From nobody Thu Mar 28 16:47:00 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail(p=none dis=none) header.from=intel.com Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1528700931427921.9038396102426; Mon, 11 Jun 2018 00:08:51 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 7FEA92119174D; Mon, 11 Jun 2018 00:08:50 -0700 (PDT) Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id CF1EA21191736 for ; Mon, 11 Jun 2018 00:08:48 -0700 (PDT) Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Jun 2018 00:08:48 -0700 Received: from shwdeopenpsi777.ccr.corp.intel.com ([10.239.158.27]) by orsmga004.jf.intel.com with ESMTP; 11 Jun 2018 00:08:47 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.151; helo=mga17.intel.com; envelope-from=jian.j.wang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.49,500,1520924400"; d="scan'208";a="207007660" From: Jian J Wang To: edk2-devel@lists.01.org Date: Mon, 11 Jun 2018 15:08:32 +0800 Message-Id: <20180611070833.5440-2-jian.j.wang@intel.com> X-Mailer: git-send-email 2.16.2.windows.1 In-Reply-To: <20180611070833.5440-1-jian.j.wang@intel.com> References: <20180611070833.5440-1-jian.j.wang@intel.com> Subject: [edk2] [PATCH 1/2] UefiCpuPkg/CpuDxe: allow accessing (DXE) page table in SMM mode X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ruiyu Ni , Jiewen Yao , Laszlo Ersek , Eric Dong MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The SMM version of MemoryAllocationLib allows to free memory allocated in DXE (before EndOfDxe). This is done by checking the memory range and calling gBS services to do real operation if the memory to free is out of SMRAM. This would cause problem if some memory related features, like Heap Guard, have to update page table to change memory attributes. Because page table in SMM mode is different from DXE mode, gBS memory services cannot get the correct attributes of DXE memory from SMM page table and then cause incorrect memory manipulations. The solution in this patch is to store the DXE page table information (e.g. value of CR0, CR3 registers, etc.) in a global variable of CpuDxe driver. If CpuDxe detects it's in SMM mode, it will use this global variable to access page table instead of current processor registers. Change-Id: If810bb1828160b8bdd8cb616d86df2859c74971f Cc: Eric Dong Cc: Laszlo Ersek Cc: Jiewen Yao Cc: Ruiyu Ni Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang --- UefiCpuPkg/CpuDxe/CpuDxe.c | 2 +- UefiCpuPkg/CpuDxe/CpuDxe.inf | 1 + UefiCpuPkg/CpuDxe/CpuPageTable.c | 108 ++++++++++++++++++++++++++---------= ---- 3 files changed, 75 insertions(+), 36 deletions(-) diff --git a/UefiCpuPkg/CpuDxe/CpuDxe.c b/UefiCpuPkg/CpuDxe/CpuDxe.c index 6ae2dcd1c7..1fd996fc3f 100644 --- a/UefiCpuPkg/CpuDxe/CpuDxe.c +++ b/UefiCpuPkg/CpuDxe/CpuDxe.c @@ -404,7 +404,7 @@ CpuSetMemoryAttributes ( // to avoid unnecessary computing. // if (mIsFlushingGCD) { - DEBUG((DEBUG_INFO, " Flushing GCD\n")); + DEBUG((DEBUG_GCD, " Flushing GCD\n")); return EFI_SUCCESS; } =20 diff --git a/UefiCpuPkg/CpuDxe/CpuDxe.inf b/UefiCpuPkg/CpuDxe/CpuDxe.inf index 3c938cee53..8c8773af90 100644 --- a/UefiCpuPkg/CpuDxe/CpuDxe.inf +++ b/UefiCpuPkg/CpuDxe/CpuDxe.inf @@ -66,6 +66,7 @@ [Protocols] gEfiCpuArchProtocolGuid ## PRODUCES gEfiMpServiceProtocolGuid ## PRODUCES + gEfiSmmBase2ProtocolGuid =20 [Guids] gIdleLoopEventGuid ## CONSUMES ## E= vent diff --git a/UefiCpuPkg/CpuDxe/CpuPageTable.c b/UefiCpuPkg/CpuDxe/CpuPageTa= ble.c index e2595b4d89..bf420d3792 100644 --- a/UefiCpuPkg/CpuDxe/CpuPageTable.c +++ b/UefiCpuPkg/CpuDxe/CpuPageTable.c @@ -23,6 +23,7 @@ #include #include #include +#include =20 #include "CpuDxe.h" #include "CpuPageTable.h" @@ -87,7 +88,33 @@ PAGE_ATTRIBUTE_TABLE mPageAttributeTable[] =3D { {Page1G, SIZE_1GB, PAGING_1G_ADDRESS_MASK_64}, }; =20 -PAGE_TABLE_POOL *mPageTablePool =3D NULL; +PAGE_TABLE_POOL *mPageTablePool =3D NULL; +PAGE_TABLE_LIB_PAGING_CONTEXT mPagingContext; +EFI_SMM_BASE2_PROTOCOL *mSmmBase2 =3D NULL; + +BOOLEAN +IsInSmm ( + VOID + ) +{ + EFI_STATUS Status; + BOOLEAN InSmm; + + InSmm =3D FALSE; + if (mSmmBase2 =3D=3D NULL) { + Status =3D gBS->LocateProtocol (&gEfiSmmBase2ProtocolGuid, NULL, + (VOID **)&mSmmBase2); + if (EFI_ERROR (Status)) { + mSmmBase2 =3D NULL; + } + } + + if (mSmmBase2 !=3D NULL) { + mSmmBase2->InSmm (mSmmBase2, &InSmm); + } + + return InSmm; +} =20 /** Return current paging context. @@ -102,42 +129,45 @@ GetCurrentPagingContext ( UINT32 RegEax; UINT32 RegEdx; =20 - ZeroMem(PagingContext, sizeof(*PagingContext)); - if (sizeof(UINTN) =3D=3D sizeof(UINT64)) { - PagingContext->MachineType =3D IMAGE_FILE_MACHINE_X64; - } else { - PagingContext->MachineType =3D IMAGE_FILE_MACHINE_I386; - } - if ((AsmReadCr0 () & BIT31) !=3D 0) { - PagingContext->ContextData.X64.PageTableBase =3D (AsmReadCr3 () & PAGI= NG_4K_ADDRESS_MASK_64); - } else { - PagingContext->ContextData.X64.PageTableBase =3D 0; - } + if (!IsInSmm ()) { + if (sizeof(UINTN) =3D=3D sizeof(UINT64)) { + mPagingContext.MachineType =3D IMAGE_FILE_MACHINE_X64; + } else { + mPagingContext.MachineType =3D IMAGE_FILE_MACHINE_I386; + } + if ((AsmReadCr0 () & BIT31) !=3D 0) { + mPagingContext.ContextData.X64.PageTableBase =3D (AsmReadCr3 () & PA= GING_4K_ADDRESS_MASK_64); + } else { + mPagingContext.ContextData.X64.PageTableBase =3D 0; + } =20 - if ((AsmReadCr4 () & BIT4) !=3D 0) { - PagingContext->ContextData.Ia32.Attributes |=3D PAGE_TABLE_LIB_PAGING_= CONTEXT_IA32_X64_ATTRIBUTES_PSE; - } - if ((AsmReadCr4 () & BIT5) !=3D 0) { - PagingContext->ContextData.Ia32.Attributes |=3D PAGE_TABLE_LIB_PAGING_= CONTEXT_IA32_X64_ATTRIBUTES_PAE; - } - if ((AsmReadCr0 () & BIT16) !=3D 0) { - PagingContext->ContextData.Ia32.Attributes |=3D PAGE_TABLE_LIB_PAGING_= CONTEXT_IA32_X64_ATTRIBUTES_WP_ENABLE; - } + if ((AsmReadCr4 () & BIT4) !=3D 0) { + mPagingContext.ContextData.Ia32.Attributes |=3D PAGE_TABLE_LIB_PAGIN= G_CONTEXT_IA32_X64_ATTRIBUTES_PSE; + } + if ((AsmReadCr4 () & BIT5) !=3D 0) { + mPagingContext.ContextData.Ia32.Attributes |=3D PAGE_TABLE_LIB_PAGIN= G_CONTEXT_IA32_X64_ATTRIBUTES_PAE; + } + if ((AsmReadCr0 () & BIT16) !=3D 0) { + mPagingContext.ContextData.Ia32.Attributes |=3D PAGE_TABLE_LIB_PAGIN= G_CONTEXT_IA32_X64_ATTRIBUTES_WP_ENABLE; + } =20 - AsmCpuid (0x80000000, &RegEax, NULL, NULL, NULL); - if (RegEax > 0x80000000) { - AsmCpuid (0x80000001, NULL, NULL, NULL, &RegEdx); - if ((RegEdx & BIT20) !=3D 0) { - // XD supported - if ((AsmReadMsr64 (0xC0000080) & BIT11) !=3D 0) { - // XD activated - PagingContext->ContextData.Ia32.Attributes |=3D PAGE_TABLE_LIB_PAG= ING_CONTEXT_IA32_X64_ATTRIBUTES_XD_ACTIVATED; + AsmCpuid (0x80000000, &RegEax, NULL, NULL, NULL); + if (RegEax > 0x80000000) { + AsmCpuid (0x80000001, NULL, NULL, NULL, &RegEdx); + if ((RegEdx & BIT20) !=3D 0) { + // XD supported + if ((AsmReadMsr64 (0xC0000080) & BIT11) !=3D 0) { + // XD activated + mPagingContext.ContextData.Ia32.Attributes |=3D PAGE_TABLE_LIB_P= AGING_CONTEXT_IA32_X64_ATTRIBUTES_XD_ACTIVATED; + } + } + if ((RegEdx & BIT26) !=3D 0) { + mPagingContext.ContextData.Ia32.Attributes |=3D PAGE_TABLE_LIB_PAG= ING_CONTEXT_IA32_X64_ATTRIBUTES_PAGE_1G_SUPPORT; } - } - if ((RegEdx & BIT26) !=3D 0) { - PagingContext->ContextData.Ia32.Attributes |=3D PAGE_TABLE_LIB_PAGIN= G_CONTEXT_IA32_X64_ATTRIBUTES_PAGE_1G_SUPPORT; } } + + CopyMem (PagingContext, &mPagingContext, sizeof (mPagingContext)); } =20 /** @@ -507,7 +537,10 @@ IsReadOnlyPageWriteProtected ( VOID ) { - return ((AsmReadCr0 () & BIT16) !=3D 0); + if (!IsInSmm ()) { + return ((AsmReadCr0 () & BIT16) !=3D 0); + } + return FALSE; } =20 /** @@ -518,7 +551,9 @@ DisableReadOnlyPageWriteProtect ( VOID ) { - AsmWriteCr0 (AsmReadCr0() & ~BIT16); + if (!IsInSmm ()) { + AsmWriteCr0 (AsmReadCr0 () & ~BIT16); + } } =20 /** @@ -529,7 +564,9 @@ EnableReadOnlyPageWriteProtect ( VOID ) { - AsmWriteCr0 (AsmReadCr0() | BIT16); + if (!IsInSmm ()) { + AsmWriteCr0 (AsmReadCr0 () | BIT16); + } } =20 /** @@ -1054,6 +1091,7 @@ InitializePageTableLib ( { PAGE_TABLE_LIB_PAGING_CONTEXT CurrentPagingContext; =20 + ZeroMem (&mPagingContext, sizeof(mPagingContext)); GetCurrentPagingContext (&CurrentPagingContext); =20 // --=20 2.16.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Thu Mar 28 16:47:00 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail(p=none dis=none) header.from=intel.com Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1528700933745599.8104968928744; Mon, 11 Jun 2018 00:08:53 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id B2C2A21191758; Mon, 11 Jun 2018 00:08:51 -0700 (PDT) Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 2B2D121191741 for ; Mon, 11 Jun 2018 00:08:50 -0700 (PDT) Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Jun 2018 00:08:49 -0700 Received: from shwdeopenpsi777.ccr.corp.intel.com ([10.239.158.27]) by orsmga004.jf.intel.com with ESMTP; 11 Jun 2018 00:08:48 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.151; helo=mga17.intel.com; envelope-from=jian.j.wang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.49,500,1520924400"; d="scan'208";a="207007666" From: Jian J Wang To: edk2-devel@lists.01.org Date: Mon, 11 Jun 2018 15:08:33 +0800 Message-Id: <20180611070833.5440-3-jian.j.wang@intel.com> X-Mailer: git-send-email 2.16.2.windows.1 In-Reply-To: <20180611070833.5440-1-jian.j.wang@intel.com> References: <20180611070833.5440-1-jian.j.wang@intel.com> Subject: [edk2] [PATCH 2/2] MdeModulePkg/Core: remove SMM check for Heap Guard feature detection X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ruiyu Ni , Jiewen Yao , Eric Dong , Star Zeng MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" CpuDxe driver is updated to be able to access DXE page table in SMM mode, which means Heap Guard can get correct memory paging attributes in what ever modes. It's not necessary to exclude SMM from detecting Heap Guard feature support. Change-Id: I5310e6e49a258ac7a9240e40c8c99cdb692c1e02 Cc: Star Zeng Cc: Eric Dong Cc: Jiewen Yao Cc: Ruiyu Ni Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang --- MdeModulePkg/Core/Dxe/Mem/HeapGuard.c | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c b/MdeModulePkg/Core/Dxe/= Mem/HeapGuard.c index 9d765c98f6..447c56bb11 100644 --- a/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c +++ b/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c @@ -667,21 +667,11 @@ IsMemoryTypeToGuard ( { UINT64 TestBit; UINT64 ConfigBit; - BOOLEAN InSmm; =20 if (AllocateType =3D=3D AllocateAddress) { return FALSE; } =20 - InSmm =3D FALSE; - if (gSmmBase2 !=3D NULL) { - gSmmBase2->InSmm (gSmmBase2, &InSmm); - } - - if (InSmm) { - return FALSE; - } - if ((PcdGet8 (PcdHeapGuardPropertyMask) & PageOrPool) =3D=3D 0) { return FALSE; } --=20 2.16.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel