4 files changed, 508 insertions, 0 deletions

diff --git a/StandaloneMmPkg/Include/Library/StandaloneMmMemLib.h b/StandaloneMmPkg/Include/Library/StandaloneMmMemLib.h
new file mode 100644
index 0000000000..8e3f2801aa
--- /dev/null
+++ b/StandaloneMmPkg/Include/Library/StandaloneMmMemLib.h
@@ -0,0 +1,140 @@
+/** @file

+  Provides services for MM Memory Operation.

+

+  The MM Mem Library provides function for checking if buffer is outside MMRAM and valid.

+  It also provides functions for copy data from MMRAM to non-MMRAM, from non-MMRAM to MMRAM,

+  from non-MMRAM to non-MMRAM, or set data in non-MMRAM.

+

+  Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>

+  Copyright (c) 2016 - 2018, ARM Limited. All rights reserved.<BR>

+

+  This program and the accompanying materials

+  are licensed and made available under the terms and conditions of the BSD License

+  which accompanies this distribution.  The full text of the license may be found at

+  http://opensource.org/licenses/bsd-license.php

+

+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

+

+**/

+

+#ifndef _MM_MEM_LIB_H_

+#define _MM_MEM_LIB_H_

+

+/**

+  This function check if the buffer is valid per processor architecture and not overlap with MMRAM.

+

+  @param Buffer  The buffer start address to be checked.

+  @param Length  The buffer length to be checked.

+

+  @retval TRUE  This buffer is valid per processor architecture and not overlap with MMRAM.

+  @retval FALSE This buffer is not valid per processor architecture or overlap with MMRAM.

+**/

+BOOLEAN

+EFIAPI

+MmIsBufferOutsideMmValid (

+  IN EFI_PHYSICAL_ADDRESS  Buffer,

+  IN UINT64                Length

+  );

+

+/**

+  Copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).

+

+  This function copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).

+  It checks if source buffer is valid per processor architecture and not overlap with MMRAM.

+  If the check passes, it copies memory and returns EFI_SUCCESS.

+  If the check fails, it return EFI_SECURITY_VIOLATION.

+  The implementation must be reentrant.

+

+  @param  DestinationBuffer   The pointer to the destination buffer of the memory copy.

+  @param  SourceBuffer        The pointer to the source buffer of the memory copy.

+  @param  Length              The number of bytes to copy from SourceBuffer to DestinationBuffer.

+

+  @retval EFI_SECURITY_VIOLATION The SourceBuffer is invalid per processor architecture or overlap with MMRAM.

+  @retval EFI_SUCCESS            Memory is copied.

+

+**/

+EFI_STATUS

+EFIAPI

+MmCopyMemToMmram (

+  OUT VOID       *DestinationBuffer,

+  IN CONST VOID  *SourceBuffer,

+  IN UINTN       Length

+  );

+

+/**

+  Copies a source buffer (MMRAM) to a destination buffer (NON-MMRAM).

+

+  This function copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).

+  It checks if destination buffer is valid per processor architecture and not overlap with MMRAM.

+  If the check passes, it copies memory and returns EFI_SUCCESS.

+  If the check fails, it returns EFI_SECURITY_VIOLATION.

+  The implementation must be reentrant.

+

+  @param  DestinationBuffer   The pointer to the destination buffer of the memory copy.

+  @param  SourceBuffer        The pointer to the source buffer of the memory copy.

+  @param  Length              The number of bytes to copy from SourceBuffer to DestinationBuffer.

+

+  @retval EFI_SECURITY_VIOLATION The DesinationBuffer is invalid per processor architecture or overlap with MMRAM.

+  @retval EFI_SUCCESS            Memory is copied.

+

+**/

+EFI_STATUS

+EFIAPI

+MmCopyMemFromMmram (

+  OUT VOID       *DestinationBuffer,

+  IN CONST VOID  *SourceBuffer,

+  IN UINTN       Length

+  );

+

+/**

+  Copies a source buffer (NON-MMRAM) to a destination buffer (NON-MMRAM).

+

+  This function copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).

+  It checks if source buffer and destination buffer are valid per processor architecture and not overlap with MMRAM.

+  If the check passes, it copies memory and returns EFI_SUCCESS.

+  If the check fails, it returns EFI_SECURITY_VIOLATION.

+  The implementation must be reentrant, and it must handle the case where source buffer overlaps destination buffer.

+

+  @param  DestinationBuffer   The pointer to the destination buffer of the memory copy.

+  @param  SourceBuffer        The pointer to the source buffer of the memory copy.

+  @param  Length              The number of bytes to copy from SourceBuffer to DestinationBuffer.

+

+  @retval EFI_SECURITY_VIOLATION The DesinationBuffer is invalid per processor architecture or overlap with MMRAM.

+  @retval EFI_SECURITY_VIOLATION The SourceBuffer is invalid per processor architecture or overlap with MMRAM.

+  @retval EFI_SUCCESS            Memory is copied.

+

+**/

+EFI_STATUS

+EFIAPI

+MmCopyMem (

+  OUT VOID       *DestinationBuffer,

+  IN CONST VOID  *SourceBuffer,

+  IN UINTN       Length

+  );

+

+/**

+  Fills a target buffer (NON-MMRAM) with a byte value.

+

+  This function fills a target buffer (non-MMRAM) with a byte value.

+  It checks if target buffer is valid per processor architecture and not overlap with MMRAM.

+  If the check passes, it fills memory and returns EFI_SUCCESS.

+  If the check fails, it returns EFI_SECURITY_VIOLATION.

+

+  @param  Buffer    The memory to set.

+  @param  Length    The number of bytes to set.

+  @param  Value     The value with which to fill Length bytes of Buffer.

+

+  @retval EFI_SECURITY_VIOLATION The Buffer is invalid per processor architecture or overlap with MMRAM.

+  @retval EFI_SUCCESS            Memory is set.

+

+**/

+EFI_STATUS

+EFIAPI

+MmSetMem (

+  OUT VOID  *Buffer,

+  IN UINTN  Length,

+  IN UINT8  Value

+  );

+

+#endif

diff --git a/StandaloneMmPkg/Library/StandaloneMmMemLib/AArch64/StandaloneMmMemLibInternal.c b/StandaloneMmPkg/Library/StandaloneMmMemLib/AArch64/StandaloneMmMemLibInternal.c
new file mode 100644
index 0000000000..b3a586142c
--- /dev/null
+++ b/StandaloneMmPkg/Library/StandaloneMmMemLib/AArch64/StandaloneMmMemLibInternal.c
@@ -0,0 +1,49 @@
+/** @file

+  Internal ARCH Specific file of MM memory check library.

+

+  MM memory check library implementation. This library consumes MM_ACCESS_PROTOCOL

+  to get MMRAM information. In order to use this library instance, the platform should produce

+  all MMRAM range via MM_ACCESS_PROTOCOL, including the range for firmware (like MM Core

+  and MM driver) and/or specific dedicated hardware.

+

+  Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>

+  Copyright (c) 2016 - 2018, ARM Limited. All rights reserved.<BR>

+

+  This program and the accompanying materials

+  are licensed and made available under the terms and conditions of the BSD License

+  which accompanies this distribution.  The full text of the license may be found at

+  http://opensource.org/licenses/bsd-license.php

+

+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

+

+**/

+#include <Library/BaseLib.h>

+#include <Library/BaseMemoryLib.h>

+#include <Library/DebugLib.h>

+//

+// Maximum support address used to check input buffer

+//

+extern EFI_PHYSICAL_ADDRESS  mMmMemLibInternalMaximumSupportAddress;

+

+/**

+  Calculate and save the maximum support address.

+

+**/

+VOID

+MmMemLibInternalCalculateMaximumSupportAddress (

+  VOID

+  )

+{

+  UINT8        PhysicalAddressBits;

+

+  PhysicalAddressBits = 36;

+

+  //

+  // Save the maximum support address in one global variable

+  //

+  mMmMemLibInternalMaximumSupportAddress = (EFI_PHYSICAL_ADDRESS)(UINTN)(LShiftU64 (1, PhysicalAddressBits) - 1);

+  DEBUG ((DEBUG_INFO, "mMmMemLibInternalMaximumSupportAddress = 0x%lx\n", mMmMemLibInternalMaximumSupportAddress));

+}

+

+

diff --git a/StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.c b/StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.c
new file mode 100644
index 0000000000..ba1a57df96
--- /dev/null
+++ b/StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.c
@@ -0,0 +1,269 @@
+/** @file

+  Instance of MM memory check library.

+

+  MM memory check library library implementation. This library consumes MM_ACCESS_PROTOCOL

+  to get MMRAM information. In order to use this library instance, the platform should produce

+  all MMRAM range via MM_ACCESS_PROTOCOL, including the range for firmware (like MM Core

+  and MM driver) and/or specific dedicated hardware.

+

+  Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>

+  Copyright (c) 2016 - 2018, ARM Limited. All rights reserved.<BR>

+

+  This program and the accompanying materials

+  are licensed and made available under the terms and conditions of the BSD License

+  which accompanies this distribution.  The full text of the license may be found at

+  http://opensource.org/licenses/bsd-license.php

+

+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

+

+**/

+

+

+#include <PiMm.h>

+

+#include <Library/BaseLib.h>

+#include <Library/BaseMemoryLib.h>

+#include <Library/DebugLib.h>

+

+EFI_MMRAM_DESCRIPTOR *mMmMemLibInternalMmramRanges;

+UINTN                mMmMemLibInternalMmramCount;

+

+//

+// Maximum support address used to check input buffer

+//

+EFI_PHYSICAL_ADDRESS  mMmMemLibInternalMaximumSupportAddress = 0;

+

+/**

+  Calculate and save the maximum support address.

+

+**/

+VOID

+MmMemLibInternalCalculateMaximumSupportAddress (

+  VOID

+  );

+

+/**

+  This function check if the buffer is valid per processor architecture and not overlap with MMRAM.

+

+  @param Buffer  The buffer start address to be checked.

+  @param Length  The buffer length to be checked.

+

+  @retval TRUE  This buffer is valid per processor architecture and not overlap with MMRAM.

+  @retval FALSE This buffer is not valid per processor architecture or overlap with MMRAM.

+**/

+BOOLEAN

+EFIAPI

+MmIsBufferOutsideMmValid (

+  IN EFI_PHYSICAL_ADDRESS  Buffer,

+  IN UINT64                Length

+  )

+{

+  UINTN  Index;

+

+  //

+  // Check override.

+  // NOTE: (B:0->L:4G) is invalid for IA32, but (B:1->L:4G-1)/(B:4G-1->L:1) is valid.

+  //

+  if ((Length > mMmMemLibInternalMaximumSupportAddress) ||

+      (Buffer > mMmMemLibInternalMaximumSupportAddress) ||

+      ((Length != 0) && (Buffer > (mMmMemLibInternalMaximumSupportAddress - (Length - 1)))) ) {

+    //

+    // Overflow happen

+    //

+    DEBUG ((

+      DEBUG_ERROR,

+      "MmIsBufferOutsideMmValid: Overflow: Buffer (0x%lx) - Length (0x%lx), MaximumSupportAddress (0x%lx)\n",

+      Buffer,

+      Length,

+      mMmMemLibInternalMaximumSupportAddress

+      ));

+    return FALSE;

+  }

+

+  for (Index = 0; Index < mMmMemLibInternalMmramCount; Index ++) {

+    if (((Buffer >= mMmMemLibInternalMmramRanges[Index].CpuStart) &&

+         (Buffer < mMmMemLibInternalMmramRanges[Index].CpuStart + mMmMemLibInternalMmramRanges[Index].PhysicalSize)) ||

+        ((mMmMemLibInternalMmramRanges[Index].CpuStart >= Buffer) &&

+         (mMmMemLibInternalMmramRanges[Index].CpuStart < Buffer + Length))) {

+      DEBUG ((

+        DEBUG_ERROR,

+        "MmIsBufferOutsideMmValid: Overlap: Buffer (0x%lx) - Length (0x%lx), ",

+        Buffer,

+        Length

+        ));

+      DEBUG ((

+        DEBUG_ERROR,

+        "CpuStart (0x%lx) - PhysicalSize (0x%lx)\n",

+        mMmMemLibInternalMmramRanges[Index].CpuStart,

+        mMmMemLibInternalMmramRanges[Index].PhysicalSize

+        ));

+      return FALSE;

+    }

+  }

+

+  return TRUE;

+}

+

+/**

+  Copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).

+

+  This function copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).

+  It checks if source buffer is valid per processor architecture and not overlap with MMRAM.

+  If the check passes, it copies memory and returns EFI_SUCCESS.

+  If the check fails, it return EFI_SECURITY_VIOLATION.

+  The implementation must be reentrant.

+

+  @param  DestinationBuffer   The pointer to the destination buffer of the memory copy.

+  @param  SourceBuffer        The pointer to the source buffer of the memory copy.

+  @param  Length              The number of bytes to copy from SourceBuffer to DestinationBuffer.

+

+  @retval EFI_SECURITY_VIOLATION The SourceBuffer is invalid per processor architecture or overlap with MMRAM.

+  @retval EFI_SUCCESS            Memory is copied.

+

+**/

+EFI_STATUS

+EFIAPI

+MmCopyMemToMmram (

+  OUT VOID       *DestinationBuffer,

+  IN CONST VOID  *SourceBuffer,

+  IN UINTN       Length

+  )

+{

+  if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)SourceBuffer, Length)) {

+    DEBUG ((DEBUG_ERROR, "MmCopyMemToMmram: Security Violation: Source (0x%x), Length (0x%x)\n", SourceBuffer, Length));

+    return EFI_SECURITY_VIOLATION;

+  }

+  CopyMem (DestinationBuffer, SourceBuffer, Length);

+  return EFI_SUCCESS;

+}

+

+/**

+  Copies a source buffer (MMRAM) to a destination buffer (NON-MMRAM).

+

+  This function copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).

+  It checks if destination buffer is valid per processor architecture and not overlap with MMRAM.

+  If the check passes, it copies memory and returns EFI_SUCCESS.

+  If the check fails, it returns EFI_SECURITY_VIOLATION.

+  The implementation must be reentrant.

+

+  @param  DestinationBuffer   The pointer to the destination buffer of the memory copy.

+  @param  SourceBuffer        The pointer to the source buffer of the memory copy.

+  @param  Length              The number of bytes to copy from SourceBuffer to DestinationBuffer.

+

+  @retval EFI_SECURITY_VIOLATION The DesinationBuffer is invalid per processor architecture or overlap with MMRAM.

+  @retval EFI_SUCCESS            Memory is copied.

+

+**/

+EFI_STATUS

+EFIAPI

+MmCopyMemFromMmram (

+  OUT VOID       *DestinationBuffer,

+  IN CONST VOID  *SourceBuffer,

+  IN UINTN       Length

+  )

+{

+  if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)DestinationBuffer, Length)) {

+    DEBUG ((DEBUG_ERROR, "MmCopyMemFromMmram: Security Violation: Destination (0x%x), Length (0x%x)\n",

+            DestinationBuffer, Length));

+    return EFI_SECURITY_VIOLATION;

+  }

+  CopyMem (DestinationBuffer, SourceBuffer, Length);

+  return EFI_SUCCESS;

+}

+

+/**

+  Copies a source buffer (NON-MMRAM) to a destination buffer (NON-MMRAM).

+

+  This function copies a source buffer (non-MMRAM) to a destination buffer (MMRAM).

+  It checks if source buffer and destination buffer are valid per processor architecture and not overlap with MMRAM.

+  If the check passes, it copies memory and returns EFI_SUCCESS.

+  If the check fails, it returns EFI_SECURITY_VIOLATION.

+  The implementation must be reentrant, and it must handle the case where source buffer overlaps destination buffer.

+

+  @param  DestinationBuffer   The pointer to the destination buffer of the memory copy.

+  @param  SourceBuffer        The pointer to the source buffer of the memory copy.

+  @param  Length              The number of bytes to copy from SourceBuffer to DestinationBuffer.

+

+  @retval EFI_SECURITY_VIOLATION The DesinationBuffer is invalid per processor architecture or overlap with MMRAM.

+  @retval EFI_SECURITY_VIOLATION The SourceBuffer is invalid per processor architecture or overlap with MMRAM.

+  @retval EFI_SUCCESS            Memory is copied.

+

+**/

+EFI_STATUS

+EFIAPI

+MmCopyMem (

+  OUT VOID       *DestinationBuffer,

+  IN CONST VOID  *SourceBuffer,

+  IN UINTN       Length

+  )

+{

+  if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)DestinationBuffer, Length)) {

+    DEBUG ((DEBUG_ERROR, "MmCopyMem: Security Violation: Destination (0x%x), Length (0x%x)\n",

+            DestinationBuffer, Length));

+    return EFI_SECURITY_VIOLATION;

+  }

+  if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)SourceBuffer, Length)) {

+    DEBUG ((DEBUG_ERROR, "MmCopyMem: Security Violation: Source (0x%x), Length (0x%x)\n", SourceBuffer, Length));

+    return EFI_SECURITY_VIOLATION;

+  }

+  CopyMem (DestinationBuffer, SourceBuffer, Length);

+  return EFI_SUCCESS;

+}

+

+/**

+  Fills a target buffer (NON-MMRAM) with a byte value.

+

+  This function fills a target buffer (non-MMRAM) with a byte value.

+  It checks if target buffer is valid per processor architecture and not overlap with MMRAM.

+  If the check passes, it fills memory and returns EFI_SUCCESS.

+  If the check fails, it returns EFI_SECURITY_VIOLATION.

+

+  @param  Buffer    The memory to set.

+  @param  Length    The number of bytes to set.

+  @param  Value     The value with which to fill Length bytes of Buffer.

+

+  @retval EFI_SECURITY_VIOLATION The Buffer is invalid per processor architecture or overlap with MMRAM.

+  @retval EFI_SUCCESS            Memory is set.

+

+**/

+EFI_STATUS

+EFIAPI

+MmSetMem (

+  OUT VOID  *Buffer,

+  IN UINTN  Length,

+  IN UINT8  Value

+  )

+{

+  if (!MmIsBufferOutsideMmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)Buffer, Length)) {

+    DEBUG ((DEBUG_ERROR, "MmSetMem: Security Violation: Source (0x%x), Length (0x%x)\n", Buffer, Length));

+    return EFI_SECURITY_VIOLATION;

+  }

+  SetMem (Buffer, Length, Value);

+  return EFI_SUCCESS;

+}

+

+/**

+  The constructor function initializes the Mm Mem library

+

+  @param  ImageHandle   The firmware allocated handle for the EFI image.

+  @param  SystemTable   A pointer to the EFI System Table.

+

+  @retval EFI_SUCCESS   The constructor always returns EFI_SUCCESS.

+

+**/

+EFI_STATUS

+EFIAPI

+MemLibConstructor (

+  IN EFI_HANDLE             ImageHandle,

+  IN EFI_MM_SYSTEM_TABLE    *MmSystemTable

+  )

+{

+

+  //

+  // Calculate and save maximum support address

+  //

+  MmMemLibInternalCalculateMaximumSupportAddress ();

+

+  return EFI_SUCCESS;

+}

diff --git a/StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.inf b/StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.inf
new file mode 100644
index 0000000000..db1041c503
--- /dev/null
+++ b/StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.inf
@@ -0,0 +1,50 @@
+## @file

+#  Instance of MM memory check library.

+#

+#  MM memory check library library implementation. This library consumes MM_ACCESS_PROTOCOL

+#  to get MMRAM information. In order to use this library instance, the platform should produce

+#  all MMRAM range via MM_ACCESS_PROTOCOL, including the range for firmware (like MM Core

+#  and MM driver) and/or specific dedicated hardware.

+#

+#  Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>

+#  Copyright (c) 2016 - 2018, ARM Limited. All rights reserved.<BR>

+#

+#  This program and the accompanying materials

+#  are licensed and made available under the terms and conditions of the BSD License

+#  which accompanies this distribution.  The full text of the license may be found at

+#  http://opensource.org/licenses/bsd-license.php

+#

+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

+#

+##

+

+[Defines]

+  INF_VERSION                    = 0x0001001A

+  BASE_NAME                      = MemLib

+  FILE_GUID                      = EA355F14-6409-4716-829F-37B3BC7C7F26

+  MODULE_TYPE                    = MM_STANDALONE

+  VERSION_STRING                 = 1.0

+  PI_SPECIFICATION_VERSION       = 0x00010032

+  LIBRARY_CLASS                  = MemLib|MM_STANDALONE MM_CORE_STANDALONE

+  CONSTRUCTOR                    = MemLibConstructor

+

+#

+# The following information is for reference only and not required by the build tools.

+#

+#  VALID_ARCHITECTURES           = AARCH64

+#

+

+[Sources.Common]

+  StandaloneMmMemLib.c

+

+[Sources.AARCH64]

+  AArch64/StandaloneMmMemLibInternal.c

+

+[Packages]

+  MdePkg/MdePkg.dec

+  StandaloneMmPkg/StandaloneMmPkg.dec

+

+[LibraryClasses]

+  BaseMemoryLib

+  DebugLib