tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed potential security issue introduced by SmramCpuNvs variable. 

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Shifei Lu <shifeix.a.lu@intel.com>
Reviewed-by: David Wei <david.wei@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17683 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Shifei Lu 2015-06-23 07:22:23 +00:00 committed by zwei4
parent f827cd07d0
commit e0d42561a8
5 changed files with 21 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc
View File

@ -872,6 +872,9 @@
gEfiCpuTokenSpaceGuid.PcdCpuHotPlugDataAddress|0 gEfiCpuTokenSpaceGuid.PcdCpuHotPlugDataAddress|0
gEfiCpuTokenSpaceGuid.PcdCpuCallbackSignal|0 gEfiCpuTokenSpaceGuid.PcdCpuCallbackSignal|0
gEfiCpuTokenSpaceGuid.PcdCpuConfigContextBuffer|0 gEfiCpuTokenSpaceGuid.PcdCpuConfigContextBuffer|0
gEfiVLVTokenSpaceGuid.PcdCpuLockBoxDataAddress|0
gEfiVLVTokenSpaceGuid.PcdCpuSmramCpuDataAddress|0
gEfiVLVTokenSpaceGuid.PcdCpuLockBoxSize|0
[Components.IA32] [Components.IA32]

3
Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
View File

@ -874,6 +874,9 @@
gEfiCpuTokenSpaceGuid.PcdCpuHotPlugDataAddress|0 gEfiCpuTokenSpaceGuid.PcdCpuHotPlugDataAddress|0
gEfiCpuTokenSpaceGuid.PcdCpuCallbackSignal|0 gEfiCpuTokenSpaceGuid.PcdCpuCallbackSignal|0
gEfiCpuTokenSpaceGuid.PcdCpuConfigContextBuffer|0 gEfiCpuTokenSpaceGuid.PcdCpuConfigContextBuffer|0
gEfiVLVTokenSpaceGuid.PcdCpuLockBoxDataAddress|0
gEfiVLVTokenSpaceGuid.PcdCpuSmramCpuDataAddress|0
gEfiVLVTokenSpaceGuid.PcdCpuLockBoxSize|0
[Components.IA32] [Components.IA32]

3
Vlv2TbltDevicePkg/PlatformPkgX64.dsc
View File

@ -871,6 +871,9 @@
gEfiCpuTokenSpaceGuid.PcdCpuHotPlugDataAddress|0 gEfiCpuTokenSpaceGuid.PcdCpuHotPlugDataAddress|0
gEfiCpuTokenSpaceGuid.PcdCpuCallbackSignal|0 gEfiCpuTokenSpaceGuid.PcdCpuCallbackSignal|0
gEfiCpuTokenSpaceGuid.PcdCpuConfigContextBuffer|0 gEfiCpuTokenSpaceGuid.PcdCpuConfigContextBuffer|0
gEfiVLVTokenSpaceGuid.PcdCpuLockBoxDataAddress|0
gEfiVLVTokenSpaceGuid.PcdCpuSmramCpuDataAddress|0
gEfiVLVTokenSpaceGuid.PcdCpuLockBoxSize|0
[Components.IA32] [Components.IA32]

23
Vlv2TbltDevicePkg/SmramSaveInfoHandlerSmm/SmramSaveInfoHandlerSmm.c
View File

@ -3,7 +3,7 @@
This driver is for ECP platforms. This driver is for ECP platforms.
Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR> Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available under This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution. the terms and conditions of the BSD License that accompanies this distribution.
@ -27,6 +27,7 @@
#include <Protocol/SmmSwDispatch.h> #include <Protocol/SmmSwDispatch.h>
#include <Protocol/SmmReadyToLock.h> #include <Protocol/SmmReadyToLock.h>
#include <Protocol/SmmControl.h> #include <Protocol/SmmControl.h>
#include <Guid/Vlv2DeviceRefCodePkgTokenSpace.h>
#define SMM_FROM_SMBASE_DRIVER 0x55 #define SMM_FROM_SMBASE_DRIVER 0x55
#define SMM_FROM_CPU_DRIVER_SAVE_INFO 0x81 #define SMM_FROM_CPU_DRIVER_SAVE_INFO 0x81
@ -61,30 +62,16 @@ SmramSaveInfoHandler (
IN EFI_SMM_SW_DISPATCH_CONTEXT *DispatchContext IN EFI_SMM_SW_DISPATCH_CONTEXT *DispatchContext
) )
{ {
EFI_STATUS Status;
UINT64 VarData[3];
UINTN VarSize;
ASSERT (DispatchContext != NULL); ASSERT (DispatchContext != NULL);
ASSERT (DispatchContext->SwSmiInputValue == SMM_FROM_SMBASE_DRIVER); ASSERT (DispatchContext->SwSmiInputValue == SMM_FROM_SMBASE_DRIVER);
if (!mLocked && IoRead8 (mSmiDataRegister) == SMM_FROM_CPU_DRIVER_SAVE_INFO) { if (!mLocked && IoRead8 (mSmiDataRegister) == SMM_FROM_CPU_DRIVER_SAVE_INFO) {
VarSize = sizeof (VarData);
Status = gRT->GetVariable (
L"SmramCpuNvs",
&mSmramCpuNvsHeaderGuid,
NULL,
&VarSize,
VarData
);
if (!EFI_ERROR (Status) && VarSize == sizeof (VarData)) {
CopyMem ( CopyMem (
(VOID *)(UINTN)(VarData[0]), (VOID *)(UINTN)(PcdGetEx64 (&gEfiVLVTokenSpaceGuid, PcdCpuLockBoxDataAddress)),
(VOID *)(UINTN)(VarData[1]), (VOID *)(UINTN)(PcdGetEx64 (&gEfiVLVTokenSpaceGuid, PcdCpuSmramCpuDataAddress)),
(UINTN)(VarData[2]) (UINTN)(PcdGetEx64 (&gEfiVLVTokenSpaceGuid, PcdCpuLockBoxSize))
); );
} }
}
} }
/** /**

8
Vlv2TbltDevicePkg/SmramSaveInfoHandlerSmm/SmramSaveInfoHandlerSmm.inf
View File

@ -2,7 +2,7 @@
# #
# A helper driver to save information to SMRAM after SMRR is enabled. # A helper driver to save information to SMRAM after SMRR is enabled.
# #
# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR> # Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
# #
# This program and the accompanying materials are licensed and made available under # This program and the accompanying materials are licensed and made available under
# the terms and conditions of the BSD License that accompanies this distribution. # the terms and conditions of the BSD License that accompanies this distribution.
@ -39,6 +39,7 @@
[Packages] [Packages]
MdePkg/MdePkg.dec MdePkg/MdePkg.dec
IntelFrameworkPkg/IntelFrameworkPkg.dec IntelFrameworkPkg/IntelFrameworkPkg.dec
Vlv2DeviceRefCodePkg/Vlv2DeviceRefCodePkg.dec
[LibraryClasses] [LibraryClasses]
UefiDriverEntryPoint UefiDriverEntryPoint
@ -53,6 +54,11 @@
gEfiSmmControlProtocolGuid ## CONSUMED gEfiSmmControlProtocolGuid ## CONSUMED
gEfiSmmReadyToLockProtocolGuid ## CONSUMED gEfiSmmReadyToLockProtocolGuid ## CONSUMED
[Pcd.common]
gEfiVLVTokenSpaceGuid.PcdCpuLockBoxDataAddress
gEfiVLVTokenSpaceGuid.PcdCpuSmramCpuDataAddress
gEfiVLVTokenSpaceGuid.PcdCpuLockBoxSize
[Depex] [Depex]
gEfiSmmSwDispatchProtocolGuid AND gEfiSmmSwDispatchProtocolGuid AND
gEfiSmmControlProtocolGuid gEfiSmmControlProtocolGuid