BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3223
In the current design, memory protection is not available till CpuDxe
is loaded. To resolve this, introduce CpuArchLib to move the
CPU Architectural initialization to DxeCore.
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Vitaly Cheptsov <vit9696@protonmail.com>
Signed-off-by: Marvin Häuser <mhaeuser@posteo.de>
This change removes Xcode5ExceptionHandlerAsm and merge it's
functionality into ExceptionHandlerAsm.
Also decreases number of vectors to 32 for:
- 64-bit PeiCpuExceptionHandlerLib
- 32-bit PeiCpuExceptionHandlerLib, SecPeiCpuExceptionHandlerLib
Signed-off-by: Savva Mitrofanov <savvamtr@gmail.com>
MtrrLib does not include PcdLib.h despite explicitly using its
definitions. Add the include to fix compilation for modules that do not
utilize AutoGen.
Signed-off-by: Marvin Häuser <mhaeuser@posteo.de>
For the bitfield access, MSVC apparently uses a right shift of the base type of the bitfield member. In our case, is is cased by IA32_PTE_4K and
IA32_PAGE_LEAF_ENTRY_BIG_PAGESIZE and other structures which uses uint64
bitfields and 32-bit x86 doesn't have a 64-bit integer shift (except using MMX or SSE2). With -Od (NOOPT) even for constant counts it puts
the data in EDX:EAX, the shift count in cl and calls __aullshr.
Signed-off-by: Savva Mitrofanov <savvamtr@gmail.com>
Add missing GDT alignment into mBuffer to prevent possible memory
corruption on ALIGN_POINTER operation on NewGdtTable
in ArchExceptionHandler
Signed-off-by: Savva Mitrofanov <savvamtr@gmail.com>
This commit oves StackCheckLib from a NULL lib to an instance of
StackCheckLib. This requires every entry point to add a library
dependency on StackCheckLib. It also requires every SEC module
to have a dependency on StackCheckLib because there is no
standard SEC entry point.
It allows for greater flexibility for a platform to apply stack
cookies and simplifies DSC logic.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
Added LoongArch64 CPU multiple processor PPI support.
Cc: Ray Ni <ray.ni@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
CpuMpPei.c contains two parts: EFI_PEI_MP_SERVICES_PPI instance and
CpuMpPpi list installer. Move the EFI_PEI_MP_SERVICES_PPI instance in a
new file called CpuMp.c, keep the specific logic and entry point in
CpuMpPei.c, and rename the CpuMp2Pei.c to CpuMp2.c
Cc: Ray Ni <ray.ni@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
Restructured the SmmWaitForApArrival first CPU synchronization
conditional checks and added new IsCpuSyncAlwaysNeeded check to determine
whether the sync should be executed unconditionally when a SMI occurs.
The first CPU synchronization shall executed unconditionally if the new
IsCpuSyncAlwaysNeeded check return TRUE. Otherwise, first CPU
synchronization is not executed unconditionally, and the decision to
synchronize should be based on the system configuration and status.
Signed-off-by: Khor Swee Aun <swee.aun.khor@intel.com>
Add NULL instance of TdxMeasurementLib.
Cc: Ray Ni <ray.ni@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
SplitPage may return OUT_OF_RESOURCES if no memory resource to split
page entry. ConvertMemoryPageAttributes should also return
OUT_OF_RESOURCES instead of override the status to UNSUPPORTED.
Then EfiSetMemoryAttributes and EfiClearMemoryAttributes can return
correct status of OUT_OF_RESOURCES when requested attributes cannot
be applied due to lack of system resource.
Cc: Felix Polyudov <felixp@ami.com>
Cc: David Hsieh <davidhsieh@ami.com>
Cc: James Wang <jameswang@ami.com>
Signed-off-by: Crystal Lee <crystallee@ami.com>
Produce the protocol introduced in UEFI v2.10 that permits the caller to
manage mapping permissions in the page tables.
Cc: Felix Polyudov <felixp@ami.com>
Cc: David Hsieh <davidhsieh@ami.com>
Cc: James Wang <jameswang@ami.com>
Signed-off-by: Crystal Lee <crystallee@ami.com>
This patch adds the IsCpuSyncAlwaysNeeded interface to the SmmCpuPlatformHookLib.
This interface will determine whether the first CPU Synchronization should be
executed unconditionally when a SMI occurs.
If the function returns true, it indicates that there is no need to check the
system configuration and status, and the first CPU Synchronization should be
executed unconditionally.
If the function returns false, it indicates that the first CPU Synchronization is
not executed unconditionally, and the decision to synchronize should be based on
the system configuration and status.
Signed-off-by: Khor Swee Aun <swee.aun.khor@intel.com>
If the exception type is INT, we need to know which interrupt could not
be handled, so we added a method to dump them.
Cc: Ray Ni <ray.ni@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
There is a problem with LoongArch64 exception handler, it returns a
unhandled value when we get an exception type, the correct value should
be right shifted 16 bits, so fix it.
Cc: Ray Ni <ray.ni@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
Some platforms plan to move the Standalone MM CPU driver into the FSP.
However, there is no variable service support in FSP. Therefore, the
SetVariable logic for the Standalone MM CPU will be removed. With this
change, users can dump the SmmProfile data from the Memory Allocation
HOB: gMmProfileDataHobGuid.
This change does not impact the DXE SMM, which will still retrieve the
SmmProfile data from the variable service.
Signed-off-by: Yanxin Zhao <yanxin.zhao@intel.com>
When setting up the APs' exception stacks, the x86 CpuDxe allocates
any range and then copies over the existing GDT and IDT and adds the
appropriate new entries for this AP, then installs them.
This can cause an issue if the allocated buffer is over 4GB because
the next time the AP is started, it goes through an INIT-SIPI-SIPI,
stepping through real mode -> protected mode -> long mode and when it
is in protected mode it needs a 32 code segment descriptor or else it
will fault when trying to execute. If the GDT lives above 4GB, it
cannot be accessed by the protected mode code and the triple fault
is seen.
This patch updates CpuDxe's MP management code to allocate the
exception stacks for all APs below 4GB explicitly to avoid this
problem, such as it does with the BSP's GDT that first gets
populated to the APs.
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
Since the UEFI 2.11 has been released, the macro
MAX_LOONGARCH_EXCEPTION has been added in MdePkg, so it is deleted in
LoongArch folder header file.
Cc: Ray Ni <ray.ni@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
When updating memory attributes, if only access attributes are changed,
the default memory cache attribute is NULL and a CACHE_CC is added by
default.
Signed-off-by: Chao Li <lichao@loongson.cn>
This commit is to check if the resource HOB range does not
exceed the max supported physical address.
The function BuildMemoryMapFromResDescHobs is to build Memory
Region from resource HOBs. Then the memory maps will be used
during creating or modifying SMM page table. If the resource
HOB range exceeds the max supported physical address, then
subsequent calling of PageTableMap() will fail.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Resolves several issues in UefiCpuPkg related to:
1. Unchecked returns leading to potential NULL or uninitialized access.
2. Potential unchecked integer overflows.
3. Incorrect comparison between integers of different sizes.
Co-authored-by: kenlautner <85201046+kenlautner@users.noreply.github.com>
Signed-off-by: Chris Fernald <chfernal@microsoft.com>
Now that the ResetVectors are USER_DEFINED modules, they will not
be linked against StackCheckLibNull, which were the only modules
causing issues. So, we can now remove the kludge we had before
and the requirement for every DSC to include StackCheckLibNull
for SEC modules and just apply StackCheckLibNull globally.
This also changes every DSC to drop the SEC definition of
StackCheckLibNull.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
The x86 reset vector is the initial FW code to run on an
AP. It should not link to any libraries and is implemented
entirely in assembly. This module is currently labled as
SEC, because it runs during the SEC phase, but by having it
SEC, it will be linked to all NULL libraries linked globally.
This causes issue with StackCheckLib (though any NULL
library being applied globally has the same issue) because
BaseTools will attempt to link the library and add an
extern to _ModuleEntryPoint, which does not exist for this
module.
Moving this module to USER_DEFINED instructs BaseTools to
not link any NULL libraries to it, which is the desired
behavior, and leads to a much cleaner global NULL library
implementation, in this case for StackCheckLib.
This change was tested on OVMF IA32/X64 and proved to work
as before.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Change conditional check to check the array index before
reading the array member to prevent read past end of buffer.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Consume PcdMaxMappingAddressBeforeTempRamExit for page table creation in
permanent memory before Temp Ram Exit.
This patch will create the full page table in two steps:
Step 1: Create the max address in page table before the Temporary RAM exit.
Step 2: Create the full range page table after the Temporary RAM exit.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
This change is made for boot performance considerations.
Before the Temporary RAM is disabled, the permanent memory is in UC
state, causing the creation of the page table in
permanent memory to take more time with larger page table sizes.
Therefore, this patch adds the PcdMaxMappingAddressBeforeTempRamExit
to provide the platform with the capability to control the max
mapping address in page table before Temp Ram Exit. The value of
0xFFFFFFFFFFFFFFFF, then firmware will map entire physical address
space.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Per AMD64 Architecture Programmer's Manual Volume 2: System
Programming - 10.2.3 SMRAM State-Save Area (Rev 24593), the AMD64
architecture does not use the legacy SMM state-save area format
(Table 10-2) for 32-bit SMRAM save state map. Clean up codes for the
invalid save state map.
Signed-off-by: Phil Noh <Phil.Noh@amd.com>
Check if input buffer range unblockable:
1.The input buffer range to block should be totally covered
by one or multi memory allocation HOB
2.All the memory allocation HOB that overlap with the input
buffer range should be EfiRuntimeServicesData, EfiACPIMemoryNVS
or EfiReservedMemoryType.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Without this change, when building OvmfPkg with -D SMM_REQUIRE using
the XCODE5 toolchain we get:
error: equality comparison with extraneous parentheses
which stops the build.
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
A page fault (#PF) that triggers an update to the page table only occurs
if SmiProfile is enabled. Therefore, it is necessary to save and restore
the CR2 register if SmiProfile is configured to be enabled.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
This patch is for PiSmmCpuDxeSmm driver to add one round wait/release sync
for BSP and AP to perform the SMM CPU Platform Hook before executing MMI
Handler: SmmCpuPlatformHookBeforeMmiHandler (). With the function, SMM CPU
driver can perform the platform specific items after one round BSP and AP
sync (to make sure all APs in SMI) and before the MMI handlers.
After the change, steps #1 and #2 are additional requirements if the
MmCpuSyncModeTradition mode is selected.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
