From nobody Tue May 7 17:25:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1517886134322312.4288688224502; Mon, 5 Feb 2018 19:02:14 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id AB61E21F0DA5B; Mon, 5 Feb 2018 18:56:30 -0800 (PST) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id F3A0A21F0DA4F for ; Mon, 5 Feb 2018 18:56:28 -0800 (PST) Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Feb 2018 19:02:10 -0800 Received: from jwang36-mobl2.ccr.corp.intel.com ([10.239.192.243]) by fmsmga001.fm.intel.com with ESMTP; 05 Feb 2018 19:02:09 -0800 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.100; helo=mga07.intel.com; envelope-from=jian.j.wang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,467,1511856000"; d="scan'208";a="28398518" From: Jian J Wang To: edk2-devel@lists.01.org Date: Tue, 6 Feb 2018 11:02:06 +0800 Message-Id: <20180206030206.112-1-jian.j.wang@intel.com> X-Mailer: git-send-email 2.15.1.windows.2 Subject: [edk2] [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: fix infinite loop issue in SMM profile X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ruiyu Ni , Jiewen Yao , Laszlo Ersek , Eric Dong MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The infinite loop is caused by the memory instruction, such as "rep mov", operating on memory block crossing boundary of NON-PRESENT pages. Because the address triggering page fault set in CR2 will be in the first page, SmmProfilePFHandler() will only change the first page into PRESENT. The page following will be still in NON-PRESENT status. Since SmmProfilePFHandler() will setup single-step trap for the instruction causing #PF, when the handler returns back to the instruction and re-execute it, both #DB and #PF will be triggered because the instruction wants to access both first and second page but only first page is PRESENT. Normally #DB exception will be handled first and its handler will change first page back to NON-PRESENT status. Then #PF is handled and its handler will change first page to PRESENT status again and setup another single-step for the instruction triggering #PF. Then the whole system falls into an infinite loop and the memory operation will never move on. This patch fix above situation by always changing 3 pages to PRESENT status instead of just 1 page. Those 3 pages include the page before and after the page causing #PF because memory operation instruction may have direction flag (DF) set or cleared. Cc: Eric Dong Cc: Laszlo Ersek Cc: Ruiyu Ni Cc: Jiewen Yao Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang --- UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c b/UefiCpuPkg/PiSmmCpuDx= eSmm/SmmProfile.c index 9588eaf029..8cdfc82a92 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c @@ -1302,6 +1302,8 @@ SmmProfilePFHandler ( { UINT64 *PageTable; UINT64 PFAddress; + UINT64 RestoreAddress; + UINTN RestorePageNumber; UINTN CpuIndex; UINTN Index; UINT64 InstructionAddress; @@ -1331,10 +1333,22 @@ SmmProfilePFHandler ( PFAddress =3D AsmReadCr2 (); CpuIndex =3D GetCpuIndex (); =20 - if (PFAddress <=3D 0xFFFFFFFF) { - RestorePageTableBelow4G (PageTable, PFAddress, CpuIndex, ErrorCode); - } else { - RestorePageTableAbove4G (PageTable, PFAddress, CpuIndex, ErrorCode, &I= sValidPFAddress); + // + // Memory operation cross pages, like "rep mov" instruction, will cause + // infinite loop between this and Debug Trap handler. Since the direction + // of memory operation is unknown, the pages before and after current pa= ge + // should be taken into account as well. + // + RestorePageNumber =3D 3; + RestoreAddress =3D PFAddress - EFI_PAGE_SIZE; + while (RestorePageNumber > 0) { + if (RestoreAddress <=3D 0xFFFFFFFF) { + RestorePageTableBelow4G (PageTable, RestoreAddress, CpuIndex, ErrorC= ode); + } else { + RestorePageTableAbove4G (PageTable, RestoreAddress, CpuIndex, ErrorC= ode, &IsValidPFAddress); + } + RestoreAddress +=3D EFI_PAGE_SIZE; + RestorePageNumber--; } =20 if (!IsValidPFAddress) { --=20 2.14.1.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel