Re: [edk2] [patch V2 3/3] MdeModulePkg: Add MorLock to variable driver.

2016-01-18 Thread Zhang, Chao B 
Reviewed-by: Chao Zhang 





Thanks & Best regards
Chao Zhang


-Original Message-
From: Yao, Jiewen 
Sent: Monday, January 18, 2016 2:52 PM
To: edk2-de...@ml01.01.org
Cc: Yao, Jiewen; Zhang, Chao B; Zeng, Star
Subject: [patch V2 3/3] MdeModulePkg: Add MorLock to variable driver.

This patch adds MorLock function to Variable main function.
It also updates corresponding INF file to pass build.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Zhang, Chao B" 
Cc: "Zeng, Star" 
---
 .../Universal/Variable/RuntimeDxe/Variable.c   | 60 +-
 .../Variable/RuntimeDxe/VariableRuntimeDxe.inf |  6 ++-
 .../Universal/Variable/RuntimeDxe/VariableSmm.inf  |  6 ++-
 3 files changed, 69 insertions(+), 3 deletions(-)

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c 
b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
index 2dc3038..5e39d44 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
@@ -16,7 +16,7 @@
   VariableServiceSetVariable() should also check authenticate data to avoid 
buffer overflow,
   integer overflow. It should also check attribute to avoid authentication 
bypass.
 
-Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
 (C) Copyright 2015 Hewlett Packard Enterprise Development LP  This program 
and the accompanying materials  are licensed and made available under the terms 
and conditions of the BSD License @@ -112,6 +112,43 @@ SecureBootHook (
   );
 
 /**
+  Initialization for MOR Lock Control.
+
+  @retval EFI_SUCEESS MorLock initialization success.
+  @return Others  Some error occurs.
+**/
+EFI_STATUS
+MorLockInit (
+  VOID
+  );
+
+/**
+  This service is an MOR/MorLock checker handler for the SetVariable().
+
+  @param  VariableName the name of the vendor's variable, as a
+   Null-Terminated Unicode String
+  @param  VendorGuid   Unify identifier for vendor.
+  @param  Attributes   Point to memory location to return the attributes of 
variable. If the point
+   is NULL, the parameter would be ignored.
+  @param  DataSize The size in bytes of Data-Buffer.
+  @param  Data Point to the content of the variable.
+
+  @retval  EFI_SUCCESSThe MOR/MorLock check pass, and Variable 
driver can store the variable data.
+  @retval  EFI_INVALID_PARAMETER  The MOR/MorLock data or data size or 
attributes is not allowed for MOR variable.
+  @retval  EFI_ACCESS_DENIED  The MOR/MorLock is locked.
+  @retval  EFI_ALREADY_STARTEDThe MorLock variable is handled inside this 
function.
+  Variable driver can just return EFI_SUCCESS.
+**/
+EFI_STATUS
+SetVariableCheckHandlerMor (
+  IN CHAR16 *VariableName,
+  IN EFI_GUID   *VendorGuid,
+  IN UINT32 Attributes,
+  IN UINTN  DataSize,
+  IN VOID   *Data
+  );
+
+/**
   Routine used to track statistical information about variable usage.
   The data is stored in the EFI system table so it can be accessed later.
   VariableInfo.efi can dump out the table. Only Boot Services variable @@ 
-3192,6 +3229,21 @@ VariableServiceSetVariable (
 }
   }
 
+  //
+  // Special Handling for MOR Lock variable.
+  //
+  Status = SetVariableCheckHandlerMor (VariableName, VendorGuid, 
+ Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize));  
if (Status == EFI_ALREADY_STARTED) {
+//
+// EFI_ALREADY_STARTED means the SetVariable() action is handled inside of 
SetVariableCheckHandlerMor().
+// Variable driver can just return SUCCESS.
+//
+return EFI_SUCCESS;
+  }
+  if (EFI_ERROR (Status)) {
+return Status;
+  }
+
   Status = VarCheckLibSetVariableCheck (VariableName, VendorGuid, Attributes, 
PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize), mRequestSource);
   if (EFI_ERROR (Status)) {
 return Status;
@@ -3966,6 +4018,12 @@ VariableWriteServiceInitialize (
   }
 
   ReleaseLockOnlyAtBootTime 
(>VariableGlobal.VariableServicesLock);
+
+  //
+  // Initialize MOR Lock variable.
+  //
+  MorLockInit ();
+
   return Status;
 }
 
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf 
b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
index 62c1568..da9b8bb 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
@@ -9,7 +9,7 @@
 #  This external input must be validated carefully to avoid security issues 
such as  #  buffer overflow or integer overflow.
 #
-# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.
+# Copyright (c) 2006 - 2016, Intel Corporation. All rights 
+reserved.
 # This program and the

[edk2] [patch V2 3/3] MdeModulePkg: Add MorLock to variable driver.

2016-01-17 Thread jiewen yao 
This patch adds MorLock function to Variable main function.
It also updates corresponding INF file to pass build.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Zhang, Chao B" 
Cc: "Zeng, Star" 
---
 .../Universal/Variable/RuntimeDxe/Variable.c   | 60 +-
 .../Variable/RuntimeDxe/VariableRuntimeDxe.inf |  6 ++-
 .../Universal/Variable/RuntimeDxe/VariableSmm.inf  |  6 ++-
 3 files changed, 69 insertions(+), 3 deletions(-)

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c 
b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
index 2dc3038..5e39d44 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
@@ -16,7 +16,7 @@
   VariableServiceSetVariable() should also check authenticate data to avoid 
buffer overflow,
   integer overflow. It should also check attribute to avoid authentication 
bypass.
 
-Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
 (C) Copyright 2015 Hewlett Packard Enterprise Development LP
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD 
License
@@ -112,6 +112,43 @@ SecureBootHook (
   );
 
 /**
+  Initialization for MOR Lock Control.
+
+  @retval EFI_SUCEESS MorLock initialization success.
+  @return Others  Some error occurs.
+**/
+EFI_STATUS
+MorLockInit (
+  VOID
+  );
+
+/**
+  This service is an MOR/MorLock checker handler for the SetVariable().
+
+  @param  VariableName the name of the vendor's variable, as a
+   Null-Terminated Unicode String
+  @param  VendorGuid   Unify identifier for vendor.
+  @param  Attributes   Point to memory location to return the attributes of 
variable. If the point
+   is NULL, the parameter would be ignored.
+  @param  DataSize The size in bytes of Data-Buffer.
+  @param  Data Point to the content of the variable.
+
+  @retval  EFI_SUCCESSThe MOR/MorLock check pass, and Variable 
driver can store the variable data.
+  @retval  EFI_INVALID_PARAMETER  The MOR/MorLock data or data size or 
attributes is not allowed for MOR variable.
+  @retval  EFI_ACCESS_DENIED  The MOR/MorLock is locked.
+  @retval  EFI_ALREADY_STARTEDThe MorLock variable is handled inside this 
function.
+  Variable driver can just return EFI_SUCCESS.
+**/
+EFI_STATUS
+SetVariableCheckHandlerMor (
+  IN CHAR16 *VariableName,
+  IN EFI_GUID   *VendorGuid,
+  IN UINT32 Attributes,
+  IN UINTN  DataSize,
+  IN VOID   *Data
+  );
+
+/**
   Routine used to track statistical information about variable usage.
   The data is stored in the EFI system table so it can be accessed later.
   VariableInfo.efi can dump out the table. Only Boot Services variable
@@ -3192,6 +3229,21 @@ VariableServiceSetVariable (
 }
   }
 
+  //
+  // Special Handling for MOR Lock variable.
+  //
+  Status = SetVariableCheckHandlerMor (VariableName, VendorGuid, Attributes, 
PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize));
+  if (Status == EFI_ALREADY_STARTED) {
+//
+// EFI_ALREADY_STARTED means the SetVariable() action is handled inside of 
SetVariableCheckHandlerMor().
+// Variable driver can just return SUCCESS.
+//
+return EFI_SUCCESS;
+  }
+  if (EFI_ERROR (Status)) {
+return Status;
+  }
+
   Status = VarCheckLibSetVariableCheck (VariableName, VendorGuid, Attributes, 
PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize), mRequestSource);
   if (EFI_ERROR (Status)) {
 return Status;
@@ -3966,6 +4018,12 @@ VariableWriteServiceInitialize (
   }
 
   ReleaseLockOnlyAtBootTime 
(>VariableGlobal.VariableServicesLock);
+
+  //
+  // Initialize MOR Lock variable.
+  //
+  MorLockInit ();
+
   return Status;
 }
 
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf 
b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
index 62c1568..da9b8bb 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
@@ -9,7 +9,7 @@
 #  This external input must be validated carefully to avoid security issues 
such as
 #  buffer overflow or integer overflow.
 #
-# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.
+# Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD 
License
 # which accompanies this distribution. The full text of the license may be 
found at
@@ -42,6 +42,7 @@
   VariableDxe.c
   Variable.h
   Measurement.c
+  TcgMorLockDxe.c
   VarCheck.c
   VariableExLib.c
 
@@ -95,6