From nobody Fri Dec 19 04:32:17 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+104927+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+104927+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1684231229; cv=none; d=zohomail.com; s=zohoarc; b=U47PnVZnEA6CCny7imT77pUIuODXBSCnWCi8gL9lxBAo1lehNRLqXoBcCKub/swKhRVhTjpR20ASrdyoaIng0AGJw1pZvaWFKOW5FZ0LAH55t+xKUrkTGRTZ4PT6sn3do2zXjJrvQlJfWSq+FQBrhK218CcceFFCMY3YuPWHqGg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1684231229; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=/ca3c0Z0dtn/2G5Nk8BgcUFyAZRmKNHVDqvvQ/RodgM=; b=eDVTyIVBm4MsmUNqg0qM2RSqrFsCxwg9xUrVew8LnzduOjM+E6VRGKKCA6mBAkYDWmDhwWKd4JezsBXEsV5NZ2Ncjjg9KnRV8BNMpt+YJfvV6dNqKKLn9aPOUMdmbY9dquArnw1/kpiPGio8106Oxkw1W+QahvCXoG4tnHOAg1E= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+104927+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1684231229576374.73260087614824; Tue, 16 May 2023 03:00:29 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id txaOYY1788612xUWmFkg2za6; Tue, 16 May 2023 03:00:29 -0700 X-Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web11.17915.1684231210780691710 for ; Tue, 16 May 2023 03:00:28 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10711"; a="417093262" X-IronPort-AV: E=Sophos;i="5.99,278,1677571200"; d="scan'208";a="417093262" X-Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 May 2023 03:00:28 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10711"; a="791019571" X-IronPort-AV: E=Sophos;i="5.99,278,1677571200"; d="scan'208";a="791019571" X-Received: from shwdeopenlab702.ccr.corp.intel.com ([10.239.55.158]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 May 2023 03:00:26 -0700 From: "duntan" To: devel@edk2.groups.io Cc: Eric Dong , Ray Ni , Rahul Kumar , Gerd Hoffmann Subject: [edk2-devel] [Patch V4 07/15] UefiCpuPkg/PiSmmCpuDxeSmm: Add 2 function to disable/enable CR0.WP Date: Tue, 16 May 2023 17:59:24 +0800 Message-Id: <20230516095932.1525-8-dun.tan@intel.com> In-Reply-To: <20230516095932.1525-1-dun.tan@intel.com> References: <20230516095932.1525-1-dun.tan@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dun.tan@intel.com X-Gm-Message-State: oVkehxyUfzOwfis07cE1MydGx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1684231229; bh=H2rADmmiZ1cbyRWLlyFEzWmX1de3MWahVRiZaX40Dmo=; h=Cc:Date:From:Reply-To:Subject:To; b=oAcFGS8wjnYYsxUXE/sxhcXCfxd9knoFUZO2xIjBPMbptJMyDE2DTx7g8tAj+bEuO7F /o2sBDGwstz+VlUl3ZDXapC5iDdAqBKKU0gFtRdJxzK3Fq4L3hp/Ja6zdg5oO1ApKLssG /VXERGTSnKmKLJ56Jqoe8zpcST94BP67ZeA= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1684231230788100015 Content-Type: text/plain; charset="utf-8" Add two functions to disable/enable CR0.WP. These two unctions will also be used in later commits. This commit doesn't change any functionality. Signed-off-by: Dun Tan Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: Gerd Hoffmann Reviewed-by: Ray Ni --- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 24 +++++++++++++++++= +++++++ UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 115 +++++++++++++++++= +++++++++++++++++++++++++++++++++++++++++++++++++--------------------------= ----------------------- 2 files changed, 90 insertions(+), 49 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h b/UefiCpuPkg/PiSmmC= puDxeSmm/PiSmmCpuDxeSmm.h index ba341cadc6..e0c4ca76dc 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h @@ -1565,4 +1565,28 @@ SmmWaitForApArrival ( VOID ); =20 +/** + Disable Write Protect on pages marked as read-only if Cr0.Bits.WP is 1. + + @param[out] WpEnabled If Cr0.WP is enabled. + @param[out] CetEnabled If CET is enabled. +**/ +VOID +DisableReadOnlyPageWriteProtect ( + OUT BOOLEAN *WpEnabled, + OUT BOOLEAN *CetEnabled + ); + +/** + Enable Write Protect on pages marked as read-only. + + @param[out] WpEnabled If Cr0.WP should be enabled. + @param[out] CetEnabled If CET should be enabled. +**/ +VOID +EnableReadOnlyPageWriteProtect ( + BOOLEAN WpEnabled, + BOOLEAN CetEnabled + ); + #endif diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c b/UefiCpuPk= g/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c index 2faee8f859..4b512edf68 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c @@ -40,6 +40,64 @@ PAGE_TABLE_POOL *mPageTablePool =3D NULL; // BOOLEAN mIsReadOnlyPageTable =3D FALSE; =20 +/** + Disable Write Protect on pages marked as read-only if Cr0.Bits.WP is 1. + + @param[out] WpEnabled If Cr0.WP is enabled. + @param[out] CetEnabled If CET is enabled. +**/ +VOID +DisableReadOnlyPageWriteProtect ( + OUT BOOLEAN *WpEnabled, + OUT BOOLEAN *CetEnabled + ) +{ + IA32_CR0 Cr0; + + *CetEnabled =3D ((AsmReadCr4 () & CR4_CET_ENABLE) !=3D 0) ? TRUE : FALSE; + Cr0.UintN =3D AsmReadCr0 (); + *WpEnabled =3D (Cr0.Bits.WP !=3D 0) ? TRUE : FALSE; + if (*WpEnabled) { + if (*CetEnabled) { + // + // CET must be disabled if WP is disabled. Disable CET before cleari= ng CR0.WP. + // + DisableCet (); + } + + Cr0.Bits.WP =3D 0; + AsmWriteCr0 (Cr0.UintN); + } +} + +/** + Enable Write Protect on pages marked as read-only. + + @param[out] WpEnabled If Cr0.WP should be enabled. + @param[out] CetEnabled If CET should be enabled. +**/ +VOID +EnableReadOnlyPageWriteProtect ( + BOOLEAN WpEnabled, + BOOLEAN CetEnabled + ) +{ + IA32_CR0 Cr0; + + if (WpEnabled) { + Cr0.UintN =3D AsmReadCr0 (); + Cr0.Bits.WP =3D 1; + AsmWriteCr0 (Cr0.UintN); + + if (CetEnabled) { + // + // re-enable CET. + // + EnableCet (); + } + } +} + /** Initialize a buffer pool for page table use only. =20 @@ -62,10 +120,9 @@ InitializePageTablePool ( IN UINTN PoolPages ) { - VOID *Buffer; - BOOLEAN CetEnabled; - BOOLEAN WpEnabled; - IA32_CR0 Cr0; + VOID *Buffer; + BOOLEAN WpEnabled; + BOOLEAN CetEnabled; =20 // // Always reserve at least PAGE_TABLE_POOL_UNIT_PAGES, including one pag= e for @@ -102,34 +159,9 @@ InitializePageTablePool ( // If page table memory has been marked as RO, mark the new pool pages a= s read-only. // if (mIsReadOnlyPageTable) { - CetEnabled =3D ((AsmReadCr4 () & CR4_CET_ENABLE) !=3D 0) ? TRUE : FALS= E; - Cr0.UintN =3D AsmReadCr0 (); - WpEnabled =3D (Cr0.Bits.WP !=3D 0) ? TRUE : FALSE; - if (WpEnabled) { - if (CetEnabled) { - // - // CET must be disabled if WP is disabled. Disable CET before clea= ring CR0.WP. - // - DisableCet (); - } - - Cr0.Bits.WP =3D 0; - AsmWriteCr0 (Cr0.UintN); - } - + DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled); SmmSetMemoryAttributes ((EFI_PHYSICAL_ADDRESS)(UINTN)Buffer, EFI_PAGES= _TO_SIZE (PoolPages), EFI_MEMORY_RO); - if (WpEnabled) { - Cr0.UintN =3D AsmReadCr0 (); - Cr0.Bits.WP =3D 1; - AsmWriteCr0 (Cr0.UintN); - - if (CetEnabled) { - // - // re-enable CET. - // - EnableCet (); - } - } + EnableReadOnlyPageWriteProtect (WpEnabled, CetEnabled); } =20 return TRUE; @@ -1782,6 +1814,7 @@ SetPageTableAttributes ( VOID ) { + BOOLEAN WpEnabled; BOOLEAN CetEnabled; =20 if (!IfReadOnlyPageTableNeeded ()) { @@ -1794,15 +1827,7 @@ SetPageTableAttributes ( // Disable write protection, because we need mark page table to be write= protected. // We need *write* page table memory, to mark itself to be *read only*. // - CetEnabled =3D ((AsmReadCr4 () & CR4_CET_ENABLE) !=3D 0) ? TRUE : FALSE; - if (CetEnabled) { - // - // CET must be disabled if WP is disabled. - // - DisableCet (); - } - - AsmWriteCr0 (AsmReadCr0 () & ~CR0_WP); + DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled); =20 // Set memory used by page table as Read Only. DEBUG ((DEBUG_INFO, "Start...\n")); @@ -1811,20 +1836,12 @@ SetPageTableAttributes ( // // Enable write protection, after page table attribute updated. // - AsmWriteCr0 (AsmReadCr0 () | CR0_WP); + EnableReadOnlyPageWriteProtect (TRUE, CetEnabled); mIsReadOnlyPageTable =3D TRUE; =20 // // Flush TLB after mark all page table pool as read only. // FlushTlbForAll (); - - if (CetEnabled) { - // - // re-enable CET. - // - EnableCet (); - } - return; } --=20 2.31.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#104927): https://edk2.groups.io/g/devel/message/104927 Mute This Topic: https://groups.io/mt/98922933/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-