meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0032-smm_gateway-add-checks-for-null-attributes.patch - openbmc/openbmc - Gitiles

 From 571ddac16048dfba4b25b04fe5cbd706c392b5ba Mon Sep 17 00:00:00 2001
 From: Vishnu Banavath <vishnu.banavath@arm.com>
 Date: Fri, 24 Dec 2021 19:17:17 +0000
 Subject: [PATCH] smm_gateway: add checks for null attributes

 As par EDK-2 and EDK-2 test code, when a user issue's
 setVariable() with 0 in attributes field, it means a variable
 delete request. Currently, smm gatway doesn't handle this scenario.
 This change is to add that support

 Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>

 Upstream-Status: Pending [Not submitted to upstream yet]
 Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>


 ---
  .../backend/uefi_variable_store.c             | 28 ++++++++++++-------
  1 file changed, 18 insertions(+), 10 deletions(-)

 diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c
 index a57b3346..e8771c21 100644
 --- a/components/service/smm_variable/backend/uefi_variable_store.c
 +++ b/components/service/smm_variable/backend/uefi_variable_store.c
 @@ -167,7 +167,9 @@ efi_status_t uefi_variable_store_set_variable(
  	* EFI_VARIABLE_RUNTIME_ACCESS set must also have EFI_VARIABLE_BOOTSERVICE_ACCESS set.
  	* The caller is responsible for following this rule.
  	*/
 -	if((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS))
 +	if (!var->Attributes)
 +		EMSG("It might be a delete variable request\n");
 +	else if((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS))
  	{
  			if((var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) != EFI_VARIABLE_BOOTSERVICE_ACCESS )
  			return EFI_INVALID_PARAMETER;
 @@ -191,7 +193,7 @@ efi_status_t uefi_variable_store_set_variable(
  				(var->Attributes & EFI_VARIABLE_NON_VOLATILE) ||
  				(info->is_variable_set && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE));

 -			if (var->DataSize) {
 +			if (var->DataSize && var->Attributes) {

  				/* It's a set rather than a remove operation */
  				variable_index_update_variable(
 @@ -206,7 +208,9 @@ efi_status_t uefi_variable_store_set_variable(
  				 * that it's never possible for an object to exist within
  				 * the storage backend without a corresponding index entry.
  				 */
 -				remove_variable_data(context, info);
 +				EMSG("  deleting variable %s \n",var->Name);
 +				if (remove_variable_data(context, info) != PSA_SUCCESS)
 +					EMSG("  deleting variable %s FAILED\n",var->Name);
  				variable_index_remove_variable(&context->variable_index, info);

  				/* Variable info no longer valid */
 @@ -587,14 +591,18 @@ static efi_status_t check_access_permitted_on_set(
  	}

  	if ((status == EFI_SUCCESS) && var->DataSize) {
 -
 +		/* Delete the variable with Attributes is 0 */
 +		if (!var->Attributes) {
 +			EMSG("Null attributes, may be a delete variable request\n");
 +			status = EFI_SUCCESS;
 +		}
  		/* Restrict which attributes can be modified for an existing variable */
 -        if (((var->Attributes & EFI_VARIABLE_NON_VOLATILE) !=
 -            (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) ||
 -            ((var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) !=
 -            (info->metadata.attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)) ||
 -            ((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) !=
 -            (info->metadata.attributes & EFI_VARIABLE_RUNTIME_ACCESS))) {
 +		else if (((var->Attributes & EFI_VARIABLE_NON_VOLATILE) !=
 +			(info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) ||
 +			((var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) !=
 +			(info->metadata.attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)) ||
 +			((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) !=
 +			(info->metadata.attributes & EFI_VARIABLE_RUNTIME_ACCESS))) {
  			/* Don't permit change of attributes */
  			status = EFI_INVALID_PARAMETER;
  		}
	From 571ddac16048dfba4b25b04fe5cbd706c392b5ba Mon Sep 17 00:00:00 2001
	From: Vishnu Banavath <vishnu.banavath@arm.com>
	Date: Fri, 24 Dec 2021 19:17:17 +0000
	Subject: [PATCH] smm_gateway: add checks for null attributes

	As par EDK-2 and EDK-2 test code, when a user issue's
	setVariable() with 0 in attributes field, it means a variable
	delete request. Currently, smm gatway doesn't handle this scenario.
	This change is to add that support

	Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>

	Upstream-Status: Pending [Not submitted to upstream yet]
	Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>


	---
	.../backend/uefi_variable_store.c \| 28 ++++++++++++-------
	1 file changed, 18 insertions(+), 10 deletions(-)

	diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c
	index a57b3346..e8771c21 100644
	--- a/components/service/smm_variable/backend/uefi_variable_store.c
	+++ b/components/service/smm_variable/backend/uefi_variable_store.c
	@@ -167,7 +167,9 @@ efi_status_t uefi_variable_store_set_variable(
	* EFI_VARIABLE_RUNTIME_ACCESS set must also have EFI_VARIABLE_BOOTSERVICE_ACCESS set.
	* The caller is responsible for following this rule.
	*/
	- if((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS))
	+ if (!var->Attributes)
	+ EMSG("It might be a delete variable request\n");
	+ else if((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS))
	{
	if((var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) != EFI_VARIABLE_BOOTSERVICE_ACCESS )
	return EFI_INVALID_PARAMETER;
	@@ -191,7 +193,7 @@ efi_status_t uefi_variable_store_set_variable(
	(var->Attributes & EFI_VARIABLE_NON_VOLATILE) \|\|
	(info->is_variable_set && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE));

	- if (var->DataSize) {
	+ if (var->DataSize && var->Attributes) {

	/* It's a set rather than a remove operation */
	variable_index_update_variable(
	@@ -206,7 +208,9 @@ efi_status_t uefi_variable_store_set_variable(
	* that it's never possible for an object to exist within
	* the storage backend without a corresponding index entry.
	*/
	- remove_variable_data(context, info);
	+ EMSG(" deleting variable %s \n",var->Name);
	+ if (remove_variable_data(context, info) != PSA_SUCCESS)
	+ EMSG(" deleting variable %s FAILED\n",var->Name);
	variable_index_remove_variable(&context->variable_index, info);

	/* Variable info no longer valid */
	@@ -587,14 +591,18 @@ static efi_status_t check_access_permitted_on_set(
	}

	if ((status == EFI_SUCCESS) && var->DataSize) {
	-
	+ /* Delete the variable with Attributes is 0 */
	+ if (!var->Attributes) {
	+ EMSG("Null attributes, may be a delete variable request\n");
	+ status = EFI_SUCCESS;
	+ }
	/* Restrict which attributes can be modified for an existing variable */
	- if (((var->Attributes & EFI_VARIABLE_NON_VOLATILE) !=
	- (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) \|\|
	- ((var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) !=
	- (info->metadata.attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)) \|\|
	- ((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) !=
	- (info->metadata.attributes & EFI_VARIABLE_RUNTIME_ACCESS))) {
	+ else if (((var->Attributes & EFI_VARIABLE_NON_VOLATILE) !=
	+ (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) \|\|
	+ ((var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) !=
	+ (info->metadata.attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)) \|\|
	+ ((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) !=
	+ (info->metadata.attributes & EFI_VARIABLE_RUNTIME_ACCESS))) {
	/* Don't permit change of attributes */
	status = EFI_INVALID_PARAMETER;
	}