Sync patches r14454, r14455, r14456, r14457, r14458, and r14462 from …

…main trunk. 1. MdeModulePkg: Variable drivers robustly handle crashes during Reclaim(). 2. SecurityPkg: Variable drivers robustly handle crashes during Reclaim(). 3. Nt32Pkg: Use FaultTolerantWritePei driver. 4. EmulatorPkg: Use FaultTolerantWritePei driver. 5. OvmfPkg EmuVariableFvbRuntimeDxe: Let FaultTolerantWriteDxe to init working block header. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jeff Fan <[email protected]> git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2010.SR1@15341 6f19259b-4bc3-4df7-8a09-765794883524
gwli · Mar 20, 2014 · 1663107 · 1663107
1 parent 4aa8987
commit 1663107
Show file tree

Hide file tree

Showing 31 changed files with 1,588 additions and 539 deletions.
diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
@@ -4,7 +4,7 @@
 # The Emulation Platform can be used to debug individual modules, prior to creating
 # a real platform. This also provides an example for how an DSC is created.
 #
-# Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
 # Portions copyright (c) 2010 - 2011, Apple Inc. All rights reserved.<BR>
 #
 # This program and the accompanying materials
@@ -262,6 +262,7 @@
 
   IntelFrameworkModulePkg/Universal/StatusCode/Pei/StatusCodePei.inf
   EmulatorPkg/BootModePei/BootModePei.inf
+  MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf
   MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
   EmulatorPkg/AutoScanPei/AutoScanPei.inf
   EmulatorPkg/FirmwareVolumePei/FirmwareVolumePei.inf

diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf
@@ -1,7 +1,7 @@
 ## @file
 # This is Emulator FDF file with UEFI HII features enabled
 #
-# Copyright (c) 2008 - 2011, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2008 - 2013, Intel Corporation. All rights reserved.<BR>
 # Portions copyright (c) 2009 - 2011, Apple Inc. All rights reserved.<BR>
 #
 # This program and the accompanying materials
@@ -71,12 +71,12 @@ gEmulatorPkgTokenSpaceGuid.PcdEmuFlashNvStorageEventLogBase|gEmulatorPkgTokenSpa
 gEmulatorPkgTokenSpaceGuid.PcdEmuFlashNvStorageFtwWorkingBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize
 #NV_FTW_WORKING
 DATA = {
-  # EFI_FAULT_TOLERANT_WORKING_BLOCK_HEADER->Signature = gEfiSystemNvDataFvGuid         =
-  #  { 0xFFF12B8D, 0x7696, 0x4C8B, { 0xA9, 0x85, 0x27, 0x47, 0x07, 0x5B, 0x4F, 0x50 }}
-  0x8D, 0x2B, 0xF1, 0xFF, 0x96, 0x76, 0x8B, 0x4C,
-  0xA9, 0x85, 0x27, 0x47, 0x07, 0x5B, 0x4F, 0x50,
+  # EFI_FAULT_TOLERANT_WORKING_BLOCK_HEADER->Signature = gEdkiiWorkingBlockSignatureGuid         =
+  #  { 0x9e58292b, 0x7c68, 0x497d, { 0xa0, 0xce, 0x65,  0x0, 0xfd, 0x9f, 0x1b, 0x95 }}
+  0x2b, 0x29, 0x58, 0x9e, 0x68, 0x7c, 0x7d, 0x49,
+  0xa0, 0xce, 0x65,  0x0, 0xfd, 0x9f, 0x1b, 0x95,
   # Crc:UINT32            #WorkingBlockValid:1, WorkingBlockInvalid:1, Reserved
-  0x77, 0x13, 0x9B, 0xD7, 0xFE, 0xFF, 0xFF, 0xFF,
+  0xE2, 0x33, 0xF2, 0x03, 0xFE, 0xFF, 0xFF, 0xFF,
   # WriteQueueSize: UINT64
   0xE0, 0x1F, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
 }
@@ -129,6 +129,7 @@ INF  EmulatorPkg/AutoScanPei/AutoScanPei.inf
 INF  EmulatorPkg/FirmwareVolumePei/FirmwareVolumePei.inf
 INF  EmulatorPkg/FlashMapPei/FlashMapPei.inf
 INF  EmulatorPkg/ThunkPpiToProtocolPei/ThunkPpiToProtocolPei.inf
+INF  MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf
 INF  MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
 INF  MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
 

diff --git a/MdeModulePkg/Include/Guid/FaultTolerantWrite.h b/MdeModulePkg/Include/Guid/FaultTolerantWrite.h
@@ -0,0 +1,54 @@
+/** @file
+ Define the GUID gEdkiiFaultTolerantWriteGuid that will be used to build
+ FAULT_TOLERANT_WRITE_LAST_WRITE_DATA GUID hob and install PPI to inform the check
+ for FTW last write data has been done. The GUID hob will be only built if FTW last write was
+ still in progress with SpareComplete set and DestinationComplete not set.
+
+Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials are licensed and made available under 
+the terms and conditions of the BSD License that accompanies this distribution.  
+The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php.                                            
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,                     
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 
+
+**/
+
+#ifndef _FAULT_TOLERANT_WRITE_H_
+#define _FAULT_TOLERANT_WRITE_H_
+
+#define EDKII_FAULT_TOLERANT_WRITE_GUID \
+  { \
+    0x1d3e9cb8, 0x43af, 0x490b, { 0x83,  0xa, 0x35, 0x16, 0xaa, 0x53, 0x20, 0x47 } \
+  }
+
+//
+// FTW Last write data. It will be used as gEdkiiFaultTolerantWriteGuid GUID hob data.
+//
+typedef struct {
+  ///
+  /// Target address to be updated in FTW last write.
+  ///
+  EFI_PHYSICAL_ADDRESS      TargetAddress;
+  ///
+  /// Spare address to back up the updated buffer.
+  ///
+  EFI_PHYSICAL_ADDRESS      SpareAddress;
+  ///
+  /// The length of data that have been backed up in spare block.
+  /// It is also the length of target block that has been erased.
+  ///
+  UINT64                    Length;
+} FAULT_TOLERANT_WRITE_LAST_WRITE_DATA;
+
+//
+// This GUID will be used to install PPI to inform the check for FTW last write data has been done.
+// The related FAULT_TOLERANT_WRITE_LAST_WRITE_DATA GUID hob will be only built if
+// FTW last write was still in progress with SpareComplete set and DestinationComplete not set.
+// It means the target buffer has been backed up in spare block, then target block has been erased,
+// but the target buffer has not been writen in target block from spare block.
+//
+extern EFI_GUID gEdkiiFaultTolerantWriteGuid;
+
+#endif
diff --git a/MdeModulePkg/Include/Guid/SystemNvDataGuid.h b/MdeModulePkg/Include/Guid/SystemNvDataGuid.h
@@ -1,10 +1,10 @@
 /** @file  
-  This file defines NvDataFv GUID and FTW working block structure header.
-  This guid can be used as FileSystemGuid in EFI_FIRMWARE_VOLUME_HEADER if 
+  This file defines NvDataFv GUID and FTW working block structures.
+  The NvDataFv GUID can be used as FileSystemGuid in EFI_FIRMWARE_VOLUME_HEADER if 
   this FV image contains NV data, such as NV variable data.
-  This guid can also be used as the signature of FTW working block header.
+  This file also defines WorkingBlockSignature GUID for FTW working block signature.
 
-Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials are licensed and made available under 
 the terms and conditions of the BSD License that accompanies this distribution.  
 The full text of the license may be found at
@@ -21,10 +21,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #define EFI_SYSTEM_NV_DATA_FV_GUID \
   {0xfff12b8d, 0x7696, 0x4c8b, {0xa9, 0x85, 0x27, 0x47, 0x7, 0x5b, 0x4f, 0x50} }
 
-///
-/// An NvDataFv GUID used as the signature of FTW working block header.
-///
+#define EDKII_WORKING_BLOCK_SIGNATURE_GUID \
+  {0x9e58292b, 0x7c68, 0x497d, {0xa0, 0xce, 0x65,  0x0, 0xfd, 0x9f, 0x1b, 0x95} }
+
 extern EFI_GUID gEfiSystemNvDataFvGuid;
+extern EFI_GUID gEdkiiWorkingBlockSignatureGuid;
 
 #define WORKING_BLOCK_VALID   0x1
 #define WORKING_BLOCK_INVALID 0x2
@@ -35,7 +36,9 @@ extern EFI_GUID gEfiSystemNvDataFvGuid;
 ///
 typedef struct {
   ///
-  /// System Non Volatile FV Guid.
+  /// FTW working block signature.
+  /// Its value has be updated from gEfiSystemNvDataFvGuid to gEdkiiWorkingBlockSignatureGuid,
+  /// because its write queue data format has been updated to support the crossing archs.
   ///
   EFI_GUID  Signature;
   ///
@@ -55,8 +58,60 @@ typedef struct {
   UINT64    WriteQueueSize;
   ///
   /// Write Queue data.
-  /// UINT8  WriteQueue[WriteQueueSize];
+  ///
+  /// EFI_FAULT_TOLERANT_WRITE_HEADER FtwHeader;
+  /// EFI_FAULT_TOLERANT_WRITE_RECORD FtwRecord[FtwHeader.NumberOfWrites]
+  /// EFI_FAULT_TOLERANT_WRITE_HEADER FtwHeader2;
+  /// EFI_FAULT_TOLERANT_WRITE_RECORD FtwRecord2[FtwHeader2.NumberOfWrites]
+  /// ...
   ///
 } EFI_FAULT_TOLERANT_WORKING_BLOCK_HEADER;
 
+#define FTW_VALID_STATE     0
+#define FTW_INVALID_STATE   1
+
+//
+// EFI Fault tolerant block update write queue entry.
+//
+typedef struct {
+  UINT8     HeaderAllocated : 1;
+  UINT8     WritesAllocated : 1;
+  UINT8     Complete : 1;
+  UINT8     Reserved : 5;
+  EFI_GUID  CallerId;
+  UINT64    NumberOfWrites;
+  UINT64    PrivateDataSize;
+} EFI_FAULT_TOLERANT_WRITE_HEADER;
+
+//
+// EFI Fault tolerant block update write queue record.
+//
+typedef struct {
+  UINT8   BootBlockUpdate : 1;
+  UINT8   SpareComplete : 1;
+  UINT8   DestinationComplete : 1;
+  UINT8   Reserved : 5;
+  EFI_LBA Lba;
+  UINT64  Offset;
+  UINT64  Length;
+  //
+  // Relative offset to spare block.
+  //
+  INT64   RelativeOffset;
+  //
+  // UINT8    PrivateData[PrivateDataSize]
+  //
+} EFI_FAULT_TOLERANT_WRITE_RECORD;
+
+#define FTW_RECORD_SIZE(PrivateDataSize)  (sizeof (EFI_FAULT_TOLERANT_WRITE_RECORD) + (UINTN) PrivateDataSize)
+
+#define FTW_RECORD_TOTAL_SIZE(NumberOfWrites, PrivateDataSize) \
+    ((UINTN) (NumberOfWrites) * (sizeof (EFI_FAULT_TOLERANT_WRITE_RECORD) + (UINTN) PrivateDataSize))
+
+#define FTW_WRITE_TOTAL_SIZE(NumberOfWrites, PrivateDataSize) \
+    ( \
+      sizeof (EFI_FAULT_TOLERANT_WRITE_HEADER) + (UINTN) (NumberOfWrites) * \
+      (sizeof (EFI_FAULT_TOLERANT_WRITE_RECORD) + (UINTN) PrivateDataSize) \
+    )
+
 #endif
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
@@ -119,6 +119,14 @@
   #  Include/Guid/SystemNvDataGuid.h
   gEfiSystemNvDataFvGuid         = { 0xFFF12B8D, 0x7696, 0x4C8B, { 0xA9, 0x85, 0x27, 0x47, 0x07, 0x5B, 0x4F, 0x50 }}
 
+  ## GUID used as the signature of FTW working block header.
+  #  Include/Guid/SystemNvDataGuid.h
+  gEdkiiWorkingBlockSignatureGuid   = { 0x9e58292b, 0x7c68, 0x497d, { 0xa0, 0xce, 0x65,  0x0, 0xfd, 0x9f, 0x1b, 0x95 }}
+
+  ## GUID used to build FTW last write data hob and install PPI to inform the check for FTW last write data has been done.
+  #  Include/Guid/FaultTolerantWrite.h
+  gEdkiiFaultTolerantWriteGuid      = { 0x1d3e9cb8, 0x43af, 0x490b, { 0x83,  0xa, 0x35, 0x16, 0xaa, 0x53, 0x20, 0x47 }}
+
   ## Guid specify the device is the console out device.
   #  Include/Guid/ConsoleOutDevice.h
   gEfiConsoleOutDeviceGuid       = { 0xD3B36F2C, 0xD551, 0x11D4, { 0x9A, 0x46, 0x00, 0x90, 0x27, 0x3F, 0xC1, 0x4D }}

diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc
@@ -298,6 +298,7 @@
   MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
   MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
   MdeModulePkg/Application/VariableInfo/VariableInfo.inf
+  MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf
   MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
   MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
   MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf

diff --git a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWrite.c b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWrite.c
@@ -3,7 +3,7 @@
   These are the common Fault Tolerant Write (FTW) functions that are shared 
   by DXE FTW driver and SMM FTW driver.
 
-Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials                          
 are licensed and made available under the terms and conditions of the BSD License         
 which accompanies this distribution.  The full text of the license may be found at        
@@ -95,7 +95,7 @@ FtwAllocate (
   //
   // Check if there is enough space for the coming allocation
   //
-  if (WRITE_TOTAL_SIZE (NumberOfWrites, PrivateDataSize) > FtwDevice->FtwWorkSpaceHeader->WriteQueueSize) {
+  if (FTW_WRITE_TOTAL_SIZE (NumberOfWrites, PrivateDataSize) > FtwDevice->FtwWorkSpaceHeader->WriteQueueSize) {
     DEBUG ((EFI_D_ERROR, "Ftw: Allocate() request exceed Workspace, Caller: %g\n", CallerId));
     return EFI_BUFFER_TOO_SMALL;
   }
@@ -115,7 +115,7 @@ FtwAllocate (
   // If workspace is not enough, then reclaim workspace
   //
   Offset = (UINT8 *) FtwHeader - (UINT8 *) FtwDevice->FtwWorkSpace;
-  if (Offset + WRITE_TOTAL_SIZE (NumberOfWrites, PrivateDataSize) > FtwDevice->FtwWorkSpaceSize) {
+  if (Offset + FTW_WRITE_TOTAL_SIZE (NumberOfWrites, PrivateDataSize) > FtwDevice->FtwWorkSpaceSize) {
     Status = FtwReclaimWorkSpace (FtwDevice, TRUE);
     if (EFI_ERROR (Status)) {
       return EFI_ABORTED;
@@ -365,7 +365,7 @@ FtwWrite (
   //
   // If Record is out of the range of Header, return access denied.
   //
-  if (((UINTN)((UINT8 *) Record - (UINT8 *) Header)) > WRITE_TOTAL_SIZE (Header->NumberOfWrites - 1, Header->PrivateDataSize)) {
+  if (((UINTN)((UINT8 *) Record - (UINT8 *) Header)) > FTW_WRITE_TOTAL_SIZE (Header->NumberOfWrites - 1, Header->PrivateDataSize)) {
     return EFI_ACCESS_DENIED;
   }
 
@@ -415,13 +415,13 @@ FtwWrite (
   Record->Lba     = Lba;
   Record->Offset  = Offset;
   Record->Length  = Length;
-  Record->FvBaseAddress = FvbPhysicalAddress;
+  Record->RelativeOffset = (INT64) (FvbPhysicalAddress + (UINTN) Lba * FtwDevice->BlockSize) - (INT64) FtwDevice->SpareAreaAddress;
   if (PrivateData != NULL) {
-    CopyMem ((Record + 1), PrivateData, Header->PrivateDataSize);
+    CopyMem ((Record + 1), PrivateData, (UINTN) Header->PrivateDataSize);
   }
 
   MyOffset  = (UINT8 *) Record - FtwDevice->FtwWorkSpace;
-  MyLength  = RECORD_SIZE (Header->PrivateDataSize);
+  MyLength  = FTW_RECORD_SIZE (Header->PrivateDataSize);
 
   Status = FtwDevice->FtwFvBlock->Write (
                                     FtwDevice->FtwFvBlock,
@@ -693,6 +693,10 @@ FtwAbort (
     return EFI_ABORTED;
   }
 
+  if (FtwDevice->FtwLastWriteHeader->HeaderAllocated != FTW_VALID_STATE) {
+    return EFI_NOT_FOUND;
+  }
+
   if (FtwDevice->FtwLastWriteHeader->Complete == FTW_VALID_STATE) {
     return EFI_NOT_FOUND;
   }
@@ -809,16 +813,16 @@ FtwGetLastWrite (
   //
   CopyMem (CallerId, &Header->CallerId, sizeof (EFI_GUID));
   *Lba      = Record->Lba;
-  *Offset   = Record->Offset;
-  *Length   = Record->Length;
+  *Offset   = (UINTN) Record->Offset;
+  *Length   = (UINTN) Record->Length;
   *Complete = (BOOLEAN) (Record->DestinationComplete == FTW_VALID_STATE);
 
   if (*PrivateDataSize < Header->PrivateDataSize) {
-    *PrivateDataSize  = Header->PrivateDataSize;
+    *PrivateDataSize  = (UINTN) Header->PrivateDataSize;
     PrivateData       = NULL;
     Status            = EFI_BUFFER_TOO_SMALL;
   } else {
-    *PrivateDataSize = Header->PrivateDataSize;
+    *PrivateDataSize = (UINTN) Header->PrivateDataSize;
     CopyMem (PrivateData, Record + 1, *PrivateDataSize);
     Status = EFI_SUCCESS;
   }

diff --git a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWrite.h b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWrite.h
@@ -3,7 +3,7 @@
   The internal header file includes the common header files, defines
   internal structure and functions used by FtwLite module.
 
-Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials                          
 are licensed and made available under the terms and conditions of the BSD License         
 which accompanies this distribution.  The full text of the license may be found at        
@@ -39,59 +39,17 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 //
 #define FTW_ERASE_POLARITY  1
 
-#define FTW_VALID_STATE     0
-#define FTW_INVALID_STATE   1
-
 #define FTW_ERASED_BYTE     ((UINT8) (255))
 #define FTW_POLARITY_REVERT ((UINT8) (255))
 
-//
-// EFI Fault tolerant block update write queue entry
-//
-typedef struct {
-  UINT8     HeaderAllocated : 1;
-  UINT8     WritesAllocated : 1;
-  UINT8     Complete : 1;
 #define HEADER_ALLOCATED  0x1
 #define WRITES_ALLOCATED  0x2
 #define WRITES_COMPLETED  0x4
-  UINT8     Reserved : 5;
-  EFI_GUID  CallerId;
-  UINTN     NumberOfWrites;
-  UINTN     PrivateDataSize;
-} EFI_FAULT_TOLERANT_WRITE_HEADER;
 
-//
-// EFI Fault tolerant block update write queue record
-//
-typedef struct {
-  UINT8   BootBlockUpdate : 1;
-  UINT8   SpareComplete : 1;
-  UINT8   DestinationComplete : 1;
 #define BOOT_BLOCK_UPDATE 0x1
 #define SPARE_COMPLETED   0x2
 #define DEST_COMPLETED    0x4
-  UINT8   Reserved : 5;
-  EFI_LBA Lba;
-  UINTN   Offset;
-  UINTN   Length;
-  EFI_PHYSICAL_ADDRESS  FvBaseAddress;
-  //
-  // UINT8                PrivateData[PrivateDataSize]
-  //
-} EFI_FAULT_TOLERANT_WRITE_RECORD;
-
-
-#define RECORD_SIZE(PrivateDataSize)  (sizeof (EFI_FAULT_TOLERANT_WRITE_RECORD) + PrivateDataSize)
-
-#define RECORD_TOTAL_SIZE(NumberOfWrites, PrivateDataSize) \
-    ((NumberOfWrites) * (sizeof (EFI_FAULT_TOLERANT_WRITE_RECORD) + PrivateDataSize))
 
-#define WRITE_TOTAL_SIZE(NumberOfWrites, PrivateDataSize) \
-    ( \
-      sizeof (EFI_FAULT_TOLERANT_WRITE_HEADER) + (NumberOfWrites) * \
-        (sizeof (EFI_FAULT_TOLERANT_WRITE_RECORD) + PrivateDataSize) \
-    )
 
 #define FTW_DEVICE_SIGNATURE  SIGNATURE_32 ('F', 'T', 'W', 'D')