mirror of https://github.com/acidanthera/audk.git
Mallicious code may use SmmFaultTolerantWriteHandler() to update some flash area directly, like Variable region, so return EFI_ACCESS_DENIED after End Of Dxe in SmmFaultTolerantWriteHandler().
And add code to prevent InfoSize overflow. Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14312 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
parent
7aa54c140c
commit
f07268bd0f
|
@ -43,7 +43,7 @@
|
||||||
Caution: This module requires additional review when modified.
|
Caution: This module requires additional review when modified.
|
||||||
This driver need to make sure the CommBuffer is not in the SMRAM range.
|
This driver need to make sure the CommBuffer is not in the SMRAM range.
|
||||||
|
|
||||||
Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>
|
||||||
This program and the accompanying materials
|
This program and the accompanying materials
|
||||||
are licensed and made available under the terms and conditions of the BSD License
|
are licensed and made available under the terms and conditions of the BSD License
|
||||||
which accompanies this distribution. The full text of the license may be found at
|
which accompanies this distribution. The full text of the license may be found at
|
||||||
|
@ -60,12 +60,17 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||||
#include "FaultTolerantWrite.h"
|
#include "FaultTolerantWrite.h"
|
||||||
#include "FaultTolerantWriteSmmCommon.h"
|
#include "FaultTolerantWriteSmmCommon.h"
|
||||||
#include <Protocol/SmmAccess2.h>
|
#include <Protocol/SmmAccess2.h>
|
||||||
|
#include <Protocol/SmmEndOfDxe.h>
|
||||||
|
|
||||||
EFI_EVENT mFvbRegistration = NULL;
|
EFI_EVENT mFvbRegistration = NULL;
|
||||||
EFI_FTW_DEVICE *mFtwDevice = NULL;
|
EFI_FTW_DEVICE *mFtwDevice = NULL;
|
||||||
EFI_SMRAM_DESCRIPTOR *mSmramRanges;
|
EFI_SMRAM_DESCRIPTOR *mSmramRanges;
|
||||||
UINTN mSmramRangeCount;
|
UINTN mSmramRangeCount;
|
||||||
|
|
||||||
|
///
|
||||||
|
/// The flag to indicate whether the platform has left the DXE phase of execution.
|
||||||
|
///
|
||||||
|
BOOLEAN mEndOfDxe = FALSE;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
This function check if the address is in SMRAM.
|
This function check if the address is in SMRAM.
|
||||||
|
@ -357,6 +362,16 @@ SmmFaultTolerantWriteHandler (
|
||||||
}
|
}
|
||||||
|
|
||||||
SmmFtwFunctionHeader = (SMM_FTW_COMMUNICATE_FUNCTION_HEADER *)CommBuffer;
|
SmmFtwFunctionHeader = (SMM_FTW_COMMUNICATE_FUNCTION_HEADER *)CommBuffer;
|
||||||
|
|
||||||
|
if (mEndOfDxe) {
|
||||||
|
//
|
||||||
|
// It will be not safe to expose the operations after End Of Dxe.
|
||||||
|
//
|
||||||
|
DEBUG ((EFI_D_ERROR, "SmmFtwHandler: Not safe to do the operation: %x after End Of Dxe, so access denied!\n", SmmFtwFunctionHeader->Function));
|
||||||
|
SmmFtwFunctionHeader->ReturnStatus = EFI_ACCESS_DENIED;
|
||||||
|
return EFI_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
switch (SmmFtwFunctionHeader->Function) {
|
switch (SmmFtwFunctionHeader->Function) {
|
||||||
case FTW_FUNCTION_GET_MAX_BLOCK_SIZE:
|
case FTW_FUNCTION_GET_MAX_BLOCK_SIZE:
|
||||||
SmmGetMaxBlockSizeHeader = (SMM_FTW_GET_MAX_BLOCK_SIZE_HEADER *) SmmFtwFunctionHeader->Data;
|
SmmGetMaxBlockSizeHeader = (SMM_FTW_GET_MAX_BLOCK_SIZE_HEADER *) SmmFtwFunctionHeader->Data;
|
||||||
|
@ -430,6 +445,13 @@ SmmFaultTolerantWriteHandler (
|
||||||
|
|
||||||
case FTW_FUNCTION_GET_LAST_WRITE:
|
case FTW_FUNCTION_GET_LAST_WRITE:
|
||||||
SmmFtwGetLastWriteHeader = (SMM_FTW_GET_LAST_WRITE_HEADER *) SmmFtwFunctionHeader->Data;
|
SmmFtwGetLastWriteHeader = (SMM_FTW_GET_LAST_WRITE_HEADER *) SmmFtwFunctionHeader->Data;
|
||||||
|
if ((UINTN)(~0) - SmmFtwGetLastWriteHeader->PrivateDataSize < OFFSET_OF (SMM_FTW_GET_LAST_WRITE_HEADER, Data)){
|
||||||
|
//
|
||||||
|
// Prevent InfoSize overflow
|
||||||
|
//
|
||||||
|
Status = EFI_ACCESS_DENIED;
|
||||||
|
break;
|
||||||
|
}
|
||||||
InfoSize = OFFSET_OF (SMM_FTW_GET_LAST_WRITE_HEADER, Data) + SmmFtwGetLastWriteHeader->PrivateDataSize;
|
InfoSize = OFFSET_OF (SMM_FTW_GET_LAST_WRITE_HEADER, Data) + SmmFtwGetLastWriteHeader->PrivateDataSize;
|
||||||
|
|
||||||
//
|
//
|
||||||
|
@ -532,6 +554,27 @@ FvbNotificationEvent (
|
||||||
return EFI_SUCCESS;
|
return EFI_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
SMM END_OF_DXE protocol notification event handler.
|
||||||
|
|
||||||
|
@param Protocol Points to the protocol's unique identifier
|
||||||
|
@param Interface Points to the interface instance
|
||||||
|
@param Handle The handle on which the interface was installed
|
||||||
|
|
||||||
|
@retval EFI_SUCCESS SmmEndOfDxeCallback runs successfully
|
||||||
|
|
||||||
|
**/
|
||||||
|
EFI_STATUS
|
||||||
|
EFIAPI
|
||||||
|
SmmEndOfDxeCallback (
|
||||||
|
IN CONST EFI_GUID *Protocol,
|
||||||
|
IN VOID *Interface,
|
||||||
|
IN EFI_HANDLE Handle
|
||||||
|
)
|
||||||
|
{
|
||||||
|
mEndOfDxe = TRUE;
|
||||||
|
return EFI_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
This function is the entry point of the Fault Tolerant Write driver.
|
This function is the entry point of the Fault Tolerant Write driver.
|
||||||
|
@ -555,6 +598,7 @@ SmmFaultTolerantWriteInitialize (
|
||||||
EFI_HANDLE FtwHandle;
|
EFI_HANDLE FtwHandle;
|
||||||
EFI_SMM_ACCESS2_PROTOCOL *SmmAccess;
|
EFI_SMM_ACCESS2_PROTOCOL *SmmAccess;
|
||||||
UINTN Size;
|
UINTN Size;
|
||||||
|
VOID *SmmEndOfDxeRegistration;
|
||||||
|
|
||||||
//
|
//
|
||||||
// Allocate private data structure for SMM FTW protocol and do some initialization
|
// Allocate private data structure for SMM FTW protocol and do some initialization
|
||||||
|
@ -586,6 +630,16 @@ SmmFaultTolerantWriteInitialize (
|
||||||
|
|
||||||
mSmramRangeCount = Size / sizeof (EFI_SMRAM_DESCRIPTOR);
|
mSmramRangeCount = Size / sizeof (EFI_SMRAM_DESCRIPTOR);
|
||||||
|
|
||||||
|
//
|
||||||
|
// Register EFI_SMM_END_OF_DXE_PROTOCOL_GUID notify function.
|
||||||
|
//
|
||||||
|
Status = gSmst->SmmRegisterProtocolNotify (
|
||||||
|
&gEfiSmmEndOfDxeProtocolGuid,
|
||||||
|
SmmEndOfDxeCallback,
|
||||||
|
&SmmEndOfDxeRegistration
|
||||||
|
);
|
||||||
|
ASSERT_EFI_ERROR (Status);
|
||||||
|
|
||||||
//
|
//
|
||||||
// Register FvbNotificationEvent () notify function.
|
// Register FvbNotificationEvent () notify function.
|
||||||
//
|
//
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
# depends on the full functionality SMM FVB protocol that support read, write/erase
|
# depends on the full functionality SMM FVB protocol that support read, write/erase
|
||||||
# flash access.
|
# flash access.
|
||||||
#
|
#
|
||||||
# Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
|
# Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>
|
||||||
#
|
#
|
||||||
# This program and the accompanying materials
|
# This program and the accompanying materials
|
||||||
# are licensed and made available under the terms and conditions of the BSD License
|
# are licensed and made available under the terms and conditions of the BSD License
|
||||||
|
@ -59,6 +59,7 @@
|
||||||
gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES
|
gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES
|
||||||
gEfiSmmFaultTolerantWriteProtocolGuid ## PRODUCES
|
gEfiSmmFaultTolerantWriteProtocolGuid ## PRODUCES
|
||||||
gEfiSmmAccess2ProtocolGuid ## CONSUMES
|
gEfiSmmAccess2ProtocolGuid ## CONSUMES
|
||||||
|
gEfiSmmEndOfDxeProtocolGuid ## CONSUMES
|
||||||
|
|
||||||
[FeaturePcd]
|
[FeaturePcd]
|
||||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFullFtwServiceEnable
|
gEfiMdeModulePkgTokenSpaceGuid.PcdFullFtwServiceEnable
|
||||||
|
|
|
@ -1,8 +1,11 @@
|
||||||
## @file
|
## @file
|
||||||
# This module is the Runtime DXE part corresponding to SMM Fault Tolerant Write (FTW) module.
|
# This module is the DXE part corresponding to SMM Fault Tolerant Write (FTW) module.
|
||||||
# It installs FTW protocol and works with SMM FTW module together.
|
# It installs FTW protocol and works with SMM FTW module together.
|
||||||
|
# The FTW protocol will not work after End Of Dxe because it will be not safe to expose
|
||||||
|
# the related operations in SMM handler in SMM FTW module. You can use the FTW protocol
|
||||||
|
# before End Of Dxe or use FaultTolerantWriteDxe module instead if you really want to.
|
||||||
#
|
#
|
||||||
# Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
|
# Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
|
||||||
#
|
#
|
||||||
# This program and the accompanying materials
|
# This program and the accompanying materials
|
||||||
# are licensed and made available under the terms and conditions of the BSD License
|
# are licensed and made available under the terms and conditions of the BSD License
|
||||||
|
|
Loading…
Reference in New Issue