From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id D114221A04830 for ; Tue, 2 May 2017 20:31:49 -0700 (PDT) Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 May 2017 20:31:49 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.38,282,1491289200"; d="scan'208";a="96551260" Received: from ydong10-win10.ccr.corp.intel.com ([10.239.158.51]) by fmsmga005.fm.intel.com with ESMTP; 02 May 2017 20:31:49 -0700 From: Eric Dong To: edk2-devel@lists.01.org Cc: Jiewen Yao Date: Wed, 3 May 2017 11:31:45 +0800 Message-Id: <1493782306-14084-2-git-send-email-eric.dong@intel.com> X-Mailer: git-send-email 2.7.0.windows.1 In-Reply-To: <1493782306-14084-1-git-send-email-eric.dong@intel.com> References: <1493782306-14084-1-git-send-email-eric.dong@intel.com> Subject: [Patch 1/2] SecurityPkg OpalPasswordSmm: Consume SmmIoLib. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 May 2017 03:31:50 -0000 Update code to consume SmmIoLib to check Mmio validation. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong Cc: Jiewen Yao --- .../Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c | 30 +------------ .../Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c | 51 ---------------------- .../Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h | 3 +- .../Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf | 2 +- 4 files changed, 3 insertions(+), 83 deletions(-) diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c index 33f77bd..e38acfd 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c @@ -1023,34 +1023,6 @@ GetAhciBarSize ( } /** - This function check if the memory region is in GCD MMIO region. - - @param Addr The memory region start address to be checked. - @param Size The memory region length to be checked. - - @retval TRUE This memory region is in GCD MMIO region. - @retval FALSE This memory region is not in GCD MMIO region. -**/ -BOOLEAN -EFIAPI -OpalIsValidMmioSpace ( - IN EFI_PHYSICAL_ADDRESS Addr, - IN UINTN Size - ) -{ - UINTN Index; - EFI_GCD_MEMORY_SPACE_DESCRIPTOR *Desc; - - for (Index = 0; Index < mNumberOfDescriptors; Index ++) { - Desc = &mGcdMemSpace[Index]; - if ((Desc->GcdMemoryType == EfiGcdMemoryTypeMemoryMappedIo) && (Addr >= Desc->BaseAddress) && ((Addr + Size) <= (Desc->BaseAddress + Desc->Length))) { - return TRUE; - } - } - - return FALSE; -} -/** Get AHCI mode base address registers' Value. @param[in] Bus The bus number of ata host controller. @@ -1083,7 +1055,7 @@ GetAhciBaseAddress ( // // Check if the AHCI Bar region is in SMRAM to avoid malicious attack by modifying MMIO Bar to point to SMRAM. // - if (!OpalIsValidMmioSpace ((EFI_PHYSICAL_ADDRESS)mAhciBar, Size)) { + if (!SmmIsMmioValid ((EFI_PHYSICAL_ADDRESS)mAhciBar, Size, NULL)) { return EFI_UNSUPPORTED; } diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c index 2f2a1d9..0ea92b1 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c @@ -61,9 +61,6 @@ VOID *mBuffer = NULL; // DMA can not read/write Data to smram, s // NVME NVME_CONTEXT mNvmeContext; -EFI_GCD_MEMORY_SPACE_DESCRIPTOR *mGcdMemSpace = NULL; -UINTN mNumberOfDescriptors = 0; - /** Add new bridge node or nvme device info to the device list. @@ -648,44 +645,6 @@ S3SleepEntryCallBack ( } /** - OpalPassword Notification for SMM EndOfDxe protocol. - - @param[in] Protocol Points to the protocol's unique identifier. - @param[in] Interface Points to the interface instance. - @param[in] Handle The handle on which the interface was installed. - - @retval EFI_SUCCESS Notification runs successfully. -**/ -EFI_STATUS -EFIAPI -OpalPasswordEndOfDxeNotification ( - IN CONST EFI_GUID *Protocol, - IN VOID *Interface, - IN EFI_HANDLE Handle - ) -{ - UINTN NumberOfDescriptors; - EFI_GCD_MEMORY_SPACE_DESCRIPTOR *MemSpaceMap; - EFI_STATUS Status; - - Status = gDS->GetMemorySpaceMap (&NumberOfDescriptors, &MemSpaceMap); - if (EFI_ERROR (Status)) { - return Status; - } - - mGcdMemSpace = AllocateCopyPool (NumberOfDescriptors * sizeof (EFI_GCD_MEMORY_SPACE_DESCRIPTOR), MemSpaceMap); - if (EFI_ERROR (Status)) { - gBS->FreePool (MemSpaceMap); - return Status; - } - - mNumberOfDescriptors = NumberOfDescriptors; - gBS->FreePool (MemSpaceMap); - - return EFI_SUCCESS; -} - -/** Main entry for this driver. @param ImageHandle Image handle this driver. @@ -711,7 +670,6 @@ OpalPasswordSmmInit ( EFI_SMM_VARIABLE_PROTOCOL *SmmVariable; OPAL_EXTRA_INFO_VAR OpalExtraInfo; UINTN DataSize; - EFI_EVENT EndOfDxeEvent; EFI_PHYSICAL_ADDRESS Address; mBuffer = NULL; @@ -820,15 +778,6 @@ OpalPasswordSmmInit ( // mSwSmiValue = (UINT8) Context.SwSmiInputValue; - // - // Create event to record GCD descriptors at end of dxe for judging AHCI/NVMe PCI Bar - // is in MMIO space to avoid attack. - // - Status = gSmst->SmmRegisterProtocolNotify (&gEfiSmmEndOfDxeProtocolGuid, OpalPasswordEndOfDxeNotification, &EndOfDxeEvent); - if (EFI_ERROR (Status)) { - DEBUG((DEBUG_ERROR, "OpalPasswordSmm: Register SmmEndOfDxe fail, Status: %r\n", Status)); - goto EXIT; - } Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&SmmVariable); if (!EFI_ERROR (Status)) { DataSize = sizeof (OPAL_EXTRA_INFO_VAR); diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h index ab31a6b..ce88786 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h @@ -45,6 +45,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include #include +#include #include @@ -70,8 +71,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. extern VOID *mBuffer; -extern EFI_GCD_MEMORY_SPACE_DESCRIPTOR *mGcdMemSpace; -extern UINTN mNumberOfDescriptors; #pragma pack(1) typedef struct { diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf index cab0fd5..c62fa13 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf @@ -58,6 +58,7 @@ DxeServicesTableLib DevicePathLib OpalPasswordSupportLib + SmmIoLib [Guids] gOpalExtraInfoVariableGuid ## CONSUMES ## GUID @@ -69,7 +70,6 @@ gEfiSmmSxDispatch2ProtocolGuid ## CONSUMES gEfiSmmVariableProtocolGuid ## CONSUMES gEfiStorageSecurityCommandProtocolGuid ## CONSUMES - gEfiSmmEndOfDxeProtocolGuid ## CONSUMES [Depex] gEfiSmmSwDispatch2ProtocolGuid AND -- 2.7.0.windows.1