From nobody Sun Dec 29 02:22:59 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1493782314817429.752930796188; Tue, 2 May 2017 20:31:54 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id BE5432195DA70; Tue, 2 May 2017 20:31:50 -0700 (PDT) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id D114221A04830 for ; Tue, 2 May 2017 20:31:49 -0700 (PDT) Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 May 2017 20:31:49 -0700 Received: from ydong10-win10.ccr.corp.intel.com ([10.239.158.51]) by fmsmga005.fm.intel.com with ESMTP; 02 May 2017 20:31:49 -0700 X-Original-To: edk2-devel@lists.01.org X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.38,282,1491289200"; d="scan'208";a="96551260" From: Eric Dong To: edk2-devel@lists.01.org Date: Wed, 3 May 2017 11:31:45 +0800 Message-Id: <1493782306-14084-2-git-send-email-eric.dong@intel.com> X-Mailer: git-send-email 2.7.0.windows.1 In-Reply-To: <1493782306-14084-1-git-send-email-eric.dong@intel.com> References: <1493782306-14084-1-git-send-email-eric.dong@intel.com> Subject: [edk2] [Patch 1/2] SecurityPkg OpalPasswordSmm: Consume SmmIoLib. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jiewen Yao MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Update code to consume SmmIoLib to check Mmio validation. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong Cc: Jiewen Yao Reviewed-by: Jiewen.yao@intel.com --- .../Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c | 30 +------------ .../Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c | 51 ------------------= ---- .../Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h | 3 +- .../Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf | 2 +- 4 files changed, 3 insertions(+), 83 deletions(-) diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c b/Security= Pkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c index 33f77bd..e38acfd 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c @@ -1023,34 +1023,6 @@ GetAhciBarSize ( } =20 /** - This function check if the memory region is in GCD MMIO region. - - @param Addr The memory region start address to be checked. - @param Size The memory region length to be checked. - - @retval TRUE This memory region is in GCD MMIO region. - @retval FALSE This memory region is not in GCD MMIO region. -**/ -BOOLEAN -EFIAPI -OpalIsValidMmioSpace ( - IN EFI_PHYSICAL_ADDRESS Addr, - IN UINTN Size - ) -{ - UINTN Index; - EFI_GCD_MEMORY_SPACE_DESCRIPTOR *Desc; - - for (Index =3D 0; Index < mNumberOfDescriptors; Index ++) { - Desc =3D &mGcdMemSpace[Index]; - if ((Desc->GcdMemoryType =3D=3D EfiGcdMemoryTypeMemoryMappedIo) && (Ad= dr >=3D Desc->BaseAddress) && ((Addr + Size) <=3D (Desc->BaseAddress + Desc= ->Length))) { - return TRUE; - } - } - - return FALSE; -} -/** Get AHCI mode base address registers' Value. =20 @param[in] Bus The bus number of ata host controller. @@ -1083,7 +1055,7 @@ GetAhciBaseAddress ( // // Check if the AHCI Bar region is in SMRAM to avoid malicious attack by= modifying MMIO Bar to point to SMRAM. // - if (!OpalIsValidMmioSpace ((EFI_PHYSICAL_ADDRESS)mAhciBar, Size)) { + if (!SmmIsMmioValid ((EFI_PHYSICAL_ADDRESS)mAhciBar, Size, NULL)) { return EFI_UNSUPPORTED; } =20 diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c b/Secur= ityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c index 2f2a1d9..0ea92b1 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c @@ -61,9 +61,6 @@ VOID *mBuffer =3D NULL; // DMA can not re= ad/write Data to smram, s // NVME NVME_CONTEXT mNvmeContext; =20 -EFI_GCD_MEMORY_SPACE_DESCRIPTOR *mGcdMemSpace =3D NULL; -UINTN mNumberOfDescriptors =3D 0; - /** Add new bridge node or nvme device info to the device list. =20 @@ -648,44 +645,6 @@ S3SleepEntryCallBack ( } =20 /** - OpalPassword Notification for SMM EndOfDxe protocol. - - @param[in] Protocol Points to the protocol's unique identifier. - @param[in] Interface Points to the interface instance. - @param[in] Handle The handle on which the interface was installed. - - @retval EFI_SUCCESS Notification runs successfully. -**/ -EFI_STATUS -EFIAPI -OpalPasswordEndOfDxeNotification ( - IN CONST EFI_GUID *Protocol, - IN VOID *Interface, - IN EFI_HANDLE Handle - ) -{ - UINTN NumberOfDescriptors; - EFI_GCD_MEMORY_SPACE_DESCRIPTOR *MemSpaceMap; - EFI_STATUS Status; - - Status =3D gDS->GetMemorySpaceMap (&NumberOfDescriptors, &MemSpaceMap); - if (EFI_ERROR (Status)) { - return Status; - } - - mGcdMemSpace =3D AllocateCopyPool (NumberOfDescriptors * sizeof (EFI_GCD= _MEMORY_SPACE_DESCRIPTOR), MemSpaceMap); - if (EFI_ERROR (Status)) { - gBS->FreePool (MemSpaceMap); - return Status; - } - - mNumberOfDescriptors =3D NumberOfDescriptors; - gBS->FreePool (MemSpaceMap); - - return EFI_SUCCESS; -} - -/** Main entry for this driver. =20 @param ImageHandle Image handle this driver. @@ -711,7 +670,6 @@ OpalPasswordSmmInit ( EFI_SMM_VARIABLE_PROTOCOL *SmmVariable; OPAL_EXTRA_INFO_VAR OpalExtraInfo; UINTN DataSize; - EFI_EVENT EndOfDxeEvent; EFI_PHYSICAL_ADDRESS Address; =20 mBuffer =3D NULL; @@ -820,15 +778,6 @@ OpalPasswordSmmInit ( // mSwSmiValue =3D (UINT8) Context.SwSmiInputValue; =20 - // - // Create event to record GCD descriptors at end of dxe for judging AHCI= /NVMe PCI Bar - // is in MMIO space to avoid attack. - // - Status =3D gSmst->SmmRegisterProtocolNotify (&gEfiSmmEndOfDxeProtocolGui= d, OpalPasswordEndOfDxeNotification, &EndOfDxeEvent); - if (EFI_ERROR (Status)) { - DEBUG((DEBUG_ERROR, "OpalPasswordSmm: Register SmmEndOfDxe fail, Statu= s: %r\n", Status)); - goto EXIT; - } Status =3D gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL,= (VOID**)&SmmVariable); if (!EFI_ERROR (Status)) { DataSize =3D sizeof (OPAL_EXTRA_INFO_VAR); diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h b/Secur= ityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h index ab31a6b..ce88786 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h @@ -45,6 +45,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER= EXPRESS OR IMPLIED. #include #include #include +#include =20 #include =20 @@ -70,8 +71,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER= EXPRESS OR IMPLIED. =20 extern VOID *mBuffer; =20 -extern EFI_GCD_MEMORY_SPACE_DESCRIPTOR *mGcdMemSpace; -extern UINTN mNumberOfDescriptors; #pragma pack(1) =20 typedef struct { diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf b/Sec= urityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf index cab0fd5..c62fa13 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf @@ -58,6 +58,7 @@ DxeServicesTableLib DevicePathLib OpalPasswordSupportLib + SmmIoLib =20 [Guids] gOpalExtraInfoVariableGuid ## CONSUMES ## GUID @@ -69,7 +70,6 @@ gEfiSmmSxDispatch2ProtocolGuid ## CONSUMES gEfiSmmVariableProtocolGuid ## CONSUMES gEfiStorageSecurityCommandProtocolGuid ## CONSUMES - gEfiSmmEndOfDxeProtocolGuid ## CONSUMES =20 [Depex] gEfiSmmSwDispatch2ProtocolGuid AND --=20 2.7.0.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel