From: "Guomin Jiang" <guomin.jiang@intel.com>
To: devel@edk2.groups.io
Cc: Jian J Wang <jian.j.wang@intel.com>,
Hao A Wu <hao.a.wu@intel.com>, Dandan Bi <dandan.bi@intel.com>,
Liming Gao <liming.gao@intel.com>,
Debkumar De <debkumar.de@intel.com>,
Harry Han <harry.han@intel.com>,
Catharine West <catharine.west@intel.com>
Subject: [PATCH v6 10/10] MdeModulePkg/Core: Avoid redundant shadow when enable the Migrated PCD (CVE-2019-11098)
Date: Mon, 20 Jul 2020 19:30:22 +0800 [thread overview]
Message-ID: <20200720113022.675-11-guomin.jiang@intel.com> (raw)
In-Reply-To: <20200720113022.675-1-guomin.jiang@intel.com>
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1614
When PcdMigrateTemporaryRamFirmwareVolumes is TRUE, it will shadow the
PEIMs, when it is disabled, PEIMs marked REGISTER_FOR_SHADOW will be
shadowed as well and it is controled by PcdShadowPeimOnBoot and
PcdShadowPeimOnS3Boot.
To cover the shadow behavior, the change will always shadow PEIMs when
enable PcdMigrateTemporaryRamFirmwareVolumes.
When PcdMigrateTemporaryRamFirmwareVolumes is true, if enable
PcdShadowPeiOnBoot, it will shadow some PEIMs twice and occupy more
memory and waste more boot time. it is unnecessary, so the only valid
choice is to enable PcdMigrateTemporaryRamFirmwareVolumes and disable
PcdShadowPeimOnBoot.
Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Debkumar De <debkumar.de@intel.com>
Cc: Harry Han <harry.han@intel.com>
Cc: Catharine West <catharine.west@intel.com>
---
MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c | 11 +++++++++--
MdeModulePkg/Core/Pei/Image/Image.c | 14 ++++++++++----
MdeModulePkg/Core/Pei/PeiMain/PeiMain.c | 18 +++++++++++++-----
3 files changed, 32 insertions(+), 11 deletions(-)
diff --git a/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c b/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c
index 210b5b22f727..74cd5387c158 100644
--- a/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c
+++ b/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c
@@ -1408,7 +1408,11 @@ PeiDispatcher (
PeimFileHandle = NULL;
EntryPoint = 0;
- if ((Private->PeiMemoryInstalled) && (Private->HobList.HandoffInformationTable->BootMode != BOOT_ON_S3_RESUME || PcdGetBool (PcdShadowPeimOnS3Boot))) {
+ if ((Private->PeiMemoryInstalled) &&
+ (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)
+ || (Private->HobList.HandoffInformationTable->BootMode != BOOT_ON_S3_RESUME)
+ || PcdGetBool (PcdShadowPeimOnS3Boot))
+ ) {
//
// Once real memory is available, shadow the RegisterForShadow modules. And meanwhile
// update the modules' status from PEIM_STATE_REGISTER_FOR_SHADOW to PEIM_STATE_DONE.
@@ -1607,7 +1611,10 @@ PeiDispatcher (
PeiCheckAndSwitchStack (SecCoreData, Private);
if ((Private->PeiMemoryInstalled) && (Private->Fv[FvCount].PeimState[PeimCount] == PEIM_STATE_REGISTER_FOR_SHADOW) && \
- (Private->HobList.HandoffInformationTable->BootMode != BOOT_ON_S3_RESUME || PcdGetBool (PcdShadowPeimOnS3Boot))) {
+ (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)
+ || (Private->HobList.HandoffInformationTable->BootMode != BOOT_ON_S3_RESUME)
+ || PcdGetBool (PcdShadowPeimOnS3Boot))
+ ) {
//
// If memory is available we shadow images by default for performance reasons.
// We call the entry point a 2nd time so the module knows it's shadowed.
diff --git a/MdeModulePkg/Core/Pei/Image/Image.c b/MdeModulePkg/Core/Pei/Image/Image.c
index 0caeb63e26b4..85d1a84e4b67 100644
--- a/MdeModulePkg/Core/Pei/Image/Image.c
+++ b/MdeModulePkg/Core/Pei/Image/Image.c
@@ -328,8 +328,11 @@ LoadAndRelocatePeCoffImage (
//
// When Image has no reloc section, it can't be relocated into memory.
//
- if (ImageContext.RelocationsStripped && (Private->PeiMemoryInstalled) && ((!IsPeiModule) ||
- (!IsS3Boot && (PcdGetBool (PcdShadowPeimOnBoot) || IsRegisterForShadow)) || (IsS3Boot && PcdGetBool (PcdShadowPeimOnS3Boot)))) {
+ if (ImageContext.RelocationsStripped && (Private->PeiMemoryInstalled)
+ && ((!IsPeiModule) || PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)
+ || (!IsS3Boot && (PcdGetBool (PcdShadowPeimOnBoot) || IsRegisterForShadow))
+ || (IsS3Boot && PcdGetBool (PcdShadowPeimOnS3Boot)))
+ ) {
DEBUG ((EFI_D_INFO|EFI_D_LOAD, "The image at 0x%08x without reloc section can't be loaded into memory\n", (UINTN) Pe32Data));
}
@@ -343,8 +346,11 @@ LoadAndRelocatePeCoffImage (
// On normal boot, PcdShadowPeimOnBoot decides whether load PEIM or PeiCore into memory.
// On S3 boot, PcdShadowPeimOnS3Boot decides whether load PEIM or PeiCore into memory.
//
- if ((!ImageContext.RelocationsStripped) && (Private->PeiMemoryInstalled) && ((!IsPeiModule) ||
- (!IsS3Boot && (PcdGetBool (PcdShadowPeimOnBoot) || IsRegisterForShadow)) || (IsS3Boot && PcdGetBool (PcdShadowPeimOnS3Boot)))) {
+ if ((!ImageContext.RelocationsStripped) && (Private->PeiMemoryInstalled)
+ && ((!IsPeiModule) || PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)
+ || (!IsS3Boot && (PcdGetBool (PcdShadowPeimOnBoot) || IsRegisterForShadow))
+ || (IsS3Boot && PcdGetBool (PcdShadowPeimOnS3Boot)))
+ ) {
//
// Allocate more buffer to avoid buffer overflow.
//
diff --git a/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c b/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c
index 48605eeada86..ce8649f954a8 100644
--- a/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c
+++ b/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c
@@ -322,7 +322,8 @@ PeiCore (
// PEI Core and PEIMs to get high performance.
//
OldCoreData->ShadowedPeiCore = (PEICORE_FUNCTION_POINTER) (UINTN) PeiCore;
- if ((HandoffInformationTable->BootMode == BOOT_ON_S3_RESUME && PcdGetBool (PcdShadowPeimOnS3Boot))
+ if (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)
+ || (HandoffInformationTable->BootMode == BOOT_ON_S3_RESUME && PcdGetBool (PcdShadowPeimOnS3Boot))
|| (HandoffInformationTable->BootMode != BOOT_ON_S3_RESUME && PcdGetBool (PcdShadowPeimOnBoot))) {
OldCoreData->ShadowedPeiCore = ShadowPeiCore (OldCoreData);
}
@@ -422,10 +423,17 @@ PeiCore (
}
} else {
if (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)) {
- if (PrivateData.HobList.HandoffInformationTable->BootMode == BOOT_ON_S3_RESUME) {
- TempRamEvacuation = PcdGetBool (PcdShadowPeimOnS3Boot);
- } else {
- TempRamEvacuation = PcdGetBool (PcdShadowPeimOnBoot);
+ TempRamEvacuation = TRUE;
+
+ //
+ // When PcdMigrateTemporaryRamFirmwareVolumes is TRUE, it make sense only
+ // when PcdShadowPeimOnBoot is FALSE. in this situation, all PEIMs will be copied
+ // and shadowed, and doesn't need shadow PEIMs again, it will occupy more
+ // memory and waste more time if you enable it.
+ //
+ if (PcdGetBool (PcdShadowPeimOnBoot)) {
+ DEBUG ((DEBUG_ERROR, "!!!IMPORTANT NOTICE!!!\nWhen you see the message, it mean that you enable the PcdMigrateTemporaryRamFirmwareVolumes and PcdShadowPeimOnBoot at the same time\nIt make no sense because it will occupy more memory and waste more time.\nYou must disable PcdShadowPeimOnBoot when you enable PcdMigrateTemporaryRamFirmwareVolumes for performance reason.\n\n"));
+ ASSERT ((PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes) == TRUE) && (PcdGetBool (PcdShadowPeimOnBoot) == FALSE));
}
}
--
2.25.1.windows.1
next prev parent reply other threads:[~2020-07-20 11:30 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-20 11:30 [PATCH v6 00/10] Add new feature that evacuate temporary to permanent memory (CVE-2019-11098) Guomin Jiang
2020-07-20 11:30 ` [PATCH v6 01/10] MdeModulePkg: Add new PCD to control the evacuate temporary memory feature (CVE-2019-11098) Guomin Jiang
2020-07-22 2:26 ` [edk2-devel] " Wang, Jian J
2020-07-22 2:42 ` Wang, Jian J
2020-07-20 11:30 ` [PATCH v6 02/10] MdeModulePkg/PeiCore: Enable T-RAM evacuation in PeiCore (CVE-2019-11098) Guomin Jiang
2020-07-20 11:30 ` [PATCH v6 03/10] UefiCpuPkg/CpuMpPei: Add GDT migration support (CVE-2019-11098) Guomin Jiang
2020-07-22 2:43 ` [edk2-devel] " Wang, Jian J
2020-07-20 11:30 ` [PATCH v6 04/10] UefiCpuPkg/SecMigrationPei: Add initial PEIM (CVE-2019-11098) Guomin Jiang
2020-07-22 3:07 ` [edk2-devel] " Wang, Jian J
2020-07-20 11:30 ` [PATCH v6 05/10] MdeModulePkg/Core: Create Migrated FV Info Hob for calculating hash (CVE-2019-11098) Guomin Jiang
2020-07-22 3:16 ` Wang, Jian J
2020-07-20 11:30 ` [PATCH v6 06/10] SecurityPkg/Tcg2Pei: Use " Guomin Jiang
2020-07-22 1:25 ` Qi Zhang
2020-07-20 11:30 ` [PATCH v6 07/10] UefiCpuPkg/CpuMpPei: Enable paging and set NP flag to avoid TOCTOU (CVE-2019-11098) Guomin Jiang
2020-07-22 3:31 ` [edk2-devel] " Wang, Jian J
2020-07-20 11:30 ` [PATCH v6 08/10] UefiCpuPkg: Correct some typos Guomin Jiang
2020-07-20 11:30 ` [PATCH v6 09/10] SecurityPkg/TcgPei: Use Migrated FV Info Hob for calculating hash (CVE-2019-11098) Guomin Jiang
2020-07-22 1:25 ` Qi Zhang
2020-07-20 11:30 ` Guomin Jiang [this message]
2020-07-22 6:58 ` [edk2-devel] [PATCH v6 10/10] MdeModulePkg/Core: Avoid redundant shadow when enable the Migrated PCD (CVE-2019-11098) Wang, Jian J
2020-07-22 7:27 ` Liming Gao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200720113022.675-11-guomin.jiang@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox