Hi Supreeth,
On Fri, Apr 06, 2018 at 03:42:13PM +0100, Supreeth Venkatesh wrote:
> MM memory check library library implementation. This library consumes
> MM_ACCESS_PROTOCOL to get MMRAM information. In order to use this
> library instance, the platform should produce all MMRAM range via
> MM_ACCESS_PROTOCOL, including the range for firmware (like MM Core
> and MM driver) and/or specific dedicated hardware.
>
> This patch provides services for MM Memory Operation.
> The management mode Mem Library provides function for checking if buffer
> is outside MMRAM and valid. It also provides functions for copy data
> from MMRAM to non-MMRAM, from non-MMRAM to MMRAM,
> from non-MMRAM to non-MMRAM, or set data in non-MMRAM.
>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Achin Gupta <achin.gu...@arm.com>
> Signed-off-by: Supreeth Venkatesh <supreeth.venkat...@arm.com>
> ---
> StandaloneMmPkg/Include/Library/MemLib.h | 140 ++++++++++++++
> StandaloneMmPkg/Library/MemLib/Arm/MemLib.c | 276
> ++++++++++++++++++++++++++++
Advertising
Why is this Library Arm specific. Apart from cosmetics tweaks, it has not
changed since it was originally contributed?
cheers,
Achin
> StandaloneMmPkg/Library/MemLib/MemLib.inf | 47 +++++
> 3 files changed, 463 insertions(+)
> create mode 100644 StandaloneMmPkg/Include/Library/MemLib.h
> create mode 100644 StandaloneMmPkg/Library/MemLib/Arm/MemLib.c
> create mode 100644 StandaloneMmPkg/Library/MemLib/MemLib.inf
>
> diff --git a/StandaloneMmPkg/Include/Library/MemLib.h
> b/StandaloneMmPkg/Include/Library/MemLib.h
> new file mode 100644
> index 0000000000..3264f10010
> --- /dev/null
> +++ b/StandaloneMmPkg/Include/Library/MemLib.h
> @@ -0,0 +1,140 @@
> +/** @file
> + Provides services for MM Memory Operation.
> +
> + The MM Mem Library provides function for checking if buffer is outside
> MMRAM and valid.
> + It also provides functions for copy data from MMRAM to non-MMRAM, from
> non-MMRAM to MMRAM,
> + from non-MMRAM to non-MMRAM, or set data in non-MMRAM.
> +
> + Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
> + Copyright (c) 2016 - 2017, ARM Limited. All rights reserved.<BR>
> +
> + This program and the accompanying materials
> + are licensed and made available under the terms and conditions of the BSD
> License
> + which accompanies this distribution. The full text of the license may be
> found at
> + http://opensource.org/licenses/bsd-license.php
> +
> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
> IMPLIED.
> +
> +**/
> +
> +#ifndef _MM_MEM_LIB_H_
> +#define _MM_MEM_LIB_H_
> +
> +/**
> + This function check if the buffer is valid per processor architecture and
> not overlap with MMRAM.
> +
> + @param Buffer The buffer start address to be checked.
> + @param Length The buffer length to be checked.
> +
> + @retval TRUE This buffer is valid per processor architecture and not
> overlap with MMRAM.
> + @retval FALSE This buffer is not valid per processor architecture or
> overlap with MMRAM.
> +**/
> +BOOLEAN
> +EFIAPI
> +MmIsBufferOutsideMmValid (
> + IN EFI_PHYSICAL_ADDRESS Buffer,
> + IN UINT64 Length
> + );
> +
> +/**
> + Copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).
> +
> + This function copies a source buffer (non-MMRAM) to a destination buffer
> (MMRAM).
> + It checks if source buffer is valid per processor architecture and not
> overlap with MMRAM.
> + If the check passes, it copies memory and returns EFI_SUCCESS.
> + If the check fails, it return EFI_SECURITY_VIOLATION.
> + The implementation must be reentrant.
> +
> + @param DestinationBuffer The pointer to the destination buffer of the
> memory copy.
> + @param SourceBuffer The pointer to the source buffer of the memory
> copy.
> + @param Length The number of bytes to copy from SourceBuffer
> to DestinationBuffer.
> +
> + @retval EFI_SECURITY_VIOLATION The SourceBuffer is invalid per processor
> architecture or overlap with MMRAM.
> + @retval EFI_SUCCESS Memory is copied.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +MmCopyMemToSmram (
> + OUT VOID *DestinationBuffer,
> + IN CONST VOID *SourceBuffer,
> + IN UINTN Length
> + );
> +
> +/**
> + Copies a source buffer (MMRAM) to a destination buffer (NON-MMRAM).
> +
> + This function copies a source buffer (non-MMRAM) to a destination buffer
> (MMRAM).
> + It checks if destination buffer is valid per processor architecture and
> not overlap with MMRAM.
> + If the check passes, it copies memory and returns EFI_SUCCESS.
> + If the check fails, it returns EFI_SECURITY_VIOLATION.
> + The implementation must be reentrant.
> +
> + @param DestinationBuffer The pointer to the destination buffer of the
> memory copy.
> + @param SourceBuffer The pointer to the source buffer of the memory
> copy.
> + @param Length The number of bytes to copy from SourceBuffer
> to DestinationBuffer.
> +
> + @retval EFI_SECURITY_VIOLATION The DesinationBuffer is invalid per
> processor architecture or overlap with MMRAM.
> + @retval EFI_SUCCESS Memory is copied.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +MmCopyMemFromSmram (
> + OUT VOID *DestinationBuffer,
> + IN CONST VOID *SourceBuffer,
> + IN UINTN Length
> + );
> +
> +/**
> + Copies a source buffer (NON-MMRAM) to a destination buffer (NON-MMRAM).
> +
> + This function copies a source buffer (non-MMRAM) to a destination buffer
> (MMRAM).
> + It checks if source buffer and destination buffer are valid per processor
> architecture and not overlap with MMRAM.
> + If the check passes, it copies memory and returns EFI_SUCCESS.
> + If the check fails, it returns EFI_SECURITY_VIOLATION.
> + The implementation must be reentrant, and it must handle the case where
> source buffer overlaps destination buffer.
> +
> + @param DestinationBuffer The pointer to the destination buffer of the
> memory copy.
> + @param SourceBuffer The pointer to the source buffer of the memory
> copy.
> + @param Length The number of bytes to copy from SourceBuffer
> to DestinationBuffer.
> +
> + @retval EFI_SECURITY_VIOLATION The DesinationBuffer is invalid per
> processor architecture or overlap with MMRAM.
> + @retval EFI_SECURITY_VIOLATION The SourceBuffer is invalid per processor
> architecture or overlap with MMRAM.
> + @retval EFI_SUCCESS Memory is copied.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +MmCopyMem (
> + OUT VOID *DestinationBuffer,
> + IN CONST VOID *SourceBuffer,
> + IN UINTN Length
> + );
> +
> +/**
> + Fills a target buffer (NON-MMRAM) with a byte value.
> +
> + This function fills a target buffer (non-MMRAM) with a byte value.
> + It checks if target buffer is valid per processor architecture and not
> overlap with MMRAM.
> + If the check passes, it fills memory and returns EFI_SUCCESS.
> + If the check fails, it returns EFI_SECURITY_VIOLATION.
> +
> + @param Buffer The memory to set.
> + @param Length The number of bytes to set.
> + @param Value The value with which to fill Length bytes of Buffer.
> +
> + @retval EFI_SECURITY_VIOLATION The Buffer is invalid per processor
> architecture or overlap with MMRAM.
> + @retval EFI_SUCCESS Memory is set.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +MmSetMem (
> + OUT VOID *Buffer,
> + IN UINTN Length,
> + IN UINT8 Value
> + );
> +
> +#endif
> diff --git a/StandaloneMmPkg/Library/MemLib/Arm/MemLib.c
> b/StandaloneMmPkg/Library/MemLib/Arm/MemLib.c
> new file mode 100644
> index 0000000000..432a45698b
> --- /dev/null
> +++ b/StandaloneMmPkg/Library/MemLib/Arm/MemLib.c
> @@ -0,0 +1,276 @@
> +/** @file
> + Instance of MM memory check library.
> +
> + MM memory check library library implementation. This library consumes
> MM_ACCESS_PROTOCOL
> + to get MMRAM information. In order to use this library instance, the
> platform should produce
> + all MMRAM range via MM_ACCESS_PROTOCOL, including the range for firmware
> (like MM Core
> + and MM driver) and/or specific dedicated hardware.
> +
> + Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
> + Copyright (c) 2016 - 2017, ARM Limited. All rights reserved.<BR>
> +
> + This program and the accompanying materials
> + are licensed and made available under the terms and conditions of the BSD
> License
> + which accompanies this distribution. The full text of the license may be
> found at
> + http://opensource.org/licenses/bsd-license.php
> +
> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
> IMPLIED.
> +
> +**/
> +
> +
> +#include <PiMm.h>
> +
> +#include <Library/BaseLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/DebugLib.h>
> +
> +EFI_MMRAM_DESCRIPTOR *mMmMemLibInternalMmramRanges;
> +UINTN mMmMemLibInternalMmramCount;
> +
> +//
> +// Maximum support address used to check input buffer
> +//
> +EFI_PHYSICAL_ADDRESS mMmMemLibInternalMaximumSupportAddress = 0;
> +
> +/**
> + Calculate and save the maximum support address.
> +
> +**/
> +VOID
> +MmMemLibInternalCalculateMaximumSupportAddress (
> + VOID
> + )
> +{
> + UINT8 PhysicalAddressBits;
> +
> + PhysicalAddressBits = 36;
> +
> + //
> + // Save the maximum support address in one global variable
> + //
> + mMmMemLibInternalMaximumSupportAddress =
> (EFI_PHYSICAL_ADDRESS)(UINTN)(LShiftU64 (1, PhysicalAddressBits) - 1);
> + DEBUG ((DEBUG_INFO, "mMmMemLibInternalMaximumSupportAddress = 0x%lx\n",
> mMmMemLibInternalMaximumSupportAddress));
> +}
> +
> +/**
> + This function check if the buffer is valid per processor architecture and
> not overlap with MMRAM.
> +
> + @param Buffer The buffer start address to be checked.
> + @param Length The buffer length to be checked.
> +
> + @retval TRUE This buffer is valid per processor architecture and not
> overlap with MMRAM.
> + @retval FALSE This buffer is not valid per processor architecture or
> overlap with MMRAM.
> +**/
> +BOOLEAN
> +EFIAPI
> +MmIsBufferOutsideMmValid (
> + IN EFI_PHYSICAL_ADDRESS Buffer,
> + IN UINT64 Length
> + )
> +{
> + UINTN Index;
> +
> + //
> + // Check override.
> + // NOTE: (B:0->L:4G) is invalid for IA32, but (B:1->L:4G-1)/(B:4G-1->L:1)
> is valid.
> + //
> + if ((Length > mMmMemLibInternalMaximumSupportAddress) ||
> + (Buffer > mMmMemLibInternalMaximumSupportAddress) ||
> + ((Length != 0) && (Buffer > (mMmMemLibInternalMaximumSupportAddress -
> (Length - 1)))) ) {
> + //
> + // Overflow happen
> + //
> + DEBUG ((
> + DEBUG_ERROR,
> + "MmIsBufferOutsideMmValid: Overflow: Buffer (0x%lx) - Length (0x%lx),
> MaximumSupportAddress (0x%lx)\n",
> + Buffer,
> + Length,
> + mMmMemLibInternalMaximumSupportAddress
> + ));
> + return FALSE;
> + }
> +
> + for (Index = 0; Index < mMmMemLibInternalMmramCount; Index ++) {
> + if (((Buffer >= mMmMemLibInternalMmramRanges[Index].CpuStart) && (Buffer
> < mMmMemLibInternalMmramRanges[Index].CpuStart +
> mMmMemLibInternalMmramRanges[Index].PhysicalSize)) ||
> + ((mMmMemLibInternalMmramRanges[Index].CpuStart >= Buffer) &&
> (mMmMemLibInternalMmramRanges[Index].CpuStart < Buffer + Length))) {
> + DEBUG ((
> + DEBUG_ERROR,
> + "MmIsBufferOutsideMmValid: Overlap: Buffer (0x%lx) - Length (0x%lx),
> ",
> + Buffer,
> + Length
> + ));
> + DEBUG ((
> + DEBUG_ERROR,
> + "CpuStart (0x%lx) - PhysicalSize (0x%lx)\n",
> + mMmMemLibInternalMmramRanges[Index].CpuStart,
> + mMmMemLibInternalMmramRanges[Index].PhysicalSize
> + ));
> + return FALSE;
> + }
> + }
> +
> + return TRUE;
> +}
> +
> +/**
> + Copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).
> +
> + This function copies a source buffer (non-MMRAM) to a destination buffer
> (MMRAM).
> + It checks if source buffer is valid per processor architecture and not
> overlap with MMRAM.
> + If the check passes, it copies memory and returns EFI_SUCCESS.
> + If the check fails, it return EFI_SECURITY_VIOLATION.
> + The implementation must be reentrant.
> +
> + @param DestinationBuffer The pointer to the destination buffer of the
> memory copy.
> + @param SourceBuffer The pointer to the source buffer of the memory
> copy.
> + @param Length The number of bytes to copy from SourceBuffer
> to DestinationBuffer.
> +
> + @retval EFI_SECURITY_VIOLATION The SourceBuffer is invalid per processor
> architecture or overlap with MMRAM.
> + @retval EFI_SUCCESS Memory is copied.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +MmCopyMemToMmram (
> + OUT VOID *DestinationBuffer,
> + IN CONST VOID *SourceBuffer,
> + IN UINTN Length
> + )
> +{
> + if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)SourceBuffer,
> Length)) {
> + DEBUG ((DEBUG_ERROR, "MmCopyMemToMmram: Security Violation: Source
> (0x%x), Length (0x%x)\n", SourceBuffer, Length));
> + return EFI_SECURITY_VIOLATION;
> + }
> + CopyMem (DestinationBuffer, SourceBuffer, Length);
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Copies a source buffer (MMRAM) to a destination buffer (NON-MMRAM).
> +
> + This function copies a source buffer (non-MMRAM) to a destination buffer
> (MMRAM).
> + It checks if destination buffer is valid per processor architecture and
> not overlap with MMRAM.
> + If the check passes, it copies memory and returns EFI_SUCCESS.
> + If the check fails, it returns EFI_SECURITY_VIOLATION.
> + The implementation must be reentrant.
> +
> + @param DestinationBuffer The pointer to the destination buffer of the
> memory copy.
> + @param SourceBuffer The pointer to the source buffer of the memory
> copy.
> + @param Length The number of bytes to copy from SourceBuffer
> to DestinationBuffer.
> +
> + @retval EFI_SECURITY_VIOLATION The DesinationBuffer is invalid per
> processor architecture or overlap with MMRAM.
> + @retval EFI_SUCCESS Memory is copied.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +MmCopyMemFromMmram (
> + OUT VOID *DestinationBuffer,
> + IN CONST VOID *SourceBuffer,
> + IN UINTN Length
> + )
> +{
> + if (!MmIsBufferOutsideMmValid
> ((EFI_PHYSICAL_ADDRESS)(UINTN)DestinationBuffer, Length)) {
> + DEBUG ((DEBUG_ERROR, "MmCopyMemFromMmram: Security Violation:
> Destination (0x%x), Length (0x%x)\n", DestinationBuffer, Length));
> + return EFI_SECURITY_VIOLATION;
> + }
> + CopyMem (DestinationBuffer, SourceBuffer, Length);
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Copies a source buffer (NON-MMRAM) to a destination buffer (NON-MMRAM).
> +
> + This function copies a source buffer (non-MMRAM) to a destination buffer
> (MMRAM).
> + It checks if source buffer and destination buffer are valid per processor
> architecture and not overlap with MMRAM.
> + If the check passes, it copies memory and returns EFI_SUCCESS.
> + If the check fails, it returns EFI_SECURITY_VIOLATION.
> + The implementation must be reentrant, and it must handle the case where
> source buffer overlaps destination buffer.
> +
> + @param DestinationBuffer The pointer to the destination buffer of the
> memory copy.
> + @param SourceBuffer The pointer to the source buffer of the memory
> copy.
> + @param Length The number of bytes to copy from SourceBuffer
> to DestinationBuffer.
> +
> + @retval EFI_SECURITY_VIOLATION The DesinationBuffer is invalid per
> processor architecture or overlap with MMRAM.
> + @retval EFI_SECURITY_VIOLATION The SourceBuffer is invalid per processor
> architecture or overlap with MMRAM.
> + @retval EFI_SUCCESS Memory is copied.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +MmCopyMem (
> + OUT VOID *DestinationBuffer,
> + IN CONST VOID *SourceBuffer,
> + IN UINTN Length
> + )
> +{
> + if (!MmIsBufferOutsideMmValid
> ((EFI_PHYSICAL_ADDRESS)(UINTN)DestinationBuffer, Length)) {
> + DEBUG ((DEBUG_ERROR, "MmCopyMem: Security Violation: Destination (0x%x),
> Length (0x%x)\n", DestinationBuffer, Length));
> + return EFI_SECURITY_VIOLATION;
> + }
> + if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)SourceBuffer,
> Length)) {
> + DEBUG ((DEBUG_ERROR, "MmCopyMem: Security Violation: Source (0x%x),
> Length (0x%x)\n", SourceBuffer, Length));
> + return EFI_SECURITY_VIOLATION;
> + }
> + CopyMem (DestinationBuffer, SourceBuffer, Length);
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Fills a target buffer (NON-MMRAM) with a byte value.
> +
> + This function fills a target buffer (non-MMRAM) with a byte value.
> + It checks if target buffer is valid per processor architecture and not
> overlap with MMRAM.
> + If the check passes, it fills memory and returns EFI_SUCCESS.
> + If the check fails, it returns EFI_SECURITY_VIOLATION.
> +
> + @param Buffer The memory to set.
> + @param Length The number of bytes to set.
> + @param Value The value with which to fill Length bytes of Buffer.
> +
> + @retval EFI_SECURITY_VIOLATION The Buffer is invalid per processor
> architecture or overlap with MMRAM.
> + @retval EFI_SUCCESS Memory is set.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +MmSetMem (
> + OUT VOID *Buffer,
> + IN UINTN Length,
> + IN UINT8 Value
> + )
> +{
> + if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)Buffer,
> Length)) {
> + DEBUG ((DEBUG_ERROR, "MmSetMem: Security Violation: Source (0x%x),
> Length (0x%x)\n", Buffer, Length));
> + return EFI_SECURITY_VIOLATION;
> + }
> + SetMem (Buffer, Length, Value);
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + The constructor function initializes the Mm Mem library
> +
> + @param ImageHandle The firmware allocated handle for the EFI image.
> + @param SystemTable A pointer to the EFI System Table.
> +
> + @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +MemLibConstructor (
> + IN EFI_HANDLE ImageHandle,
> + IN EFI_MM_SYSTEM_TABLE *MmSystemTable
> + )
> +{
> +
> + //
> + // Calculate and save maximum support address
> + //
> + MmMemLibInternalCalculateMaximumSupportAddress ();
> +
> + return EFI_SUCCESS;
> +}
> diff --git a/StandaloneMmPkg/Library/MemLib/MemLib.inf
> b/StandaloneMmPkg/Library/MemLib/MemLib.inf
> new file mode 100644
> index 0000000000..52b7c06397
> --- /dev/null
> +++ b/StandaloneMmPkg/Library/MemLib/MemLib.inf
> @@ -0,0 +1,47 @@
> +## @file
> +# Instance of MM memory check library.
> +#
> +# MM memory check library library implementation. This library consumes
> MM_ACCESS_PROTOCOL
> +# to get MMRAM information. In order to use this library instance, the
> platform should produce
> +# all MMRAM range via MM_ACCESS_PROTOCOL, including the range for firmware
> (like MM Core
> +# and MM driver) and/or specific dedicated hardware.
> +#
> +# Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2016 - 2017, ARM Limited. All rights reserved.<BR>
> +#
> +# This program and the accompanying materials
> +# are licensed and made available under the terms and conditions of the BSD
> License
> +# which accompanies this distribution. The full text of the license may be
> found at
> +# http://opensource.org/licenses/bsd-license.php
> +#
> +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
> IMPLIED.
> +#
> +##
> +
> +[Defines]
> + INF_VERSION = 0x0001001A
> + BASE_NAME = MemLib
> + FILE_GUID = EA355F14-6409-4716-829F-37B3BC7C7F26
> + MODULE_TYPE = MM_STANDALONE
> + VERSION_STRING = 1.0
> + PI_SPECIFICATION_VERSION = 0x00010032
> + LIBRARY_CLASS = MemLib|MM_STANDALONE MM_CORE_STANDALONE
> + CONSTRUCTOR = MemLibConstructor
> +
> +#
> +# The following information is for reference only and not required by the
> build tools.
> +#
> +# VALID_ARCHITECTURES = AARCH64
> +#
> +
> +[Sources.AARCH64]
> + Arm/MemLib.c
> +
> +[Packages]
> + MdePkg/MdePkg.dec
> + StandaloneMmPkg/StandaloneMmPkg.dec
> +
> +[LibraryClasses]
> + BaseMemoryLib
> + DebugLib
> --
> 2.16.2
>
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel