From nobody Sat Feb 7 06:49:00 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+54954+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+54954+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1582755153; cv=none; d=zohomail.com; s=zohoarc; b=CSEMAvpYfHVzQuyjzx4DYAfhs/iyMJuw59INeRIuPWxxmm6jP7IKcaXqn2kXY54ZroMPEQK/T0gaMGGzdfZvcZipm3ND130skcdJImXUm9a03GHJdCDGHevKefslZggYX3YRsLsbFSfDIiVnKZ1zyQGa1paFj5sUHxqYGEcCzEM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1582755153; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=sgt+qlqNiaT6iW6OTfq6f4/xxmj5eEH19VWcjVgPBtU=; b=QQ+1LlQY4OmOx0GUXVWb4zO7PhJz/VHDaKxYePVQjpGPU9HMSUrzkzlAfv0dmVjjVnh5OBDjh8Bs9hL28rAN02Mlj/0rjX19/YaEMxgI9ObmdgFVsLWIM5/qKKfSSwyWTcIR6Ko2x3OCZP4AXQx6K02Q7IlpoH6CELlDGxPSgDc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+54954+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1582755153363268.81554723875297; Wed, 26 Feb 2020 14:12:33 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id wW5qYY1788612xEg3YHGdoLQ; Wed, 26 Feb 2020 14:12:32 -0800 X-Received: from us-smtp-delivery-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.61]) by mx.groups.io with SMTP id smtpd.web12.232.1582755151402646866 for ; Wed, 26 Feb 2020 14:12:31 -0800 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-28-pHhiLQ_jPlSKbcL3ITP7MQ-1; Wed, 26 Feb 2020 17:12:28 -0500 X-MC-Unique: pHhiLQ_jPlSKbcL3ITP7MQ-1 X-Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8CDD91005516; Wed, 26 Feb 2020 22:12:27 +0000 (UTC) X-Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-185.ams2.redhat.com [10.36.116.185]) by smtp.corp.redhat.com (Postfix) with ESMTP id D2E19909E9; Wed, 26 Feb 2020 22:12:25 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: Ard Biesheuvel , Igor Mammedov , Jiewen Yao , Jordan Justen , Michael Kinney , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Subject: [edk2-devel] [PATCH v2 11/16] OvmfPkg/CpuHotplugSmm: introduce Post-SMM Pen for hot-added CPUs Date: Wed, 26 Feb 2020 23:11:51 +0100 Message-Id: <20200226221156.29589-12-lersek@redhat.com> In-Reply-To: <20200226221156.29589-1-lersek@redhat.com> References: <20200226221156.29589-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com X-Gm-Message-State: hLCXEIHUnxfWuVvl3HmRq05Kx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1582755152; bh=sgt+qlqNiaT6iW6OTfq6f4/xxmj5eEH19VWcjVgPBtU=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=QvbEoXH8JRJ5tB0wmp31DSBfN6ghFMXRx0dqjNHpRO0IXXNpkdRHjxhKVZJCqYpih7G 102a9gOpC6A+7F5BjXONHJE/FmMIeGcHvq+NNxLzmyg6Paa3GPCt+9pX5o7h98FoQ08Iv sQCEyF5REj45lpQF5BlgpsNunCAXVUpDzx0= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" Once a hot-added CPU finishes the SMBASE relocation, we need to pen it in a HLT loop. Add the NASM implementation (with just a handful of instructions, but much documentation), and some C language helper functions. Cc: Ard Biesheuvel Cc: Igor Mammedov Cc: Jiewen Yao Cc: Jordan Justen Cc: Michael Kinney Cc: Philippe Mathieu-Daud=C3=A9 Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1512 Signed-off-by: Laszlo Ersek Acked-by: Ard Biesheuvel --- Notes: v2: =20 - document the combined approach described here: =20 http://mid.mail-archive.com/111145fc-be3d-2a9a-a126-c14345a8a8a4@redh= at.com https://edk2.groups.io/g/devel/message/54754 =20 by mentioning the "about to leave SMM" byte in SMRAM. OvmfPkg/CpuHotplugSmm/CpuHotplugSmm.inf | 4 + OvmfPkg/CpuHotplugSmm/Smbase.h | 32 +++++ OvmfPkg/CpuHotplugSmm/PostSmmPen.nasm | 151 ++++++++++++++++++++ OvmfPkg/CpuHotplugSmm/Smbase.c | 110 ++++++++++++++ 4 files changed, 297 insertions(+) diff --git a/OvmfPkg/CpuHotplugSmm/CpuHotplugSmm.inf b/OvmfPkg/CpuHotplugSm= m/CpuHotplugSmm.inf index 31c1ee1c9f6d..bf4162299c7c 100644 --- a/OvmfPkg/CpuHotplugSmm/CpuHotplugSmm.inf +++ b/OvmfPkg/CpuHotplugSmm/CpuHotplugSmm.inf @@ -5,52 +5,56 @@ # # SPDX-License-Identifier: BSD-2-Clause-Patent ## =20 [Defines] INF_VERSION =3D 1.29 PI_SPECIFICATION_VERSION =3D 0x00010046 # P= I-1.7.0 BASE_NAME =3D CpuHotplugSmm FILE_GUID =3D 84EEA114-C6BE-4445-8F90-51D97863E363 MODULE_TYPE =3D DXE_SMM_DRIVER ENTRY_POINT =3D CpuHotplugEntry =20 # # The following information is for reference only and not required by the = build # tools. # # VALID_ARCHITECTURES =3D IA32 X64 # =20 [Sources] ApicId.h CpuHotplug.c + PostSmmPen.nasm QemuCpuhp.c QemuCpuhp.h + Smbase.c + Smbase.h =20 [Packages] MdePkg/MdePkg.dec OvmfPkg/OvmfPkg.dec UefiCpuPkg/UefiCpuPkg.dec =20 [LibraryClasses] BaseLib + BaseMemoryLib DebugLib MmServicesTableLib PcdLib SafeIntLib UefiDriverEntryPoint =20 [Protocols] gEfiMmCpuIoProtocolGuid ## CON= SUMES gEfiSmmCpuServiceProtocolGuid ## CON= SUMES =20 [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuHotPlugDataAddress ## CON= SUMES gUefiOvmfPkgTokenSpaceGuid.PcdQ35SmramAtDefaultSmbase ## CON= SUMES =20 [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire ## CON= SUMES =20 [Depex] gEfiMmCpuIoProtocolGuid AND gEfiSmmCpuServiceProtocolGuid diff --git a/OvmfPkg/CpuHotplugSmm/Smbase.h b/OvmfPkg/CpuHotplugSmm/Smbase.h new file mode 100644 index 000000000000..cb5aed98cdd3 --- /dev/null +++ b/OvmfPkg/CpuHotplugSmm/Smbase.h @@ -0,0 +1,32 @@ +/** @file + SMBASE relocation for hot-plugged CPUs. + + Copyright (c) 2020, Red Hat, Inc. + + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#ifndef SMBASE_H_ +#define SMBASE_H_ + +#include // EFI_STATUS +#include // EFI_BOOT_SERVICES + +EFI_STATUS +SmbaseAllocatePostSmmPen ( + OUT UINT32 *PenAddress, + IN CONST EFI_BOOT_SERVICES *BootServices + ); + +VOID +SmbaseReinstallPostSmmPen ( + IN UINT32 PenAddress + ); + +VOID +SmbaseReleasePostSmmPen ( + IN UINT32 PenAddress, + IN CONST EFI_BOOT_SERVICES *BootServices + ); + +#endif // SMBASE_H_ diff --git a/OvmfPkg/CpuHotplugSmm/PostSmmPen.nasm b/OvmfPkg/CpuHotplugSmm/= PostSmmPen.nasm new file mode 100644 index 000000000000..ef702689bdb5 --- /dev/null +++ b/OvmfPkg/CpuHotplugSmm/PostSmmPen.nasm @@ -0,0 +1,151 @@ +;-------------------------------------------------------------------------= ----- +; @file +; Pen any hot-added CPU in a 16-bit, real mode HLT loop, after it leaves S= MM by +; executing the RSM instruction. +; +; Copyright (c) 2020, Red Hat, Inc. +; +; SPDX-License-Identifier: BSD-2-Clause-Patent +; +; The routine implemented here is stored into normal RAM, under 1MB, at the +; beginning of a page that is allocated as EfiReservedMemoryType. On any +; hot-added CPU, it is executed after *at least* the first RSM (i.e., after +; SMBASE relocation). +; +; The first execution of this code occurs as follows: +; +; - The hot-added CPU is in RESET state. +; +; - The ACPI CPU hotplug event handler triggers a broadcast SMI, from the = OS. +; +; - Existent CPUs (BSP and APs) enter SMM. +; +; - The hot-added CPU remains in RESET state, but an SMI is pending for it= now. +; (See "SYSTEM MANAGEMENT INTERRUPT (SMI)" in the Intel SDM.) +; +; - In SMM, pre-existent CPUs that are not elected SMM Monarch, keep thems= elves +; busy with their wait loops. +; +; - From the root MMI handler, the SMM Monarch: +; +; - places this routine in the reserved page, +; +; - clears the "about to leave SMM" byte in SMRAM, +; +; - clears the last byte of the reserved page, +; +; - sends an INIT-SIPI-SIPI sequence to the hot-added CPU, +; +; - un-gates the default SMI handler by APIC ID. +; +; - The startup vector in the SIPI that is sent by the SMM Monarch points = to +; this code; i.e., to the reserved page. (Example: 0x9_F000.) +; +; - The SMM Monarch starts polling the "about to leave SMM" byte in SMRAM. +; +; - The hot-added CPU boots, and immediately enters SMM due to the pending= SMI. +; It starts executing the default SMI handler. +; +; - Importantly, the SMRAM Save State Map captures the following informati= on, +; when the hot-added CPU enters SMM: +; +; - CS selector: assumes the 16 most significant bits of the 20-bit (i.e= ., +; below 1MB) startup vector from the SIPI. (Example: 0x9F00.) +; +; - CS attributes: Accessed, Readable, User (S=3D1), CodeSegment (bit#11= ), +; Present. +; +; - CS limit: 0xFFFF. +; +; - CS base: the CS selector value shifted left by 4 bits. That is, the = CS +; base equals the SIPI startup vector. (Example: 0x9_F000.) +; +; - IP: the least significant 4 bits from the SIPI startup vector. Becau= se +; the routine is page-aligned, these bits are zero (hence IP is zero). +; +; - ES, SS, DS, FS, GS selectors: 0. +; +; - ES, SS, DS, FS, GS attributes: same as the CS attributes, minus +; CodeSegment (bit#11). +; +; - ES, SS, DS, FS, GS limits: 0xFFFF. +; +; - ES, SS, DS, FS, GS bases: 0. +; +; - The hot-added CPU sets its new SMBASE value in the SMRAM Save State Ma= p. +; +; - The hot-added CPU sets the "about to leave SMM" byte in SMRAM, then +; executes the RSM instruction immediately after, leaving SMM. +; +; - The SMM Monarch notices that the "about to leave SMM" byte in SMRAM has +; been set, and starts polling the last byte in the reserved page. +; +; - The hot-added CPU jumps ("returns") to the code below (in the reserved +; page), according to the register state listed in the SMRAM Save State = Map. +; +; - The hot-added CPU sets the last byte of the reserved page, then halts +; itself. +; +; - The SMM Monarch notices that the hot-added CPU is done with SMBASE +; relocation. +; +; Note that, if the OS is malicious and sends INIT-SIPI-SIPI to the hot-ad= ded +; CPU before allowing the ACPI CPU hotplug event handler to trigger a broa= dcast +; SMI, then said broadcast SMI will yank the hot-added CPU directly into S= MM, +; without becoming pending for it (as the hot-added CPU is no longer in RE= SET +; state). This is OK, because: +; +; - The default SMI handler copes with this, as it is gated by APIC ID. The +; hot-added CPU won't start the actual SMBASE relocation until the SMM +; Monarch lets it. +; +; - The INIT-SIPI-SIPI sequence that the SMM Monarch sends to the hot-adde= d CPU +; will be ignored in this sate (it won't even be latched). See "SMI HAND= LER +; EXECUTION ENVIRONMENT" in the Intel SDM: "INIT operations are inhibited +; when the processor enters SMM". +; +; - When the hot-added CPU (e.g., CPU#1) executes the RSM (having relocated +; SMBASE), it returns to the OS. The OS can use CPU#1 to attack the last= byte +; of the reserved page, while another CPU (e.g., CPU#2) is relocating SM= BASE, +; in order to trick the SMM Monarch (e.g., CPU#0) to open the APIC ID ga= te +; for yet another CPU (e.g., CPU#3). However, the SMM Monarch won't look= at +; the last byte of the reserved page, until CPU#2 sets the "about to lea= ve +; SMM" byte in SMRAM. This leaves a very small window (just one instruct= ion's +; worth before the RSM) for CPU#3 to "catch up" with CPU#2, and overwrite +; CPU#2's SMBASE with its own. +; +; In other words, we do not / need not prevent a malicious OS from booting= the +; hot-added CPU early; instead we provide benign OSes with a pen for hot-a= dded +; CPUs. +;-------------------------------------------------------------------------= ----- + +SECTION .data +BITS 16 + +GLOBAL ASM_PFX (mPostSmmPen) ; UINT8[] +GLOBAL ASM_PFX (mPostSmmPenSize) ; UINT16 + +ASM_PFX (mPostSmmPen): + ; + ; Point DS at the same reserved page. + ; + mov ax, cs + mov ds, ax + + ; + ; Inform the SMM Monarch that we're done with SMBASE relocation, by sett= ing + ; the last byte in the reserved page. + ; + mov byte [ds : word 0xFFF], 1 + + ; + ; Halt now, until we get woken by another SMI, or (more likely) the OS + ; reboots us with another INIT-SIPI-SIPI. + ; +HltLoop: + cli + hlt + jmp HltLoop + +ASM_PFX (mPostSmmPenSize): + dw $ - ASM_PFX (mPostSmmPen) diff --git a/OvmfPkg/CpuHotplugSmm/Smbase.c b/OvmfPkg/CpuHotplugSmm/Smbase.c new file mode 100644 index 000000000000..ea21153d9145 --- /dev/null +++ b/OvmfPkg/CpuHotplugSmm/Smbase.c @@ -0,0 +1,110 @@ +/** @file + SMBASE relocation for hot-plugged CPUs. + + Copyright (c) 2020, Red Hat, Inc. + + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include // BASE_1MB +#include // CopyMem() +#include // DEBUG() + +#include "Smbase.h" + +extern CONST UINT8 mPostSmmPen[]; +extern CONST UINT16 mPostSmmPenSize; + +/** + Allocate a non-SMRAM reserved memory page for the Post-SMM Pen for hot-a= dded + CPUs. + + This function may only be called from the entry point function of the dr= iver. + + @param[out] PenAddress The address of the allocated (normal RAM) reser= ved + page. + + @param[in] BootServices Pointer to the UEFI boot services table. Used f= or + allocating the normal RAM (not SMRAM) reserved = page. + + @retval EFI_SUCCESS Allocation successful. + + @retval EFI_BAD_BUFFER_SIZE The Post-SMM Pen template is not smaller th= an + EFI_PAGE_SIZE. + + @return Error codes propagated from underlying serv= ices. + DEBUG_ERROR messages have been logged. No + resources have been allocated. +**/ +EFI_STATUS +SmbaseAllocatePostSmmPen ( + OUT UINT32 *PenAddress, + IN CONST EFI_BOOT_SERVICES *BootServices + ) +{ + EFI_STATUS Status; + EFI_PHYSICAL_ADDRESS Address; + + // + // The pen code must fit in one page, and the last byte must remain free= for + // signaling the SMM Monarch. + // + if (mPostSmmPenSize >=3D EFI_PAGE_SIZE) { + Status =3D EFI_BAD_BUFFER_SIZE; + DEBUG ((DEBUG_ERROR, "%a: mPostSmmPenSize=3D%u: %r\n", __FUNCTION__, + mPostSmmPenSize, Status)); + return Status; + } + + Address =3D BASE_1MB - 1; + Status =3D BootServices->AllocatePages (AllocateMaxAddress, + EfiReservedMemoryType, 1, &Address); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a: AllocatePages(): %r\n", __FUNCTION__, Status= )); + return Status; + } + + DEBUG ((DEBUG_INFO, "%a: Post-SMM Pen at 0x%Lx\n", __FUNCTION__, Address= )); + *PenAddress =3D (UINT32)Address; + return EFI_SUCCESS; +} + +/** + Copy the Post-SMM Pen template code into the reserved page allocated with + SmbaseAllocatePostSmmPen(). + + Note that this effects an "SMRAM to normal RAM" copy. + + The SMM Monarch is supposed to call this function from the root MMI hand= ler. + + @param[in] PenAddress The allocation address returned by + SmbaseAllocatePostSmmPen(). +**/ +VOID +SmbaseReinstallPostSmmPen ( + IN UINT32 PenAddress + ) +{ + CopyMem ((VOID *)(UINTN)PenAddress, mPostSmmPen, mPostSmmPenSize); +} + +/** + Release the reserved page allocated with SmbaseAllocatePostSmmPen(). + + This function may only be called from the entry point function of the dr= iver, + on the error path. + + @param[in] PenAddress The allocation address returned by + SmbaseAllocatePostSmmPen(). + + @param[in] BootServices Pointer to the UEFI boot services table. Used f= or + releasing the normal RAM (not SMRAM) reserved p= age. +**/ +VOID +SmbaseReleasePostSmmPen ( + IN UINT32 PenAddress, + IN CONST EFI_BOOT_SERVICES *BootServices + ) +{ + BootServices->FreePages (PenAddress, 1); +} --=20 2.19.1.3.g30247aa5d201 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#54954): https://edk2.groups.io/g/devel/message/54954 Mute This Topic: https://groups.io/mt/71575186/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-