From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id A2FA9D8004C for ; Wed, 30 Aug 2023 23:19:12 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=oCRq6zBvvgewgfNadf3QrFFrVa3RrE0Lq343NNzQ8Ik=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1693437551; v=1; b=h4FD6Y+fGA0d2S9xxX91bqvvKbW1PkCfEOvkz+oP07NfSr5ghhqwDbIiI6+vI7UkD2ynnj/L TVYrnpbf5KdE7BD3TcZDu4Oo3807MWKcO5PaVEGbtbVBuFzPTJVNI6wloArT6eoabJzn5yytQBT NFGT57RbfLqo+sfU0n/3tkX8= X-Received: by 127.0.0.2 with SMTP id EuggYY7687511xEgpEgARf7S; Wed, 30 Aug 2023 16:19:11 -0700 X-Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) by mx.groups.io with SMTP id smtpd.web10.4863.1693437549399587903 for ; Wed, 30 Aug 2023 16:19:09 -0700 X-Received: by mail-pf1-f173.google.com with SMTP id d2e1a72fcca58-68becf931d0so156755b3a.3 for ; Wed, 30 Aug 2023 16:19:09 -0700 (PDT) X-Gm-Message-State: S9awAEbbg0Dfxi0zwcHvhPKBx7686176AA= X-Google-Smtp-Source: AGHT+IFUYZy9B1BC/5iRxOn66kBtqGRMY1brjnVdEwnzjK8rqeILmXEcj5qK8M6dBTOUWWXfFap07w== X-Received: by 2002:a05:6a21:3d89:b0:14d:396e:6e1c with SMTP id bj9-20020a056a213d8900b0014d396e6e1cmr3440654pzc.28.1693437548621; Wed, 30 Aug 2023 16:19:08 -0700 (PDT) X-Received: from localhost.localdomain ([50.46.253.1]) by smtp.gmail.com with ESMTPSA id x16-20020a62fb10000000b0064398fe3451sm102550pfm.217.2023.08.30.16.19.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Aug 2023 16:19:08 -0700 (PDT) From: "Taylor Beebe" To: devel@edk2.groups.io Cc: Eric Dong , Ray Ni , Rahul Kumar , Gerd Hoffmann Subject: [edk2-devel] [PATCH v3 08/26] UefiCpuPkg: Always Set Stack Guard in MpPei Init Date: Wed, 30 Aug 2023 16:18:16 -0700 Message-ID: <20230830231851.779-9-taylor.d.beebe@gmail.com> In-Reply-To: <20230830231851.779-1-taylor.d.beebe@gmail.com> References: <20230830231851.779-1-taylor.d.beebe@gmail.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,taylor.d.beebe@gmail.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=h4FD6Y+f; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none) Memory protection is not set in PEI and ingested during and after DXE handoff. This paradigm means that the platform cannot reliably query the stack guard setting during MpInit. Because the execution path of PEI consistent and no third party code is executed, setting the stack guard in MpInit on every boot should be fine. Signed-off-by: Taylor Beebe Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: Gerd Hoffmann --- UefiCpuPkg/CpuMpPei/CpuMpPei.c | 8 +++----- UefiCpuPkg/CpuMpPei/CpuPaging.c | 16 ++++++++-------- UefiCpuPkg/CpuMpPei/CpuMpPei.h | 3 ++- UefiCpuPkg/CpuMpPei/CpuMpPei.inf | 1 - 4 files changed, 13 insertions(+), 15 deletions(-) diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.c b/UefiCpuPkg/CpuMpPei/CpuMpPei.c index b504bea3cfeb..ca0c6bdb4b21 100644 --- a/UefiCpuPkg/CpuMpPei/CpuMpPei.c +++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.c @@ -469,10 +469,6 @@ InitializeMpExceptionStackSwitchHandlers ( EFI_STATUS Status; UINT8 *Buffer; - if (!PcdGetBool (PcdCpuStackGuard)) { - return; - } - Status = MpInitLibGetNumberOfProcessors (&NumberOfProcessors, NULL); ASSERT_EFI_ERROR (Status); @@ -589,7 +585,9 @@ InitializeCpuMpWorker ( // // Special initialization for the sake of Stack Guard // - InitializeMpExceptionStackSwitchHandlers (); + if (mInitStackGuard) { + InitializeMpExceptionStackSwitchHandlers (); + } // // Update and publish CPU BIST information diff --git a/UefiCpuPkg/CpuMpPei/CpuPaging.c b/UefiCpuPkg/CpuMpPei/CpuPaging.c index b7ddb0005b6f..0ab8ceeee8a6 100644 --- a/UefiCpuPkg/CpuMpPei/CpuPaging.c +++ b/UefiCpuPkg/CpuMpPei/CpuPaging.c @@ -68,6 +68,8 @@ EFI_PEI_NOTIFY_DESCRIPTOR mPostMemNotifyList[] = { } }; +BOOLEAN mInitStackGuard = FALSE; + /** The function will check if IA32 PAE is supported. @@ -532,7 +534,7 @@ SetupStackGuardPage ( } /** - Enable/setup stack guard for each processor if PcdCpuStackGuard is set to TRUE. + Enable/setup stack guard for each processor. Doing this in the memory-discovered callback is to make sure the Stack Guard feature to cover as most PEI code as possible. @@ -553,7 +555,6 @@ MemoryDiscoveredPpiNotifyCallback ( ) { EFI_STATUS Status; - BOOLEAN InitStackGuard; EDKII_MIGRATED_FV_INFO *MigratedFvInfo; EFI_PEI_HOB_POINTERS Hob; IA32_CR0 Cr0; @@ -563,11 +564,10 @@ MemoryDiscoveredPpiNotifyCallback ( // initialization later will not contain paging information and then fail // the task switch (for the sake of stack switch). // - InitStackGuard = FALSE; - Hob.Raw = NULL; + Hob.Raw = NULL; if (IsIa32PaeSupported ()) { - Hob.Raw = GetFirstGuidHob (&gEdkiiMigratedFvInfoGuid); - InitStackGuard = PcdGetBool (PcdCpuStackGuard); + Hob.Raw = GetFirstGuidHob (&gEdkiiMigratedFvInfoGuid); + mInitStackGuard = TRUE; } // @@ -575,7 +575,7 @@ MemoryDiscoveredPpiNotifyCallback ( // is to enable paging if it is not enabled (only in 32bit mode). // Cr0.UintN = AsmReadCr0 (); - if ((Cr0.Bits.PG == 0) && (InitStackGuard || (Hob.Raw != NULL))) { + if ((Cr0.Bits.PG == 0) && (mInitStackGuard || (Hob.Raw != NULL))) { ASSERT (sizeof (UINTN) == sizeof (UINT32)); Status = EnablePaePageTable (); @@ -588,7 +588,7 @@ MemoryDiscoveredPpiNotifyCallback ( Status = InitializeCpuMpWorker ((CONST EFI_PEI_SERVICES **)PeiServices); ASSERT_EFI_ERROR (Status); - if (InitStackGuard) { + if (mInitStackGuard) { SetupStackGuardPage (); } diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.h b/UefiCpuPkg/CpuMpPei/CpuMpPei.h index 1b9a94e18fdf..d0db4e480e13 100644 --- a/UefiCpuPkg/CpuMpPei/CpuMpPei.h +++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.h @@ -31,6 +31,7 @@ #include extern EFI_PEI_PPI_DESCRIPTOR mPeiCpuMpPpiDesc; +extern BOOLEAN mInitStackGuard; /** This service retrieves the number of logical processor in the platform @@ -426,7 +427,7 @@ InitializeCpuMpWorker ( ); /** - Enable/setup stack guard for each processor if PcdCpuStackGuard is set to TRUE. + Enable/setup stack guard for each processor. Doing this in the memory-discovered callback is to make sure the Stack Guard feature to cover as most PEI code as possible. diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.inf b/UefiCpuPkg/CpuMpPei/CpuMpPei.inf index 865be5627e85..6a987754120a 100644 --- a/UefiCpuPkg/CpuMpPei/CpuMpPei.inf +++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.inf @@ -64,7 +64,6 @@ [Ppis] [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList ## SOMETIMES_CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize ## SOMETIMES_CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize ## SOMETIMES_CONSUMES -- 2.42.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#108162): https://edk2.groups.io/g/devel/message/108162 Mute This Topic: https://groups.io/mt/101064080/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-