[PATCH 1/5] UefiCpuPkg: Add PcdCpuSmmRestrictedMemoryAccess

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Ni, Ray" <ray.ni@intel.com>
To: devel@edk2.groups.io
Cc: Eric Dong <eric.dong@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Laszlo Ersek <lersek@redhat.com>
Subject: [PATCH 1/5] UefiCpuPkg: Add PcdCpuSmmRestrictedMemoryAccess
Date: Mon, 26 Aug 2019 06:45:09 +0800	[thread overview]
Message-ID: <20190825224513.171572-2-ray.ni@intel.com> (raw)
In-Reply-To: <20190825224513.171572-1-ray.ni@intel.com>

The patch adds a new X64 only PCD PcdCpuSmmRestrictedMemoryAccess.
The PCD indicates access to non-SMRAM memory is restricted to
reserved, runtime and ACPI NVS type after SmmReadyToLock.
MMIO access is always allowed regardless of the value of this PCD.
Loose of such restriction is only required by RAS components in X64
platforms.
The PCD value is considered as constantly TRUE in IA32 platforms.
When the PCD value is TRUE, page table is initialized to cover all
memory spaces and the memory occupied by page table is protected by
page table itself as read-only.

Signed-off-by: Ray Ni <ray.ni@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
---
 UefiCpuPkg/UefiCpuPkg.dec | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
index 86ad61f64b..83acd33612 100644
--- a/UefiCpuPkg/UefiCpuPkg.dec
+++ b/UefiCpuPkg/UefiCpuPkg.dec
@@ -278,6 +278,18 @@ [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
   # @Prompt Current boot is a power-on reset.
   gUefiCpuPkgTokenSpaceGuid.PcdIsPowerOnReset|FALSE|BOOLEAN|0x0000001B
 
+[PcdsFixedAtBuild.X64, PcdsPatchableInModule.X64, PcdsDynamic.X64, PcdsDynamicEx.X64]
+  ## Indicate access to non-SMRAM memory is restricted to reserved, runtime and ACPI NVS type after SmmReadyToLock.
+  #  MMIO access is always allowed regardless of the value of this PCD.
+  #  Loose of such restriction is only required by RAS components in X64 platforms.
+  #  The PCD value is considered as constantly TRUE in IA32 platforms.
+  #  When the PCD value is TRUE, page table is initialized to cover all memory spaces
+  #  and the memory occupied by page table is protected by page table itself as read-only.
+  #   TRUE  - Access to non-SMRAM memory is restricted to reserved, runtime and ACPI NVS type after SmmReadyToLock.<BR>
+  #   FALSE - Access to any type of non-SMRAM memory after SmmReadyToLock is allowed.<BR>
+  # @Prompt Access to non-SMRAM memory is restricted to reserved, runtime and ACPI NVS type after SmmReadyToLock.
+  gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmRestrictedMemoryAccess|TRUE|BOOLEAN|0x3213210F
+
 [PcdsDynamic, PcdsDynamicEx]
   ## Contains the pointer to a CPU S3 data buffer of structure ACPI_CPU_DATA.
   # @Prompt The pointer to a CPU S3 data buffer.
-- 
2.21.0.windows.1

next prev parent reply	other threads:[~2019-08-25 22:46 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-25 22:45 [PATCH 0/5] restrict memory access per PcdCpuSmmRestrictedMemoryAccess Ni, Ray
2019-08-25 22:45 ` Ni, Ray [this message]
2019-08-26 17:09   ` [edk2-devel] [PATCH 1/5] UefiCpuPkg: Add PcdCpuSmmRestrictedMemoryAccess Laszlo Ersek
2019-08-27  1:43   ` Dong, Eric
2019-08-25 22:45 ` [PATCH 2/5] UefiCpuPkg/PiSmmCpu: Use new PCD PcdCpuSmmRestrictedMemoryAccess Ni, Ray
2019-08-26 17:12   ` [edk2-devel] " Laszlo Ersek
2019-08-27  1:43   ` Dong, Eric
2019-08-25 22:45 ` [PATCH 3/5] UefiCpuPkg/PiSmmCpu: Restrict access per PcdCpuSmmRestrictedMemoryAccess Ni, Ray
2019-08-26 17:16   ` [edk2-devel] " Laszlo Ersek
2019-08-27  1:43   ` Dong, Eric
2019-08-25 22:45 ` [PATCH 4/5] UefiCpuPkg: Explain relationship between several SMM PCDs Ni, Ray
2019-08-26 17:38   ` [edk2-devel] " Laszlo Ersek
2019-08-27  1:47   ` Dong, Eric
2019-08-25 22:45 ` [PATCH 5/5] UefiCpuPkg: Remove PcdCpuSmmStaticPageTable Ni, Ray
2019-08-26 17:39   ` [edk2-devel] " Laszlo Ersek
2019-08-27  1:47   ` Dong, Eric
2019-09-20  8:44 ` [edk2-devel] [PATCH 0/5] restrict memory access per PcdCpuSmmRestrictedMemoryAccess Laszlo Ersek
2019-09-21  2:53   ` Ni, Ray

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:86ad61f64 dfblob:83acd3361 )
 OR (
bs:"[PATCH 1/5] UefiCpuPkg: Add PcdCpuSmmRestrictedMemoryAccess" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190825224513.171572-2-ray.ni@intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox