From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.43; helo=mga05.intel.com; envelope-from=jian.j.wang@intel.com; receiver=edk2-devel@lists.01.org Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 575B1221786B0 for ; Thu, 30 Nov 2017 18:33:06 -0800 (PST) Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Nov 2017 18:37:31 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.45,343,1508828400"; d="scan'208";a="8199494" Received: from jwang36-mobl2.ccr.corp.intel.com ([10.239.192.33]) by fmsmga004.fm.intel.com with ESMTP; 30 Nov 2017 18:37:31 -0800 From: Jian J Wang To: edk2-devel@lists.01.org Date: Fri, 1 Dec 2017 10:37:17 +0800 Message-Id: <20171201023728.4680-1-jian.j.wang@intel.com> X-Mailer: git-send-email 2.14.1.windows.1 Subject: [PATCH v3 00/11] Implement stack guard feature X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Dec 2017 02:33:06 -0000 > v3: > a. Change new API InitializeCpuExceptionStackSwitchHandlers() to > InitializeCpuExceptionHandlersEx(). Related code are updated accordingly. > b. Move EXCEPTION_STACK_SWITCH_DATA to CpuExceptionHandlerLib.h > and change the name to CPU_EXCEPTION_INIT_DATA_EX for the sake > of the API name change. > c. Add more general macros in BaseLib.h. > d. Add dummy implementation of InitializeCpuExceptionHandlersEx for > SEC, PEI and SMM but implement a full version for DXE. > e. Add dummy InitializeCpuExceptionHandlersEx for ARM's CpuExceptionHandlerLib > and NULL version of CpuExceptionHandlerLib > f. Call InitializeCpuExceptionHandlersEx() in DxeMain instead of > InitializeCpuExceptionHandlers(). > v2: > a. Introduce and implement new API InitializeCpuExceptionStackSwitchHandlers(). > b. Add stack switch related general definitions of IA32 in BaseLib.h. > c. Add two new PCDs to configure exception vector list and stack size. > d. Add code to save/restore GDTR, IDTR and TR for AP. > e. Refactor exception handler code for stack switch. > f. Add code to setup stack switch for AP besides BSP. Stack guard feature makes use of paging mechanism to monitor if there's a stack overflow occurred during boot. A new PCD PcdCpuStackGuard is added to enable/disable this feature. PCD PcdCpuStackSwitchExceptionList and PcdCpuKnownGoodStackSize are introduced to configure the required exceptions and stack size. If this feature is enabled, DxeIpl will setup page tables and set page where the stack bottom is at to be NON-PRESENT. If stack overflow occurs, Page Fault exception will be triggered. In order to make sure exception handler works normally even when the stack is corrupted, stack switching is implemented in exception library. Due to the mechanism behind Stack Guard, this feature is only avaiable for UEFI drivers (memory avaiable). That also means it doesn't support NT32 emulated platform (paging not supported). Jian J Wang (11): MdeModulePkg/metafile: Add PCD PcdCpuStackGuard UefiCpuPkg/UefiCpuPkg.dec: Add two new PCDs for stack switch MdeModulePkg/CpuExceptionHandlerLib.h: Add a new API InitializeCpuExceptionHandlersEx MdePkg/BaseLib: Add stack switch related definitions for IA32 UefiCpuPkg/CpuExceptionHandlerLib: Add stack switch support MdeModulePkg/CpuExceptionHandlerLibNull: Add new API implementation ArmPkg/ArmExceptionLib: Add implementation of new API UefiCpuPkg/MpLib: Add GDTR, IDTR and TR in saved AP data UefiCpuPkg/CpuDxe: Initialize stack switch for MP MdeModulePkg/Core/Dxe: Call new API InitializeCpuExceptionHandlersEx instead MdeModulePkg/DxeIpl: Enable paging for Stack Guard ArmPkg/Library/ArmExceptionLib/ArmExceptionLib.c | 33 ++ MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 2 +- MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 +- MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 4 + MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c | 1 + MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 51 ++- .../Include/Library/CpuExceptionHandlerLib.h | 78 ++++ .../CpuExceptionHandlerLibNull.c | 34 ++ MdeModulePkg/MdeModulePkg.dec | 7 + MdeModulePkg/MdeModulePkg.uni | 7 + MdePkg/Include/Library/BaseLib.h | 117 ++++++ MdePkg/Library/BaseLib/BaseLib.inf | 3 + MdePkg/Library/BaseLib/Ia32/WriteTr.nasm | 36 ++ MdePkg/Library/BaseLib/X64/WriteTr.nasm | 37 ++ UefiCpuPkg/CpuDxe/CpuDxe.inf | 3 + UefiCpuPkg/CpuDxe/CpuMp.c | 177 +++++++++ .../CpuExceptionHandlerLib/CpuExceptionCommon.h | 39 ++ .../DxeCpuExceptionHandlerLib.inf | 6 + .../Library/CpuExceptionHandlerLib/DxeException.c | 79 ++++ .../Ia32/ArchExceptionHandler.c | 167 +++++++++ .../Ia32/ArchInterruptDefs.h | 8 + .../Ia32/ExceptionTssEntryAsm.nasm | 398 +++++++++++++++++++++ .../CpuExceptionHandlerLib/PeiCpuException.c | 34 +- .../PeiCpuExceptionHandlerLib.inf | 1 + .../CpuExceptionHandlerLib/SecPeiCpuException.c | 34 +- .../SecPeiCpuExceptionHandlerLib.inf | 1 + .../SmmCpuExceptionHandlerLib.inf | 1 + .../Library/CpuExceptionHandlerLib/SmmException.c | 34 +- .../X64/ArchExceptionHandler.c | 134 +++++++ .../CpuExceptionHandlerLib/X64/ArchInterruptDefs.h | 3 + UefiCpuPkg/Library/MpInitLib/MpLib.c | 17 + UefiCpuPkg/Library/MpInitLib/MpLib.h | 3 + UefiCpuPkg/UefiCpuPkg.dec | 12 + 33 files changed, 1547 insertions(+), 19 deletions(-) create mode 100644 MdePkg/Library/BaseLib/Ia32/WriteTr.nasm create mode 100644 MdePkg/Library/BaseLib/X64/WriteTr.nasm create mode 100644 UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ExceptionTssEntryAsm.nasm -- 2.14.1.windows.1