[VARPOL] Switch to the new common code for VarPol locking

This code also dispatches to the callback, if registered.
microsoft · May 4, 2023 · 41d0f95 · 41d0f95
1 parent 4754d2b
commit 41d0f95
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 15 deletions.
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
@@ -15,6 +15,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Protocol/VariablePolicy.h>
 #include <Library/VariablePolicyLib.h>
 
+#include "VariablePolicyLockingCommon.h"        // MU_CHANGE - Isolate the VariablePolicy locking event into its own code.
+
 EFI_STATUS
 EFIAPI
 ProtocolIsVariablePolicyEnabled (
@@ -297,15 +299,8 @@ OnReadyToBoot (
   VOID       *Context
   )
 {
-  EFI_STATUS  Status;
-
-  // MU_CHANGE [BEGIN] - Do not lock Policy at EndOfDxe.
-  if (!IsVariablePolicyInterfaceLocked ()) {
-    Status = LockVariablePolicy ();
-    ASSERT_EFI_ERROR (Status);
-  }
+  // EFI_STATUS    Status;      // MU_CHANGE - Do not lock Policy at EndOfDxe.
 
-  // MU_CHANGE [END] - Do not lock Policy at EndOfDxe.
   if (!mEndOfDxe) {
     MorLockInitAtEndOfDxe ();
 
@@ -650,6 +645,8 @@ VariableServiceInitialize (
                   NULL
                   );
   ASSERT_EFI_ERROR (Status);
+  Status = InitializeVariablePolicyLocking (&mVariablePolicyProtocol);  // MU_CHANGE - Isolate the VariablePolicy locking event into its own code.
+  ASSERT_EFI_ERROR (Status);                                            // MU_CHANGE - Isolate the VariablePolicy locking event into its own code.
 
   return EFI_SUCCESS;
 }
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
@@ -20,6 +20,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Guid/VarCheckPolicyMmi.h>
 
 #include "Variable.h"
+#include "VariablePolicyLockingCommon.h"
 
 EDKII_VARIABLE_POLICY_PROTOCOL  mVariablePolicyProtocol;
 EFI_MM_COMMUNICATION2_PROTOCOL  *mMmCommunication;
@@ -489,11 +490,13 @@ VariablePolicySmmDxeMain (
   EFI_STATUS  Status;
   BOOLEAN     ProtocolInstalled;
   BOOLEAN     VirtualAddressChangeRegistered;
+  BOOLEAN     LockingInitialized;                   // MU_CHANGE - Isolate the VariablePolicy locking event into its own code.
   EFI_EVENT   VirtualAddressChangeEvent;
 
   Status                         = EFI_SUCCESS;
   ProtocolInstalled              = FALSE;
   VirtualAddressChangeRegistered = FALSE;
+  LockingInitialized             = FALSE;           // MU_CHANGE - Isolate the VariablePolicy locking event into its own code.
 
   // Update the minimum buffer size.
   mMmCommunicationBufferSize = VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE;
@@ -539,6 +542,16 @@ VariablePolicySmmDxeMain (
   // to lock the interface, but this is integrated
   // into the existing callbacks in VaraiableSmm.c
   // and VariableDxe.c.
+  // MU_CHANGE [BEGIN] - Isolate the VariablePolicy locking event into its own code.
+  Status = InitializeVariablePolicyLocking (&mVariablePolicyProtocol);
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "%a - Failed to initialize VariablePolicy locking! %r\n", __FUNCTION__, Status));
+    goto Exit;
+  } else {
+    LockingInitialized = TRUE;
+  }
+
+  // MU_CHANGE [END]
 
   //
   // Register a VirtualAddressChange callback for the MmComm protocol and Comm buffer.
@@ -569,6 +582,13 @@ VariablePolicySmmDxeMain (
     if (VirtualAddressChangeRegistered) {
       gBS->CloseEvent (VirtualAddressChangeEvent);
     }
+
+    // MU_CHANGE [BEGIN] - Isolate the VariablePolicy locking event into its own code.
+    if (LockingInitialized) {
+      DeinitVariablePolicyLocking ();
+    }
+
+    // MU_CHANGE [END] - Isolate the VariablePolicy locking event into its own code.
   }
 
   return Status;

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
@@ -50,6 +50,8 @@
   VariableExLib.c
   SpeculationBarrierDxe.c
   VariableLockRequestToLock.c
+  VariablePolicyLockingCommon.h   # MU_CHANGE - Isolate the VariablePolicy locking event into its own code.
+  VariablePolicyLockingCommon.c   # MU_CHANGE - Isolate the VariablePolicy locking event into its own code.
 
 [Packages]
   MdePkg/MdePkg.dec

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
@@ -730,13 +730,6 @@ SmmVariableHandler (
         break;
       }
 
-      // MU_CHANGE [BEGIN] - Do not lock Policy at EndOfDxe.
-      if (!IsVariablePolicyInterfaceLocked ()) {
-        Status = LockVariablePolicy ();
-        ASSERT_EFI_ERROR (Status);
-      }
-
-      // MU_CHANGE [END] - Do not lock Policy at EndOfDxe.
       if (!mEndOfDxe) {
         MorLockInitAtEndOfDxe ();
         // MU_CHANGE - Do not lock Policy at EndOfDxe.

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
@@ -44,6 +44,8 @@
   VariableParsing.h
   Variable.h
   VariablePolicySmmDxe.c
+  VariablePolicyLockingCommon.h   # MU_CHANGE - Isolate the VariablePolicy locking event into its own code.
+  VariablePolicyLockingCommon.c   # MU_CHANGE - Isolate the VariablePolicy locking event into its own code.
 
 [Packages]
   MdePkg/MdePkg.dec