diff options
Diffstat (limited to 'MdeModulePkg/Universal')
9 files changed, 186 insertions, 148 deletions
diff --git a/MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsole.c b/MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsole.c index 09e82b091..01610f7c5 100644 --- a/MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsole.c +++ b/MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsole.c @@ -57,7 +57,7 @@ GRAPHICS_CONSOLE_MODE_DATA mGraphicsConsoleModeData[] = { EFI_HII_DATABASE_PROTOCOL *mHiiDatabase;
EFI_HII_FONT_PROTOCOL *mHiiFont;
EFI_HII_HANDLE mHiiHandle;
-EFI_EVENT mHiiRegistration;
+VOID *mHiiRegistration;
EFI_GUID mFontPackageListGuid = {0xf5f219d3, 0x7006, 0x4648, {0xac, 0x8d, 0xd6, 0x1d, 0xfb, 0x7b, 0xc6, 0xad}};
@@ -549,6 +549,8 @@ GraphicsConsoleControllerDriverStart ( }
}
+ DEBUG ((EFI_D_INFO, "GraphicsConsole video resolution %d x %d\n", HorizontalResolution, VerticalResolution));
+
//
// Initialize the mode which GraphicsConsole supports.
//
@@ -804,42 +806,14 @@ EfiLocateHiiProtocol ( VOID
)
{
- EFI_HANDLE Handle;
- UINTN Size;
EFI_STATUS Status;
- //
- // There should only be one - so buffer size is this
- //
- Size = sizeof (EFI_HANDLE);
-
- Status = gBS->LocateHandle (
- ByProtocol,
- &gEfiHiiDatabaseProtocolGuid,
- NULL,
- &Size,
- (VOID **) &Handle
- );
-
+ Status = gBS->LocateProtocol (&gEfiHiiDatabaseProtocolGuid, NULL, (VOID **) &mHiiDatabase);
if (EFI_ERROR (Status)) {
return Status;
}
- Status = gBS->HandleProtocol (
- Handle,
- &gEfiHiiDatabaseProtocolGuid,
- (VOID **) &mHiiDatabase
- );
-
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- Status = gBS->HandleProtocol (
- Handle,
- &gEfiHiiFontProtocolGuid,
- (VOID **) &mHiiFont
- );
+ Status = gBS->LocateProtocol (&gEfiHiiFontProtocolGuid, NULL, (VOID **) &mHiiFont);
return Status;
}
@@ -2055,7 +2029,9 @@ RegisterFontPackage ( NULL,
(VOID **) &HiiDatabase
);
- ASSERT_EFI_ERROR (Status);
+ if (EFI_ERROR (Status)) {
+ return;
+ }
//
// Add 4 bytes to the header for entire length for HiiAddPackages use only.
diff --git a/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c b/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c index a8010671b..29de50341 100644 --- a/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c +++ b/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c @@ -1446,7 +1446,6 @@ IfrMid ( UINTN Base;
UINTN Length;
CHAR16 *SubString;
- UINT8 *Buffer;
UINT16 BufferLen;
ZeroMem (Value, sizeof (Value));
@@ -1502,7 +1501,6 @@ IfrMid ( FreePool (String);
} else {
- Buffer = Value[2].Buffer;
BufferLen = Value[2].BufferLen;
Result->Type = EFI_IFR_TYPE_BUFFER;
@@ -1513,7 +1511,7 @@ IfrMid ( Result->BufferLen = (UINT16)((BufferLen - Base) < Length ? (BufferLen - Base) : Length);
Result->Buffer = AllocateZeroPool (Result->BufferLen);
ASSERT (Result->Buffer != NULL);
- CopyMem (Result->Buffer, &Buffer[Base], Result->BufferLen); + CopyMem (Result->Buffer, &Buffer[Base], Result->BufferLen);
}
FreePool (Value[2].Buffer);
diff --git a/MdeModulePkg/Universal/SetupBrowserDxe/Presentation.c b/MdeModulePkg/Universal/SetupBrowserDxe/Presentation.c index ee8ab75a2..c3854aac2 100644 --- a/MdeModulePkg/Universal/SetupBrowserDxe/Presentation.c +++ b/MdeModulePkg/Universal/SetupBrowserDxe/Presentation.c @@ -1254,6 +1254,7 @@ ProcessCallBackFunction ( break;
case EFI_BROWSER_ACTION_REQUEST_EXIT:
+ DiscardFormIsRequired = TRUE;
Selection->Action = UI_ACTION_EXIT;
break;
diff --git a/MdeModulePkg/Universal/SetupBrowserDxe/Setup.c b/MdeModulePkg/Universal/SetupBrowserDxe/Setup.c index 15b943ffe..6c019f045 100644 --- a/MdeModulePkg/Universal/SetupBrowserDxe/Setup.c +++ b/MdeModulePkg/Universal/SetupBrowserDxe/Setup.c @@ -245,6 +245,11 @@ SendForm ( gFooterHeight = FOOTER_HEIGHT + (Index / 3);
//
+ // Clean the history menu list.
+ //
+ InitializeListHead (&gMenuList);
+
+ //
// Save globals used by SendForm()
//
SaveBrowserContext ();
@@ -305,8 +310,6 @@ SendForm ( //
InitializeBrowserStrings ();
- gFunctionKeySetting = ENABLE_FUNCTION_KEY_SETTING;
-
//
// Ensure we are in Text mode
//
@@ -380,6 +383,7 @@ SendForm ( }
FreeBrowserStrings ();
+ UiFreeMenuList(&gMenuList);
gST->ConOut->SetAttribute (gST->ConOut, EFI_TEXT_ATTR (EFI_LIGHTGRAY, EFI_BLACK));
gST->ConOut->ClearScreen (gST->ConOut);
@@ -559,66 +563,6 @@ BrowserCallback ( }
/**
- Notify function will remove the formset in the maintain list
- once this formset is removed.
-
- Functions which are registered to receive notification of
- database events have this prototype. The actual event is encoded
- in NotifyType. The following table describes how PackageType,
- PackageGuid, Handle, and Package are used for each of the
- notification types.
-
- @param PackageType Package type of the notification.
-
- @param PackageGuid If PackageType is
- EFI_HII_PACKAGE_TYPE_GUID, then this is
- the pointer to the GUID from the Guid
- field of EFI_HII_PACKAGE_GUID_HEADER.
- Otherwise, it must be NULL.
-
- @param Package Points to the package referred to by the
- notification Handle The handle of the package
- list which contains the specified package.
-
- @param Handle The HII handle.
-
- @param NotifyType The type of change concerning the
- database. See
- EFI_HII_DATABASE_NOTIFY_TYPE.
-
-**/
-EFI_STATUS
-EFIAPI
-FormsetRemoveNotify (
- IN UINT8 PackageType,
- IN CONST EFI_GUID *PackageGuid,
- IN CONST EFI_HII_PACKAGE_HEADER *Package,
- IN EFI_HII_HANDLE Handle,
- IN EFI_HII_DATABASE_NOTIFY_TYPE NotifyType
- )
-{
- FORM_BROWSER_FORMSET *FormSet;
-
- //
- // Ignore the update for current using formset, which is handled by another notify function.
- //
- if (IsHiiHandleInBrowserContext (Handle)) {
- return EFI_SUCCESS;
- }
-
- //
- // Remove the backup FormSet data when the Form Package is removed.
- //
- FormSet = GetFormSetFromHiiHandle (Handle);
- if (FormSet != NULL) {
- RemoveEntryList (&FormSet->Link);
- DestroyFormSet (FormSet);
- }
-
- return EFI_SUCCESS;
-}
-
-/**
Initialize Setup Browser driver.
@param ImageHandle The image handle.
@@ -636,7 +580,6 @@ InitializeSetup ( )
{
EFI_STATUS Status;
- EFI_HANDLE NotifyHandle;
EFI_INPUT_KEY DefaultHotKey;
EFI_STRING HelpString;
@@ -734,19 +677,6 @@ InitializeSetup ( );
ASSERT_EFI_ERROR (Status);
- //
- // Register notify for Form package remove
- //
- Status = mHiiDatabase->RegisterPackageNotify (
- mHiiDatabase,
- EFI_HII_PACKAGE_FORMS,
- NULL,
- FormsetRemoveNotify,
- EFI_HII_DATABASE_NOTIFY_REMOVE_PACK,
- &NotifyHandle
- );
- ASSERT_EFI_ERROR (Status);
-
return Status;
}
@@ -2259,6 +2189,52 @@ SendDiscardInfoToDriver ( }
/**
+ Validate the FormSet. If the formset is not validate, remove it from the list.
+
+ @param FormSet The input FormSet which need to validate.
+
+ @retval TRUE The handle is validate.
+ @retval FALSE The handle is invalidate.
+
+**/
+BOOLEAN
+ValidateFormSet (
+ FORM_BROWSER_FORMSET *FormSet
+ )
+{
+ EFI_HII_HANDLE *HiiHandles;
+ UINTN Index;
+ BOOLEAN Find;
+
+ ASSERT (FormSet != NULL);
+ Find = FALSE;
+ //
+ // Get all the Hii handles
+ //
+ HiiHandles = HiiGetHiiHandles (NULL);
+ ASSERT (HiiHandles != NULL);
+
+ //
+ // Search for formset of each class type
+ //
+ for (Index = 0; HiiHandles[Index] != NULL; Index++) {
+ if (HiiHandles[Index] == FormSet->HiiHandle) {
+ Find = TRUE;
+ break;
+ }
+ }
+
+ if (!Find) {
+ RemoveEntryList (&FormSet->Link);
+ DestroyFormSet (FormSet);
+ }
+
+ FreePool (HiiHandles);
+
+ return Find;
+}
+
+/**
Discard data based on the input setting scope (Form, FormSet or System).
@param FormSet FormSet data structure.
@@ -2365,8 +2341,11 @@ DiscardForm ( Link = GetFirstNode (&gBrowserFormSetList);
while (!IsNull (&gBrowserFormSetList, Link)) {
LocalFormSet = FORM_BROWSER_FORMSET_FROM_LINK (Link);
- DiscardForm (LocalFormSet, NULL, FormSetLevel);
Link = GetNextNode (&gBrowserFormSetList, Link);
+ if (!ValidateFormSet(LocalFormSet)) {
+ continue;
+ }
+ DiscardForm (LocalFormSet, NULL, FormSetLevel);
if (!IsHiiHandleInBrowserContext (LocalFormSet->HiiHandle)) {
//
// Remove maintain backup list after discard except for the current using FormSet.
@@ -2646,8 +2625,11 @@ SubmitForm ( Link = GetFirstNode (&gBrowserFormSetList);
while (!IsNull (&gBrowserFormSetList, Link)) {
LocalFormSet = FORM_BROWSER_FORMSET_FROM_LINK (Link);
- SubmitForm (LocalFormSet, NULL, FormSetLevel);
Link = GetNextNode (&gBrowserFormSetList, Link);
+ if (!ValidateFormSet(LocalFormSet)) {
+ continue;
+ }
+ SubmitForm (LocalFormSet, NULL, FormSetLevel);
if (!IsHiiHandleInBrowserContext (LocalFormSet->HiiHandle)) {
//
// Remove maintain backup list after save except for the current using FormSet.
@@ -3332,8 +3314,11 @@ ExtractDefault ( Link = GetFirstNode (&gBrowserFormSetList);
while (!IsNull (&gBrowserFormSetList, Link)) {
LocalFormSet = FORM_BROWSER_FORMSET_FROM_LINK (Link);
- ExtractDefault (LocalFormSet, NULL, DefaultId, FormSetLevel, GetDefaultValueScope, Storage, RetrieveValueFirst);
Link = GetNextNode (&gBrowserFormSetList, Link);
+ if (!ValidateFormSet(LocalFormSet)) {
+ continue;
+ }
+ ExtractDefault (LocalFormSet, NULL, DefaultId, FormSetLevel, GetDefaultValueScope, Storage, RetrieveValueFirst);
}
}
@@ -4028,6 +4013,8 @@ InitializeFormSet ( }
}
+ gFunctionKeySetting = ENABLE_FUNCTION_KEY_SETTING;
+
if ((gClassOfVfr & FORMSET_CLASS_FRONT_PAGE) == FORMSET_CLASS_FRONT_PAGE) {
gFrontPageHandle = FormSet->HiiHandle;
gFunctionKeySetting = NONE_FUNCTION_KEY_SETTING;
@@ -4224,10 +4211,13 @@ GetFormSetFromHiiHandle ( Link = GetFirstNode (&gBrowserFormSetList);
while (!IsNull (&gBrowserFormSetList, Link)) {
FormSet = FORM_BROWSER_FORMSET_FROM_LINK (Link);
+ Link = GetNextNode (&gBrowserFormSetList, Link);
+ if (!ValidateFormSet(FormSet)) {
+ continue;
+ }
if (FormSet->HiiHandle == Handle) {
return FormSet;
}
- Link = GetNextNode (&gBrowserFormSetList, Link);
}
return NULL;
@@ -4480,11 +4470,14 @@ SaveReminder ( Link = GetFirstNode (&gBrowserFormSetList);
while (!IsNull (&gBrowserFormSetList, Link)) {
FormSet = FORM_BROWSER_FORMSET_FROM_LINK (Link);
+ Link = GetNextNode (&gBrowserFormSetList, Link);
+ if (!ValidateFormSet(FormSet)) {
+ continue;
+ }
if (IsNvUpdateRequired (FormSet)) {
IsDataChanged = TRUE;
break;
}
- Link = GetNextNode (&gBrowserFormSetList, Link);
}
//
diff --git a/MdeModulePkg/Universal/SetupBrowserDxe/Ui.c b/MdeModulePkg/Universal/SetupBrowserDxe/Ui.c index e9f9f70ed..7c246b60e 100644 --- a/MdeModulePkg/Universal/SetupBrowserDxe/Ui.c +++ b/MdeModulePkg/Universal/SetupBrowserDxe/Ui.c @@ -15,7 +15,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include "Setup.h"
LIST_ENTRY gMenuOption;
-LIST_ENTRY gMenuList = INITIALIZE_LIST_HEAD_VARIABLE (gMenuList);
+LIST_ENTRY gMenuList;
MENU_REFRESH_ENTRY *gMenuRefreshHead; // Menu list used for refresh timer opcode.
MENU_REFRESH_ENTRY *gMenuEventGuidRefreshHead; // Menu list used for refresh event guid opcode.
@@ -219,9 +219,10 @@ UiAddMenuList ( /**
- Search Menu with given FormId and FormSetGuid in all cached menu list.
+ Search Menu with given FormId, FormSetGuid and Handle in all cached menu list.
@param Parent The parent of menu to search.
+ @param Handle Hii handle related to this formset.
@param FormSetGuid The Formset GUID of the menu to search.
@param FormId The Form ID of menu to search.
@@ -231,6 +232,7 @@ UiAddMenuList ( UI_MENU_LIST *
UiFindChildMenuList (
IN UI_MENU_LIST *Parent,
+ IN EFI_HII_HANDLE Handle,
IN EFI_GUID *FormSetGuid,
IN UINT16 FormId
)
@@ -241,7 +243,7 @@ UiFindChildMenuList ( ASSERT (Parent != NULL);
- if (Parent->FormId == FormId && CompareGuid (FormSetGuid, &Parent->FormSetGuid)) {
+ if (Parent->FormId == FormId && CompareGuid (FormSetGuid, &Parent->FormSetGuid) && Parent->HiiHandle == Handle) {
return Parent;
}
@@ -249,7 +251,7 @@ UiFindChildMenuList ( while (!IsNull (&Parent->ChildListHead, Link)) {
Child = UI_MENU_LIST_FROM_LINK (Link);
- MenuList = UiFindChildMenuList (Child, FormSetGuid, FormId);
+ MenuList = UiFindChildMenuList (Child, Handle, FormSetGuid, FormId);
if (MenuList != NULL) {
return MenuList;
}
@@ -262,8 +264,9 @@ UiFindChildMenuList ( /**
- Search Menu with given FormSetGuid and FormId in all cached menu list.
+ Search Menu with given Handle, FormSetGuid and FormId in all cached menu list.
+ @param Handle Hii handle related to this formset.
@param FormSetGuid The Formset GUID of the menu to search.
@param FormId The Form ID of menu to search.
@@ -272,6 +275,7 @@ UiFindChildMenuList ( **/
UI_MENU_LIST *
UiFindMenuList (
+ IN EFI_HII_HANDLE Handle,
IN EFI_GUID *FormSetGuid,
IN UINT16 FormId
)
@@ -284,8 +288,14 @@ UiFindMenuList ( while (!IsNull (&gMenuList, Link)) {
MenuList = UI_MENU_LIST_FROM_LINK (Link);
- Child = UiFindChildMenuList(MenuList, FormSetGuid, FormId);
+ Child = UiFindChildMenuList(MenuList, Handle, FormSetGuid, FormId);
if (Child != NULL) {
+
+ //
+ // If this form already in the menu history list,
+ // just free the list between old this form.
+ //
+ UiFreeMenuList(&Child->ChildListHead);
return Child;
}
@@ -295,6 +305,28 @@ UiFindMenuList ( return NULL;
}
+/**
+ Free Menu list linked list.
+
+ @param MenuListHead One Menu list point in the menu list.
+
+**/
+VOID
+UiFreeMenuList (
+ LIST_ENTRY *MenuListHead
+ )
+{
+ UI_MENU_LIST *MenuList;
+
+ while (!IsListEmpty (MenuListHead)) {
+ MenuList = UI_MENU_LIST_FROM_LINK (MenuListHead->ForwardLink);
+ RemoveEntryList (&MenuList->Link);
+
+ UiFreeMenuList(&MenuList->ChildListHead);
+ FreePool (MenuList);
+ }
+
+}
/**
Free Menu option linked list.
@@ -1997,11 +2029,8 @@ ProcessGotoOpCode ( FORM_BROWSER_FORM *RefForm;
EFI_INPUT_KEY Key;
EFI_STATUS Status;
- UI_MENU_LIST *MenuList;
- BOOLEAN UpdateFormInfo;
-
- Status = EFI_SUCCESS;
- UpdateFormInfo = TRUE;
+
+ Status = EFI_SUCCESS;
StringPtr = NULL;
//
@@ -2122,22 +2151,10 @@ ProcessGotoOpCode ( *NewLine = TRUE;
}
}
- UpdateFormInfo = FALSE;
} else {
if ((Statement->QuestionFlags & EFI_IFR_FLAG_CALLBACK) != 0) {
Selection->Action = UI_ACTION_REFRESH_FORM;
}
- UpdateFormInfo = FALSE;
- }
-
- if (UpdateFormInfo) {
- //
- // Link current form so that we can always go back when someone hits the ESC
- //
- MenuList = UiFindMenuList (&Selection->FormSetGuid, Selection->FormId);
- if (MenuList == NULL && Selection->CurrentMenu != NULL) {
- MenuList = UiAddMenuList (Selection->CurrentMenu, Selection->Handle, &Selection->FormSetGuid, Selection->FormId);
- }
}
return Status;
@@ -2279,12 +2296,12 @@ UiDisplayMenu ( //
// Find current Menu
//
- CurrentMenu = UiFindMenuList (&Selection->FormSetGuid, Selection->FormId);
+ CurrentMenu = UiFindMenuList (Selection->Handle, &Selection->FormSetGuid, Selection->FormId);
if (CurrentMenu == NULL) {
//
// Current menu not found, add it to the menu tree
//
- CurrentMenu = UiAddMenuList (NULL, Selection->Handle, &Selection->FormSetGuid, Selection->FormId);
+ CurrentMenu = UiAddMenuList (Selection->CurrentMenu, Selection->Handle, &Selection->FormSetGuid, Selection->FormId);
}
ASSERT (CurrentMenu != NULL);
Selection->CurrentMenu = CurrentMenu;
@@ -3285,7 +3302,8 @@ UiDisplayMenu ( // Check whether Key matches the registered hot key.
//
HotKey = NULL;
- if ((gBrowserSettingScope == SystemLevel) || (gFunctionKeySetting != NONE_FUNCTION_KEY_SETTING)) {
+ if ((gBrowserSettingScope == SystemLevel) ||
+ (Selection->FormEditable && gFunctionKeySetting != NONE_FUNCTION_KEY_SETTING)) {
HotKey = GetHotKeyFromRegisterList (&Key);
}
if (HotKey != NULL) {
diff --git a/MdeModulePkg/Universal/SetupBrowserDxe/Ui.h b/MdeModulePkg/Universal/SetupBrowserDxe/Ui.h index 4c3b314f0..03cb0cd75 100644 --- a/MdeModulePkg/Universal/SetupBrowserDxe/Ui.h +++ b/MdeModulePkg/Universal/SetupBrowserDxe/Ui.h @@ -195,6 +195,7 @@ typedef struct { extern LIST_ENTRY gMenuOption;
+extern LIST_ENTRY gMenuList;
extern MENU_REFRESH_ENTRY *gMenuRefreshHead;
extern UI_MENU_SELECTION *gCurrentSelection;
extern BOOLEAN mHiiPackageListUpdated;
@@ -250,9 +251,10 @@ UiAddMenuList ( );
/**
- Search Menu with given FormId in the parent menu and all its child menus.
+ Search Menu with given FormId, FormSetGuid and Handle in all cached menu list.
@param Parent The parent of menu to search.
+ @param Handle Hii handle related to this formset.
@param FormSetGuid The Formset GUID of the menu to search.
@param FormId The Form ID of menu to search.
@@ -262,13 +264,15 @@ UiAddMenuList ( UI_MENU_LIST *
UiFindChildMenuList (
IN UI_MENU_LIST *Parent,
+ IN EFI_HII_HANDLE Handle,
IN EFI_GUID *FormSetGuid,
IN UINT16 FormId
);
/**
- Search Menu with given FormSetGuid and FormId in all cached menu list.
+ Search Menu with given Handle, FormSetGuid and FormId in all cached menu list.
+ @param Handle Hii handle related to this formset.
@param FormSetGuid The Formset GUID of the menu to search.
@param FormId The Form ID of menu to search.
@@ -277,11 +281,23 @@ UiFindChildMenuList ( **/
UI_MENU_LIST *
UiFindMenuList (
+ IN EFI_HII_HANDLE Handle,
IN EFI_GUID *FormSetGuid,
IN UINT16 FormId
);
/**
+ Free Menu list linked list.
+
+ @param MenuListHead One Menu list point in the menu list.
+
+**/
+VOID
+UiFreeMenuList (
+ LIST_ENTRY *MenuListHead
+ );
+
+/**
Free Menu option linked list.
**/
diff --git a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c b/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c index 861e35eb9..8bf5d443a 100644 --- a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c +++ b/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c @@ -2,7 +2,7 @@ This code produces the Smbios protocol. It also responsible for constructing
SMBIOS table into system table.
-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -87,11 +87,11 @@ SMBIOS_TABLE_ENTRY_POINT EntryPointStructureData = { //
0,
//
- // StructureTableLength, TO BE FILLED
+ // TableLength, TO BE FILLED
//
0,
//
- // StructureTableAddress, TO BE FILLED
+ // TableAddress, TO BE FILLED
//
0,
//
@@ -101,7 +101,8 @@ SMBIOS_TABLE_ENTRY_POINT EntryPointStructureData = { //
// SmbiosBcdRevision
//
- 0
+ (UINT8) ((FixedPcdGet16 (PcdSmbiosVersion) >> 4) & 0xf0)
+ | (UINT8) (FixedPcdGet16 (PcdSmbiosVersion) & 0x0f)
};
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c index 8f10425eb..956c1f2ae 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c @@ -2756,6 +2756,11 @@ VariableCommonInitialize ( ASSERT(VariableStoreHeader->Size == VariableStoreLength);
//
+ // The max variable or hardware error variable size should be < variable store size.
+ //
+ ASSERT(MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize)) < VariableStoreLength);
+
+ //
// Parse non-volatile variable data and get last variable offset.
//
NextVariable = GetStartPointer ((VARIABLE_STORE_HEADER *)(UINTN)VariableStoreBase);
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c index 2a59ac16f..2fca25981 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c @@ -198,6 +198,16 @@ RuntimeServiceGetVariable ( return EFI_INVALID_PARAMETER;
}
+ if (*DataSize >= mVariableBufferSize) {
+ //
+ // DataSize may be near MAX_ADDRESS incorrectly, this can cause the computed PayLoadSize to
+ // overflow to a small value and pass the check in InitCommunicateBuffer().
+ // To protect against this vulnerability, return EFI_INVALID_PARAMETER if DataSize is >= mVariableBufferSize.
+ // And there will be further check to ensure the total size is also not > mVariableBufferSize.
+ //
+ return EFI_INVALID_PARAMETER;
+ }
+
AcquireLockOnlyAtBootTime(&mVariableServicesLock);
//
@@ -275,6 +285,16 @@ RuntimeServiceGetNextVariableName ( return EFI_INVALID_PARAMETER;
}
+ if (*VariableNameSize >= mVariableBufferSize) {
+ //
+ // VariableNameSize may be near MAX_ADDRESS incorrectly, this can cause the computed PayLoadSize to
+ // overflow to a small value and pass the check in InitCommunicateBuffer().
+ // To protect against this vulnerability, return EFI_INVALID_PARAMETER if VariableNameSize is >= mVariableBufferSize.
+ // And there will be further check to ensure the total size is also not > mVariableBufferSize.
+ //
+ return EFI_INVALID_PARAMETER;
+ }
+
AcquireLockOnlyAtBootTime(&mVariableServicesLock);
//
@@ -355,6 +375,16 @@ RuntimeServiceSetVariable ( return EFI_INVALID_PARAMETER;
}
+ if (DataSize >= mVariableBufferSize) {
+ //
+ // DataSize may be near MAX_ADDRESS incorrectly, this can cause the computed PayLoadSize to
+ // overflow to a small value and pass the check in InitCommunicateBuffer().
+ // To protect against this vulnerability, return EFI_INVALID_PARAMETER if DataSize is >= mVariableBufferSize.
+ // And there will be further check to ensure the total size is also not > mVariableBufferSize.
+ //
+ return EFI_INVALID_PARAMETER;
+ }
+
AcquireLockOnlyAtBootTime(&mVariableServicesLock);
//
|