diff options
Diffstat (limited to 'StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.c')
| -rw-r--r-- | StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.c | 269 |
1 files changed, 269 insertions, 0 deletions
diff --git a/StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.c b/StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.c new file mode 100644 index 0000000000..ba1a57df96 --- /dev/null +++ b/StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.c @@ -0,0 +1,269 @@ +/** @file
+ Instance of MM memory check library.
+
+ MM memory check library library implementation. This library consumes MM_ACCESS_PROTOCOL
+ to get MMRAM information. In order to use this library instance, the platform should produce
+ all MMRAM range via MM_ACCESS_PROTOCOL, including the range for firmware (like MM Core
+ and MM driver) and/or specific dedicated hardware.
+
+ Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2016 - 2018, ARM Limited. All rights reserved.<BR>
+
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+
+#include <PiMm.h>
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+
+EFI_MMRAM_DESCRIPTOR *mMmMemLibInternalMmramRanges;
+UINTN mMmMemLibInternalMmramCount;
+
+//
+// Maximum support address used to check input buffer
+//
+EFI_PHYSICAL_ADDRESS mMmMemLibInternalMaximumSupportAddress = 0;
+
+/**
+ Calculate and save the maximum support address.
+
+**/
+VOID
+MmMemLibInternalCalculateMaximumSupportAddress (
+ VOID
+ );
+
+/**
+ This function check if the buffer is valid per processor architecture and not overlap with MMRAM.
+
+ @param Buffer The buffer start address to be checked.
+ @param Length The buffer length to be checked.
+
+ @retval TRUE This buffer is valid per processor architecture and not overlap with MMRAM.
+ @retval FALSE This buffer is not valid per processor architecture or overlap with MMRAM.
+**/
+BOOLEAN
+EFIAPI
+MmIsBufferOutsideMmValid (
+ IN EFI_PHYSICAL_ADDRESS Buffer,
+ IN UINT64 Length
+ )
+{
+ UINTN Index;
+
+ //
+ // Check override.
+ // NOTE: (B:0->L:4G) is invalid for IA32, but (B:1->L:4G-1)/(B:4G-1->L:1) is valid.
+ //
+ if ((Length > mMmMemLibInternalMaximumSupportAddress) ||
+ (Buffer > mMmMemLibInternalMaximumSupportAddress) ||
+ ((Length != 0) && (Buffer > (mMmMemLibInternalMaximumSupportAddress - (Length - 1)))) ) {
+ //
+ // Overflow happen
+ //
+ DEBUG ((
+ DEBUG_ERROR,
+ "MmIsBufferOutsideMmValid: Overflow: Buffer (0x%lx) - Length (0x%lx), MaximumSupportAddress (0x%lx)\n",
+ Buffer,
+ Length,
+ mMmMemLibInternalMaximumSupportAddress
+ ));
+ return FALSE;
+ }
+
+ for (Index = 0; Index < mMmMemLibInternalMmramCount; Index ++) {
+ if (((Buffer >= mMmMemLibInternalMmramRanges[Index].CpuStart) &&
+ (Buffer < mMmMemLibInternalMmramRanges[Index].CpuStart + mMmMemLibInternalMmramRanges[Index].PhysicalSize)) ||
+ ((mMmMemLibInternalMmramRanges[Index].CpuStart >= Buffer) &&
+ (mMmMemLibInternalMmramRanges[Index].CpuStart < Buffer + Length))) {
+ DEBUG ((
+ DEBUG_ERROR,
+ "MmIsBufferOutsideMmValid: Overlap: Buffer (0x%lx) - Length (0x%lx), ",
+ Buffer,
+ Length
+ ));
+ DEBUG ((
+ DEBUG_ERROR,
+ "CpuStart (0x%lx) - PhysicalSize (0x%lx)\n",
+ mMmMemLibInternalMmramRanges[Index].CpuStart,
+ mMmMemLibInternalMmramRanges[Index].PhysicalSize
+ ));
+ return FALSE;
+ }
+ }
+
+ return TRUE;
+}
+
+/**
+ Copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).
+
+ This function copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).
+ It checks if source buffer is valid per processor architecture and not overlap with MMRAM.
+ If the check passes, it copies memory and returns EFI_SUCCESS.
+ If the check fails, it return EFI_SECURITY_VIOLATION.
+ The implementation must be reentrant.
+
+ @param DestinationBuffer The pointer to the destination buffer of the memory copy.
+ @param SourceBuffer The pointer to the source buffer of the memory copy.
+ @param Length The number of bytes to copy from SourceBuffer to DestinationBuffer.
+
+ @retval EFI_SECURITY_VIOLATION The SourceBuffer is invalid per processor architecture or overlap with MMRAM.
+ @retval EFI_SUCCESS Memory is copied.
+
+**/
+EFI_STATUS
+EFIAPI
+MmCopyMemToMmram (
+ OUT VOID *DestinationBuffer,
+ IN CONST VOID *SourceBuffer,
+ IN UINTN Length
+ )
+{
+ if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)SourceBuffer, Length)) {
+ DEBUG ((DEBUG_ERROR, "MmCopyMemToMmram: Security Violation: Source (0x%x), Length (0x%x)\n", SourceBuffer, Length));
+ return EFI_SECURITY_VIOLATION;
+ }
+ CopyMem (DestinationBuffer, SourceBuffer, Length);
+ return EFI_SUCCESS;
+}
+
+/**
+ Copies a source buffer (MMRAM) to a destination buffer (NON-MMRAM).
+
+ This function copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).
+ It checks if destination buffer is valid per processor architecture and not overlap with MMRAM.
+ If the check passes, it copies memory and returns EFI_SUCCESS.
+ If the check fails, it returns EFI_SECURITY_VIOLATION.
+ The implementation must be reentrant.
+
+ @param DestinationBuffer The pointer to the destination buffer of the memory copy.
+ @param SourceBuffer The pointer to the source buffer of the memory copy.
+ @param Length The number of bytes to copy from SourceBuffer to DestinationBuffer.
+
+ @retval EFI_SECURITY_VIOLATION The DesinationBuffer is invalid per processor architecture or overlap with MMRAM.
+ @retval EFI_SUCCESS Memory is copied.
+
+**/
+EFI_STATUS
+EFIAPI
+MmCopyMemFromMmram (
+ OUT VOID *DestinationBuffer,
+ IN CONST VOID *SourceBuffer,
+ IN UINTN Length
+ )
+{
+ if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)DestinationBuffer, Length)) {
+ DEBUG ((DEBUG_ERROR, "MmCopyMemFromMmram: Security Violation: Destination (0x%x), Length (0x%x)\n",
+ DestinationBuffer, Length));
+ return EFI_SECURITY_VIOLATION;
+ }
+ CopyMem (DestinationBuffer, SourceBuffer, Length);
+ return EFI_SUCCESS;
+}
+
+/**
+ Copies a source buffer (NON-MMRAM) to a destination buffer (NON-MMRAM).
+
+ This function copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).
+ It checks if source buffer and destination buffer are valid per processor architecture and not overlap with MMRAM.
+ If the check passes, it copies memory and returns EFI_SUCCESS.
+ If the check fails, it returns EFI_SECURITY_VIOLATION.
+ The implementation must be reentrant, and it must handle the case where source buffer overlaps destination buffer.
+
+ @param DestinationBuffer The pointer to the destination buffer of the memory copy.
+ @param SourceBuffer The pointer to the source buffer of the memory copy.
+ @param Length The number of bytes to copy from SourceBuffer to DestinationBuffer.
+
+ @retval EFI_SECURITY_VIOLATION The DesinationBuffer is invalid per processor architecture or overlap with MMRAM.
+ @retval EFI_SECURITY_VIOLATION The SourceBuffer is invalid per processor architecture or overlap with MMRAM.
+ @retval EFI_SUCCESS Memory is copied.
+
+**/
+EFI_STATUS
+EFIAPI
+MmCopyMem (
+ OUT VOID *DestinationBuffer,
+ IN CONST VOID *SourceBuffer,
+ IN UINTN Length
+ )
+{
+ if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)DestinationBuffer, Length)) {
+ DEBUG ((DEBUG_ERROR, "MmCopyMem: Security Violation: Destination (0x%x), Length (0x%x)\n",
+ DestinationBuffer, Length));
+ return EFI_SECURITY_VIOLATION;
+ }
+ if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)SourceBuffer, Length)) {
+ DEBUG ((DEBUG_ERROR, "MmCopyMem: Security Violation: Source (0x%x), Length (0x%x)\n", SourceBuffer, Length));
+ return EFI_SECURITY_VIOLATION;
+ }
+ CopyMem (DestinationBuffer, SourceBuffer, Length);
+ return EFI_SUCCESS;
+}
+
+/**
+ Fills a target buffer (NON-MMRAM) with a byte value.
+
+ This function fills a target buffer (non-MMRAM) with a byte value.
+ It checks if target buffer is valid per processor architecture and not overlap with MMRAM.
+ If the check passes, it fills memory and returns EFI_SUCCESS.
+ If the check fails, it returns EFI_SECURITY_VIOLATION.
+
+ @param Buffer The memory to set.
+ @param Length The number of bytes to set.
+ @param Value The value with which to fill Length bytes of Buffer.
+
+ @retval EFI_SECURITY_VIOLATION The Buffer is invalid per processor architecture or overlap with MMRAM.
+ @retval EFI_SUCCESS Memory is set.
+
+**/
+EFI_STATUS
+EFIAPI
+MmSetMem (
+ OUT VOID *Buffer,
+ IN UINTN Length,
+ IN UINT8 Value
+ )
+{
+ if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)Buffer, Length)) {
+ DEBUG ((DEBUG_ERROR, "MmSetMem: Security Violation: Source (0x%x), Length (0x%x)\n", Buffer, Length));
+ return EFI_SECURITY_VIOLATION;
+ }
+ SetMem (Buffer, Length, Value);
+ return EFI_SUCCESS;
+}
+
+/**
+ The constructor function initializes the Mm Mem library
+
+ @param ImageHandle The firmware allocated handle for the EFI image.
+ @param SystemTable A pointer to the EFI System Table.
+
+ @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS.
+
+**/
+EFI_STATUS
+EFIAPI
+MemLibConstructor (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_MM_SYSTEM_TABLE *MmSystemTable
+ )
+{
+
+ //
+ // Calculate and save maximum support address
+ //
+ MmMemLibInternalCalculateMaximumSupportAddress ();
+
+ return EFI_SUCCESS;
+}
|