From nobody Sun May 5 02:24:20 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1512643678260845.3089620575179; Thu, 7 Dec 2017 02:47:58 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 6E9A821B02844; Thu, 7 Dec 2017 02:43:24 -0800 (PST) Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C122121B02834 for ; Thu, 7 Dec 2017 02:43:23 -0800 (PST) Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Dec 2017 02:47:56 -0800 Received: from shwdeopenpsi068.ccr.corp.intel.com ([10.239.158.46]) by fmsmga008.fm.intel.com with ESMTP; 07 Dec 2017 02:47:55 -0800 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Permerror (SPF Permanent Error: More than 10 MX records returned) identity=mailfrom; client-ip=192.55.52.136; helo=mga12.intel.com; envelope-from=star.zeng@intel.com; receiver=edk2-devel@lists.01.org X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.45,372,1508828400"; d="scan'208";a="665171" From: Star Zeng To: edk2-devel@lists.01.org Date: Thu, 7 Dec 2017 18:47:53 +0800 Message-Id: <1512643673-14320-1-git-send-email-star.zeng@intel.com> X-Mailer: git-send-email 2.7.0.windows.1 Subject: [edk2] [PATCH] UefiCpuPkg PiSmmCpuDxeSmm: SMM profile and static paging mutual exclusion X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ruiyu Ni , Eric Dong , Jiewen Yao , Laszlo Ersek , Star Zeng MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" SMM profile and static paging could not enabled at the same time, this patch is add check and comments to make sure it. Similar comments are also added for the case of static paging and heap guard for SMM. Cc: Jiewen Yao Cc: Eric Dong Cc: Ruiyu Ni Cc: Jian J Wang Cc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Star Zeng --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c | 9 +++++++++ UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c | 13 ++++++++++--- UefiCpuPkg/UefiCpuPkg.dec | 6 +++++- UefiCpuPkg/UefiCpuPkg.uni | 10 ++++++++-- 4 files changed, 32 insertions(+), 6 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c b/UefiCpuPkg/PiSmmCpu= DxeSmm/Ia32/PageTbl.c index 6e1ffe7c6287..939ac25a506c 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c @@ -205,6 +205,15 @@ SetPageTableAttributes ( // BIT3: SMM pool guard enabled // if ((PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) !=3D 0) { + DEBUG ((DEBUG_INFO, "Don't mark page table as read-only as heap guard = is enabled\n")); + return ; + } + + // + // Don't mark page table as read-only if SMM profile is enabled. + // + if (FeaturePcdGet (PcdCpuSmmProfileEnable)) { + DEBUG ((DEBUG_INFO, "Don't mark page table as read-only as SMM profile= is enabled\n")); return ; } =20 diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c b/UefiCpuPkg/PiSmmCpuD= xeSmm/X64/PageTbl.c index 6478c6c3e355..0fe944fc18cc 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c @@ -919,17 +919,24 @@ SetPageTableAttributes ( // // Don't do this if // - no static page table; or - // - SMM heap guard feature enabled + // - SMM heap guard feature enabled; or // BIT2: SMM page guard enabled // BIT3: SMM pool guard enabled + // - SMM profile feature enabled // if (!mCpuSmmStaticPageTable || - (PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) !=3D 0) { + ((PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) !=3D 0) || + FeaturePcdGet (PcdCpuSmmProfileEnable)) { // - // Static paging and heap guard should not be enabled at the same time. + // Static paging and heap guard could not be enabled at the same time. // ASSERT (!(mCpuSmmStaticPageTable && (PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) !=3D 0)= ); + + // + // Static paging and SMM profile could not be enabled at the same time. + // + ASSERT (!(mCpuSmmStaticPageTable && FeaturePcdGet (PcdCpuSmmProfileEna= ble))); return ; } =20 diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec index d2965ba14c2d..36205ab63796 100644 --- a/UefiCpuPkg/UefiCpuPkg.dec +++ b/UefiCpuPkg/UefiCpuPkg.dec @@ -84,6 +84,7 @@ [Protocols] [PcdsFeatureFlag] ## Indicates if SMM Profile will be enabled. # If enabled, instruction executions in and data accesses to memory out= side of SMRAM will be logged. + # It could not be enabled at the same time with SMM profile feature (Pc= dCpuSmmStaticPageTable). # This PCD is only for validation purpose. It should be set to false in= production.

# TRUE - SMM Profile will be enabled.
# FALSE - SMM Profile will be disabled.
@@ -225,8 +226,11 @@ [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic,= PcdsDynamicEx] gUefiCpuPkgTokenSpaceGuid.PcdCpuApTargetCstate|0|UINT8|0x00000007 =20 ## Indicates if SMM uses static page table. - # If enabled, SMM will not use on-demand paging. SMM will build static = page table for all memory.

+ # If enabled, SMM will not use on-demand paging. SMM will build static = page table for all memory. # This flag only impacts X64 build, because SMM alway builds static pag= e table for IA32. + # It could not be enabled at the same time with SMM profile feature (Pc= dCpuSmmProfileEnable). + # It could not be enabled also at the same time with heap guard feature= for SMM + # (PcdHeapGuardPropertyMask in MdeModulePkg).

# TRUE - SMM uses static page table for all memory.
# FALSE - SMM uses static page table for below 4G memory and use on-de= mand paging for above 4G memory.
# @Prompt Use static page table for all memory in SMM. diff --git a/UefiCpuPkg/UefiCpuPkg.uni b/UefiCpuPkg/UefiCpuPkg.uni index 9472b185e46e..013d2870a682 100644 --- a/UefiCpuPkg/UefiCpuPkg.uni +++ b/UefiCpuPkg/UefiCpuPkg.uni @@ -53,7 +53,10 @@ =20 #string STR_gUefiCpuPkgTokenSpaceGuid_PcdCpuSmmProfileEnable_PROMPT #lang= uage en-US "Enable SMM Profile" =20 -#string STR_gUefiCpuPkgTokenSpaceGuid_PcdCpuSmmProfileEnable_HELP #langua= ge en-US "Indicates if SMM Profile will be enabled. If enabled, instruction= executions in and data accesses to memory outside of SMRAM will be logged.= This PCD is only for validation purpose. It should be set to false in prod= uction.

\n" +#string STR_gUefiCpuPkgTokenSpaceGuid_PcdCpuSmmProfileEnable_HELP #langua= ge en-US "Indicates if SMM Profile will be enabled.\n" + = "If enabled, instruction executions in and data accesses to memory= outside of SMRAM will be logged.\n" + = "It could not be enabled at the same time with SMM profile feature= (PcdCpuSmmStaticPageTable).\n" + = "This PCD is only for validation purpose. It should be set to fals= e in production.

\n" = "TRUE - SMM Profile will be enabled.
\n" = "FALSE - SMM Profile will be disabled.
" =20 @@ -150,8 +153,11 @@ #string STR_gUefiCpuPkgTokenSpaceGuid_PcdCpuSmmStaticPageTable_PROMPT #la= nguage en-US "Use static page table for all memory in SMM." =20 #string STR_gUefiCpuPkgTokenSpaceGuid_PcdCpuSmmStaticPageTable_HELP #lang= uage en-US "Indicates if SMM uses static page table.\n" - = "If enabled, SMM will not use on-demand paging. SMM will build s= tatic page table for all memory.

\n" + = "If enabled, SMM will not use on-demand paging. SMM will build s= tatic page table for all memory.\n" = "This flag only impacts X64 build, because SMM alway builds stat= ic page table for IA32.\n" + = "It could not be enabled at the same time with SMM profile featu= re (PcdCpuSmmProfileEnable).\n" + = "It could not be enabled also at the same time with heap guard f= eature for SMM\n" + = "(PcdHeapGuardPropertyMask in MdeModulePkg).

\n" = "TRUE - SMM uses static page table for all memory.
\n" = "FALSE - SMM uses static page table for below 4G memory and use = on-demand paging for above 4G memory.
" =20 --=20 2.7.0.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel