From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <eric.dong@intel.com>
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id D114221A04830
 for <edk2-devel@lists.01.org>; Tue,  2 May 2017 20:31:49 -0700 (PDT)
Received: from fmsmga005.fm.intel.com ([10.253.24.32])
 by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 02 May 2017 20:31:49 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.38,282,1491289200"; d="scan'208";a="96551260"
Received: from ydong10-win10.ccr.corp.intel.com ([10.239.158.51])
 by fmsmga005.fm.intel.com with ESMTP; 02 May 2017 20:31:49 -0700
From: Eric Dong <eric.dong@intel.com>
To: edk2-devel@lists.01.org
Cc: Jiewen Yao <jiewen.yao@intel.com>
Date: Wed,  3 May 2017 11:31:45 +0800
Message-Id: <1493782306-14084-2-git-send-email-eric.dong@intel.com>
X-Mailer: git-send-email 2.7.0.windows.1
In-Reply-To: <1493782306-14084-1-git-send-email-eric.dong@intel.com>
References: <1493782306-14084-1-git-send-email-eric.dong@intel.com>
Subject: [Patch 1/2] SecurityPkg OpalPasswordSmm: Consume SmmIoLib.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Wed, 03 May 2017 03:31:50 -0000

Update code to consume SmmIoLib to check Mmio validation.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
---
 .../Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c        | 30 +------------
 .../Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c     | 51 ----------------------
 .../Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h     |  3 +-
 .../Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf   |  2 +-
 4 files changed, 3 insertions(+), 83 deletions(-)

diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c
index 33f77bd..e38acfd 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c
@@ -1023,34 +1023,6 @@ GetAhciBarSize (
 }
 
 /**
-  This function check if the memory region is in GCD MMIO region.
-
-  @param Addr  The memory region start address to be checked.
-  @param Size  The memory region length to be checked.
-
-  @retval TRUE  This memory region is in GCD MMIO region.
-  @retval FALSE This memory region is not in GCD MMIO region.
-**/
-BOOLEAN
-EFIAPI
-OpalIsValidMmioSpace (
-  IN  EFI_PHYSICAL_ADDRESS       Addr,
-  IN  UINTN                      Size
-  )
-{
-  UINTN                           Index;
-  EFI_GCD_MEMORY_SPACE_DESCRIPTOR *Desc;
-
-  for (Index = 0; Index < mNumberOfDescriptors; Index ++) {
-    Desc = &mGcdMemSpace[Index];
-    if ((Desc->GcdMemoryType == EfiGcdMemoryTypeMemoryMappedIo) && (Addr >= Desc->BaseAddress) && ((Addr + Size) <= (Desc->BaseAddress + Desc->Length))) {
-      return TRUE;
-    }
-  }
-
-  return FALSE;
-}
-/**
   Get AHCI mode base address registers' Value.
 
   @param[in] Bus         The bus number of ata host controller.
@@ -1083,7 +1055,7 @@ GetAhciBaseAddress (
   //
   // Check if the AHCI Bar region is in SMRAM to avoid malicious attack by modifying MMIO Bar to point to SMRAM.
   //
-  if (!OpalIsValidMmioSpace ((EFI_PHYSICAL_ADDRESS)mAhciBar, Size)) {
+  if (!SmmIsMmioValid ((EFI_PHYSICAL_ADDRESS)mAhciBar, Size, NULL)) {
     return EFI_UNSUPPORTED;
   }
 
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
index 2f2a1d9..0ea92b1 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
@@ -61,9 +61,6 @@ VOID                 *mBuffer = NULL; // DMA can not read/write Data to smram, s
 // NVME
 NVME_CONTEXT         mNvmeContext;
 
-EFI_GCD_MEMORY_SPACE_DESCRIPTOR   *mGcdMemSpace        = NULL;
-UINTN                             mNumberOfDescriptors = 0;
-
 /**
   Add new bridge node or nvme device info to the device list.
 
@@ -648,44 +645,6 @@ S3SleepEntryCallBack (
 }
 
 /**
-  OpalPassword Notification for SMM EndOfDxe protocol.
-
-  @param[in] Protocol   Points to the protocol's unique identifier.
-  @param[in] Interface  Points to the interface instance.
-  @param[in] Handle     The handle on which the interface was installed.
-
-  @retval EFI_SUCCESS   Notification runs successfully.
-**/
-EFI_STATUS
-EFIAPI
-OpalPasswordEndOfDxeNotification (
-  IN CONST EFI_GUID  *Protocol,
-  IN VOID            *Interface,
-  IN EFI_HANDLE      Handle
-  )
-{
-  UINTN                            NumberOfDescriptors;
-  EFI_GCD_MEMORY_SPACE_DESCRIPTOR  *MemSpaceMap;
-  EFI_STATUS                       Status;
-
-  Status = gDS->GetMemorySpaceMap (&NumberOfDescriptors, &MemSpaceMap);
-  if (EFI_ERROR (Status)) {
-    return Status;
-  }
-
-  mGcdMemSpace = AllocateCopyPool (NumberOfDescriptors * sizeof (EFI_GCD_MEMORY_SPACE_DESCRIPTOR), MemSpaceMap);
-  if (EFI_ERROR (Status)) {
-    gBS->FreePool (MemSpaceMap);
-    return Status;
-  }
-
-  mNumberOfDescriptors = NumberOfDescriptors;
-  gBS->FreePool (MemSpaceMap);
-
-  return EFI_SUCCESS;
-}
-
-/**
   Main entry for this driver.
 
   @param ImageHandle     Image handle this driver.
@@ -711,7 +670,6 @@ OpalPasswordSmmInit (
   EFI_SMM_VARIABLE_PROTOCOL             *SmmVariable;
   OPAL_EXTRA_INFO_VAR                   OpalExtraInfo;
   UINTN                                 DataSize;
-  EFI_EVENT                             EndOfDxeEvent;
   EFI_PHYSICAL_ADDRESS                  Address;
 
   mBuffer            = NULL;
@@ -820,15 +778,6 @@ OpalPasswordSmmInit (
   //
   mSwSmiValue = (UINT8) Context.SwSmiInputValue;
 
-  //
-  // Create event to record GCD descriptors at end of dxe for judging AHCI/NVMe PCI Bar
-  // is in MMIO space to avoid attack.
-  //
-  Status = gSmst->SmmRegisterProtocolNotify (&gEfiSmmEndOfDxeProtocolGuid, OpalPasswordEndOfDxeNotification, &EndOfDxeEvent);
-  if (EFI_ERROR (Status)) {
-    DEBUG((DEBUG_ERROR, "OpalPasswordSmm: Register SmmEndOfDxe fail, Status: %r\n", Status));
-    goto EXIT;
-  }
   Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&SmmVariable);
   if (!EFI_ERROR (Status)) {
     DataSize = sizeof (OPAL_EXTRA_INFO_VAR);
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h
index ab31a6b..ce88786 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h
@@ -45,6 +45,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Library/S3BootScriptLib.h>
 #include <Library/DevicePathLib.h>
 #include <Library/DxeServicesTableLib.h>
+#include <Library/SmmIoLib.h>
 
 #include <IndustryStandard/Pci22.h>
 
@@ -70,8 +71,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 
 extern VOID                              *mBuffer;
 
-extern EFI_GCD_MEMORY_SPACE_DESCRIPTOR   *mGcdMemSpace;
-extern UINTN                             mNumberOfDescriptors;
 #pragma pack(1)
 
 typedef struct {
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf
index cab0fd5..c62fa13 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf
@@ -58,6 +58,7 @@
   DxeServicesTableLib
   DevicePathLib
   OpalPasswordSupportLib
+  SmmIoLib
 
 [Guids]
   gOpalExtraInfoVariableGuid                    ## CONSUMES ## GUID
@@ -69,7 +70,6 @@
   gEfiSmmSxDispatch2ProtocolGuid                ## CONSUMES
   gEfiSmmVariableProtocolGuid                   ## CONSUMES
   gEfiStorageSecurityCommandProtocolGuid        ## CONSUMES
-  gEfiSmmEndOfDxeProtocolGuid                   ## CONSUMES
 
 [Depex]
   gEfiSmmSwDispatch2ProtocolGuid AND
-- 
2.7.0.windows.1