Commit Graph

22 Commits

Author SHA1 Message Date
Jian J Wang 54efcfea81 UefiCpuPkg/CpuDxe: prevent recursive calling of InitializePageTablePool
The freed-memory guard feature will cause a recursive calling
of InitializePageTablePool(). This is due to a fact that
AllocateAlignedPages() is used to allocate page table pool memory.
This function will most likely call gBS->FreePages to free unaligned
pages and then cause another round of page attributes change, like
below (freed pages will be always marked not-present if freed-memory
guard is enabled)

   FreePages() <===============|
=> CpuSetMemoryAttributes()    |
=> <if out of page table>      |
=> InitializePageTablePool()   |
=> AllocateAlignedPages()      |
=> FreePages() ================|

The solution is add a global variable as a lock in page table pool
allocation function and fail any other requests if it has not been
done.

Since this issue will only happen if free-memory guard is enabled,
it won't affect CpuSetMemoryAttributes() in default build of a BIOS.

If free-memory guard is enabled, it only affect the pages
(failed to mark them as not-present) freed in AllocateAlignedPages().

Since those freed pages haven't been used yet (their addresses not
yet exposed to code outside AllocateAlignedPages), it won't compromise
the freed-memory guard feature.

This change will just fail the CpuSetMemoryAttributes() called from
FreePages() but it won't fail the FreePages(). So the error status
won't be propagated upper layer of code.

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2018-10-26 10:30:34 +08:00
shenglei 997731e796 UefiCpuPkg: Remove redundant library classes, Ppis and GUIDs
Some redundant library classes Ppis and GUIDs
have been removed in inf, .c and .h files.

v2:
1.Remove ReadOnlyVariable2.h in S3Resume.c which should be
  deleted in last version in which gEfiPeiReadOnlyVariable2PpiGuid
  was removed.
2.Remove the library class BaseLib in CpuPageTable.c
  which is included elsewhere.
3.Add library classes in SecCore.inf which are removed
  at last version.
  They are DebugAgentLib and CpuExceptionHandlerLib.
4.Add two Ppis in SecCore.inf which are removed
  at last version.
  They are gEfiSecPlatformInformationPpiGuid and
  gEfiSecPlatformInformation2PpiGuid.

https://bugzilla.tianocore.org/show_bug.cgi?id=1043
https://bugzilla.tianocore.org/show_bug.cgi?id=1013
https://bugzilla.tianocore.org/show_bug.cgi?id=1032
https://bugzilla.tianocore.org/show_bug.cgi?id=1016

Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: shenglei <shenglei.zhang@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2018-09-21 14:42:53 +08:00
Jian J Wang 8e2018f944 UefiCpuPkg/CpuDxe: fix an incorrect bit-wise operation
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1164

The left operand is 64-bit but right operand could be 32-bit.
A typecast is a must because of '~' op before it.

Cc: Hao A Wu <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
2018-09-10 17:08:22 +08:00
Jian J Wang 7c7c8190d3 UefiCpuPkg/CpuDxe: change level of DEBUG message
BZ#1127: https://bugzilla.tianocore.org/show_bug.cgi?id=1127

It's reported the debug message in CpuDxe driver is quite annoying in
boot and shell, and slow down the boot process. To solve this issue,
this patch changes the DEBUG_INFO to DEBUG_VERBOSE. On a typical Intel
real platform, at least 16s boot time can be saved.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2018-08-30 07:43:56 +08:00
Jian J Wang dcc026217f UefiCpuPkg/CpuDxe: implement non-stop mode for uefi
Same as SMM profile feature, a special #PF is used to set page attribute
to 'present' and a special #DB handler to reset it back to 'not-present',
right after the instruction causing #PF got executed.

Since the new #PF handler won't enter into dead-loop, the instruction
which caused the #PF will get chance to re-execute with accessible pages.

The exception message will still be printed out on debug console so that
the developer/QA can find that there's potential heap overflow or null
pointer access occurred.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
2018-08-30 07:22:30 +08:00
Jian J Wang b72f487372 UefiCpuPkg/CpuDxe: fix incorrect check of SMM mode
Current IsInSmm() method makes use of gEfiSmmBase2ProtocolGuid.InSmm() to
check if current processor is in SMM mode or not. But this is not correct
because gEfiSmmBase2ProtocolGuid.InSmm() can only detect if the caller is
running in SMRAM or from SMM driver. It cannot guarantee if the caller is
running in SMM mode. Because SMM mode will load its own page table, adding
an extra check of saved DXE page table base address against current CR3
register value can help to get the correct answer for sure (in SMM mode or
not in SMM mode).

There's indiscriminate uses of Context.X64 and Context.Ia32 in code which
is not a good coding practice and will cause potential issue. In addition,
the related structure type definition is not packed and has also potential
issue. This will not be covered by this patch but be tracked by a bug below.

  https://bugzilla.tianocore.org/show_bug.cgi?id=1039

This is an issue caused by check-in at

  2a1408d1d7

Cc: Eric Dong <eric.dong@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
2018-07-20 10:34:11 +08:00
Jian J Wang d106cf71ea UefiCpuPkg/CpuDxe: make register access more readable
Update code to use more meaningful constant macro or predefined
register structure.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
2018-06-19 13:44:55 +08:00
Jian J Wang 2a1408d1d7 UefiCpuPkg/CpuDxe: allow accessing (DXE) page table in SMM mode
The MdePkg/Library/SmmMemoryAllocationLib, used only by DXE_SMM_DRIVER,
allows to free memory allocated in DXE (before EndOfDxe). This is done
by checking the memory range and calling gBS services to do real
operation if the memory to free is out of SMRAM. If some memory related
features, like Heap Guard, are enabled, gBS interface will turn to
EFI_CPU_ARCH_PROTOCOL.SetMemoryAttributes(), provided by
DXE driver UefiCpuPkg/CpuDxe, to change memory paging attributes. This
means we have part of DXE code running in SMM mode in certain
circumstances.

Because page table in SMM mode is different from DXE mode and CpuDxe
always uses current registers (CR0, CR3, etc.) to get memory paging
attributes, it cannot get the correct attributes of DXE memory in SMM
mode from SMM page table. This will cause incorrect memory manipulations,
like fail the releasing of Guard pages if Heap Guard is enabled.

The solution in this patch is to store the DXE page table information
(e.g. value of CR0, CR3 registers, etc.) in a global variable of CpuDxe
driver. If CpuDxe detects it's in SMM mode, it will use this global
variable to access page table instead of current processor registers.
This can avoid retrieving wrong DXE memory paging attributes and changing
SMM page table attributes unexpectedly.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
2018-06-19 13:44:54 +08:00
Jian J Wang 41a9c3fd11 UefiCpuPkg/CpuDxe: remove all code to flush TLB for APs
The reason doing this is that we found that calling StartupAllAps() to
flush TLB for all APs in CpuDxe driver after changing page attributes
will spend a lot of time to complete. If there are many page attributes
update requests, the whole system performance will be slowed down
explicitly, including any shell command and UI operation.

The solution is removing the flush operation for AP in CpuDxe driver
and let AP flush TLB after woken up.

Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
2018-01-29 09:37:41 +08:00
Jian J Wang 0dbb0f1a5c UefiCpuPkg/CpuDxe: fix bad boot performance
If features like memory profile, protection and heap guard are enabled,
a lot of more memory page attributes update actions will happen than
usual. An unnecessary sync of CR0.WP setting among APs will then cause
worse performance in memory allocation action. Removing the calling of
SyncMemoryPageAttributesAp() in function DisableReadOnlyPageWriteProtect
and EnableReadOnlyPageWriteProtect can fix this problem. In DEBUG build
case, the boot performance can be boosted from 11 minute to 6 minute.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2018-01-19 14:16:12 +08:00
Jian J Wang fbe2c4b9be UefiCpuPkg/CpuDxe: clear NX attr for page directory
If PcdDxeNxMemoryProtectionPolicy is set to enable protection for memory
of EfiBootServicesCode, EfiConventionalMemory and EfiReservedMemoryType,
the BIOS will hang at a page fault exception randomly.

The root cause is that the memory allocation for driver images (actually
a memory type conversion from free memory, type of EfiConventionalMemory,
to code memory, type of EfiBootServicesCode/EfiRuntimeServicesCode)
will get memory with NX set, because the CpuDxe driver will keep the NX
attribute (with free memory) in page directory during page table splitting
and then override the NX attribute of all its entries.

This patch fixes this issue by not inheriting NX attribute when turning
a page entry into a page directory during page granularity split.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2018-01-18 17:03:23 +08:00
Jian J Wang 4f10654e04 UefiCpuPkg/CpuDxe: fix SetMemoryAttributes issue in 32-bit mode
In 32-bit mode, the BIOS will not create page table for memory beyond
4GB and therefore it cannot handle the attributes change request for
those memory. But current CpuDxe doesn't check this situation and still
try to complete the request, which will cause attributes of incorrect
memory address to be changed due to type cast from 64-bit to 32-bit.

This patch fixes this issue by checking the end address of input
memory block and returning EFI_UNSUPPORTED if it's out of range.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
2018-01-18 17:03:21 +08:00
Jian J Wang 147fd35c3e UefiCpuPkg/CpuDxe: Enable protection for newly added page table
One of the functionalities of CpuDxe is to update memory paging attributes.
If page table protection is applied, it must be disabled temporarily before
any attributes update and enabled again afterwards.

This patch makes use of the same way as DxeIpl to allocate page table memory
from reserved memory pool, which helps to reduce potential "split" operation
and recursive calling of SetMemorySpaceAttributes().

Laszlo (lersek@redhat.com) did a regression test on QEMU virtual platform with
one middle version of this series patch. The details can be found at

 https://lists.01.org/pipermail/edk2-devel/2017-December/018625.html

There're a few changes after his work.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2017-12-12 10:14:51 +08:00
Jian J Wang 768bd96784 UefiCpuPkg/CpuDxe: Fix multiple entries of RT_CODE in memory map
More than one entry of RT_CODE memory might cause boot problem for some
old OSs. This patch will fix this issue to keep OS compatibility as much
as possible.

More detailed information, please refer to
    https://bugzilla.tianocore.org/show_bug.cgi?id=753

Laszlo did a thorough test on OVMF emulated platform. The details can be found
at
    https://bugzilla.tianocore.org/show_bug.cgi?id=753#c10

Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2017-11-24 09:43:10 +08:00
Jian J Wang 827330ccd1 UefiCpuPkg: Fix unix style of EOL
Cc: Wu Hao <hao.a.wu@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
2017-11-21 20:24:37 +08:00
Jian J Wang 105d0c1f9d UefiCpuPkg/CpuDxe: Reduce debug message
Heap guard feature will frequently update page attributes. The debug message
in CpuDxe driver will slow down the boot performance noticeably. Changing the
debug level to DEBUG_VERBOSE to reduce the message output for normal debug
configuration.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
2017-11-17 11:03:12 +08:00
Jian J Wang 96207191fd UefiCpuPkg/CpuDxe: Fix GCC build warning
There're uninitialized variables warning reported by GCC.
This patch will fix it. The original commit is

  c1cab54ce5

Cc: Hao Wu <hao.a.wu@intel.com>
Cc: Anthony PERARD <anthony.perard@citrix.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
2017-09-22 11:51:00 +08:00
Jian J Wang c1cab54ce5 UefiCpuPkg/CpuDxe: Fix out-of-sync issue in page attributes
From CpuDxe driver perspective, it doesn't update GCD memory attributes from
current page table setup during its initialization. So the memory attributes in
GCD might not reflect all memory attributes in real world.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Suggested-by: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2017-09-21 09:38:15 +08:00
Jeff Fan c5719579ce UefiCpuPkg: Error Level is not used correctly
Cc: Feng Tian <feng.tian@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2017-04-12 08:57:06 +08:00
Jeff Fan 01eb3f39bb UefiCpuPkg/CpuDxe: Remove MSR_IA32_MISC_ENABLE check
The architectural MSR MSR_IA32_MISC_ENABLE is not supported by AMD processors.
Because reading CPUID.80000001H:EDK[20] is enough to check if XD feature is
supported or not, we just remove checking MSR_IA32_MISC_ENABLE(0x1A0).

Cc: Anthony PERARD <anthony.perard@citrix.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
Tested-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2017-03-17 13:55:12 +08:00
Leo Duran 627dcba352 UefiCpuPkg/CpuDxe: Add support for PCD PcdPteMemoryEncryptionAddressOrMask
This PCD holds the address mask for page table entries when memory
encryption is enabled on AMD processors supporting the Secure Encrypted
Virtualization (SEV) feature.

The mask is applied when page tables entries are created or modified.

CC: Jeff Fan <jeff.fan@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Leo Duran <leo.duran@amd.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
2017-03-06 15:34:24 +08:00
Jiewen Yao 22292ed344 UefiCpuPkg/CpuDxe: Add memory attribute setting.
Add memory attribute setting in CpuArch protocol.
Previous SetMemoryAttributes() API only supports cache attribute setting.

This patch updated SetMemoryAttributes() API to support memory attribute
setting by updating CPU page table.

Cc: Jeff Fan <jeff.fan@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
2017-02-22 14:07:01 +08:00