From e0d42561a832b0753e6f8575e985c6e885783072 Mon Sep 17 00:00:00 2001 From: Shifei Lu Date: Tue, 23 Jun 2015 07:22:23 +0000 Subject: [PATCH] Fixed potential security issue introduced by SmramCpuNvs variable. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Shifei Lu Reviewed-by: David Wei git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17683 6f19259b-4bc3-4df7-8a09-765794883524 --- Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc | 3 +++ Vlv2TbltDevicePkg/PlatformPkgIA32.dsc | 3 +++ Vlv2TbltDevicePkg/PlatformPkgX64.dsc | 3 +++ .../SmramSaveInfoHandlerSmm.c | 23 ++++--------------- .../SmramSaveInfoHandlerSmm.inf | 8 ++++++- 5 files changed, 21 insertions(+), 19 deletions(-) diff --git a/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc b/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc index 7daf86cbb1..b3f47ddfd5 100644 --- a/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc +++ b/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc @@ -872,6 +872,9 @@ gEfiCpuTokenSpaceGuid.PcdCpuHotPlugDataAddress|0 gEfiCpuTokenSpaceGuid.PcdCpuCallbackSignal|0 gEfiCpuTokenSpaceGuid.PcdCpuConfigContextBuffer|0 + gEfiVLVTokenSpaceGuid.PcdCpuLockBoxDataAddress|0 + gEfiVLVTokenSpaceGuid.PcdCpuSmramCpuDataAddress|0 + gEfiVLVTokenSpaceGuid.PcdCpuLockBoxSize|0 [Components.IA32] diff --git a/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc b/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc index f582abb5e5..90ead2e79d 100644 --- a/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc +++ b/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc @@ -874,6 +874,9 @@ gEfiCpuTokenSpaceGuid.PcdCpuHotPlugDataAddress|0 gEfiCpuTokenSpaceGuid.PcdCpuCallbackSignal|0 gEfiCpuTokenSpaceGuid.PcdCpuConfigContextBuffer|0 + gEfiVLVTokenSpaceGuid.PcdCpuLockBoxDataAddress|0 + gEfiVLVTokenSpaceGuid.PcdCpuSmramCpuDataAddress|0 + gEfiVLVTokenSpaceGuid.PcdCpuLockBoxSize|0 [Components.IA32] diff --git a/Vlv2TbltDevicePkg/PlatformPkgX64.dsc b/Vlv2TbltDevicePkg/PlatformPkgX64.dsc index c5777eddfb..344bbc9a48 100644 --- a/Vlv2TbltDevicePkg/PlatformPkgX64.dsc +++ b/Vlv2TbltDevicePkg/PlatformPkgX64.dsc @@ -871,6 +871,9 @@ gEfiCpuTokenSpaceGuid.PcdCpuHotPlugDataAddress|0 gEfiCpuTokenSpaceGuid.PcdCpuCallbackSignal|0 gEfiCpuTokenSpaceGuid.PcdCpuConfigContextBuffer|0 + gEfiVLVTokenSpaceGuid.PcdCpuLockBoxDataAddress|0 + gEfiVLVTokenSpaceGuid.PcdCpuSmramCpuDataAddress|0 + gEfiVLVTokenSpaceGuid.PcdCpuLockBoxSize|0 [Components.IA32] diff --git a/Vlv2TbltDevicePkg/SmramSaveInfoHandlerSmm/SmramSaveInfoHandlerSmm.c b/Vlv2TbltDevicePkg/SmramSaveInfoHandlerSmm/SmramSaveInfoHandlerSmm.c index a48de262db..790c10c329 100644 --- a/Vlv2TbltDevicePkg/SmramSaveInfoHandlerSmm/SmramSaveInfoHandlerSmm.c +++ b/Vlv2TbltDevicePkg/SmramSaveInfoHandlerSmm/SmramSaveInfoHandlerSmm.c @@ -3,7 +3,7 @@ This driver is for ECP platforms. - Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.
+ Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License that accompanies this distribution. @@ -27,6 +27,7 @@ #include #include #include +#include #define SMM_FROM_SMBASE_DRIVER 0x55 #define SMM_FROM_CPU_DRIVER_SAVE_INFO 0x81 @@ -61,29 +62,15 @@ SmramSaveInfoHandler ( IN EFI_SMM_SW_DISPATCH_CONTEXT *DispatchContext ) { - EFI_STATUS Status; - UINT64 VarData[3]; - UINTN VarSize; - ASSERT (DispatchContext != NULL); ASSERT (DispatchContext->SwSmiInputValue == SMM_FROM_SMBASE_DRIVER); if (!mLocked && IoRead8 (mSmiDataRegister) == SMM_FROM_CPU_DRIVER_SAVE_INFO) { - VarSize = sizeof (VarData); - Status = gRT->GetVariable ( - L"SmramCpuNvs", - &mSmramCpuNvsHeaderGuid, - NULL, - &VarSize, - VarData - ); - if (!EFI_ERROR (Status) && VarSize == sizeof (VarData)) { CopyMem ( - (VOID *)(UINTN)(VarData[0]), - (VOID *)(UINTN)(VarData[1]), - (UINTN)(VarData[2]) + (VOID *)(UINTN)(PcdGetEx64 (&gEfiVLVTokenSpaceGuid, PcdCpuLockBoxDataAddress)), + (VOID *)(UINTN)(PcdGetEx64 (&gEfiVLVTokenSpaceGuid, PcdCpuSmramCpuDataAddress)), + (UINTN)(PcdGetEx64 (&gEfiVLVTokenSpaceGuid, PcdCpuLockBoxSize)) ); - } } } diff --git a/Vlv2TbltDevicePkg/SmramSaveInfoHandlerSmm/SmramSaveInfoHandlerSmm.inf b/Vlv2TbltDevicePkg/SmramSaveInfoHandlerSmm/SmramSaveInfoHandlerSmm.inf index 82eec0152b..1d19b78e20 100644 --- a/Vlv2TbltDevicePkg/SmramSaveInfoHandlerSmm/SmramSaveInfoHandlerSmm.inf +++ b/Vlv2TbltDevicePkg/SmramSaveInfoHandlerSmm/SmramSaveInfoHandlerSmm.inf @@ -2,7 +2,7 @@ # # A helper driver to save information to SMRAM after SMRR is enabled. # -# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.
+# Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
# # This program and the accompanying materials are licensed and made available under # the terms and conditions of the BSD License that accompanies this distribution. @@ -39,6 +39,7 @@ [Packages] MdePkg/MdePkg.dec IntelFrameworkPkg/IntelFrameworkPkg.dec + Vlv2DeviceRefCodePkg/Vlv2DeviceRefCodePkg.dec [LibraryClasses] UefiDriverEntryPoint @@ -53,6 +54,11 @@ gEfiSmmControlProtocolGuid ## CONSUMED gEfiSmmReadyToLockProtocolGuid ## CONSUMED +[Pcd.common] + gEfiVLVTokenSpaceGuid.PcdCpuLockBoxDataAddress + gEfiVLVTokenSpaceGuid.PcdCpuSmramCpuDataAddress + gEfiVLVTokenSpaceGuid.PcdCpuLockBoxSize + [Depex] gEfiSmmSwDispatchProtocolGuid AND gEfiSmmControlProtocolGuid -- 2.39.2