From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=fail (domain: intel.com, ip: , mailfrom: ray.ni@intel.com) Received: from mga12.intel.com (mga12.intel.com []) by groups.io with SMTP; Wed, 31 Jul 2019 09:39:35 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 31 Jul 2019 09:39:35 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,330,1559545200"; d="scan'208";a="323797171" Received: from ray-dev.ccr.corp.intel.com ([10.239.9.9]) by orsmga004.jf.intel.com with ESMTP; 31 Jul 2019 09:39:33 -0700 From: "Ni, Ray" To: devel@edk2.groups.io Cc: Eric Dong , Laszlo Ersek , Jiewen Yao Subject: [PATCH v2 1/2] UefiCpuPkg: Add PCD PcdCpuSmmAccessOut to control SMM access out Date: Thu, 1 Aug 2019 00:38:51 +0800 Message-Id: <20190731163852.191708-2-ray.ni@intel.com> X-Mailer: git-send-email 2.21.0.windows.1 In-Reply-To: <20190731163852.191708-1-ray.ni@intel.com> References: <20190731163852.191708-1-ray.ni@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit There is a requirement to allow SMM code access non-SMRAM memory after ReadyToLock. The requirement was expected to be satisfied by commit: c60d36b4d1ee1f69b7cca897d3621dfa951895c2 * UefiCpuPkg/SmmCpu: Block access-out only when static paging is used Commit c60d36b4 re-interpreted the PcdCpuSmmStaticPageTable as a way to control whether SMM module can access non-SMRAM memory after ReadyToLock. It brought confusion because "static page table" means the page table is created in advance and there is no dynamic page table modification at runtime. It only applies to 64bit environment because page table for memory below 4GB is always created in advance. But the control of whether allowing SMM module access non-SMRAM memory can also be applied to 32bit environment. It makes more sense to have a separate PCD as proposed in this patch to control the policy. Signed-off-by: Ray Ni Cc: Eric Dong Cc: Laszlo Ersek Cc: Jiewen Yao --- UefiCpuPkg/UefiCpuPkg.dec | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec index 6ddf0cd224..24b44bae39 100644 --- a/UefiCpuPkg/UefiCpuPkg.dec +++ b/UefiCpuPkg/UefiCpuPkg.dec @@ -246,6 +246,13 @@ [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] # @Prompt Use static page table for all memory in SMM. gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStaticPageTable|TRUE|BOOLEAN|0x3213210D + ## Controls whether SMM modules can access all non-SMRAM memory after SmmReadyToLock. + # TRUE - SMM modules can access all non-SMRAM memory after SmmReadyToLock.
+ # FALSE - SMM modules can only access reserved, runtime and ACPI NVS type of non-SMRAM memory + # after SmmReadyToLock.
+ # @Prompt SMM modules can access all non-SMRAM memory after SmmReadyToLock. + gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmAccessOut|FALSE|BOOLEAN|0x3213210F + ## Specifies timeout value in microseconds for the BSP in SMM to wait for all APs to come into SMM. # @Prompt AP synchronization timeout value in SMM. gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|1000000|UINT64|0x32132104 -- 2.21.0.windows.1