From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web12.27873.1628536164825636506 for ; Mon, 09 Aug 2021 12:09:25 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@linux.microsoft.com header.s=default header.b=QxJXGuu6; spf=pass (domain: linux.microsoft.com, ip: 13.77.154.182, mailfrom: mikuback@linux.microsoft.com) Received: from localhost.localdomain (unknown [167.220.2.74]) by linux.microsoft.com (Postfix) with ESMTPSA id 49D6B20A3A23; Mon, 9 Aug 2021 12:09:24 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 49D6B20A3A23 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1628536164; bh=hE0XEJ1L/75cnXeRqfaAr5uVqFW5ScS7tsY94W7LMYw=; h=From:To:Cc:Subject:Date:From; b=QxJXGuu6aNDW8V0kR7AQHsWdH9RKQ41TwSnFOv+egtKrsgZq29/MsnGs61TLkXu3r PqgDORyBif29JBBu2ezmgeHskmwrCxK9bH5fuoa/gLuqVZjX/nKE7lOYmQPFBkj9mq 7T3DJCnPyTiWm9VEYvG5LvpzDGAQojaFDrpy3xwg= From: "Michael Kubacki" To: devel@edk2.groups.io Cc: Chasel Chiu , Nate DeSimone , Liming Gao , Eric Dong , Chris Ruffin , Michael Kubacki Subject: [edk2-platforms][PATCH v1 1/1] MinPlatformPkg/TestPointCheckLib: Add support for BME device exemption Date: Mon, 9 Aug 2021 15:08:54 -0400 Message-Id: <20210809190854.3043-1-mikuback@linux.microsoft.com> X-Mailer: git-send-email 2.28.0.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Chris Ruffin REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D3541 Some platforms have devices which do not expose any additional risk of DMA attacks but the BME bit cannot be disabled. To allow MinPlatformPkg consumers to selectively exempt certain devices from the PCI bus master test point, this change adds a PCD to MinPlatformPkg.dec that allows those packages to specify a list of PCI devices by S/B/D/F that should be excluded from testing. Cc: Chasel Chiu Cc: Nate DeSimone Cc: Liming Gao Cc: Eric Dong Cc: Chris Ruffin Co-authored-by: Michael Kubacki Signed-off-by: Michael Kubacki --- Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/DxeCheckPci= .c | 37 ++++++++++++++++++-- Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/PeiCheckPci= .c | 35 ++++++++++++++++++ Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec = | 4 +++ Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/DxeTestPoin= tCheckLib.inf | 1 + Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/PeiTestPoin= tCheckLib.inf | 1 + 5 files changed, 75 insertions(+), 3 deletions(-) diff --git a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib= /DxeCheckPci.c b/Platform/Intel/MinPlatformPkg/Test/Library/TestPointChec= kLib/DxeCheckPci.c index 514003944758..95f4fb8b7c7e 100644 --- a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/DxeChe= ckPci.c +++ b/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/DxeChe= ckPci.c @@ -44,6 +44,13 @@ typedef struct { UINT32 Data[48]; } PCI_CONFIG_SPACE; =20 +typedef struct { + UINT8 Segment; + UINT8 Bus; + UINT8 Device; + UINT8 Function; +} EXEMPT_DEVICE; + #pragma pack() =20 VOID @@ -256,7 +263,7 @@ TestPointCheckPciResource ( UINT16 MinBus; UINT16 MaxBus; BOOLEAN IsEnd; - =20 + DEBUG ((DEBUG_INFO, "=3D=3D=3D=3D TestPointCheckPciResource - Enter\n"= )); HandleBuf =3D NULL; Status =3D gBS->LocateHandleBuffer ( @@ -338,7 +345,7 @@ TestPointCheckPciResource ( // Device DumpPciDevice ((UINT8)Bus, (UINT8)Device, (UINT8)Func, &= PciData); } - =20 + // // If this is not a multi-function device, we can leave th= e loop // to deal with the next device. @@ -360,7 +367,7 @@ TestPointCheckPciResource ( } } } - =20 + Done: if (HandleBuf !=3D NULL) { FreePool (HandleBuf); @@ -396,6 +403,9 @@ TestPointCheckPciBusMaster ( UINT8 HeaderType; EFI_STATUS Status; PCI_SEGMENT_INFO *PciSegmentInfo; + EXEMPT_DEVICE *ExemptDevicePcdPtr; + BOOLEAN ExemptDeviceFound; + UINTN Index; =20 PciSegmentInfo =3D GetPciSegmentInfo (&SegmentCount); if (PciSegmentInfo =3D=3D NULL) { @@ -407,6 +417,27 @@ TestPointCheckPciBusMaster ( for (Bus =3D PciSegmentInfo[Segment].StartBusNumber; Bus <=3D PciSeg= mentInfo[Segment].EndBusNumber; Bus++) { for (Device =3D 0; Device <=3D 0x1F; Device++) { for (Function =3D 0; Function <=3D 0x7; Function++) { + // + // Some platforms have devices which do not expose any additio= nal + // risk of DMA attacks but are not able to be turned off. All= ow + // the platform to define these devices and do not record erro= rs + // for these devices. + // + ExemptDevicePcdPtr =3D (EXEMPT_DEVICE *) PcdGetPtr (PcdTestPoi= ntIbvPlatformExemptPciBme); + ExemptDeviceFound =3D FALSE; + for (Index =3D 0; Index < (PcdGetSize (PcdTestPointIbvPlatform= ExemptPciBme) / sizeof (EXEMPT_DEVICE)); Index++) { + if (Segment =3D=3D ExemptDevicePcdPtr[Index].Segment + && Bus =3D=3D ExemptDevicePcdPtr[Index].Bus + && Device =3D=3D ExemptDevicePcdPtr[Index].Device + && Function =3D=3D ExemptDevicePcdPtr[Index].Function) { + ExemptDeviceFound =3D TRUE; + } + } + + if (ExemptDeviceFound) { + continue; + } + VendorId =3D PciSegmentRead16 (PCI_SEGMENT_LIB_ADDRESS(PciSegm= entInfo[Segment].SegmentNumber, Bus, Device, Function, PCI_VENDOR_ID_OFFS= ET)); // // If VendorId =3D 0xffff, there does not exist a device at th= is diff --git a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib= /PeiCheckPci.c b/Platform/Intel/MinPlatformPkg/Test/Library/TestPointChec= kLib/PeiCheckPci.c index 1061f8ac1c62..25c3caba6eed 100644 --- a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/PeiChe= ckPci.c +++ b/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/PeiChe= ckPci.c @@ -14,6 +14,17 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include =20 +#pragma pack(1) + + typedef struct EXEMPT_DEVICE_STRUCT { + UINT8 Segment; + UINT8 Bus; + UINT8 Device; + UINT8 Function; +} EXEMPT_DEVICE; + +#pragma pack() + EFI_STATUS TestPointCheckPciBusMaster ( VOID @@ -29,6 +40,9 @@ TestPointCheckPciBusMaster ( UINT8 HeaderType; EFI_STATUS Status; PCI_SEGMENT_INFO *PciSegmentInfo; + EXEMPT_DEVICE *ExemptDevicePcdPtr; + BOOLEAN ExemptDeviceFound; + UINTN Index; =20 PciSegmentInfo =3D GetPciSegmentInfo (&SegmentCount); if (PciSegmentInfo =3D=3D NULL) { @@ -40,6 +54,27 @@ TestPointCheckPciBusMaster ( for (Bus =3D PciSegmentInfo[Segment].StartBusNumber; Bus <=3D PciSeg= mentInfo[Segment].EndBusNumber; Bus++) { for (Device =3D 0; Device <=3D 0x1F; Device++) { for (Function =3D 0; Function <=3D 0x7; Function++) { + // + // Some platforms have devices which do not expose any additio= nal + // risk of DMA attacks but are not able to be turned off. All= ow + // the platform to define these devices and do not record erro= rs + // for these devices. + // + ExemptDevicePcdPtr =3D (EXEMPT_DEVICE *) PcdGetPtr (PcdTestPoi= ntIbvPlatformExemptPciBme); + ExemptDeviceFound =3D FALSE; + for (Index =3D 0; Index < (PcdGetSize (PcdTestPointIbvPlatform= ExemptPciBme) / sizeof (EXEMPT_DEVICE)); Index++) { + if (Segment =3D=3D ExemptDevicePcdPtr[Index].Segment + && Bus =3D=3D ExemptDevicePcdPtr[Index].Bus + && Device =3D=3D ExemptDevicePcdPtr[Index].Device + && Function =3D=3D ExemptDevicePcdPtr[Index].Function) { + ExemptDeviceFound =3D TRUE; + } + } + + if (ExemptDeviceFound) { + continue; + } + VendorId =3D PciSegmentRead16 (PCI_SEGMENT_LIB_ADDRESS(PciSegm= entInfo[Segment].SegmentNumber, Bus, Device, Function, PCI_VENDOR_ID_OFFS= ET)); // // If VendorId =3D 0xffff, there does not exist a device at th= is diff --git a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec b/Platform/= Intel/MinPlatformPkg/MinPlatformPkg.dec index bcb42f0ef9e6..259038dde4df 100644 --- a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec +++ b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec @@ -160,6 +160,10 @@ [PcdsFixedAtBuild, PcdsPatchableInModule] # Stage Advanced: {0x03,= 0x0F, 0x03, 0x1D, 0x3F, 0x0F, 0x0F, 0x07, 0x03, 0x00, 0x00, 0x00, 0x00, = 0x00, 0x00, 0x00} gMinPlatformPkgTokenSpaceGuid.PcdTestPointIbvPlatformFeature|{0x03, 0x= 0F, 0x03, 0x1D, 0x3F, 0x0F, 0x0F, 0x07, 0x03, 0x00, 0x00, 0x00, 0x00, 0x0= 0, 0x00, 0x00}|VOID*|0x00100302 =20 + # The platform may define a list of devices that are exempt from PCI B= ME testing. + # PCD Format is {SegmentNumber1, BusNumber1, DeviceNumber1, FunctionNu= mber1, SegmentNumber2, BusNumber2, DeviceNumber2, FunctionNumber2, ...} + gMinPlatformPkgTokenSpaceGuid.PcdTestPointIbvPlatformExemptPciBme|{0}|= VOID*|0x00100303 + ## ## The Flash relevant PCD are ineffective and will be patched basing o= n FDF definitions during build. ## Set all of them to 0 here to prevent from confusion. diff --git a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib= /DxeTestPointCheckLib.inf b/Platform/Intel/MinPlatformPkg/Test/Library/Te= stPointCheckLib/DxeTestPointCheckLib.inf index 2ae1db4ee483..15779eb9b6de 100644 --- a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/DxeTes= tPointCheckLib.inf +++ b/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/DxeTes= tPointCheckLib.inf @@ -106,3 +106,4 @@ [Protocols] =20 [Pcd] gMinPlatformPkgTokenSpaceGuid.PcdTestPointIbvPlatformFeature + gMinPlatformPkgTokenSpaceGuid.PcdTestPointIbvPlatformExemptPciBme diff --git a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib= /PeiTestPointCheckLib.inf b/Platform/Intel/MinPlatformPkg/Test/Library/Te= stPointCheckLib/PeiTestPointCheckLib.inf index 51369fcedc1e..ea6dc6b8ba34 100644 --- a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/PeiTes= tPointCheckLib.inf +++ b/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/PeiTes= tPointCheckLib.inf @@ -47,6 +47,7 @@ [Sources] =20 [Pcd] gMinPlatformPkgTokenSpaceGuid.PcdTestPointIbvPlatformFeature + gMinPlatformPkgTokenSpaceGuid.PcdTestPointIbvPlatformExemptPciBme =20 [Guids] gEfiHobMemoryAllocStackGuid --=20 2.28.0.windows.1