055,7 @@ GetAhciBaseAddress ( // // Check if the AHCI Bar region is in SMRAM to avoid malicious attack by modifying MMIO Bar to point to SMRAM. // - if (!OpalIsValidMmioSpace ((EFI_PHYSICAL_ADDRESS)mAhciBar, Size)) { + if (!SmmIsMmioValid ((EFI_PHYSICAL_ADDRESS)mAhciBar, Size, NULL)) { return EFI_UNSUPPORTED; } diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c index 2f2a1d9c13..0ea92b15c0 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c @@ -61,9 +61,6 @@ VOID *mBuffer = NULL; // DMA can not read/write Data to smram, s // NVME NVME_CONTEXT mNvmeContext; -EFI_GCD_MEMORY_SPACE_DESCRIPTOR *mGcdMemSpace = NULL; -UINTN mNumberOfDescriptors = 0; - /** Add new bridge node or nvme device info to the device list. @@ -647,44 +644,6 @@ S3SleepEntryCallBack ( return Status; } -/** - OpalPassword Notification for SMM EndOfDxe protocol. - - @param[in] Protocol Points to the protocol's unique identifier. - @param[in] Interface Points to the interface instance. - @param[in] Handle The handle on which the interface was installed. - - @retval EFI_SUCCESS Notification runs successfully. -**/ -EFI_STATUS -EFIAPI -OpalPasswordEndOfDxeNotification ( - IN CONST EFI_GUID *Protocol, - IN VOID *Interface, - IN EFI_HANDLE Handle - ) -{ - UINTN NumberOfDescriptors; - EFI_GCD_MEMORY_SPACE_DESCRIPTOR *MemSpaceMap; - EFI_STATUS Status; - - Status = gDS->GetMemorySpaceMap (&NumberOfDescriptors, &MemSpaceMap); - if (EFI_ERROR (Status)) { - return Status; - } - - mGcdMemSpace = AllocateCopyPool (NumberOfDescriptors * sizeof (EFI_GCD_MEMORY_SPACE_DESCRIPTOR), MemSpaceMap); - if (EFI_ERROR (Status)) { - gBS->FreePool (MemSpaceMap); - return Status; - } - - mNumberOfDescriptors = NumberOfDescriptors; - gBS->FreePool (MemSpaceMap); - - return EFI_SUCCESS; -} - /** Main entry for this driver. @@ -711,7 +670,6 @@ OpalPasswordSmmInit ( EFI_SMM_VARIABLE_PROTOCOL *SmmVariable; OPAL_EXTRA_INFO_VAR OpalExtraInfo; UINTN DataSize; - EFI_EVENT EndOfDxeEvent; EFI_PHYSICAL_ADDRESS Address; mBuffer = NULL; @@ -820,15 +778,6 @@ OpalPasswordSmmInit ( // mSwSmiValue = (UINT8) Context.SwSmiInputValue; - // - // Create event to record GCD descriptors at end of dxe for judging AHCI/NVMe PCI Bar - // is in MMIO space to avoid attack. - // - Status = gSmst->SmmRegisterProtocolNotify (&gEfiSmmEndOfDxeProtocolGuid, OpalPasswordEndOfDxeNotification, &EndOfDxeEvent); - if (EFI_ERROR (Status)) { - DEBUG((DEBUG_ERROR, "OpalPasswordSmm: Register SmmEndOfDxe fail, Status: %r\n", Status)); - goto EXIT; - } Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&SmmVariable); if (!EFI_ERROR (Status)) { DataSize = sizeof (OPAL_EXTRA_INFO_VAR); diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h index ab31a6bfe7..ce88786fab 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h @@ -45,6 +45,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include #include +#include #include @@ -70,8 +71,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. extern VOID *mBuffer; -extern EFI_GCD_MEMORY_SPACE_DESCRIPTOR *mGcdMemSpace; -extern UINTN mNumberOfDescriptors; #pragma pack(1) typedef struct { diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf index cab0fd5656..c62fa13271 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf @@ -58,6 +58,7 @@ DxeServicesTableLib DevicePathLib OpalPasswordSupportLib + SmmIoLib [Guids] gOpalExtraInfoVariableGuid ## CONSUMES ## GUID @@ -69,7 +70,6 @@ gEfiSmmSxDispatch2ProtocolGuid ## CONSUMES gEfiSmmVariableProtocolGuid ## CONSUMES gEfiStorageSecurityCommandProtocolGuid ## CONSUMES - gEfiSmmEndOfDxeProtocolGuid ## CONSUMES [Depex] gEfiSmmSwDispatch2ProtocolGuid AND -- 2.39.2