From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jian.j.wang@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=134.134.136.31; helo=mga06.intel.com;
 envelope-from=jian.j.wang@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 960552035689B
 for <edk2-devel@lists.01.org>; Wed, 22 Nov 2017 00:41:38 -0800 (PST)
Received: from orsmga005.jf.intel.com ([10.7.209.41])
 by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 22 Nov 2017 00:45:54 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.44,436,1505804400"; d="scan'208";a="176479102"
Received: from jwang36-mobl2.ccr.corp.intel.com ([10.239.192.71])
 by orsmga005.jf.intel.com with ESMTP; 22 Nov 2017 00:45:52 -0800
From: Jian J Wang <jian.j.wang@intel.com>
To: edk2-devel@lists.01.org
Date: Wed, 22 Nov 2017 16:45:40 +0800
Message-Id: <20171122084548.6564-1-jian.j.wang@intel.com>
X-Mailer: git-send-email 2.14.1.windows.1
Subject: [PATCH v2 0/8] Implement stack guard feature
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2017 08:41:38 -0000

Stack guard feature makes use of paging mechanism to monitor if there's a
stack overflow occurred during boot. A new PCD PcdCpuStackGuard is added to
enable/disable this feature. PCD PcdCpuStackSwitchExceptionList and
PcdCpuKnownGoodStackSize are introduced to configure the required exceptions
and stack size.

If this feature is enabled, DxeIpl will setup page tables and set page where
the stack bottom is at to be NON-PRESENT. If stack overflow occurs, Page
Fault exception will be triggered.

In order to make sure exception handler works normally even when the stack
is corrupted, stack switching is implemented in exception library.

Due to the mechanism behind Stack Guard, this feature is only avaiable for
UEFI drivers (memory avaiable). That also means it doesn't support NT32 
emulated platform (paging not supported).

Validation works include:
  a. OVMF emulated platform: boot to shell (IA32/X64)
  b. Intel real platform: boot to shell (IA32/X64)

Jian J Wang (8):
  MdeModulePkg/metafile: Add PCD PcdCpuStackGuard
  MdeModulePkg/CpuExceptionHandlerLib.h: Add a new API
  MdePkg/BaseLib: Add stack switch related definitions for IA32
  MdeModulePkg/DxeIpl: Enable paging for Stack Guard
  UefiCpuPkg/UefiCpuPkg.dec: Add two new PCDs for stack switch
  UefiCpuPkg/MpLib: Add GDTR, IDTR and TR in saved AP data
  UefiCpuPkg/CpuExceptionHandlerLib: Add stack switch support
  UefiCpuPkg/CpuDxe: Initialize stack switch for MP

 MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf            |   5 +-
 MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c    |   4 +
 MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c     |   1 +
 MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c   |  51 ++-
 .../Include/Library/CpuExceptionHandlerLib.h       |  18 +
 MdeModulePkg/MdeModulePkg.dec                      |   7 +
 MdeModulePkg/MdeModulePkg.uni                      |   7 +
 MdePkg/Include/Library/BaseLib.h                   | 115 ++++++
 MdePkg/Library/BaseLib/BaseLib.inf                 |   3 +
 MdePkg/Library/BaseLib/Ia32/WriteTr.nasm           |  36 ++
 MdePkg/Library/BaseLib/X64/WriteTr.nasm            |  37 ++
 UefiCpuPkg/CpuDxe/CpuDxe.inf                       |   3 +
 UefiCpuPkg/CpuDxe/CpuMp.c                          | 168 +++++++++
 UefiCpuPkg/CpuDxe/CpuMp.h                          |  12 +
 .../CpuExceptionHandlerLib/CpuExceptionCommon.h    |  50 +++
 .../DxeCpuExceptionHandlerLib.inf                  |   6 +
 .../Library/CpuExceptionHandlerLib/DxeException.c  |  53 ++-
 .../Ia32/ArchExceptionHandler.c                    | 167 +++++++++
 .../Ia32/ArchInterruptDefs.h                       |   8 +
 .../Ia32/ExceptionTssEntryAsm.nasm                 | 398 +++++++++++++++++++++
 .../PeiCpuExceptionHandlerLib.inf                  |   1 +
 .../SecPeiCpuExceptionHandlerLib.inf               |   1 +
 .../SmmCpuExceptionHandlerLib.inf                  |   1 +
 .../X64/ArchExceptionHandler.c                     | 133 +++++++
 .../CpuExceptionHandlerLib/X64/ArchInterruptDefs.h |   3 +
 UefiCpuPkg/Library/MpInitLib/MpLib.c               |  17 +
 UefiCpuPkg/Library/MpInitLib/MpLib.h               |   3 +
 UefiCpuPkg/UefiCpuPkg.dec                          |  12 +
 28 files changed, 1304 insertions(+), 16 deletions(-)
 create mode 100644 MdePkg/Library/BaseLib/Ia32/WriteTr.nasm
 create mode 100644 MdePkg/Library/BaseLib/X64/WriteTr.nasm
 create mode 100644 UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ExceptionTssEntryAsm.nasm

-- 
2.14.1.windows.1