diff options
| author | Leif Lindholm <leif.lindholm@linaro.org> | 2013-06-19 11:46:45 +0100 |
|---|---|---|
| committer | Leif Lindholm <leif.lindholm@linaro.org> | 2013-06-19 11:46:45 +0100 |
| commit | a70b8ca03acd78bb116fe4c9f89f8d5c2205f179 (patch) | |
| tree | 49f9dd09a6ad18c45a9c1a5b9eca633a6f1a9f32 /MdeModulePkg/Universal | |
| parent | 05575f2d38e4640753f65c7227864366aeb428a0 (diff) | |
| parent | 4a21c40a5f30d67cdf876bc50f48abd37d9eea68 (diff) | |
Merging uefi-next/linaro-release into masterlinaro-uefi-2013.06
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Diffstat (limited to 'MdeModulePkg/Universal')
22 files changed, 1184 insertions, 259 deletions
diff --git a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTableDxe/FirmwarePerformanceDxe.c b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTableDxe/FirmwarePerformanceDxe.c index ce17e4f92..f834778ac 100644 --- a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTableDxe/FirmwarePerformanceDxe.c +++ b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTableDxe/FirmwarePerformanceDxe.c @@ -5,7 +5,7 @@ for Firmware Basic Boot Performance Record and other boot performance records,
and install FPDT to ACPI table.
- Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -21,6 +21,8 @@ #include <Protocol/ReportStatusCodeHandler.h>
#include <Protocol/AcpiTable.h>
#include <Protocol/SmmCommunication.h>
+#include <Protocol/LockBox.h>
+#include <Protocol/Variable.h>
#include <Guid/Acpi.h>
#include <Guid/FirmwarePerformance.h>
@@ -36,7 +38,8 @@ #include <Library/MemoryAllocationLib.h>
#include <Library/PcdLib.h>
#include <Library/HobLib.h>
-#include <Library/PcdLib.h>
+#include <Library/LockBoxLib.h>
+#include <Library/UefiLib.h>
//
// ACPI table information used to initialize tables.
@@ -51,6 +54,7 @@ EFI_RSC_HANDLER_PROTOCOL *mRscHandlerProtocol = NULL;
+BOOLEAN mLockBoxReady = FALSE;
EFI_EVENT mReadyToBootEvent;
EFI_EVENT mLegacyBootEvent;
EFI_EVENT mExitBootServicesEvent;
@@ -206,6 +210,7 @@ FpdtAllocateReservedMemoryBelow4G ( EFI_STATUS Status;
VOID *Buffer;
+ Buffer = NULL;
Pages = EFI_SIZE_TO_PAGES (Size);
Address = 0xffffffff;
@@ -217,13 +222,107 @@ FpdtAllocateReservedMemoryBelow4G ( );
ASSERT_EFI_ERROR (Status);
- Buffer = (VOID *) (UINTN) Address;
- ZeroMem (Buffer, Size);
+ if (!EFI_ERROR (Status)) {
+ Buffer = (VOID *) (UINTN) Address;
+ ZeroMem (Buffer, Size);
+ }
return Buffer;
}
/**
+ Callback function upon VariableArchProtocol and LockBoxProtocol
+ to allocate S3 performance table memory and save the pointer to LockBox.
+
+ @param[in] Event Event whose notification function is being invoked.
+ @param[in] Context Pointer to the notification function's context.
+**/
+VOID
+EFIAPI
+FpdtAllocateS3PerformanceTableMemory (
+ IN EFI_EVENT Event,
+ IN VOID *Context
+ )
+{
+ EFI_STATUS Status;
+ VOID *Interface;
+ FIRMWARE_PERFORMANCE_VARIABLE PerformanceVariable;
+ UINTN Size;
+ EFI_PHYSICAL_ADDRESS S3PerformanceTablePointer;
+
+ if (mLockBoxReady && (mAcpiS3PerformanceTable != NULL)) {
+ //
+ // The memory for S3 performance table should have been ready,
+ // and the pointer should have been saved to LockBox, just return.
+ //
+ return;
+ }
+
+ if (!mLockBoxReady) {
+ Status = gBS->LocateProtocol (&gEfiLockBoxProtocolGuid, NULL, &Interface);
+ if (!EFI_ERROR (Status)) {
+ //
+ // LockBox services has been ready.
+ //
+ mLockBoxReady = TRUE;
+ }
+ }
+
+ if (mAcpiS3PerformanceTable == NULL) {
+ Status = gBS->LocateProtocol (&gEfiVariableArchProtocolGuid, NULL, &Interface);
+ if (!EFI_ERROR (Status)) {
+ //
+ // Try to allocate the same runtime buffer as last time boot.
+ //
+ ZeroMem (&PerformanceVariable, sizeof (PerformanceVariable));
+ Size = sizeof (PerformanceVariable);
+ Status = gRT->GetVariable (
+ EFI_FIRMWARE_PERFORMANCE_VARIABLE_NAME,
+ &gEfiFirmwarePerformanceGuid,
+ NULL,
+ &Size,
+ &PerformanceVariable
+ );
+ if (!EFI_ERROR (Status)) {
+ Status = gBS->AllocatePages (
+ AllocateAddress,
+ EfiReservedMemoryType,
+ EFI_SIZE_TO_PAGES (sizeof (S3_PERFORMANCE_TABLE)),
+ &PerformanceVariable.S3PerformanceTablePointer
+ );
+ if (!EFI_ERROR (Status)) {
+ mAcpiS3PerformanceTable = (S3_PERFORMANCE_TABLE *) (UINTN) PerformanceVariable.S3PerformanceTablePointer;
+ }
+ }
+ if (mAcpiS3PerformanceTable == NULL) {
+ //
+ // Fail to allocate at specified address, continue to allocate at any address.
+ //
+ mAcpiS3PerformanceTable = (S3_PERFORMANCE_TABLE *) FpdtAllocateReservedMemoryBelow4G (sizeof (S3_PERFORMANCE_TABLE));
+ }
+ DEBUG ((EFI_D_INFO, "FPDT: ACPI S3 Performance Table address = 0x%x\n", mAcpiS3PerformanceTable));
+ if (mAcpiS3PerformanceTable != NULL) {
+ CopyMem (mAcpiS3PerformanceTable, &mS3PerformanceTableTemplate, sizeof (mS3PerformanceTableTemplate));
+ }
+ }
+ }
+
+ if (mLockBoxReady && (mAcpiS3PerformanceTable != NULL)) {
+ //
+ // If LockBox services has been ready and memory for FPDT S3 performance table has been allocated,
+ // save the pointer to LockBox for use in S3 resume.
+ //
+ S3PerformanceTablePointer = (EFI_PHYSICAL_ADDRESS) (UINTN) mAcpiS3PerformanceTable;
+ Status = SaveLockBox (
+ &gFirmwarePerformanceS3PointerGuid,
+ &S3PerformanceTablePointer,
+ sizeof (EFI_PHYSICAL_ADDRESS)
+ );
+ ASSERT_EFI_ERROR (Status);
+ }
+}
+
+/**
Install ACPI Firmware Performance Data Table (FPDT).
@return Status code.
@@ -236,15 +335,13 @@ InstallFirmwarePerformanceDataTable ( {
EFI_STATUS Status;
EFI_ACPI_TABLE_PROTOCOL *AcpiTableProtocol;
- EFI_PHYSICAL_ADDRESS Address;
UINTN Size;
- UINT8 SmmBootRecordCommBuffer[SMM_BOOT_RECORD_COMM_SIZE];
+ UINT8 *SmmBootRecordCommBuffer;
EFI_SMM_COMMUNICATE_HEADER *SmmCommBufferHeader;
SMM_BOOT_RECORD_COMMUNICATE *SmmCommData;
UINTN CommSize;
- UINTN PerformanceRuntimeDataSize;
- UINT8 *PerformanceRuntimeData;
- UINT8 *PerformanceRuntimeDataHead;
+ UINTN BootPerformanceDataSize;
+ UINT8 *BootPerformanceData;
EFI_SMM_COMMUNICATION_PROTOCOL *Communication;
FIRMWARE_PERFORMANCE_VARIABLE PerformanceVariable;
@@ -259,12 +356,15 @@ InstallFirmwarePerformanceDataTable ( //
// Collect boot records from SMM drivers.
//
- SmmCommData = NULL;
+ SmmBootRecordCommBuffer = NULL;
+ SmmCommData = NULL;
Status = gBS->LocateProtocol (&gEfiSmmCommunicationProtocolGuid, NULL, (VOID **) &Communication);
if (!EFI_ERROR (Status)) {
//
// Initialize communicate buffer
//
+ SmmBootRecordCommBuffer = AllocateZeroPool (SMM_BOOT_RECORD_COMM_SIZE);
+ ASSERT (SmmBootRecordCommBuffer != NULL);
SmmCommBufferHeader = (EFI_SMM_COMMUNICATE_HEADER*)SmmBootRecordCommBuffer;
SmmCommData = (SMM_BOOT_RECORD_COMMUNICATE*)SmmCommBufferHeader->Data;
ZeroMem((UINT8*)SmmCommData, sizeof(SMM_BOOT_RECORD_COMMUNICATE));
@@ -296,15 +396,12 @@ InstallFirmwarePerformanceDataTable ( }
//
- // Prepare memory for runtime Performance Record.
- // Runtime performance records includes two tables S3 performance table and Boot performance table.
- // S3 Performance table includes S3Resume and S3Suspend records.
+ // Prepare memory for Boot Performance table.
// Boot Performance table includes BasicBoot record, and one or more appended Boot Records.
//
- PerformanceRuntimeData = NULL;
- PerformanceRuntimeDataSize = sizeof (S3_PERFORMANCE_TABLE) + sizeof (BOOT_PERFORMANCE_TABLE) + mBootRecordSize + PcdGet32 (PcdExtFpdtBootRecordPadSize);
+ BootPerformanceDataSize = sizeof (BOOT_PERFORMANCE_TABLE) + mBootRecordSize + PcdGet32 (PcdExtFpdtBootRecordPadSize);
if (SmmCommData != NULL) {
- PerformanceRuntimeDataSize += SmmCommData->BootRecordSize;
+ BootPerformanceDataSize += SmmCommData->BootRecordSize;
}
//
@@ -320,87 +417,66 @@ InstallFirmwarePerformanceDataTable ( &PerformanceVariable
);
if (!EFI_ERROR (Status)) {
- Address = PerformanceVariable.S3PerformanceTablePointer;
Status = gBS->AllocatePages (
AllocateAddress,
EfiReservedMemoryType,
- EFI_SIZE_TO_PAGES (PerformanceRuntimeDataSize),
- &Address
+ EFI_SIZE_TO_PAGES (BootPerformanceDataSize),
+ &PerformanceVariable.BootPerformanceTablePointer
);
if (!EFI_ERROR (Status)) {
- PerformanceRuntimeData = (UINT8 *) (UINTN) Address;
+ mAcpiBootPerformanceTable = (BOOT_PERFORMANCE_TABLE *) (UINTN) PerformanceVariable.BootPerformanceTablePointer;
}
}
- if (PerformanceRuntimeData == NULL) {
+ if (mAcpiBootPerformanceTable == NULL) {
//
// Fail to allocate at specified address, continue to allocate at any address.
//
- PerformanceRuntimeData = FpdtAllocateReservedMemoryBelow4G (PerformanceRuntimeDataSize);
+ mAcpiBootPerformanceTable = (BOOT_PERFORMANCE_TABLE *) FpdtAllocateReservedMemoryBelow4G (BootPerformanceDataSize);
}
- DEBUG ((EFI_D_INFO, "FPDT: Performance Runtime Data address = 0x%x\n", PerformanceRuntimeData));
+ DEBUG ((EFI_D_INFO, "FPDT: ACPI Boot Performance Table address = 0x%x\n", mAcpiBootPerformanceTable));
- if (PerformanceRuntimeData == NULL) {
+ if (mAcpiBootPerformanceTable == NULL) {
if (SmmCommData != NULL && SmmCommData->BootRecordData != NULL) {
FreePool (SmmCommData->BootRecordData);
}
+ if (SmmBootRecordCommBuffer != NULL) {
+ FreePool (SmmBootRecordCommBuffer);
+ }
+ if (mAcpiS3PerformanceTable != NULL) {
+ FreePages (mAcpiS3PerformanceTable, EFI_SIZE_TO_PAGES (sizeof (S3_PERFORMANCE_TABLE)));
+ }
return EFI_OUT_OF_RESOURCES;
}
-
- PerformanceRuntimeDataHead = PerformanceRuntimeData;
-
- if (FeaturePcdGet (PcdFirmwarePerformanceDataTableS3Support)) {
- //
- // Prepare S3 Performance Table.
- //
- mAcpiS3PerformanceTable = (S3_PERFORMANCE_TABLE *) PerformanceRuntimeData;
- CopyMem (mAcpiS3PerformanceTable, &mS3PerformanceTableTemplate, sizeof (mS3PerformanceTableTemplate));
- PerformanceRuntimeData = PerformanceRuntimeData + mAcpiS3PerformanceTable->Header.Length;
- DEBUG ((EFI_D_INFO, "FPDT: ACPI S3 Performance Table address = 0x%x\n", mAcpiS3PerformanceTable));
- //
- // Save S3 Performance Table address to Variable for use in Firmware Performance PEIM.
- //
- PerformanceVariable.S3PerformanceTablePointer = (EFI_PHYSICAL_ADDRESS) (UINTN) mAcpiS3PerformanceTable;
- //
- // Update S3 Performance Table Pointer in template.
- //
- mFirmwarePerformanceTableTemplate.S3PointerRecord.S3PerformanceTablePointer = (UINT64) PerformanceVariable.S3PerformanceTablePointer;
- } else {
- //
- // Exclude S3 Performance Table Pointer from FPDT table template.
- //
- mFirmwarePerformanceTableTemplate.Header.Length -= sizeof (EFI_ACPI_5_0_FPDT_S3_PERFORMANCE_TABLE_POINTER_RECORD);
- }
//
// Prepare Boot Performance Table.
//
- mAcpiBootPerformanceTable = (BOOT_PERFORMANCE_TABLE *) PerformanceRuntimeData;
+ BootPerformanceData = (UINT8 *) mAcpiBootPerformanceTable;
//
// Fill Basic Boot record to Boot Performance Table.
//
- CopyMem (PerformanceRuntimeData, &mBootPerformanceTableTemplate, sizeof (mBootPerformanceTableTemplate));
- PerformanceRuntimeData = PerformanceRuntimeData + mAcpiBootPerformanceTable->Header.Length;
+ CopyMem (mAcpiBootPerformanceTable, &mBootPerformanceTableTemplate, sizeof (mBootPerformanceTableTemplate));
+ BootPerformanceData = BootPerformanceData + mAcpiBootPerformanceTable->Header.Length;
//
// Fill Boot records from boot drivers.
//
- CopyMem (PerformanceRuntimeData, mBootRecordBuffer, mBootRecordSize);
+ CopyMem (BootPerformanceData, mBootRecordBuffer, mBootRecordSize);
mAcpiBootPerformanceTable->Header.Length += mBootRecordSize;
- PerformanceRuntimeData = PerformanceRuntimeData + mBootRecordSize;
+ BootPerformanceData = BootPerformanceData + mBootRecordSize;
if (SmmCommData != NULL && SmmCommData->BootRecordData != NULL) {
//
// Fill Boot records from SMM drivers.
//
- CopyMem (PerformanceRuntimeData, SmmCommData->BootRecordData, SmmCommData->BootRecordSize);
+ CopyMem (BootPerformanceData, SmmCommData->BootRecordData, SmmCommData->BootRecordSize);
FreePool (SmmCommData->BootRecordData);
mAcpiBootPerformanceTable->Header.Length = (UINT32) (mAcpiBootPerformanceTable->Header.Length + SmmCommData->BootRecordSize);
- PerformanceRuntimeData = PerformanceRuntimeData + SmmCommData->BootRecordSize;
+ BootPerformanceData = BootPerformanceData + SmmCommData->BootRecordSize;
}
- //
- // Reserve space for boot records after ReadyToBoot.
- //
- PerformanceRuntimeData = PerformanceRuntimeData + PcdGet32 (PcdExtFpdtBootRecordPadSize);
- DEBUG ((EFI_D_INFO, "FPDT: ACPI Boot Performance Table address = 0x%x\n", mAcpiBootPerformanceTable));
+ if (SmmBootRecordCommBuffer != NULL) {
+ FreePool (SmmBootRecordCommBuffer);
+ }
+
//
// Save Boot Performance Table address to Variable for use in S4 resume.
//
@@ -411,12 +487,20 @@ InstallFirmwarePerformanceDataTable ( mFirmwarePerformanceTableTemplate.BootPointerRecord.BootPerformanceTablePointer = (UINT64) (UINTN) mAcpiBootPerformanceTable;
//
+ // Save S3 Performance Table address to Variable for use in S4 resume.
+ //
+ PerformanceVariable.S3PerformanceTablePointer = (EFI_PHYSICAL_ADDRESS) (UINTN) mAcpiS3PerformanceTable;
+ //
+ // Update S3 Performance Table Pointer in template.
+ //
+ mFirmwarePerformanceTableTemplate.S3PointerRecord.S3PerformanceTablePointer = (UINT64) (UINTN) mAcpiS3PerformanceTable;
+ //
// Save Runtime Performance Table pointers to Variable.
//
Status = gRT->SetVariable (
EFI_FIRMWARE_PERFORMANCE_VARIABLE_NAME,
&gEfiFirmwarePerformanceGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
sizeof (PerformanceVariable),
&PerformanceVariable
);
@@ -433,7 +517,10 @@ InstallFirmwarePerformanceDataTable ( &mFirmwarePerformanceTableTemplateKey
);
if (EFI_ERROR (Status)) {
- FreePool (PerformanceRuntimeDataHead);
+ FreePages (mAcpiBootPerformanceTable, EFI_SIZE_TO_PAGES (BootPerformanceDataSize));
+ if (mAcpiS3PerformanceTable != NULL) {
+ FreePages (mAcpiS3PerformanceTable, EFI_SIZE_TO_PAGES (sizeof (S3_PERFORMANCE_TABLE)));
+ }
mAcpiBootPerformanceTable = NULL;
mAcpiS3PerformanceTable = NULL;
return Status;
@@ -700,6 +787,7 @@ FirmwarePerformanceDxeEntryPoint ( EFI_STATUS Status;
EFI_HOB_GUID_TYPE *GuidHob;
FIRMWARE_SEC_PERFORMANCE *Performance;
+ VOID *Registration;
//
// Get Report Status Code Handler Protocol.
@@ -766,5 +854,31 @@ FirmwarePerformanceDxeEntryPoint ( DEBUG ((EFI_D_ERROR, "FPDT: WARNING: SEC Performance Data Hob not found, ResetEnd will be set to 0!\n"));
}
+ if (FeaturePcdGet (PcdFirmwarePerformanceDataTableS3Support)) {
+ //
+ // Register callback function upon VariableArchProtocol and LockBoxProtocol
+ // to allocate S3 performance table memory and save the pointer to LockBox.
+ //
+ EfiCreateProtocolNotifyEvent (
+ &gEfiVariableArchProtocolGuid,
+ TPL_CALLBACK,
+ FpdtAllocateS3PerformanceTableMemory,
+ NULL,
+ &Registration
+ );
+ EfiCreateProtocolNotifyEvent (
+ &gEfiLockBoxProtocolGuid,
+ TPL_CALLBACK,
+ FpdtAllocateS3PerformanceTableMemory,
+ NULL,
+ &Registration
+ );
+ } else {
+ //
+ // Exclude S3 Performance Table Pointer from FPDT table template.
+ //
+ mFirmwarePerformanceTableTemplate.Header.Length -= sizeof (EFI_ACPI_5_0_FPDT_S3_PERFORMANCE_TABLE_POINTER_RECORD);
+ }
+
return EFI_SUCCESS;
}
diff --git a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTableDxe/FirmwarePerformanceDxe.inf b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTableDxe/FirmwarePerformanceDxe.inf index 89424acaa..5a9628f92 100644 --- a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTableDxe/FirmwarePerformanceDxe.inf +++ b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTableDxe/FirmwarePerformanceDxe.inf @@ -5,7 +5,7 @@ # for Firmware Basic Boot Performance Record and other boot performance records,
# and install FPDT to ACPI table.
#
-# Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -48,11 +48,15 @@ MemoryAllocationLib
PcdLib
HobLib
+ LockBoxLib
+ UefiLib
[Protocols]
gEfiAcpiTableProtocolGuid ## SOMETIMES_CONSUMES
gEfiRscHandlerProtocolGuid ## CONSUMES
gEfiSmmCommunicationProtocolGuid ## SOMETIMES_CONSUMES
+ gEfiVariableArchProtocolGuid ## SOMETIMES_CONSUMES
+ gEfiLockBoxProtocolGuid ## SOMETIMES_CONSUMES
[Guids]
gEfiEventExitBootServicesGuid ## CONSUMES
@@ -65,6 +69,7 @@ gEfiFirmwarePerformanceGuid ## SOMETIMES_CONSUMES ## Hob
gEfiFirmwarePerformanceGuid ## SOMETIMES_CONSUMES ## SmiHandler
gEfiFirmwarePerformanceGuid ## SOMETIMES_CONSUMES ## StatusCode Data
+ gFirmwarePerformanceS3PointerGuid ## SOMETIMES_PRODUCES # SaveLockBox
[Pcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdProgressCodeOsLoaderLoad
diff --git a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c index af9b4e3c6..70592cbc3 100644 --- a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c +++ b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c @@ -7,7 +7,7 @@ This module register report status code listener to collect performance data
for S3 Resume Performance Record on S3 resume boot path.
- Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -20,7 +20,6 @@ #include <PiPei.h>
-#include <Ppi/ReadOnlyVariable2.h>
#include <Ppi/ReportStatusCodeHandler.h>
#include <Ppi/SecPerformance.h>
@@ -68,9 +67,8 @@ FpdtStatusCodeListenerPei ( {
EFI_STATUS Status;
UINT64 CurrentTime;
- EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariableServices;
UINTN VarSize;
- FIRMWARE_PERFORMANCE_VARIABLE PerformanceVariable;
+ EFI_PHYSICAL_ADDRESS S3PerformanceTablePointer;
S3_PERFORMANCE_TABLE *AcpiS3PerformanceTable;
EFI_ACPI_5_0_FPDT_S3_RESUME_RECORD *AcpiS3ResumeRecord;
UINT64 S3ResumeTotal;
@@ -90,33 +88,20 @@ FpdtStatusCodeListenerPei ( //
CurrentTime = GetTimeInNanoSecond (GetPerformanceCounter ());
- Status = PeiServicesLocatePpi (
- &gEfiPeiReadOnlyVariable2PpiGuid,
- 0,
- NULL,
- (VOID **) &VariableServices
- );
- ASSERT_EFI_ERROR (Status);
-
//
// Update S3 Resume Performance Record.
//
- VarSize = sizeof (FIRMWARE_PERFORMANCE_VARIABLE);
- Status = VariableServices->GetVariable (
- VariableServices,
- EFI_FIRMWARE_PERFORMANCE_VARIABLE_NAME,
- &gEfiFirmwarePerformanceGuid,
- NULL,
- &VarSize,
- &PerformanceVariable
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
+ S3PerformanceTablePointer = 0;
+ VarSize = sizeof (EFI_PHYSICAL_ADDRESS);
+ Status = RestoreLockBox (&gFirmwarePerformanceS3PointerGuid, &S3PerformanceTablePointer, &VarSize);
+ ASSERT_EFI_ERROR (Status);
- AcpiS3PerformanceTable = (S3_PERFORMANCE_TABLE *) (UINTN) PerformanceVariable.S3PerformanceTablePointer;
+ AcpiS3PerformanceTable = (S3_PERFORMANCE_TABLE *) (UINTN) S3PerformanceTablePointer;
ASSERT (AcpiS3PerformanceTable != NULL);
- ASSERT (AcpiS3PerformanceTable->Header.Signature == EFI_ACPI_5_0_FPDT_S3_PERFORMANCE_TABLE_SIGNATURE);
+ if (AcpiS3PerformanceTable->Header.Signature != EFI_ACPI_5_0_FPDT_S3_PERFORMANCE_TABLE_SIGNATURE) {
+ DEBUG ((EFI_D_ERROR, "FPDT S3 performance data in ACPI memory get corrupted\n"));
+ return EFI_ABORTED;
+ }
AcpiS3ResumeRecord = &AcpiS3PerformanceTable->S3Resume;
AcpiS3ResumeRecord->FullResume = CurrentTime;
//
diff --git a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.inf b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.inf index 0694899bc..aced5c521 100644 --- a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.inf +++ b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.inf @@ -7,7 +7,7 @@ # This module register report status code listener to collect performance data
# for S3 Resume Performance Record on S3 resume boot path.
#
-# Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -52,11 +52,11 @@ [Ppis]
gEfiPeiRscHandlerPpiGuid ## CONSUMES
- gEfiPeiReadOnlyVariable2PpiGuid ## SOMETIMES_CONSUMES
gPeiSecPerformancePpiGuid ## CONSUMES
[Guids]
gEfiFirmwarePerformanceGuid ## CONSUMES
+ gFirmwarePerformanceS3PointerGuid ## CONSUMES
[FeaturePcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwarePerformanceDataTableS3Support
diff --git a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTableSmm/FirmwarePerformanceSmm.c b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTableSmm/FirmwarePerformanceSmm.c index ebf81ca6f..9c5fd4db8 100644 --- a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTableSmm/FirmwarePerformanceSmm.c +++ b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTableSmm/FirmwarePerformanceSmm.c @@ -266,6 +266,9 @@ FpdtSmiHandler ( {
EFI_STATUS Status;
SMM_BOOT_RECORD_COMMUNICATE *SmmCommData;
+ UINTN BootRecordSize;
+ VOID *BootRecordData;
+ UINTN TempCommBufferSize;
//
// If input is invalid, stop processing this SMI
@@ -274,12 +277,14 @@ FpdtSmiHandler ( return EFI_SUCCESS;
}
- if(*CommBufferSize < sizeof (SMM_BOOT_RECORD_COMMUNICATE)) {
+ TempCommBufferSize = *CommBufferSize;
+
+ if(TempCommBufferSize < sizeof (SMM_BOOT_RECORD_COMMUNICATE)) {
return EFI_SUCCESS;
}
- if (!InternalIsAddressValid ((UINTN)CommBuffer, *CommBufferSize)) {
- DEBUG ((EFI_D_ERROR, "SMM communication data buffer in SMRAM or overflow!\n"));
+ if (!InternalIsAddressValid ((UINTN)CommBuffer, TempCommBufferSize)) {
+ DEBUG ((EFI_D_ERROR, "FpdtSmiHandler: SMM communication data buffer in SMRAM or overflow!\n"));
return EFI_SUCCESS;
}
@@ -293,7 +298,9 @@ FpdtSmiHandler ( break;
case SMM_FPDT_FUNCTION_GET_BOOT_RECORD_DATA :
- if (SmmCommData->BootRecordData == NULL || SmmCommData->BootRecordSize < mBootRecordSize) {
+ BootRecordData = SmmCommData->BootRecordData;
+ BootRecordSize = SmmCommData->BootRecordSize;
+ if (BootRecordData == NULL || BootRecordSize < mBootRecordSize) {
Status = EFI_INVALID_PARAMETER;
break;
}
@@ -302,14 +309,14 @@ FpdtSmiHandler ( // Sanity check
//
SmmCommData->BootRecordSize = mBootRecordSize;
- if (!InternalIsAddressValid ((UINTN)SmmCommData->BootRecordData, mBootRecordSize)) {
- DEBUG ((EFI_D_ERROR, "SMM Data buffer in SMRAM or overflow!\n"));
+ if (!InternalIsAddressValid ((UINTN)BootRecordData, mBootRecordSize)) {
+ DEBUG ((EFI_D_ERROR, "FpdtSmiHandler: SMM Data buffer in SMRAM or overflow!\n"));
Status = EFI_ACCESS_DENIED;
break;
}
CopyMem (
- (UINT8*)SmmCommData->BootRecordData,
+ (UINT8*)BootRecordData,
mBootRecordBuffer,
mBootRecordSize
);
diff --git a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c index 8b88ae41e..2b3a63081 100644 --- a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c +++ b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c @@ -369,7 +369,10 @@ SmmFaultTolerantWriteHandler ( VOID *PrivateData;
EFI_HANDLE SmmFvbHandle;
UINTN InfoSize;
-
+ UINTN CommBufferPayloadSize;
+ UINTN PrivateDataSize;
+ UINTN Length;
+ UINTN TempCommBufferSize;
//
// If input is invalid, stop processing this SMI
@@ -378,12 +381,16 @@ SmmFaultTolerantWriteHandler ( return EFI_SUCCESS;
}
- if (*CommBufferSize < SMM_FTW_COMMUNICATE_HEADER_SIZE) {
+ TempCommBufferSize = *CommBufferSize;
+
+ if (TempCommBufferSize < SMM_FTW_COMMUNICATE_HEADER_SIZE) {
+ DEBUG ((EFI_D_ERROR, "SmmFtwHandler: SMM communication buffer size invalid!\n"));
return EFI_SUCCESS;
}
+ CommBufferPayloadSize = TempCommBufferSize - SMM_FTW_COMMUNICATE_HEADER_SIZE;
- if (!InternalIsAddressValid ((UINTN)CommBuffer, *CommBufferSize)) {
- DEBUG ((EFI_D_ERROR, "SMM communication buffer in SMRAM or overflow!\n"));
+ if (!InternalIsAddressValid ((UINTN)CommBuffer, TempCommBufferSize)) {
+ DEBUG ((EFI_D_ERROR, "SmmFtwHandler: SMM communication buffer in SMRAM or overflow!\n"));
return EFI_SUCCESS;
}
@@ -400,17 +407,11 @@ SmmFaultTolerantWriteHandler ( switch (SmmFtwFunctionHeader->Function) {
case FTW_FUNCTION_GET_MAX_BLOCK_SIZE:
- SmmGetMaxBlockSizeHeader = (SMM_FTW_GET_MAX_BLOCK_SIZE_HEADER *) SmmFtwFunctionHeader->Data;
- InfoSize = sizeof (SMM_FTW_GET_MAX_BLOCK_SIZE_HEADER);
-
- //
- // SMRAM range check already covered before
- //
- if (InfoSize > *CommBufferSize - SMM_FTW_COMMUNICATE_HEADER_SIZE) {
- DEBUG ((EFI_D_ERROR, "Data size exceed communication buffer size limit!\n"));
- Status = EFI_ACCESS_DENIED;
- break;
+ if (CommBufferPayloadSize < sizeof (SMM_FTW_GET_MAX_BLOCK_SIZE_HEADER)) {
+ DEBUG ((EFI_D_ERROR, "GetMaxBlockSize: SMM communication buffer size invalid!\n"));
+ return EFI_SUCCESS;
}
+ SmmGetMaxBlockSizeHeader = (SMM_FTW_GET_MAX_BLOCK_SIZE_HEADER *) SmmFtwFunctionHeader->Data;
Status = FtwGetMaxBlockSize (
&mFtwDevice->FtwInstance,
@@ -419,6 +420,10 @@ SmmFaultTolerantWriteHandler ( break;
case FTW_FUNCTION_ALLOCATE:
+ if (CommBufferPayloadSize < sizeof (SMM_FTW_ALLOCATE_HEADER)) {
+ DEBUG ((EFI_D_ERROR, "Allocate: SMM communication buffer size invalid!\n"));
+ return EFI_SUCCESS;
+ }
SmmFtwAllocateHeader = (SMM_FTW_ALLOCATE_HEADER *) SmmFtwFunctionHeader->Data;
Status = FtwAllocate (
&mFtwDevice->FtwInstance,
@@ -429,11 +434,36 @@ SmmFaultTolerantWriteHandler ( break;
case FTW_FUNCTION_WRITE:
+ if (CommBufferPayloadSize < OFFSET_OF (SMM_FTW_WRITE_HEADER, Data)) {
+ DEBUG ((EFI_D_ERROR, "Write: SMM communication buffer size invalid!\n"));
+ return EFI_SUCCESS;
+ }
SmmFtwWriteHeader = (SMM_FTW_WRITE_HEADER *) SmmFtwFunctionHeader->Data;
- if (SmmFtwWriteHeader->PrivateDataSize == 0) {
+ Length = SmmFtwWriteHeader->Length;
+ PrivateDataSize = SmmFtwWriteHeader->PrivateDataSize;
+ if (((UINTN)(~0) - Length < OFFSET_OF (SMM_FTW_WRITE_HEADER, Data)) ||
+ ((UINTN)(~0) - PrivateDataSize < OFFSET_OF (SMM_FTW_WRITE_HEADER, Data) + Length)) {
+ //
+ // Prevent InfoSize overflow
+ //
+ Status = EFI_ACCESS_DENIED;
+ break;
+ }
+ InfoSize = OFFSET_OF (SMM_FTW_WRITE_HEADER, Data) + Length + PrivateDataSize;
+
+ //
+ // SMRAM range check already covered before
+ //
+ if (InfoSize > CommBufferPayloadSize) {
+ DEBUG ((EFI_D_ERROR, "Write: Data size exceed communication buffer size limit!\n"));
+ Status = EFI_ACCESS_DENIED;
+ break;
+ }
+
+ if (PrivateDataSize == 0) {
PrivateData = NULL;
} else {
- PrivateData = (VOID *)&SmmFtwWriteHeader->Data[SmmFtwWriteHeader->Length];
+ PrivateData = (VOID *)&SmmFtwWriteHeader->Data[Length];
}
Status = GetFvbByAddressAndAttribute (
SmmFtwWriteHeader->FvbBaseAddress,
@@ -445,7 +475,7 @@ SmmFaultTolerantWriteHandler ( &mFtwDevice->FtwInstance,
SmmFtwWriteHeader->Lba,
SmmFtwWriteHeader->Offset,
- SmmFtwWriteHeader->Length,
+ Length,
PrivateData,
SmmFvbHandle,
SmmFtwWriteHeader->Data
@@ -454,6 +484,10 @@ SmmFaultTolerantWriteHandler ( break;
case FTW_FUNCTION_RESTART:
+ if (CommBufferPayloadSize < sizeof (SMM_FTW_RESTART_HEADER)) {
+ DEBUG ((EFI_D_ERROR, "Restart: SMM communication buffer size invalid!\n"));
+ return EFI_SUCCESS;
+ }
SmmFtwRestartHeader = (SMM_FTW_RESTART_HEADER *) SmmFtwFunctionHeader->Data;
Status = GetFvbByAddressAndAttribute (
SmmFtwRestartHeader->FvbBaseAddress,
@@ -470,20 +504,25 @@ SmmFaultTolerantWriteHandler ( break;
case FTW_FUNCTION_GET_LAST_WRITE:
+ if (CommBufferPayloadSize < OFFSET_OF (SMM_FTW_GET_LAST_WRITE_HEADER, Data)) {
+ DEBUG ((EFI_D_ERROR, "GetLastWrite: SMM communication buffer size invalid!\n"));
+ return EFI_SUCCESS;
+ }
SmmFtwGetLastWriteHeader = (SMM_FTW_GET_LAST_WRITE_HEADER *) SmmFtwFunctionHeader->Data;
- if ((UINTN)(~0) - SmmFtwGetLastWriteHeader->PrivateDataSize < OFFSET_OF (SMM_FTW_GET_LAST_WRITE_HEADER, Data)){
+ PrivateDataSize = SmmFtwGetLastWriteHeader->PrivateDataSize;
+ if ((UINTN)(~0) - PrivateDataSize < OFFSET_OF (SMM_FTW_GET_LAST_WRITE_HEADER, Data)){
//
// Prevent InfoSize overflow
//
Status = EFI_ACCESS_DENIED;
break;
}
- InfoSize = OFFSET_OF (SMM_FTW_GET_LAST_WRITE_HEADER, Data) + SmmFtwGetLastWriteHeader->PrivateDataSize;
+ InfoSize = OFFSET_OF (SMM_FTW_GET_LAST_WRITE_HEADER, Data) + PrivateDataSize;
//
// SMRAM range check already covered before
//
- if (InfoSize > *CommBufferSize - SMM_FTW_COMMUNICATE_HEADER_SIZE) {
+ if (InfoSize > CommBufferPayloadSize) {
DEBUG ((EFI_D_ERROR, "Data size exceed communication buffer size limit!\n"));
Status = EFI_ACCESS_DENIED;
break;
@@ -495,10 +534,11 @@ SmmFaultTolerantWriteHandler ( &SmmFtwGetLastWriteHeader->Lba,
&SmmFtwGetLastWriteHeader->Offset,
&SmmFtwGetLastWriteHeader->Length,
- &SmmFtwGetLastWriteHeader->PrivateDataSize,
+ &PrivateDataSize,
(VOID *)SmmFtwGetLastWriteHeader->Data,
&SmmFtwGetLastWriteHeader->Complete
);
+ SmmFtwGetLastWriteHeader->PrivateDataSize = PrivateDataSize;
break;
default:
@@ -532,6 +572,7 @@ FvbNotificationEvent ( EFI_STATUS Status;
EFI_SMM_FAULT_TOLERANT_WRITE_PROTOCOL *FtwProtocol;
EFI_HANDLE SmmFtwHandle;
+ EFI_HANDLE FtwHandle;
//
// Just return to avoid install SMM FaultTolerantWriteProtocol again
@@ -553,7 +594,7 @@ FvbNotificationEvent ( if (EFI_ERROR(Status)) {
return Status;
}
-
+
//
// Install protocol interface
//
@@ -565,12 +606,18 @@ FvbNotificationEvent ( );
ASSERT_EFI_ERROR (Status);
+ ///
+ /// Register SMM FTW SMI handler
+ ///
+ Status = gSmst->SmiHandlerRegister (SmmFaultTolerantWriteHandler, &gEfiSmmFaultTolerantWriteProtocolGuid, &SmmFtwHandle);
+ ASSERT_EFI_ERROR (Status);
+
//
// Notify the Ftw wrapper driver SMM Ftw is ready
//
- SmmFtwHandle = NULL;
+ FtwHandle = NULL;
Status = gBS->InstallProtocolInterface (
- &SmmFtwHandle,
+ &FtwHandle,
&gEfiSmmFaultTolerantWriteProtocolGuid,
EFI_NATIVE_INTERFACE,
NULL
@@ -621,7 +668,6 @@ SmmFaultTolerantWriteInitialize ( )
{
EFI_STATUS Status;
- EFI_HANDLE FtwHandle;
EFI_SMM_ACCESS2_PROTOCOL *SmmAccess;
UINTN Size;
VOID *SmmEndOfDxeRegistration;
@@ -677,12 +723,6 @@ SmmFaultTolerantWriteInitialize ( ASSERT_EFI_ERROR (Status);
FvbNotificationEvent (NULL, NULL, NULL);
-
- ///
- /// Register SMM FTW SMI handler
- ///
- Status = gSmst->SmiHandlerRegister (SmmFaultTolerantWriteHandler, &gEfiSmmFaultTolerantWriteProtocolGuid, &FtwHandle);
- ASSERT_EFI_ERROR (Status);
return EFI_SUCCESS;
}
diff --git a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmmDxe.c b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmmDxe.c index 24b157df0..772d10dcd 100644 --- a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmmDxe.c +++ b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmmDxe.c @@ -3,7 +3,7 @@ Implement the Fault Tolerant Write (FTW) protocol based on SMM FTW
module.
-Copyright (c) 2011, Intel Corporation. All rights reserved. <BR>
+Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -463,13 +463,17 @@ FtwGetLastWrite ( // Get data from SMM
//
*PrivateDataSize = SmmFtwGetLastWriteHeader->PrivateDataSize;
- if (!EFI_ERROR (Status)) {
+ if (Status == EFI_SUCCESS || Status == EFI_BUFFER_TOO_SMALL) {
*Lba = SmmFtwGetLastWriteHeader->Lba;
*Offset = SmmFtwGetLastWriteHeader->Offset;
*Length = SmmFtwGetLastWriteHeader->Length;
*Complete = SmmFtwGetLastWriteHeader->Complete;
CopyGuid (CallerId, &SmmFtwGetLastWriteHeader->CallerId);
- CopyMem (PrivateData, SmmFtwGetLastWriteHeader->Data, *PrivateDataSize);
+ if (Status == EFI_SUCCESS) {
+ CopyMem (PrivateData, SmmFtwGetLastWriteHeader->Data, *PrivateDataSize);
+ }
+ } else if (Status == EFI_NOT_FOUND) {
+ *Complete = SmmFtwGetLastWriteHeader->Complete;
}
FreePool (SmmCommunicateHeader);
diff --git a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c index 7a0d6d29a..ad4b2645c 100644 --- a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c +++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c @@ -111,6 +111,7 @@ SmmLockBoxSave ( )
{
EFI_STATUS Status;
+ EFI_SMM_LOCK_BOX_PARAMETER_SAVE TempLockBoxParameterSave;
//
// Sanity check
@@ -121,10 +122,12 @@ SmmLockBoxSave ( return ;
}
+ CopyMem (&TempLockBoxParameterSave, LockBoxParameterSave, sizeof (EFI_SMM_LOCK_BOX_PARAMETER_SAVE));
+
//
// Sanity check
//
- if (!IsAddressValid ((UINTN)LockBoxParameterSave->Buffer, (UINTN)LockBoxParameterSave->Length)) {
+ if (!IsAddressValid ((UINTN)TempLockBoxParameterSave.Buffer, (UINTN)TempLockBoxParameterSave.Length)) {
DEBUG ((EFI_D_ERROR, "SmmLockBox Save address in SMRAM or buffer overflow!\n"));
LockBoxParameterSave->Header.ReturnStatus = (UINT64)EFI_ACCESS_DENIED;
return ;
@@ -134,9 +137,9 @@ SmmLockBoxSave ( // Save data
//
Status = SaveLockBox (
- &LockBoxParameterSave->Guid,
- (VOID *)(UINTN)LockBoxParameterSave->Buffer,
- (UINTN)LockBoxParameterSave->Length
+ &TempLockBoxParameterSave.Guid,
+ (VOID *)(UINTN)TempLockBoxParameterSave.Buffer,
+ (UINTN)TempLockBoxParameterSave.Length
);
LockBoxParameterSave->Header.ReturnStatus = (UINT64)Status;
return ;
@@ -153,6 +156,7 @@ SmmLockBoxSetAttributes ( )
{
EFI_STATUS Status;
+ EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES TempLockBoxParameterSetAttributes;
//
// Sanity check
@@ -163,12 +167,14 @@ SmmLockBoxSetAttributes ( return ;
}
+ CopyMem (&TempLockBoxParameterSetAttributes, LockBoxParameterSetAttributes, sizeof (EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES));
+
//
// Update data
//
Status = SetLockBoxAttributes (
- &LockBoxParameterSetAttributes->Guid,
- LockBoxParameterSetAttributes->Attributes
+ &TempLockBoxParameterSetAttributes.Guid,
+ TempLockBoxParameterSetAttributes.Attributes
);
LockBoxParameterSetAttributes->Header.ReturnStatus = (UINT64)Status;
return ;
@@ -189,6 +195,7 @@ SmmLockBoxUpdate ( )
{
EFI_STATUS Status;
+ EFI_SMM_LOCK_BOX_PARAMETER_UPDATE TempLockBoxParameterUpdate;
//
// Sanity check
@@ -199,10 +206,12 @@ SmmLockBoxUpdate ( return ;
}
+ CopyMem (&TempLockBoxParameterUpdate, LockBoxParameterUpdate, sizeof (EFI_SMM_LOCK_BOX_PARAMETER_UPDATE));
+
//
// Sanity check
//
- if (!IsAddressValid ((UINTN)LockBoxParameterUpdate->Buffer, (UINTN)LockBoxParameterUpdate->Length)) {
+ if (!IsAddressValid ((UINTN)TempLockBoxParameterUpdate.Buffer, (UINTN)TempLockBoxParameterUpdate.Length)) {
DEBUG ((EFI_D_ERROR, "SmmLockBox Update address in SMRAM or buffer overflow!\n"));
LockBoxParameterUpdate->Header.ReturnStatus = (UINT64)EFI_ACCESS_DENIED;
return ;
@@ -212,10 +221,10 @@ SmmLockBoxUpdate ( // Update data
//
Status = UpdateLockBox (
- &LockBoxParameterUpdate->Guid,
- (UINTN)LockBoxParameterUpdate->Offset,
- (VOID *)(UINTN)LockBoxParameterUpdate->Buffer,
- (UINTN)LockBoxParameterUpdate->Length
+ &TempLockBoxParameterUpdate.Guid,
+ (UINTN)TempLockBoxParameterUpdate.Offset,
+ (VOID *)(UINTN)TempLockBoxParameterUpdate.Buffer,
+ (UINTN)TempLockBoxParameterUpdate.Length
);
LockBoxParameterUpdate->Header.ReturnStatus = (UINT64)Status;
return ;
@@ -236,11 +245,14 @@ SmmLockBoxRestore ( )
{
EFI_STATUS Status;
+ EFI_SMM_LOCK_BOX_PARAMETER_RESTORE TempLockBoxParameterRestore;
+
+ CopyMem (&TempLockBoxParameterRestore, LockBoxParameterRestore, sizeof (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE));
//
// Sanity check
//
- if (!IsAddressValid ((UINTN)LockBoxParameterRestore->Buffer, (UINTN)LockBoxParameterRestore->Length)) {
+ if (!IsAddressValid ((UINTN)TempLockBoxParameterRestore.Buffer, (UINTN)TempLockBoxParameterRestore.Length)) {
DEBUG ((EFI_D_ERROR, "SmmLockBox Restore address in SMRAM or buffer overflow!\n"));
LockBoxParameterRestore->Header.ReturnStatus = (UINT64)EFI_ACCESS_DENIED;
return ;
@@ -249,17 +261,17 @@ SmmLockBoxRestore ( //
// Restore data
//
- if ((LockBoxParameterRestore->Length == 0) && (LockBoxParameterRestore->Buffer == 0)) {
+ if ((TempLockBoxParameterRestore.Length == 0) && (TempLockBoxParameterRestore.Buffer == 0)) {
Status = RestoreLockBox (
- &LockBoxParameterRestore->Guid,
+ &TempLockBoxParameterRestore.Guid,
NULL,
NULL
);
} else {
Status = RestoreLockBox (
- &LockBoxParameterRestore->Guid,
- (VOID *)(UINTN)LockBoxParameterRestore->Buffer,
- (UINTN *)&LockBoxParameterRestore->Length
+ &TempLockBoxParameterRestore.Guid,
+ (VOID *)(UINTN)TempLockBoxParameterRestore.Buffer,
+ (UINTN *)&TempLockBoxParameterRestore.Length
);
}
LockBoxParameterRestore->Header.ReturnStatus = (UINT64)Status;
@@ -309,17 +321,27 @@ SmmLockBoxHandler ( )
{
EFI_SMM_LOCK_BOX_PARAMETER_HEADER *LockBoxParameterHeader;
+ UINTN TempCommBufferSize;
DEBUG ((EFI_D_ERROR, "SmmLockBox SmmLockBoxHandler Enter\n"));
//
+ // If input is invalid, stop processing this SMI
+ //
+ if (CommBuffer == NULL || CommBufferSize == NULL) {
+ return EFI_SUCCESS;
+ }
+
+ TempCommBufferSize = *CommBufferSize;
+
+ //
// Sanity check
//
- if (*CommBufferSize < sizeof(EFI_SMM_LOCK_BOX_PARAMETER_HEADER)) {
+ if (TempCommBufferSize < sizeof(EFI_SMM_LOCK_BOX_PARAMETER_HEADER)) {
DEBUG ((EFI_D_ERROR, "SmmLockBox Command Buffer Size invalid!\n"));
return EFI_SUCCESS;
}
- if (!IsAddressValid ((UINTN)CommBuffer, *CommBufferSize)) {
+ if (!IsAddressValid ((UINTN)CommBuffer, TempCommBufferSize)) {
DEBUG ((EFI_D_ERROR, "SmmLockBox Command Buffer in SMRAM or overflow!\n"));
return EFI_SUCCESS;
}
@@ -334,35 +356,35 @@ SmmLockBoxHandler ( switch (LockBoxParameterHeader->Command) {
case EFI_SMM_LOCK_BOX_COMMAND_SAVE:
- if (*CommBufferSize < sizeof(EFI_SMM_LOCK_BOX_PARAMETER_SAVE)) {
+ if (TempCommBufferSize < sizeof(EFI_SMM_LOCK_BOX_PARAMETER_SAVE)) {
DEBUG ((EFI_D_ERROR, "SmmLockBox Command Buffer Size for SAVE invalid!\n"));
break;
}
SmmLockBoxSave ((EFI_SMM_LOCK_BOX_PARAMETER_SAVE *)(UINTN)LockBoxParameterHeader);
break;
case EFI_SMM_LOCK_BOX_COMMAND_UPDATE:
- if (*CommBufferSize < sizeof(EFI_SMM_LOCK_BOX_PARAMETER_UPDATE)) {
+ if (TempCommBufferSize < sizeof(EFI_SMM_LOCK_BOX_PARAMETER_UPDATE)) {
DEBUG ((EFI_D_ERROR, "SmmLockBox Command Buffer Size for UPDATE invalid!\n"));
break;
}
SmmLockBoxUpdate ((EFI_SMM_LOCK_BOX_PARAMETER_UPDATE *)(UINTN)LockBoxParameterHeader);
break;
case EFI_SMM_LOCK_BOX_COMMAND_RESTORE:
- if (*CommBufferSize < sizeof(EFI_SMM_LOCK_BOX_PARAMETER_RESTORE)) {
+ if (TempCommBufferSize < sizeof(EFI_SMM_LOCK_BOX_PARAMETER_RESTORE)) {
DEBUG ((EFI_D_ERROR, "SmmLockBox Command Buffer Size for RESTORE invalid!\n"));
break;
}
SmmLockBoxRestore ((EFI_SMM_LOCK_BOX_PARAMETER_RESTORE *)(UINTN)LockBoxParameterHeader);
break;
case EFI_SMM_LOCK_BOX_COMMAND_SET_ATTRIBUTES:
- if (*CommBufferSize < sizeof(EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES)) {
+ if (TempCommBufferSize < sizeof(EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES)) {
DEBUG ((EFI_D_ERROR, "SmmLockBox Command Buffer Size for SET_ATTRIBUTES invalid!\n"));
break;
}
SmmLockBoxSetAttributes ((EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES *)(UINTN)LockBoxParameterHeader);
break;
case EFI_SMM_LOCK_BOX_COMMAND_RESTORE_ALL_IN_PLACE:
- if (*CommBufferSize < sizeof(EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE)) {
+ if (TempCommBufferSize < sizeof(EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE)) {
DEBUG ((EFI_D_ERROR, "SmmLockBox Command Buffer Size for RESTORE_ALL_IN_PLACE invalid!\n"));
break;
}
diff --git a/MdeModulePkg/Universal/Network/Ip4ConfigDxe/Ip4ConfigDriver.c b/MdeModulePkg/Universal/Network/Ip4ConfigDxe/Ip4ConfigDriver.c index 2a9fcb94e..790e44be4 100644 --- a/MdeModulePkg/Universal/Network/Ip4ConfigDxe/Ip4ConfigDriver.c +++ b/MdeModulePkg/Universal/Network/Ip4ConfigDxe/Ip4ConfigDriver.c @@ -1,7 +1,7 @@ /** @file
The driver binding for IP4 CONFIG protocol.
-Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at<BR>
@@ -71,7 +71,7 @@ IP4_CONFIG_INSTANCE mIp4ConfigTemplate = { NULL,
NULL,
NULL,
- EFI_NOT_READY,
+ 0,
{
0,
0,
@@ -109,6 +109,8 @@ Ip4ConfigDriverEntryPoint ( IN EFI_SYSTEM_TABLE *SystemTable
)
{
+ mIp4ConfigTemplate.Result = EFI_NOT_READY;
+
return EfiLibInstallDriverBindingComponentName2 (
ImageHandle,
SystemTable,
diff --git a/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcDhcp.c b/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcDhcp.c index fa3594d36..8be753151 100644 --- a/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcDhcp.c +++ b/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcDhcp.c @@ -1,6 +1,7 @@ /** @file
Support for PxeBc dhcp functions.
+Copyright (c) 2013, Red Hat, Inc.
Copyright (c) 2007 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -1536,6 +1537,19 @@ PxeBcSelectBootPrompt ( }
VendorOpt = &Packet->PxeVendorOption;
+ //
+ // According to the PXE specification 2.1, Table 2-1 PXE DHCP Options (Full
+ // List), we must not consider a boot prompt or boot menu if all of the
+ // following hold:
+ // - the PXE_DISCOVERY_CONTROL PXE tag is present inside the Vendor Options
+ // (=43) DHCP tag, and
+ // - the PXE_DISCOVERY_CONTROL PXE tag has bit 3 set, and
+ // - a boot file name has been presented with DHCP option 67.
+ //
+ if (IS_DISABLE_PROMPT_MENU (VendorOpt->DiscoverCtrl) &&
+ Packet->Dhcp4Option[PXEBC_DHCP4_TAG_INDEX_BOOTFILE] != NULL) {
+ return EFI_ABORTED;
+ }
if (!IS_VALID_BOOT_PROMPT (VendorOpt->BitMap)) {
return EFI_SUCCESS;
diff --git a/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcDhcp.h b/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcDhcp.h index 5e37228ef..b56d10d82 100644 --- a/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcDhcp.h +++ b/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcDhcp.h @@ -1,6 +1,7 @@ /** @file
Dhcp and Discover routines for PxeBc.
+Copyright (c) 2013, Red Hat, Inc.
Copyright (c) 2007 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -160,7 +161,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define IS_DISABLE_BCAST_DISCOVER(x) (((x) & BIT (0)) == BIT (0))
#define IS_DISABLE_MCAST_DISCOVER(x) (((x) & BIT (1)) == BIT (1))
#define IS_ENABLE_USE_SERVER_LIST(x) (((x) & BIT (2)) == BIT (2))
-#define IS_ENABLE_BOOT_FILE_NAME(x) (((x) & BIT (3)) == BIT (3))
+#define IS_DISABLE_PROMPT_MENU(x) (((x) & BIT (3)) == BIT (3))
#define SET_VENDOR_OPTION_BIT_MAP(x, y) (((x)[(y) / 32]) = (UINT32) ((x)[(y) / 32]) | BIT ((y) % 32))
diff --git a/MdeModulePkg/Universal/SetupBrowserDxe/InputHandler.c b/MdeModulePkg/Universal/SetupBrowserDxe/InputHandler.c index ae783b4ae..844590770 100644 --- a/MdeModulePkg/Universal/SetupBrowserDxe/InputHandler.c +++ b/MdeModulePkg/Universal/SetupBrowserDxe/InputHandler.c @@ -1023,10 +1023,10 @@ GetSelectionInputPopUp ( for (Index = 0; Index < OptionCount; Index++) {
OneOfOption = QUESTION_OPTION_FROM_LINK (Link);
Link = GetNextNode (&Question->OptionListHead, Link);
- if ((OneOfOption->SuppressExpression == NULL) ||
- EvaluateExpressionList(OneOfOption->SuppressExpression, FALSE, NULL, NULL) == ExpressFalse) {
- RemoveEntryList (&OneOfOption->Link);
- InsertHeadList (&Question->OptionListHead, &OneOfOption->Link);
+ if ((OneOfOption->SuppressExpression != NULL) &&
+ EvaluateExpressionList(OneOfOption->SuppressExpression, FALSE, NULL, NULL) > ExpressFalse) {
+ continue;
+ } else {
PopUpMenuLines++;
}
}
@@ -1040,6 +1040,13 @@ GetSelectionInputPopUp ( Link = GetFirstNode (&Question->OptionListHead);
for (Index = 0; Index < PopUpMenuLines; Index++) {
OneOfOption = QUESTION_OPTION_FROM_LINK (Link);
+ Link = GetNextNode (&Question->OptionListHead, Link);
+
+ if (!OrderedList && (OneOfOption->SuppressExpression != NULL) &&
+ EvaluateExpressionList(OneOfOption->SuppressExpression, FALSE, NULL, NULL) > ExpressFalse) {
+ Index--;
+ continue;
+ }
StringPtr = GetToken (OneOfOption->Text, MenuOption->Handle);
if (StrLen (StringPtr) > PopUpWidth) {
@@ -1053,8 +1060,6 @@ GetSelectionInputPopUp ( //
HighlightOptionIndex = Index;
}
-
- Link = GetNextNode (&Question->OptionListHead, Link);
}
//
@@ -1123,6 +1128,13 @@ GetSelectionInputPopUp ( Link = GetFirstNode (&Question->OptionListHead);
for (Index = 0; Index < TopOptionIndex; Index++) {
Link = GetNextNode (&Question->OptionListHead, Link);
+
+ OneOfOption = QUESTION_OPTION_FROM_LINK (Link);
+ if (!OrderedList && (OneOfOption->SuppressExpression != NULL) &&
+ EvaluateExpressionList(OneOfOption->SuppressExpression, FALSE, NULL, NULL) > ExpressFalse) {
+ Index--;
+ continue;
+ }
}
//
@@ -1133,6 +1145,12 @@ GetSelectionInputPopUp ( OneOfOption = QUESTION_OPTION_FROM_LINK (Link);
Link = GetNextNode (&Question->OptionListHead, Link);
+ if (!OrderedList && (OneOfOption->SuppressExpression != NULL) &&
+ EvaluateExpressionList(OneOfOption->SuppressExpression, FALSE, NULL, NULL) > ExpressFalse) {
+ Index--;
+ continue;
+ }
+
StringPtr = GetToken (OneOfOption->Text, MenuOption->Handle);
ASSERT (StringPtr != NULL);
//
diff --git a/MdeModulePkg/Universal/SetupBrowserDxe/Setup.c b/MdeModulePkg/Universal/SetupBrowserDxe/Setup.c index b077a3c0a..ed904161b 100644 --- a/MdeModulePkg/Universal/SetupBrowserDxe/Setup.c +++ b/MdeModulePkg/Universal/SetupBrowserDxe/Setup.c @@ -367,6 +367,7 @@ SendForm ( // If no data is changed, don't need to save current FormSet into the maintain list.
//
if (!IsNvUpdateRequired (gOldFormSet)) {
+ CleanBrowserStorage(gOldFormSet);
RemoveEntryList (&gOldFormSet->Link);
DestroyFormSet (gOldFormSet);
}
@@ -2215,6 +2216,7 @@ ValidateFormSet ( }
if (!Find) {
+ CleanBrowserStorage(FormSet);
RemoveEntryList (&FormSet->Link);
DestroyFormSet (FormSet);
}
@@ -2340,6 +2342,7 @@ DiscardForm ( //
// Remove maintain backup list after discard except for the current using FormSet.
//
+ CleanBrowserStorage(LocalFormSet);
RemoveEntryList (&LocalFormSet->Link);
DestroyFormSet (LocalFormSet);
}
@@ -2626,6 +2629,7 @@ SubmitForm ( //
// Remove maintain backup list after save except for the current using FormSet.
//
+ CleanBrowserStorage(LocalFormSet);
RemoveEntryList (&LocalFormSet->Link);
DestroyFormSet (LocalFormSet);
}
@@ -3437,6 +3441,319 @@ LoadFormSetConfig ( }
/**
+ Remove the Request element from the Config Request.
+
+ @param Storage Pointer to the browser storage.
+ @param RequestElement The pointer to the Request element.
+
+**/
+VOID
+RemoveElement (
+ IN OUT BROWSER_STORAGE *Storage,
+ IN CHAR16 *RequestElement
+ )
+{
+ CHAR16 *NewStr;
+ CHAR16 *DestStr;
+
+ ASSERT (Storage->ConfigRequest != NULL && RequestElement != NULL);
+
+ NewStr = StrStr (Storage->ConfigRequest, RequestElement);
+
+ if (NewStr == NULL) {
+ return;
+ }
+
+ //
+ // Remove this element from this ConfigRequest.
+ //
+ DestStr = NewStr;
+ NewStr += StrLen (RequestElement);
+ CopyMem (DestStr, NewStr, StrSize (NewStr));
+
+ Storage->SpareStrLen += StrLen (RequestElement);
+}
+
+/**
+ Adjust config request in storage, remove the request elements existed in the input ConfigRequest.
+
+ @param Storage Pointer to the browser storage.
+ @param ConfigRequest The pointer to the Request element.
+
+**/
+VOID
+RemoveConfigRequest (
+ BROWSER_STORAGE *Storage,
+ CHAR16 *ConfigRequest
+ )
+{
+ CHAR16 *RequestElement;
+ CHAR16 *NextRequestElement;
+ CHAR16 *SearchKey;
+
+ if (Storage->Type == EFI_HII_VARSTORE_NAME_VALUE) {
+ //
+ // "&Name1&Name2" section for EFI_HII_VARSTORE_NAME_VALUE storage
+ //
+ SearchKey = L"&";
+ } else {
+ //
+ // "&OFFSET=####&WIDTH=####" section for EFI_HII_VARSTORE_BUFFER storage
+ //
+ SearchKey = L"&OFFSET";
+ }
+
+ //
+ // Find SearchKey storage
+ //
+ if (Storage->Type == EFI_HII_VARSTORE_NAME_VALUE) {
+ RequestElement = StrStr (ConfigRequest, L"PATH");
+ ASSERT (RequestElement != NULL);
+ RequestElement = StrStr (RequestElement, SearchKey);
+ } else {
+ RequestElement = StrStr (ConfigRequest, SearchKey);
+ }
+
+ while (RequestElement != NULL) {
+ //
+ // +1 to avoid find header itself.
+ //
+ NextRequestElement = StrStr (RequestElement + 1, SearchKey);
+
+ //
+ // The last Request element in configRequest string.
+ //
+ if (NextRequestElement != NULL) {
+ //
+ // Replace "&" with '\0'.
+ //
+ *NextRequestElement = L'\0';
+ }
+
+ RemoveElement (Storage, RequestElement);
+
+ if (NextRequestElement != NULL) {
+ //
+ // Restore '&' with '\0' for later used.
+ //
+ *NextRequestElement = L'&';
+ }
+
+ RequestElement = NextRequestElement;
+ }
+
+ //
+ // If no request element remain, just remove the ConfigRequest string.
+ //
+ if (StrCmp (Storage->ConfigRequest, Storage->ConfigHdr) == 0) {
+ FreePool (Storage->ConfigRequest);
+ Storage->ConfigRequest = NULL;
+ Storage->SpareStrLen = 0;
+ }
+}
+
+/**
+ Base on the current formset info, clean the ConfigRequest string in browser storage.
+
+ @param FormSet Pointer of the FormSet
+
+**/
+VOID
+CleanBrowserStorage (
+ IN OUT FORM_BROWSER_FORMSET *FormSet
+ )
+{
+ LIST_ENTRY *Link;
+ FORMSET_STORAGE *Storage;
+
+ Link = GetFirstNode (&FormSet->StorageListHead);
+ while (!IsNull (&FormSet->StorageListHead, Link)) {
+ Storage = FORMSET_STORAGE_FROM_LINK (Link);
+ Link = GetNextNode (&FormSet->StorageListHead, Link);
+
+ if ((Storage->BrowserStorage->Type != EFI_HII_VARSTORE_BUFFER) &&
+ (Storage->BrowserStorage->Type != EFI_HII_VARSTORE_NAME_VALUE)) {
+ continue;
+ }
+
+ if (Storage->ConfigRequest == NULL || Storage->BrowserStorage->ConfigRequest == NULL) {
+ continue;
+ }
+
+ RemoveConfigRequest (Storage->BrowserStorage, Storage->ConfigRequest);
+ }
+}
+
+/**
+ Check whether current element in the ConfigReqeust string.
+
+ @param BrowserStorage Storage which includes ConfigReqeust.
+ @param RequestElement New element need to check.
+
+ @retval TRUE The Element is in the ConfigReqeust string.
+ @retval FALSE The Element not in the configReqeust String.
+
+**/
+BOOLEAN
+ElementValidation (
+ BROWSER_STORAGE *BrowserStorage,
+ CHAR16 *RequestElement
+ )
+{
+ return StrStr (BrowserStorage->ConfigRequest, RequestElement) != NULL ? TRUE : FALSE;
+}
+
+/**
+ Append the Request element to the Config Request.
+
+ @param ConfigRequest Current ConfigRequest info.
+ @param SpareStrLen Current remain free buffer for config reqeust.
+ @param RequestElement New Request element.
+
+**/
+VOID
+AppendConfigRequest (
+ IN OUT CHAR16 **ConfigRequest,
+ IN OUT UINTN *SpareStrLen,
+ IN CHAR16 *RequestElement
+ )
+{
+ CHAR16 *NewStr;
+ UINTN StringSize;
+ UINTN StrLength;
+
+ StrLength = StrLen (RequestElement);
+
+ //
+ // Append <RequestElement> to <ConfigRequest>
+ //
+ if (StrLength > *SpareStrLen) {
+ //
+ // Old String buffer is not sufficient for RequestElement, allocate a new one
+ //
+ StringSize = (*ConfigRequest != NULL) ? StrSize (*ConfigRequest) : sizeof (CHAR16);
+ NewStr = AllocateZeroPool (StringSize + CONFIG_REQUEST_STRING_INCREMENTAL * sizeof (CHAR16));
+ ASSERT (NewStr != NULL);
+
+ if (*ConfigRequest != NULL) {
+ CopyMem (NewStr, *ConfigRequest, StringSize);
+ FreePool (*ConfigRequest);
+ }
+ *ConfigRequest = NewStr;
+ *SpareStrLen = CONFIG_REQUEST_STRING_INCREMENTAL;
+ }
+
+ StrCat (*ConfigRequest, RequestElement);
+ *SpareStrLen -= StrLength;
+}
+
+/**
+ Adjust the config request info, remove the request elements which already in AllConfigRequest string.
+
+ @param Storage Form set Storage.
+ @param ConfigRequest Return the ConfigRequest info.
+
+ @retval TRUE Has element not covered by current used elements, need to continue to call ExtractConfig
+ @retval FALSE All elements covered by current used elements.
+
+**/
+BOOLEAN
+ConfigRequestAdjust (
+ IN FORMSET_STORAGE *Storage,
+ OUT CHAR16 **ConfigRequest
+ )
+{
+ CHAR16 *RequestElement;
+ CHAR16 *NextRequestElement;
+ CHAR16 *RetBuf;
+ UINTN SpareBufLen;
+ CHAR16 *SearchKey;
+ BOOLEAN RetVal;
+
+ SpareBufLen = 0;
+ RetBuf = NULL;
+ RetVal = FALSE;
+
+ if (Storage->BrowserStorage->ConfigRequest == NULL) {
+ Storage->BrowserStorage->ConfigRequest = AllocateCopyPool (StrSize (Storage->ConfigRequest), Storage->ConfigRequest);
+ *ConfigRequest = AllocateCopyPool (StrSize (Storage->ConfigRequest), Storage->ConfigRequest);
+ return TRUE;
+ }
+
+ if (Storage->BrowserStorage->Type == EFI_HII_VARSTORE_NAME_VALUE) {
+ //
+ // "&Name1&Name2" section for EFI_HII_VARSTORE_NAME_VALUE storage
+ //
+ SearchKey = L"&";
+ } else {
+ //
+ // "&OFFSET=####&WIDTH=####" section for EFI_HII_VARSTORE_BUFFER storage
+ //
+ SearchKey = L"&OFFSET";
+ }
+
+ //
+ // Prepare the config header.
+ //
+ RetBuf = AllocateCopyPool(StrSize (Storage->BrowserStorage->ConfigHdr), Storage->BrowserStorage->ConfigHdr);
+ ASSERT (RetBuf != NULL);
+
+ //
+ // Find SearchKey storage
+ //
+ if (Storage->BrowserStorage->Type == EFI_HII_VARSTORE_NAME_VALUE) {
+ RequestElement = StrStr (Storage->ConfigRequest, L"PATH");
+ ASSERT (RequestElement != NULL);
+ RequestElement = StrStr (RequestElement, SearchKey);
+ } else {
+ RequestElement = StrStr (Storage->ConfigRequest, SearchKey);
+ }
+
+ while (RequestElement != NULL) {
+ //
+ // +1 to avoid find header itself.
+ //
+ NextRequestElement = StrStr (RequestElement + 1, SearchKey);
+
+ //
+ // The last Request element in configRequest string.
+ //
+ if (NextRequestElement != NULL) {
+ //
+ // Replace "&" with '\0'.
+ //
+ *NextRequestElement = L'\0';
+ }
+
+ if (!ElementValidation (Storage->BrowserStorage, RequestElement)) {
+ //
+ // Add this element to the Storage->BrowserStorage->AllRequestElement.
+ //
+ AppendConfigRequest(&Storage->BrowserStorage->ConfigRequest, &Storage->BrowserStorage->SpareStrLen, RequestElement);
+ AppendConfigRequest (&RetBuf, &SpareBufLen, RequestElement);
+ RetVal = TRUE;
+ }
+
+ if (NextRequestElement != NULL) {
+ //
+ // Restore '&' with '\0' for later used.
+ //
+ *NextRequestElement = L'&';
+ }
+
+ RequestElement = NextRequestElement;
+ }
+
+ if (RetVal) {
+ *ConfigRequest = RetBuf;
+ } else {
+ FreePool (RetBuf);
+ }
+
+ return RetVal;
+}
+
+/**
Fill storage's edit copy with settings requested from Configuration Driver.
@param FormSet FormSet data structure.
@@ -3455,19 +3772,26 @@ LoadStorage ( EFI_STRING Progress;
EFI_STRING Result;
CHAR16 *StrPtr;
+ CHAR16 *ConfigRequest;
if (Storage->BrowserStorage->Type == EFI_HII_VARSTORE_EFI_VARIABLE) {
return EFI_SUCCESS;
}
if (Storage->BrowserStorage->Type == EFI_HII_VARSTORE_EFI_VARIABLE_BUFFER) {
- Status = gRT->GetVariable (
- Storage->BrowserStorage->Name,
- &Storage->BrowserStorage->Guid,
- NULL,
- (UINTN*)&Storage->BrowserStorage->Size,
- Storage->BrowserStorage->EditBuffer
- );
+ Status = EFI_SUCCESS;
+ //
+ // EFI varstore data all get from variable, so no need to get again.
+ //
+ if (Storage->BrowserStorage->ReferenceCount == 1) {
+ Status = gRT->GetVariable (
+ Storage->BrowserStorage->Name,
+ &Storage->BrowserStorage->Guid,
+ NULL,
+ (UINTN*)&Storage->BrowserStorage->Size,
+ Storage->BrowserStorage->EditBuffer
+ );
+ }
return Status;
}
@@ -3483,14 +3807,24 @@ LoadStorage ( }
//
+ // Adjust the ConfigRequest string, only the field not saved in BrowserStorage->AllConfig
+ // will used to call ExtractConfig.
+ //
+ if (!ConfigRequestAdjust(Storage, &ConfigRequest)) {
+ return EFI_SUCCESS;
+ }
+
+ //
// Request current settings from Configuration Driver
//
Status = FormSet->ConfigAccess->ExtractConfig (
FormSet->ConfigAccess,
- Storage->ConfigRequest,
+ ConfigRequest,
&Progress,
&Result
);
+ FreePool (ConfigRequest);
+
if (EFI_ERROR (Status)) {
return Status;
}
@@ -3564,7 +3898,7 @@ InitializeCurrentSetting ( // Storage is not found in backup formset and current global storage not has other driver used,
// request it from ConfigDriver
//
- if (OldStorage == NULL && Storage->BrowserStorage->ReferenceCount == 1) {
+ if (OldStorage == NULL) {
Status = LoadStorage (FormSet, Storage);
if (EFI_ERROR (Status)) {
diff --git a/MdeModulePkg/Universal/SetupBrowserDxe/Setup.h b/MdeModulePkg/Universal/SetupBrowserDxe/Setup.h index 09fc54afe..9a0c73909 100644 --- a/MdeModulePkg/Universal/SetupBrowserDxe/Setup.h +++ b/MdeModulePkg/Universal/SetupBrowserDxe/Setup.h @@ -236,6 +236,9 @@ typedef struct { UINT32 Attributes; // For EFI_IFR_VARSTORE_EFI: EFI Variable attribute
CHAR16 *ConfigHdr; // <ConfigHdr>
+ CHAR16 *ConfigRequest; // <ConfigRequest> = <ConfigHdr> + <RequestElement>
+ // <RequestElement> includes all fields which is used by current form sets.
+ UINTN SpareStrLen; // Spare length of ConfigRequest string buffer
UINT8 ReferenceCount; // How many form set storage refrence this storage.
} BROWSER_STORAGE;
@@ -1541,4 +1544,15 @@ GetHotKeyFromRegisterList ( IN EFI_INPUT_KEY *KeyData
);
+/**
+ Base on the current formset info, clean the ConfigRequest string in browser storage.
+
+ @param FormSet Pointer of the FormSet
+
+**/
+VOID
+CleanBrowserStorage (
+ IN OUT FORM_BROWSER_FORMSET *FormSet
+ );
+
#endif
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c index cd3f5ef47..9f983ffc9 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c @@ -21,12 +21,28 @@ VARIABLE_MODULE_GLOBAL *mVariableModuleGlobal; ///
/// Define a memory cache that improves the search performance for a variable.
///
-VARIABLE_STORE_HEADER *mNvVariableCache = NULL;
+VARIABLE_STORE_HEADER *mNvVariableCache = NULL;
///
/// The memory entry used for variable statistics data.
///
-VARIABLE_INFO_ENTRY *gVariableInfo = NULL;
+VARIABLE_INFO_ENTRY *gVariableInfo = NULL;
+
+///
+/// The list to store the variables which cannot be set after the EFI_END_OF_DXE_EVENT_GROUP_GUID
+/// or EVT_GROUP_READY_TO_BOOT event.
+///
+LIST_ENTRY mLockedVariableList = INITIALIZE_LIST_HEAD_VARIABLE (mLockedVariableList);
+
+///
+/// The flag to indicate whether the platform has left the DXE phase of execution.
+///
+BOOLEAN mEndOfDxe = FALSE;
+
+///
+/// The flag to indicate whether the variable storage locking is enabled.
+///
+BOOLEAN mEnableLocking = TRUE;
/**
@@ -1919,6 +1935,58 @@ IsHwErrRecVariable ( }
/**
+ Mark a variable that will become read-only after leaving the DXE phase of execution.
+
+ @param[in] This The VARIABLE_LOCK_PROTOCOL instance.
+ @param[in] VariableName A pointer to the variable name that will be made read-only subsequently.
+ @param[in] VendorGuid A pointer to the vendor GUID that will be made read-only subsequently.
+
+ @retval EFI_SUCCESS The variable specified by the VariableName and the VendorGuid was marked
+ as pending to be read-only.
+ @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL.
+ Or VariableName is an empty string.
+ @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
+ already been signaled.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the lock request.
+**/
+EFI_STATUS
+EFIAPI
+VariableLockRequestToLock (
+ IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This,
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid
+ )
+{
+ VARIABLE_ENTRY *Entry;
+
+ if (VariableName == NULL || VariableName[0] == 0 || VendorGuid == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (mEndOfDxe) {
+ return EFI_ACCESS_DENIED;
+ }
+
+ Entry = AllocateRuntimePool (sizeof (*Entry) + StrSize (VariableName));
+ if (Entry == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ DEBUG ((EFI_D_INFO, "[Variable] Lock: %g:%s\n", VendorGuid, VariableName));
+
+ AcquireLockOnlyAtBootTime(&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
+
+ Entry->Name = (CHAR16 *) (Entry + 1);
+ StrCpy (Entry->Name, VariableName);
+ CopyGuid (&Entry->Guid, VendorGuid);
+ InsertTailList (&mLockedVariableList, &Entry->Link);
+
+ ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
+
+ return EFI_SUCCESS;
+}
+
+/**
This code finds variable in storage blocks (Volatile or Non-Volatile).
@@ -2192,6 +2260,8 @@ VariableServiceSetVariable ( EFI_STATUS Status;
VARIABLE_HEADER *NextVariable;
EFI_PHYSICAL_ADDRESS Point;
+ LIST_ENTRY *Link;
+ VARIABLE_ENTRY *Entry;
//
// Check input parameters.
@@ -2247,16 +2317,6 @@ VariableServiceSetVariable ( }
}
- if (AtRuntime ()) {
- //
- // HwErrRecSupport Global Variable identifies the level of hardware error record persistence
- // support implemented by the platform. This variable is only modified by firmware and is read-only to the OS.
- //
- if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, L"HwErrRecSupport") == 0)) {
- return EFI_WRITE_PROTECTED;
- }
- }
-
AcquireLockOnlyAtBootTime(&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
//
@@ -2275,13 +2335,31 @@ VariableServiceSetVariable ( mVariableModuleGlobal->NonVolatileLastVariableOffset = (UINTN) NextVariable - (UINTN) Point;
}
+ if (mEndOfDxe && mEnableLocking) {
+ //
+ // Treat the variables listed in the forbidden variable list as read-only after leaving DXE phase.
+ //
+ for ( Link = GetFirstNode (&mLockedVariableList)
+ ; !IsNull (&mLockedVariableList, Link)
+ ; Link = GetNextNode (&mLockedVariableList, Link)
+ ) {
+ Entry = BASE_CR (Link, VARIABLE_ENTRY, Link);
+ if (CompareGuid (&Entry->Guid, VendorGuid) && (StrCmp (Entry->Name, VariableName) == 0)) {
+ Status = EFI_WRITE_PROTECTED;
+ DEBUG ((EFI_D_INFO, "[Variable]: Changing readonly variable after leaving DXE phase - %g:%s\n", VendorGuid, VariableName));
+ goto Done;
+ }
+ }
+ }
+
//
// Check whether the input variable is already existed.
//
Status = FindVariable (VariableName, VendorGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, TRUE);
if (!EFI_ERROR (Status)) {
if (((Variable.CurrPtr->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) == 0) && AtRuntime ()) {
- return EFI_WRITE_PROTECTED;
+ Status = EFI_WRITE_PROTECTED;
+ goto Done;
}
}
@@ -2292,6 +2370,7 @@ VariableServiceSetVariable ( Status = UpdateVariable (VariableName, VendorGuid, Data, DataSize, Attributes, &Variable);
+Done:
InterlockedDecrement (&mVariableModuleGlobal->VariableGlobal.ReentrantState);
ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h index 8504ce05f..b5e6edec9 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h @@ -22,6 +22,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include <Protocol/FaultTolerantWrite.h>
#include <Protocol/FirmwareVolumeBlock.h>
#include <Protocol/Variable.h>
+#include <Protocol/VariableLock.h>
#include <Library/PcdLib.h>
#include <Library/HobLib.h>
#include <Library/UefiDriverEntryPoint.h>
@@ -97,6 +98,12 @@ typedef struct { VOID *Data;
} VARIABLE_CACHE_ENTRY;
+typedef struct {
+ EFI_GUID Guid;
+ CHAR16 *Name;
+ LIST_ENTRY Link;
+} VARIABLE_ENTRY;
+
/**
Flush the HOB variable to flash.
@@ -456,7 +463,30 @@ VariableServiceQueryVariableInfo ( OUT UINT64 *RemainingVariableStorageSize,
OUT UINT64 *MaximumVariableSize
);
-
+
+/**
+ Mark a variable that will become read-only after leaving the DXE phase of execution.
+
+ @param[in] This The VARIABLE_LOCK_PROTOCOL instance.
+ @param[in] VariableName A pointer to the variable name that will be made read-only subsequently.
+ @param[in] VendorGuid A pointer to the vendor GUID that will be made read-only subsequently.
+
+ @retval EFI_SUCCESS The variable specified by the VariableName and the VendorGuid was marked
+ as pending to be read-only.
+ @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL.
+ Or VariableName is an empty string.
+ @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
+ already been signaled.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the lock request.
+**/
+EFI_STATUS
+EFIAPI
+VariableLockRequestToLock (
+ IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This,
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid
+ );
+
extern VARIABLE_MODULE_GLOBAL *mVariableModuleGlobal;
#endif
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c index ba4d29ab3..3cb2c6bcf 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c @@ -3,7 +3,7 @@ Implement all four UEFI Runtime Variable services for the nonvolatile
and volatile storage space and install variable architecture protocol.
-Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -21,6 +21,8 @@ extern VARIABLE_INFO_ENTRY *gVariableInfo; EFI_HANDLE mHandle = NULL;
EFI_EVENT mVirtualAddressChangeEvent = NULL;
EFI_EVENT mFtwRegistration = NULL;
+extern BOOLEAN mEndOfDxe;
+EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock = { VariableLockRequestToLock };
/**
Return TRUE if ExitBootServices () has been called.
@@ -255,12 +257,34 @@ OnReadyToBoot ( VOID *Context
)
{
+ //
+ // Set the End Of DXE bit in case the EFI_END_OF_DXE_EVENT_GROUP_GUID event is not signaled.
+ //
+ mEndOfDxe = TRUE;
ReclaimForOS ();
if (FeaturePcdGet (PcdVariableCollectStatistics)) {
gBS->InstallConfigurationTable (&gEfiVariableGuid, gVariableInfo);
}
}
+/**
+ Notification function of EFI_END_OF_DXE_EVENT_GROUP_GUID event group.
+
+ This is a notification function registered on EFI_END_OF_DXE_EVENT_GROUP_GUID event group.
+
+ @param Event Event whose notification function is being invoked.
+ @param Context Pointer to the notification function's context.
+
+**/
+VOID
+EFIAPI
+OnEndOfDxe (
+ EFI_EVENT Event,
+ VOID *Context
+ )
+{
+ mEndOfDxe = TRUE;
+}
/**
Fault Tolerant Write protocol notification event handler.
@@ -375,11 +399,20 @@ VariableServiceInitialize ( )
{
EFI_STATUS Status;
- EFI_EVENT ReadyToBootEvent;
+ EFI_EVENT ReadyToBootEvent;
+ EFI_EVENT EndOfDxeEvent;
Status = VariableCommonInitialize ();
ASSERT_EFI_ERROR (Status);
+ Status = gBS->InstallMultipleProtocolInterfaces (
+ &mHandle,
+ &gEdkiiVariableLockProtocolGuid,
+ &mVariableLock,
+ NULL
+ );
+ ASSERT_EFI_ERROR (Status);
+
SystemTable->RuntimeServices->GetVariable = VariableServiceGetVariable;
SystemTable->RuntimeServices->GetNextVariableName = VariableServiceGetNextVariableName;
SystemTable->RuntimeServices->SetVariable = VariableServiceSetVariable;
@@ -426,6 +459,20 @@ VariableServiceInitialize ( NULL,
&ReadyToBootEvent
);
+ ASSERT_EFI_ERROR (Status);
+
+ //
+ // Register the event handling function to set the End Of DXE flag.
+ //
+ Status = gBS->CreateEventEx (
+ EVT_NOTIFY_SIGNAL,
+ TPL_NOTIFY,
+ OnEndOfDxe,
+ NULL,
+ &gEfiEndOfDxeEventGroupGuid,
+ &EndOfDxeEvent
+ );
+ ASSERT_EFI_ERROR (Status);
return EFI_SUCCESS;
}
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf index 28b69c34d..8cbefefa1 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf @@ -2,7 +2,7 @@ # Component description file for Variable module.
#
# This module installs three EFI_RUNTIME_SERVICES: SetVariable, GetVariable, GetNextVariableName.
-# Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@@ -59,13 +59,15 @@ gEfiVariableWriteArchProtocolGuid ## ALWAYS_PRODUCES
gEfiVariableArchProtocolGuid ## ALWAYS_PRODUCES
gEfiFaultTolerantWriteProtocolGuid ## SOMETIMES_CONSUMES
+ gEdkiiVariableLockProtocolGuid ## ALWAYS_PRODUCES
[Guids]
gEfiVariableGuid ## PRODUCES ## Configuration Table Guid
gEfiGlobalVariableGuid ## PRODUCES ## Variable Guid
- gEfiEventVirtualAddressChangeGuid ## PRODUCES ## Event
+ gEfiEventVirtualAddressChangeGuid ## CONSUMES ## Event
gEfiSystemNvDataFvGuid ## CONSUMES
gEfiHardwareErrorVariableGuid ## SOMETIMES_CONSUMES
+ gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event
[Pcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c index f8e6bd588..1ffa74e6c 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c @@ -15,7 +15,7 @@ VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
SmmVariableGetStatistics() should also do validation based on its own knowledge.
-Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -29,6 +29,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include <Protocol/SmmFirmwareVolumeBlock.h>
#include <Protocol/SmmFaultTolerantWrite.h>
#include <Protocol/SmmAccess2.h>
+#include <Protocol/SmmEndOfDxe.h>
#include <Library/SmmServicesTableLib.h>
@@ -44,15 +45,63 @@ EFI_HANDLE mSmmVariableHandle = N EFI_HANDLE mVariableHandle = NULL;
BOOLEAN mAtRuntime = FALSE;
EFI_GUID mZeroGuid = {0, 0, 0, {0, 0, 0, 0, 0, 0, 0, 0}};
-
+UINT8 *mVariableBufferPayload = NULL;
+UINTN mVariableBufferPayloadSize;
+extern BOOLEAN mEndOfDxe;
+extern BOOLEAN mEnableLocking;
+
+/**
+
+ This code sets variable in storage blocks (Volatile or Non-Volatile).
+
+ @param VariableName Name of Variable to be found.
+ @param VendorGuid Variable vendor GUID.
+ @param Attributes Attribute value of the variable found
+ @param DataSize Size of Data found. If size is less than the
+ data, this value contains the required size.
+ @param Data Data pointer.
+
+ @return EFI_INVALID_PARAMETER Invalid parameter.
+ @return EFI_SUCCESS Set successfully.
+ @return EFI_OUT_OF_RESOURCES Resource not enough to set variable.
+ @return EFI_NOT_FOUND Not found.
+ @return EFI_WRITE_PROTECTED Variable is read-only.
+
+**/
+EFI_STATUS
+EFIAPI
+SmmVariableSetVariable (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN UINT32 Attributes,
+ IN UINTN DataSize,
+ IN VOID *Data
+ )
+{
+ EFI_STATUS Status;
+
+ //
+ // Disable write protection when the calling SetVariable() through EFI_SMM_VARIABLE_PROTOCOL.
+ //
+ mEnableLocking = FALSE;
+ Status = VariableServiceSetVariable (
+ VariableName,
+ VendorGuid,
+ Attributes,
+ DataSize,
+ Data
+ );
+ mEnableLocking = TRUE;
+ return Status;
+}
+
EFI_SMM_VARIABLE_PROTOCOL gSmmVariable = {
VariableServiceGetVariable,
VariableServiceGetNextVariableName,
- VariableServiceSetVariable,
+ SmmVariableSetVariable,
VariableServiceQueryVariableInfo
};
-
/**
Return TRUE if ExitBootServices () has been called.
@@ -302,6 +351,8 @@ GetFvbCountAndBuffer ( *NumberHandles = BufferSize / sizeof(EFI_HANDLE);
if (EFI_ERROR(Status)) {
*NumberHandles = 0;
+ FreePool (*Buffer);
+ *Buffer = NULL;
}
return Status;
@@ -337,7 +388,8 @@ SmmVariableGetStatistics ( UINTN NameLength;
UINTN StatisticsInfoSize;
CHAR16 *InfoName;
-
+ EFI_GUID VendorGuid;
+
ASSERT (InfoEntry != NULL);
VariableInfo = gVariableInfo;
if (VariableInfo == NULL) {
@@ -351,7 +403,9 @@ SmmVariableGetStatistics ( }
InfoName = (CHAR16 *)(InfoEntry + 1);
- if (CompareGuid (&InfoEntry->VendorGuid, &mZeroGuid)) {
+ CopyGuid (&VendorGuid, &InfoEntry->VendorGuid);
+
+ if (CompareGuid (&VendorGuid, &mZeroGuid)) {
//
// Return the first variable info
//
@@ -365,7 +419,7 @@ SmmVariableGetStatistics ( // Get the next variable info
//
while (VariableInfo != NULL) {
- if (CompareGuid (&VariableInfo->VendorGuid, &InfoEntry->VendorGuid)) {
+ if (CompareGuid (&VariableInfo->VendorGuid, &VendorGuid)) {
NameLength = StrSize (VariableInfo->Name);
if (NameLength == StrSize (InfoName)) {
if (CompareMem (VariableInfo->Name, InfoName, NameLength) == 0) {
@@ -443,8 +497,11 @@ SmmVariableHandler ( SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *GetNextVariableName;
SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *QueryVariableInfo;
VARIABLE_INFO_ENTRY *VariableInfo;
+ SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *VariableToLock;
UINTN InfoSize;
UINTN NameBufferSize;
+ UINTN CommBufferPayloadSize;
+ UINTN TempCommBufferSize;
//
// If input is invalid, stop processing this SMI
@@ -453,19 +510,35 @@ SmmVariableHandler ( return EFI_SUCCESS;
}
- if (*CommBufferSize < SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {
+ TempCommBufferSize = *CommBufferSize;
+
+ if (TempCommBufferSize < SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {
+ DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer size invalid!\n"));
+ return EFI_SUCCESS;
+ }
+ CommBufferPayloadSize = TempCommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
+ if (CommBufferPayloadSize > mVariableBufferPayloadSize) {
+ DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer payload size invalid!\n"));
return EFI_SUCCESS;
}
- if (!InternalIsAddressValid ((UINTN)CommBuffer, *CommBufferSize)) {
- DEBUG ((EFI_D_ERROR, "SMM communication buffer in SMRAM or overflow!\n"));
+ if (!InternalIsAddressValid ((UINTN)CommBuffer, TempCommBufferSize)) {
+ DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer in SMRAM or overflow!\n"));
return EFI_SUCCESS;
}
SmmVariableFunctionHeader = (SMM_VARIABLE_COMMUNICATE_HEADER *)CommBuffer;
switch (SmmVariableFunctionHeader->Function) {
case SMM_VARIABLE_FUNCTION_GET_VARIABLE:
- SmmVariableHeader = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *) SmmVariableFunctionHeader->Data;
+ if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) {
+ DEBUG ((EFI_D_ERROR, "GetVariable: SMM communication buffer size invalid!\n"));
+ return EFI_SUCCESS;
+ }
+ //
+ // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
+ //
+ CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);
+ SmmVariableHeader = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *) mVariableBufferPayload;
if (((UINTN)(~0) - SmmVariableHeader->DataSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) ||
((UINTN)(~0) - SmmVariableHeader->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + SmmVariableHeader->DataSize)) {
//
@@ -480,8 +553,8 @@ SmmVariableHandler ( //
// SMRAM range check already covered before
//
- if (InfoSize > *CommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {
- DEBUG ((EFI_D_ERROR, "Data size exceed communication buffer size limit!\n"));
+ if (InfoSize > CommBufferPayloadSize) {
+ DEBUG ((EFI_D_ERROR, "GetVariable: Data size exceed communication buffer size limit!\n"));
Status = EFI_ACCESS_DENIED;
goto EXIT;
}
@@ -501,10 +574,19 @@ SmmVariableHandler ( &SmmVariableHeader->DataSize,
(UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->NameSize
);
+ CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);
break;
case SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME:
- GetNextVariableName = (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *) SmmVariableFunctionHeader->Data;
+ if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {
+ DEBUG ((EFI_D_ERROR, "GetNextVariableName: SMM communication buffer size invalid!\n"));
+ return EFI_SUCCESS;
+ }
+ //
+ // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
+ //
+ CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);
+ GetNextVariableName = (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *) mVariableBufferPayload;
if ((UINTN)(~0) - GetNextVariableName->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {
//
// Prevent InfoSize overflow happen
@@ -517,13 +599,13 @@ SmmVariableHandler ( //
// SMRAM range check already covered before
//
- if (InfoSize > *CommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {
- DEBUG ((EFI_D_ERROR, "Data size exceed communication buffer size limit!\n"));
+ if (InfoSize > CommBufferPayloadSize) {
+ DEBUG ((EFI_D_ERROR, "GetNextVariableName: Data size exceed communication buffer size limit!\n"));
Status = EFI_ACCESS_DENIED;
goto EXIT;
}
- NameBufferSize = *CommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE - OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name);
+ NameBufferSize = CommBufferPayloadSize - OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name);
if (NameBufferSize < sizeof (CHAR16) || GetNextVariableName->Name[NameBufferSize/sizeof (CHAR16) - 1] != L'\0') {
//
// Make sure input VariableName is A Null-terminated string.
@@ -537,10 +619,19 @@ SmmVariableHandler ( GetNextVariableName->Name,
&GetNextVariableName->Guid
);
+ CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);
break;
case SMM_VARIABLE_FUNCTION_SET_VARIABLE:
- SmmVariableHeader = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *) SmmVariableFunctionHeader->Data;
+ if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) {
+ DEBUG ((EFI_D_ERROR, "SetVariable: SMM communication buffer size invalid!\n"));
+ return EFI_SUCCESS;
+ }
+ //
+ // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
+ //
+ CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);
+ SmmVariableHeader = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *) mVariableBufferPayload;
if (((UINTN)(~0) - SmmVariableHeader->DataSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) ||
((UINTN)(~0) - SmmVariableHeader->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + SmmVariableHeader->DataSize)) {
//
@@ -556,8 +647,8 @@ SmmVariableHandler ( // SMRAM range check already covered before
// Data buffer should not contain SMM range
//
- if (InfoSize > *CommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {
- DEBUG ((EFI_D_ERROR, "Data size exceed communication buffer size limit!\n"));
+ if (InfoSize > CommBufferPayloadSize) {
+ DEBUG ((EFI_D_ERROR, "SetVariable: Data size exceed communication buffer size limit!\n"));
Status = EFI_ACCESS_DENIED;
goto EXIT;
}
@@ -580,17 +671,11 @@ SmmVariableHandler ( break;
case SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO:
- QueryVariableInfo = (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *) SmmVariableFunctionHeader->Data;
- InfoSize = sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO);
-
- //
- // SMRAM range check already covered before
- //
- if (InfoSize > *CommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {
- DEBUG ((EFI_D_ERROR, "Data size exceed communication buffer size limit!\n"));
- Status = EFI_ACCESS_DENIED;
- goto EXIT;
+ if (CommBufferPayloadSize < sizeof (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO)) {
+ DEBUG ((EFI_D_ERROR, "QueryVariableInfo: SMM communication buffer size invalid!\n"));
+ return EFI_SUCCESS;
}
+ QueryVariableInfo = (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *) SmmVariableFunctionHeader->Data;
Status = VariableServiceQueryVariableInfo (
QueryVariableInfo->Attributes,
@@ -601,6 +686,7 @@ SmmVariableHandler ( break;
case SMM_VARIABLE_FUNCTION_READY_TO_BOOT:
+ mEndOfDxe = TRUE;
if (AtRuntime()) {
Status = EFI_UNSUPPORTED;
break;
@@ -616,7 +702,7 @@ SmmVariableHandler ( case SMM_VARIABLE_FUNCTION_GET_STATISTICS:
VariableInfo = (VARIABLE_INFO_ENTRY *) SmmVariableFunctionHeader->Data;
- InfoSize = *CommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
+ InfoSize = TempCommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
//
// Do not need to check SmmVariableFunctionHeader->Data in SMRAM here.
@@ -624,7 +710,7 @@ SmmVariableHandler ( //
if (InternalIsAddressInSmram ((EFI_PHYSICAL_ADDRESS)(UINTN)CommBufferSize, sizeof(UINTN))) {
- DEBUG ((EFI_D_ERROR, "SMM communication buffer in SMRAM!\n"));
+ DEBUG ((EFI_D_ERROR, "GetStatistics: SMM communication buffer in SMRAM!\n"));
Status = EFI_ACCESS_DENIED;
goto EXIT;
}
@@ -633,6 +719,19 @@ SmmVariableHandler ( *CommBufferSize = InfoSize + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
break;
+ case SMM_VARIABLE_FUNCTION_LOCK_VARIABLE:
+ if (mEndOfDxe) {
+ Status = EFI_ACCESS_DENIED;
+ } else {
+ VariableToLock = (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *) SmmVariableFunctionHeader->Data;
+ Status = VariableLockRequestToLock (
+ NULL,
+ VariableToLock->Name,
+ &VariableToLock->Guid
+ );
+ }
+ break;
+
default:
Status = EFI_UNSUPPORTED;
}
@@ -644,6 +743,28 @@ EXIT: return EFI_SUCCESS;
}
+/**
+ SMM END_OF_DXE protocol notification event handler.
+
+ @param Protocol Points to the protocol's unique identifier
+ @param Interface Points to the interface instance
+ @param Handle The handle on which the interface was installed
+
+ @retval EFI_SUCCESS SmmEndOfDxeCallback runs successfully
+
+**/
+EFI_STATUS
+EFIAPI
+SmmEndOfDxeCallback (
+ IN CONST EFI_GUID *Protocol,
+ IN VOID *Interface,
+ IN EFI_HANDLE Handle
+ )
+{
+ DEBUG ((EFI_D_INFO, "[Variable]END_OF_DXE is signaled\n"));
+ mEndOfDxe = TRUE;
+ return EFI_SUCCESS;
+}
/**
SMM Fault Tolerant Write protocol notification event handler.
@@ -740,6 +861,7 @@ VariableServiceInitialize ( VOID *SmmFtwRegistration;
EFI_SMM_ACCESS2_PROTOCOL *SmmAccess;
UINTN Size;
+ VOID *SmmEndOfDxeRegistration;
//
// Variable initialize.
@@ -781,6 +903,16 @@ VariableServiceInitialize ( mSmramRangeCount = Size / sizeof (EFI_SMRAM_DESCRIPTOR);
+ mVariableBufferPayloadSize = MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize)) +
+ OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) - sizeof (VARIABLE_HEADER);
+
+ Status = gSmst->SmmAllocatePool (
+ EfiRuntimeServicesData,
+ mVariableBufferPayloadSize,
+ (VOID **)&mVariableBufferPayload
+ );
+ ASSERT_EFI_ERROR (Status);
+
///
/// Register SMM variable SMI handler
///
@@ -800,6 +932,16 @@ VariableServiceInitialize ( ASSERT_EFI_ERROR (Status);
//
+ // Register EFI_SMM_END_OF_DXE_PROTOCOL_GUID notify function.
+ //
+ Status = gSmst->SmmRegisterProtocolNotify (
+ &gEfiSmmEndOfDxeProtocolGuid,
+ SmmEndOfDxeCallback,
+ &SmmEndOfDxeRegistration
+ );
+ ASSERT_EFI_ERROR (Status);
+
+ //
// Register FtwNotificationEvent () notify function.
//
Status = gSmst->SmmRegisterProtocolNotify (
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf index e2c5d9c40..c229805bc 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf @@ -14,7 +14,7 @@ # This external input must be validated carefully to avoid security issue like # buffer overflow, integer overflow. # -# Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR> +# Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR> # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -69,6 +69,7 @@ gEfiSmmVariableProtocolGuid ## ALWAYS_PRODUCES gEfiSmmFaultTolerantWriteProtocolGuid ## SOMETIMES_CONSUMES gEfiSmmAccess2ProtocolGuid ## ALWAYS_CONSUMES + gEfiSmmEndOfDxeProtocolGuid ## ALWAYS_CONSUMES [Guids] gEfiVariableGuid ## PRODUCES ## Configuration Table Guid diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c index e76600ee6..e7b10149f 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c @@ -19,6 +19,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include <Protocol/Variable.h>
#include <Protocol/SmmCommunication.h>
#include <Protocol/SmmVariable.h>
+#include <Protocol/VariableLock.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/UefiRuntimeServicesTableLib.h>
@@ -42,7 +43,9 @@ EFI_SMM_COMMUNICATION_PROTOCOL *mSmmCommunication = NULL; UINT8 *mVariableBuffer = NULL;
UINT8 *mVariableBufferPhysical = NULL;
UINTN mVariableBufferSize;
+UINTN mVariableBufferPayloadSize;
EFI_LOCK mVariableServicesLock;
+EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock;
/**
Acquires lock only at boot time. Simply returns at runtime.
@@ -159,6 +162,73 @@ SendCommunicateBuffer ( return SmmVariableFunctionHeader->ReturnStatus;
}
+/**
+ Mark a variable that will become read-only after leaving the DXE phase of execution.
+
+ @param[in] This The VARIABLE_LOCK_PROTOCOL instance.
+ @param[in] VariableName A pointer to the variable name that will be made read-only subsequently.
+ @param[in] VendorGuid A pointer to the vendor GUID that will be made read-only subsequently.
+
+ @retval EFI_SUCCESS The variable specified by the VariableName and the VendorGuid was marked
+ as pending to be read-only.
+ @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL.
+ Or VariableName is an empty string.
+ @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
+ already been signaled.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the lock request.
+**/
+EFI_STATUS
+EFIAPI
+VariableLockRequestToLock (
+ IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This,
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid
+ )
+{
+ EFI_STATUS Status;
+ UINTN VariableNameSize;
+ UINTN PayloadSize;
+ SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *VariableToLock;
+
+ if (VariableName == NULL || VariableName[0] == 0 || VendorGuid == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ VariableNameSize = StrSize (VariableName);
+
+ //
+ // If VariableName exceeds SMM payload limit. Return failure
+ //
+ if (VariableNameSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ AcquireLockOnlyAtBootTime(&mVariableServicesLock);
+
+ //
+ // Init the communicate buffer. The buffer data size is:
+ // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
+ //
+ PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name) + VariableNameSize;
+ Status = InitCommunicateBuffer ((VOID **) &VariableToLock, PayloadSize, SMM_VARIABLE_FUNCTION_LOCK_VARIABLE);
+ if (EFI_ERROR (Status)) {
+ goto Done;
+ }
+ ASSERT (VariableToLock != NULL);
+
+ CopyGuid (&VariableToLock->Guid, VendorGuid);
+ VariableToLock->NameSize = VariableNameSize;
+ CopyMem (VariableToLock->Name, VariableName, VariableToLock->NameSize);
+
+ //
+ // Send data to SMM.
+ //
+ Status = SendCommunicateBuffer (PayloadSize);
+
+Done:
+ ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
+ return Status;
+}
/**
This code finds variable in storage blocks (Volatile or Non-Volatile).
@@ -189,7 +259,6 @@ RuntimeServiceGetVariable ( EFI_STATUS Status;
UINTN PayloadSize;
SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *SmmVariableHeader;
- UINTN SmmCommBufPayloadSize;
UINTN TempDataSize;
UINTN VariableNameSize;
@@ -201,17 +270,13 @@ RuntimeServiceGetVariable ( return EFI_INVALID_PARAMETER;
}
- //
- // SMM Communication Buffer max payload size
- //
- SmmCommBufPayloadSize = mVariableBufferSize - (SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE);
TempDataSize = *DataSize;
VariableNameSize = StrSize (VariableName);
//
// If VariableName exceeds SMM payload limit. Return failure
//
- if (VariableNameSize > SmmCommBufPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) {
+ if (VariableNameSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) {
return EFI_INVALID_PARAMETER;
}
@@ -221,11 +286,11 @@ RuntimeServiceGetVariable ( // Init the communicate buffer. The buffer data size is:
// SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
//
- if (TempDataSize > SmmCommBufPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) - VariableNameSize) {
+ if (TempDataSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) - VariableNameSize) {
//
// If output data buffer exceed SMM payload limit. Trim output buffer to SMM payload size
//
- TempDataSize = SmmCommBufPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) - VariableNameSize;
+ TempDataSize = mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) - VariableNameSize;
}
PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + VariableNameSize + TempDataSize;
@@ -300,7 +365,6 @@ RuntimeServiceGetNextVariableName ( EFI_STATUS Status;
UINTN PayloadSize;
SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *SmmGetNextVariableName;
- UINTN SmmCommBufPayloadSize;
UINTN OutVariableNameSize;
UINTN InVariableNameSize;
@@ -308,17 +372,13 @@ RuntimeServiceGetNextVariableName ( return EFI_INVALID_PARAMETER;
}
- //
- // SMM Communication Buffer max payload size
- //
- SmmCommBufPayloadSize = mVariableBufferSize - (SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE);
OutVariableNameSize = *VariableNameSize;
InVariableNameSize = StrSize (VariableName);
//
// If input string exceeds SMM payload limit. Return failure
//
- if (InVariableNameSize > SmmCommBufPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {
+ if (InVariableNameSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {
return EFI_INVALID_PARAMETER;
}
@@ -328,11 +388,11 @@ RuntimeServiceGetNextVariableName ( // Init the communicate buffer. The buffer data size is:
// SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
//
- if (OutVariableNameSize > SmmCommBufPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {
+ if (OutVariableNameSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {
//
// If output buffer exceed SMM payload limit. Trim output buffer to SMM payload size
//
- OutVariableNameSize = SmmCommBufPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name);
+ OutVariableNameSize = mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name);
}
//
// Payload should be Guid + NameSize + MAX of Input & Output buffer
@@ -430,21 +490,13 @@ RuntimeServiceSetVariable ( return EFI_INVALID_PARAMETER;
}
- if (DataSize >= mVariableBufferSize) {
- //
- // DataSize may be near MAX_ADDRESS incorrectly, this can cause the computed PayLoadSize to
- // overflow to a small value and pass the check in InitCommunicateBuffer().
- // To protect against this vulnerability, return EFI_INVALID_PARAMETER if DataSize is >= mVariableBufferSize.
- // And there will be further check to ensure the total size is also not > mVariableBufferSize.
- //
- return EFI_INVALID_PARAMETER;
- }
VariableNameSize = StrSize (VariableName);
- if ((UINTN)(~0) - VariableNameSize < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + DataSize) {
- //
- // Prevent PayloadSize overflow
- //
+ //
+ // If VariableName or DataSize exceeds SMM payload limit. Return failure
+ //
+ if ((VariableNameSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) ||
+ (DataSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) - VariableNameSize)){
return EFI_INVALID_PARAMETER;
}
@@ -654,10 +706,11 @@ SmmVariableReady ( ASSERT_EFI_ERROR (Status);
//
- // Allocate memory for variable store.
+ // Allocate memory for variable communicate buffer.
//
- mVariableBufferSize = SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
- mVariableBufferSize += MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize));
+ mVariableBufferPayloadSize = MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize)) +
+ OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) - sizeof (VARIABLE_HEADER);
+ mVariableBufferSize = SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + mVariableBufferPayloadSize;
mVariableBuffer = AllocateRuntimePool (mVariableBufferSize);
ASSERT (mVariableBuffer != NULL);
@@ -738,6 +791,7 @@ VariableSmmRuntimeInitialize ( IN EFI_SYSTEM_TABLE *SystemTable
)
{
+ EFI_STATUS Status;
VOID *SmmVariableRegistration;
VOID *SmmVariableWriteRegistration;
EFI_EVENT OnReadyToBootEvent;
@@ -745,6 +799,15 @@ VariableSmmRuntimeInitialize ( EfiInitializeLock (&mVariableServicesLock, TPL_NOTIFY);
+ mVariableLock.RequestToLock = VariableLockRequestToLock;
+ Status = gBS->InstallMultipleProtocolInterfaces (
+ &mHandle,
+ &gEdkiiVariableLockProtocolGuid,
+ &mVariableLock,
+ NULL
+ );
+ ASSERT_EFI_ERROR (Status);
+
//
// Smm variable service is ready
//
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf index 05dd49d36..761ea66e6 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf @@ -4,7 +4,7 @@ # This module is the Runtime DXE part correspond to SMM variable module. It
# installs variable arch protocol and variable write arch protocol and works
# with SMM variable module together.
-# Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@@ -54,6 +54,7 @@ gEfiVariableArchProtocolGuid ## ALWAYS_PRODUCES
gEfiSmmCommunicationProtocolGuid
gEfiSmmVariableProtocolGuid
+ gEdkiiVariableLockProtocolGuid ## ALWAYS_PRODUCES
[Guids]
gEfiEventVirtualAddressChangeGuid ## PRODUCES ## Event
|