Fixed potential security issue introduced by SmramCpuNvs variable.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Shifei Lu <shifeix.a.lu@intel.com>
Reviewed-by: David Wei <david.wei@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17683 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Shifei Lu 2015-06-23 07:22:23 +00:00 committed by zwei4
parent f827cd07d0
commit e0d42561a8
5 changed files with 21 additions and 19 deletions

View File

@ -872,6 +872,9 @@
gEfiCpuTokenSpaceGuid.PcdCpuHotPlugDataAddress|0
gEfiCpuTokenSpaceGuid.PcdCpuCallbackSignal|0
gEfiCpuTokenSpaceGuid.PcdCpuConfigContextBuffer|0
gEfiVLVTokenSpaceGuid.PcdCpuLockBoxDataAddress|0
gEfiVLVTokenSpaceGuid.PcdCpuSmramCpuDataAddress|0
gEfiVLVTokenSpaceGuid.PcdCpuLockBoxSize|0
[Components.IA32]

View File

@ -874,6 +874,9 @@
gEfiCpuTokenSpaceGuid.PcdCpuHotPlugDataAddress|0
gEfiCpuTokenSpaceGuid.PcdCpuCallbackSignal|0
gEfiCpuTokenSpaceGuid.PcdCpuConfigContextBuffer|0
gEfiVLVTokenSpaceGuid.PcdCpuLockBoxDataAddress|0
gEfiVLVTokenSpaceGuid.PcdCpuSmramCpuDataAddress|0
gEfiVLVTokenSpaceGuid.PcdCpuLockBoxSize|0
[Components.IA32]

View File

@ -871,6 +871,9 @@
gEfiCpuTokenSpaceGuid.PcdCpuHotPlugDataAddress|0
gEfiCpuTokenSpaceGuid.PcdCpuCallbackSignal|0
gEfiCpuTokenSpaceGuid.PcdCpuConfigContextBuffer|0
gEfiVLVTokenSpaceGuid.PcdCpuLockBoxDataAddress|0
gEfiVLVTokenSpaceGuid.PcdCpuSmramCpuDataAddress|0
gEfiVLVTokenSpaceGuid.PcdCpuLockBoxSize|0
[Components.IA32]

View File

@ -3,7 +3,7 @@
This driver is for ECP platforms.
Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution.
@ -27,6 +27,7 @@
#include <Protocol/SmmSwDispatch.h>
#include <Protocol/SmmReadyToLock.h>
#include <Protocol/SmmControl.h>
#include <Guid/Vlv2DeviceRefCodePkgTokenSpace.h>
#define SMM_FROM_SMBASE_DRIVER 0x55
#define SMM_FROM_CPU_DRIVER_SAVE_INFO 0x81
@ -61,29 +62,15 @@ SmramSaveInfoHandler (
IN EFI_SMM_SW_DISPATCH_CONTEXT *DispatchContext
)
{
EFI_STATUS Status;
UINT64 VarData[3];
UINTN VarSize;
ASSERT (DispatchContext != NULL);
ASSERT (DispatchContext->SwSmiInputValue == SMM_FROM_SMBASE_DRIVER);
if (!mLocked && IoRead8 (mSmiDataRegister) == SMM_FROM_CPU_DRIVER_SAVE_INFO) {
VarSize = sizeof (VarData);
Status = gRT->GetVariable (
L"SmramCpuNvs",
&mSmramCpuNvsHeaderGuid,
NULL,
&VarSize,
VarData
);
if (!EFI_ERROR (Status) && VarSize == sizeof (VarData)) {
CopyMem (
(VOID *)(UINTN)(VarData[0]),
(VOID *)(UINTN)(VarData[1]),
(UINTN)(VarData[2])
(VOID *)(UINTN)(PcdGetEx64 (&gEfiVLVTokenSpaceGuid, PcdCpuLockBoxDataAddress)),
(VOID *)(UINTN)(PcdGetEx64 (&gEfiVLVTokenSpaceGuid, PcdCpuSmramCpuDataAddress)),
(UINTN)(PcdGetEx64 (&gEfiVLVTokenSpaceGuid, PcdCpuLockBoxSize))
);
}
}
}

View File

@ -2,7 +2,7 @@
#
# A helper driver to save information to SMRAM after SMRR is enabled.
#
# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials are licensed and made available under
# the terms and conditions of the BSD License that accompanies this distribution.
@ -39,6 +39,7 @@
[Packages]
MdePkg/MdePkg.dec
IntelFrameworkPkg/IntelFrameworkPkg.dec
Vlv2DeviceRefCodePkg/Vlv2DeviceRefCodePkg.dec
[LibraryClasses]
UefiDriverEntryPoint
@ -53,6 +54,11 @@
gEfiSmmControlProtocolGuid ## CONSUMED
gEfiSmmReadyToLockProtocolGuid ## CONSUMED
[Pcd.common]
gEfiVLVTokenSpaceGuid.PcdCpuLockBoxDataAddress
gEfiVLVTokenSpaceGuid.PcdCpuSmramCpuDataAddress
gEfiVLVTokenSpaceGuid.PcdCpuLockBoxSize
[Depex]
gEfiSmmSwDispatchProtocolGuid AND
gEfiSmmControlProtocolGuid