From 9054e55a22cb7408bd57f3c3f6c85c7fab930abb Mon Sep 17 00:00:00 2001 From: "Yao, Jiewen" Date: Mon, 2 Feb 2015 14:43:28 +0000 Subject: [PATCH] Use SmmMemLib to check communication buffer. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Reviewed-by: "Gao, Liming" Reviewed-by: "Fan, Jeff" git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16695 6f19259b-4bc3-4df7-8a09-765794883524 --- SecurityPkg/SecurityPkg.dsc | 1 + .../RuntimeDxe/VariableSmm.c | 86 +------------------ .../RuntimeDxe/VariableSmm.inf | 1 + 3 files changed, 5 insertions(+), 83 deletions(-) diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 88e692bdf2..68a7326e03 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -112,6 +112,7 @@ SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAllocationLib.inf ReportStatusCodeLib|MdeModulePkg/Library/SmmReportStatusCodeLib/SmmReportStatusCodeLib.inf + SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.inf diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c index 439a4fe20d..8c80a0064f 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c @@ -33,14 +33,12 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include +#include #include #include #include "Variable.h" -EFI_SMRAM_DESCRIPTOR *mSmramRanges; -UINTN mSmramRangeCount; - extern VARIABLE_INFO_ENTRY *gVariableInfo; EFI_HANDLE mSmmVariableHandle = NULL; EFI_HANDLE mVariableHandle = NULL; @@ -137,60 +135,6 @@ AtRuntime ( return mAtRuntime; } -/** - This function check if the address is in SMRAM. - - @param Buffer the buffer address to be checked. - @param Length the buffer length to be checked. - - @retval TRUE this address is in SMRAM. - @retval FALSE this address is NOT in SMRAM. -**/ -BOOLEAN -InternalIsAddressInSmram ( - IN EFI_PHYSICAL_ADDRESS Buffer, - IN UINT64 Length - ) -{ - UINTN Index; - - for (Index = 0; Index < mSmramRangeCount; Index ++) { - if (((Buffer >= mSmramRanges[Index].CpuStart) && (Buffer < mSmramRanges[Index].CpuStart + mSmramRanges[Index].PhysicalSize)) || - ((mSmramRanges[Index].CpuStart >= Buffer) && (mSmramRanges[Index].CpuStart < Buffer + Length))) { - return TRUE; - } - } - - return FALSE; -} - -/** - This function check if the address refered by Buffer and Length is valid. - - @param Buffer the buffer address to be checked. - @param Length the buffer length to be checked. - - @retval TRUE this address is valid. - @retval FALSE this address is NOT valid. -**/ -BOOLEAN -InternalIsAddressValid ( - IN UINTN Buffer, - IN UINTN Length - ) -{ - if (Buffer > (MAX_ADDRESS - Length)) { - // - // Overflow happen - // - return FALSE; - } - if (InternalIsAddressInSmram ((EFI_PHYSICAL_ADDRESS)Buffer, (UINT64)Length)) { - return FALSE; - } - return TRUE; -} - /** Initializes a basic mutual exclusion lock. @@ -550,7 +494,7 @@ SmmVariableHandler ( return EFI_SUCCESS; } - if (!InternalIsAddressValid ((UINTN)CommBuffer, TempCommBufferSize)) { + if (!SmmIsBufferOutsideSmmValid ((UINTN)CommBuffer, TempCommBufferSize)) { DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer in SMRAM or overflow!\n")); return EFI_SUCCESS; } @@ -742,7 +686,7 @@ SmmVariableHandler ( // It is covered by previous CommBuffer check // - if (InternalIsAddressInSmram ((EFI_PHYSICAL_ADDRESS)(UINTN)CommBufferSize, sizeof(UINTN))) { + if (!SmmIsBufferOutsideSmmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)CommBufferSize, sizeof(UINTN))) { DEBUG ((EFI_D_ERROR, "GetStatistics: SMM communication buffer in SMRAM!\n")); Status = EFI_ACCESS_DENIED; goto EXIT; @@ -961,8 +905,6 @@ VariableServiceInitialize ( EFI_STATUS Status; EFI_HANDLE VariableHandle; VOID *SmmFtwRegistration; - EFI_SMM_ACCESS2_PROTOCOL *SmmAccess; - UINTN Size; VOID *SmmEndOfDxeRegistration; // @@ -991,28 +933,6 @@ VariableServiceInitialize ( ); ASSERT_EFI_ERROR (Status); - // - // Get SMRAM information - // - Status = gBS->LocateProtocol (&gEfiSmmAccess2ProtocolGuid, NULL, (VOID **)&SmmAccess); - ASSERT_EFI_ERROR (Status); - - Size = 0; - Status = SmmAccess->GetCapabilities (SmmAccess, &Size, NULL); - ASSERT (Status == EFI_BUFFER_TOO_SMALL); - - Status = gSmst->SmmAllocatePool ( - EfiRuntimeServicesData, - Size, - (VOID **)&mSmramRanges - ); - ASSERT_EFI_ERROR (Status); - - Status = SmmAccess->GetCapabilities (SmmAccess, &Size, mSmramRanges); - ASSERT_EFI_ERROR (Status); - - mSmramRangeCount = Size / sizeof (EFI_SMRAM_DESCRIPTOR); - mVariableBufferPayloadSize = MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize)) + OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) - sizeof (VARIABLE_HEADER); diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf index 317f13c2a4..d415bdef42 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf @@ -75,6 +75,7 @@ HobLib PcdLib DevicePathLib + SmmMemLib [Protocols] gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES