From nobody Mon Feb 9 08:55:22 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46350+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46350+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1566773182; cv=none; d=zoho.com; s=zohoarc; b=Ri+eJaetldJ9kbKhUee0Zv/F4/7N2rXmeRZww9Rq7c9BB11PV2P62Hw2bYO+TIhTfKj0oVFj6mfhLpjih3pOClM1425c07XZxPv8m0Yz1Evy1K6g29epdssnDwHiTuDKSw63y5S1Zrm7s1Vew0pu192+XLygL9m24PDgafSJr4A= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1566773182; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To:ARC-Authentication-Results; bh=RCcyH72djqFlUCZSJ7oK+9dFQyDgneLeuskcBR+dDkk=; b=Wrr8j3C5oQ705urZfEABD/pWTBTqTqwb8AM5J1Ct9Z+08Yzka0htS30N2fvohNGoTSWbZXINS9xjS7oGAsSJuyKnIWy4LtI83DkcDXmWsfw2DhoQnKmLjMOtLNt7KWikG9sBogRdwT5fXj42g7JPLKE7JYtgvvh7ZbZBQtOFR+Q= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46350+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566773182034563.8590145346901; Sun, 25 Aug 2019 15:46:22 -0700 (PDT) Return-Path: X-Received: from mga14.intel.com (mga14.intel.com []) by groups.io with SMTP; Sun, 25 Aug 2019 15:46:20 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 25 Aug 2019 15:46:19 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,431,1559545200"; d="scan'208";a="331277766" X-Received: from ray-dev.ccr.corp.intel.com ([10.239.9.9]) by orsmga004.jf.intel.com with ESMTP; 25 Aug 2019 15:46:05 -0700 From: "Ni, Ray" To: devel@edk2.groups.io Cc: Eric Dong , Jiewen Yao , Laszlo Ersek Subject: [edk2-devel] [PATCH 2/5] UefiCpuPkg/PiSmmCpu: Use new PCD PcdCpuSmmRestrictedMemoryAccess Date: Mon, 26 Aug 2019 06:45:10 +0800 Message-Id: <20190825224513.171572-3-ray.ni@intel.com> In-Reply-To: <20190825224513.171572-1-ray.ni@intel.com> References: <20190825224513.171572-1-ray.ni@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ray.ni@intel.com Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566773181; bh=a5bPe4iPYvRqCd6dLxb3JkfPkujmQBswSyv0ooCZHuI=; h=Cc:Date:From:Reply-To:Subject:To; b=d7+bdM+ER3z2DE7uEeigeQS5Kth27yt/gfkcRvGzdswu9cS03oPzaRGG/ChV+0wFnkN Uecos30NxhOqBhGOtbFNbjw3lnlK5wbvQk0IFX3N2amuw17q3leSaVNyjETk+23awV7tT vHis8MAv8ExspfGP67eKzc7x0hSrEtz2/5c= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" The patch changes PiSmmCpu driver to consume PCD PcdCpuSmmRestrictedMemoryAccess. Because the behavior controlled by PcdCpuSmmStaticPageTable in original code is not changed after switching to PcdCpuSmmRestrictedMemoryAccess. The functionality is not impacted by this patch. Signed-off-by: Ray Ni Cc: Eric Dong Cc: Jiewen Yao Cc: Laszlo Ersek Reviewed-by: Eric Dong Reviewed-by: Laszlo Ersek --- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf | 4 +- UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c | 52 ++++++++++++-------- 2 files changed, 34 insertions(+), 22 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf b/UefiCpuPkg/PiSm= mCpuDxeSmm/PiSmmCpuDxeSmm.inf index da0308c47f..b12b2691f8 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf @@ -133,7 +133,6 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuHotPlugDataAddress ## SOME= TIMES_PRODUCES gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmCodeAccessCheckEnable ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode ## CONS= UMES - gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStaticPageTable ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmShadowStackSize ## SOME= TIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable ## CONS= UMES gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ##= CONSUMES @@ -141,6 +140,9 @@ [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ##= CONSUMES gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask ##= CONSUMES =20 +[Pcd.X64] + gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmRestrictedMemoryAccess ## CONS= UMES + [Depex] gEfiMpServiceProtocolGuid =20 diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c b/UefiCpuPkg/PiSmmCpuD= xeSmm/X64/PageTbl.c index d60c404a3d..7516f35055 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c @@ -15,7 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 LIST_ENTRY mPagePool =3D INITIALIZE_LIST_HEAD_VAR= IABLE (mPagePool); BOOLEAN m1GPageTableSupport =3D FALSE; -BOOLEAN mCpuSmmStaticPageTable; +BOOLEAN mCpuSmmRestrictedMemoryAccess; BOOLEAN m5LevelPagingSupport; X86_ASSEMBLY_PATCH_LABEL gPatch5LevelPagingSupport; =20 @@ -334,15 +334,15 @@ SmmInitPageTable ( // InitializeSpinLock (mPFLock); =20 - mCpuSmmStaticPageTable =3D PcdGetBool (PcdCpuSmmStaticPageTable); - m1GPageTableSupport =3D Is1GPageSupport (); - m5LevelPagingSupport =3D Is5LevelPagingSupport (); - mPhysicalAddressBits =3D CalculateMaximumSupportAddress (); + mCpuSmmRestrictedMemoryAccess =3D PcdGetBool (PcdCpuSmmRestrictedMemoryA= ccess); + m1GPageTableSupport =3D Is1GPageSupport (); + m5LevelPagingSupport =3D Is5LevelPagingSupport (); + mPhysicalAddressBits =3D CalculateMaximumSupportAddress (); PatchInstructionX86 (gPatch5LevelPagingSupport, m5LevelPagingSupport, 1); - DEBUG ((DEBUG_INFO, "5LevelPaging Support - %d\n", m5LevelPagingSupp= ort)); - DEBUG ((DEBUG_INFO, "1GPageTable Support - %d\n", m1GPageTableSuppo= rt)); - DEBUG ((DEBUG_INFO, "PcdCpuSmmStaticPageTable - %d\n", mCpuSmmStaticPage= Table)); - DEBUG ((DEBUG_INFO, "PhysicalAddressBits - %d\n", mPhysicalAddressB= its)); + DEBUG ((DEBUG_INFO, "5LevelPaging Support - %d\n", m5LevelPag= ingSupport)); + DEBUG ((DEBUG_INFO, "1GPageTable Support - %d\n", m1GPageTab= leSupport)); + DEBUG ((DEBUG_INFO, "PcdCpuSmmRestrictedMemoryAccess - %d\n", mCpuSmmRes= trictedMemoryAccess)); + DEBUG ((DEBUG_INFO, "PhysicalAddressBits - %d\n", mPhysicalA= ddressBits)); // // Generate PAE page table for the first 4GB memory space // @@ -385,7 +385,11 @@ SmmInitPageTable ( PTEntry =3D Pml5Entry; } =20 - if (mCpuSmmStaticPageTable) { + if (mCpuSmmRestrictedMemoryAccess) { + // + // When access to non-SMRAM memory is restricted, create page table + // that covers all memory space. + // SetStaticPageTable ((UINTN)PTEntry); } else { // @@ -972,7 +976,7 @@ SmiPFHandler ( =20 PFAddress =3D AsmReadCr2 (); =20 - if (mCpuSmmStaticPageTable && (PFAddress >=3D LShiftU64 (1, (mPhysicalAd= dressBits - 1)))) { + if (mCpuSmmRestrictedMemoryAccess && (PFAddress >=3D LShiftU64 (1, (mPhy= sicalAddressBits - 1)))) { DumpCpuContext (InterruptType, SystemContext); DEBUG ((DEBUG_ERROR, "Do not support address 0x%lx by processor!\n", P= FAddress)); CpuDeadLoop (); @@ -1049,7 +1053,7 @@ SmiPFHandler ( goto Exit; } =20 - if (mCpuSmmStaticPageTable && IsSmmCommBufferForbiddenAddress (PFAddre= ss)) { + if (mCpuSmmRestrictedMemoryAccess && IsSmmCommBufferForbiddenAddress (= PFAddress)) { DumpCpuContext (InterruptType, SystemContext); DEBUG ((DEBUG_ERROR, "Access SMM communication forbidden address (0x= %lx)!\n", PFAddress)); DEBUG_CODE ( @@ -1100,26 +1104,26 @@ SetPageTableAttributes ( Enable5LevelPaging =3D (BOOLEAN) (Cr4.Bits.LA57 =3D=3D 1); =20 // - // Don't do this if - // - no static page table; or + // Don't mark page table memory as read-only if + // - no restriction on access to non-SMRAM memory; or // - SMM heap guard feature enabled; or // BIT2: SMM page guard enabled // BIT3: SMM pool guard enabled // - SMM profile feature enabled // - if (!mCpuSmmStaticPageTable || + if (!mCpuSmmRestrictedMemoryAccess || ((PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) !=3D 0) || FeaturePcdGet (PcdCpuSmmProfileEnable)) { // - // Static paging and heap guard could not be enabled at the same time. + // Restriction on access to non-SMRAM memory and heap guard could not = be enabled at the same time. // - ASSERT (!(mCpuSmmStaticPageTable && + ASSERT (!(mCpuSmmRestrictedMemoryAccess && (PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) !=3D 0)= ); =20 // - // Static paging and SMM profile could not be enabled at the same time. + // Restriction on access to non-SMRAM memory and SMM profile could not= be enabled at the same time. // - ASSERT (!(mCpuSmmStaticPageTable && FeaturePcdGet (PcdCpuSmmProfileEna= ble))); + ASSERT (!(mCpuSmmRestrictedMemoryAccess && FeaturePcdGet (PcdCpuSmmPro= fileEnable))); return ; } =20 @@ -1223,7 +1227,10 @@ SaveCr2 ( OUT UINTN *Cr2 ) { - if (!mCpuSmmStaticPageTable) { + if (!mCpuSmmRestrictedMemoryAccess) { + // + // On-demand paging is enabled when access to non-SMRAM is not restric= ted. + // *Cr2 =3D AsmReadCr2 (); } } @@ -1238,7 +1245,10 @@ RestoreCr2 ( IN UINTN Cr2 ) { - if (!mCpuSmmStaticPageTable) { + if (!mCpuSmmRestrictedMemoryAccess) { + // + // On-demand paging is enabled when access to non-SMRAM is not restric= ted. + // AsmWriteCr2 (Cr2); } } --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46350): https://edk2.groups.io/g/devel/message/46350 Mute This Topic: https://groups.io/mt/33027104/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-