tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-04-08 17:05:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

UefiCpuPkg/CpuDxe: allow accessing (DXE) page table in SMM mode

Browse Source 
The MdePkg/Library/SmmMemoryAllocationLib, used only by DXE_SMM_DRIVER,
allows to free memory allocated in DXE (before EndOfDxe). This is done
by checking the memory range and calling gBS services to do real
operation if the memory to free is out of SMRAM. If some memory related
features, like Heap Guard, are enabled, gBS interface will turn to
EFI_CPU_ARCH_PROTOCOL.SetMemoryAttributes(), provided by
DXE driver UefiCpuPkg/CpuDxe, to change memory paging attributes. This
means we have part of DXE code running in SMM mode in certain
circumstances.

Because page table in SMM mode is different from DXE mode and CpuDxe
always uses current registers (CR0, CR3, etc.) to get memory paging
attributes, it cannot get the correct attributes of DXE memory in SMM
mode from SMM page table. This will cause incorrect memory manipulations,
like fail the releasing of Guard pages if Heap Guard is enabled.

The solution in this patch is to store the DXE page table information
(e.g. value of CR0, CR3 registers, etc.) in a global variable of CpuDxe
driver. If CpuDxe detects it's in SMM mode, it will use this global
variable to access page table instead of current processor registers.
This can avoid retrieving wrong DXE memory paging attributes and changing
SMM page table attributes unexpectedly.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
This commit is contained in:
Jian J Wang 2018-06-14 09:51:34 +08:00 committed by Star Zeng
parent bf252e29a5
commit 2a1408d1d7
2 changed files with 106 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
UefiCpuPkg/CpuDxe/CpuDxe.inf
View File

@ -66,6 +66,7 @@
[Protocols]
gEfiCpuArchProtocolGuid ## PRODUCES
gEfiMpServiceProtocolGuid ## PRODUCES
gEfiSmmBase2ProtocolGuid ## SOMETIMES_CONSUMES
[Guids]
gIdleLoopEventGuid ## CONSUMES ## Event

140
UefiCpuPkg/CpuDxe/CpuPageTable.c
View File

@ -23,6 +23,7 @@
#include <Library/DebugLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Protocol/MpService.h>
#include <Protocol/SmmBase2.h>
#include "CpuDxe.h"
#include "CpuPageTable.h"
@ -87,7 +88,46 @@ PAGE_ATTRIBUTE_TABLE mPageAttributeTable[] = {
{Page1G, SIZE_1GB, PAGING_1G_ADDRESS_MASK_64},
};
PAGE_TABLE_POOL *mPageTablePool = NULL;
PAGE_TABLE_POOL *mPageTablePool = NULL;
PAGE_TABLE_LIB_PAGING_CONTEXT mPagingContext;
EFI_SMM_BASE2_PROTOCOL *mSmmBase2 = NULL;
/**
Check if current execution environment is in SMM mode or not, via
EFI_SMM_BASE2_PROTOCOL.
This is necessary because of the fact that MdePkg\Library\SmmMemoryAllocationLib
supports to free memory outside SMRAM. The library will call gBS->FreePool() or
gBS->FreePages() and then SetMemorySpaceAttributes interface in turn to change
memory paging attributes during free operation, if some memory related features
are enabled (like Heap Guard).
This means that SetMemorySpaceAttributes() has chance to run in SMM mode. This
will cause incorrect result because SMM mode always loads its own page tables,
which are usually different from DXE. This function can be used to detect such
situation and help to avoid further misoperations.
@retval TRUE In SMM mode.
@retval FALSE Not in SMM mode.
**/
BOOLEAN
IsInSmm (
VOID
)
{
BOOLEAN InSmm;
InSmm = FALSE;
if (mSmmBase2 == NULL) {
gBS->LocateProtocol (&gEfiSmmBase2ProtocolGuid, NULL, (VOID **)&mSmmBase2);
}
if (mSmmBase2 != NULL) {
mSmmBase2->InSmm (mSmmBase2, &InSmm);
}
return InSmm;
}
/**
Return current paging context.
@ -102,42 +142,53 @@ GetCurrentPagingContext (
UINT32 RegEax;
UINT32 RegEdx;
ZeroMem(PagingContext, sizeof(*PagingContext));
if (sizeof(UINTN) == sizeof(UINT64)) {
PagingContext->MachineType = IMAGE_FILE_MACHINE_X64;
} else {
PagingContext->MachineType = IMAGE_FILE_MACHINE_I386;
}
if ((AsmReadCr0 () & BIT31) != 0) {
PagingContext->ContextData.X64.PageTableBase = (AsmReadCr3 () & PAGING_4K_ADDRESS_MASK_64);
} else {
PagingContext->ContextData.X64.PageTableBase = 0;
}
//
// Don't retrieve current paging context from processor if in SMM mode.
//
if (!IsInSmm ()) {
ZeroMem (&mPagingContext, sizeof(mPagingContext));
if (sizeof(UINTN) == sizeof(UINT64)) {
mPagingContext.MachineType = IMAGE_FILE_MACHINE_X64;
} else {
mPagingContext.MachineType = IMAGE_FILE_MACHINE_I386;
}
if ((AsmReadCr0 () & BIT31) != 0) {
mPagingContext.ContextData.X64.PageTableBase = (AsmReadCr3 () & PAGING_4K_ADDRESS_MASK_64);
} else {
mPagingContext.ContextData.X64.PageTableBase = 0;
}
if ((AsmReadCr4 () & BIT4) != 0) {
PagingContext->ContextData.Ia32.Attributes |= PAGE_TABLE_LIB_PAGING_CONTEXT_IA32_X64_ATTRIBUTES_PSE;
}
if ((AsmReadCr4 () & BIT5) != 0) {
PagingContext->ContextData.Ia32.Attributes |= PAGE_TABLE_LIB_PAGING_CONTEXT_IA32_X64_ATTRIBUTES_PAE;
}
if ((AsmReadCr0 () & BIT16) != 0) {
PagingContext->ContextData.Ia32.Attributes |= PAGE_TABLE_LIB_PAGING_CONTEXT_IA32_X64_ATTRIBUTES_WP_ENABLE;
}
if ((AsmReadCr4 () & BIT4) != 0) {
mPagingContext.ContextData.Ia32.Attributes |= PAGE_TABLE_LIB_PAGING_CONTEXT_IA32_X64_ATTRIBUTES_PSE;
}
if ((AsmReadCr4 () & BIT5) != 0) {
mPagingContext.ContextData.Ia32.Attributes |= PAGE_TABLE_LIB_PAGING_CONTEXT_IA32_X64_ATTRIBUTES_PAE;
}
if ((AsmReadCr0 () & BIT16) != 0) {
mPagingContext.ContextData.Ia32.Attributes |= PAGE_TABLE_LIB_PAGING_CONTEXT_IA32_X64_ATTRIBUTES_WP_ENABLE;
}
AsmCpuid (0x80000000, &RegEax, NULL, NULL, NULL);
if (RegEax > 0x80000000) {
AsmCpuid (0x80000001, NULL, NULL, NULL, &RegEdx);
if ((RegEdx & BIT20) != 0) {
// XD supported
if ((AsmReadMsr64 (0xC0000080) & BIT11) != 0) {
// XD activated
PagingContext->ContextData.Ia32.Attributes |= PAGE_TABLE_LIB_PAGING_CONTEXT_IA32_X64_ATTRIBUTES_XD_ACTIVATED;
AsmCpuid (0x80000000, &RegEax, NULL, NULL, NULL);
if (RegEax > 0x80000000) {
AsmCpuid (0x80000001, NULL, NULL, NULL, &RegEdx);
if ((RegEdx & BIT20) != 0) {
// XD supported
if ((AsmReadMsr64 (0xC0000080) & BIT11) != 0) {
// XD activated
mPagingContext.ContextData.Ia32.Attributes |= PAGE_TABLE_LIB_PAGING_CONTEXT_IA32_X64_ATTRIBUTES_XD_ACTIVATED;
}
}
if ((RegEdx & BIT26) != 0) {
mPagingContext.ContextData.Ia32.Attributes |= PAGE_TABLE_LIB_PAGING_CONTEXT_IA32_X64_ATTRIBUTES_PAGE_1G_SUPPORT;
}
}
if ((RegEdx & BIT26) != 0) {
PagingContext->ContextData.Ia32.Attributes |= PAGE_TABLE_LIB_PAGING_CONTEXT_IA32_X64_ATTRIBUTES_PAGE_1G_SUPPORT;
}
}
//
// This can avoid getting SMM paging context if in SMM mode. We cannot assume
// SMM mode shares the same paging context as DXE.
//
CopyMem (PagingContext, &mPagingContext, sizeof (mPagingContext));
}
/**
@ -507,7 +558,14 @@ IsReadOnlyPageWriteProtected (
VOID
)
{
return ((AsmReadCr0 () & BIT16) != 0);
//
// To avoid unforseen consequences, don't touch paging settings in SMM mode
// in this driver.
//
if (!IsInSmm ()) {
return ((AsmReadCr0 () & BIT16) != 0);
}
return FALSE;
}
/**
@ -518,7 +576,13 @@ DisableReadOnlyPageWriteProtect (
VOID
)
{
AsmWriteCr0 (AsmReadCr0() & ~BIT16);
//
// To avoid unforseen consequences, don't touch paging settings in SMM mode
// in this driver.
//
if (!IsInSmm ()) {
AsmWriteCr0 (AsmReadCr0 () & ~BIT16);
}
}
/**
@ -529,7 +593,13 @@ EnableReadOnlyPageWriteProtect (
VOID
)
{
AsmWriteCr0 (AsmReadCr0() | BIT16);
//
// To avoid unforseen consequences, don't touch paging settings in SMM mode
// in this driver.
//
if (!IsInSmm ()) {
AsmWriteCr0 (AsmReadCr0 () | BIT16);
}
}
/**