Revision: 17673
http://sourceforge.net/p/edk2/code/17673
Author: zwei4
Date: 2015-06-19 08:56:14 +0000 (Fri, 19 Jun 2015)
Log Message:
-----------
Fixed potential security issue introduced by SmramCpuNvs variable.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Shifei Lu <[email protected]>
Reviewed-by: David Wei <[email protected]>
Modified Paths:
--------------
branches/UDK2014.SP1/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc
branches/UDK2014.SP1/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
branches/UDK2014.SP1/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
branches/UDK2014.SP1/Vlv2TbltDevicePkg/SmramSaveInfoHandlerSmm/SmramSaveInfoHandlerSmm.c
branches/UDK2014.SP1/Vlv2TbltDevicePkg/SmramSaveInfoHandlerSmm/SmramSaveInfoHandlerSmm.inf
Modified: branches/UDK2014.SP1/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc
===================================================================
--- branches/UDK2014.SP1/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc
2015-06-19 08:27:35 UTC (rev 17672)
+++ branches/UDK2014.SP1/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc
2015-06-19 08:56:14 UTC (rev 17673)
@@ -872,6 +872,9 @@
gEfiCpuTokenSpaceGuid.PcdCpuHotPlugDataAddress|0
gEfiCpuTokenSpaceGuid.PcdCpuCallbackSignal|0
gEfiCpuTokenSpaceGuid.PcdCpuConfigContextBuffer|0
+ gEfiVLVTokenSpaceGuid.PcdCpuLockBoxDataAddress|0
+ gEfiVLVTokenSpaceGuid.PcdCpuSmramCpuDataAddress|0
+ gEfiVLVTokenSpaceGuid.PcdCpuLockBoxSize|0
[Components.IA32]
Modified: branches/UDK2014.SP1/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
===================================================================
--- branches/UDK2014.SP1/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc 2015-06-19
08:27:35 UTC (rev 17672)
+++ branches/UDK2014.SP1/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc 2015-06-19
08:56:14 UTC (rev 17673)
@@ -874,6 +874,9 @@
gEfiCpuTokenSpaceGuid.PcdCpuHotPlugDataAddress|0
gEfiCpuTokenSpaceGuid.PcdCpuCallbackSignal|0
gEfiCpuTokenSpaceGuid.PcdCpuConfigContextBuffer|0
+ gEfiVLVTokenSpaceGuid.PcdCpuLockBoxDataAddress|0
+ gEfiVLVTokenSpaceGuid.PcdCpuSmramCpuDataAddress|0
+ gEfiVLVTokenSpaceGuid.PcdCpuLockBoxSize|0
[Components.IA32]
Modified: branches/UDK2014.SP1/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
===================================================================
--- branches/UDK2014.SP1/Vlv2TbltDevicePkg/PlatformPkgX64.dsc 2015-06-19
08:27:35 UTC (rev 17672)
+++ branches/UDK2014.SP1/Vlv2TbltDevicePkg/PlatformPkgX64.dsc 2015-06-19
08:56:14 UTC (rev 17673)
@@ -874,6 +874,9 @@
gEfiCpuTokenSpaceGuid.PcdCpuHotPlugDataAddress|0
gEfiCpuTokenSpaceGuid.PcdCpuCallbackSignal|0
gEfiCpuTokenSpaceGuid.PcdCpuConfigContextBuffer|0
+ gEfiVLVTokenSpaceGuid.PcdCpuLockBoxDataAddress|0
+ gEfiVLVTokenSpaceGuid.PcdCpuSmramCpuDataAddress|0
+ gEfiVLVTokenSpaceGuid.PcdCpuLockBoxSize|0
[Components.IA32]
Modified:
branches/UDK2014.SP1/Vlv2TbltDevicePkg/SmramSaveInfoHandlerSmm/SmramSaveInfoHandlerSmm.c
===================================================================
---
branches/UDK2014.SP1/Vlv2TbltDevicePkg/SmramSaveInfoHandlerSmm/SmramSaveInfoHandlerSmm.c
2015-06-19 08:27:35 UTC (rev 17672)
+++
branches/UDK2014.SP1/Vlv2TbltDevicePkg/SmramSaveInfoHandlerSmm/SmramSaveInfoHandlerSmm.c
2015-06-19 08:56:14 UTC (rev 17673)
@@ -3,7 +3,7 @@
This driver is for ECP platforms.
- Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available
under
@@ -36,6 +36,7 @@
#include <Protocol/SmmSwDispatch.h>
#include <Protocol/SmmReadyToLock.h>
#include <Protocol/SmmControl.h>
+#include <Guid/Vlv2DeviceRefCodePkgTokenSpace.h>
#define SMM_FROM_SMBASE_DRIVER 0x55
#define SMM_FROM_CPU_DRIVER_SAVE_INFO 0x81
@@ -70,29 +71,15 @@
IN EFI_SMM_SW_DISPATCH_CONTEXT *DispatchContext
)
{
- EFI_STATUS Status;
- UINT64 VarData[3];
- UINTN VarSize;
-
ASSERT (DispatchContext != NULL);
ASSERT (DispatchContext->SwSmiInputValue == SMM_FROM_SMBASE_DRIVER);
if (!mLocked && IoRead8 (mSmiDataRegister) == SMM_FROM_CPU_DRIVER_SAVE_INFO)
{
- VarSize = sizeof (VarData);
- Status = gRT->GetVariable (
- L"SmramCpuNvs",
- &mSmramCpuNvsHeaderGuid,
- NULL,
- &VarSize,
- VarData
- );
- if (!EFI_ERROR (Status) && VarSize == sizeof (VarData)) {
CopyMem (
- (VOID *)(UINTN)(VarData[0]),
- (VOID *)(UINTN)(VarData[1]),
- (UINTN)(VarData[2])
+ (VOID *)(UINTN)(PcdGetEx64 (&gEfiVLVTokenSpaceGuid,
PcdCpuLockBoxDataAddress)),
+ (VOID *)(UINTN)(PcdGetEx64 (&gEfiVLVTokenSpaceGuid,
PcdCpuSmramCpuDataAddress)),
+ (UINTN)(PcdGetEx64 (&gEfiVLVTokenSpaceGuid, PcdCpuLockBoxSize))
);
- }
}
}
Modified:
branches/UDK2014.SP1/Vlv2TbltDevicePkg/SmramSaveInfoHandlerSmm/SmramSaveInfoHandlerSmm.inf
===================================================================
---
branches/UDK2014.SP1/Vlv2TbltDevicePkg/SmramSaveInfoHandlerSmm/SmramSaveInfoHandlerSmm.inf
2015-06-19 08:27:35 UTC (rev 17672)
+++
branches/UDK2014.SP1/Vlv2TbltDevicePkg/SmramSaveInfoHandlerSmm/SmramSaveInfoHandlerSmm.inf
2015-06-19 08:56:14 UTC (rev 17673)
@@ -2,7 +2,7 @@
#
# A helper driver to save information to SMRAM after SMRR is enabled.
#
-# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials are licensed and made available
under
@@ -48,6 +48,7 @@
[Packages]
MdePkg/MdePkg.dec
IntelFrameworkPkg/IntelFrameworkPkg.dec
+ Vlv2DeviceRefCodePkg/Vlv2DeviceRefCodePkg.dec
[LibraryClasses]
UefiDriverEntryPoint
@@ -62,6 +63,11 @@
gEfiSmmControlProtocolGuid ## CONSUMED
gEfiSmmReadyToLockProtocolGuid ## CONSUMED
+[Pcd.common]
+ gEfiVLVTokenSpaceGuid.PcdCpuLockBoxDataAddress
+ gEfiVLVTokenSpaceGuid.PcdCpuSmramCpuDataAddress
+ gEfiVLVTokenSpaceGuid.PcdCpuLockBoxSize
+
[Depex]
gEfiSmmSwDispatchProtocolGuid AND
gEfiSmmControlProtocolGuid
------------------------------------------------------------------------------
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
