From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id AD52921A134BC for ; Wed, 3 May 2017 07:19:54 -0700 (PDT) Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 May 2017 07:19:54 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.38,284,1491289200"; d="scan'208";a="963918630" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by orsmga003.jf.intel.com with ESMTP; 03 May 2017 07:19:53 -0700 Received: from fmsmsx117.amr.corp.intel.com (10.18.116.17) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 3 May 2017 07:19:53 -0700 Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by fmsmsx117.amr.corp.intel.com (10.18.116.17) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 3 May 2017 07:19:52 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.246]) by SHSMSX101.ccr.corp.intel.com ([169.254.1.193]) with mapi id 14.03.0319.002; Wed, 3 May 2017 22:19:50 +0800 From: "Yao, Jiewen" To: "Dong, Eric" , "edk2-devel@lists.01.org" Thread-Topic: [Patch 1/2] SecurityPkg OpalPasswordSmm: Consume SmmIoLib. Thread-Index: AQHSw73RH5uv3ET25kaqL0IkS1rcnKHiqRvw Date: Wed, 3 May 2017 14:19:50 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503A9375FF@shsmsx102.ccr.corp.intel.com> References: <1493782306-14084-1-git-send-email-eric.dong@intel.com> <1493782306-14084-2-git-send-email-eric.dong@intel.com> In-Reply-To: <1493782306-14084-2-git-send-email-eric.dong@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 10.0.102.7 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [Patch 1/2] SecurityPkg OpalPasswordSmm: Consume SmmIoLib. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 May 2017 14:19:54 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jiewen.yao@intel.com > -----Original Message----- > From: Dong, Eric > Sent: Wednesday, May 3, 2017 11:32 AM > To: edk2-devel@lists.01.org > Cc: Yao, Jiewen > Subject: [Patch 1/2] SecurityPkg OpalPasswordSmm: Consume SmmIoLib. >=20 > Update code to consume SmmIoLib to check Mmio validation. >=20 > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Eric Dong > Cc: Jiewen Yao > --- > .../Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c | 30 +------------ > .../Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c | 51 > ---------------------- > .../Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h | 3 +- > .../Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf | 2 +- > 4 files changed, 3 insertions(+), 83 deletions(-) >=20 > diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c > b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c > index 33f77bd..e38acfd 100644 > --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c > +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c > @@ -1023,34 +1023,6 @@ GetAhciBarSize ( > } >=20 > /** > - This function check if the memory region is in GCD MMIO region. > - > - @param Addr The memory region start address to be checked. > - @param Size The memory region length to be checked. > - > - @retval TRUE This memory region is in GCD MMIO region. > - @retval FALSE This memory region is not in GCD MMIO region. > -**/ > -BOOLEAN > -EFIAPI > -OpalIsValidMmioSpace ( > - IN EFI_PHYSICAL_ADDRESS Addr, > - IN UINTN Size > - ) > -{ > - UINTN Index; > - EFI_GCD_MEMORY_SPACE_DESCRIPTOR *Desc; > - > - for (Index =3D 0; Index < mNumberOfDescriptors; Index ++) { > - Desc =3D &mGcdMemSpace[Index]; > - if ((Desc->GcdMemoryType =3D=3D EfiGcdMemoryTypeMemoryMappedIo) && > (Addr >=3D Desc->BaseAddress) && ((Addr + Size) <=3D (Desc->BaseAddress + > Desc->Length))) { > - return TRUE; > - } > - } > - > - return FALSE; > -} > -/** > Get AHCI mode base address registers' Value. >=20 > @param[in] Bus The bus number of ata host controller. > @@ -1083,7 +1055,7 @@ GetAhciBaseAddress ( > // > // Check if the AHCI Bar region is in SMRAM to avoid malicious attack = by > modifying MMIO Bar to point to SMRAM. > // > - if (!OpalIsValidMmioSpace ((EFI_PHYSICAL_ADDRESS)mAhciBar, Size)) { > + if (!SmmIsMmioValid ((EFI_PHYSICAL_ADDRESS)mAhciBar, Size, NULL)) { > return EFI_UNSUPPORTED; > } >=20 > diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c > b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c > index 2f2a1d9..0ea92b1 100644 > --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c > +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c > @@ -61,9 +61,6 @@ VOID *mBuffer =3D NULL; // DMA can not > read/write Data to smram, s > // NVME > NVME_CONTEXT mNvmeContext; >=20 > -EFI_GCD_MEMORY_SPACE_DESCRIPTOR *mGcdMemSpace =3D NULL; > -UINTN mNumberOfDescriptors =3D 0; > - > /** > Add new bridge node or nvme device info to the device list. >=20 > @@ -648,44 +645,6 @@ S3SleepEntryCallBack ( > } >=20 > /** > - OpalPassword Notification for SMM EndOfDxe protocol. > - > - @param[in] Protocol Points to the protocol's unique identifier. > - @param[in] Interface Points to the interface instance. > - @param[in] Handle The handle on which the interface was installed. > - > - @retval EFI_SUCCESS Notification runs successfully. > -**/ > -EFI_STATUS > -EFIAPI > -OpalPasswordEndOfDxeNotification ( > - IN CONST EFI_GUID *Protocol, > - IN VOID *Interface, > - IN EFI_HANDLE Handle > - ) > -{ > - UINTN NumberOfDescriptors; > - EFI_GCD_MEMORY_SPACE_DESCRIPTOR *MemSpaceMap; > - EFI_STATUS Status; > - > - Status =3D gDS->GetMemorySpaceMap (&NumberOfDescriptors, > &MemSpaceMap); > - if (EFI_ERROR (Status)) { > - return Status; > - } > - > - mGcdMemSpace =3D AllocateCopyPool (NumberOfDescriptors * sizeof > (EFI_GCD_MEMORY_SPACE_DESCRIPTOR), MemSpaceMap); > - if (EFI_ERROR (Status)) { > - gBS->FreePool (MemSpaceMap); > - return Status; > - } > - > - mNumberOfDescriptors =3D NumberOfDescriptors; > - gBS->FreePool (MemSpaceMap); > - > - return EFI_SUCCESS; > -} > - > -/** > Main entry for this driver. >=20 > @param ImageHandle Image handle this driver. > @@ -711,7 +670,6 @@ OpalPasswordSmmInit ( > EFI_SMM_VARIABLE_PROTOCOL *SmmVariable; > OPAL_EXTRA_INFO_VAR OpalExtraInfo; > UINTN DataSize; > - EFI_EVENT EndOfDxeEvent; > EFI_PHYSICAL_ADDRESS Address; >=20 > mBuffer =3D NULL; > @@ -820,15 +778,6 @@ OpalPasswordSmmInit ( > // > mSwSmiValue =3D (UINT8) Context.SwSmiInputValue; >=20 > - // > - // Create event to record GCD descriptors at end of dxe for judging > AHCI/NVMe PCI Bar > - // is in MMIO space to avoid attack. > - // > - Status =3D gSmst->SmmRegisterProtocolNotify > (&gEfiSmmEndOfDxeProtocolGuid, OpalPasswordEndOfDxeNotification, > &EndOfDxeEvent); > - if (EFI_ERROR (Status)) { > - DEBUG((DEBUG_ERROR, "OpalPasswordSmm: Register SmmEndOfDxe fail, > Status: %r\n", Status)); > - goto EXIT; > - } > Status =3D gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NUL= L, > (VOID**)&SmmVariable); > if (!EFI_ERROR (Status)) { > DataSize =3D sizeof (OPAL_EXTRA_INFO_VAR); > diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h > b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h > index ab31a6b..ce88786 100644 > --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h > +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h > @@ -45,6 +45,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, > EITHER EXPRESS OR IMPLIED. > #include > #include > #include > +#include >=20 > #include >=20 > @@ -70,8 +71,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, > EITHER EXPRESS OR IMPLIED. >=20 > extern VOID *mBuffer; >=20 > -extern EFI_GCD_MEMORY_SPACE_DESCRIPTOR *mGcdMemSpace; > -extern UINTN mNumberOfDescriptors; > #pragma pack(1) >=20 > typedef struct { > diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf > b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf > index cab0fd5..c62fa13 100644 > --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf > +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf > @@ -58,6 +58,7 @@ > DxeServicesTableLib > DevicePathLib > OpalPasswordSupportLib > + SmmIoLib >=20 > [Guids] > gOpalExtraInfoVariableGuid ## CONSUMES ## GUID > @@ -69,7 +70,6 @@ > gEfiSmmSxDispatch2ProtocolGuid ## CONSUMES > gEfiSmmVariableProtocolGuid ## CONSUMES > gEfiStorageSecurityCommandProtocolGuid ## CONSUMES > - gEfiSmmEndOfDxeProtocolGuid ## CONSUMES >=20 > [Depex] > gEfiSmmSwDispatch2ProtocolGuid AND > -- > 2.7.0.windows.1