tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

UefiCpuPkg/PiSmmCpu: Use new PCD PcdCpuSmmRestrictedMemoryAccess 

The patch changes PiSmmCpu driver to consume PCD
PcdCpuSmmRestrictedMemoryAccess.
Because the behavior controlled by PcdCpuSmmStaticPageTable in
original code is not changed after switching to
PcdCpuSmmRestrictedMemoryAccess.

The functionality is not impacted by this patch.

Signed-off-by: Ray Ni <ray.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
This commit is contained in:
Ray Ni 2019-08-24 08:45:09 +08:00
parent 87184487d2
commit 09f7c82b4c
2 changed files with 34 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
View File

@ -133,7 +133,6 @@
gUefiCpuPkgTokenSpaceGuid.PcdCpuHotPlugDataAddress ## SOMETIMES_PRODUCES gUefiCpuPkgTokenSpaceGuid.PcdCpuHotPlugDataAddress ## SOMETIMES_PRODUCES
gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmCodeAccessCheckEnable ## CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmCodeAccessCheckEnable ## CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode ## CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode ## CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStaticPageTable ## CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmShadowStackSize ## SOMETIMES_CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmShadowStackSize ## SOMETIMES_CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ## CONSUMES
@ -141,6 +140,9 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ## CONSUMES
gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask ## CONSUMES gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask ## CONSUMES
[Pcd.X64]
gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmRestrictedMemoryAccess ## CONSUMES
[Depex] [Depex]
gEfiMpServiceProtocolGuid gEfiMpServiceProtocolGuid

52
UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
View File

@ -15,7 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
LIST_ENTRY mPagePool = INITIALIZE_LIST_HEAD_VARIABLE (mPagePool); LIST_ENTRY mPagePool = INITIALIZE_LIST_HEAD_VARIABLE (mPagePool);
BOOLEAN m1GPageTableSupport = FALSE; BOOLEAN m1GPageTableSupport = FALSE;
BOOLEAN mCpuSmmStaticPageTable; BOOLEAN mCpuSmmRestrictedMemoryAccess;
BOOLEAN m5LevelPagingSupport; BOOLEAN m5LevelPagingSupport;
X86_ASSEMBLY_PATCH_LABEL gPatch5LevelPagingSupport; X86_ASSEMBLY_PATCH_LABEL gPatch5LevelPagingSupport;
@ -334,15 +334,15 @@ SmmInitPageTable (
// //
InitializeSpinLock (mPFLock); InitializeSpinLock (mPFLock);
mCpuSmmStaticPageTable = PcdGetBool (PcdCpuSmmStaticPageTable); mCpuSmmRestrictedMemoryAccess = PcdGetBool (PcdCpuSmmRestrictedMemoryAccess);
m1GPageTableSupport = Is1GPageSupport (); m1GPageTableSupport = Is1GPageSupport ();
m5LevelPagingSupport = Is5LevelPagingSupport (); m5LevelPagingSupport = Is5LevelPagingSupport ();
mPhysicalAddressBits = CalculateMaximumSupportAddress (); mPhysicalAddressBits = CalculateMaximumSupportAddress ();
PatchInstructionX86 (gPatch5LevelPagingSupport, m5LevelPagingSupport, 1); PatchInstructionX86 (gPatch5LevelPagingSupport, m5LevelPagingSupport, 1);
DEBUG ((DEBUG_INFO, "5LevelPaging Support - %d\n", m5LevelPagingSupport)); DEBUG ((DEBUG_INFO, "5LevelPaging Support - %d\n", m5LevelPagingSupport));
DEBUG ((DEBUG_INFO, "1GPageTable Support - %d\n", m1GPageTableSupport)); DEBUG ((DEBUG_INFO, "1GPageTable Support - %d\n", m1GPageTableSupport));
DEBUG ((DEBUG_INFO, "PcdCpuSmmStaticPageTable - %d\n", mCpuSmmStaticPageTable)); DEBUG ((DEBUG_INFO, "PcdCpuSmmRestrictedMemoryAccess - %d\n", mCpuSmmRestrictedMemoryAccess));
DEBUG ((DEBUG_INFO, "PhysicalAddressBits - %d\n", mPhysicalAddressBits)); DEBUG ((DEBUG_INFO, "PhysicalAddressBits - %d\n", mPhysicalAddressBits));
// //
// Generate PAE page table for the first 4GB memory space // Generate PAE page table for the first 4GB memory space
// //
@ -385,7 +385,11 @@ SmmInitPageTable (
PTEntry = Pml5Entry; PTEntry = Pml5Entry;
} }
if (mCpuSmmStaticPageTable) { if (mCpuSmmRestrictedMemoryAccess) {
//
// When access to non-SMRAM memory is restricted, create page table
// that covers all memory space.
//
SetStaticPageTable ((UINTN)PTEntry); SetStaticPageTable ((UINTN)PTEntry);
} else { } else {
// //
@ -972,7 +976,7 @@ SmiPFHandler (
PFAddress = AsmReadCr2 (); PFAddress = AsmReadCr2 ();
if (mCpuSmmStaticPageTable && (PFAddress >= LShiftU64 (1, (mPhysicalAddressBits - 1)))) { if (mCpuSmmRestrictedMemoryAccess && (PFAddress >= LShiftU64 (1, (mPhysicalAddressBits - 1)))) {
DumpCpuContext (InterruptType, SystemContext); DumpCpuContext (InterruptType, SystemContext);
DEBUG ((DEBUG_ERROR, "Do not support address 0x%lx by processor!\n", PFAddress)); DEBUG ((DEBUG_ERROR, "Do not support address 0x%lx by processor!\n", PFAddress));
CpuDeadLoop (); CpuDeadLoop ();
@ -1049,7 +1053,7 @@ SmiPFHandler (
goto Exit; goto Exit;
} }
if (mCpuSmmStaticPageTable && IsSmmCommBufferForbiddenAddress (PFAddress)) { if (mCpuSmmRestrictedMemoryAccess && IsSmmCommBufferForbiddenAddress (PFAddress)) {
DumpCpuContext (InterruptType, SystemContext); DumpCpuContext (InterruptType, SystemContext);
DEBUG ((DEBUG_ERROR, "Access SMM communication forbidden address (0x%lx)!\n", PFAddress)); DEBUG ((DEBUG_ERROR, "Access SMM communication forbidden address (0x%lx)!\n", PFAddress));
DEBUG_CODE ( DEBUG_CODE (
@ -1100,26 +1104,26 @@ SetPageTableAttributes (
Enable5LevelPaging = (BOOLEAN) (Cr4.Bits.LA57 == 1); Enable5LevelPaging = (BOOLEAN) (Cr4.Bits.LA57 == 1);
// //
// Don't do this if // Don't mark page table memory as read-only if
// - no static page table; or // - no restriction on access to non-SMRAM memory; or
// - SMM heap guard feature enabled; or // - SMM heap guard feature enabled; or
// BIT2: SMM page guard enabled // BIT2: SMM page guard enabled
// BIT3: SMM pool guard enabled // BIT3: SMM pool guard enabled
// - SMM profile feature enabled // - SMM profile feature enabled
// //
if (!mCpuSmmStaticPageTable || if (!mCpuSmmRestrictedMemoryAccess ||
((PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) != 0) || ((PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) != 0) ||
FeaturePcdGet (PcdCpuSmmProfileEnable)) { FeaturePcdGet (PcdCpuSmmProfileEnable)) {
// //
// Static paging and heap guard could not be enabled at the same time. // Restriction on access to non-SMRAM memory and heap guard could not be enabled at the same time.
// //
ASSERT (!(mCpuSmmStaticPageTable && ASSERT (!(mCpuSmmRestrictedMemoryAccess &&
(PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) != 0)); (PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) != 0));
// //
// Static paging and SMM profile could not be enabled at the same time. // Restriction on access to non-SMRAM memory and SMM profile could not be enabled at the same time.
// //
ASSERT (!(mCpuSmmStaticPageTable && FeaturePcdGet (PcdCpuSmmProfileEnable))); ASSERT (!(mCpuSmmRestrictedMemoryAccess && FeaturePcdGet (PcdCpuSmmProfileEnable)));
return ; return ;
} }
@ -1223,7 +1227,10 @@ SaveCr2 (
OUT UINTN *Cr2 OUT UINTN *Cr2
) )
{ {
if (!mCpuSmmStaticPageTable) { if (!mCpuSmmRestrictedMemoryAccess) {
//
// On-demand paging is enabled when access to non-SMRAM is not restricted.
//
*Cr2 = AsmReadCr2 (); *Cr2 = AsmReadCr2 ();
} }
} }
@ -1238,7 +1245,10 @@ RestoreCr2 (
IN UINTN Cr2 IN UINTN Cr2
) )
{ {
if (!mCpuSmmStaticPageTable) { if (!mCpuSmmRestrictedMemoryAccess) {
//
// On-demand paging is enabled when access to non-SMRAM is not restricted.
//
AsmWriteCr2 (Cr2); AsmWriteCr2 (Cr2);
} }
} }