From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) by mx.groups.io with SMTP id smtpd.web09.8470.1608128342417846809 for ; Wed, 16 Dec 2020 06:19:02 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=AlP85Xwl; spf=pass (domain: linaro.org, ip: 209.85.214.181, mailfrom: masahisa.kojima@linaro.org) Received: by mail-pl1-f181.google.com with SMTP id e2so5845864plt.12 for ; Wed, 16 Dec 2020 06:19:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=pKGjyxUJhvmKsEOiZhV6RGYbyy5AjV9jtdwLiZIGCe4=; b=AlP85XwlYJjK4xnGVohTXVohF1KFIBNe59viYFenRAat/idofTAuFW3Se7yYl1GUJJ JeMQ3+gP+ij4/7Mx5z9cXtH2VV5ZeF0P+iEQTOphd9ez3pja4/T115Bt/QBjgPoG5Zo1 5L0iwi16jVMaYXnS0NCFiRzibaj/GEdd/YnN4wxYsVSfF2px8KbNP4OEfoiRUGSd5T6N kfnlgeR7/pnupUXsRlh50neyvYGeu0IH9Sv2J2ZsJxnORnxAdNXeN+pAQ++YE/P4BSj/ Lej5hyVkjmx+qBLtYodHCD9k8zkenJyY1kIpoD5jIDoPHuw1gwyH0X5iaEdOsRjPHWRh 9rLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=pKGjyxUJhvmKsEOiZhV6RGYbyy5AjV9jtdwLiZIGCe4=; b=TwaiFV2k45myv7U8ws5ozb+u3ejppu0/DRCm3MSl4+RTdFgNyVSH8uxGPfO+KksRlw KkjfA/KMpyCjzBZhKcAgrmbg52UbOwBtS+Ch/XQRCmrGRcG3WM/Ol5VpJuUOL60h/8rb 7BiCtQMYwU6BriV/uMAaesrwcsf6AEKp74hJeJ5ad6QTKfa9J1t5evLoz7caOpj2Ld7b b4nBY1YZuS6+DuXr7XbmlNAInyFqw4/Yi+TLVhprEMdHXv1VbCyA67FpLJXFLy4x3JEi rFAAp1sj+0urKX+7OxsdFtdHhAE2eBZnxd3V7PxIAMKtRLKnOS9a78K6XkqvT8IibE7O XAdQ== X-Gm-Message-State: AOAM533wyLPM9FqEJv+EpxdysfgzDo8HlawvxzgJZJPSQDPTtd3qz+b+ FuGkXl/Zd/D0V85yj8Tw/nnN8zJePnqOeQ== X-Google-Smtp-Source: ABdhPJxUevWVQTQE57E/mSLCUq9BSfnmzAVomQpWPHbZwyw9NNdJmDt3FUb+xvWxCeSS12mKcImH9Q== X-Received: by 2002:a17:902:8bcc:b029:dc:1aa4:25a3 with SMTP id r12-20020a1709028bccb02900dc1aa425a3mr1854087plo.39.1608128341521; Wed, 16 Dec 2020 06:19:01 -0800 (PST) Return-Path: Received: from localhost ([121.95.100.191]) by smtp.gmail.com with ESMTPSA id iq3sm2276597pjb.57.2020.12.16.06.18.59 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Wed, 16 Dec 2020 06:19:00 -0800 (PST) From: "Masahisa Kojima" To: devel@edk2.groups.io Cc: Kun Qin , Masahisa Kojima , Jian J Wang , Hao A Wu , Liming Gao , Ard Biesheuvel , Sami Mujawar , Jiewen Yao , Supreeth Venkatesh , Bret Barkelew Subject: [PATCH 1/1] MdeModulePkg/VarCheckPolicyLib: implement standalone MM version Date: Wed, 16 Dec 2020 23:19:19 +0900 Message-Id: <20201216141919.23262-2-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20201216141919.23262-1-masahisa.kojima@linaro.org> References: <20201216141919.23262-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit This commit adds the VarCheckPolicyLib that will be able to execute in the context of standalone MM. Signed-off-by: Masahisa Kojima Co-authored-by: Kun Qin Cc: Jian J Wang Cc: Hao A Wu Cc: Liming Gao Cc: Ard Biesheuvel Cc: Sami Mujawar Cc: Jiewen Yao Cc: Supreeth Venkatesh Cc: Bret Barkelew --- MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf | 5 +- MdeModulePkg/Library/VarCheckPolicyLib/{VarCheckPolicyLib.inf => VarCheckPolicyLibStandaloneMm.inf} | 23 +++++---- MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.h | 42 ++++++++++++++++ MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c | 14 +++--- MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.c | 50 ++++++++++++++++++++ MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibTraditional.c | 50 ++++++++++++++++++++ 6 files changed, 165 insertions(+), 19 deletions(-) diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf index 077bcc8990ca..9af436d25f81 100644 --- a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf +++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf @@ -13,11 +13,13 @@ [Defines] MODULE_TYPE = DXE_RUNTIME_DRIVER VERSION_STRING = 1.0 LIBRARY_CLASS = NULL|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER - CONSTRUCTOR = VarCheckPolicyLibConstructor + CONSTRUCTOR = VarCheckPolicyLibTraditionalConstructor [Sources] VarCheckPolicyLib.c + VarCheckPolicyLibTraditional.c + VarCheckPolicyLib.h [Packages] @@ -29,7 +31,6 @@ [LibraryClasses] BaseLib DebugLib BaseMemoryLib - DxeServicesLib MemoryAllocationLib VarCheckLib VariablePolicyLib diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.inf similarity index 51% copy from MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf copy to MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.inf index 077bcc8990ca..ab427f189a3d 100644 --- a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf +++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.inf @@ -1,35 +1,41 @@ -## @file VarCheckPolicyLib.inf +## @file VarCheckPolicyLibStandaloneMm.inf # This is an instance of a VarCheck lib that leverages the business logic behind # the VariablePolicy code to make its decisions. # -# Copyright (c) Microsoft Corporation. +## +# Copyright (c) Microsoft Corporation. All rights reserved. # SPDX-License-Identifier: BSD-2-Clause-Patent +# ## [Defines] INF_VERSION = 0x00010005 - BASE_NAME = VarCheckPolicyLib - FILE_GUID = 9C28A48F-C884-4B1F-8B95-DEF125448023 - MODULE_TYPE = DXE_RUNTIME_DRIVER + BASE_NAME = VarCheckPolicyLibStandaloneMm + FILE_GUID = 44B09E3D-5EDA-4673-ABCF-C8AE4560C8EC + MODULE_TYPE = MM_STANDALONE + PI_SPECIFICATION_VERSION = 0x00010032 VERSION_STRING = 1.0 - LIBRARY_CLASS = NULL|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER - CONSTRUCTOR = VarCheckPolicyLibConstructor + LIBRARY_CLASS = NULL|MM_STANDALONE + CONSTRUCTOR = VarCheckPolicyLibStandaloneConstructor [Sources] VarCheckPolicyLib.c + VarCheckPolicyLibStandaloneMm.c + VarCheckPolicyLib.h [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + StandaloneMmPkg/StandaloneMmPkg.dec [LibraryClasses] BaseLib DebugLib BaseMemoryLib - DxeServicesLib + MemLib MemoryAllocationLib VarCheckLib VariablePolicyLib @@ -37,6 +43,5 @@ [LibraryClasses] SafeIntLib MmServicesTableLib - [Guids] gVarCheckPolicyLibMmiHandlerGuid ## CONSUME ## Used to register for MM Communication events. diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.h b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.h new file mode 100644 index 000000000000..2226c8a19fec --- /dev/null +++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.h @@ -0,0 +1,42 @@ +/** @file -- VarCheckPolicyLib.h +This internal header file defines the common interface of constructor for +VarCheckPolicyLib. + +Copyright (c) Microsoft Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _VAR_CHECK_POLICY_LIB_H_ +#define _VAR_CHECK_POLICY_LIB_H_ + +/** + Common constructor function of VarCheckPolicyLib to register VarCheck handler + and SW MMI handlers. + + @retval EFI_SUCCESS The constructor executed correctly. + +**/ +EFI_STATUS +EFIAPI +VarCheckPolicyLibCommonConstructor ( + VOID + ); + +/** + This function is wrapper function to validate the buffer. + + @param Buffer The buffer start address to be checked. + @param Length The buffer length to be checked. + + @retval TRUE This buffer is valid per processor architecture and not overlap with SMRAM/MMRAM. + @retval FALSE This buffer is not valid per processor architecture or overlap with SMRAM/MMRAM. +**/ +BOOLEAN +EFIAPI +VarCheckPolicyIsBufferOutsideValid ( + IN EFI_PHYSICAL_ADDRESS Buffer, + IN UINT64 Length + ); + +#endif // _VAR_CHECK_POLICY_LIB_H_ diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c index 257aa9591303..14e1904e96d3 100644 --- a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c +++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c @@ -12,7 +12,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include -#include #include #include @@ -23,6 +22,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include +#include "VarCheckPolicyLib.h" + //================================================ // As a VarCheck library, we're linked into the VariableServices // and may not be able to call them indirectly. To get around this, @@ -102,7 +103,8 @@ VarCheckPolicyLibMmiHandler ( // Make sure that the buffer does not overlap SMM. // This should be covered by the SmiManage infrastructure, but just to be safe... InternalCommBufferSize = *CommBufferSize; - if (InternalCommBufferSize > VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE || !SmmIsBufferOutsideSmmValid((UINTN)CommBuffer, (UINT64)InternalCommBufferSize)) { + if (InternalCommBufferSize > VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE || + !VarCheckPolicyIsBufferOutsideValid((UINTN)CommBuffer, (UINT64)InternalCommBufferSize)) { DEBUG ((DEBUG_ERROR, "%a - Invalid CommBuffer supplied! 0x%016lX[0x%016lX]\n", __FUNCTION__, CommBuffer, InternalCommBufferSize)); return EFI_INVALID_PARAMETER; } @@ -305,17 +307,13 @@ VarCheckPolicyLibMmiHandler ( Constructor function of VarCheckPolicyLib to register VarCheck handler and SW MMI handlers. - @param[in] ImageHandle The firmware allocated handle for the EFI image. - @param[in] SystemTable A pointer to the EFI System Table. - @retval EFI_SUCCESS The constructor executed correctly. **/ EFI_STATUS EFIAPI -VarCheckPolicyLibConstructor ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable +VarCheckPolicyLibCommonConstructor ( + VOID ) { EFI_STATUS Status; diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.c b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.c new file mode 100644 index 000000000000..b283ced9d4e3 --- /dev/null +++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.c @@ -0,0 +1,50 @@ +/** @file -- VarCheckPolicyLibStandaloneMm.c +This is an instance of a VarCheck lib constructor for Standalone MM. + +Copyright (c) Microsoft Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include "VarCheckPolicyLib.h" + +/** + Standalone MM constructor function of VarCheckPolicyLib to invoke common + constructor routine. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The constructor executed correctly. + +**/ +EFI_STATUS +EFIAPI +VarCheckPolicyLibStandaloneConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_MM_SYSTEM_TABLE *SystemTable + ) +{ + return VarCheckPolicyLibCommonConstructor (); +} + +/** + This function is wrapper function to validate the buffer. + + @param Buffer The buffer start address to be checked. + @param Length The buffer length to be checked. + + @retval TRUE This buffer is valid per processor architectureand not overlap with MMRAM. + @retval FALSE This buffer is not valid per processor architecture or overlap with MMRAM. +**/ +BOOLEAN +EFIAPI +VarCheckPolicyIsBufferOutsideValid ( + IN EFI_PHYSICAL_ADDRESS Buffer, + IN UINT64 Length + ) +{ + return MmIsBufferOutsideMmValid (Buffer, Length); +} diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibTraditional.c b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibTraditional.c new file mode 100644 index 000000000000..f404aaaa470c --- /dev/null +++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibTraditional.c @@ -0,0 +1,50 @@ +/** @file -- VarCheckPolicyLibTraditional.c +This is an instance of a VarCheck lib constructor for traditional SMM. + +Copyright (c) Microsoft Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include "VarCheckPolicyLib.h" + +/** + Traditional constructor function of VarCheckPolicyLib to invoke common + constructor routine. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The constructor executed correctly. + +**/ +EFI_STATUS +EFIAPI +VarCheckPolicyLibTraditionalConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + return VarCheckPolicyLibCommonConstructor (); +} + +/** + This function is wrapper function to validate the buffer. + + @param Buffer The buffer start address to be checked. + @param Length The buffer length to be checked. + + @retval TRUE This buffer is valid per processor architecture and not overlap with SMRAM. + @retval FALSE This buffer is not valid per processor architecture or overlap with SMRAM. +**/ +BOOLEAN +EFIAPI +VarCheckPolicyIsBufferOutsideValid ( + IN EFI_PHYSICAL_ADDRESS Buffer, + IN UINT64 Length + ) +{ + return SmmIsBufferOutsideSmmValid (Buffer, Length); +} -- 2.17.1