From: "Taylor Beebe" <taylor.d.beebe@gmail.com>
To: devel@edk2.groups.io
Cc: Eric Dong <eric.dong@intel.com>, Ray Ni <ray.ni@intel.com>,
Rahul Kumar <rahul1.kumar@intel.com>,
Gerd Hoffmann <kraxel@redhat.com>
Subject: [edk2-devel] [PATCH v2 07/25] UefiCpuPkg: Always Set Stack Guard in MpPei Init
Date: Fri, 18 Aug 2023 15:31:39 -0700 [thread overview]
Message-ID: <20230818223159.1073-8-taylor.d.beebe@gmail.com> (raw)
In-Reply-To: <20230818223159.1073-1-taylor.d.beebe@gmail.com>
Memory protection is not set in PEI and ingested during and
after DXE handoff. This paradigm means that the platform cannot
reliably query the stack guard setting during MpInit. Because the
execution path of PEI consistent and no third party
code is executed, setting the stack guard in MpInit on every
boot should be fine.
Signed-off-by: Taylor Beebe <taylor.d.beebe@gmail.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
---
UefiCpuPkg/CpuMpPei/CpuMpPei.c | 8 +++-----
UefiCpuPkg/CpuMpPei/CpuPaging.c | 16 ++++++++--------
UefiCpuPkg/CpuMpPei/CpuMpPei.h | 3 ++-
UefiCpuPkg/CpuMpPei/CpuMpPei.inf | 1 -
4 files changed, 13 insertions(+), 15 deletions(-)
diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.c b/UefiCpuPkg/CpuMpPei/CpuMpPei.c
index b504bea3cfeb..ca0c6bdb4b21 100644
--- a/UefiCpuPkg/CpuMpPei/CpuMpPei.c
+++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.c
@@ -469,10 +469,6 @@ InitializeMpExceptionStackSwitchHandlers (
EFI_STATUS Status;
UINT8 *Buffer;
- if (!PcdGetBool (PcdCpuStackGuard)) {
- return;
- }
-
Status = MpInitLibGetNumberOfProcessors (&NumberOfProcessors, NULL);
ASSERT_EFI_ERROR (Status);
@@ -589,7 +585,9 @@ InitializeCpuMpWorker (
//
// Special initialization for the sake of Stack Guard
//
- InitializeMpExceptionStackSwitchHandlers ();
+ if (mInitStackGuard) {
+ InitializeMpExceptionStackSwitchHandlers ();
+ }
//
// Update and publish CPU BIST information
diff --git a/UefiCpuPkg/CpuMpPei/CpuPaging.c b/UefiCpuPkg/CpuMpPei/CpuPaging.c
index b7ddb0005b6f..0ab8ceeee8a6 100644
--- a/UefiCpuPkg/CpuMpPei/CpuPaging.c
+++ b/UefiCpuPkg/CpuMpPei/CpuPaging.c
@@ -68,6 +68,8 @@ EFI_PEI_NOTIFY_DESCRIPTOR mPostMemNotifyList[] = {
}
};
+BOOLEAN mInitStackGuard = FALSE;
+
/**
The function will check if IA32 PAE is supported.
@@ -532,7 +534,7 @@ SetupStackGuardPage (
}
/**
- Enable/setup stack guard for each processor if PcdCpuStackGuard is set to TRUE.
+ Enable/setup stack guard for each processor.
Doing this in the memory-discovered callback is to make sure the Stack Guard
feature to cover as most PEI code as possible.
@@ -553,7 +555,6 @@ MemoryDiscoveredPpiNotifyCallback (
)
{
EFI_STATUS Status;
- BOOLEAN InitStackGuard;
EDKII_MIGRATED_FV_INFO *MigratedFvInfo;
EFI_PEI_HOB_POINTERS Hob;
IA32_CR0 Cr0;
@@ -563,11 +564,10 @@ MemoryDiscoveredPpiNotifyCallback (
// initialization later will not contain paging information and then fail
// the task switch (for the sake of stack switch).
//
- InitStackGuard = FALSE;
- Hob.Raw = NULL;
+ Hob.Raw = NULL;
if (IsIa32PaeSupported ()) {
- Hob.Raw = GetFirstGuidHob (&gEdkiiMigratedFvInfoGuid);
- InitStackGuard = PcdGetBool (PcdCpuStackGuard);
+ Hob.Raw = GetFirstGuidHob (&gEdkiiMigratedFvInfoGuid);
+ mInitStackGuard = TRUE;
}
//
@@ -575,7 +575,7 @@ MemoryDiscoveredPpiNotifyCallback (
// is to enable paging if it is not enabled (only in 32bit mode).
//
Cr0.UintN = AsmReadCr0 ();
- if ((Cr0.Bits.PG == 0) && (InitStackGuard || (Hob.Raw != NULL))) {
+ if ((Cr0.Bits.PG == 0) && (mInitStackGuard || (Hob.Raw != NULL))) {
ASSERT (sizeof (UINTN) == sizeof (UINT32));
Status = EnablePaePageTable ();
@@ -588,7 +588,7 @@ MemoryDiscoveredPpiNotifyCallback (
Status = InitializeCpuMpWorker ((CONST EFI_PEI_SERVICES **)PeiServices);
ASSERT_EFI_ERROR (Status);
- if (InitStackGuard) {
+ if (mInitStackGuard) {
SetupStackGuardPage ();
}
diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.h b/UefiCpuPkg/CpuMpPei/CpuMpPei.h
index 1b9a94e18fdf..d0db4e480e13 100644
--- a/UefiCpuPkg/CpuMpPei/CpuMpPei.h
+++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.h
@@ -31,6 +31,7 @@
#include <Library/CpuPageTableLib.h>
extern EFI_PEI_PPI_DESCRIPTOR mPeiCpuMpPpiDesc;
+extern BOOLEAN mInitStackGuard;
/**
This service retrieves the number of logical processor in the platform
@@ -426,7 +427,7 @@ InitializeCpuMpWorker (
);
/**
- Enable/setup stack guard for each processor if PcdCpuStackGuard is set to TRUE.
+ Enable/setup stack guard for each processor.
Doing this in the memory-discovered callback is to make sure the Stack Guard
feature to cover as most PEI code as possible.
diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.inf b/UefiCpuPkg/CpuMpPei/CpuMpPei.inf
index 865be5627e85..6a987754120a 100644
--- a/UefiCpuPkg/CpuMpPei/CpuMpPei.inf
+++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.inf
@@ -64,7 +64,6 @@ [Ppis]
[Pcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList ## SOMETIMES_CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize ## SOMETIMES_CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize ## SOMETIMES_CONSUMES
--
2.41.0.windows.3
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107862): https://edk2.groups.io/g/devel/message/107862
Mute This Topic: https://groups.io/mt/100830905/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2023-08-18 22:57 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-18 22:31 [edk2-devel] [PATCH v2 00/25] Implement Dynamic Memory Protections Taylor Beebe
2023-08-18 22:31 ` [edk2-devel] [PATCH v2 01/25] MdeModulePkg: Add DXE and MM Memory Protection Settings Definitions Taylor Beebe
2023-08-18 22:31 ` [edk2-devel] [PATCH v2 02/25] MdeModulePkg: Define SetMemoryProtectionsLib and GetMemoryProtectionsLib Taylor Beebe
2023-08-18 22:31 ` [edk2-devel] [PATCH v2 03/25] MdeModulePkg: Add NULL Instances for Get/SetMemoryProtectionsLib Taylor Beebe
2023-08-18 22:31 ` [edk2-devel] [PATCH v2 04/25] MdeModulePkg: Implement SetMemoryProtectionsLib and GetMemoryProtectionsLib Taylor Beebe
2023-08-18 22:31 ` [edk2-devel] [PATCH v2 05/25] MdeModulePkg: Apply Protections to the HOB List Taylor Beebe
2023-08-18 22:31 ` [edk2-devel] [PATCH v2 06/25] MdeModulePkg: Check Print Level Before Dumping GCD Memory Map Taylor Beebe
2023-08-18 22:31 ` Taylor Beebe [this message]
2023-08-18 22:31 ` [edk2-devel] [PATCH v2 08/25] ArmVirtPkg: Add Memory Protection Library Definitions to Platforms Taylor Beebe
2023-08-18 22:31 ` [edk2-devel] [PATCH v2 09/25] OvmfPkg: " Taylor Beebe
2023-08-18 22:31 ` [edk2-devel] [PATCH v2 10/25] OvmfPkg: Apply Memory Protections via SetMemoryProtectionsLib Taylor Beebe
2023-08-18 22:31 ` [edk2-devel] [PATCH v2 11/25] OvmfPkg: Update PeilessStartupLib to use SetMemoryProtectionsLib Taylor Beebe
2023-08-18 22:31 ` [edk2-devel] [PATCH v2 12/25] UefiPayloadPkg: Update DXE Handoff " Taylor Beebe
2023-08-18 22:31 ` [edk2-devel] [PATCH v2 13/25] MdeModulePkg: " Taylor Beebe
2023-08-18 22:31 ` [edk2-devel] [PATCH v2 14/25] ArmPkg: Use GetMemoryProtectionsLib instead of Memory Protection PCDs Taylor Beebe
2023-08-18 22:31 ` [edk2-devel] [PATCH v2 15/25] EmulatorPkg: " Taylor Beebe
2023-08-18 22:31 ` [edk2-devel] [PATCH v2 16/25] OvmfPkg: " Taylor Beebe
2023-08-18 22:31 ` [edk2-devel] [PATCH v2 17/25] UefiCpuPkg: " Taylor Beebe
2023-08-18 22:31 ` [edk2-devel] [PATCH v2 18/25] MdeModulePkg: " Taylor Beebe
2023-08-18 22:31 ` [edk2-devel] [PATCH v2 19/25] MdeModulePkg: Add Additional Profiles to SetMemoryProtectionsLib Taylor Beebe
2023-08-29 10:46 ` Gerd Hoffmann
2023-08-29 16:08 ` Taylor Beebe
2023-08-18 22:31 ` [edk2-devel] [PATCH v2 20/25] OvmfPkg: Enable Choosing Memory Protection Profile via QemuCfg Taylor Beebe
2023-08-29 11:17 ` Gerd Hoffmann
2023-08-29 16:26 ` Taylor Beebe
2023-08-18 22:31 ` [edk2-devel] [PATCH v2 21/25] ArmVirtPkg: Apply Memory Protections via SetMemoryProtectionsLib Taylor Beebe
2023-08-18 22:31 ` [edk2-devel] [PATCH v2 22/25] MdeModulePkg: Delete PCD Profile from SetMemoryProtectionsLib Taylor Beebe
2023-08-18 22:31 ` [edk2-devel] [PATCH v2 23/25] OvmfPkg: Delete Memory Protection PCDs Taylor Beebe
2023-08-18 22:31 ` [edk2-devel] [PATCH v2 24/25] ArmVirtPkg: " Taylor Beebe
2023-08-18 22:31 ` [edk2-devel] [PATCH v2 25/25] MdeModulePkg: " Taylor Beebe
2023-08-19 22:13 ` [edk2-devel] [PATCH v2 00/25] Implement Dynamic Memory Protections Pedro Falcato
2023-08-21 16:19 ` Taylor Beebe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230818223159.1073-8-taylor.d.beebe@gmail.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox