Re: [edk2-devel] [PATCH 5/5] UefiCpuPkg: Uninstall EFI_SMM_CONFIGURATION_PROTOCOL at end of Dxe.

Tue, 16 Jun 2020 08:07:17 -0700 

On 06/16/20 11:04, Zhiguang Liu wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2317
> To avoid leaking information from SMM, uninstall
> EFI_SMM_CONFIGURATION_PROTOCOL at end of Dxe.
> 
> Cc: Eric Dong <eric.d...@intel.com>
> Cc: Ray Ni <ray...@intel.com>
> Cc: Laszlo Ersek <ler...@redhat.com>
> Cc: Rahul Kumar <rahul1.ku...@intel.com>
> Signed-off-by: Zhiguang Liu <zhiguang....@intel.com>
> ---
>  UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c   | 37 
> +++++++++++++++++++++++++++++++++++++
>  UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf |  1 +
>  2 files changed, 38 insertions(+)
> 
> diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c 
> b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
> index db68e1316e..a1b209e125 100644
> --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
> +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
> @@ -520,6 +520,33 @@ SmmReadyToLockEventNotify (
>    return EFI_SUCCESS;
>  }
>  
> +/**
> +  SMM End of Dxe event notification handler.
> +
> +  To avoid leaking information from SMM, uninstall 
> EFI_SMM_CONFIGURATION_PROTOCOL
> +  at end of Dxe.
> +
> +  @param[in] Protocol   Points to the protocol's unique identifier.
> +  @param[in] Interface  Points to the interface instance.
> +  @param[in] Handle     The handle on which the interface was installed.
> +
> +  @retval EFI_SUCCESS   Notification handler runs successfully.
> + **/
> +EFI_STATUS
> +EFIAPI
> +SmmEndOfDxeNotify (
> +  IN CONST EFI_GUID  *Protocol,
> +  IN VOID            *Interface,
> +  IN EFI_HANDLE      Handle
> +  )
> +{
> +  gBS->UninstallProtocolInterface (
> +         gSmmCpuPrivate->SmmCpuHandle,
> +         &gEfiSmmConfigurationProtocolGuid, &gSmmCpuPrivate->SmmConfiguration
> +         );
> +  return EFI_SUCCESS;
> +}

(1) I suggest setting "gSmmCpuPrivate->SmmCpuHandle" to NULL here.

(2) I also suggest de-registering the gEfiSmmEndOfDxeProtocolGuid
notification.

Thanks
Laszlo

> +
>  /**
>    The module Entry Point of the CPU SMM driver.
>  
> @@ -1038,6 +1065,16 @@ PiCpuSmmEntry (
>                      );
>    ASSERT_EFI_ERROR (Status);
>  
> +  //
> +  // register SMM End of Dxe notification
> +  //
> +  Status = gSmst->SmmRegisterProtocolNotify (
> +                    &gEfiSmmEndOfDxeProtocolGuid,
> +                    SmmEndOfDxeNotify,
> +                    &Registration
> +                    );
> +  ASSERT_EFI_ERROR (Status);
> +
>    //
>    // Initialize SMM Profile feature
>    //
> diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf 
> b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
> index 76b1462996..bb994814d6 100644
> --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
> +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
> @@ -105,6 +105,7 @@
>    gEfiSmmConfigurationProtocolGuid         ## PRODUCES
>    gEfiSmmCpuProtocolGuid                   ## PRODUCES
>    gEfiSmmReadyToLockProtocolGuid           ## NOTIFY
> +  gEfiSmmEndOfDxeProtocolGuid              ## NOTIFY
>    gEfiSmmCpuServiceProtocolGuid            ## PRODUCES
>    gEdkiiSmmMemoryAttributeProtocolGuid     ## PRODUCES
>    gEfiMmMpProtocolGuid                    ## PRODUCES
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#61339): https://edk2.groups.io/g/devel/message/61339
Mute This Topic: https://groups.io/mt/74912556/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to