public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Kubacki, Michael A" <michael.a.kubacki@intel.com>
To: "Wang, Jian J" <jian.j.wang@intel.com>,
	"Wu, Hao A" <hao.a.wu@intel.com>,
	"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Bi, Dandan" <dandan.bi@intel.com>,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	"Dong, Eric" <eric.dong@intel.com>,
	Laszlo Ersek <lersek@redhat.com>,
	"Gao, Liming" <liming.gao@intel.com>,
	"Kinney, Michael D" <michael.d.kinney@intel.com>,
	"Ni, Ray" <ray.ni@intel.com>,
	"Yao, Jiewen" <jiewen.yao@intel.com>
Subject: Re: [PATCH V4 07/10] MdeModulePkg/Variable: Add RT GetVariable() cache support
Date: Thu, 17 Oct 2019 17:44:06 +0000	[thread overview]
Message-ID: <DM6PR11MB383407900937523D96AF3BA0B56D0@DM6PR11MB3834.namprd11.prod.outlook.com> (raw)
In-Reply-To: <D827630B58408649ACB04F44C510003625993F9C@SHSMSX107.ccr.corp.intel.com>

Jian, thanks a lot your analysis. The intention was very much to constrain the flow of information
from SMM to the non-SMM environment and not vice versa during runtime cache operation.

I agree that the buffers pointed to in SMM_VARIABLE_COMMUNICATE_RUNTIME_VARIABLE_CACHE_CONTEXT
should be checked with VariableSmmIsBufferOutsideSmmValid (). I will send a V5 with this change.

Thanks,
Michael

> -----Original Message-----
> From: Wang, Jian J <jian.j.wang@intel.com>
> Sent: Thursday, October 17, 2019 7:23 AM
> To: Wu, Hao A <hao.a.wu@intel.com>; Kubacki, Michael A
> <michael.a.kubacki@intel.com>; devel@edk2.groups.io
> Cc: Bi, Dandan <dandan.bi@intel.com>; Ard Biesheuvel
> <ard.biesheuvel@linaro.org>; Dong, Eric <eric.dong@intel.com>; Laszlo Ersek
> <lersek@redhat.com>; Gao, Liming <liming.gao@intel.com>; Kinney, Michael
> D <michael.d.kinney@intel.com>; Ni, Ray <ray.ni@intel.com>; Yao, Jiewen
> <jiewen.yao@intel.com>
> Subject: RE: [PATCH V4 07/10] MdeModulePkg/Variable: Add RT
> GetVariable() cache support
> 
> >
> > Again, I would like to ask for help from other reviewers to look at this patch
> > (patch 7/10) and the next one (patch 8/10) (at least from the security
> > perspective). Any help will be appreciated, thanks in advance.
> >
> 
> I'm trying to do a simple analysis below from security perspective. Please
> correct me
> if anything wrong.
> 
> The patch added 3 new SMI variable Functions
>   f(a):
> SMM_VARIABLE_FUNCTION_INIT_RUNTIME_VARIABLE_CACHE_CONTEXT
>   f(b): SMM_VARIABLE_FUNCTION_SYNC_RUNTIME_CACHE
>   f(c): SMM_VARIABLE_FUNCTION_GET_RUNTIME_CACHE_INFO
> 
> f(a) communication buffer is type of
>   SMM_VARIABLE_COMMUNICATE_RUNTIME_VARIABLE_CACHE_CONTEXT
> 
> which is defined as
>   typedef struct {
>     BOOLEAN                 *ReadLock;
>     BOOLEAN                 *PendingUpdate;
>     BOOLEAN                 *HobFlushComplete;
>     VARIABLE_STORE_HEADER   *RuntimeHobCache;
>    VARIABLE_STORE_HEADER   *RuntimeNvCache;
>     VARIABLE_STORE_HEADER   *RuntimeVolatileCache;
>   }
> SMM_VARIABLE_COMMUNICATE_RUNTIME_VARIABLE_CACHE_CONTEXT;
> 
> There're 6 fields (all pointers) in the buffer. SMM will handle them in
> following ways
> - ReadLock and PendingUpdate are used to avoid race condition between
> smm and
>   non-smm code. I don't think there's security breach here.
> - RuntimeHobCache, RuntimeNvCache and RuntimeVolatileCache are buffers
> passed
>   to smm  code to simply store variable content. Smm code will not read its
> content.
>   I think this won't bring any security risk.
> 
> The SmmVariableHandler() will call VariableSmmIsBufferOutsideSmmValid()
> to make sure the communication buffer is outside of smram. But the handler
> will
> not check the above 6 pointers passed through communication buffer to see
> if they
> are in non-smram scope. This leaves potential security hole to allow smram
> buffer
> to be passed in from non-smm code.
> 
> f(b) doesn't use communication buffer. It's just used to flush variable cache.
> Then
> no security risk here.
> 
> f(c) uses communication buffer with type of
> 
>   typedef struct {
>     UINTN                   TotalHobStorageSize;
>     UINTN                   TotalNvStorageSize;
>     UINTN                   TotalVolatileStorageSize;
>     BOOLEAN                 AuthenticatedVariableUsage;
>   } SMM_VARIABLE_COMMUNICATE_GET_RUNTIME_CACHE_INFO;
> 
> There's no pointer in the buffer and the SMI handler doesn't read its content
> but
> just store data into it. I think there's no security risk here.
> 
> I also checked data flow newly introduced between smm and non-smm
> boundary.
> Most of the data flow is just from smm to non-smm. The only exception is
> ReadLock
> mentioned above. Generally speaking, I don't find security issue in this patch
> series
> except to above pointers passed by communication buffer.
> 
> Regards,
> Jian
> 
> > -----Original Message-----
> > From: Wu, Hao A <hao.a.wu@intel.com>
> > Sent: Wednesday, October 16, 2019 3:57 PM
> > To: Kubacki, Michael A <michael.a.kubacki@intel.com>;
> devel@edk2.groups.io
> > Cc: Bi, Dandan <dandan.bi@intel.com>; Ard Biesheuvel
> > <ard.biesheuvel@linaro.org>; Dong, Eric <eric.dong@intel.com>; Laszlo
> Ersek
> > <lersek@redhat.com>; Gao, Liming <liming.gao@intel.com>; Kinney,
> Michael D
> > <michael.d.kinney@intel.com>; Ni, Ray <ray.ni@intel.com>; Wang, Jian J
> > <jian.j.wang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
> > Subject: RE: [PATCH V4 07/10] MdeModulePkg/Variable: Add RT
> GetVariable()
> > cache support
> >
> > Again, I would like to ask for help from other reviewers to look at this patch
> > (patch 7/10) and the next one (patch 8/10) (at least from the security
> > perspective). Any help will be appreciated, thanks in advance.
> >
> >
> > One comment inherited from the feedback on the V2 series:
> > I saw AtRuntime() is still being added in file VariableSmmRuntimeDxe.c,
> could
> > you help to double confirm?
> >
> > Another general level comment is that:
> > Please help to update the MdeModulePkg.uni file as well for the introduce
> of
> > the new PCD.
> >
> > Inline comments below:
> >
> >
> > > -----Original Message-----
> > > From: Kubacki, Michael A
> > > Sent: Tuesday, October 15, 2019 7:30 AM
> > > To: devel@edk2.groups.io
> > > Cc: Bi, Dandan; Ard Biesheuvel; Dong, Eric; Laszlo Ersek; Gao, Liming;
> Kinney,
> > > Michael D; Ni, Ray; Wang, Jian J; Wu, Hao A; Yao, Jiewen
> > > Subject: [PATCH V4 07/10] MdeModulePkg/Variable: Add RT
> GetVariable()
> > > cache support
> > >
> > > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2220
> > >
> > > This change reduces SMIs for GetVariable () by maintaining a
> > > UEFI variable cache in Runtime DXE in addition to the pre-
> > > existing cache in SMRAM. When the Runtime Service GetVariable()
> > > is invoked, a Runtime DXE cache is used instead of triggering an
> > > SMI to VariableSmm. This can improve overall system performance
> > > by servicing variable read requests without rendezvousing all
> > > cores into SMM.
> > >
> > > The runtime cache  can be disabled with by setting the FeaturePCD
> > > gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache
> > > to FALSE. If the PCD is set to FALSE, the runtime cache will not be
> > > used and an SMI will be triggered for Runtime Service
> > > GetVariable () and GetNextVariableName () invocations.
> > >
> > > The following are important points regarding the behavior of the
> > > variable drivers when the variable runtime cache is enabled.
> > >
> > > 1. All of the non-volatile storage contents are loaded into the
> > >    cache upon driver load. This one time load operation from storage
> > >    is preferred as opposed to building the cache on demand. An on-
> > >    demand cache would require a fallback SMI to load data into the
> > >    cache as variables are requested.
> > >
> > > 2. SetVariable () requests will continue to always trigger an SMI.
> > >    This occurs regardless of whether the variable is volatile or
> > >    non-volatile.
> > >
> > > 3. Both volatile and non-volatile variables are cached in a runtime
> > >    buffer. As is the case in the current EDK II variable driver, they
> > >    continue to be cached in separate buffers.
> > >
> > > 4. The cache in Runtime DXE and SMM are intended to be exact copies
> > >    of one another. All SMM variable accesses only return data from the
> > >    SMM cache. The runtime caches are only updated after the variable I/O
> > >    operation is successful in SMM. The runtime caches are only updated
> > >    from SMM.
> > >
> > > 5. Synchronization mechanisms are in place to ensure the runtime cache
> > >    content integrity with the SMM cache. These may result in updates to
> > >    runtime cache that are the same in content but different in offset and
> > >    size from updates to the SMM cache.
> > >
> > > When using SMM variables with runtime cache enabled, two caches will
> now
> > > be present.
> > > 1. "Runtime Cache" - Maintained in VariableSmmRuntimeDxe. Used to
> > > service
> > >    Runtime Services GetVariable () and GetNextVariableName () callers.
> > > 2. "SMM Cache" - Maintained in VariableSmm to service SMM
> GetVariable ()
> > >    and GetNextVariableName () callers.
> > >    a. This cache is retained so SMM modules do not operate on data
> outside
> > >       SMRAM.
> > >
> > > Because a race condition can occur if an SMI occurs during the execution
> > > of runtime code reading from the runtime cache, a runtime cache read
> lock
> > > is introduced that explicitly moves pending updates from SMM to the
> > > runtime
> > > cache if an SMM update occurs while the runtime cache is locked. Note
> that
> > > it is not expected a Runtime services call will interrupt SMM processing
> > > since all CPU cores rendezvous in SMM.
> > >
> > > It is possible to view UEFI variable read and write statistics by setting
> > > the gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics
> > > FeaturePcd
> > > to TRUE and using the VariableInfo UEFI application in MdeModulePkg to
> > > dump
> > > variable statistics to the console. By doing so, a user can view the number
> > > of GetVariable () hits from the Runtime DXE variable driver (Runtime
> Cache
> > > hits) and the SMM variable driver (SMM Cache hits). SMM Cache hits for
> > > GetVariable () will occur when SMM modules invoke GetVariable ().
> > >
> > > Cc: Dandan Bi <dandan.bi@intel.com>
> > > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> > > Cc: Eric Dong <eric.dong@intel.com>
> > > Cc: Laszlo Ersek <lersek@redhat.com>
> > > Cc: Liming Gao <liming.gao@intel.com>
> > > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > > Cc: Ray Ni <ray.ni@intel.com>
> > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > Cc: Hao A Wu <hao.a.wu@intel.com>
> > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > Signed-off-by: Michael Kubacki <michael.a.kubacki@intel.com>
> > > ---
> > >  MdeModulePkg/MdeModulePkg.dec                                        |  12 +
> > >
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> > > |   2 +
> > >  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
> |   2
> > > +
> > >
> > >
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.i
> > > nf |  20 +-
> > >
> > >
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
> > > |   2 +
> > >  MdeModulePkg/Include/Guid/SmmVariableCommon.h                        |  29
> +-
> > >  MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h                |  32
> +-
> > >
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeCache.h
> > > |  51 ++
> > >  MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c                |  50
> +-
> > >
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeCache.c
> > > | 153 ++++++
> > >  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c             |
> 114
> > > ++++-
> > >
> > >
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.
> > > c   | 512 +++++++++++++++++++-
> > >  12 files changed, 938 insertions(+), 41 deletions(-)
> > >
> > > diff --git a/MdeModulePkg/MdeModulePkg.dec
> > > b/MdeModulePkg/MdeModulePkg.dec
> > > index 59b8c21713..a00835cb84 100644
> > > --- a/MdeModulePkg/MdeModulePkg.dec
> > > +++ b/MdeModulePkg/MdeModulePkg.dec
> > > @@ -641,6 +641,18 @@
> > >    # @Prompt Enable Device Path From Text support.
> > >
> > >
> gEfiMdeModulePkgTokenSpaceGuid.PcdDevicePathSupportDevicePathFrom
> > > Text|TRUE|BOOLEAN|0x00010038
> > >
> > > +  ## Indicates if the UEFI variable runtime cache should be enabled.
> > > +  #  This setting only applies if SMM variables are enabled. When
> enabled, all
> > > variable
> > > +  #  data for Runtime Service GetVariable () and GetNextVariableName
> ()
> > > calls is retrieved
> > > +  #  from a runtime data buffer referred to as the "runtime cache". An
> SMI is
> > > not triggered
> > > +  #  at all for these requests. Variables writes still trigger an SMI. This can
> > > greatly
> > > +  #  reduce overall system SMM usage as most boots tend to issue far
> more
> > > variable reads
> > > +  #  than writes.<BR><BR>
> > > +  #   TRUE  - The UEFI variable runtime cache is enabled.<BR>
> > > +  #   FALSE - The UEFI variable runtime cache is disabled.<BR>
> > > +  # @Prompt Enable the UEFI variable runtime cache.
> > > +
> > >
> gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALS
> > > E|BOOLEAN|0x00010039
> > > +
> > >    ## Indicates if the statistics about variable usage will be collected. This
> > > information is
> > >    #  stored as a vendor configuration table into the EFI system table.
> > >    #  Set this PCD to TRUE to use VariableInfo application in
> > > MdeModulePkg\Application directory to get
> > > diff --git
> > >
> a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> > >
> b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> > > index 08a5490787..ceea5d1ff9 100644
> > > ---
> > >
> a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> > > +++
> > >
> b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> > > @@ -40,6 +40,8 @@
> > >    VariableNonVolatile.h
> > >    VariableParsing.c
> > >    VariableParsing.h
> > > +  VariableRuntimeCache.c
> > > +  VariableRuntimeCache.h
> > >    PrivilegePolymorphic.h
> > >    Measurement.c
> > >    TcgMorLockDxe.c
> > > diff --git
> > > a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
> > > b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
> > > index 6dc2721b81..bc3033588d 100644
> > > --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
> > > +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
> > > @@ -49,6 +49,8 @@
> > >    VariableNonVolatile.h
> > >    VariableParsing.c
> > >    VariableParsing.h
> > > +  VariableRuntimeCache.c
> > > +  VariableRuntimeCache.h
> > >    VarCheck.c
> > >    Variable.h
> > >    PrivilegePolymorphic.h
> > > diff --git
> > >
> a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDx
> > > e.inf
> > >
> b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDx
> > > e.inf
> > > index 14894e6f13..b5a779a233 100644
> > > ---
> > >
> a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDx
> > > e.inf
> > > +++
> > >
> b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDx
> > > e.inf
> > > @@ -13,7 +13,7 @@
> > >  #  may not be modified without authorization. If platform fails to protect
> > > these resources,
> > >  #  the authentication service provided in this driver will be broken, and
> the
> > > behavior is undefined.
> > >  #
> > > -# Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
> > > +# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR>
> > >  # SPDX-License-Identifier: BSD-2-Clause-Patent
> > >  #
> > >  ##
> > > @@ -39,6 +39,10 @@
> > >    VariableSmmRuntimeDxe.c
> > >    PrivilegePolymorphic.h
> > >    Measurement.c
> > > +  VariableParsing.c
> > > +  VariableParsing.h
> > > +  VariableRuntimeCache.c
> > > +  VariableRuntimeCache.h
> > >
> > >  [Packages]
> > >    MdePkg/MdePkg.dec
> > > @@ -65,7 +69,21 @@
> > >    gEdkiiVariableLockProtocolGuid                ## PRODUCES
> > >    gEdkiiVarCheckProtocolGuid                    ## PRODUCES
> > >
> > > +[FeaturePcd]
> > > +  gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache
> > > ## CONSUMES
> > > +  gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics
> ##
> > > CONSUMES
> > > +
> > >  [Guids]
> > > +  ## PRODUCES             ## GUID # Signature of Variable store header
> > > +  ## CONSUMES             ## GUID # Signature of Variable store header
> > > +  ## SOMETIMES_PRODUCES   ## SystemTable
> > > +  gEfiAuthenticatedVariableGuid
> > > +
> > > +  ## PRODUCES             ## GUID # Signature of Variable store header
> > > +  ## CONSUMES             ## GUID # Signature of Variable store header
> > > +  ## SOMETIMES_PRODUCES   ## SystemTable
> > > +  gEfiVariableGuid
> > > +
> > >    gEfiEventVirtualAddressChangeGuid             ## CONSUMES ## Event
> > >    gEfiEventExitBootServicesGuid                 ## CONSUMES ## Event
> > >    ## CONSUMES ## GUID # Locate protocol
> > > diff --git
> > >
> a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.i
> > > nf
> > >
> b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.
> > > inf
> > > index f8a3742959..6e17f6cdf5 100644
> > > ---
> > >
> a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.i
> > > nf
> > > +++
> > >
> b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.
> > > inf
> > > @@ -49,6 +49,8 @@
> > >    VariableNonVolatile.h
> > >    VariableParsing.c
> > >    VariableParsing.h
> > > +  VariableRuntimeCache.c
> > > +  VariableRuntimeCache.h
> > >    VarCheck.c
> > >    Variable.h
> > >    PrivilegePolymorphic.h
> > > diff --git a/MdeModulePkg/Include/Guid/SmmVariableCommon.h
> > > b/MdeModulePkg/Include/Guid/SmmVariableCommon.h
> > > index c527a59891..ceef44dfd2 100644
> > > --- a/MdeModulePkg/Include/Guid/SmmVariableCommon.h
> > > +++ b/MdeModulePkg/Include/Guid/SmmVariableCommon.h
> > > @@ -1,7 +1,7 @@
> > >  /** @file
> > >    The file defined some common structures used for communicating
> > > between SMM variable module and SMM variable wrapper module.
> > >
> > > -Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>
> > > +Copyright (c) 2011 - 2019, Intel Corporation. All rights reserved.<BR>
> > >  SPDX-License-Identifier: BSD-2-Clause-Patent
> > >
> > >  **/
> > > @@ -9,6 +9,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> > >  #ifndef _SMM_VARIABLE_COMMON_H_
> > >  #define _SMM_VARIABLE_COMMON_H_
> > >
> > > +#include <Guid/VariableFormat.h>
> > >  #include <Protocol/VarCheck.h>
> > >
> > >  #define EFI_SMM_VARIABLE_WRITE_GUID \
> > > @@ -66,6 +67,16 @@ typedef struct {
> > >  #define
> > > SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_GET  10
> > >
> > >  #define SMM_VARIABLE_FUNCTION_GET_PAYLOAD_SIZE        11
> > > +//
> > > +// The payload for this function is
> > >
> SMM_VARIABLE_COMMUNICATE_RUNTIME_VARIABLE_CACHE_CONTEXT
> > > +//
> > > +#define
> > >
> SMM_VARIABLE_FUNCTION_INIT_RUNTIME_VARIABLE_CACHE_CONTEXT
> > > 12
> > > +
> > > +#define SMM_VARIABLE_FUNCTION_SYNC_RUNTIME_CACHE
> 13
> > > +//
> > > +// The payload for this function is
> > > SMM_VARIABLE_COMMUNICATE_GET_RUNTIME_CACHE_INFO
> > > +//
> > > +#define SMM_VARIABLE_FUNCTION_GET_RUNTIME_CACHE_INFO
> > > 14
> > >
> > >  ///
> > >  /// Size of SMM communicate header, without including the payload.
> > > @@ -120,4 +131,20 @@ typedef struct {
> > >    UINTN                         VariablePayloadSize;
> > >  } SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE;
> > >
> > > +typedef struct {
> > > +  BOOLEAN                 *ReadLock;
> > > +  BOOLEAN                 *PendingUpdate;
> > > +  BOOLEAN                 *HobFlushComplete;
> > > +  VARIABLE_STORE_HEADER   *RuntimeHobCache;
> > > +  VARIABLE_STORE_HEADER   *RuntimeNvCache;
> > > +  VARIABLE_STORE_HEADER   *RuntimeVolatileCache;
> > > +}
> > >
> SMM_VARIABLE_COMMUNICATE_RUNTIME_VARIABLE_CACHE_CONTEXT;
> > > +
> > > +typedef struct {
> > > +  UINTN                   TotalHobStorageSize;
> > > +  UINTN                   TotalNvStorageSize;
> > > +  UINTN                   TotalVolatileStorageSize;
> > > +  BOOLEAN                 AuthenticatedVariableUsage;
> > > +} SMM_VARIABLE_COMMUNICATE_GET_RUNTIME_CACHE_INFO;
> > > +
> > >  #endif // _SMM_VARIABLE_COMMON_H_
> > > diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h
> > > b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h
> > > index fb574b2e32..0b2bb6ae66 100644
> > > --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h
> > > +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h
> > > @@ -64,6 +64,21 @@ typedef enum {
> > >    VariableStoreTypeMax
> > >  } VARIABLE_STORE_TYPE;
> > >
> > > +typedef struct {
> > > +  UINT32                  PendingUpdateOffset;
> > > +  UINT32                  PendingUpdateLength;
> > > +  VARIABLE_STORE_HEADER   *Store;
> > > +} VARIABLE_RUNTIME_CACHE;
> > > +
> > > +typedef struct {
> > > +  BOOLEAN                 *ReadLock;
> > > +  BOOLEAN                 *PendingUpdate;
> > > +  BOOLEAN                 *HobFlushComplete;
> > > +  VARIABLE_RUNTIME_CACHE  VariableRuntimeHobCache;
> > > +  VARIABLE_RUNTIME_CACHE  VariableRuntimeNvCache;
> > > +  VARIABLE_RUNTIME_CACHE  VariableRuntimeVolatileCache;
> > > +} VARIABLE_RUNTIME_CACHE_CONTEXT;
> > > +
> > >  typedef struct {
> > >    VARIABLE_HEADER *CurrPtr;
> > >    //
> > > @@ -79,14 +94,15 @@ typedef struct {
> > >  } VARIABLE_POINTER_TRACK;
> > >
> > >  typedef struct {
> > > -  EFI_PHYSICAL_ADDRESS  HobVariableBase;
> > > -  EFI_PHYSICAL_ADDRESS  VolatileVariableBase;
> > > -  EFI_PHYSICAL_ADDRESS  NonVolatileVariableBase;
> > > -  EFI_LOCK              VariableServicesLock;
> > > -  UINT32                ReentrantState;
> > > -  BOOLEAN               AuthFormat;
> > > -  BOOLEAN               AuthSupport;
> > > -  BOOLEAN               EmuNvMode;
> > > +  EFI_PHYSICAL_ADDRESS            HobVariableBase;
> > > +  EFI_PHYSICAL_ADDRESS            VolatileVariableBase;
> > > +  EFI_PHYSICAL_ADDRESS            NonVolatileVariableBase;
> > > +  VARIABLE_RUNTIME_CACHE_CONTEXT
> VariableRuntimeCacheContext;
> > > +  EFI_LOCK                        VariableServicesLock;
> > > +  UINT32                          ReentrantState;
> > > +  BOOLEAN                         AuthFormat;
> > > +  BOOLEAN                         AuthSupport;
> > > +  BOOLEAN                         EmuNvMode;
> > >  } VARIABLE_GLOBAL;
> > >
> > >  typedef struct {
> > > diff --git
> > >
> a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeCache.h
> > >
> b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeCache.
> > > h
> > > new file mode 100644
> > > index 0000000000..f9804a1d69
> > > --- /dev/null
> > > +++
> > >
> b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeCache.
> > > h
> > > @@ -0,0 +1,51 @@
> > > +/** @file
> > > +  The common variable volatile store routines shared by the
> DXE_RUNTIME
> > > variable
> > > +  module and the DXE_SMM variable module.
> > > +
> > > +Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
> > > +SPDX-License-Identifier: BSD-2-Clause-Patent
> > > +
> > > +**/
> > > +
> > > +#ifndef _VARIABLE_RUNTIME_CACHE_H_
> > > +#define _VARIABLE_RUNTIME_CACHE_H_
> > > +
> > > +#include "Variable.h"
> > > +
> > > +/**
> > > +  Copies any pending updates to runtime variable caches.
> > > +
> > > +  @retval EFI_UNSUPPORTED         The volatile store to be updated is not
> > > initialized properly.
> > > +  @retval EFI_SUCCESS             The volatile store was updated
> successfully.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +FlushPendingRuntimeVariableCacheUpdates (
> > > +  VOID
> > > +  );
> > > +
> > > +/**
> > > +  Synchronizes the runtime variable caches with all pending updates
> outside
> > > runtime.
> > > +
> > > +  Ensures all conditions are met to maintain coherency for runtime cache
> > > updates. This function will attempt
> > > +  to write the given update (and any other pending updates) if the
> ReadLock
> > > is available. Otherwise, the
> > > +  update is added as a pending update for the given variable store and it
> will
> > > be flushed to the runtime cache
> > > +  at the next opportunity the ReadLock is available.
> > > +
> > > +  @param[in] VariableRuntimeCache Variable runtime cache structure
> for
> > > the runtime cache being synchronized.
> > > +  @param[in] Offset               Offset in bytes to apply the update.
> > > +  @param[in] Length               Length of data in bytes of the update.
> > > +
> > > +  @retval EFI_SUCCESS             The update was added as a pending
> update
> > > successfully. If the variable runtime
> > > +                                  cache ReadLock was available, the runtime cache was
> > > updated successfully.
> > > +  @retval EFI_UNSUPPORTED         The volatile store to be updated is not
> > > initialized properly.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +SynchronizeRuntimeVariableCache (
> > > +  IN  VARIABLE_RUNTIME_CACHE          *VariableRuntimeCache,
> > > +  IN  UINTN                           Offset,
> > > +  IN  UINTN                           Length
> > > +  );
> > > +
> > > +#endif
> > > diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
> > > b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
> > > index 0bd2f22e1a..29d6aca993 100644
> > > --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
> > > +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
> > > @@ -25,6 +25,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> > >  #include "Variable.h"
> > >  #include "VariableNonVolatile.h"
> > >  #include "VariableParsing.h"
> > > +#include "VariableRuntimeCache.h"
> > >
> > >  VARIABLE_MODULE_GLOBAL  *mVariableModuleGlobal;
> > >
> > > @@ -332,6 +333,12 @@ RecordVarErrorFlag (
> > >        // Update the data in NV cache.
> > >        //
> > >        *VarErrFlag = TempFlag;
> > > +      Status =  SynchronizeRuntimeVariableCache (
> > > +                  &mVariableModuleGlobal-
> > >
> >VariableGlobal.VariableRuntimeCacheContext.VariableRuntimeNvCache,
> > > +                  (UINTN) VarErrFlag - (UINTN) mNvVariableCache + (UINTN)
> > > mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase,
> > > +                  sizeof (TempFlag)
> > > +                  );
> > > +      ASSERT_EFI_ERROR (Status);
> > >      }
> > >    }
> > >  }
> > > @@ -766,12 +773,24 @@ Reclaim (
> > >
> > >  Done:
> > >    if (IsVolatile || mVariableModuleGlobal->VariableGlobal.EmuNvMode)
> {
> > > +    Status =  SynchronizeRuntimeVariableCache (
> > > +                &mVariableModuleGlobal-
> > >
> >VariableGlobal.VariableRuntimeCacheContext.VariableRuntimeVolatileCach
> > > e,
> > > +                0,
> > > +                VariableStoreHeader->Size
> > > +                );
> > > +    ASSERT_EFI_ERROR (Status);
> > >      FreePool (ValidBuffer);
> > >    } else {
> > >      //
> > >      // For NV variable reclaim, we use mNvVariableCache as the buffer, so
> > > copy the data back.
> > >      //
> > > -    CopyMem (mNvVariableCache, (UINT8 *)(UINTN)VariableBase,
> > > VariableStoreHeader->Size);
> > > +    CopyMem (mNvVariableCache, (UINT8 *) (UINTN) VariableBase,
> > > VariableStoreHeader->Size);
> > > +    Status =  SynchronizeRuntimeVariableCache (
> > > +                &mVariableModuleGlobal-
> > >
> >VariableGlobal.VariableRuntimeCacheContext.VariableRuntimeNvCache,
> > > +                0,
> > > +                VariableStoreHeader->Size
> > > +                );
> > > +    ASSERT_EFI_ERROR (Status);
> > >    }
> > >
> > >    return Status;
> > > @@ -1614,6 +1633,7 @@ UpdateVariable (
> > >    VARIABLE_POINTER_TRACK              *Variable;
> > >    VARIABLE_POINTER_TRACK              NvVariable;
> > >    VARIABLE_STORE_HEADER               *VariableStoreHeader;
> > > +  VARIABLE_RUNTIME_CACHE              *VolatileCacheInstance;
> > >    UINT8                               *BufferForMerge;
> > >    UINTN                               MergedBufSize;
> > >    BOOLEAN                             DataReady;
> > > @@ -2275,6 +2295,23 @@ UpdateVariable (
> > >    }
> > >
> > >  Done:
> > > +  if (!EFI_ERROR (Status)) {
> > > +    if (Variable->Volatile) {
> > > +      VolatileCacheInstance = &(mVariableModuleGlobal-
> > >
> >VariableGlobal.VariableRuntimeCacheContext.VariableRuntimeVolatileCach
> > > e);
> > > +    } else {
> > > +      VolatileCacheInstance = &(mVariableModuleGlobal-
> > >
> >VariableGlobal.VariableRuntimeCacheContext.VariableRuntimeNvCache);
> > > +    }
> > > +
> > > +    if (VolatileCacheInstance->Store != NULL) {
> > > +      Status =  SynchronizeRuntimeVariableCache (
> > > +                  VolatileCacheInstance,
> > > +                  0,
> > > +                  VolatileCacheInstance->Store->Size
> > > +                  );
> > > +      ASSERT_EFI_ERROR (Status);
> > > +    }
> > > +  }
> > > +
> > >    return Status;
> > >  }
> > >
> > > @@ -3200,6 +3237,14 @@ FlushHobVariableToFlash (
> > >          ErrorFlag = TRUE;
> > >        }
> > >      }
> > > +    if (mVariableModuleGlobal-
> > >
> >VariableGlobal.VariableRuntimeCacheContext.VariableRuntimeHobCache.S
> > > tore != NULL) {
> > > +      Status =  SynchronizeRuntimeVariableCache (
> > > +                  &mVariableModuleGlobal-
> > >
> >VariableGlobal.VariableRuntimeCacheContext.VariableRuntimeHobCache,
> > > +                  0,
> > > +                  mVariableModuleGlobal-
> > >
> >VariableGlobal.VariableRuntimeCacheContext.VariableRuntimeHobCache.S
> > > tore->Size
> > > +                  );
> > > +      ASSERT_EFI_ERROR (Status);
> > > +    }
> > >      if (ErrorFlag) {
> > >        //
> > >        // We still have HOB variable(s) not flushed in flash.
> > > @@ -3210,6 +3255,9 @@ FlushHobVariableToFlash (
> > >        // All HOB variables have been flushed in flash.
> > >        //
> > >        DEBUG ((EFI_D_INFO, "Variable driver: all HOB variables have been
> > > flushed in flash.\n"));
> > > +      if (mVariableModuleGlobal-
> > > >VariableGlobal.VariableRuntimeCacheContext.HobFlushComplete !=
> NULL)
> > > {
> > > +        *(mVariableModuleGlobal-
> > > >VariableGlobal.VariableRuntimeCacheContext.HobFlushComplete) =
> TRUE;
> > > +      }
> > >        if (!AtRuntime ()) {
> > >          FreePool ((VOID *) VariableStoreHeader);
> > >        }
> > > diff --git
> > >
> a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeCache.c
> > >
> b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeCache.c
> > > new file mode 100644
> > > index 0000000000..bc93cc07d2
> > > --- /dev/null
> > > +++
> > >
> b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeCache.c
> > > @@ -0,0 +1,153 @@
> > > +/** @file
> > > +  Functions related to managing the UEFI variable runtime cache. This file
> > > should only include functions
> > > +  used by the SMM UEFI variable driver.
> > > +
> > > +  Caution: This module requires additional review when modified.
> > > +  This driver will have external input - variable data. They may be input in
> > > SMM mode.
> > > +  This external input must be validated carefully to avoid security issue
> like
> > > +  buffer overflow, integer overflow.
> > > +
> > > +Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
> > > +SPDX-License-Identifier: BSD-2-Clause-Patent
> > > +
> > > +**/
> > > +
> > > +#include "VariableParsing.h"
> > > +#include "VariableRuntimeCache.h"
> > > +
> > > +extern VARIABLE_MODULE_GLOBAL   *mVariableModuleGlobal;
> > > +extern VARIABLE_STORE_HEADER    *mNvVariableCache;
> > > +
> > > +/**
> > > +  Copies any pending updates to runtime variable caches.
> > > +
> > > +  @retval EFI_UNSUPPORTED         The volatile store to be updated is not
> > > initialized properly.
> > > +  @retval EFI_SUCCESS             The volatile store was updated
> successfully.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +FlushPendingRuntimeVariableCacheUpdates (
> > > +  VOID
> > > +  )
> > > +{
> > > +  VARIABLE_RUNTIME_CACHE_CONTEXT
> *VariableRuntimeCacheContext;
> > > +
> > > +  VariableRuntimeCacheContext = &mVariableModuleGlobal-
> > > >VariableGlobal.VariableRuntimeCacheContext;
> > > +
> > > +  if (VariableRuntimeCacheContext->VariableRuntimeNvCache.Store ==
> > > NULL ||
> > > +      VariableRuntimeCacheContext-
> >VariableRuntimeVolatileCache.Store ==
> > > NULL ||
> > > +      VariableRuntimeCacheContext->PendingUpdate == NULL) {
> > > +    return EFI_UNSUPPORTED;
> > > +  }
> > > +
> > > +  if (*(VariableRuntimeCacheContext->PendingUpdate)) {
> > > +    if (VariableRuntimeCacheContext->VariableRuntimeHobCache.Store
> !=
> > > NULL &&
> > > +        mVariableModuleGlobal->VariableGlobal.HobVariableBase > 0) {
> > > +      CopyMem (
> > > +        (VOID *) (
> > > +          ((UINT8 *) (UINTN) VariableRuntimeCacheContext-
> > > >VariableRuntimeHobCache.Store) +
> > > +          VariableRuntimeCacheContext-
> > > >VariableRuntimeHobCache.PendingUpdateOffset
> > > +          ),
> > > +        (VOID *) (
> > > +          ((UINT8 *) (UINTN) mVariableModuleGlobal-
> > > >VariableGlobal.HobVariableBase) +
> > > +          VariableRuntimeCacheContext-
> > > >VariableRuntimeHobCache.PendingUpdateOffset
> > > +          ),
> > > +        VariableRuntimeCacheContext-
> > > >VariableRuntimeHobCache.PendingUpdateLength
> > > +        );
> > > +      VariableRuntimeCacheContext-
> > > >VariableRuntimeHobCache.PendingUpdateLength = 0;
> > > +      VariableRuntimeCacheContext-
> > > >VariableRuntimeHobCache.PendingUpdateOffset = 0;
> > > +    }
> > > +
> > > +    CopyMem (
> > > +      (VOID *) (
> > > +        ((UINT8 *) (UINTN) VariableRuntimeCacheContext-
> > > >VariableRuntimeNvCache.Store) +
> > > +        VariableRuntimeCacheContext-
> > > >VariableRuntimeNvCache.PendingUpdateOffset
> > > +        ),
> > > +      (VOID *) (
> > > +        ((UINT8 *) (UINTN) mNvVariableCache) +
> > > +        VariableRuntimeCacheContext-
> > > >VariableRuntimeNvCache.PendingUpdateOffset
> > > +        ),
> > > +      VariableRuntimeCacheContext-
> > > >VariableRuntimeNvCache.PendingUpdateLength
> > > +      );
> > > +    VariableRuntimeCacheContext-
> > > >VariableRuntimeNvCache.PendingUpdateLength = 0;
> > > +    VariableRuntimeCacheContext-
> > > >VariableRuntimeNvCache.PendingUpdateOffset = 0;
> > > +
> > > +    CopyMem (
> > > +      (VOID *) (
> > > +        ((UINT8 *) (UINTN) VariableRuntimeCacheContext-
> > > >VariableRuntimeVolatileCache.Store) +
> > > +        VariableRuntimeCacheContext-
> > > >VariableRuntimeVolatileCache.PendingUpdateOffset
> > > +      ),
> > > +      (VOID *) (
> > > +        ((UINT8 *) (UINTN) mVariableModuleGlobal-
> > > >VariableGlobal.VolatileVariableBase) +
> > > +        VariableRuntimeCacheContext-
> > > >VariableRuntimeVolatileCache.PendingUpdateOffset
> > > +        ),
> > > +      VariableRuntimeCacheContext-
> > > >VariableRuntimeVolatileCache.PendingUpdateLength
> > > +      );
> > > +    VariableRuntimeCacheContext-
> > > >VariableRuntimeVolatileCache.PendingUpdateLength = 0;
> > > +    VariableRuntimeCacheContext-
> > > >VariableRuntimeVolatileCache.PendingUpdateOffset = 0;
> > > +    *(VariableRuntimeCacheContext->PendingUpdate) = FALSE;
> > > +  }
> > > +
> > > +  return EFI_SUCCESS;
> > > +}
> > > +
> > > +/**
> > > +  Synchronizes the runtime variable caches with all pending updates
> outside
> > > runtime.
> > > +
> > > +  Ensures all conditions are met to maintain coherency for runtime cache
> > > updates. This function will attempt
> > > +  to write the given update (and any other pending updates) if the
> ReadLock
> > > is available. Otherwise, the
> > > +  update is added as a pending update for the given variable store and it
> will
> > > be flushed to the runtime cache
> > > +  at the next opportunity the ReadLock is available.
> > > +
> > > +  @param[in] VariableRuntimeCache Variable runtime cache structure
> for
> > > the runtime cache being synchronized.
> > > +  @param[in] Offset               Offset in bytes to apply the update.
> > > +  @param[in] Length               Length of data in bytes of the update.
> > > +
> > > +  @retval EFI_SUCCESS             The update was added as a pending
> update
> > > successfully. If the variable runtime
> > > +                                  cache ReadLock was available, the runtime cache was
> > > updated successfully.
> > > +  @retval EFI_UNSUPPORTED         The volatile store to be updated is not
> > > initialized properly.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +SynchronizeRuntimeVariableCache (
> > > +  IN  VARIABLE_RUNTIME_CACHE          *VariableRuntimeCache,
> > > +  IN  UINTN                           Offset,
> > > +  IN  UINTN                           Length
> > > +  )
> > > +{
> > > +  if (VariableRuntimeCache == NULL) {
> > > +    return EFI_INVALID_PARAMETER;
> > > +  } else if (VariableRuntimeCache->Store == NULL) {
> > > +    // The runtime cache may not be active or allocated yet.
> > > +    // In either case, return EFI_SUCCESS instead of
> EFI_NOT_AVAILABLE_YET.
> > > +    return EFI_SUCCESS;
> > > +  }
> > > +
> > > +  if (mVariableModuleGlobal-
> > > >VariableGlobal.VariableRuntimeCacheContext.PendingUpdate == NULL
> ||
> > > +      mVariableModuleGlobal-
> > > >VariableGlobal.VariableRuntimeCacheContext.ReadLock == NULL) {
> > > +    return EFI_UNSUPPORTED;
> > > +  }
> > > +
> > > +  if (*(mVariableModuleGlobal-
> > > >VariableGlobal.VariableRuntimeCacheContext.PendingUpdate) &&
> > > +      VariableRuntimeCache->PendingUpdateLength > 0) {
> > > +    VariableRuntimeCache->PendingUpdateLength =
> > > +      (UINT32) (
> > > +        MAX (
> > > +          (UINTN) (VariableRuntimeCache->PendingUpdateOffset +
> > > VariableRuntimeCache->PendingUpdateLength),
> > > +          Offset + Length
> > > +        ) - MIN ((UINTN) VariableRuntimeCache->PendingUpdateOffset,
> Offset)
> > > +      );
> > > +    VariableRuntimeCache->PendingUpdateOffset =
> > > +      (UINT32) MIN ((UINTN) VariableRuntimeCache-
> >PendingUpdateOffset,
> > > Offset);
> > > +  } else {
> > > +    VariableRuntimeCache->PendingUpdateLength = (UINT32) Length;
> > > +    VariableRuntimeCache->PendingUpdateOffset = (UINT32) Offset;
> > > +  }
> > > +  *(mVariableModuleGlobal-
> > > >VariableGlobal.VariableRuntimeCacheContext.PendingUpdate) = TRUE;
> > > +
> > > +  if (*(mVariableModuleGlobal-
> > > >VariableGlobal.VariableRuntimeCacheContext.ReadLock) == FALSE) {
> > > +    return FlushPendingRuntimeVariableCacheUpdates ();
> > > +  }
> > > +
> > > +  return EFI_SUCCESS;
> > > +}
> > > diff --git
> a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
> > > b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
> > > index 5e24bc4a62..45814b8996 100644
> > > --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
> > > +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
> > > @@ -31,6 +31,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> > >  #include <Guid/SmmVariableCommon.h>
> > >  #include "Variable.h"
> > >  #include "VariableParsing.h"
> > > +#include "VariableRuntimeCache.h"
> > > +
> > > +extern VARIABLE_STORE_HEADER                         *mNvVariableCache;
> > >
> > >  BOOLEAN                                              mAtRuntime              = FALSE;
> > >  UINT8                                                *mVariableBufferPayload = NULL;
> > > @@ -451,25 +454,29 @@ SmmVariableGetStatistics (
> > >  EFI_STATUS
> > >  EFIAPI
> > >  SmmVariableHandler (
> > > -  IN     EFI_HANDLE                                DispatchHandle,
> > > -  IN     CONST VOID                                *RegisterContext,
> > > -  IN OUT VOID                                      *CommBuffer,
> > > -  IN OUT UINTN                                     *CommBufferSize
> > > +  IN     EFI_HANDLE                                       DispatchHandle,
> > > +  IN     CONST VOID                                       *RegisterContext,
> > > +  IN OUT VOID                                             *CommBuffer,
> > > +  IN OUT UINTN                                            *CommBufferSize
> > >    )
> > >  {
> > > -  EFI_STATUS                                       Status;
> > > -  SMM_VARIABLE_COMMUNICATE_HEADER
> > > *SmmVariableFunctionHeader;
> > > -  SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
> > > *SmmVariableHeader;
> > > -  SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME
> > > *GetNextVariableName;
> > > -  SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO
> > > *QueryVariableInfo;
> > > -  SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE
> > > *GetPayloadSize;
> > > -  VARIABLE_INFO_ENTRY                              *VariableInfo;
> > > -  SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE
> *VariableToLock;
> > > -  SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY
> > > *CommVariableProperty;
> > > -  UINTN                                            InfoSize;
> > > -  UINTN                                            NameBufferSize;
> > > -  UINTN                                            CommBufferPayloadSize;
> > > -  UINTN                                            TempCommBufferSize;
> > > +  EFI_STATUS                                              Status;
> > > +  SMM_VARIABLE_COMMUNICATE_HEADER
> > > *SmmVariableFunctionHeader;
> > > +  SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
> > > *SmmVariableHeader;
> > > +  SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME
> > > *GetNextVariableName;
> > > +  SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO
> > > *QueryVariableInfo;
> > > +  SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE
> > > *GetPayloadSize;
> > > +
> > >
> SMM_VARIABLE_COMMUNICATE_RUNTIME_VARIABLE_CACHE_CONTEXT
> > > *RuntimeVariableCacheContext;
> > > +  SMM_VARIABLE_COMMUNICATE_GET_RUNTIME_CACHE_INFO
> > > *GetRuntimeCacheInfo;
> > > +  SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE
> > > *VariableToLock;
> > > +  SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY
> > > *CommVariableProperty;
> > > +  VARIABLE_INFO_ENTRY                                     *VariableInfo;
> > > +  VARIABLE_RUNTIME_CACHE_CONTEXT
> > > *VariableCacheContext;
> > > +  VARIABLE_STORE_HEADER                                   *VariableCache;
> > > +  UINTN                                                   InfoSize;
> > > +  UINTN                                                   NameBufferSize;
> > > +  UINTN                                                   CommBufferPayloadSize;
> > > +  UINTN                                                   TempCommBufferSize;
> > >
> > >    //
> > >    // If input is invalid, stop processing this SMI
> > > @@ -789,6 +796,79 @@ SmmVariableHandler (
> > >                   );
> > >        CopyMem (SmmVariableFunctionHeader->Data,
> mVariableBufferPayload,
> > > CommBufferPayloadSize);
> > >        break;
> > > +    case
> > >
> SMM_VARIABLE_FUNCTION_INIT_RUNTIME_VARIABLE_CACHE_CONTEXT:
> > > +      if (CommBufferPayloadSize < sizeof
> > >
> (SMM_VARIABLE_COMMUNICATE_RUNTIME_VARIABLE_CACHE_CONTEXT)
> )
> > > {
> > > +        DEBUG ((DEBUG_ERROR, "InitRuntimeVariableCacheContext: SMM
> > > communication buffer size invalid!\n"));
> > > +      } else if (mEndOfDxe) {
> > > +        DEBUG ((DEBUG_ERROR, "InitRuntimeVariableCacheContext:
> Cannot
> > > init context after end of DXE!\n"));
> > > +      } else {
> > > +        RuntimeVariableCacheContext =
> > >
> (SMM_VARIABLE_COMMUNICATE_RUNTIME_VARIABLE_CACHE_CONTEXT
> > > *) SmmVariableFunctionHeader->Data;
> > > +        VariableCacheContext = &mVariableModuleGlobal-
> > > >VariableGlobal.VariableRuntimeCacheContext;
> > > +
> > > +        ASSERT (RuntimeVariableCacheContext->RuntimeVolatileCache !=
> > > NULL);
> > > +        ASSERT (RuntimeVariableCacheContext->RuntimeNvCache !=
> NULL);
> > > +        ASSERT (RuntimeVariableCacheContext->PendingUpdate != NULL);
> > > +        ASSERT (RuntimeVariableCacheContext->ReadLock != NULL);
> > > +        ASSERT (RuntimeVariableCacheContext->HobFlushComplete !=
> NULL);
> > > +
> > > +        VariableCacheContext->VariableRuntimeHobCache.Store      =
> > > RuntimeVariableCacheContext->RuntimeHobCache;
> > > +        VariableCacheContext->VariableRuntimeVolatileCache.Store =
> > > RuntimeVariableCacheContext->RuntimeVolatileCache;
> > > +        VariableCacheContext->VariableRuntimeNvCache.Store       =
> > > RuntimeVariableCacheContext->RuntimeNvCache;
> > > +        VariableCacheContext->PendingUpdate                      =
> > > RuntimeVariableCacheContext->PendingUpdate;
> > > +        VariableCacheContext->ReadLock                           =
> > > RuntimeVariableCacheContext->ReadLock;
> > > +        VariableCacheContext->HobFlushComplete                   =
> > > RuntimeVariableCacheContext->HobFlushComplete;
> > > +
> > > +        // Set up the intial pending request since the RT cache needs to be
> in
> > > sync with SMM cache
> > > +        if (mVariableModuleGlobal->VariableGlobal.HobVariableBase == 0)
> {
> > > +          VariableCacheContext-
> > > >VariableRuntimeHobCache.PendingUpdateOffset = 0;
> > > +          VariableCacheContext-
> > > >VariableRuntimeHobCache.PendingUpdateLength = 0;
> > > +        } else {
> > > +          VariableCache = (VARIABLE_STORE_HEADER *) (UINTN)
> > > mVariableModuleGlobal->VariableGlobal.HobVariableBase;
> > > +          VariableCacheContext-
> > > >VariableRuntimeHobCache.PendingUpdateOffset = 0;
> > > +          VariableCacheContext-
> > > >VariableRuntimeHobCache.PendingUpdateLength = (UINT32) ((UINTN)
> > > GetEndPointer (VariableCache) - (UINTN) VariableCache);
> > > +          CopyGuid (&(VariableCacheContext-
> > > >VariableRuntimeHobCache.Store->Signature), &(VariableCache-
> > > >Signature));
> > > +        }
> > > +        VariableCache = (VARIABLE_STORE_HEADER  *) (UINTN)
> > > mVariableModuleGlobal->VariableGlobal.VolatileVariableBase;
> > > +        VariableCacheContext-
> > > >VariableRuntimeVolatileCache.PendingUpdateOffset   = 0;
> > > +        VariableCacheContext-
> > > >VariableRuntimeVolatileCache.PendingUpdateLength   = (UINT32)
> ((UINTN)
> > > GetEndPointer (VariableCache) - (UINTN) VariableCache);
> > > +        CopyGuid (&(VariableCacheContext-
> > > >VariableRuntimeVolatileCache.Store->Signature), &(VariableCache-
> > > >Signature));
> > > +
> > > +        VariableCache = (VARIABLE_STORE_HEADER  *) (UINTN)
> > > mNvVariableCache;
> > > +        VariableCacheContext-
> > > >VariableRuntimeNvCache.PendingUpdateOffset = 0;
> > > +        VariableCacheContext-
> > > >VariableRuntimeNvCache.PendingUpdateLength = (UINT32) ((UINTN)
> > > GetEndPointer (VariableCache) - (UINTN) VariableCache);
> > > +        CopyGuid (&(VariableCacheContext-
> >VariableRuntimeNvCache.Store-
> > > >Signature), &(VariableCache->Signature));
> > > +
> > > +        *(VariableCacheContext->PendingUpdate) = TRUE;
> > > +        *(VariableCacheContext->ReadLock) = FALSE;
> > > +        *(VariableCacheContext->HobFlushComplete) = FALSE;
> > > +      }
> > > +      Status = EFI_SUCCESS;
> > > +      break;
> > > +    case SMM_VARIABLE_FUNCTION_SYNC_RUNTIME_CACHE:
> > > +      Status = FlushPendingRuntimeVariableCacheUpdates ();
> > > +      break;
> > > +    case SMM_VARIABLE_FUNCTION_GET_RUNTIME_CACHE_INFO:
> > > +      if (CommBufferPayloadSize < sizeof
> > > (SMM_VARIABLE_COMMUNICATE_GET_RUNTIME_CACHE_INFO)) {
> > > +        DEBUG ((DEBUG_ERROR, "GetRuntimeCacheInfo: SMM
> communication
> > > buffer size invalid!\n"));
> > > +        return EFI_SUCCESS;
> > > +      }
> > > +      GetRuntimeCacheInfo =
> > > (SMM_VARIABLE_COMMUNICATE_GET_RUNTIME_CACHE_INFO *)
> > > SmmVariableFunctionHeader->Data;
> > > +
> > > +      if (mVariableModuleGlobal->VariableGlobal.HobVariableBase > 0) {
> > > +        VariableCache = (VARIABLE_STORE_HEADER *) (UINTN)
> > > mVariableModuleGlobal->VariableGlobal.HobVariableBase;
> > > +        GetRuntimeCacheInfo->TotalHobStorageSize = VariableCache-
> >Size;
> > > +      } else {
> > > +        GetRuntimeCacheInfo->TotalHobStorageSize = 0;
> > > +      }
> > > +
> > > +      VariableCache = (VARIABLE_STORE_HEADER  *) (UINTN)
> > > mVariableModuleGlobal->VariableGlobal.VolatileVariableBase;
> > > +      GetRuntimeCacheInfo->TotalVolatileStorageSize = VariableCache-
> >Size;
> > > +      VariableCache = (VARIABLE_STORE_HEADER  *) (UINTN)
> > > mNvVariableCache;
> > > +      GetRuntimeCacheInfo->TotalNvStorageSize = (UINTN)
> VariableCache-
> > > >Size;
> > > +      GetRuntimeCacheInfo->AuthenticatedVariableUsage =
> > > mVariableModuleGlobal->VariableGlobal.AuthFormat;
> > > +
> > > +      Status = EFI_SUCCESS;
> > > +      break;
> > >
> > >      default:
> > >        Status = EFI_UNSUPPORTED;
> > > diff --git
> > >
> a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDx
> > > e.c
> > >
> b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDx
> > > e.c
> > > index 0a1888e5ef..e236ddff33 100644
> > > ---
> > >
> a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDx
> > > e.c
> > > +++
> > >
> b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDx
> > > e.c
> > > @@ -13,7 +13,7 @@
> > >
> > >    InitCommunicateBuffer() is really function to check the variable data
> size.
> > >
> > > -Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
> > > +Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR>
> > >  SPDX-License-Identifier: BSD-2-Clause-Patent
> > >
> > >  **/
> > > @@ -39,6 +39,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> > >  #include <Guid/SmmVariableCommon.h>
> > >
> > >  #include "PrivilegePolymorphic.h"
> > > +#include "VariableParsing.h"
> > >
> > >  EFI_HANDLE                       mHandle                    = NULL;
> > >  EFI_SMM_VARIABLE_PROTOCOL       *mSmmVariable               = NULL;
> > > @@ -46,8 +47,19 @@ EFI_EVENT
> mVirtualAddressChangeEvent =
> > > NULL;
> > >  EFI_SMM_COMMUNICATION_PROTOCOL  *mSmmCommunication
> =
> > > NULL;
> > >  UINT8                           *mVariableBuffer            = NULL;
> > >  UINT8                           *mVariableBufferPhysical    = NULL;
> > > +VARIABLE_INFO_ENTRY             *mVariableInfo              = NULL;
> > > +VARIABLE_STORE_HEADER           *mVariableRuntimeHobCacheBuffer
> =
> > > NULL;
> > > +VARIABLE_STORE_HEADER           *mVariableRuntimeNvCacheBuffer
> =
> > > NULL;
> > > +VARIABLE_STORE_HEADER
> *mVariableRuntimeVolatileCacheBuffer
> > > = NULL;
> > >  UINTN                            mVariableBufferSize;
> > > +UINTN                            mVariableRuntimeHobCacheBufferSize;
> > > +UINTN                            mVariableRuntimeNvCacheBufferSize;
> > > +UINTN                            mVariableRuntimeVolatileCacheBufferSize;
> > >  UINTN                            mVariableBufferPayloadSize;
> > > +BOOLEAN                          mVariableRuntimeCachePendingUpdate;
> > > +BOOLEAN                          mVariableRuntimeCacheReadLock;
> > > +BOOLEAN                          mVariableAuthFormat;
> > > +BOOLEAN                          mHobFlushComplete;
> > >  EFI_LOCK                         mVariableServicesLock;
> > >  EDKII_VARIABLE_LOCK_PROTOCOL     mVariableLock;
> > >  EDKII_VAR_CHECK_PROTOCOL         mVarCheck;
> > > @@ -107,6 +119,72 @@ ReleaseLockOnlyAtBootTime (
> > >    }
> > >  }
> > >
> > > +/**
> > > +  Return TRUE if ExitBootServices () has been called.
> > > +
> > > +  @retval TRUE If ExitBootServices () has been called. FALSE if
> > > ExitBootServices () has not been called.
> > > +**/
> > > +BOOLEAN
> > > +AtRuntime (
> > > +  VOID
> > > +  )
> > > +{
> > > +  return EfiAtRuntime ();
> > > +}
> > > +
> > > +/**
> > > +  Initialize the variable cache buffer as an empty variable store.
> > > +
> > > +  @param[out]     VariableCacheBuffer     A pointer to pointer of a cache
> > > variable store.
> > > +  @param[in,out]  TotalVariableCacheSize  On input, the minimum size
> > > needed for the UEFI variable store cache
> > > +                                          buffer that is allocated. On output, the actual size
> of
> > > the buffer allocated.
> > > +                                          If TotalVariableCacheSize is zero, a buffer will not
> be
> > > allocated and the
> > > +                                          function will return with EFI_SUCCESS.
> > > +
> > > +  @retval EFI_SUCCESS             The variable cache was allocated and
> initialized
> > > successfully.
> > > +  @retval EFI_INVALID_PARAMETER   A given pointer is NULL or an
> invalid
> > > variable store size was specified.
> > > +  @retval EFI_OUT_OF_RESOURCES    Insufficient resources are available
> to
> > > allocate the variable store cache buffer.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +InitVariableCache (
> > > +  OUT    VARIABLE_STORE_HEADER   **VariableCacheBuffer,
> > > +  IN OUT UINTN                   *TotalVariableCacheSize
> > > +  )
> > > +{
> > > +  VARIABLE_STORE_HEADER   *VariableCacheStorePtr;
> > > +
> > > +  if (TotalVariableCacheSize == NULL) {
> > > +    return EFI_INVALID_PARAMETER;
> > > +  }
> > > +  if (*TotalVariableCacheSize == 0) {
> > > +    return EFI_SUCCESS;
> > > +  }
> > > +  if (VariableCacheBuffer == NULL || *TotalVariableCacheSize < sizeof
> > > (VARIABLE_STORE_HEADER)) {
> > > +    return EFI_INVALID_PARAMETER;
> > > +  }
> > > +  *TotalVariableCacheSize = ALIGN_VALUE (*TotalVariableCacheSize,
> sizeof
> > > (UINT32));
> > > +
> > > +  //
> > > +  // Allocate NV Storage Cache and initialize it to all 1's (like an erased FV)
> > > +  //
> > > +  *VariableCacheBuffer =  (VARIABLE_STORE_HEADER *)
> > > AllocateRuntimePages (
> > > +                            EFI_SIZE_TO_PAGES (*TotalVariableCacheSize)
> > > +                            );
> > > +  if (*VariableCacheBuffer == NULL) {
> > > +    return EFI_OUT_OF_RESOURCES;
> > > +  }
> > > +  VariableCacheStorePtr = *VariableCacheBuffer;
> > > +  SetMem32 ((VOID *) VariableCacheStorePtr, *TotalVariableCacheSize,
> > > (UINT32) 0xFFFFFFFF);
> > > +
> > > +  ZeroMem ((VOID *) VariableCacheStorePtr, sizeof
> > > (VARIABLE_STORE_HEADER));
> > > +  VariableCacheStorePtr->Size    = (UINT32) *TotalVariableCacheSize;
> > > +  VariableCacheStorePtr->Format  = VARIABLE_STORE_FORMATTED;
> > > +  VariableCacheStorePtr->State   = VARIABLE_STORE_HEALTHY;
> > > +
> > > +  return EFI_SUCCESS;
> > > +}
> > > +
> > >  /**
> > >    Initialize the communicate buffer using DataSize and Function.
> > >
> > > @@ -425,7 +503,169 @@ Done:
> > >  }
> > >
> > >  /**
> > > -  This code finds variable in storage blocks (Volatile or Non-Volatile).
> > > +  Signals SMM to synchronize any pending variable updates with the
> > > runtime cache(s).
> > > +
> > > +**/
> > > +VOID
> > > +SyncRuntimeCache (
> > > +  VOID
> > > +  )
> > > +{
> > > +  //
> > > +  // Init the communicate buffer. The buffer data size is:
> > > +  // SMM_COMMUNICATE_HEADER_SIZE +
> > > SMM_VARIABLE_COMMUNICATE_HEADER_SIZE.
> > > +  //
> > > +  InitCommunicateBuffer (NULL, 0,
> > > SMM_VARIABLE_FUNCTION_SYNC_RUNTIME_CACHE);
> > > +
> > > +  //
> > > +  // Send data to SMM.
> > > +  //
> > > +  SendCommunicateBuffer (0);
> > > +}
> > > +
> > > +/**
> > > +  Check whether a SMI must be triggered to retrieve pending cache
> updates.
> > > +
> > > +  If the variable HOB was finished being flushed since the last check for a
> > > runtime cache update, this function
> > > +  will prevent the HOB cache from being used for future runtime cache
> hits.
> > > +
> > > +**/
> > > +VOID
> > > +CheckForRuntimeCacheSync (
> > > +  VOID
> > > +  )
> > > +{
> > > +  if (mVariableRuntimeCachePendingUpdate) {
> > > +    SyncRuntimeCache ();
> > > +  }
> > > +  ASSERT (!mVariableRuntimeCachePendingUpdate);
> > > +
> > > +  //
> > > +  // The HOB variable data may have finished being flushed in the
> runtime
> > > cache sync update
> > > +  //
> > > +  if (mHobFlushComplete && mVariableRuntimeHobCacheBuffer !=
> NULL) {
> > > +    if (!EfiAtRuntime ()) {
> > > +      FreePool (mVariableRuntimeHobCacheBuffer);
> > > +    }
> > > +    mVariableRuntimeHobCacheBuffer = NULL;
> > > +  }
> > > +}
> > > +
> > > +/**
> > > +  Finds the given variable in a runtime cache variable store.
> > > +
> > > +  Caution: This function may receive untrusted input.
> > > +  The data size is external input, so this function will validate it carefully
> to
> > > avoid buffer overflow.
> > > +
> > > +  @param[in]      VariableName       Name of Variable to be found.
> > > +  @param[in]      VendorGuid         Variable vendor GUID.
> > > +  @param[out]     Attributes         Attribute value of the variable found.
> > > +  @param[in, out] DataSize           Size of Data found. If size is less than
> the
> > > +                                     data, this value contains the required size.
> > > +  @param[out]     Data               Data pointer.
> > > +
> > > +  @retval EFI_SUCCESS                Found the specified variable.
> > > +  @retval EFI_INVALID_PARAMETER      Invalid parameter.
> > > +  @retval EFI_NOT_FOUND              The specified variable could not be
> found.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +FindVariableInRuntimeCache (
> > > +  IN      CHAR16                            *VariableName,
> > > +  IN      EFI_GUID                          *VendorGuid,
> > > +  OUT     UINT32                            *Attributes OPTIONAL,
> > > +  IN OUT  UINTN                             *DataSize,
> > > +  OUT     VOID                              *Data OPTIONAL
> > > +  )
> > > +{
> > > +  EFI_STATUS              Status;
> > > +  UINTN                   TempDataSize;
> > > +  VARIABLE_POINTER_TRACK  RtPtrTrack;
> > > +  VARIABLE_STORE_TYPE     StoreType;
> > > +  VARIABLE_STORE_HEADER
> *VariableStoreList[VariableStoreTypeMax];
> > > +
> > > +  Status = EFI_NOT_FOUND;
> > > +
> > > +  if (VariableName == NULL || VendorGuid == NULL || DataSize ==
> NULL) {
> > > +    return EFI_INVALID_PARAMETER;
> > > +  }
> > > +
> > > +  //
> > > +  // The UEFI specification restricts Runtime Services callers from
> invoking
> > > the same or certain other Runtime Service
> > > +  // functions prior to completion and return from a previous Runtime
> > > Service call. These restrictions prevent
> > > +  // a GetVariable () or GetNextVariable () call from being issued until a
> prior
> > > call has returned. The runtime
> > > +  // cache read lock should always be free when entering this function.
> > > +  //
> > > +  ASSERT (!mVariableRuntimeCacheReadLock);
> > > +
> > > +  mVariableRuntimeCacheReadLock = TRUE;
> > > +  CheckForRuntimeCacheSync ();
> > > +
> > > +  if (!mVariableRuntimeCachePendingUpdate) {
> > > +    //
> > > +    // 0: Volatile, 1: HOB, 2: Non-Volatile.
> > > +    // The index and attributes mapping must be kept in this order as
> > > FindVariable
> > > +    // makes use of this mapping to implement search algorithm.
> > > +    //
> > > +    VariableStoreList[VariableStoreTypeVolatile] =
> > > mVariableRuntimeVolatileCacheBuffer;
> > > +    VariableStoreList[VariableStoreTypeHob]      =
> > > mVariableRuntimeHobCacheBuffer;
> > > +    VariableStoreList[VariableStoreTypeNv]       =
> > > mVariableRuntimeNvCacheBuffer;
> > > +
> > > +    for (StoreType = (VARIABLE_STORE_TYPE) 0; StoreType <
> > > VariableStoreTypeMax; StoreType++) {
> > > +      if (VariableStoreList[StoreType] == NULL) {
> > > +        continue;
> > > +      }
> > > +
> > > +      RtPtrTrack.StartPtr = GetStartPointer (VariableStoreList[StoreType]);
> > > +      RtPtrTrack.EndPtr   = GetEndPointer   (VariableStoreList[StoreType]);
> > > +      RtPtrTrack.Volatile = (BOOLEAN) (StoreType ==
> > > VariableStoreTypeVolatile);
> > > +
> > > +      Status = FindVariableEx (VariableName, VendorGuid, FALSE,
> &RtPtrTrack,
> > > mVariableAuthFormat);
> > > +      if (!EFI_ERROR (Status)) {
> > > +        break;
> > > +      }
> > > +    }
> > > +
> > > +    if (!EFI_ERROR (Status)) {
> > > +      //
> > > +      // Get data size
> > > +      //
> > > +      TempDataSize = DataSizeOfVariable (RtPtrTrack.CurrPtr,
> > > mVariableAuthFormat);
> > > +      ASSERT (TempDataSize != 0);
> > > +
> > > +      if (*DataSize >= TempDataSize) {
> > > +        if (Data == NULL) {
> > > +          Status = EFI_INVALID_PARAMETER;
> > > +          goto Done;
> > > +        }
> > > +
> > > +        CopyMem (Data, GetVariableDataPtr (RtPtrTrack.CurrPtr,
> > > mVariableAuthFormat), TempDataSize);
> > > +        if (Attributes != NULL) {
> > > +          *Attributes = RtPtrTrack.CurrPtr->Attributes;
> > > +        }
> > > +
> > > +        *DataSize = TempDataSize;
> > > +
> > > +        UpdateVariableInfo (VariableName, VendorGuid,
> RtPtrTrack.Volatile,
> > > TRUE, FALSE, FALSE, TRUE, &mVariableInfo);
> > > +
> > > +        Status = EFI_SUCCESS;
> > > +        goto Done;
> > > +      } else {
> > > +        *DataSize = TempDataSize;
> > > +        Status = EFI_BUFFER_TOO_SMALL;
> > > +        goto Done;
> > > +      }
> > > +    }
> > > +  }
> > > +
> > > +Done:
> > > +  mVariableRuntimeCacheReadLock = FALSE;
> > > +
> > > +  return Status;
> > > +}
> > > +
> > > +/**
> > > +  Finds the given variable in a variable store in SMM.
> > >
> > >    Caution: This function may receive untrusted input.
> > >    The data size is external input, so this function will validate it carefully to
> > > avoid buffer overflow.
> > > @@ -437,20 +677,18 @@ Done:
> > >                                       data, this value contains the required size.
> > >    @param[out]     Data               Data pointer.
> > >
> > > +  @retval EFI_SUCCESS                Found the specified variable.
> > >    @retval EFI_INVALID_PARAMETER      Invalid parameter.
> > > -  @retval EFI_SUCCESS                Find the specified variable.
> > > -  @retval EFI_NOT_FOUND              Not found.
> > > -  @retval EFI_BUFFER_TO_SMALL        DataSize is too small for the result.
> > > +  @retval EFI_NOT_FOUND              The specified variable could not be
> found.
> > >
> > >  **/
> > >  EFI_STATUS
> > > -EFIAPI
> > > -RuntimeServiceGetVariable (
> > > +FindVariableInSmm (
> > >    IN      CHAR16                            *VariableName,
> > >    IN      EFI_GUID                          *VendorGuid,
> > >    OUT     UINT32                            *Attributes OPTIONAL,
> > >    IN OUT  UINTN                             *DataSize,
> > > -  OUT     VOID                              *Data
> > > +  OUT     VOID                              *Data OPTIONAL
> > >    )
> > >  {
> > >    EFI_STATUS                                Status;
> > > @@ -474,8 +712,6 @@ RuntimeServiceGetVariable (
> > >      return EFI_INVALID_PARAMETER;
> > >    }
> > >
> > > -  AcquireLockOnlyAtBootTime(&mVariableServicesLock);
> > > -
> > >    //
> > >    // Init the communicate buffer. The buffer data size is:
> > >    // SMM_COMMUNICATE_HEADER_SIZE +
> > > SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
> > > @@ -488,7 +724,7 @@ RuntimeServiceGetVariable (
> > >    }
> > >    PayloadSize = OFFSET_OF
> > > (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) +
> > > VariableNameSize + TempDataSize;
> > >
> > > -  Status = InitCommunicateBuffer ((VOID **)&SmmVariableHeader,
> > > PayloadSize, SMM_VARIABLE_FUNCTION_GET_VARIABLE);
> > > +  Status = InitCommunicateBuffer ((VOID **) &SmmVariableHeader,
> > > PayloadSize, SMM_VARIABLE_FUNCTION_GET_VARIABLE);
> > >    if (EFI_ERROR (Status)) {
> > >      goto Done;
> > >    }
> > > @@ -534,11 +770,58 @@ RuntimeServiceGetVariable (
> > >    }
> > >
> > >  Done:
> > > +  return Status;
> > > +}
> > > +
> > > +/**
> > > +  This code finds variable in storage blocks (Volatile or Non-Volatile).
> > > +
> > > +  Caution: This function may receive untrusted input.
> > > +  The data size is external input, so this function will validate it carefully
> to
> > > avoid buffer overflow.
> > > +
> > > +  @param[in]      VariableName       Name of Variable to be found.
> > > +  @param[in]      VendorGuid         Variable vendor GUID.
> > > +  @param[out]     Attributes         Attribute value of the variable found.
> > > +  @param[in, out] DataSize           Size of Data found. If size is less than
> the
> > > +                                     data, this value contains the required size.
> > > +  @param[out]     Data               Data pointer.
> > > +
> > > +  @retval EFI_INVALID_PARAMETER      Invalid parameter.
> > > +  @retval EFI_SUCCESS                Find the specified variable.
> > > +  @retval EFI_NOT_FOUND              Not found.
> > > +  @retval EFI_BUFFER_TO_SMALL        DataSize is too small for the result.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +RuntimeServiceGetVariable (
> > > +  IN      CHAR16                            *VariableName,
> > > +  IN      EFI_GUID                          *VendorGuid,
> > > +  OUT     UINT32                            *Attributes OPTIONAL,
> > > +  IN OUT  UINTN                             *DataSize,
> > > +  OUT     VOID                              *Data
> > > +  )
> > > +{
> > > +  EFI_STATUS                                Status;
> > > +
> > > +  if (VariableName == NULL || VendorGuid == NULL || DataSize ==
> NULL) {
> > > +    return EFI_INVALID_PARAMETER;
> > > +  }
> > > +  if (VariableName[0] == 0) {
> > > +    return EFI_NOT_FOUND;
> > > +  }
> > > +
> > > +  AcquireLockOnlyAtBootTime (&mVariableServicesLock);
> > > +  if (FeaturePcdGet (PcdEnableVariableRuntimeCache)) {
> > > +    Status = FindVariableInRuntimeCache (VariableName, VendorGuid,
> > > Attributes, DataSize, Data);
> > > +  } else {
> > > +    Status = FindVariableInSmm (VariableName, VendorGuid, Attributes,
> > > DataSize, Data);
> > > +  }
> > >    ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
> > > +
> > >    return Status;
> > >  }
> > >
> > > -
> > >  /**
> > >    This code Finds the Next available variable.
> > >
> > > @@ -870,6 +1153,17 @@ OnReadyToBoot (
> > >    //
> > >    SendCommunicateBuffer (0);
> > >
> > > +  //
> > > +  // Install the system configuration table for variable info data captured
> > > +  //
> > > +  if (FeaturePcdGet (PcdEnableVariableRuntimeCache) &&
> FeaturePcdGet
> > > (PcdVariableCollectStatistics)) {
> > > +    if (mVariableAuthFormat) {
> > > +      gBS->InstallConfigurationTable (&gEfiAuthenticatedVariableGuid,
> > > mVariableInfo);
> > > +    } else {
> > > +      gBS->InstallConfigurationTable (&gEfiVariableGuid, mVariableInfo);
> > > +    }
> > > +  }
> > > +
> > >    gBS->CloseEvent (Event);
> > >  }
> > >
> > > @@ -893,6 +1187,9 @@ VariableAddressChangeEvent (
> > >  {
> > >    EfiConvertPointer (0x0, (VOID **) &mVariableBuffer);
> > >    EfiConvertPointer (0x0, (VOID **) &mSmmCommunication);
> > > +  EfiConvertPointer (0x0, (VOID **)
> &mVariableRuntimeHobCacheBuffer);
> > > +  EfiConvertPointer (0x0, (VOID **)
> &mVariableRuntimeNvCacheBuffer);
> > > +  EfiConvertPointer (0x0, (VOID **)
> > > &mVariableRuntimeVolatileCacheBuffer);
> > >  }
> > >
> > >  /**
> > > @@ -969,6 +1266,159 @@ Done:
> > >    return Status;
> > >  }
> > >
> > > +/**
> > > +  This code gets information needed from SMM for runtime cache
> > > initialization.
> > > +
> > > +  @param[out] TotalHobStorageSize         Output pointer for the total
> HOB
> > > storage size in bytes.
> > > +  @param[out] TotalNvStorageSize          Output pointer for the total non-
> > > volatile storage size in bytes.
> > > +  @param[out] TotalVolatileStorageSize    Output pointer for the total
> > > volatile storage size in bytes.
> > > +  @param[out] AuthenticatedVariableUsage  Output pointer that
> indicates if
> > > authenticated variables are to be used.
> > > +
> > > +  @retval EFI_SUCCESS                     Retrieved the size successfully.
> > > +  @retval EFI_INVALID_PARAMETER           TotalNvStorageSize parameter
> is
> > > NULL.
> > > +  @retval EFI_OUT_OF_RESOURCES            The memory resources
> needed
> > > for a CommBuffer are not available.
> > > +  @retval Others                          Could not retrieve the size successfully.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +GetRuntimeCacheInfo (
> > > +  OUT UINTN                         *TotalHobStorageSize,
> > > +  OUT UINTN                         *TotalNvStorageSize,
> > > +  OUT UINTN                         *TotalVolatileStorageSize,
> > > +  OUT BOOLEAN                       *AuthenticatedVariableUsage
> > > +  )
> > > +{
> > > +  EFI_STATUS                                          Status;
> > > +  SMM_VARIABLE_COMMUNICATE_GET_RUNTIME_CACHE_INFO
> > > *SmmGetRuntimeCacheInfo;
> > > +  EFI_SMM_COMMUNICATE_HEADER
> > > *SmmCommunicateHeader;
> > > +  SMM_VARIABLE_COMMUNICATE_HEADER
> > > *SmmVariableFunctionHeader;
> > > +  UINTN                                               CommSize;
> > > +  UINT8                                               *CommBuffer;
> > > +
> > > +  SmmGetRuntimeCacheInfo = NULL;
> > > +  CommBuffer = mVariableBuffer;
> > > +
> > > +  if (TotalHobStorageSize == NULL || TotalNvStorageSize == NULL ||
> > > TotalVolatileStorageSize == NULL || AuthenticatedVariableUsage ==
> NULL) {
> > > +    return EFI_INVALID_PARAMETER;
> > > +  }
> > > +
> > > +  if (CommBuffer == NULL) {
> > > +    return EFI_OUT_OF_RESOURCES;
> > > +  }
> > > +
> > > +  AcquireLockOnlyAtBootTime (&mVariableServicesLock);
> > > +
> > > +  CommSize = SMM_COMMUNICATE_HEADER_SIZE +
> > > SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + sizeof
> > > (SMM_VARIABLE_COMMUNICATE_GET_RUNTIME_CACHE_INFO);
> > > +  ZeroMem (CommBuffer, CommSize);
> >
> >
> > I would suggest to align with the approach of using the pre-alloacted
> > communication buffer like those existing functions:
> >
> > VariableLockRequestToLock()
> > VarCheckVariablePropertySet()
> > VarCheckVariablePropertyGet()
> > RuntimeServiceGetVariable()
> > RuntimeServiceGetNextVariableName()
> > RuntimeServiceSetVariable()
> > RuntimeServiceQueryVariableInfo()
> > OnExitBootServices()
> > OnReadyToBoot()
> >
> > They will:
> > 1. Use InitCommunicateBuffer() to get the communication buffer (a data
> size
> >    check will be performed in InitCommunicateBuffer);
> > 2. Update the communication buffer content;
> > 3. Use SendCommunicateBuffer() to send the data to SMM.
> >
> > There is a similar case for SendRuntimeVariableCacheContextToSmm() as
> well.
> >
> > Best Regards,
> > Hao Wu
> >
> >
> > > +
> > > +  SmmCommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *)
> > > CommBuffer;
> > > +  CopyGuid (&SmmCommunicateHeader->HeaderGuid,
> > > &gEfiSmmVariableProtocolGuid);
> > > +  SmmCommunicateHeader->MessageLength =
> > > SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + sizeof
> > > (SMM_VARIABLE_COMMUNICATE_GET_RUNTIME_CACHE_INFO);
> > > +
> > > +  SmmVariableFunctionHeader =
> > > (SMM_VARIABLE_COMMUNICATE_HEADER *)
> SmmCommunicateHeader-
> > > >Data;
> > > +  SmmVariableFunctionHeader->Function =
> > > SMM_VARIABLE_FUNCTION_GET_RUNTIME_CACHE_INFO;
> > > +  SmmGetRuntimeCacheInfo =
> > > (SMM_VARIABLE_COMMUNICATE_GET_RUNTIME_CACHE_INFO *)
> > > SmmVariableFunctionHeader->Data;
> > > +
> > > +  //
> > > +  // Send data to SMM.
> > > +  //
> > > +  Status = mSmmCommunication->Communicate
> (mSmmCommunication,
> > > CommBuffer, &CommSize);
> > > +  ASSERT_EFI_ERROR (Status);
> > > +  if (CommSize <= SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {
> > > +    Status = EFI_BAD_BUFFER_SIZE;
> > > +    goto Done;
> > > +  }
> > > +
> > > +  Status = SmmVariableFunctionHeader->ReturnStatus;
> > > +  if (EFI_ERROR (Status)) {
> > > +    goto Done;
> > > +  }
> > > +
> > > +  //
> > > +  // Get data from SMM.
> > > +  //
> > > +  *TotalHobStorageSize = SmmGetRuntimeCacheInfo-
> >TotalHobStorageSize;
> > > +  *TotalNvStorageSize = SmmGetRuntimeCacheInfo-
> >TotalNvStorageSize;
> > > +  *TotalVolatileStorageSize = SmmGetRuntimeCacheInfo-
> > > >TotalVolatileStorageSize;
> > > +  *AuthenticatedVariableUsage = SmmGetRuntimeCacheInfo-
> > > >AuthenticatedVariableUsage;
> > > +
> > > +Done:
> > > +  ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
> > > +  return Status;
> > > +}
> > > +
> > > +/**
> > > +  Sends the runtime variable cache context information to SMM.
> > > +
> > > +  @retval EFI_SUCCESS               Retrieved the size successfully.
> > > +  @retval EFI_INVALID_PARAMETER     TotalNvStorageSize parameter is
> > > NULL.
> > > +  @retval EFI_OUT_OF_RESOURCES      The memory resources needed
> for a
> > > CommBuffer are not available.
> > > +  @retval Others                    Could not retrieve the size successfully.;
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +SendRuntimeVariableCacheContextToSmm (
> > > +  VOID
> > > +  )
> > > +{
> > > +  EFI_STATUS                                                Status;
> > > +
> > >
> SMM_VARIABLE_COMMUNICATE_RUNTIME_VARIABLE_CACHE_CONTEXT
> > > *SmmRuntimeVarCacheContext;
> > > +  EFI_SMM_COMMUNICATE_HEADER
> > > *SmmCommunicateHeader;
> > > +  SMM_VARIABLE_COMMUNICATE_HEADER
> > > *SmmVariableFunctionHeader;
> > > +  UINTN                                                     CommSize;
> > > +  UINT8                                                     *CommBuffer;
> > > +
> > > +  SmmRuntimeVarCacheContext = NULL;
> > > +  CommBuffer = mVariableBuffer;
> > > +
> > > +  if (CommBuffer == NULL) {
> > > +    return EFI_OUT_OF_RESOURCES;
> > > +  }
> > > +
> > > +  AcquireLockOnlyAtBootTime (&mVariableServicesLock);
> > > +
> > > +  //
> > > +  // Init the communicate buffer. The buffer data size is:
> > > +  // SMM_COMMUNICATE_HEADER_SIZE +
> > > SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + sizeof
> > >
> (SMM_VARIABLE_COMMUNICATE_RUNTIME_VARIABLE_CACHE_CONTEXT)
> ;
> > > +  //
> > > +  CommSize = SMM_COMMUNICATE_HEADER_SIZE +
> > > SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + sizeof
> > >
> (SMM_VARIABLE_COMMUNICATE_RUNTIME_VARIABLE_CACHE_CONTEXT)
> ;
> > > +  ZeroMem (CommBuffer, CommSize);
> > > +
> > > +  SmmCommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *)
> > > CommBuffer;
> > > +  CopyGuid (&SmmCommunicateHeader->HeaderGuid,
> > > &gEfiSmmVariableProtocolGuid);
> > > +  SmmCommunicateHeader->MessageLength =
> > > SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + sizeof
> > >
> (SMM_VARIABLE_COMMUNICATE_RUNTIME_VARIABLE_CACHE_CONTEXT)
> ;
> > > +
> > > +  SmmVariableFunctionHeader =
> > > (SMM_VARIABLE_COMMUNICATE_HEADER *)
> SmmCommunicateHeader-
> > > >Data;
> > > +  SmmVariableFunctionHeader->Function =
> > >
> SMM_VARIABLE_FUNCTION_INIT_RUNTIME_VARIABLE_CACHE_CONTEXT;
> > > +  SmmRuntimeVarCacheContext =
> > >
> (SMM_VARIABLE_COMMUNICATE_RUNTIME_VARIABLE_CACHE_CONTEXT
> > > *) SmmVariableFunctionHeader->Data;
> > > +
> > > +  SmmRuntimeVarCacheContext->RuntimeHobCache =
> > > mVariableRuntimeHobCacheBuffer;
> > > +  SmmRuntimeVarCacheContext->RuntimeVolatileCache =
> > > mVariableRuntimeVolatileCacheBuffer;
> > > +  SmmRuntimeVarCacheContext->RuntimeNvCache =
> > > mVariableRuntimeNvCacheBuffer;
> > > +  SmmRuntimeVarCacheContext->PendingUpdate =
> > > &mVariableRuntimeCachePendingUpdate;
> > > +  SmmRuntimeVarCacheContext->ReadLock =
> > > &mVariableRuntimeCacheReadLock;
> > > +  SmmRuntimeVarCacheContext->HobFlushComplete =
> > > &mHobFlushComplete;
> > > +
> > > +  //
> > > +  // Send data to SMM.
> > > +  //
> > > +  Status = mSmmCommunication->Communicate
> (mSmmCommunication,
> > > CommBuffer, &CommSize);
> > > +  ASSERT_EFI_ERROR (Status);
> > > +  if (CommSize <= SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {
> > > +    Status = EFI_BAD_BUFFER_SIZE;
> > > +    goto Done;
> > > +  }
> > > +
> > > +  Status = SmmVariableFunctionHeader->ReturnStatus;
> > > +  if (EFI_ERROR (Status)) {
> > > +    goto Done;
> > > +  }
> > > +
> > > +Done:
> > > +  ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
> > > +  return Status;
> > > +}
> > > +
> > >  /**
> > >    Initialize variable service and install Variable Architectural protocol.
> > >
> > > @@ -985,7 +1435,7 @@ SmmVariableReady (
> > >  {
> > >    EFI_STATUS                                Status;
> > >
> > > -  Status = gBS->LocateProtocol (&gEfiSmmVariableProtocolGuid, NULL,
> > > (VOID **)&mSmmVariable);
> > > +  Status = gBS->LocateProtocol (&gEfiSmmVariableProtocolGuid, NULL,
> > > (VOID **) &mSmmVariable);
> > >    if (EFI_ERROR (Status)) {
> > >      return;
> > >    }
> > > @@ -1007,6 +1457,42 @@ SmmVariableReady (
> > >    //
> > >    mVariableBufferPhysical = mVariableBuffer;
> > >
> > > +  if (FeaturePcdGet (PcdEnableVariableRuntimeCache)) {
> > > +    DEBUG ((DEBUG_INFO, "Variable driver runtime cache is
> enabled.\n"));
> > > +    //
> > > +    // Allocate runtime variable cache memory buffers.
> > > +    //
> > > +    Status =  GetRuntimeCacheInfo (
> > > +                &mVariableRuntimeHobCacheBufferSize,
> > > +                &mVariableRuntimeNvCacheBufferSize,
> > > +                &mVariableRuntimeVolatileCacheBufferSize,
> > > +                &mVariableAuthFormat
> > > +                );
> > > +    if (!EFI_ERROR (Status)) {
> > > +      Status = InitVariableCache (&mVariableRuntimeHobCacheBuffer,
> > > &mVariableRuntimeHobCacheBufferSize);
> > > +      if (!EFI_ERROR (Status)) {
> > > +        Status = InitVariableCache (&mVariableRuntimeNvCacheBuffer,
> > > &mVariableRuntimeNvCacheBufferSize);
> > > +        if (!EFI_ERROR (Status)) {
> > > +          Status = InitVariableCache
> (&mVariableRuntimeVolatileCacheBuffer,
> > > &mVariableRuntimeVolatileCacheBufferSize);
> > > +          if (!EFI_ERROR (Status)) {
> > > +            Status = SendRuntimeVariableCacheContextToSmm ();
> > > +            if (!EFI_ERROR (Status)) {
> > > +              SyncRuntimeCache ();
> > > +            }
> > > +          }
> > > +        }
> > > +      }
> > > +      if (EFI_ERROR (Status)) {
> > > +        mVariableRuntimeHobCacheBuffer = NULL;
> > > +        mVariableRuntimeNvCacheBuffer = NULL;
> > > +        mVariableRuntimeVolatileCacheBuffer = NULL;
> > > +      }
> > > +    }
> > > +    ASSERT_EFI_ERROR (Status);
> > > +  } else {
> > > +    DEBUG ((DEBUG_INFO, "Variable driver runtime cache is
> disabled.\n"));
> > > +  }
> > > +
> > >    gRT->GetVariable         = RuntimeServiceGetVariable;
> > >    gRT->GetNextVariableName = RuntimeServiceGetNextVariableName;
> > >    gRT->SetVariable         = RuntimeServiceSetVariable;
> > > --
> > > 2.16.2.windows.1
> 


  reply	other threads:[~2019-10-17 17:44 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-10-14 23:29 [PATCH V4 00/10] UEFI Variable SMI Reduction Kubacki, Michael A
2019-10-14 23:29 ` [PATCH V4 01/10] MdeModulePkg/Variable: Consolidate common parsing functions Kubacki, Michael A
2019-10-16  7:52   ` Wu, Hao A
2019-10-14 23:29 ` [PATCH V4 02/10] MdeModulePkg/Variable: Parameterize GetNextVariableInternal () stores Kubacki, Michael A
2019-10-16  7:53   ` Wu, Hao A
2019-10-14 23:29 ` [PATCH V4 03/10] MdeModulePkg/Variable: Parameterize VARIABLE_INFO_ENTRY buffer Kubacki, Michael A
2019-10-16  7:54   ` Wu, Hao A
2019-10-14 23:29 ` [PATCH V4 04/10] MdeModulePkg/Variable: Parameterize auth status in VariableParsing Kubacki, Michael A
2019-10-17  1:01   ` Wu, Hao A
2019-10-17  1:41     ` Kubacki, Michael A
2019-10-17  1:49       ` Wu, Hao A
2019-10-14 23:29 ` [PATCH V4 05/10] MdeModulePkg/Variable: Add a file for NV variable functions Kubacki, Michael A
2019-10-16  7:55   ` Wu, Hao A
2019-10-14 23:29 ` [PATCH V4 06/10] MdeModulePkg VariableInfo: Always consider RT DXE and SMM stats Kubacki, Michael A
2019-10-16  7:56   ` Wu, Hao A
2019-10-14 23:29 ` [PATCH V4 07/10] MdeModulePkg/Variable: Add RT GetVariable() cache support Kubacki, Michael A
2019-10-16  6:46   ` Wang, Jian J
     [not found]   ` <15CE0DB2DE3EB613.1607@groups.io>
2019-10-16  6:54     ` [edk2-devel] " Wang, Jian J
2019-10-17  1:24       ` Kubacki, Michael A
2019-10-17  1:47         ` Wang, Jian J
2019-10-16  7:56   ` Wu, Hao A
2019-10-16 16:44     ` Kubacki, Michael A
2019-10-17 14:23     ` Wang, Jian J
2019-10-17 17:44       ` Kubacki, Michael A [this message]
2019-10-14 23:29 ` [PATCH V4 08/10] MdeModulePkg/Variable: Add RT GetNextVariableName() " Kubacki, Michael A
2019-10-16  7:56   ` Wu, Hao A
2019-10-14 23:30 ` [PATCH V4 09/10] OvmfPkg: Disable variable runtime cache Kubacki, Michael A
2019-10-15  7:32   ` Laszlo Ersek
2019-10-14 23:30 ` [PATCH V4 10/10] MdeModulePkg: Enable variable runtime cache by default Kubacki, Michael A
2019-10-15  7:33   ` Laszlo Ersek
2019-10-16  7:57   ` Wu, Hao A
2019-10-15  0:49 ` [PATCH V4 00/10] UEFI Variable SMI Reduction Liming Gao
2019-10-15 16:15   ` Kubacki, Michael A

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DM6PR11MB383407900937523D96AF3BA0B56D0@DM6PR11MB3834.namprd11.prod.outlook.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox