diff options
| author | Star Zeng <star.zeng@intel.com> | 2013-07-03 09:08:40 +0000 |
|---|---|---|
| committer | lzeng14 <lzeng14@6f19259b-4bc3-4df7-8a09-765794883524> | 2013-07-03 09:08:40 +0000 |
| commit | 3e02ebb2bbe0fd4da880511b1f35951e1c4b8404 (patch) | |
| tree | 95fc155e9d76e163cd295db373734cc276f4abc6 /MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWrite.c | |
| parent | 70066a82a54bd5136556dff3ea76dff035a3aca3 (diff) | |
| download | edk2-platforms-3e02ebb2bbe0fd4da880511b1f35951e1c4b8404.tar.xz | |
MdeModulePkg: Variable drivers robustly handle crashes during Reclaim().
PEI variable implementation checks only the variable header signature for validity. This does not seem robust if system crash occurred during previous Reclaim() operation. If the crash occurred while FTW was rewriting the variable FV, the signature could be valid even though the rest of the FV isn't valid.
Solution: Add a FaultTolerantWritePei driver to check and provide the FTW last write status, then PEI variable and early phase(before FTW protocol ready) of DXE variable can check the status and determine if all or partial variable data has been backed up in spare block, and then use the backed up data.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14454 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWrite.c')
| -rw-r--r-- | MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWrite.c | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWrite.c b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWrite.c index 2f110167d7..3d1d29dfd9 100644 --- a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWrite.c +++ b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWrite.c @@ -3,7 +3,7 @@ These are the common Fault Tolerant Write (FTW) functions that are shared
by DXE FTW driver and SMM FTW driver.
-Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -95,7 +95,7 @@ FtwAllocate ( //
// Check if there is enough space for the coming allocation
//
- if (WRITE_TOTAL_SIZE (NumberOfWrites, PrivateDataSize) > FtwDevice->FtwWorkSpaceHeader->WriteQueueSize) {
+ if (FTW_WRITE_TOTAL_SIZE (NumberOfWrites, PrivateDataSize) > FtwDevice->FtwWorkSpaceHeader->WriteQueueSize) {
DEBUG ((EFI_D_ERROR, "Ftw: Allocate() request exceed Workspace, Caller: %g\n", CallerId));
return EFI_BUFFER_TOO_SMALL;
}
@@ -115,7 +115,7 @@ FtwAllocate ( // If workspace is not enough, then reclaim workspace
//
Offset = (UINT8 *) FtwHeader - (UINT8 *) FtwDevice->FtwWorkSpace;
- if (Offset + WRITE_TOTAL_SIZE (NumberOfWrites, PrivateDataSize) > FtwDevice->FtwWorkSpaceSize) {
+ if (Offset + FTW_WRITE_TOTAL_SIZE (NumberOfWrites, PrivateDataSize) > FtwDevice->FtwWorkSpaceSize) {
Status = FtwReclaimWorkSpace (FtwDevice, TRUE);
if (EFI_ERROR (Status)) {
return EFI_ABORTED;
@@ -365,7 +365,7 @@ FtwWrite ( //
// If Record is out of the range of Header, return access denied.
//
- if (((UINTN)((UINT8 *) Record - (UINT8 *) Header)) > WRITE_TOTAL_SIZE (Header->NumberOfWrites - 1, Header->PrivateDataSize)) {
+ if (((UINTN)((UINT8 *) Record - (UINT8 *) Header)) > FTW_WRITE_TOTAL_SIZE (Header->NumberOfWrites - 1, Header->PrivateDataSize)) {
return EFI_ACCESS_DENIED;
}
@@ -415,13 +415,13 @@ FtwWrite ( Record->Lba = Lba;
Record->Offset = Offset;
Record->Length = Length;
- Record->FvBaseAddress = FvbPhysicalAddress;
+ Record->RelativeOffset = (INT64) (FvbPhysicalAddress + (UINTN) Lba * FtwDevice->BlockSize) - (INT64) FtwDevice->SpareAreaAddress;
if (PrivateData != NULL) {
- CopyMem ((Record + 1), PrivateData, Header->PrivateDataSize);
+ CopyMem ((Record + 1), PrivateData, (UINTN) Header->PrivateDataSize);
}
MyOffset = (UINT8 *) Record - FtwDevice->FtwWorkSpace;
- MyLength = RECORD_SIZE (Header->PrivateDataSize);
+ MyLength = FTW_RECORD_SIZE (Header->PrivateDataSize);
Status = FtwDevice->FtwFvBlock->Write (
FtwDevice->FtwFvBlock,
@@ -693,6 +693,10 @@ FtwAbort ( return EFI_ABORTED;
}
+ if (FtwDevice->FtwLastWriteHeader->HeaderAllocated != FTW_VALID_STATE) {
+ return EFI_NOT_FOUND;
+ }
+
if (FtwDevice->FtwLastWriteHeader->Complete == FTW_VALID_STATE) {
return EFI_NOT_FOUND;
}
@@ -809,16 +813,16 @@ FtwGetLastWrite ( //
CopyMem (CallerId, &Header->CallerId, sizeof (EFI_GUID));
*Lba = Record->Lba;
- *Offset = Record->Offset;
- *Length = Record->Length;
+ *Offset = (UINTN) Record->Offset;
+ *Length = (UINTN) Record->Length;
*Complete = (BOOLEAN) (Record->DestinationComplete == FTW_VALID_STATE);
if (*PrivateDataSize < Header->PrivateDataSize) {
- *PrivateDataSize = Header->PrivateDataSize;
+ *PrivateDataSize = (UINTN) Header->PrivateDataSize;
PrivateData = NULL;
Status = EFI_BUFFER_TOO_SMALL;
} else {
- *PrivateDataSize = Header->PrivateDataSize;
+ *PrivateDataSize = (UINTN) Header->PrivateDataSize;
CopyMem (PrivateData, Record + 1, *PrivateDataSize);
Status = EFI_SUCCESS;
}
|