From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id A50B181EC2 for ; Fri, 11 Nov 2016 01:01:06 -0800 (PST) Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga103.fm.intel.com with ESMTP; 11 Nov 2016 01:01:10 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,620,1473145200"; d="scan'208";a="1058206209" Received: from jyao1-mobl.ccr.corp.intel.com ([10.254.209.60]) by orsmga001.jf.intel.com with ESMTP; 11 Nov 2016 01:01:07 -0800 From: Jiewen Yao To: edk2-devel@lists.01.org Cc: Jeff Fan , Feng Tian , Star Zeng , Michael D Kinney , Laszlo Ersek , Paolo Bonzini Date: Fri, 11 Nov 2016 17:00:53 +0800 Message-Id: <1478854859-11096-1-git-send-email-jiewen.yao@intel.com> X-Mailer: git-send-email 2.7.4.windows.1 Subject: [PATCH V3 0/6] Enable SMM page level protection. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Nov 2016 09:01:06 -0000 ==== below is V3 description ==== 1) PiSmmCpu: Fix CpuIndex corruption issue due to stack malposition. (Many thanks to Laszlo Ersek for catching it.) 2) PiSmmCpu: Add ASSERT for CpuIndex check. 3) PiSmmCpu: Use DEBUG_VERBOSE for page table update. 4) PiSmmCpu: Do not report DEBUG message for Ap non present when PcdCpuSmmSyncMode==1 (Relex mode). 5) PiSmmCpu: Do not report DEBUG message for AP removed when PcdCpuHotPlugSupport==TRUE. Tested combination: 1) XD disabled 2) XD enabled in SMM and disabled in non-SMM. 3) XD enabled in SMM and enabled in non-SMM. ==== below is V2 description ==== 1) PiSmmCpu: resolve OVMF multiple processors boot hang issue. 2) PiSmmCpu: Add debug info on StartupAp() fails. 3) PiSmmCpu: Add ASSERT for AllocatePages(). 4) PiSmmCpu: Add protection detail in commit message. 5) UefiCpuPkg.dsc: Add page table footprint info in commit message. ==== below is V1 description ==== This series patch enables SMM page level protection. Features are: 1) PiSmmCore reports SMM PE image code/data information in EdkiiPiSmmMemoryAttributeTable, if the SMM image is page aligned. 2) PiSmmCpu consumes EdkiiPiSmmMemoryAttributeTable and set XD for data page and RO for code page. 3) PiSmmCpu enables Static Paging for X64 according to PcdCpuSmmStaticPageTable. If it is true, 1G paging for above 4G is used as long as it is supported. 4) PiSmmCpu sets importance data structure to be read only, such as Gdt, Idt, SmmEntrypoint, and PageTable itself. tested platform: 1) Intel internal platform (X64). 2) EDKII Quark IA32 3) EDKII Vlv2 X64 4) EDKII OVMF IA32 and IA32X64. (with -smp 8) Cc: Jeff Fan Cc: Feng Tian Cc: Star Zeng Cc: Michael D Kinney Cc: Laszlo Ersek Cc: Paolo Bonzini Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao Jiewen Yao (6): MdeModulePkg/Include: Add PiSmmMemoryAttributesTable.h MdeModulePkg/dec: Add gEdkiiPiSmmMemoryAttributesTableGuid. MdeModulePkg/PiSmmCore: Add MemoryAttributes support. UefiCpuPkg/dec: Add PcdCpuSmmStaticPageTable. UefiCpuPkg/PiSmmCpuDxeSmm: Add paging protection. QuarkPlatformPkg/dsc: enable Smm paging protection. MdeModulePkg/Core/PiSmmCore/Dispatcher.c | 66 + MdeModulePkg/Core/PiSmmCore/MemoryAttributesTable.c | 1509 ++++++++++++++++++++ MdeModulePkg/Core/PiSmmCore/Page.c | 775 +++++++++- MdeModulePkg/Core/PiSmmCore/PiSmmCore.c | 40 + MdeModulePkg/Core/PiSmmCore/PiSmmCore.h | 91 ++ MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf | 2 + MdeModulePkg/Core/PiSmmCore/Pool.c | 16 + MdeModulePkg/Include/Guid/PiSmmMemoryAttributesTable.h | 51 + MdeModulePkg/MdeModulePkg.dec | 3 + QuarkPlatformPkg/Quark.dsc | 6 + UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c | 71 +- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S | 75 +- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm | 75 +- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 79 +- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.S | 226 +-- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.asm | 36 +- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.nasm | 36 +- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c | 37 +- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmProfileArch.c | 4 +- UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 135 +- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 144 +- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 156 +- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf | 5 +- UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 871 +++++++++++ UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 39 +- UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h | 15 +- UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c | 274 +++- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.S | 59 +- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.asm | 62 +- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 69 +- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiException.S | 250 +--- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiException.asm | 35 +- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiException.nasm | 31 +- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c | 30 +- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmProfileArch.c | 7 +- UefiCpuPkg/UefiCpuPkg.dec | 8 + 36 files changed, 4585 insertions(+), 803 deletions(-) create mode 100644 MdeModulePkg/Core/PiSmmCore/MemoryAttributesTable.c create mode 100644 MdeModulePkg/Include/Guid/PiSmmMemoryAttributesTable.h create mode 100644 UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c -- 2.7.4.windows.1