Once a hot-added CPU finishes the SMBASE relocation, we need to pen it in
a HLT loop. Add the NASM implementation (with just a handful of
instructions, but much documentation), and some C language helper
functions.
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1512
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
Notes:
v2:
- document the combined approach described here:
http://mid.mail-archive.com/111145fc-be3d-2a9a-a126-c14345a8a8a4@redhat.com
https://edk2.groups.io/g/devel/message/54754
by mentioning the "about to leave SMM" byte in SMRAM.
OvmfPkg/CpuHotplugSmm/CpuHotplugSmm.inf | 4 +
OvmfPkg/CpuHotplugSmm/Smbase.h | 32 +++++
OvmfPkg/CpuHotplugSmm/PostSmmPen.nasm | 151 ++++++++++++++++++++
OvmfPkg/CpuHotplugSmm/Smbase.c | 110 ++++++++++++++
4 files changed, 297 insertions(+)
diff --git a/OvmfPkg/CpuHotplugSmm/CpuHotplugSmm.inf b/OvmfPkg/CpuHotplugSmm/CpuHotplugSmm.inf
index 31c1ee1c9f6d..bf4162299c7c 100644
--- a/OvmfPkg/CpuHotplugSmm/CpuHotplugSmm.inf
+++ b/OvmfPkg/CpuHotplugSmm/CpuHotplugSmm.inf
@@ -5,52 +5,56 @@
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
[Defines]
INF_VERSION = 1.29
PI_SPECIFICATION_VERSION = 0x00010046 # PI-1.7.0
BASE_NAME = CpuHotplugSmm
FILE_GUID = 84EEA114-C6BE-4445-8F90-51D97863E363
MODULE_TYPE = DXE_SMM_DRIVER
ENTRY_POINT = CpuHotplugEntry
#
# The following information is for reference only and not required by the build
# tools.
#
# VALID_ARCHITECTURES = IA32 X64
#
[Sources]
ApicId.h
CpuHotplug.c
+ PostSmmPen.nasm
QemuCpuhp.c
QemuCpuhp.h
+ Smbase.c
+ Smbase.h
[Packages]
MdePkg/MdePkg.dec
OvmfPkg/OvmfPkg.dec
UefiCpuPkg/UefiCpuPkg.dec
[LibraryClasses]
BaseLib
+ BaseMemoryLib
DebugLib
MmServicesTableLib
PcdLib
SafeIntLib
UefiDriverEntryPoint
[Protocols]
gEfiMmCpuIoProtocolGuid ## CONSUMES
gEfiSmmCpuServiceProtocolGuid ## CONSUMES
[Pcd]
gUefiCpuPkgTokenSpaceGuid.PcdCpuHotPlugDataAddress ## CONSUMES
gUefiOvmfPkgTokenSpaceGuid.PcdQ35SmramAtDefaultSmbase ## CONSUMES
[FeaturePcd]
gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire ## CONSUMES
[Depex]
gEfiMmCpuIoProtocolGuid AND
gEfiSmmCpuServiceProtocolGuid
diff --git a/OvmfPkg/CpuHotplugSmm/Smbase.h b/OvmfPkg/CpuHotplugSmm/Smbase.h
new file mode 100644
index 000000000000..cb5aed98cdd3
--- /dev/null
+++ b/OvmfPkg/CpuHotplugSmm/Smbase.h
@@ -0,0 +1,32 @@
+/** @file
+ SMBASE relocation for hot-plugged CPUs.
+
+ Copyright (c) 2020, Red Hat, Inc.
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef SMBASE_H_
+#define SMBASE_H_
+
+#include <Uefi/UefiBaseType.h> // EFI_STATUS
+#include <Uefi/UefiSpec.h> // EFI_BOOT_SERVICES
+
+EFI_STATUS
+SmbaseAllocatePostSmmPen (
+ OUT UINT32 *PenAddress,
+ IN CONST EFI_BOOT_SERVICES *BootServices
+ );
+
+VOID
+SmbaseReinstallPostSmmPen (
+ IN UINT32 PenAddress
+ );
+
+VOID
+SmbaseReleasePostSmmPen (
+ IN UINT32 PenAddress,
+ IN CONST EFI_BOOT_SERVICES *BootServices
+ );
+
+#endif // SMBASE_H_
diff --git a/OvmfPkg/CpuHotplugSmm/PostSmmPen.nasm b/OvmfPkg/CpuHotplugSmm/PostSmmPen.nasm
new file mode 100644
index 000000000000..ef702689bdb5
--- /dev/null
+++ b/OvmfPkg/CpuHotplugSmm/PostSmmPen.nasm
@@ -0,0 +1,151 @@
+;------------------------------------------------------------------------------
+; @file
+; Pen any hot-added CPU in a 16-bit, real mode HLT loop, after it leaves SMM by
+; executing the RSM instruction.
+;
+; Copyright (c) 2020, Red Hat, Inc.
+;
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;
+; The routine implemented here is stored into normal RAM, under 1MB, at the
+; beginning of a page that is allocated as EfiReservedMemoryType. On any
+; hot-added CPU, it is executed after *at least* the first RSM (i.e., after
+; SMBASE relocation).
+;
+; The first execution of this code occurs as follows:
+;
+; - The hot-added CPU is in RESET state.
+;
+; - The ACPI CPU hotplug event handler triggers a broadcast SMI, from the OS.
+;
+; - Existent CPUs (BSP and APs) enter SMM.
+;
+; - The hot-added CPU remains in RESET state, but an SMI is pending for it now.
+; (See "SYSTEM MANAGEMENT INTERRUPT (SMI)" in the Intel SDM.)
+;
+; - In SMM, pre-existent CPUs that are not elected SMM Monarch, keep themselves
+; busy with their wait loops.
+;
+; - From the root MMI handler, the SMM Monarch:
+;
+; - places this routine in the reserved page,
+;
+; - clears the "about to leave SMM" byte in SMRAM,
+;
+; - clears the last byte of the reserved page,
+;
+; - sends an INIT-SIPI-SIPI sequence to the hot-added CPU,
+;
+; - un-gates the default SMI handler by APIC ID.
+;
+; - The startup vector in the SIPI that is sent by the SMM Monarch points to
+; this code; i.e., to the reserved page. (Example: 0x9_F000.)
+;
+; - The SMM Monarch starts polling the "about to leave SMM" byte in SMRAM.
+;
+; - The hot-added CPU boots, and immediately enters SMM due to the pending SMI.
+; It starts executing the default SMI handler.
+;
+; - Importantly, the SMRAM Save State Map captures the following information,
+; when the hot-added CPU enters SMM:
+;
+; - CS selector: assumes the 16 most significant bits of the 20-bit (i.e.,
+; below 1MB) startup vector from the SIPI. (Example: 0x9F00.)
+;
+; - CS attributes: Accessed, Readable, User (S=1), CodeSegment (bit#11),
+; Present.
+;
+; - CS limit: 0xFFFF.
+;
+; - CS base: the CS selector value shifted left by 4 bits. That is, the CS
+; base equals the SIPI startup vector. (Example: 0x9_F000.)
+;
+; - IP: the least significant 4 bits from the SIPI startup vector. Because
+; the routine is page-aligned, these bits are zero (hence IP is zero).
+;
+; - ES, SS, DS, FS, GS selectors: 0.
+;
+; - ES, SS, DS, FS, GS attributes: same as the CS attributes, minus
+; CodeSegment (bit#11).
+;
+; - ES, SS, DS, FS, GS limits: 0xFFFF.
+;
+; - ES, SS, DS, FS, GS bases: 0.
+;
+; - The hot-added CPU sets its new SMBASE value in the SMRAM Save State Map.
+;
+; - The hot-added CPU sets the "about to leave SMM" byte in SMRAM, then
+; executes the RSM instruction immediately after, leaving SMM.
+;
+; - The SMM Monarch notices that the "about to leave SMM" byte in SMRAM has
+; been set, and starts polling the last byte in the reserved page.
+;
+; - The hot-added CPU jumps ("returns") to the code below (in the reserved
+; page), according to the register state listed in the SMRAM Save State Map.
+;
+; - The hot-added CPU sets the last byte of the reserved page, then halts
+; itself.
+;
+; - The SMM Monarch notices that the hot-added CPU is done with SMBASE
+; relocation.
+;
+; Note that, if the OS is malicious and sends INIT-SIPI-SIPI to the hot-added
+; CPU before allowing the ACPI CPU hotplug event handler to trigger a broadcast
+; SMI, then said broadcast SMI will yank the hot-added CPU directly into SMM,
+; without becoming pending for it (as the hot-added CPU is no longer in RESET
+; state). This is OK, because:
+;
+; - The default SMI handler copes with this, as it is gated by APIC ID. The
+; hot-added CPU won't start the actual SMBASE relocation until the SMM
+; Monarch lets it.
+;
+; - The INIT-SIPI-SIPI sequence that the SMM Monarch sends to the hot-added CPU
+; will be ignored in this sate (it won't even be latched). See "SMI HANDLER
+; EXECUTION ENVIRONMENT" in the Intel SDM: "INIT operations are inhibited
+; when the processor enters SMM".
+;
+; - When the hot-added CPU (e.g., CPU#1) executes the RSM (having relocated
+; SMBASE), it returns to the OS. The OS can use CPU#1 to attack the last byte
+; of the reserved page, while another CPU (e.g., CPU#2) is relocating SMBASE,
+; in order to trick the SMM Monarch (e.g., CPU#0) to open the APIC ID gate
+; for yet another CPU (e.g., CPU#3). However, the SMM Monarch won't look at
+; the last byte of the reserved page, until CPU#2 sets the "about to leave
+; SMM" byte in SMRAM. This leaves a very small window (just one instruction's
+; worth before the RSM) for CPU#3 to "catch up" with CPU#2, and overwrite
+; CPU#2's SMBASE with its own.
+;
+; In other words, we do not / need not prevent a malicious OS from booting the
+; hot-added CPU early; instead we provide benign OSes with a pen for hot-added
+; CPUs.
+;------------------------------------------------------------------------------
+
+SECTION .data
+BITS 16
+
+GLOBAL ASM_PFX (mPostSmmPen) ; UINT8[]
+GLOBAL ASM_PFX (mPostSmmPenSize) ; UINT16
+
+ASM_PFX (mPostSmmPen):
+ ;
+ ; Point DS at the same reserved page.
+ ;
+ mov ax, cs
+ mov ds, ax
+
+ ;
+ ; Inform the SMM Monarch that we're done with SMBASE relocation, by setting
+ ; the last byte in the reserved page.
+ ;
+ mov byte [ds : word 0xFFF], 1
+
+ ;
+ ; Halt now, until we get woken by another SMI, or (more likely) the OS
+ ; reboots us with another INIT-SIPI-SIPI.
+ ;
+HltLoop:
+ cli
+ hlt
+ jmp HltLoop
+
+ASM_PFX (mPostSmmPenSize):
+ dw $ - ASM_PFX (mPostSmmPen)
diff --git a/OvmfPkg/CpuHotplugSmm/Smbase.c b/OvmfPkg/CpuHotplugSmm/Smbase.c
new file mode 100644
index 000000000000..ea21153d9145
--- /dev/null
+++ b/OvmfPkg/CpuHotplugSmm/Smbase.c
@@ -0,0 +1,110 @@
+/** @file
+ SMBASE relocation for hot-plugged CPUs.
+
+ Copyright (c) 2020, Red Hat, Inc.
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Base.h> // BASE_1MB
+#include <Library/BaseMemoryLib.h> // CopyMem()
+#include <Library/DebugLib.h> // DEBUG()
+
+#include "Smbase.h"
+
+extern CONST UINT8 mPostSmmPen[];
+extern CONST UINT16 mPostSmmPenSize;
+
+/**
+ Allocate a non-SMRAM reserved memory page for the Post-SMM Pen for hot-added
+ CPUs.
+
+ This function may only be called from the entry point function of the driver.
+
+ @param[out] PenAddress The address of the allocated (normal RAM) reserved
+ page.
+
+ @param[in] BootServices Pointer to the UEFI boot services table. Used for
+ allocating the normal RAM (not SMRAM) reserved page.
+
+ @retval EFI_SUCCESS Allocation successful.
+
+ @retval EFI_BAD_BUFFER_SIZE The Post-SMM Pen template is not smaller than
+ EFI_PAGE_SIZE.
+
+ @return Error codes propagated from underlying services.
+ DEBUG_ERROR messages have been logged. No
+ resources have been allocated.
+**/
+EFI_STATUS
+SmbaseAllocatePostSmmPen (
+ OUT UINT32 *PenAddress,
+ IN CONST EFI_BOOT_SERVICES *BootServices
+ )
+{
+ EFI_STATUS Status;
+ EFI_PHYSICAL_ADDRESS Address;
+
+ //
+ // The pen code must fit in one page, and the last byte must remain free for
+ // signaling the SMM Monarch.
+ //
+ if (mPostSmmPenSize >= EFI_PAGE_SIZE) {
+ Status = EFI_BAD_BUFFER_SIZE;
+ DEBUG ((DEBUG_ERROR, "%a: mPostSmmPenSize=%u: %r\n", __FUNCTION__,
+ mPostSmmPenSize, Status));
+ return Status;
+ }
+
+ Address = BASE_1MB - 1;
+ Status = BootServices->AllocatePages (AllocateMaxAddress,
+ EfiReservedMemoryType, 1, &Address);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a: AllocatePages(): %r\n", __FUNCTION__, Status));
+ return Status;
+ }
+
+ DEBUG ((DEBUG_INFO, "%a: Post-SMM Pen at 0x%Lx\n", __FUNCTION__, Address));
+ *PenAddress = (UINT32)Address;
+ return EFI_SUCCESS;
+}
+
+/**
+ Copy the Post-SMM Pen template code into the reserved page allocated with
+ SmbaseAllocatePostSmmPen().
+
+ Note that this effects an "SMRAM to normal RAM" copy.
+
+ The SMM Monarch is supposed to call this function from the root MMI handler.
+
+ @param[in] PenAddress The allocation address returned by
+ SmbaseAllocatePostSmmPen().
+**/
+VOID
+SmbaseReinstallPostSmmPen (
+ IN UINT32 PenAddress
+ )
+{
+ CopyMem ((VOID *)(UINTN)PenAddress, mPostSmmPen, mPostSmmPenSize);
+}
+
+/**
+ Release the reserved page allocated with SmbaseAllocatePostSmmPen().
+
+ This function may only be called from the entry point function of the driver,
+ on the error path.
+
+ @param[in] PenAddress The allocation address returned by
+ SmbaseAllocatePostSmmPen().
+
+ @param[in] BootServices Pointer to the UEFI boot services table. Used for
+ releasing the normal RAM (not SMRAM) reserved page.
+**/
+VOID
+SmbaseReleasePostSmmPen (
+ IN UINT32 PenAddress,
+ IN CONST EFI_BOOT_SERVICES *BootServices
+ )
+{
+ BootServices->FreePages (PenAddress, 1);
+}
--
2.19.1.3.g30247aa5d201
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#54954): https://edk2.groups.io/g/devel/message/54954
Mute This Topic: https://groups.io/mt/71575186/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
On Wed, 26 Feb 2020 at 23:12, Laszlo Ersek <lersek@redhat.com> wrote:
>
> Once a hot-added CPU finishes the SMBASE relocation, we need to pen it in
> a HLT loop. Add the NASM implementation (with just a handful of
> instructions, but much documentation), and some C language helper
> functions.
>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Igor Mammedov <imammedo@redhat.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Michael Kinney <michael.d.kinney@intel.com>
> Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1512
> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
>
> Notes:
> v2:
>
> - document the combined approach described here:
>
> http://mid.mail-archive.com/111145fc-be3d-2a9a-a126-c14345a8a8a4@redhat.com
> https://edk2.groups.io/g/devel/message/54754
>
> by mentioning the "about to leave SMM" byte in SMRAM.
>
> OvmfPkg/CpuHotplugSmm/CpuHotplugSmm.inf | 4 +
> OvmfPkg/CpuHotplugSmm/Smbase.h | 32 +++++
> OvmfPkg/CpuHotplugSmm/PostSmmPen.nasm | 151 ++++++++++++++++++++
> OvmfPkg/CpuHotplugSmm/Smbase.c | 110 ++++++++++++++
> 4 files changed, 297 insertions(+)
>
> diff --git a/OvmfPkg/CpuHotplugSmm/CpuHotplugSmm.inf b/OvmfPkg/CpuHotplugSmm/CpuHotplugSmm.inf
> index 31c1ee1c9f6d..bf4162299c7c 100644
> --- a/OvmfPkg/CpuHotplugSmm/CpuHotplugSmm.inf
> +++ b/OvmfPkg/CpuHotplugSmm/CpuHotplugSmm.inf
> @@ -5,52 +5,56 @@
> #
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> ##
>
> [Defines]
> INF_VERSION = 1.29
> PI_SPECIFICATION_VERSION = 0x00010046 # PI-1.7.0
> BASE_NAME = CpuHotplugSmm
> FILE_GUID = 84EEA114-C6BE-4445-8F90-51D97863E363
> MODULE_TYPE = DXE_SMM_DRIVER
> ENTRY_POINT = CpuHotplugEntry
>
> #
> # The following information is for reference only and not required by the build
> # tools.
> #
> # VALID_ARCHITECTURES = IA32 X64
> #
>
> [Sources]
> ApicId.h
> CpuHotplug.c
> + PostSmmPen.nasm
> QemuCpuhp.c
> QemuCpuhp.h
> + Smbase.c
> + Smbase.h
>
> [Packages]
> MdePkg/MdePkg.dec
> OvmfPkg/OvmfPkg.dec
> UefiCpuPkg/UefiCpuPkg.dec
>
> [LibraryClasses]
> BaseLib
> + BaseMemoryLib
> DebugLib
> MmServicesTableLib
> PcdLib
> SafeIntLib
> UefiDriverEntryPoint
>
> [Protocols]
> gEfiMmCpuIoProtocolGuid ## CONSUMES
> gEfiSmmCpuServiceProtocolGuid ## CONSUMES
>
> [Pcd]
> gUefiCpuPkgTokenSpaceGuid.PcdCpuHotPlugDataAddress ## CONSUMES
> gUefiOvmfPkgTokenSpaceGuid.PcdQ35SmramAtDefaultSmbase ## CONSUMES
>
> [FeaturePcd]
> gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire ## CONSUMES
>
> [Depex]
> gEfiMmCpuIoProtocolGuid AND
> gEfiSmmCpuServiceProtocolGuid
> diff --git a/OvmfPkg/CpuHotplugSmm/Smbase.h b/OvmfPkg/CpuHotplugSmm/Smbase.h
> new file mode 100644
> index 000000000000..cb5aed98cdd3
> --- /dev/null
> +++ b/OvmfPkg/CpuHotplugSmm/Smbase.h
> @@ -0,0 +1,32 @@
> +/** @file
> + SMBASE relocation for hot-plugged CPUs.
> +
> + Copyright (c) 2020, Red Hat, Inc.
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +**/
> +
> +#ifndef SMBASE_H_
> +#define SMBASE_H_
> +
> +#include <Uefi/UefiBaseType.h> // EFI_STATUS
> +#include <Uefi/UefiSpec.h> // EFI_BOOT_SERVICES
> +
> +EFI_STATUS
> +SmbaseAllocatePostSmmPen (
> + OUT UINT32 *PenAddress,
> + IN CONST EFI_BOOT_SERVICES *BootServices
> + );
> +
> +VOID
> +SmbaseReinstallPostSmmPen (
> + IN UINT32 PenAddress
> + );
> +
> +VOID
> +SmbaseReleasePostSmmPen (
> + IN UINT32 PenAddress,
> + IN CONST EFI_BOOT_SERVICES *BootServices
> + );
> +
> +#endif // SMBASE_H_
> diff --git a/OvmfPkg/CpuHotplugSmm/PostSmmPen.nasm b/OvmfPkg/CpuHotplugSmm/PostSmmPen.nasm
> new file mode 100644
> index 000000000000..ef702689bdb5
> --- /dev/null
> +++ b/OvmfPkg/CpuHotplugSmm/PostSmmPen.nasm
> @@ -0,0 +1,151 @@
> +;------------------------------------------------------------------------------
> +; @file
> +; Pen any hot-added CPU in a 16-bit, real mode HLT loop, after it leaves SMM by
> +; executing the RSM instruction.
> +;
> +; Copyright (c) 2020, Red Hat, Inc.
> +;
> +; SPDX-License-Identifier: BSD-2-Clause-Patent
> +;
> +; The routine implemented here is stored into normal RAM, under 1MB, at the
> +; beginning of a page that is allocated as EfiReservedMemoryType. On any
> +; hot-added CPU, it is executed after *at least* the first RSM (i.e., after
> +; SMBASE relocation).
> +;
> +; The first execution of this code occurs as follows:
> +;
> +; - The hot-added CPU is in RESET state.
> +;
> +; - The ACPI CPU hotplug event handler triggers a broadcast SMI, from the OS.
> +;
> +; - Existent CPUs (BSP and APs) enter SMM.
> +;
> +; - The hot-added CPU remains in RESET state, but an SMI is pending for it now.
> +; (See "SYSTEM MANAGEMENT INTERRUPT (SMI)" in the Intel SDM.)
> +;
> +; - In SMM, pre-existent CPUs that are not elected SMM Monarch, keep themselves
> +; busy with their wait loops.
> +;
> +; - From the root MMI handler, the SMM Monarch:
> +;
> +; - places this routine in the reserved page,
> +;
> +; - clears the "about to leave SMM" byte in SMRAM,
> +;
> +; - clears the last byte of the reserved page,
> +;
> +; - sends an INIT-SIPI-SIPI sequence to the hot-added CPU,
> +;
> +; - un-gates the default SMI handler by APIC ID.
> +;
> +; - The startup vector in the SIPI that is sent by the SMM Monarch points to
> +; this code; i.e., to the reserved page. (Example: 0x9_F000.)
> +;
> +; - The SMM Monarch starts polling the "about to leave SMM" byte in SMRAM.
> +;
> +; - The hot-added CPU boots, and immediately enters SMM due to the pending SMI.
> +; It starts executing the default SMI handler.
> +;
> +; - Importantly, the SMRAM Save State Map captures the following information,
> +; when the hot-added CPU enters SMM:
> +;
> +; - CS selector: assumes the 16 most significant bits of the 20-bit (i.e.,
> +; below 1MB) startup vector from the SIPI. (Example: 0x9F00.)
> +;
> +; - CS attributes: Accessed, Readable, User (S=1), CodeSegment (bit#11),
> +; Present.
> +;
> +; - CS limit: 0xFFFF.
> +;
> +; - CS base: the CS selector value shifted left by 4 bits. That is, the CS
> +; base equals the SIPI startup vector. (Example: 0x9_F000.)
> +;
> +; - IP: the least significant 4 bits from the SIPI startup vector. Because
> +; the routine is page-aligned, these bits are zero (hence IP is zero).
> +;
> +; - ES, SS, DS, FS, GS selectors: 0.
> +;
> +; - ES, SS, DS, FS, GS attributes: same as the CS attributes, minus
> +; CodeSegment (bit#11).
> +;
> +; - ES, SS, DS, FS, GS limits: 0xFFFF.
> +;
> +; - ES, SS, DS, FS, GS bases: 0.
> +;
> +; - The hot-added CPU sets its new SMBASE value in the SMRAM Save State Map.
> +;
> +; - The hot-added CPU sets the "about to leave SMM" byte in SMRAM, then
> +; executes the RSM instruction immediately after, leaving SMM.
> +;
> +; - The SMM Monarch notices that the "about to leave SMM" byte in SMRAM has
> +; been set, and starts polling the last byte in the reserved page.
> +;
> +; - The hot-added CPU jumps ("returns") to the code below (in the reserved
> +; page), according to the register state listed in the SMRAM Save State Map.
> +;
> +; - The hot-added CPU sets the last byte of the reserved page, then halts
> +; itself.
> +;
> +; - The SMM Monarch notices that the hot-added CPU is done with SMBASE
> +; relocation.
> +;
> +; Note that, if the OS is malicious and sends INIT-SIPI-SIPI to the hot-added
> +; CPU before allowing the ACPI CPU hotplug event handler to trigger a broadcast
> +; SMI, then said broadcast SMI will yank the hot-added CPU directly into SMM,
> +; without becoming pending for it (as the hot-added CPU is no longer in RESET
> +; state). This is OK, because:
> +;
> +; - The default SMI handler copes with this, as it is gated by APIC ID. The
> +; hot-added CPU won't start the actual SMBASE relocation until the SMM
> +; Monarch lets it.
> +;
> +; - The INIT-SIPI-SIPI sequence that the SMM Monarch sends to the hot-added CPU
> +; will be ignored in this sate (it won't even be latched). See "SMI HANDLER
> +; EXECUTION ENVIRONMENT" in the Intel SDM: "INIT operations are inhibited
> +; when the processor enters SMM".
> +;
> +; - When the hot-added CPU (e.g., CPU#1) executes the RSM (having relocated
> +; SMBASE), it returns to the OS. The OS can use CPU#1 to attack the last byte
> +; of the reserved page, while another CPU (e.g., CPU#2) is relocating SMBASE,
> +; in order to trick the SMM Monarch (e.g., CPU#0) to open the APIC ID gate
> +; for yet another CPU (e.g., CPU#3). However, the SMM Monarch won't look at
> +; the last byte of the reserved page, until CPU#2 sets the "about to leave
> +; SMM" byte in SMRAM. This leaves a very small window (just one instruction's
> +; worth before the RSM) for CPU#3 to "catch up" with CPU#2, and overwrite
> +; CPU#2's SMBASE with its own.
> +;
> +; In other words, we do not / need not prevent a malicious OS from booting the
> +; hot-added CPU early; instead we provide benign OSes with a pen for hot-added
> +; CPUs.
> +;------------------------------------------------------------------------------
> +
> +SECTION .data
> +BITS 16
> +
> +GLOBAL ASM_PFX (mPostSmmPen) ; UINT8[]
> +GLOBAL ASM_PFX (mPostSmmPenSize) ; UINT16
> +
> +ASM_PFX (mPostSmmPen):
> + ;
> + ; Point DS at the same reserved page.
> + ;
> + mov ax, cs
> + mov ds, ax
> +
> + ;
> + ; Inform the SMM Monarch that we're done with SMBASE relocation, by setting
> + ; the last byte in the reserved page.
> + ;
> + mov byte [ds : word 0xFFF], 1
> +
> + ;
> + ; Halt now, until we get woken by another SMI, or (more likely) the OS
> + ; reboots us with another INIT-SIPI-SIPI.
> + ;
> +HltLoop:
> + cli
> + hlt
> + jmp HltLoop
> +
> +ASM_PFX (mPostSmmPenSize):
> + dw $ - ASM_PFX (mPostSmmPen)
> diff --git a/OvmfPkg/CpuHotplugSmm/Smbase.c b/OvmfPkg/CpuHotplugSmm/Smbase.c
> new file mode 100644
> index 000000000000..ea21153d9145
> --- /dev/null
> +++ b/OvmfPkg/CpuHotplugSmm/Smbase.c
> @@ -0,0 +1,110 @@
> +/** @file
> + SMBASE relocation for hot-plugged CPUs.
> +
> + Copyright (c) 2020, Red Hat, Inc.
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +**/
> +
> +#include <Base.h> // BASE_1MB
> +#include <Library/BaseMemoryLib.h> // CopyMem()
> +#include <Library/DebugLib.h> // DEBUG()
> +
> +#include "Smbase.h"
> +
> +extern CONST UINT8 mPostSmmPen[];
> +extern CONST UINT16 mPostSmmPenSize;
> +
> +/**
> + Allocate a non-SMRAM reserved memory page for the Post-SMM Pen for hot-added
> + CPUs.
> +
> + This function may only be called from the entry point function of the driver.
> +
> + @param[out] PenAddress The address of the allocated (normal RAM) reserved
> + page.
> +
> + @param[in] BootServices Pointer to the UEFI boot services table. Used for
> + allocating the normal RAM (not SMRAM) reserved page.
> +
> + @retval EFI_SUCCESS Allocation successful.
> +
> + @retval EFI_BAD_BUFFER_SIZE The Post-SMM Pen template is not smaller than
> + EFI_PAGE_SIZE.
> +
> + @return Error codes propagated from underlying services.
> + DEBUG_ERROR messages have been logged. No
> + resources have been allocated.
> +**/
> +EFI_STATUS
> +SmbaseAllocatePostSmmPen (
> + OUT UINT32 *PenAddress,
> + IN CONST EFI_BOOT_SERVICES *BootServices
> + )
> +{
> + EFI_STATUS Status;
> + EFI_PHYSICAL_ADDRESS Address;
> +
> + //
> + // The pen code must fit in one page, and the last byte must remain free for
> + // signaling the SMM Monarch.
> + //
> + if (mPostSmmPenSize >= EFI_PAGE_SIZE) {
> + Status = EFI_BAD_BUFFER_SIZE;
> + DEBUG ((DEBUG_ERROR, "%a: mPostSmmPenSize=%u: %r\n", __FUNCTION__,
> + mPostSmmPenSize, Status));
> + return Status;
> + }
> +
> + Address = BASE_1MB - 1;
> + Status = BootServices->AllocatePages (AllocateMaxAddress,
> + EfiReservedMemoryType, 1, &Address);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: AllocatePages(): %r\n", __FUNCTION__, Status));
> + return Status;
> + }
> +
> + DEBUG ((DEBUG_INFO, "%a: Post-SMM Pen at 0x%Lx\n", __FUNCTION__, Address));
> + *PenAddress = (UINT32)Address;
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Copy the Post-SMM Pen template code into the reserved page allocated with
> + SmbaseAllocatePostSmmPen().
> +
> + Note that this effects an "SMRAM to normal RAM" copy.
> +
> + The SMM Monarch is supposed to call this function from the root MMI handler.
> +
> + @param[in] PenAddress The allocation address returned by
> + SmbaseAllocatePostSmmPen().
> +**/
> +VOID
> +SmbaseReinstallPostSmmPen (
> + IN UINT32 PenAddress
> + )
> +{
> + CopyMem ((VOID *)(UINTN)PenAddress, mPostSmmPen, mPostSmmPenSize);
> +}
> +
> +/**
> + Release the reserved page allocated with SmbaseAllocatePostSmmPen().
> +
> + This function may only be called from the entry point function of the driver,
> + on the error path.
> +
> + @param[in] PenAddress The allocation address returned by
> + SmbaseAllocatePostSmmPen().
> +
> + @param[in] BootServices Pointer to the UEFI boot services table. Used for
> + releasing the normal RAM (not SMRAM) reserved page.
> +**/
> +VOID
> +SmbaseReleasePostSmmPen (
> + IN UINT32 PenAddress,
> + IN CONST EFI_BOOT_SERVICES *BootServices
> + )
> +{
> + BootServices->FreePages (PenAddress, 1);
> +}
> --
> 2.19.1.3.g30247aa5d201
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#55204): https://edk2.groups.io/g/devel/message/55204
Mute This Topic: https://groups.io/mt/71575186/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2026 Red Hat, Inc.