From nobody Mon Feb 9 16:12:59 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+63102+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63102+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1595407046; cv=none; d=zohomail.com; s=zohoarc; b=ZAiz6lC7V2/lGNOHylKZ1neRvhNzK69ermND1ORHUkUyNEdL3sEu8zZzLxo9VW1oMWckD7NiYSMy3JtYEkudwHciqWajS8WWXGSCIOzg2+KFy6zONf3W1jkPRkT0+xQ/o7IM/un6+7flJr5FKvidasAnrHPrcosv5Bzc0LwXZBI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1595407046; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=KTv87/N+AxVYlNW1STeDkPFQNErxjTv1CxMV+jL05b8=; b=J59t581MR1+/SYvpUmiEp0OJeuZraCYejujSZ5NxCx5yUIQC2aRVHqX1frK4wxGwgDCQRhbLeDV1rzjz8v1F8KI/B097Sf9A1+Sk1GL1mLK39Bp2qw0sOLU0N3yFLA3JvMvHvvAAW+8l1Osah3C+wqdkLFiyTyVln53e3CVMtHU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63102+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 159540704603848.30768398240264; Wed, 22 Jul 2020 01:37:26 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id ARbhYY1788612xrnaqnQWx3h; Wed, 22 Jul 2020 01:37:25 -0700 X-Received: from mga06.intel.com (mga06.intel.com []) by mx.groups.io with SMTP id smtpd.web11.14454.1595407023959550656 for ; Wed, 22 Jul 2020 01:37:25 -0700 IronPort-SDR: coOBv6yyeUPctuuw31HOEFQMUcXAo20jOZs7MKB+9itbtGINex+JNcOpa5+kbdrTteoalok+2b ij4tJeGI1BcQ== X-IronPort-AV: E=McAfee;i="6000,8403,9689"; a="211835227" X-IronPort-AV: E=Sophos;i="5.75,381,1589266800"; d="scan'208";a="211835227" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jul 2020 01:37:24 -0700 IronPort-SDR: XmOSa2UerD9rk2yt4wRK2TEcBzpigeG2zZm9VF4ULnEu3z7tkIIQ9MKP7567bD4MgfBFhgaRgq 2d+0PZRcduFQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,381,1589266800"; d="scan'208";a="462380318" X-Received: from guominji-mobl.ccr.corp.intel.com ([10.238.13.140]) by orsmga005.jf.intel.com with ESMTP; 22 Jul 2020 01:37:22 -0700 From: "Guomin Jiang" To: devel@edk2.groups.io Cc: Jian J Wang , Hao A Wu , Dandan Bi , Liming Gao , Debkumar De , Harry Han , Catharine West Subject: [edk2-devel] [PATCH v7 10/10] MdeModulePkg/Core: Avoid redundant shadow when enable the Migrated PCD (CVE-2019-11098) Date: Wed, 22 Jul 2020 16:36:57 +0800 Message-Id: <20200722083657.739-11-guomin.jiang@intel.com> In-Reply-To: <20200722083657.739-1-guomin.jiang@intel.com> References: <20200722083657.739-1-guomin.jiang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,guomin.jiang@intel.com X-Gm-Message-State: J0BbS4kl1kvhQ2TNuC4NeaaRx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1595407045; bh=v5OcQbrAaBZIGipmqU5M2XKh4EUnAg/J1v4arHNniRY=; h=Cc:Date:From:Reply-To:Subject:To; b=Txh6zCz3IYtw+ZIaddO1P03BzMqPxT71MBWOdiAFxv+nnasPtTTUO3kgtQCu14XJseU ufDcrTiQutBKeYB74drBFfcc8Xt34fFWG07Uv0t003etyV5iLebgAy57xAomXRd9xgjFj 7nSKTyV53kPjR57FKtwwn2ZdrdD9/R7DxGo= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D1614 When PcdMigrateTemporaryRamFirmwareVolumes is TRUE, it will shadow the PEIMs, when it is disabled, PEIMs marked REGISTER_FOR_SHADOW will be shadowed as well and it is controled by PcdShadowPeimOnBoot and PcdShadowPeimOnS3Boot. To cover the shadow behavior, the change will always shadow PEIMs when enable PcdMigrateTemporaryRamFirmwareVolumes. When PcdMigrateTemporaryRamFirmwareVolumes is true, if enable PcdShadowPeimOnBoot or PcdShadowPeimOnS3Boot, it will shadow some PEIMs twice and occupy more memory and waste more boot time, it is unnecessary, so the only valid choice is to enable PcdMigrateTemporaryRamFirmwareVolumes and disable PcdShadowPeimOnBoot and PcdShadowPeimOnS3Boot. Signed-off-by: Guomin Jiang Cc: Jian J Wang Cc: Hao A Wu Cc: Dandan Bi Cc: Liming Gao Cc: Debkumar De Cc: Harry Han Cc: Catharine West --- MdeModulePkg/MdeModulePkg.dec | 11 +++++--- MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c | 14 +++++++--- MdeModulePkg/Core/Pei/Image/Image.c | 6 ++--- MdeModulePkg/Core/Pei/PeiMain/PeiMain.c | 26 +++++++++++++++---- 4 files changed, 42 insertions(+), 15 deletions(-) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index e0ad9373e62f..5220202b233b 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -1223,11 +1223,14 @@ [PcdsFixedAtBuild, PcdsPatchableInModule] # @Prompt Shadow Peim and PeiCore on boot gEfiMdeModulePkgTokenSpaceGuid.PcdShadowPeimOnBoot|TRUE|BOOLEAN|0x300010= 29 =20 - ## Enable the feature that evacuate temporary memory to permanent memory= or not + ## Enable the feature that evacuate temporary memory to permanent memory= or not

# Set FALSE as default, if the developer need this feature to avoid thi= s vulnerability, please - # enable it in dsc file. - # TRUE - Evacuate temporary memory, the actions include copy memory, co= nvert PPI pointers and so on. - # FALSE - Do nothing, for example, no copy memory, no convert PPI point= ers and so on. + # enable it and disable PcdShadowPeimOnBoot and PcdShadowPeimOnS3Boot i= n dsc file at the same time.
+ # The reason is that PcdMigrateTemporaryRamFirmwareVolumes will make al= l PEIMs be shadowed and + # it is unnecessary that shadow PEIMs which is controled by PcdShadowPe= imOnBoot and PcdShadowPeimOnS3Boot + # again, it will occupy more memory and waste more time if you enable i= t.
+ # TRUE - Evacuate temporary memory, the actions include copy memory, co= nvert PPI pointers and so on.
+ # FALSE - Do nothing, for example, no copy memory, no convert PPI point= ers and so on.
# @Prompt Evacuate temporary memory to permanent memory gEfiMdeModulePkgTokenSpaceGuid.PcdMigrateTemporaryRamFirmwareVolumes|FAL= SE|BOOLEAN|0x3000102A =20 diff --git a/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c b/MdeModulePkg/C= ore/Pei/Dispatcher/Dispatcher.c index 667d9273bb91..11ff5e693304 100644 --- a/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c +++ b/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c @@ -1408,7 +1408,11 @@ PeiDispatcher ( PeimFileHandle =3D NULL; EntryPoint =3D 0; =20 - if ((Private->PeiMemoryInstalled) && (Private->HobList.HandoffInformatio= nTable->BootMode !=3D BOOT_ON_S3_RESUME || PcdGetBool (PcdShadowPeimOnS3Boo= t))) { + if ((Private->PeiMemoryInstalled) && + (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes) + || (Private->HobList.HandoffInformationTable->BootMode !=3D BOOT_ON= _S3_RESUME) + || PcdGetBool (PcdShadowPeimOnS3Boot)) + ) { // // Once real memory is available, shadow the RegisterForShadow modules= . And meanwhile // update the modules' status from PEIM_STATE_REGISTER_FOR_SHADOW to P= EIM_STATE_DONE. @@ -1607,13 +1611,17 @@ PeiDispatcher ( PeiCheckAndSwitchStack (SecCoreData, Private); =20 if ((Private->PeiMemoryInstalled) && (Private->Fv[FvCount].Pei= mState[PeimCount] =3D=3D PEIM_STATE_REGISTER_FOR_SHADOW) && \ - (Private->HobList.HandoffInformationTable->BootMode !=3D B= OOT_ON_S3_RESUME || PcdGetBool (PcdShadowPeimOnS3Boot))) { + (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes) + || (Private->HobList.HandoffInformationTable->BootMode != =3D BOOT_ON_S3_RESUME) + || PcdGetBool (PcdShadowPeimOnS3Boot)) + ) { // // If memory is available we shadow images by default for pe= rformance reasons. // We call the entry point a 2nd time so the module knows it= 's shadowed. // //PERF_START (PeiServices, L"PEIM", PeimFileHandle, 0); - if ((Private->HobList.HandoffInformationTable->BootMode !=3D= BOOT_ON_S3_RESUME) && !PcdGetBool (PcdShadowPeimOnBoot)) { + if ((Private->HobList.HandoffInformationTable->BootMode !=3D= BOOT_ON_S3_RESUME) && !PcdGetBool (PcdShadowPeimOnBoot) + && !PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)) { // // Load PEIM into Memory for Register for shadow PEIM. // diff --git a/MdeModulePkg/Core/Pei/Image/Image.c b/MdeModulePkg/Core/Pei/Im= age/Image.c index 0caeb63e26b4..f9b570ba1f47 100644 --- a/MdeModulePkg/Core/Pei/Image/Image.c +++ b/MdeModulePkg/Core/Pei/Image/Image.c @@ -299,7 +299,7 @@ LoadAndRelocatePeCoffImage ( IsRegisterForShadow =3D FALSE; if ((Private->CurrentFileHandle =3D=3D FileHandle) && (Private->Fv[Private->CurrentPeimFvCount].PeimState[Private->Curren= tPeimCount] =3D=3D PEIM_STATE_REGISTER_FOR_SHADOW)) { - IsRegisterForShadow =3D TRUE; + IsRegisterForShadow =3D TRUE && !PcdGetBool (PcdMigrateTemporaryRamFir= mwareVolumes); } =20 // @@ -319,8 +319,7 @@ LoadAndRelocatePeCoffImage ( // Check whether the file type is PEI module. // IsPeiModule =3D FALSE; - if (FileInfo.FileType =3D=3D EFI_FV_FILETYPE_PEI_CORE || - FileInfo.FileType =3D=3D EFI_FV_FILETYPE_PEIM || + if (FileInfo.FileType =3D=3D EFI_FV_FILETYPE_PEIM || FileInfo.FileType =3D=3D EFI_FV_FILETYPE_COMBINED_PEIM_DRIVER) { IsPeiModule =3D TRUE; } @@ -342,6 +341,7 @@ LoadAndRelocatePeCoffImage ( // Allocate Memory for the image when memory is ready, and image is relo= catable. // On normal boot, PcdShadowPeimOnBoot decides whether load PEIM or PeiC= ore into memory. // On S3 boot, PcdShadowPeimOnS3Boot decides whether load PEIM or PeiCor= e into memory. + // PeiCore is specificial case, it will separate from IsPeiModule. // if ((!ImageContext.RelocationsStripped) && (Private->PeiMemoryInstalled)= && ((!IsPeiModule) || (!IsS3Boot && (PcdGetBool (PcdShadowPeimOnBoot) || IsRegisterForShad= ow)) || (IsS3Boot && PcdGetBool (PcdShadowPeimOnS3Boot)))) { diff --git a/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c b/MdeModulePkg/Core/Pe= i/PeiMain/PeiMain.c index 48605eeada86..3f168bb56893 100644 --- a/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c +++ b/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c @@ -322,7 +322,8 @@ PeiCore ( // PEI Core and PEIMs to get high performance. // OldCoreData->ShadowedPeiCore =3D (PEICORE_FUNCTION_POINTER) (UINTN) = PeiCore; - if ((HandoffInformationTable->BootMode =3D=3D BOOT_ON_S3_RESUME && P= cdGetBool (PcdShadowPeimOnS3Boot)) + if (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes) + || (HandoffInformationTable->BootMode =3D=3D BOOT_ON_S3_RESUME &= & PcdGetBool (PcdShadowPeimOnS3Boot)) || (HandoffInformationTable->BootMode !=3D BOOT_ON_S3_RESUME && = PcdGetBool (PcdShadowPeimOnBoot))) { OldCoreData->ShadowedPeiCore =3D ShadowPeiCore (OldCoreData); } @@ -422,10 +423,25 @@ PeiCore ( } } else { if (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)) { - if (PrivateData.HobList.HandoffInformationTable->BootMode =3D=3D BOO= T_ON_S3_RESUME) { - TempRamEvacuation =3D PcdGetBool (PcdShadowPeimOnS3Boot); - } else { - TempRamEvacuation =3D PcdGetBool (PcdShadowPeimOnBoot); + TempRamEvacuation =3D TRUE; + + // + // When PcdMigrateTemporaryRamFirmwareVolumes is TRUE, it makes sens= e only + // when both PcdShadowPeimOnBoot and PcdShadowPeimOnS3Boot is FALSE. + // The reason is that PcdMigrateTemporaryRamFirmwareVolumes will mak= e all PEIMs + // be shadowed and it is unnecessary that shadow PEIMs which is cont= roled by + // PcdShadowPeimOnBoot and PcdShadowPeimOnS3Boot again, it will occu= py more + // memory and waste more time if you enable it. + // + if (PcdGetBool (PcdShadowPeimOnBoot) || PcdGetBool (PcdShadowPeimOnS= 3Boot)) { + DEBUG (( + DEBUG_ERROR, + "!!!IMPORTANT NOTICE!!!\n" + "When you see the message, it mean that you enable the PcdShadow= PeimOnBoot or PcdShadowPeimOnS3Boot when enable PcdMigrateTemporaryRamFirmw= areVolumes\n" + "It make no sense because it will occupy more memory and waste m= ore time.\n" + "You must disable PcdShadowPeimOnBoot and PcdShadowPeimOnS3Boot = when enable PcdMigrateTemporaryRamFirmwareVolumes for performance reason.\n= \n")); + ASSERT ((PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes) =3D=3D= TRUE) && + (PcdGetBool (PcdShadowPeimOnBoot) =3D=3D FALSE) && (PcdGet= Bool (PcdShadowPeimOnS3Boot) =3D=3D FALSE)); } } =20 --=20 2.25.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#63102): https://edk2.groups.io/g/devel/message/63102 Mute This Topic: https://groups.io/mt/75720856/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-