Re: [edk2] [Patch 1/2] SecurityPkg OpalPasswordSmm: Consume SmmIoLib.

Wed, 03 May 2017 07:20:09 -0700 

Reviewed-by: [email protected]

> -----Original Message-----
> From: Dong, Eric
> Sent: Wednesday, May 3, 2017 11:32 AM
> To: [email protected]
> Cc: Yao, Jiewen <[email protected]>
> Subject: [Patch 1/2] SecurityPkg OpalPasswordSmm: Consume SmmIoLib.
> 
> Update code to consume SmmIoLib to check Mmio validation.
> 
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Eric Dong <[email protected]>
> Cc: Jiewen Yao <[email protected]>
> ---
>  .../Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c        | 30 +------------
>  .../Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c     | 51
> ----------------------
>  .../Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h     |  3 +-
>  .../Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf   |  2 +-
>  4 files changed, 3 insertions(+), 83 deletions(-)
> 
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c
> b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c
> index 33f77bd..e38acfd 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c
> @@ -1023,34 +1023,6 @@ GetAhciBarSize (
>  }
> 
>  /**
> -  This function check if the memory region is in GCD MMIO region.
> -
> -  @param Addr  The memory region start address to be checked.
> -  @param Size  The memory region length to be checked.
> -
> -  @retval TRUE  This memory region is in GCD MMIO region.
> -  @retval FALSE This memory region is not in GCD MMIO region.
> -**/
> -BOOLEAN
> -EFIAPI
> -OpalIsValidMmioSpace (
> -  IN  EFI_PHYSICAL_ADDRESS       Addr,
> -  IN  UINTN                      Size
> -  )
> -{
> -  UINTN                           Index;
> -  EFI_GCD_MEMORY_SPACE_DESCRIPTOR *Desc;
> -
> -  for (Index = 0; Index < mNumberOfDescriptors; Index ++) {
> -    Desc = &mGcdMemSpace[Index];
> -    if ((Desc->GcdMemoryType == EfiGcdMemoryTypeMemoryMappedIo) &&
> (Addr >= Desc->BaseAddress) && ((Addr + Size) <= (Desc->BaseAddress +
> Desc->Length))) {
> -      return TRUE;
> -    }
> -  }
> -
> -  return FALSE;
> -}
> -/**
>    Get AHCI mode base address registers' Value.
> 
>    @param[in] Bus         The bus number of ata host controller.
> @@ -1083,7 +1055,7 @@ GetAhciBaseAddress (
>    //
>    // Check if the AHCI Bar region is in SMRAM to avoid malicious attack by
> modifying MMIO Bar to point to SMRAM.
>    //
> -  if (!OpalIsValidMmioSpace ((EFI_PHYSICAL_ADDRESS)mAhciBar, Size)) {
> +  if (!SmmIsMmioValid ((EFI_PHYSICAL_ADDRESS)mAhciBar, Size, NULL)) {
>      return EFI_UNSUPPORTED;
>    }
> 
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
> b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
> index 2f2a1d9..0ea92b1 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
> @@ -61,9 +61,6 @@ VOID                 *mBuffer = NULL; // DMA can not
> read/write Data to smram, s
>  // NVME
>  NVME_CONTEXT         mNvmeContext;
> 
> -EFI_GCD_MEMORY_SPACE_DESCRIPTOR   *mGcdMemSpace        = NULL;
> -UINTN                             mNumberOfDescriptors = 0;
> -
>  /**
>    Add new bridge node or nvme device info to the device list.
> 
> @@ -648,44 +645,6 @@ S3SleepEntryCallBack (
>  }
> 
>  /**
> -  OpalPassword Notification for SMM EndOfDxe protocol.
> -
> -  @param[in] Protocol   Points to the protocol's unique identifier.
> -  @param[in] Interface  Points to the interface instance.
> -  @param[in] Handle     The handle on which the interface was installed.
> -
> -  @retval EFI_SUCCESS   Notification runs successfully.
> -**/
> -EFI_STATUS
> -EFIAPI
> -OpalPasswordEndOfDxeNotification (
> -  IN CONST EFI_GUID  *Protocol,
> -  IN VOID            *Interface,
> -  IN EFI_HANDLE      Handle
> -  )
> -{
> -  UINTN                            NumberOfDescriptors;
> -  EFI_GCD_MEMORY_SPACE_DESCRIPTOR  *MemSpaceMap;
> -  EFI_STATUS                       Status;
> -
> -  Status = gDS->GetMemorySpaceMap (&NumberOfDescriptors,
> &MemSpaceMap);
> -  if (EFI_ERROR (Status)) {
> -    return Status;
> -  }
> -
> -  mGcdMemSpace = AllocateCopyPool (NumberOfDescriptors * sizeof
> (EFI_GCD_MEMORY_SPACE_DESCRIPTOR), MemSpaceMap);
> -  if (EFI_ERROR (Status)) {
> -    gBS->FreePool (MemSpaceMap);
> -    return Status;
> -  }
> -
> -  mNumberOfDescriptors = NumberOfDescriptors;
> -  gBS->FreePool (MemSpaceMap);
> -
> -  return EFI_SUCCESS;
> -}
> -
> -/**
>    Main entry for this driver.
> 
>    @param ImageHandle     Image handle this driver.
> @@ -711,7 +670,6 @@ OpalPasswordSmmInit (
>    EFI_SMM_VARIABLE_PROTOCOL             *SmmVariable;
>    OPAL_EXTRA_INFO_VAR                   OpalExtraInfo;
>    UINTN                                 DataSize;
> -  EFI_EVENT                             EndOfDxeEvent;
>    EFI_PHYSICAL_ADDRESS                  Address;
> 
>    mBuffer            = NULL;
> @@ -820,15 +778,6 @@ OpalPasswordSmmInit (
>    //
>    mSwSmiValue = (UINT8) Context.SwSmiInputValue;
> 
> -  //
> -  // Create event to record GCD descriptors at end of dxe for judging
> AHCI/NVMe PCI Bar
> -  // is in MMIO space to avoid attack.
> -  //
> -  Status = gSmst->SmmRegisterProtocolNotify
> (&gEfiSmmEndOfDxeProtocolGuid, OpalPasswordEndOfDxeNotification,
> &EndOfDxeEvent);
> -  if (EFI_ERROR (Status)) {
> -    DEBUG((DEBUG_ERROR, "OpalPasswordSmm: Register SmmEndOfDxe fail,
> Status: %r\n", Status));
> -    goto EXIT;
> -  }
>    Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL,
> (VOID**)&SmmVariable);
>    if (!EFI_ERROR (Status)) {
>      DataSize = sizeof (OPAL_EXTRA_INFO_VAR);
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h
> b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h
> index ab31a6b..ce88786 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h
> @@ -45,6 +45,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND,
> EITHER EXPRESS OR IMPLIED.
>  #include <Library/S3BootScriptLib.h>
>  #include <Library/DevicePathLib.h>
>  #include <Library/DxeServicesTableLib.h>
> +#include <Library/SmmIoLib.h>
> 
>  #include <IndustryStandard/Pci22.h>
> 
> @@ -70,8 +71,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND,
> EITHER EXPRESS OR IMPLIED.
> 
>  extern VOID                              *mBuffer;
> 
> -extern EFI_GCD_MEMORY_SPACE_DESCRIPTOR   *mGcdMemSpace;
> -extern UINTN                             mNumberOfDescriptors;
>  #pragma pack(1)
> 
>  typedef struct {
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf
> b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf
> index cab0fd5..c62fa13 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf
> @@ -58,6 +58,7 @@
>    DxeServicesTableLib
>    DevicePathLib
>    OpalPasswordSupportLib
> +  SmmIoLib
> 
>  [Guids]
>    gOpalExtraInfoVariableGuid                    ## CONSUMES ## GUID
> @@ -69,7 +70,6 @@
>    gEfiSmmSxDispatch2ProtocolGuid                ## CONSUMES
>    gEfiSmmVariableProtocolGuid                   ## CONSUMES
>    gEfiStorageSecurityCommandProtocolGuid        ## CONSUMES
> -  gEfiSmmEndOfDxeProtocolGuid                   ## CONSUMES
> 
>  [Depex]
>    gEfiSmmSwDispatch2ProtocolGuid AND
> --
> 2.7.0.windows.1

_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.01.org/mailman/listinfo/edk2-devel

Reply via email to