From nobody Sun Apr 28 12:32:50 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1516006486087333.5458383886016; Mon, 15 Jan 2018 00:54:46 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id B98362035D314; Mon, 15 Jan 2018 00:49:26 -0800 (PST) Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 23A93222DDC09 for ; Mon, 15 Jan 2018 00:49:24 -0800 (PST) Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Jan 2018 00:54:42 -0800 Received: from jwang36-mobl2.ccr.corp.intel.com ([10.239.192.117]) by fmsmga004.fm.intel.com with ESMTP; 15 Jan 2018 00:54:40 -0800 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Permerror (SPF Permanent Error: Void lookup limit of 2 exceeded) identity=mailfrom; client-ip=192.55.52.120; helo=mga04.intel.com; envelope-from=jian.j.wang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,362,1511856000"; d="scan'208";a="21534485" From: Jian J Wang To: edk2-devel@lists.01.org Date: Mon, 15 Jan 2018 16:54:28 +0800 Message-Id: <20180115085433.25008-2-jian.j.wang@intel.com> X-Mailer: git-send-email 2.15.1.windows.2 In-Reply-To: <20180115085433.25008-1-jian.j.wang@intel.com> References: <20180115085433.25008-1-jian.j.wang@intel.com> Subject: [edk2] [PATCH 1/6] UefiCpuPkg/MpInitLib: split wake up buffer into two parts X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ruiyu Ni , Laszlo Ersek , Jiewen Yao , Eric Dong MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" If PcdDxeNxMemoryProtectionPolicy is set to enable protection for memory of EfiBootServicesCode, EfiConventionalMemory, the BIOS will hang at a page fault exception during MP initialization. The root cause is that the AP wake up buffer, which is below 1MB and used to hold both AP init code and data, is type of EfiConventionalMemory (not really allocated because of potential conflict with legacy code), and is marked as non-executable. During the transition from real address mode to long mode, the AP init code has to enable paging which will then cause itself a page fault exception because it's just running in non-executable memory. The solution is splitting AP wake up buffer into two part: lower part is still below 1MB and shared with legacy system, higher part is really allocated memory of BootServicesCode type. The init code in the memory below 1MB will not enable paging but just switch to protected mode and jump to higher memory, in which the init code will enable paging and switch to long mode. Cc: Jiewen Yao Cc: Ruiyu Ni Cc: Eric Dong Cc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang Reviewed-by: Eric Dong --- UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 34 ++++++++++ UefiCpuPkg/Library/MpInitLib/Ia32/MpEqu.inc | 5 ++ UefiCpuPkg/Library/MpInitLib/Ia32/MpFuncs.nasm | 32 +++++----- UefiCpuPkg/Library/MpInitLib/MpLib.c | 45 +++++++++++++ UefiCpuPkg/Library/MpInitLib/MpLib.h | 22 +++++++ UefiCpuPkg/Library/MpInitLib/PeiMpLib.c | 23 +++++++ UefiCpuPkg/Library/MpInitLib/X64/MpEqu.inc | 5 +- UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 87 ++++++++++++++++------= ---- 8 files changed, 204 insertions(+), 49 deletions(-) diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c b/UefiCpuPkg/Library/M= pInitLib/DxeMpLib.c index d2bcef53d6..fd2317924f 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c @@ -113,6 +113,40 @@ GetWakeupBuffer ( return (UINTN) StartAddress; } =20 +/** + Get available EfiBootServicesCode memory below 4GB by specified size. + + This buffer is required to safely transfer AP from real address mode to + protected mode or long mode, due to the fact that the buffer returned by + GetWakeupBuffer() may be marked as non-executable. + + @param[in] BufferSize Wakeup transition buffer size. + + @retval other Return wakeup transition buffer address below 4GB. + @retval 0 Cannot find free memory below 4GB. +**/ +UINTN +GetModeTransitionBuffer ( + IN UINTN BufferSize + ) +{ + EFI_STATUS Status; + EFI_PHYSICAL_ADDRESS StartAddress; + + StartAddress =3D BASE_4GB - 1; + Status =3D gBS->AllocatePages ( + AllocateMaxAddress, + EfiBootServicesCode, + EFI_SIZE_TO_PAGES (BufferSize), + &StartAddress + ); + if (EFI_ERROR (Status)) { + StartAddress =3D 0; + } + + return (UINTN)StartAddress; +} + /** Checks APs status and updates APs status if needed. =20 diff --git a/UefiCpuPkg/Library/MpInitLib/Ia32/MpEqu.inc b/UefiCpuPkg/Libra= ry/MpInitLib/Ia32/MpEqu.inc index bdfe0d33cc..1648f2c4b0 100644 --- a/UefiCpuPkg/Library/MpInitLib/Ia32/MpEqu.inc +++ b/UefiCpuPkg/Library/MpInitLib/Ia32/MpEqu.inc @@ -41,4 +41,9 @@ Cr3Location equ LockLocation + 3= 4h InitFlagLocation equ LockLocation + 38h CpuInfoLocation equ LockLocation + 3Ch NumApsExecutingLocation equ LockLocation + 40h +InitializeFloatingPointUnitsAddress equ LockLocation + 48h +ModeTransitionMemoryLocation equ LockLocation + 4Ch +ModeTransitionSegmentLocation equ LockLocation + 50h +ModeHighMemoryLocation equ LockLocation + 52h +ModeHighSegmentLocation equ LockLocation + 56h =20 diff --git a/UefiCpuPkg/Library/MpInitLib/Ia32/MpFuncs.nasm b/UefiCpuPkg/Li= brary/MpInitLib/Ia32/MpFuncs.nasm index 2b6c27d4ec..bd79be0f5e 100644 --- a/UefiCpuPkg/Library/MpInitLib/Ia32/MpFuncs.nasm +++ b/UefiCpuPkg/Library/MpInitLib/Ia32/MpFuncs.nasm @@ -48,34 +48,35 @@ BITS 16 mov si, BufferStartLocation mov ebx, [si] =20 - mov si, ModeOffsetLocation - mov eax, [si] - mov si, CodeSegmentLocation - mov edx, [si] - mov di, ax - sub di, 02h - mov [di], dx - sub di, 04h - add eax, ebx - mov [di],eax - mov si, DataSegmentLocation mov edx, [si] =20 + ; + ; Get start address of 32-bit code in low memory (<1MB) + ; + mov edi, ModeTransitionMemoryLocation + mov si, GdtrLocation o32 lgdt [cs:si] =20 mov si, IdtrLocation o32 lidt [cs:si] =20 - xor ax, ax - mov ds, ax - + ; + ; Switch to protected mode + ; mov eax, cr0 ; Get control register 0 or eax, 000000003h ; Set PE bit (bit #0) & MP mov cr0, eax =20 - jmp 0:strict dword 0 ; far jump to protected mode + ; Switch to 32-bit code in executable memory (>1MB) +o32 jmp far [cs:di] + +; +; Following code may be copied to memory with type of EfiBootServicesCode. +; This is required at DXE phase if NX is enabled for EfiBootServicesCode of +; memory. +; BITS 32 Flat32Start: ; protected mode entry point mov ds, dx @@ -266,6 +267,7 @@ ASM_PFX(AsmGetAddressMap): mov dword [ebx + 8h], RendezvousFunnelProcEnd - RendezvousFunn= elProcStart mov dword [ebx + 0Ch], AsmRelocateApLoopStart mov dword [ebx + 10h], AsmRelocateApLoopEnd - AsmRelocateApLoop= Start + mov dword [ebx + 14h], Flat32Start - RendezvousFunnelProcStart =20 popad ret diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpIn= itLib/MpLib.c index cdc03113e5..fbcbcc6cc9 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -772,6 +772,8 @@ FillExchangeInfoData ( ) { volatile MP_CPU_EXCHANGE_INFO *ExchangeInfo; + UINTN Size; + IA32_SEGMENT_DESCRIPTOR *Selector; =20 ExchangeInfo =3D CpuMpData->MpCpuExchangeInfo; ExchangeInfo->Lock =3D 0; @@ -801,6 +803,44 @@ FillExchangeInfoData ( // AsmReadGdtr ((IA32_DESCRIPTOR *) &ExchangeInfo->GdtrProfile); AsmReadIdtr ((IA32_DESCRIPTOR *) &ExchangeInfo->IdtrProfile); + + // + // Find a 32-bit code segment + // + Selector =3D (IA32_SEGMENT_DESCRIPTOR *)ExchangeInfo->GdtrProfile.Base; + Size =3D ExchangeInfo->GdtrProfile.Limit + 1; + while (Size > 0) { + if (Selector->Bits.L =3D=3D 0 && Selector->Bits.Type >=3D 8) { + ExchangeInfo->ModeTransitionSegment =3D + (UINT16)((UINTN)Selector - ExchangeInfo->GdtrProfile.Base); + break; + } + Selector +=3D 1; + Size -=3D sizeof (IA32_SEGMENT_DESCRIPTOR); + } + + // + // Copy all 32-bit code and 64-bit code into memory with type of + // EfiBootServicesCode to avoid page fault if NX memory protection is en= abled. + // + if (ExchangeInfo->ModeTransitionMemory !=3D 0) { + Size =3D CpuMpData->AddressMap.RendezvousFunnelSize - + CpuMpData->AddressMap.ModeTransitionOffset; + CopyMem ( + (VOID *)(UINTN)ExchangeInfo->ModeTransitionMemory, + CpuMpData->AddressMap.RendezvousFunnelAddress + + CpuMpData->AddressMap.ModeTransitionOffset, + Size + ); + + ExchangeInfo->ModeHighMemory =3D ExchangeInfo->ModeTransitionMemory; + ExchangeInfo->ModeHighMemory +=3D (UINT32)ExchangeInfo->ModeOffset - + (UINT32)CpuMpData->AddressMap.ModeTransitionOffset; + ExchangeInfo->ModeHighSegment =3D (UINT16)ExchangeInfo->CodeSegment; + } else { + ExchangeInfo->ModeTransitionMemory =3D (UINT32) + (ExchangeInfo->BufferStart + CpuMpData->AddressMap.ModeTransitionOff= set); + } } =20 /** @@ -876,6 +916,11 @@ AllocateResetVector ( CpuMpData->WakeupBuffer =3D GetWakeupBuffer (ApResetVectorSize); CpuMpData->MpCpuExchangeInfo =3D (MP_CPU_EXCHANGE_INFO *) (UINTN) (CpuMpData->WakeupBuffer + CpuMpData->AddressMap.Rende= zvousFunnelSize); + CpuMpData->MpCpuExchangeInfo->ModeTransitionMemory =3D (UINT32) + GetModeTransitionBuffer ( + CpuMpData->AddressMap.RendezvousFunnelSize - + CpuMpData->AddressMap.ModeTransitionOffset + ); } BackupAndPrepareWakeupBuffer (CpuMpData); } diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpIn= itLib/MpLib.h index 685e96cbac..0232fe896a 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.h +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h @@ -152,6 +152,7 @@ typedef struct { UINTN RendezvousFunnelSize; UINT8 *RelocateApLoopFuncAddress; UINTN RelocateApLoopFuncSize; + UINTN ModeTransitionOffset; } MP_ASSEMBLY_ADDRESS_MAP; =20 typedef struct _CPU_MP_DATA CPU_MP_DATA; @@ -182,6 +183,10 @@ typedef struct { UINTN NumApsExecuting; CPU_MP_DATA *CpuMpData; UINTN InitializeFloatingPointUnitsAddress; + UINT32 ModeTransitionMemory; + UINT16 ModeTransitionSegment; + UINT32 ModeHighMemory; + UINT16 ModeHighSegment; } MP_CPU_EXCHANGE_INFO; =20 #pragma pack() @@ -329,6 +334,23 @@ GetWakeupBuffer ( IN UINTN WakeupBufferSize ); =20 +/** + Get available EfiBootServicesCode memory below 4GB by specified size. + + This buffer is required to safely transfer AP from real address mode to + protected mode or long mode, due to the fact that the buffer returned by + GetWakeupBuffer() may be marked as non-executable. + + @param[in] BufferSize Wakeup transition buffer size. + + @retval other Return wakeup transition buffer address below 4GB. + @retval 0 Cannot find free memory below 4GB. +**/ +UINTN +GetModeTransitionBuffer ( + IN UINTN BufferSize + ); + /** This function will be called by BSP to wakeup AP. =20 diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpLib.c b/UefiCpuPkg/Library/M= pInitLib/PeiMpLib.c index 70c2bc7323..ad43bd33f5 100644 --- a/UefiCpuPkg/Library/MpInitLib/PeiMpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/PeiMpLib.c @@ -187,6 +187,29 @@ GetWakeupBuffer ( return (UINTN) -1; } =20 +/** + Get available EfiBootServicesCode memory below 4GB by specified size. + + This buffer is required to safely transfer AP from real address mode to + protected mode or long mode, due to the fact that the buffer returned by + GetWakeupBuffer() may be marked as non-executable. + + @param[in] BufferSize Wakeup transition buffer size. + + @retval other Return wakeup transition buffer address below 4GB. + @retval 0 Cannot find free memory below 4GB. +**/ +UINTN +GetModeTransitionBuffer ( + IN UINTN BufferSize + ) +{ + // + // PEI phase doesn't need to do such transition. So simply return 0. + // + return 0; +} + /** Checks APs status and updates APs status if needed. =20 diff --git a/UefiCpuPkg/Library/MpInitLib/X64/MpEqu.inc b/UefiCpuPkg/Librar= y/MpInitLib/X64/MpEqu.inc index d255ca5e1b..b5e09c6bc1 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/MpEqu.inc +++ b/UefiCpuPkg/Library/MpInitLib/X64/MpEqu.inc @@ -42,4 +42,7 @@ InitFlagLocation equ LockLocation + 6= Ch CpuInfoLocation equ LockLocation + 74h NumApsExecutingLocation equ LockLocation + 7Ch InitializeFloatingPointUnitsAddress equ LockLocation + 8Ch - +ModeTransitionMemoryLocation equ LockLocation + 94h +ModeTransitionSegmentLocation equ LockLocation + 98h +ModeHighMemoryLocation equ LockLocation + 9Ah +ModeHighSegmentLocation equ LockLocation + 9Eh diff --git a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm b/UefiCpuPkg/Lib= rary/MpInitLib/X64/MpFuncs.nasm index 21d278600d..7595988884 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm +++ b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm @@ -52,16 +52,13 @@ BITS 16 mov si, BufferStartLocation mov ebx, [si] =20 - mov di, ModeOffsetLocation - mov eax, [di] - mov di, CodeSegmentLocation - mov edx, [di] - mov di, ax - sub di, 02h - mov [di],dx ; Patch long mode CS - sub di, 04h - add eax, ebx - mov [di],eax ; Patch address + mov si, DataSegmentLocation + mov edx, [si] + + ; + ; Get start address of 32-bit code in low memory (<1MB) + ; + mov edi, ModeTransitionMemoryLocation =20 mov si, GdtrLocation o32 lgdt [cs:si] @@ -69,56 +66,79 @@ o32 lgdt [cs:si] mov si, IdtrLocation o32 lidt [cs:si] =20 - mov si, EnableExecuteDisableLocation - cmp byte [si], 0 - jz SkipEnableExecuteDisableBit + ; + ; Switch to protected mode + ; + mov eax, cr0 ; Get control register 0 + or eax, 000000003h ; Set PE bit (bit #0) & MP + mov cr0, eax + + ; Switch to 32-bit code (>1MB) +o32 jmp far [cs:di] + +; +; Following code must be copied to memory with type of EfiBootServicesCode. +; This is required if NX is enabled for EfiBootServicesCode of memory. +; +BITS 32 +Flat32Start: ; protected mode entry point + mov ds, dx + mov es, dx + mov fs, dx + mov gs, dx + mov ss, dx =20 ; ; Enable execute disable bit ; + mov esi, EnableExecuteDisableLocation + cmp byte [ebx + esi], 0 + jz SkipEnableExecuteDisableBit + mov ecx, 0c0000080h ; EFER MSR number rdmsr ; Read EFER bts eax, 11 ; Enable Execute Disable Bit wrmsr ; Write EFER =20 SkipEnableExecuteDisableBit: - - mov di, DataSegmentLocation - mov edi, [di] ; Save long mode DS in edi - - mov si, Cr3Location ; Save CR3 in ecx - mov ecx, [si] - - xor ax, ax - mov ds, ax ; Clear data segment - - mov eax, cr0 ; Get control register 0 - or eax, 000000003h ; Set PE bit (bit #0) & MP - mov cr0, eax - + ; + ; Enable PAE + ; mov eax, cr4 bts eax, 5 mov cr4, eax =20 + ; + ; Load page table + ; + mov esi, Cr3Location ; Save CR3 in ecx + mov ecx, [ebx + esi] mov cr3, ecx ; Load CR3 =20 + ; + ; Enable long mode + ; mov ecx, 0c0000080h ; EFER MSR number rdmsr ; Read EFER bts eax, 8 ; Set LME=3D1 wrmsr ; Write EFER =20 + ; + ; Enable paging + ; mov eax, cr0 ; Read CR0 bts eax, 31 ; Set PG=3D1 mov cr0, eax ; Write CR0 =20 - jmp 0:strict dword 0 ; far jump to long mode + ; + ; Far jump to 64-bit code + ; + mov edi, ModeHighMemoryLocation + add edi, ebx + jmp far [edi] + BITS 64 LongModeStart: - mov eax, edi - mov ds, ax - mov es, ax - mov ss, ax - mov esi, ebx lea edi, [esi + InitFlagLocation] cmp qword [edi], 1 ; ApInitConfig @@ -295,6 +315,7 @@ ASM_PFX(AsmGetAddressMap): lea rax, [ASM_PFX(AsmRelocateApLoop)] mov qword [rcx + 18h], rax mov qword [rcx + 20h], AsmRelocateApLoopEnd - AsmRelocateApLoop= Start + mov qword [rcx + 28h], Flat32Start - RendezvousFunnelProcStart ret =20 ;-------------------------------------------------------------------------= ------------ --=20 2.15.1.windows.2 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sun Apr 28 12:32:50 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1516006488349704.7819392338986; Mon, 15 Jan 2018 00:54:48 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 2704121D2BEE3; Mon, 15 Jan 2018 00:49:28 -0800 (PST) Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 3831D222DDC08 for ; Mon, 15 Jan 2018 00:49:25 -0800 (PST) Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Jan 2018 00:54:43 -0800 Received: from jwang36-mobl2.ccr.corp.intel.com ([10.239.192.117]) by fmsmga004.fm.intel.com with ESMTP; 15 Jan 2018 00:54:42 -0800 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Permerror (SPF Permanent Error: Void lookup limit of 2 exceeded) identity=mailfrom; client-ip=192.55.52.120; helo=mga04.intel.com; envelope-from=jian.j.wang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,362,1511856000"; d="scan'208";a="21534491" From: Jian J Wang To: edk2-devel@lists.01.org Date: Mon, 15 Jan 2018 16:54:29 +0800 Message-Id: <20180115085433.25008-3-jian.j.wang@intel.com> X-Mailer: git-send-email 2.15.1.windows.2 In-Reply-To: <20180115085433.25008-1-jian.j.wang@intel.com> References: <20180115085433.25008-1-jian.j.wang@intel.com> Subject: [edk2] [PATCH 2/6] UefiCpuPkg/CpuExceptionHandlerLib: alloc code memory for exception handlers X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ruiyu Ni , Laszlo Ersek , Jiewen Yao , Eric Dong MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" If PcdDxeNxMemoryProtectionPolicy is set to enable protection for memory of EfiBootServicesData, EfiConventionalMemory, the BIOS will reset after timer initialized and started. The root cause is that the memory used to hold the exception and interrupt handler is allocated with type of EfiBootServicesData and marked as non-executable due to NX feature enabled. This patch fixes it by allocating EfiBootServicesCode type of memory for those handlers instead. Cc: Jiewen Yao Cc: Ruiyu Ni Cc: Eric Dong Cc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang Reviewed-by: Eric Dong --- .../Library/CpuExceptionHandlerLib/DxeException.c | 18 ++++++++++++++= ---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeException.c b/Uef= iCpuPkg/Library/CpuExceptionHandlerLib/DxeException.c index 9a72b37e77..6d1b54d31d 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeException.c +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeException.c @@ -16,6 +16,7 @@ #include "CpuExceptionCommon.h" #include #include +#include =20 CONST UINTN mDoFarReturnFlag =3D 0; =20 @@ -106,8 +107,12 @@ InitializeCpuInterruptHandlers ( RESERVED_VECTORS_DATA *ReservedVectors; EFI_CPU_INTERRUPT_HANDLER *ExternalInterruptHandler; =20 - ReservedVectors =3D AllocatePool (sizeof (RESERVED_VECTORS_DATA) * CPU_I= NTERRUPT_NUM); - ASSERT (ReservedVectors !=3D NULL); + Status =3D gBS->AllocatePool ( + EfiBootServicesCode, + sizeof (RESERVED_VECTORS_DATA) * CPU_INTERRUPT_NUM, + (VOID **)&ReservedVectors + ); + ASSERT (!EFI_ERROR (Status) && ReservedVectors !=3D NULL); SetMem ((VOID *) ReservedVectors, sizeof (RESERVED_VECTORS_DATA) * CPU_I= NTERRUPT_NUM, 0xff); if (VectorInfo !=3D NULL) { Status =3D ReadAndVerifyVectorInfo (VectorInfo, ReservedVectors, CPU_I= NTERRUPT_NUM); @@ -137,8 +142,13 @@ InitializeCpuInterruptHandlers ( =20 AsmGetTemplateAddressMap (&TemplateMap); ASSERT (TemplateMap.ExceptionStubHeaderSize <=3D HOOKAFTER_STUB_SIZE); - InterruptEntryCode =3D AllocatePool (TemplateMap.ExceptionStubHeaderSize= * CPU_INTERRUPT_NUM); - ASSERT (InterruptEntryCode !=3D NULL); + + Status =3D gBS->AllocatePool ( + EfiBootServicesCode, + TemplateMap.ExceptionStubHeaderSize * CPU_INTERRUPT_NUM, + (VOID **)&InterruptEntryCode + ); + ASSERT (!EFI_ERROR (Status) && InterruptEntryCode !=3D NULL); =20 InterruptEntry =3D (UINTN) InterruptEntryCode; for (Index =3D 0; Index < CPU_INTERRUPT_NUM; Index ++) { --=20 2.15.1.windows.2 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sun Apr 28 12:32:50 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1516006491446551.7248174892612; Mon, 15 Jan 2018 00:54:51 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 976CE21D2BEE8; Mon, 15 Jan 2018 00:49:28 -0800 (PST) Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 5DD55222DDC1F for ; Mon, 15 Jan 2018 00:49:26 -0800 (PST) Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Jan 2018 00:54:44 -0800 Received: from jwang36-mobl2.ccr.corp.intel.com ([10.239.192.117]) by fmsmga004.fm.intel.com with ESMTP; 15 Jan 2018 00:54:43 -0800 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Permerror (SPF Permanent Error: Void lookup limit of 2 exceeded) identity=mailfrom; client-ip=192.55.52.120; helo=mga04.intel.com; envelope-from=jian.j.wang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,362,1511856000"; d="scan'208";a="21534504" From: Jian J Wang To: edk2-devel@lists.01.org Date: Mon, 15 Jan 2018 16:54:30 +0800 Message-Id: <20180115085433.25008-4-jian.j.wang@intel.com> X-Mailer: git-send-email 2.15.1.windows.2 In-Reply-To: <20180115085433.25008-1-jian.j.wang@intel.com> References: <20180115085433.25008-1-jian.j.wang@intel.com> Subject: [edk2] [PATCH 3/6] UefiCpuPkg/CpuDxe: clear NX attr for page directory X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ruiyu Ni , Laszlo Ersek , Jiewen Yao , Eric Dong MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" If PcdDxeNxMemoryProtectionPolicy is set to enable protection for memory of EfiBootServicesCode, EfiConventionalMemory and EfiReservedMemoryType, the BIOS will hang at a page fault exception randomly. The root cause is that the memory allocation for driver images (actually a memory type conversion from free memory, type of EfiConventionalMemory, to code memory, type of EfiBootServicesCode/EfiRuntimeServicesCode) will get memory with NX set, because the CpuDxe driver will keep the NX attribute (with free memory) in page directory during page table splitting and then override the NX attribute of all its entries. This patch fixes this issue by not inheriting NX attribute when turning a page entry into a page directory during page granularity split. Cc: Jiewen Yao Cc: Ruiyu Ni Cc: Eric Dong Cc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang Reviewed-by: Eric Dong --- UefiCpuPkg/CpuDxe/CpuPageTable.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/UefiCpuPkg/CpuDxe/CpuPageTable.c b/UefiCpuPkg/CpuDxe/CpuPageTa= ble.c index a9c9bc9d5e..1654e71103 100644 --- a/UefiCpuPkg/CpuDxe/CpuPageTable.c +++ b/UefiCpuPkg/CpuDxe/CpuPageTable.c @@ -528,7 +528,7 @@ SplitPage ( for (Index =3D 0; Index < SIZE_4KB / sizeof(UINT64); Index++) { NewPageEntry[Index] =3D (BaseAddress + SIZE_4KB * Index) | Address= EncMask | ((*PageEntry) & PAGE_PROGATE_BITS); } - (*PageEntry) =3D (UINT64)(UINTN)NewPageEntry | AddressEncMask | ((*P= ageEntry) & PAGE_PROGATE_BITS); + (*PageEntry) =3D (UINT64)(UINTN)NewPageEntry | AddressEncMask | ((*P= ageEntry) & PAGE_ATTRIBUTE_BITS); return RETURN_SUCCESS; } else { return RETURN_UNSUPPORTED; @@ -549,7 +549,7 @@ SplitPage ( for (Index =3D 0; Index < SIZE_4KB / sizeof(UINT64); Index++) { NewPageEntry[Index] =3D (BaseAddress + SIZE_2MB * Index) | Address= EncMask | IA32_PG_PS | ((*PageEntry) & PAGE_PROGATE_BITS); } - (*PageEntry) =3D (UINT64)(UINTN)NewPageEntry | AddressEncMask | ((*P= ageEntry) & PAGE_PROGATE_BITS); + (*PageEntry) =3D (UINT64)(UINTN)NewPageEntry | AddressEncMask | ((*P= ageEntry) & PAGE_ATTRIBUTE_BITS); return RETURN_SUCCESS; } else { return RETURN_UNSUPPORTED; @@ -979,7 +979,7 @@ RefreshGcdMemoryAttributesFromPaging ( ); ASSERT_EFI_ERROR (Status); DEBUG (( - DEBUG_INFO, + DEBUG_VERBOSE, "Updated memory space attribute: [%lu] %016lx - %016lx (%016lx -= > %016lx)\r\n", (UINT64)Index, BaseAddress, BaseAddress + Length - 1, MemorySpaceMap[Index].Attributes, --=20 2.15.1.windows.2 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sun Apr 28 12:32:50 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1516006494165148.0386606653866; Mon, 15 Jan 2018 00:54:54 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 0062021D2BF00; Mon, 15 Jan 2018 00:49:30 -0800 (PST) Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 9A25821D2BEE2 for ; Mon, 15 Jan 2018 00:49:27 -0800 (PST) Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Jan 2018 00:54:45 -0800 Received: from jwang36-mobl2.ccr.corp.intel.com ([10.239.192.117]) by fmsmga004.fm.intel.com with ESMTP; 15 Jan 2018 00:54:44 -0800 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Permerror (SPF Permanent Error: Void lookup limit of 2 exceeded) identity=mailfrom; client-ip=192.55.52.120; helo=mga04.intel.com; envelope-from=jian.j.wang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,362,1511856000"; d="scan'208";a="21534513" From: Jian J Wang To: edk2-devel@lists.01.org Date: Mon, 15 Jan 2018 16:54:31 +0800 Message-Id: <20180115085433.25008-5-jian.j.wang@intel.com> X-Mailer: git-send-email 2.15.1.windows.2 In-Reply-To: <20180115085433.25008-1-jian.j.wang@intel.com> References: <20180115085433.25008-1-jian.j.wang@intel.com> Subject: [edk2] [PATCH 4/6] UefiCpuPkg/PiSmmCpuDxeSmm: Enable NXE if it's supported X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ruiyu Ni , Laszlo Ersek , Jiewen Yao , Eric Dong MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" If PcdDxeNxMemoryProtectionPolicy is set to enable protection for memory of EfiBootServicesCode, EfiConventionalMemory, the BIOS will hang at a page fault exception triggered by PiSmmCpuDxeSmm. The root cause is that PiSmmCpuDxeSmm will access default SMM RAM starting at 0x30000 which is marked as non-executable, but NX feature was not enabled during SMM initialization. Accessing memory which has invalid attributes set will cause page fault exception. This patch fixes it by checking NX capability in cpuid and enable NXE in EFER MSR if it's available. Cc: Jiewen Yao Cc: Ruiyu Ni Cc: Eric Dong Cc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang Reviewed-by: Eric Dong --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmInit.nasm | 14 ++++++++++++++ UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmInit.nasm | 12 +++++++++++- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmInit.nasm b/UefiCpuPkg/PiSmm= CpuDxeSmm/Ia32/SmmInit.nasm index d9df3626c7..db172f108a 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmInit.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmInit.nasm @@ -42,6 +42,11 @@ ASM_PFX(gcSmiInitGdtr): =20 global ASM_PFX(SmmStartup) ASM_PFX(SmmStartup): + DB 0x66 + mov eax, 0x80000001 ; read capability + cpuid + DB 0x66 + mov ebx, edx ; rdmsr will change edx. keep it i= n ebx. DB 0x66, 0xb8 ASM_PFX(gSmmCr3): DD 0 mov cr3, eax @@ -50,6 +55,15 @@ ASM_PFX(gSmmCr3): DD 0 DB 0x66, 0xb8 ASM_PFX(gSmmCr4): DD 0 mov cr4, eax + DB 0x66 + mov ecx, 0xc0000080 ; IA32_EFER MSR + rdmsr + DB 0x66 + test ebx, BIT20 ; check NXE capability + jz .1 + or ah, BIT3 ; set NXE bit + wrmsr +.1: DB 0x66, 0xb8 ASM_PFX(gSmmCr0): DD 0 DB 0xbf, PROTECT_MODE_DS, 0 ; mov di, PROTECT_MODE_DS diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmInit.nasm b/UefiCpuPkg/PiSmmC= puDxeSmm/X64/SmmInit.nasm index 9d05e2cb05..2a3a1141c3 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmInit.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmInit.nasm @@ -42,6 +42,11 @@ ASM_PFX(gcSmiInitGdtr): =20 global ASM_PFX(SmmStartup) ASM_PFX(SmmStartup): + DB 0x66 + mov eax, 0x80000001 ; read capability + cpuid + DB 0x66 + mov ebx, edx ; rdmsr will change edx. keep it i= n ebx. DB 0x66, 0xb8 ; mov eax, imm32 ASM_PFX(gSmmCr3): DD 0 mov cr3, rax @@ -54,7 +59,12 @@ ASM_PFX(gSmmCr4): DD 0 DB 0x66 mov ecx, 0xc0000080 ; IA32_EFER MSR rdmsr - or ah, 1 ; set LME bit + or ah, BIT0 ; set LME bit + DB 0x66 + test ebx, BIT20 ; check NXE capability + jz .1 + or ah, BIT3 ; set NXE bit +.1: wrmsr DB 0x66, 0xb8 ; mov eax, imm32 ASM_PFX(gSmmCr0): DD 0 --=20 2.15.1.windows.2 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sun Apr 28 12:32:50 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1516006496705122.10590820335187; Mon, 15 Jan 2018 00:54:56 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 6733D21D2BEE2; Mon, 15 Jan 2018 00:49:31 -0800 (PST) Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 43055222DDC12 for ; Mon, 15 Jan 2018 00:49:29 -0800 (PST) Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Jan 2018 00:54:47 -0800 Received: from jwang36-mobl2.ccr.corp.intel.com ([10.239.192.117]) by fmsmga004.fm.intel.com with ESMTP; 15 Jan 2018 00:54:45 -0800 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Permerror (SPF Permanent Error: Void lookup limit of 2 exceeded) identity=mailfrom; client-ip=192.55.52.120; helo=mga04.intel.com; envelope-from=jian.j.wang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,362,1511856000"; d="scan'208";a="21534527" From: Jian J Wang To: edk2-devel@lists.01.org Date: Mon, 15 Jan 2018 16:54:32 +0800 Message-Id: <20180115085433.25008-6-jian.j.wang@intel.com> X-Mailer: git-send-email 2.15.1.windows.2 In-Reply-To: <20180115085433.25008-1-jian.j.wang@intel.com> References: <20180115085433.25008-1-jian.j.wang@intel.com> Subject: [edk2] [PATCH 5/6] MdeModulePkg/PiSmmCore: remove NX attr for SMM RAM X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ruiyu Ni , Jiewen Yao , Eric Dong , Star Zeng MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" If PcdDxeNxMemoryProtectionPolicy is set to enable protection for memory of EfiReservedMemoryType, the BIOS will hang at a page fault exception during starting SMM driver. The root cause is that SMM RAM is type of EfiReservedMemoryType and marked as non-executable. The fix is simply removing NX attribute for those memory. Cc: Jiewen Yao Cc: Ruiyu Ni Cc: Eric Dong Cc: Star Zeng Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang Reviewed-by: Star Zeng --- MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c b/MdeModulePkg/Core/PiS= mmCore/PiSmmIpl.c index a7663ca291..94d671bd74 100644 --- a/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c +++ b/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c @@ -1550,6 +1550,7 @@ SmmIplEntry ( EFI_CPU_ARCH_PROTOCOL *CpuArch; EFI_STATUS SetAttrStatus; EFI_SMRAM_DESCRIPTOR *SmramRangeSmmDriver; + EFI_GCD_MEMORY_SPACE_DESCRIPTOR MemDesc; =20 // // Fill in the image handle of the SMM IPL so the SMM Core can use this = as the=20 @@ -1616,7 +1617,8 @@ SmmIplEntry ( =20 GetSmramCacheRange (mCurrentSmramRange, &mSmramCacheBase, &mSmramCache= Size); // - // If CPU AP is present, attempt to set SMRAM cacheability to WB + // If CPU AP is present, attempt to set SMRAM cacheability to WB and c= lear + // XP if it's set. // Note that it is expected that cacheability of SMRAM has been set to= WB if CPU AP // is not available here. // @@ -1630,7 +1632,19 @@ SmmIplEntry ( ); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_WARN, "SMM IPL failed to set SMRAM window to EFI_MEM= ORY_WB\n")); - } =20 + } + + Status =3D gDS->GetMemorySpaceDescriptor( + mCurrentSmramRange->PhysicalStart, + &MemDesc + ); + if (!EFI_ERROR (Status) && (MemDesc.Attributes & EFI_MEMORY_XP) !=3D= 0) { + gDS->SetMemorySpaceAttributes ( + mCurrentSmramRange->PhysicalStart, + mCurrentSmramRange->PhysicalSize, + MemDesc.Attributes & (~EFI_MEMORY_XP) + ); + } } // // if Loading module at Fixed Address feature is enabled, save the SMR= AM base to Load --=20 2.15.1.windows.2 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sun Apr 28 12:32:50 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1516006499316575.8214022841861; Mon, 15 Jan 2018 00:54:59 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id CC99F2205B907; Mon, 15 Jan 2018 00:49:32 -0800 (PST) Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 7B99021F833C3 for ; Mon, 15 Jan 2018 00:49:31 -0800 (PST) Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Jan 2018 00:54:49 -0800 Received: from jwang36-mobl2.ccr.corp.intel.com ([10.239.192.117]) by fmsmga004.fm.intel.com with ESMTP; 15 Jan 2018 00:54:47 -0800 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Permerror (SPF Permanent Error: Void lookup limit of 2 exceeded) identity=mailfrom; client-ip=192.55.52.120; helo=mga04.intel.com; envelope-from=jian.j.wang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,362,1511856000"; d="scan'208";a="21534542" From: Jian J Wang To: edk2-devel@lists.01.org Date: Mon, 15 Jan 2018 16:54:33 +0800 Message-Id: <20180115085433.25008-7-jian.j.wang@intel.com> X-Mailer: git-send-email 2.15.1.windows.2 In-Reply-To: <20180115085433.25008-1-jian.j.wang@intel.com> References: <20180115085433.25008-1-jian.j.wang@intel.com> Subject: [edk2] [PATCH 6/6] MdeModulePkg/BootScriptExecutorDxe: remove NX attr for FfsBuffer X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ruiyu Ni , Jiewen Yao , Eric Dong , Star Zeng MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" If PcdDxeNxMemoryProtectionPolicy is set to enable protection for memory of EfiReservedMemoryType, the BIOS will hang at a page fault exception triggered by BootScriptExecutorDxe. The root cause is that this driver will allocate memory of EfiReservedMemoryType and relocate itself into this new memory. Since EfiReservedMemoryType of memory is marked non-executable, re-start this driver after relocation will cause exception. The fix is removing the NX attribute after memory allocation. Cc: Jiewen Yao Cc: Ruiyu Ni Cc: Eric Dong Cc: Star Zeng Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang Reviewed-by: Star Zeng --- .../Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf | 1 + .../Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.c | 14 ++++++++++= ++++ .../Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.h | 1 + 3 files changed, 16 insertions(+) diff --git a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptEx= ecutorDxe.inf b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScrip= tExecutorDxe.inf index 29af7f55ec..aac132122c 100644 --- a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorD= xe.inf +++ b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorD= xe.inf @@ -68,6 +68,7 @@ LockBoxLib CpuExceptionHandlerLib DevicePathLib + DxeServicesTableLib =20 [Guids] gEfiBootScriptExecutorVariableGuid ## PRODUCES ## UNDEFINED # SaveLoc= kBox diff --git a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecut= e.c b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.c index 4545d6e581..263a282188 100644 --- a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.c +++ b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.c @@ -273,6 +273,7 @@ ReadyToLockEventNotify ( UINTN Pages; EFI_PHYSICAL_ADDRESS FfsBuffer; PE_COFF_LOADER_IMAGE_CONTEXT ImageContext; + EFI_GCD_MEMORY_SPACE_DESCRIPTOR MemDesc; =20 Status =3D gBS->LocateProtocol (&gEfiDxeSmmReadyToLockProtocolGuid, NULL= , &Interface); if (EFI_ERROR (Status)) { @@ -322,6 +323,19 @@ ReadyToLockEventNotify ( &FfsBuffer ); ASSERT_EFI_ERROR (Status); + + // + // Make sure that the buffer can be used to store code. + // + Status =3D gDS->GetMemorySpaceDescriptor (FfsBuffer, &MemDesc); + if (!EFI_ERROR (Status) && (MemDesc.Attributes & EFI_MEMORY_XP) !=3D 0) { + gDS->SetMemorySpaceAttributes ( + FfsBuffer, + EFI_PAGES_TO_SIZE (Pages), + MemDesc.Attributes & (~EFI_MEMORY_XP) + ); + } + ImageContext.ImageAddress =3D (PHYSICAL_ADDRESS)(UINTN)FfsBuffer; // // Align buffer on section boundary diff --git a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecut= e.h b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.h index 75327569d7..94deae87e6 100644 --- a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.h +++ b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.h @@ -38,6 +38,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER= EXPRESS OR IMPLIED. #include #include #include +#include =20 #include #include --=20 2.15.1.windows.2 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel