From e2747dbb5a44f4a463ecc6dd0f7fd113ee57bd67 Mon Sep 17 00:00:00 2001 From: Masahisa Kojima Date: Mon, 21 Dec 2020 14:17:34 +0800 Subject: [PATCH] MdeModulePkg/VarCheckPolicyLib: implement standalone MM version This commit adds the VarCheckPolicyLib that will be able to execute in the context of standalone MM. Signed-off-by: Masahisa Kojima Co-authored-by: Kun Qin Cc: Jian J Wang Cc: Hao A Wu Cc: Liming Gao Cc: Ard Biesheuvel Cc: Sami Mujawar Cc: Jiewen Yao Cc: Supreeth Venkatesh Cc: Bret Barkelew Reviewed-by: Liming Gao --- .../VarCheckPolicyLib/VarCheckPolicyLib.c | 14 +++--- .../VarCheckPolicyLib/VarCheckPolicyLib.h | 42 ++++++++++++++++ .../VarCheckPolicyLib/VarCheckPolicyLib.inf | 5 +- .../VarCheckPolicyLibStandaloneMm.c | 50 +++++++++++++++++++ .../VarCheckPolicyLibStandaloneMm.inf | 47 +++++++++++++++++ .../VarCheckPolicyLibTraditional.c | 50 +++++++++++++++++++ MdeModulePkg/MdeModulePkg.dsc | 1 + 7 files changed, 199 insertions(+), 10 deletions(-) create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.h create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.c create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.inf create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibTraditional.c diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c index 257aa95913..14e1904e96 100644 --- a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c +++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c @@ -12,7 +12,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include -#include #include #include @@ -23,6 +22,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include +#include "VarCheckPolicyLib.h" + //================================================ // As a VarCheck library, we're linked into the VariableServices // and may not be able to call them indirectly. To get around this, @@ -102,7 +103,8 @@ VarCheckPolicyLibMmiHandler ( // Make sure that the buffer does not overlap SMM. // This should be covered by the SmiManage infrastructure, but just to be safe... InternalCommBufferSize = *CommBufferSize; - if (InternalCommBufferSize > VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE || !SmmIsBufferOutsideSmmValid((UINTN)CommBuffer, (UINT64)InternalCommBufferSize)) { + if (InternalCommBufferSize > VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE || + !VarCheckPolicyIsBufferOutsideValid((UINTN)CommBuffer, (UINT64)InternalCommBufferSize)) { DEBUG ((DEBUG_ERROR, "%a - Invalid CommBuffer supplied! 0x%016lX[0x%016lX]\n", __FUNCTION__, CommBuffer, InternalCommBufferSize)); return EFI_INVALID_PARAMETER; } @@ -305,17 +307,13 @@ VarCheckPolicyLibMmiHandler ( Constructor function of VarCheckPolicyLib to register VarCheck handler and SW MMI handlers. - @param[in] ImageHandle The firmware allocated handle for the EFI image. - @param[in] SystemTable A pointer to the EFI System Table. - @retval EFI_SUCCESS The constructor executed correctly. **/ EFI_STATUS EFIAPI -VarCheckPolicyLibConstructor ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable +VarCheckPolicyLibCommonConstructor ( + VOID ) { EFI_STATUS Status; diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.h b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.h new file mode 100644 index 0000000000..2226c8a19f --- /dev/null +++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.h @@ -0,0 +1,42 @@ +/** @file -- VarCheckPolicyLib.h +This internal header file defines the common interface of constructor for +VarCheckPolicyLib. + +Copyright (c) Microsoft Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _VAR_CHECK_POLICY_LIB_H_ +#define _VAR_CHECK_POLICY_LIB_H_ + +/** + Common constructor function of VarCheckPolicyLib to register VarCheck handler + and SW MMI handlers. + + @retval EFI_SUCCESS The constructor executed correctly. + +**/ +EFI_STATUS +EFIAPI +VarCheckPolicyLibCommonConstructor ( + VOID + ); + +/** + This function is wrapper function to validate the buffer. + + @param Buffer The buffer start address to be checked. + @param Length The buffer length to be checked. + + @retval TRUE This buffer is valid per processor architecture and not overlap with SMRAM/MMRAM. + @retval FALSE This buffer is not valid per processor architecture or overlap with SMRAM/MMRAM. +**/ +BOOLEAN +EFIAPI +VarCheckPolicyIsBufferOutsideValid ( + IN EFI_PHYSICAL_ADDRESS Buffer, + IN UINT64 Length + ); + +#endif // _VAR_CHECK_POLICY_LIB_H_ diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf index 077bcc8990..9af436d25f 100644 --- a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf +++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf @@ -13,11 +13,13 @@ MODULE_TYPE = DXE_RUNTIME_DRIVER VERSION_STRING = 1.0 LIBRARY_CLASS = NULL|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER - CONSTRUCTOR = VarCheckPolicyLibConstructor + CONSTRUCTOR = VarCheckPolicyLibTraditionalConstructor [Sources] VarCheckPolicyLib.c + VarCheckPolicyLibTraditional.c + VarCheckPolicyLib.h [Packages] @@ -29,7 +31,6 @@ BaseLib DebugLib BaseMemoryLib - DxeServicesLib MemoryAllocationLib VarCheckLib VariablePolicyLib diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.c b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.c new file mode 100644 index 0000000000..b283ced9d4 --- /dev/null +++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.c @@ -0,0 +1,50 @@ +/** @file -- VarCheckPolicyLibStandaloneMm.c +This is an instance of a VarCheck lib constructor for Standalone MM. + +Copyright (c) Microsoft Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include "VarCheckPolicyLib.h" + +/** + Standalone MM constructor function of VarCheckPolicyLib to invoke common + constructor routine. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The constructor executed correctly. + +**/ +EFI_STATUS +EFIAPI +VarCheckPolicyLibStandaloneConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_MM_SYSTEM_TABLE *SystemTable + ) +{ + return VarCheckPolicyLibCommonConstructor (); +} + +/** + This function is wrapper function to validate the buffer. + + @param Buffer The buffer start address to be checked. + @param Length The buffer length to be checked. + + @retval TRUE This buffer is valid per processor architectureand not overlap with MMRAM. + @retval FALSE This buffer is not valid per processor architecture or overlap with MMRAM. +**/ +BOOLEAN +EFIAPI +VarCheckPolicyIsBufferOutsideValid ( + IN EFI_PHYSICAL_ADDRESS Buffer, + IN UINT64 Length + ) +{ + return MmIsBufferOutsideMmValid (Buffer, Length); +} diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.inf b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.inf new file mode 100644 index 0000000000..d8d7ae52f8 --- /dev/null +++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.inf @@ -0,0 +1,47 @@ +## @file VarCheckPolicyLibStandaloneMm.inf +# This is an instance of a VarCheck lib that leverages the business logic behind +# the VariablePolicy code to make its decisions. +# +# +# Copyright (c) Microsoft Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = VarCheckPolicyLibStandaloneMm + FILE_GUID = 44B09E3D-5EDA-4673-ABCF-C8AE4560C8EC + MODULE_TYPE = MM_STANDALONE + PI_SPECIFICATION_VERSION = 0x00010032 + VERSION_STRING = 1.0 + LIBRARY_CLASS = NULL|MM_STANDALONE + CONSTRUCTOR = VarCheckPolicyLibStandaloneConstructor + + +[Sources] + VarCheckPolicyLib.c + VarCheckPolicyLibStandaloneMm.c + VarCheckPolicyLib.h + + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + StandaloneMmPkg/StandaloneMmPkg.dec + + +[LibraryClasses] + BaseLib + DebugLib + BaseMemoryLib + MemLib + MemoryAllocationLib + VarCheckLib + VariablePolicyLib + VariablePolicyHelperLib + SafeIntLib + MmServicesTableLib + +[Guids] + gVarCheckPolicyLibMmiHandlerGuid ## CONSUME ## Used to register for MM Communication events. diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibTraditional.c b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibTraditional.c new file mode 100644 index 0000000000..f404aaaa47 --- /dev/null +++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibTraditional.c @@ -0,0 +1,50 @@ +/** @file -- VarCheckPolicyLibTraditional.c +This is an instance of a VarCheck lib constructor for traditional SMM. + +Copyright (c) Microsoft Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include "VarCheckPolicyLib.h" + +/** + Traditional constructor function of VarCheckPolicyLib to invoke common + constructor routine. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The constructor executed correctly. + +**/ +EFI_STATUS +EFIAPI +VarCheckPolicyLibTraditionalConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + return VarCheckPolicyLibCommonConstructor (); +} + +/** + This function is wrapper function to validate the buffer. + + @param Buffer The buffer start address to be checked. + @param Length The buffer length to be checked. + + @retval TRUE This buffer is valid per processor architecture and not overlap with SMRAM. + @retval FALSE This buffer is not valid per processor architecture or overlap with SMRAM. +**/ +BOOLEAN +EFIAPI +VarCheckPolicyIsBufferOutsideValid ( + IN EFI_PHYSICAL_ADDRESS Buffer, + IN UINT64 Length + ) +{ + return SmmIsBufferOutsideSmmValid (Buffer, Length); +} diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc index 90165ca443..6d4e361afd 100644 --- a/MdeModulePkg/MdeModulePkg.dsc +++ b/MdeModulePkg/MdeModulePkg.dsc @@ -314,6 +314,7 @@ MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf + MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.inf MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf MdeModulePkg/Library/VarCheckHiiLib/VarCheckHiiLib.inf MdeModulePkg/Library/VarCheckPcdLib/VarCheckPcdLib.inf -- 2.39.2