From nobody Mon Apr 29 02:19:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+97666+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+97666+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1671596555; cv=none; d=zohomail.com; s=zohoarc; b=Q96x2O2xXiKvVWRoXz1amyf1TeQegQodXAkRx3K/Hrtdeeu5c4d2onwIPhqOp7+IAhSmnj1oc0dvWWQhzb9tW8VMngw5vgKUXrIyGljLMdn6R+S6d1aMHbfMROYcOM8/dC0wix/7gBJwJgVMYmGxj2H6m2rX3ITnmX2lSPes5z4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1671596555; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=YnFtwWkBOIDFoUK2TRWHzcH0PTdQW2MDQ/zPT3aBCWQ=; b=EL2pPkQxFIYY/XJpUQ+RIp6uRoHV+q0WNAcvkB6ujt3ehWOIxNJ0mnOJpEB3hH0U+a/4rH6xkTEIt0HiRs+iN/+vM/QTzpzyN34+t9Yz724kIHzXhZiEy64X9SQh/XgcLmqTUgWgt7y+C3fVezbvEUEavjSptKnTz9P1jgxi/l0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+97666+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1671596555013284.1513834029805; Tue, 20 Dec 2022 20:22:35 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id B8CfYY1788612xwHKsye3gHw; Tue, 20 Dec 2022 20:22:34 -0800 X-Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web10.11754.1671596550918694566 for ; Tue, 20 Dec 2022 20:22:34 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10567"; a="299458199" X-IronPort-AV: E=Sophos;i="5.96,261,1665471600"; d="scan'208";a="299458199" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Dec 2022 20:22:34 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10567"; a="681893573" X-IronPort-AV: E=Sophos;i="5.96,261,1665471600"; d="scan'208";a="681893573" X-Received: from shwdeopenlab702.ccr.corp.intel.com ([10.239.182.152]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Dec 2022 20:22:32 -0800 From: "duntan" To: devel@edk2.groups.io Cc: Eric Dong , Ray Ni , Rahul Kumar Subject: [edk2-devel] [Patch V2 1/3] UefiCpuPkg/PiSmmCpuDxeSmm: Introduce page table pool mechanism Date: Wed, 21 Dec 2022 12:21:54 +0800 Message-Id: <20221221042156.280-2-dun.tan@intel.com> In-Reply-To: <20221221042156.280-1-dun.tan@intel.com> References: <20221221042156.280-1-dun.tan@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dun.tan@intel.com X-Gm-Message-State: 28MR46zra0omvB0KKH2mISB4x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1671596554; bh=Se/wov9enFVDTo3PWMLjtZ5UasNCdG0laDq3oTNCKDQ=; h=Cc:Date:From:Reply-To:Subject:To; b=KqbriLKZu3G/SKJ0CZ44jBg4ERMc40xpBGNFdyCFZboy/PvgSGo2e6594xjRBLMsMLh svYgsXpsRsZ3Xm2h/UNMvsCVjD124Bpn77x1/YFzPvvqBEwH070YFIJLWQmj0HGDkfu2m +zPbdDmD/xpqqYfGorMKZJOOBdVX3VRlgtc= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1671596556932100001 Content-Type: text/plain; charset="utf-8" Introduce page table pool mechanism for smm page table to simplify page table memory management and protection. This mechanism has been used in DxeIpl. The basic idea is to allocate a bunch of continuous pages of memory in advance, and all future page tables consumption will happen in those pool instead of system memory. Since we have centralized page tables, we only need to mark all page table pools as RO, instead of searching page table memory layer by layer in smm page table. Once current page table pool has been used up, another memory pool will be allocated and the new pool will also be set as RO if current page table memory has been marked as RO. Signed-off-by: Dun Tan Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Reviewed-by: Ray Ni --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c | 20 ++---------------= --- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 30 -----------------= ------------- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 31 +++++++++++++++++= ++++++++++++++ UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 137 +++++++++++++++++= +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= +++++++++++++++++++++++++++++++++++++++++++++ UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c | 20 ++---------------= --- 5 files changed, 172 insertions(+), 66 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c b/UefiCpuPkg/PiSmmCpu= DxeSmm/Ia32/PageTbl.c index 97058a2810..bbc536a567 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c @@ -10,24 +10,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 #include "PiSmmCpuDxeSmm.h" =20 -/** - Disable CET. -**/ -VOID -EFIAPI -DisableCet ( - VOID - ); - -/** - Enable CET. -**/ -VOID -EFIAPI -EnableCet ( - VOID - ); - /** Create PageTable for SMM use. =20 @@ -320,6 +302,8 @@ SetPageTableAttributes ( EnableCet (); } =20 + mIsReadOnlyPageTable =3D TRUE; + return; } =20 diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c b/UefiCpuPkg/PiSmmC= puDxeSmm/PiSmmCpuDxeSmm.c index 37e3cfc449..655175a2c6 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c @@ -1322,36 +1322,6 @@ ConfigSmmCodeAccessCheck ( } } =20 -/** - This API provides a way to allocate memory for page table. - - This API can be called more once to allocate memory for page tables. - - Allocates the number of 4KB pages of type EfiRuntimeServicesData and ret= urns a pointer to the - allocated buffer. The buffer returned is aligned on a 4KB boundary. If= Pages is 0, then NULL - is returned. If there is not enough memory remaining to satisfy the req= uest, then NULL is - returned. - - @param Pages The number of 4 KB pages to allocate. - - @return A pointer to the allocated buffer or NULL if allocation fails. - -**/ -VOID * -AllocatePageTableMemory ( - IN UINTN Pages - ) -{ - VOID *Buffer; - - Buffer =3D SmmCpuFeaturesAllocatePageTableMemory (Pages); - if (Buffer !=3D NULL) { - return Buffer; - } - - return AllocatePages (Pages); -} - /** Allocate pages for code. =20 diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h b/UefiCpuPkg/PiSmmC= puDxeSmm/PiSmmCpuDxeSmm.h index 0bfba7e359..3e69e043ca 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h @@ -260,12 +260,43 @@ extern UINTN mNumberOfCpus; extern EFI_SMM_CPU_PROTOCOL mSmmCpu; extern EFI_MM_MP_PROTOCOL mSmmMp; extern BOOLEAN m5LevelPagingNeeded; +extern BOOLEAN mIsReadOnlyPageTable; =20 /// /// The mode of the CPU at the time an SMI occurs /// extern UINT8 mSmmSaveStateRegisterLma; =20 +#define PAGE_TABLE_POOL_ALIGNMENT BASE_128KB +#define PAGE_TABLE_POOL_UNIT_SIZE BASE_128KB +#define PAGE_TABLE_POOL_UNIT_PAGES EFI_SIZE_TO_PAGES (PAGE_TABLE_POOL_UNI= T_SIZE) +#define PAGE_TABLE_POOL_ALIGN_MASK \ + (~(EFI_PHYSICAL_ADDRESS)(PAGE_TABLE_POOL_ALIGNMENT - 1)) + +typedef struct { + VOID *NextPool; + UINTN Offset; + UINTN FreePages; +} PAGE_TABLE_POOL; + +/** + Disable CET. +**/ +VOID +EFIAPI +DisableCet ( + VOID + ); + +/** + Enable CET. +**/ +VOID +EFIAPI +EnableCet ( + VOID + ); + // // SMM CPU Protocol function prototypes. // diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c b/UefiCpuPk= g/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c index 773ab927e6..11df7af016 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c @@ -35,6 +35,143 @@ PAGE_ATTRIBUTE_TABLE mPageAttributeTable[] =3D { BOOLEAN mIsShadowStack =3D FALSE; BOOLEAN m5LevelPagingNeeded =3D FALSE; =20 +// +// Global variable to keep track current available memory used as page tab= le. +// +PAGE_TABLE_POOL *mPageTablePool =3D NULL; + +// +// If memory used by SMM page table has been mareked as ReadOnly. +// +BOOLEAN mIsReadOnlyPageTable =3D FALSE; + +/** + Initialize a buffer pool for page table use only. + + To reduce the potential split operation on page table, the pages reserve= d for + page table should be allocated in the times of PAGE_TABLE_POOL_UNIT_PAGE= S and + at the boundary of PAGE_TABLE_POOL_ALIGNMENT. So the page pool is always + initialized with number of pages greater than or equal to the given Pool= Pages. + + Once the pages in the pool are used up, this method should be called aga= in to + reserve at least another PAGE_TABLE_POOL_UNIT_PAGES. But usually this wo= n't + happen in practice. + + @param PoolPages The least page number of the pool to be created. + + @retval TRUE The pool is initialized successfully. + @retval FALSE The memory is out of resource. +**/ +BOOLEAN +InitializePageTablePool ( + IN UINTN PoolPages + ) +{ + VOID *Buffer; + BOOLEAN CetEnabled; + + // + // Always reserve at least PAGE_TABLE_POOL_UNIT_PAGES, including one pag= e for + // header. + // + PoolPages +=3D 1; // Add one page for header. + PoolPages =3D ((PoolPages - 1) / PAGE_TABLE_POOL_UNIT_PAGES + 1) * + PAGE_TABLE_POOL_UNIT_PAGES; + Buffer =3D AllocateAlignedPages (PoolPages, PAGE_TABLE_POOL_ALIGNMENT); + if (Buffer =3D=3D NULL) { + DEBUG ((DEBUG_ERROR, "ERROR: Out of aligned pages\r\n")); + return FALSE; + } + + // + // Link all pools into a list for easier track later. + // + if (mPageTablePool =3D=3D NULL) { + mPageTablePool =3D Buffer; + mPageTablePool->NextPool =3D mPageTablePool; + } else { + ((PAGE_TABLE_POOL *)Buffer)->NextPool =3D mPageTablePool->NextPool; + mPageTablePool->NextPool =3D Buffer; + mPageTablePool =3D Buffer; + } + + // + // Reserve one page for pool header. + // + mPageTablePool->FreePages =3D PoolPages - 1; + mPageTablePool->Offset =3D EFI_PAGES_TO_SIZE (1); + + // + // If page table memory has been marked as RO, mark the new pool pages a= s read-only. + // + if (mIsReadOnlyPageTable) { + CetEnabled =3D ((AsmReadCr4 () & CR4_CET_ENABLE) !=3D 0) ? TRUE : FALS= E; + if (CetEnabled) { + // + // CET must be disabled if WP is disabled. + // + DisableCet (); + } + + AsmWriteCr0 (AsmReadCr0 () & ~CR0_WP); + SmmSetMemoryAttributes ((EFI_PHYSICAL_ADDRESS)(UINTN)Buffer, EFI_PAGES= _TO_SIZE (PoolPages), EFI_MEMORY_RO); + AsmWriteCr0 (AsmReadCr0 () | CR0_WP); + if (CetEnabled) { + // + // re-enable CET. + // + EnableCet (); + } + } + + return TRUE; +} + +/** + This API provides a way to allocate memory for page table. + + This API can be called more once to allocate memory for page tables. + + Allocates the number of 4KB pages of type EfiRuntimeServicesData and ret= urns a pointer to the + allocated buffer. The buffer returned is aligned on a 4KB boundary. If= Pages is 0, then NULL + is returned. If there is not enough memory remaining to satisfy the req= uest, then NULL is + returned. + + @param Pages The number of 4 KB pages to allocate. + + @return A pointer to the allocated buffer or NULL if allocation fails. + +**/ +VOID * +AllocatePageTableMemory ( + IN UINTN Pages + ) +{ + VOID *Buffer; + + if (Pages =3D=3D 0) { + return NULL; + } + + // + // Renew the pool if necessary. + // + if ((mPageTablePool =3D=3D NULL) || + (Pages > mPageTablePool->FreePages)) + { + if (!InitializePageTablePool (Pages)) { + return NULL; + } + } + + Buffer =3D (UINT8 *)mPageTablePool + mPageTablePool->Offset; + + mPageTablePool->Offset +=3D EFI_PAGES_TO_SIZE (Pages); + mPageTablePool->FreePages -=3D Pages; + + return Buffer; +} + /** Return length according to page attributes. =20 diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c b/UefiCpuPkg/PiSmmCpuD= xeSmm/X64/PageTbl.c index bf90050503..8d42d89801 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c @@ -20,24 +20,6 @@ BOOLEAN m1GPageTableSupport =3D FALSE; BOOLEAN mCpuSmmRestrictedMemoryAccess; X86_ASSEMBLY_PATCH_LABEL gPatch5LevelPagingNeeded; =20 -/** - Disable CET. -**/ -VOID -EFIAPI -DisableCet ( - VOID - ); - -/** - Enable CET. -**/ -VOID -EFIAPI -EnableCet ( - VOID - ); - /** Check if 1-GByte pages is supported by processor or not. =20 @@ -1305,6 +1287,8 @@ SetPageTableAttributes ( EnableCet (); } =20 + mIsReadOnlyPageTable =3D TRUE; + return; } =20 --=20 2.31.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#97666): https://edk2.groups.io/g/devel/message/97666 Mute This Topic: https://groups.io/mt/95801066/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon Apr 29 02:19:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+97667+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+97667+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1671596557; cv=none; d=zohomail.com; s=zohoarc; b=VbHmAcDDzNTncLdIueOAmjzkJ0uX25c0haeARipVBJUWD/0aGkVtL/53GKG0KbHNltXY9Z33JUzJhst5OIdIYbNsrCBxKnb82Tssr/MTJZe+oREcpfHmG1s5kgctHo+droZ651bUxZKPnAxF+4oy/UZFk7G03fy8OCD/JHdr+UE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1671596557; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=bl2qaBpPdlf6s5dkX9lL8vcQAzg2kLDApNlk93K1H1I=; b=IxBix27LJho8N3qEey1sp+kKei4xW6M078IfTVTtvQM9pgoTRvYBuLooSw9yMVM4BLzT3gYOet04a94iGmPEFgtioSz02Q8e30tMgpTaiBy1spuil8JosoYNPGdk3ZgVvye4K+zmIX4pXsQWiyJeUfn1b6yv2W0+2toTDvJlGCU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+97667+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1671596557378481.5687734082517; Tue, 20 Dec 2022 20:22:37 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id fuqJYY1788612xu9iDCaLprJ; Tue, 20 Dec 2022 20:22:37 -0800 X-Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web10.11754.1671596550918694566 for ; Tue, 20 Dec 2022 20:22:36 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10567"; a="299458217" X-IronPort-AV: E=Sophos;i="5.96,261,1665471600"; d="scan'208";a="299458217" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Dec 2022 20:22:36 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10567"; a="681893579" X-IronPort-AV: E=Sophos;i="5.96,261,1665471600"; d="scan'208";a="681893579" X-Received: from shwdeopenlab702.ccr.corp.intel.com ([10.239.182.152]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Dec 2022 20:22:35 -0800 From: "duntan" To: devel@edk2.groups.io Cc: Eric Dong , Ray Ni , Rahul Kumar Subject: [edk2-devel] [Patch V2 2/3] UefiCpuPkg: Remove unused API in SmmCpuFeaturesLib.h Date: Wed, 21 Dec 2022 12:21:55 +0800 Message-Id: <20221221042156.280-3-dun.tan@intel.com> In-Reply-To: <20221221042156.280-1-dun.tan@intel.com> References: <20221221042156.280-1-dun.tan@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dun.tan@intel.com X-Gm-Message-State: K5ncxBt62zni2vuAaW4G2g12x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1671596557; bh=InGs2kwOhI9MnzoquZGYwhAQzXXRi0BOnYSy5pH9VUw=; h=Cc:Date:From:Reply-To:Subject:To; b=heGGMzJv4eAeGP00zcRL75sOqHBb9/bmqnmtIeI9TX5f9lWlzIlYcda8Je0+L+h4ZbJ VKc5w2G5KNps2/Wt8VF6Xbwu2PizRoNSCQ6IMjqGtWfbTGlaiWv5osij0B+j959aOy/e1 xt0IpBB1oMXF4Ykw41fydfuZ2XEUz5qcN4Q= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1671596558955100006 Content-Type: text/plain; charset="utf-8" Remove SmmCpuFeaturesAllocatePageTableMemory in this headfile. This API is not used by PiSmmCpuDxeSmm driver any more. Also no other files use this API. Signed-off-by: Dun Tan Cc: Eric Dong Reviewed-by: Ray Ni Cc: Rahul Kumar --- UefiCpuPkg/Include/Library/SmmCpuFeaturesLib.h | 25 ----------------------= --- 1 file changed, 25 deletions(-) diff --git a/UefiCpuPkg/Include/Library/SmmCpuFeaturesLib.h b/UefiCpuPkg/In= clude/Library/SmmCpuFeaturesLib.h index 54cae865a2..52160c7145 100644 --- a/UefiCpuPkg/Include/Library/SmmCpuFeaturesLib.h +++ b/UefiCpuPkg/Include/Library/SmmCpuFeaturesLib.h @@ -386,29 +386,4 @@ SmmCpuFeaturesCompleteSmmReadyToLock ( VOID ); =20 -/** - This API provides a method for a CPU to allocate a specific region for s= toring page tables. - - This API can be called more once to allocate memory for page tables. - - Allocates the number of 4KB pages of type EfiRuntimeServicesData and ret= urns a pointer to the - allocated buffer. The buffer returned is aligned on a 4KB boundary. If= Pages is 0, then NULL - is returned. If there is not enough memory remaining to satisfy the req= uest, then NULL is - returned. - - This function can also return NULL if there is no preference on where th= e page tables are allocated in SMRAM. - - @param Pages The number of 4 KB pages to allocate. - - @return A pointer to the allocated buffer for page tables. - @retval NULL Fail to allocate a specific region for storing page ta= bles, - Or there is no preference on where the page tables are= allocated in SMRAM. - -**/ -VOID * -EFIAPI -SmmCpuFeaturesAllocatePageTableMemory ( - IN UINTN Pages - ); - #endif --=20 2.31.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#97667): https://edk2.groups.io/g/devel/message/97667 Mute This Topic: https://groups.io/mt/95801067/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon Apr 29 02:19:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+97668+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+97668+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1671596560; cv=none; d=zohomail.com; s=zohoarc; b=PGfjlHhO8VjXIUVziKbbT1MEevFhin3+7AMoUegLa5oWyjkxia29PHv1FzE3FJxtEXLldS3+3pjDWDPc5JWECKvyfGix9ZHfNLNA3xC6APzWfmZqb8gWCtrCZWEQhPozBRt3hwDzgXHeuyxuwhwe/eQz2yenyDT1f1pToF96o8Q= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1671596560; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=7pFFyorNeSg6y8Wi8IEMRRqTPqPJfmgnfy9QlGiwnxA=; b=kp93FFBf3aZkrzyYFK8GFs3+fM/w604RcuJGaqTIOzk0C2ea8QYvhBvq3UF5427vG122ghMEjRhupadm/VAhHhW6d0mL5EwqQ9p0lQr8QXpTxygj7n410taIOm24/L2CJuJrH7OeA/Gv2OKnoKXDpQSe17M7PamqrBMke/ngcbw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+97668+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1671596560088820.7510602375869; Tue, 20 Dec 2022 20:22:40 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id DMjxYY1788612xjVMZnkcCQ2; Tue, 20 Dec 2022 20:22:39 -0800 X-Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web10.11754.1671596550918694566 for ; Tue, 20 Dec 2022 20:22:38 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10567"; a="299458230" X-IronPort-AV: E=Sophos;i="5.96,261,1665471600"; d="scan'208";a="299458230" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Dec 2022 20:22:38 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10567"; a="681893583" X-IronPort-AV: E=Sophos;i="5.96,261,1665471600"; d="scan'208";a="681893583" X-Received: from shwdeopenlab702.ccr.corp.intel.com ([10.239.182.152]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Dec 2022 20:22:37 -0800 From: "duntan" To: devel@edk2.groups.io Cc: Eric Dong , Ray Ni , Rahul Kumar Subject: [edk2-devel] [Patch V2 3/3] UefiCpuPkg: Simplify the code to set smm page table as RO Date: Wed, 21 Dec 2022 12:21:56 +0800 Message-Id: <20221221042156.280-4-dun.tan@intel.com> In-Reply-To: <20221221042156.280-1-dun.tan@intel.com> References: <20221221042156.280-1-dun.tan@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dun.tan@intel.com X-Gm-Message-State: A2DWyIO5XN6F0aj5v2ojQ2Znx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1671596559; bh=WouDM3WVISnfHz9snj34bmrPb/4bj1Pf8B2Efp6NAGM=; h=Cc:Date:From:Reply-To:Subject:To; b=pvJy/9eQOR8LQeQ/FQwbbH2pNkd4kEmoTQIW8BM+Z4XHm8RIpoCyp5Z0Lg/DBZNWOso zBsJ0KzQduOxvQOz0zo+X9J+vR4cDzyZXSMFt8QaOu0to8TcL5ml8yAYDv3Te2lfl8lGG eNSn0iuKvtTeCQObiLdDs5hfA4Us7RTAYAs= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1671596561052100002 Content-Type: text/plain; charset="utf-8" Simplify the code to set memory used by smm page table as RO. Since memory used by smm page table are in PageTablePool list, we only need to set all PageTablePool as ReadOnly in smm page table itself. Also, we only need to flush tlb once after setting all page table pool as Read Only. Signed-off-by: Dun Tan Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Reviewed-by: Ray Ni --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c | 105 -----------------= ---------------------------------------------------------------------------= ------------- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 1 - UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 136 +++++++++++++++++= +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= ++++++++++++++++++++++++++++++++++++++++++++ UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c | 153 -----------------= ---------------------------------------------------------------------------= ------------------------------------------------------------- 4 files changed, 136 insertions(+), 259 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c b/UefiCpuPkg/PiSmmCpu= DxeSmm/Ia32/PageTbl.c index bbc536a567..34bf6e1a25 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c @@ -202,111 +202,6 @@ Exit: ReleaseSpinLock (mPFLock); } =20 -/** - This function sets memory attribute for page table. -**/ -VOID -SetPageTableAttributes ( - VOID - ) -{ - UINTN Index2; - UINTN Index3; - UINT64 *L1PageTable; - UINT64 *L2PageTable; - UINT64 *L3PageTable; - UINTN PageTableBase; - BOOLEAN IsSplitted; - BOOLEAN PageTableSplitted; - BOOLEAN CetEnabled; - - // - // Don't mark page table to read-only if heap guard is enabled. - // - // BIT2: SMM page guard enabled - // BIT3: SMM pool guard enabled - // - if ((PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) !=3D 0) { - DEBUG ((DEBUG_INFO, "Don't mark page table to read-only as heap guard = is enabled\n")); - return; - } - - // - // Don't mark page table to read-only if SMM profile is enabled. - // - if (FeaturePcdGet (PcdCpuSmmProfileEnable)) { - DEBUG ((DEBUG_INFO, "Don't mark page table to read-only as SMM profile= is enabled\n")); - return; - } - - DEBUG ((DEBUG_INFO, "SetPageTableAttributes\n")); - - // - // Disable write protection, because we need mark page table to be write= protected. - // We need *write* page table memory, to mark itself to be *read only*. - // - CetEnabled =3D ((AsmReadCr4 () & CR4_CET_ENABLE) !=3D 0) ? TRUE : FALSE; - if (CetEnabled) { - // - // CET must be disabled if WP is disabled. - // - DisableCet (); - } - - AsmWriteCr0 (AsmReadCr0 () & ~CR0_WP); - - do { - DEBUG ((DEBUG_INFO, "Start...\n")); - PageTableSplitted =3D FALSE; - - PageTableBase =3D AsmReadCr3 () & PAGING_4K_ADDRESS_MASK_64; - L3PageTable =3D (UINT64 *)PageTableBase; - - SmmSetMemoryAttributesEx (PageTableBase, FALSE, (EFI_PHYSICAL_ADDRESS)= PageTableBase, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted); - PageTableSplitted =3D (PageTableSplitted || IsSplitted); - - for (Index3 =3D 0; Index3 < 4; Index3++) { - L2PageTable =3D (UINT64 *)(UINTN)(L3PageTable[Index3] & ~mAddressEnc= Mask & PAGING_4K_ADDRESS_MASK_64); - if (L2PageTable =3D=3D NULL) { - continue; - } - - SmmSetMemoryAttributesEx (PageTableBase, FALSE, (EFI_PHYSICAL_ADDRES= S)(UINTN)L2PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted); - PageTableSplitted =3D (PageTableSplitted || IsSplitted); - - for (Index2 =3D 0; Index2 < SIZE_4KB/sizeof (UINT64); Index2++) { - if ((L2PageTable[Index2] & IA32_PG_PS) !=3D 0) { - // 2M - continue; - } - - L1PageTable =3D (UINT64 *)(UINTN)(L2PageTable[Index2] & ~mAddressE= ncMask & PAGING_4K_ADDRESS_MASK_64); - if (L1PageTable =3D=3D NULL) { - continue; - } - - SmmSetMemoryAttributesEx (PageTableBase, FALSE, (EFI_PHYSICAL_ADDR= ESS)(UINTN)L1PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted); - PageTableSplitted =3D (PageTableSplitted || IsSplitted); - } - } - } while (PageTableSplitted); - - // - // Enable write protection, after page table updated. - // - AsmWriteCr0 (AsmReadCr0 () | CR0_WP); - if (CetEnabled) { - // - // re-enable CET. - // - EnableCet (); - } - - mIsReadOnlyPageTable =3D TRUE; - - return; -} - /** This function returns with no action for 32 bit. =20 diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h b/UefiCpuPkg/PiSmmC= puDxeSmm/PiSmmCpuDxeSmm.h index 3e69e043ca..5f0a38e400 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h @@ -260,7 +260,6 @@ extern UINTN mNumberOfCpus; extern EFI_SMM_CPU_PROTOCOL mSmmCpu; extern EFI_MM_MP_PROTOCOL mSmmMp; extern BOOLEAN m5LevelPagingNeeded; -extern BOOLEAN mIsReadOnlyPageTable; =20 /// /// The mode of the CPU at the time an SMI occurs diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c b/UefiCpuPk= g/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c index 11df7af016..4bb23f6920 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c @@ -1753,3 +1753,139 @@ EdkiiSmmGetMemoryAttributes ( =20 return EFI_SUCCESS; } + +/** + Prevent the memory pages used for SMM page table from been overwritten. +**/ +VOID +EnablePageTableProtection ( + VOID + ) +{ + PAGE_TABLE_POOL *HeadPool; + PAGE_TABLE_POOL *Pool; + UINT64 PoolSize; + EFI_PHYSICAL_ADDRESS Address; + UINTN PageTableBase; + + if (mPageTablePool =3D=3D NULL) { + return; + } + + PageTableBase =3D AsmReadCr3 () & PAGING_4K_ADDRESS_MASK_64; + + // + // ConvertMemoryPageAttributes might update mPageTablePool. It's safer to + // remember original one in advance. + // + HeadPool =3D mPageTablePool; + Pool =3D HeadPool; + do { + Address =3D (EFI_PHYSICAL_ADDRESS)(UINTN)Pool; + PoolSize =3D Pool->Offset + EFI_PAGES_TO_SIZE (Pool->FreePages); + // + // Set entire pool including header, used-memory and left free-memory = as ReadOnly in SMM page table. + // + ConvertMemoryPageAttributes (PageTableBase, m5LevelPagingNeeded, Addre= ss, PoolSize, EFI_MEMORY_RO, TRUE, NULL, NULL); + Pool =3D Pool->NextPool; + } while (Pool !=3D HeadPool); +} + +/** + Return whether memory used by SMM page table need to be set as Read Only. + + @retval TRUE Need to set SMM page table as Read Only. + @retval FALSE Do not set SMM page table as Read Only. +**/ +BOOLEAN +IfReadOnlyPageTableNeeded ( + VOID + ) +{ + // + // Don't mark page table memory as read-only if + // - no restriction on access to non-SMRAM memory; or + // - SMM heap guard feature enabled; or + // BIT2: SMM page guard enabled + // BIT3: SMM pool guard enabled + // - SMM profile feature enabled + // + if (!IsRestrictedMemoryAccess () || + ((PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) !=3D 0) || + FeaturePcdGet (PcdCpuSmmProfileEnable)) + { + if (sizeof (UINTN) =3D=3D sizeof (UINT64)) { + // + // Restriction on access to non-SMRAM memory and heap guard could no= t be enabled at the same time. + // + ASSERT ( + !(IsRestrictedMemoryAccess () && + (PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) !=3D 0) + ); + + // + // Restriction on access to non-SMRAM memory and SMM profile could n= ot be enabled at the same time. + // + ASSERT (!(IsRestrictedMemoryAccess () && FeaturePcdGet (PcdCpuSmmPro= fileEnable))); + } + + return FALSE; + } + + return TRUE; +} + +/** + This function sets memory attribute for page table. +**/ +VOID +SetPageTableAttributes ( + VOID + ) +{ + BOOLEAN CetEnabled; + + if (!IfReadOnlyPageTableNeeded ()) { + return; + } + + DEBUG ((DEBUG_INFO, "SetPageTableAttributes\n")); + + // + // Disable write protection, because we need mark page table to be write= protected. + // We need *write* page table memory, to mark itself to be *read only*. + // + CetEnabled =3D ((AsmReadCr4 () & CR4_CET_ENABLE) !=3D 0) ? TRUE : FALSE; + if (CetEnabled) { + // + // CET must be disabled if WP is disabled. + // + DisableCet (); + } + + AsmWriteCr0 (AsmReadCr0 () & ~CR0_WP); + + // Set memory used by page table as Read Only. + DEBUG ((DEBUG_INFO, "Start...\n")); + EnablePageTableProtection (); + + // + // Enable write protection, after page table attribute updated. + // + AsmWriteCr0 (AsmReadCr0 () | CR0_WP); + mIsReadOnlyPageTable =3D TRUE; + + // + // Flush TLB after mark all page table pool as read only. + // + FlushTlbForAll (); + + if (CetEnabled) { + // + // re-enable CET. + // + EnableCet (); + } + + return; +} diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c b/UefiCpuPkg/PiSmmCpuD= xeSmm/X64/PageTbl.c index 8d42d89801..3deb1ffd67 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c @@ -1139,159 +1139,6 @@ Exit: ReleaseSpinLock (mPFLock); } =20 -/** - This function sets memory attribute for page table. -**/ -VOID -SetPageTableAttributes ( - VOID - ) -{ - UINTN Index2; - UINTN Index3; - UINTN Index4; - UINTN Index5; - UINT64 *L1PageTable; - UINT64 *L2PageTable; - UINT64 *L3PageTable; - UINT64 *L4PageTable; - UINT64 *L5PageTable; - UINTN PageTableBase; - BOOLEAN IsSplitted; - BOOLEAN PageTableSplitted; - BOOLEAN CetEnabled; - BOOLEAN Enable5LevelPaging; - IA32_CR4 Cr4; - - // - // Don't mark page table memory as read-only if - // - no restriction on access to non-SMRAM memory; or - // - SMM heap guard feature enabled; or - // BIT2: SMM page guard enabled - // BIT3: SMM pool guard enabled - // - SMM profile feature enabled - // - if (!mCpuSmmRestrictedMemoryAccess || - ((PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) !=3D 0) || - FeaturePcdGet (PcdCpuSmmProfileEnable)) - { - // - // Restriction on access to non-SMRAM memory and heap guard could not = be enabled at the same time. - // - ASSERT ( - !(mCpuSmmRestrictedMemoryAccess && - (PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) !=3D 0) - ); - - // - // Restriction on access to non-SMRAM memory and SMM profile could not= be enabled at the same time. - // - ASSERT (!(mCpuSmmRestrictedMemoryAccess && FeaturePcdGet (PcdCpuSmmPro= fileEnable))); - return; - } - - DEBUG ((DEBUG_INFO, "SetPageTableAttributes\n")); - - // - // Disable write protection, because we need mark page table to be write= protected. - // We need *write* page table memory, to mark itself to be *read only*. - // - CetEnabled =3D ((AsmReadCr4 () & CR4_CET_ENABLE) !=3D 0) ? TRUE : FALSE; - if (CetEnabled) { - // - // CET must be disabled if WP is disabled. - // - DisableCet (); - } - - AsmWriteCr0 (AsmReadCr0 () & ~CR0_WP); - - do { - DEBUG ((DEBUG_INFO, "Start...\n")); - PageTableSplitted =3D FALSE; - L5PageTable =3D NULL; - - PageTableBase =3D AsmReadCr3 () & PAGING_4K_ADDRESS_MASK_64; - Cr4.UintN =3D AsmReadCr4 (); - Enable5LevelPaging =3D (BOOLEAN)(Cr4.Bits.LA57 =3D=3D 1); - - if (Enable5LevelPaging) { - L5PageTable =3D (UINT64 *)PageTableBase; - SmmSetMemoryAttributesEx (PageTableBase, Enable5LevelPaging, (EFI_PH= YSICAL_ADDRESS)PageTableBase, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted); - PageTableSplitted =3D (PageTableSplitted || IsSplitted); - } - - for (Index5 =3D 0; Index5 < (Enable5LevelPaging ? SIZE_4KB/sizeof (UIN= T64) : 1); Index5++) { - if (Enable5LevelPaging) { - L4PageTable =3D (UINT64 *)(UINTN)(L5PageTable[Index5] & ~mAddressE= ncMask & PAGING_4K_ADDRESS_MASK_64); - if (L4PageTable =3D=3D NULL) { - continue; - } - } else { - L4PageTable =3D (UINT64 *)PageTableBase; - } - - SmmSetMemoryAttributesEx (PageTableBase, Enable5LevelPaging, (EFI_PH= YSICAL_ADDRESS)(UINTN)L4PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted); - PageTableSplitted =3D (PageTableSplitted || IsSplitted); - - for (Index4 =3D 0; Index4 < SIZE_4KB/sizeof (UINT64); Index4++) { - L3PageTable =3D (UINT64 *)(UINTN)(L4PageTable[Index4] & ~mAddressE= ncMask & PAGING_4K_ADDRESS_MASK_64); - if (L3PageTable =3D=3D NULL) { - continue; - } - - SmmSetMemoryAttributesEx (PageTableBase, Enable5LevelPaging, (EFI_= PHYSICAL_ADDRESS)(UINTN)L3PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted); - PageTableSplitted =3D (PageTableSplitted || IsSplitted); - - for (Index3 =3D 0; Index3 < SIZE_4KB/sizeof (UINT64); Index3++) { - if ((L3PageTable[Index3] & IA32_PG_PS) !=3D 0) { - // 1G - continue; - } - - L2PageTable =3D (UINT64 *)(UINTN)(L3PageTable[Index3] & ~mAddres= sEncMask & PAGING_4K_ADDRESS_MASK_64); - if (L2PageTable =3D=3D NULL) { - continue; - } - - SmmSetMemoryAttributesEx (PageTableBase, Enable5LevelPaging, (EF= I_PHYSICAL_ADDRESS)(UINTN)L2PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted= ); - PageTableSplitted =3D (PageTableSplitted || IsSplitted); - - for (Index2 =3D 0; Index2 < SIZE_4KB/sizeof (UINT64); Index2++) { - if ((L2PageTable[Index2] & IA32_PG_PS) !=3D 0) { - // 2M - continue; - } - - L1PageTable =3D (UINT64 *)(UINTN)(L2PageTable[Index2] & ~mAddr= essEncMask & PAGING_4K_ADDRESS_MASK_64); - if (L1PageTable =3D=3D NULL) { - continue; - } - - SmmSetMemoryAttributesEx (PageTableBase, Enable5LevelPaging, (= EFI_PHYSICAL_ADDRESS)(UINTN)L1PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitt= ed); - PageTableSplitted =3D (PageTableSplitted || IsSplitted); - } - } - } - } - } while (PageTableSplitted); - - // - // Enable write protection, after page table updated. - // - AsmWriteCr0 (AsmReadCr0 () | CR0_WP); - if (CetEnabled) { - // - // re-enable CET. - // - EnableCet (); - } - - mIsReadOnlyPageTable =3D TRUE; - - return; -} - /** This function reads CR2 register when on-demand paging is enabled. =20 --=20 2.31.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#97668): https://edk2.groups.io/g/devel/message/97668 Mute This Topic: https://groups.io/mt/95801068/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-