From: "Taylor Beebe" <taylor.d.beebe@gmail.com>
To: devel@edk2.groups.io
Cc: Eric Dong <eric.dong@intel.com>, Ray Ni <ray.ni@intel.com>,
Rahul Kumar <rahul1.kumar@intel.com>,
Gerd Hoffmann <kraxel@redhat.com>
Subject: [edk2-devel] [PATCH v4 18/28] UefiCpuPkg: Use GetMemoryProtectionsLib instead of Memory Protection PCDs
Date: Tue, 19 Sep 2023 17:57:41 -0700 [thread overview]
Message-ID: <20230920005752.2041-19-taylor.d.beebe@gmail.com> (raw)
In-Reply-To: <20230920005752.2041-1-taylor.d.beebe@gmail.com>
Replace references to the memory protection PCDs to instead
check the platform protections via GetMemoryProtectionsLib.
Because the protection profile is equivalent to the PCD settings,
this updated does not cause a torn state.
Signed-off-by: Taylor Beebe <taylor.d.beebe@gmail.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
---
UefiCpuPkg/CpuDxe/CpuDxe.c | 2 +-
UefiCpuPkg/CpuDxe/CpuMp.c | 2 +-
UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTestCommon.c | 6 +-----
UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerUnitTest.c | 15 ++++++++++++++
UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerUnitTest.c | 21 ++++++++++++++++++++
UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 3 ++-
UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c | 2 +-
UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 13 ++++++------
UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 2 +-
UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c | 2 +-
UefiCpuPkg/CpuDxe/CpuDxe.h | 11 ++++++----
UefiCpuPkg/CpuDxe/CpuDxe.inf | 4 +---
UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf | 3 ---
UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf | 1 -
UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.inf | 1 -
UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf | 1 -
UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf | 1 -
UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTest.h | 13 +++++++++++-
UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerLibUnitTest.inf | 2 +-
UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerLibUnitTest.inf | 2 +-
UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 3 ++-
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf | 3 +--
UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfileInternal.h | 9 +++++----
UefiCpuPkg/UefiCpuPkg.dec | 7 +++----
UefiCpuPkg/UefiCpuPkg.dsc | 2 ++
UefiCpuPkg/UefiCpuPkg.uni | 10 ++++------
26 files changed, 90 insertions(+), 51 deletions(-)
diff --git a/UefiCpuPkg/CpuDxe/CpuDxe.c b/UefiCpuPkg/CpuDxe/CpuDxe.c
index 804ef5d1fe8e..b12c43f4c1d4 100644
--- a/UefiCpuPkg/CpuDxe/CpuDxe.c
+++ b/UefiCpuPkg/CpuDxe/CpuDxe.c
@@ -399,7 +399,7 @@ CpuSetMemoryAttributes (
// During memory attributes updating, new pages may be allocated to setup
// smaller granularity of page table. Page allocation action might then cause
// another calling of CpuSetMemoryAttributes() recursively, due to memory
- // protection policy configured (such as PcdDxeNxMemoryProtectionPolicy).
+ // protection policy configured (such as the DXE NX Protection Policy).
// Since this driver will always protect memory used as page table by itself,
// there's no need to apply protection policy requested from memory service.
// So it's safe to just return EFI_SUCCESS if this time of calling is caused
diff --git a/UefiCpuPkg/CpuDxe/CpuMp.c b/UefiCpuPkg/CpuDxe/CpuMp.c
index e7575d9b8062..d8f978eec09d 100644
--- a/UefiCpuPkg/CpuDxe/CpuMp.c
+++ b/UefiCpuPkg/CpuDxe/CpuMp.c
@@ -734,7 +734,7 @@ InitializeMpExceptionHandlers (
//
// Setup stack switch for Stack Guard feature.
//
- if (PcdGetBool (PcdCpuStackGuard)) {
+ if (gMps.Dxe.CpuStackGuardEnabled) {
InitializeMpExceptionStackSwitchHandlers ();
}
}
diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTestCommon.c b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTestCommon.c
index 9ba70c5b7340..fe74b0e0eaae 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTestCommon.c
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTestCommon.c
@@ -743,10 +743,6 @@ TestCpuStackGuardInBspAndAp (
VOID *NewIdtr;
UINTN *CpuStackBaseBuffer;
- if (!PcdGetBool (PcdCpuStackGuard)) {
- return UNIT_TEST_PASSED;
- }
-
//
// Get MP Service Protocol
//
@@ -846,7 +842,7 @@ AddCommonTestCase (
AddTestCase (CpuExceptionLibUnitTestSuite, "Check if exception handler can be registered/unregistered for GP and PF", "TestRegisterHandlerForGPAndPF", TestRegisterHandlerForGPAndPF, NULL, NULL, NULL);
AddTestCase (CpuExceptionLibUnitTestSuite, "Check if Cpu Context is consistent before and after exception.", "TestCpuContextConsistency", TestCpuContextConsistency, NULL, NULL, NULL);
- AddTestCase (CpuExceptionLibUnitTestSuite, "Check if stack overflow is captured by CpuStackGuard in Bsp and AP", "TestCpuStackGuardInBspAndAp", TestCpuStackGuardInBspAndAp, NULL, NULL, NULL);
+ AddTestCase (CpuExceptionLibUnitTestSuite, "Check if stack overflow is captured by CpuStackGuard in Bsp and AP", "TestCpuStackGuardInBspAndAp", TestCpuStackGuardInBspAndAp, IsStackGuardEnabled, NULL, NULL);
return EFI_SUCCESS;
}
diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerUnitTest.c b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerUnitTest.c
index 1cec3ed809d9..c1de3a6663ae 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerUnitTest.c
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerUnitTest.c
@@ -8,6 +8,7 @@
#include "CpuExceptionHandlerTest.h"
#include <Library/UefiBootServicesTableLib.h>
+#include <Library/GetMemoryProtectionsLib.h>
#include <Protocol/Timer.h>
/**
@@ -145,6 +146,20 @@ GetMpServices (
return gBS->LocateProtocol (&gEfiMpServiceProtocolGuid, NULL, (VOID **)&MpServices->Protocol);
}
+/**
+ Checks if stack guard is enabled.
+
+ @param[in] Context The unit test context
+**/
+UNIT_TEST_STATUS
+EFIAPI
+IsStackGuardEnabled (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ return gMps.Dxe.CpuStackGuardEnabled;
+}
+
/**
Entry for CpuExceptionHandlerDxeTest driver.
diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerUnitTest.c b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerUnitTest.c
index d9408d2f5e2f..763268f55314 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerUnitTest.c
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerUnitTest.c
@@ -10,6 +10,7 @@
#include <Library/PeimEntryPoint.h>
#include <Library/PeiServicesLib.h>
#include <Library/PeiServicesTablePointerLib.h>
+#include <Library/SetMemoryProtectionsLib.h>
/**
Initialize Bsp Idt with a new Idt table and return the IA32_DESCRIPTOR buffer.
@@ -152,6 +153,26 @@ GetMpServices (
return PeiServicesLocatePpi (&gEdkiiPeiMpServices2PpiGuid, 0, NULL, (VOID **)&MpServices->Ppi);
}
+/**
+ Checks if stack guard is enabled.
+
+ @param[in] Context The unit test context
+**/
+UNIT_TEST_STATUS
+EFIAPI
+IsStackGuardEnabled (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ MEMORY_PROTECTION_SETTINGS Mps;
+
+ if (!EFI_ERROR (GetCurrentMemoryProtectionSettings (&Mps))) {
+ return Mps.Dxe.CpuStackGuardEnabled;
+ }
+
+ return FALSE;
+}
+
/**
Entry point of CpuExceptionHandlerPeiTest PEIM.
diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
index 57ddb86600a7..551a7924fad3 100644
--- a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
@@ -13,6 +13,7 @@
#include <Library/DebugAgentLib.h>
#include <Library/DxeServicesTableLib.h>
#include <Library/CcExitLib.h>
+#include <Library/GetMemoryProtectionsLib.h>
#include <Register/Amd/Fam17Msr.h>
#include <Register/Amd/Ghcb.h>
@@ -497,7 +498,7 @@ InitMpGlobalData (
return;
}
- if (PcdGetBool (PcdCpuStackGuard)) {
+ if (gMps.Dxe.CpuStackGuardEnabled) {
//
// One extra page at the bottom of the stack is needed for Guard page.
//
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
index b11264ce4aa7..7e6c9899b069 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
@@ -160,7 +160,7 @@ SmiPFHandler (
//
// If NULL pointer was just accessed
//
- if (((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0) &&
+ if (gMps.Mm.NullPointerDetection.Enabled &&
(PFAddress < EFI_PAGE_SIZE))
{
DumpCpuContext (InterruptType, SystemContext);
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
index 6f498666157e..4c02749c174e 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
@@ -1679,7 +1679,7 @@ GenSmmPageTable (
}
}
- if ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0) {
+ if (gMps.Mm.NullPointerDetection.Enabled) {
//
// Mark [0, 4k] as non-present
//
@@ -1834,13 +1834,13 @@ IfReadOnlyPageTableNeeded (
//
// Don't mark page table memory as read-only if
// - no restriction on access to non-SMRAM memory; or
- // - SMM heap guard feature enabled; or
- // BIT2: SMM page guard enabled
- // BIT3: SMM pool guard enabled
+ // - SMM page guard enabled
+ // - SMM pool guard enabled
// - SMM profile feature enabled
//
if (!IsRestrictedMemoryAccess () ||
- ((PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) != 0) ||
+ IS_MM_PAGE_GUARD_ACTIVE ||
+ IS_MM_POOL_GUARD_ACTIVE ||
FeaturePcdGet (PcdCpuSmmProfileEnable))
{
if (sizeof (UINTN) == sizeof (UINT64)) {
@@ -1849,7 +1849,8 @@ IfReadOnlyPageTableNeeded (
//
ASSERT (
!(IsRestrictedMemoryAccess () &&
- (PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) != 0)
+ (IS_MM_PAGE_GUARD_ACTIVE ||
+ IS_MM_POOL_GUARD_ACTIVE))
);
//
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
index 7ac3c66f911c..4f48e0c4f399 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
@@ -610,7 +610,7 @@ InitPaging (
//
// [0, 4k] may be non-present.
//
- PreviousAddress = ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0) ? BASE_4KB : 0;
+ PreviousAddress = (gMps.Mm.NullPointerDetection.Enabled) ? BASE_4KB : 0;
DEBUG ((DEBUG_INFO, "Patch page table start ...\n"));
if (FeaturePcdGet (PcdCpuSmmProfileEnable)) {
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
index ddd9be66b53f..10e26cd72f6d 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
@@ -932,7 +932,7 @@ SmiPFHandler (
//
// If NULL pointer was just accessed
//
- if (((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0) &&
+ if (gMps.Mm.NullPointerDetection.Enabled &&
(PFAddress < EFI_PAGE_SIZE))
{
DumpCpuContext (InterruptType, SystemContext);
diff --git a/UefiCpuPkg/CpuDxe/CpuDxe.h b/UefiCpuPkg/CpuDxe/CpuDxe.h
index 0e7d88dd357c..a0284c562fa1 100644
--- a/UefiCpuPkg/CpuDxe/CpuDxe.h
+++ b/UefiCpuPkg/CpuDxe/CpuDxe.h
@@ -35,15 +35,18 @@
#include <Library/ReportStatusCodeLib.h>
#include <Library/MpInitLib.h>
#include <Library/TimerLib.h>
+#include <Library/GetMemoryProtectionsLib.h>
#include <Guid/IdleLoopEvent.h>
#include <Guid/VectorHandoffTable.h>
-#define HEAP_GUARD_NONSTOP_MODE \
- ((PcdGet8 (PcdHeapGuardPropertyMask) & (BIT6|BIT4|BIT1|BIT0)) > BIT6)
+#define HEAP_GUARD_NONSTOP_MODE (gMps.Dxe.HeapGuard.NonstopModeEnabled && \
+ (IS_DXE_PAGE_GUARD_ACTIVE || \
+ IS_DXE_POOL_GUARD_ACTIVE || \
+ gMps.Dxe.HeapGuard.FreedMemoryGuardEnabled)) \
-#define NULL_DETECTION_NONSTOP_MODE \
- ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & (BIT6|BIT0)) > BIT6)
+#define NULL_DETECTION_NONSTOP_MODE (gMps.Dxe.NullPointerDetection.Enabled && \
+ gMps.Dxe.NullPointerDetection.NonstopModeEnabled)
/**
Flush CPU data cache. If the instruction cache is fully coherent
diff --git a/UefiCpuPkg/CpuDxe/CpuDxe.inf b/UefiCpuPkg/CpuDxe/CpuDxe.inf
index 1d3e9f8cdb29..85387c3ecdf2 100644
--- a/UefiCpuPkg/CpuDxe/CpuDxe.inf
+++ b/UefiCpuPkg/CpuDxe/CpuDxe.inf
@@ -40,6 +40,7 @@ [LibraryClasses]
MpInitLib
TimerLib
PeCoffGetEntryPointLib
+ GetMemoryProtectionsLib
[Sources]
CpuDxe.c
@@ -74,9 +75,6 @@ [Ppis]
[Pcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ## CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList ## CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask ## CONSUMES
diff --git a/UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf b/UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf
index 9d9a5ef8f247..262f9e6d9d5a 100644
--- a/UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf
+++ b/UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf
@@ -56,9 +56,6 @@ [Ppis]
gEfiSecPlatformInformationPpiGuid ## UNDEFINED # HOB
[Pcd]
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ## CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList ## CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize ## CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuCoreCrystalClockFrequency ## CONSUMES
diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf b/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf
index fdbebadab93d..1fddf15b70bd 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf
@@ -39,7 +39,6 @@ [Sources.common]
DxeException.c
[Pcd]
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard
gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList
gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize
diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.inf b/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.inf
index 3bcaff5c5fe4..348f7ed56c99 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.inf
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.inf
@@ -55,7 +55,6 @@ [LibraryClasses]
CcExitLib
[Pcd]
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard # CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize
gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList
diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
index e7b1144f6941..0217c983d7c6 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
@@ -51,7 +51,6 @@ [LibraryClasses]
CcExitLib
[Pcd]
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard
gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList
gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize
diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf
index 27f0b96fa9e9..6dc09b447ff0 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf
@@ -54,7 +54,6 @@ [LibraryClasses]
CcExitLib
[Pcd]
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard
gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList
gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize
diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTest.h b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTest.h
index bad3387db5bc..47bde8574b32 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTest.h
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTest.h
@@ -27,7 +27,7 @@
In this test case, stack overflow is triggered by a funtion which calls itself continuously. This test case triggers stack
overflow in both BSP and AP. All AP use same Idt with Bsp. The expectation is:
1. PF exception is triggered (leading to a DF if sepereated stack is not prepared for PF) when Rsp <= StackBase + SIZE_4KB
- since [StackBase, StackBase + SIZE_4KB] is marked as not present in page table when PcdCpuStackGuard is TRUE.
+ since [StackBase, StackBase + SIZE_4KB] is marked as not present in page table when CpuStackGuard is TRUE.
2. Stack for PF/DF exception handler in both Bsp and AP is succussfully switched by InitializeSeparateExceptionStacks.
**/
@@ -342,4 +342,15 @@ CpuStackGuardExceptionHandler (
IN EFI_SYSTEM_CONTEXT SystemContext
);
+/**
+ Checks if stack guard is enabled.
+
+ @param[in] Context The unit test context
+**/
+UNIT_TEST_STATUS
+EFIAPI
+IsStackGuardEnabled (
+ IN UNIT_TEST_CONTEXT Context
+ );
+
#endif
diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerLibUnitTest.inf b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerLibUnitTest.inf
index a904eb250475..09c00fce8627 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerLibUnitTest.inf
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerLibUnitTest.inf
@@ -43,12 +43,12 @@ [LibraryClasses]
HobLib
UefiBootServicesTableLib
CpuPageTableLib
+ GetMemoryProtectionsLib
[Guids]
gEfiHobMemoryAllocStackGuid
[Pcd]
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize ## CONSUMES
[Protocols]
diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerLibUnitTest.inf b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerLibUnitTest.inf
index 25f8f8dbe0e9..41fa759bf31e 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerLibUnitTest.inf
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerLibUnitTest.inf
@@ -48,9 +48,9 @@ [LibraryClasses]
PeiServicesLib
CpuPageTableLib
PeiServicesTablePointerLib
+ SetMemoryProtectionsLib
[Pcd]
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize ## CONSUMES
[Ppis]
diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
index 55e46d4a1fad..8edc7227d108 100644
--- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
+++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
@@ -58,6 +58,8 @@ [LibraryClasses]
PcdLib
CcExitLib
MicrocodeLib
+ GetMemoryProtectionsLib
+
[LibraryClasses.X64]
CpuPageTableLib
@@ -82,6 +84,5 @@ [Pcd]
gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures ## CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## SOMETIMES_CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONSUMES
gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr ## CONSUMES
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
index 5d52ed7d1329..56f64873fe50 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
@@ -103,6 +103,7 @@ [LibraryClasses]
PerformanceLib
CpuPageTableLib
MmSaveStateLib
+ GetMemoryProtectionsLib
[Protocols]
gEfiSmmAccess2ProtocolGuid ## CONSUMES
@@ -146,8 +147,6 @@ [Pcd]
gUefiCpuPkgTokenSpaceGuid.PcdCpuFeaturesInitOnS3Resume ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ## CONSUMES
gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask ## CONSUMES
[FixedPcd]
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfileInternal.h b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfileInternal.h
index 964dd5281780..1ac91d9d3ce4 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfileInternal.h
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfileInternal.h
@@ -15,6 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/DxeServicesTableLib.h>
#include <Library/CpuLib.h>
#include <IndustryStandard/Acpi.h>
+#include <Library/GetMemoryProtectionsLib.h>
#include "SmmProfileArch.h"
@@ -57,11 +58,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#define MSR_DEBUG_CTL_BTINT 0x100
#define MSR_DS_AREA 0x600
-#define HEAP_GUARD_NONSTOP_MODE \
- ((PcdGet8 (PcdHeapGuardPropertyMask) & (BIT6|BIT3|BIT2)) > BIT6)
+#define HEAP_GUARD_NONSTOP_MODE (gMps.Mm.HeapGuard.NonstopModeEnabled && \
+ (IS_MM_PAGE_GUARD_ACTIVE || IS_MM_POOL_GUARD_ACTIVE))
-#define NULL_DETECTION_NONSTOP_MODE \
- ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & (BIT6|BIT1)) > BIT6)
+#define NULL_DETECTION_NONSTOP_MODE (gMps.Mm.NullPointerDetection.NonstopModeEnabled && \
+ gMps.Mm.NullPointerDetection.Enabled)
typedef struct {
EFI_PHYSICAL_ADDRESS Base;
diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
index 68473fc640e6..8c667269ad7f 100644
--- a/UefiCpuPkg/UefiCpuPkg.dec
+++ b/UefiCpuPkg/UefiCpuPkg.dec
@@ -192,13 +192,13 @@ [PcdsFeatureFlag]
[PcdsFixedAtBuild]
## List of exception vectors which need switching stack.
- # This PCD will only take into effect if PcdCpuStackGuard is enabled.
+ # This PCD will only take into effect if the CPU Stack Guard is enabled.
# By default exception #DD(8), #PF(14) are supported.
# @Prompt Specify exception vectors which need switching stack.
gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList|{0x08, 0x0E}|VOID*|0x30002000
## Size of good stack for an exception.
- # This PCD will only take into effect if PcdCpuStackGuard is enabled.
+ # This PCD will only take into effect if the CPU Stack Guard is enabled.
# @Prompt Specify size of good stack of exception which need switching stack.
gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize|2048|UINT32|0x30002001
@@ -388,9 +388,8 @@ [PcdsFixedAtBuild.X64, PcdsPatchableInModule.X64, PcdsDynamic.X64, PcdsDynamicEx
# and the memory occupied by page table is protected by page table itself as read-only.
# In X64 build, it cannot be enabled at the same time with SMM profile feature (PcdCpuSmmProfileEnable).
# In X64 build, it could not be enabled also at the same time with heap guard feature for SMM
- # (PcdHeapGuardPropertyMask in MdeModulePkg).
# In IA32 build, page table memory is not marked as read-only when either SMM profile feature (PcdCpuSmmProfileEnable)
- # or heap guard feature for SMM (PcdHeapGuardPropertyMask in MdeModulePkg) is enabled.
+ # or heap guard feature for SMM is enabled.
# TRUE - Access to non-SMRAM memory is restricted to reserved, runtime and ACPI NVS type after SmmReadyToLock.<BR>
# FALSE - Access to any type of non-SMRAM memory after SmmReadyToLock is allowed.<BR>
# @Prompt Access to non-SMRAM memory is restricted to reserved, runtime and ACPI NVS type after SmmReadyToLock.
diff --git a/UefiCpuPkg/UefiCpuPkg.dsc b/UefiCpuPkg/UefiCpuPkg.dsc
index 074fd774616d..2dbb8394b382 100644
--- a/UefiCpuPkg/UefiCpuPkg.dsc
+++ b/UefiCpuPkg/UefiCpuPkg.dsc
@@ -66,6 +66,8 @@ [LibraryClasses]
UnitTestLib|UnitTestFrameworkPkg/Library/UnitTestLib/UnitTestLib.inf
UnitTestPersistenceLib|UnitTestFrameworkPkg/Library/UnitTestPersistenceLibNull/UnitTestPersistenceLibNull.inf
UnitTestResultReportLib|UnitTestFrameworkPkg/Library/UnitTestResultReportLib/UnitTestResultReportLibDebugLib.inf
+ GetMemoryProtectionsLib|MdeModulePkg/Library/GetMemoryProtectionsLib/GetMemoryProtectionsLibNull.inf
+ SetMemoryProtectionsLib|MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLibNull.inf
[LibraryClasses.common.SEC]
PlatformSecLib|UefiCpuPkg/Library/PlatformSecLibNull/PlatformSecLibNull.inf
diff --git a/UefiCpuPkg/UefiCpuPkg.uni b/UefiCpuPkg/UefiCpuPkg.uni
index d17bcfd10c7a..5719917a041e 100644
--- a/UefiCpuPkg/UefiCpuPkg.uni
+++ b/UefiCpuPkg/UefiCpuPkg.uni
@@ -170,8 +170,7 @@
"If enabled, SMM will not use on-demand paging. SMM will build static page table for all memory.\n"
"This flag only impacts X64 build, because SMM always builds static page table for IA32.\n"
"It could not be enabled at the same time with SMM profile feature (PcdCpuSmmProfileEnable).\n"
- "It could not be enabled also at the same time with heap guard feature for SMM\n"
- "(PcdHeapGuardPropertyMask in MdeModulePkg).<BR><BR>\n"
+ "It could not be enabled also at the same time with heap guard feature for SMM.<BR><BR>\n"
"TRUE - SMM uses static page table for all memory.<BR>\n"
"FALSE - SMM uses static page table for below 4G memory and use on-demand paging for above 4G memory.<BR>"
@@ -217,9 +216,8 @@
"and the memory occupied by page table is protected by page table itself as read-only.<BR>\n"
"In X64 build, it cannot be enabled at the same time with SMM profile feature (PcdCpuSmmProfileEnable).<BR>\n"
"In X64 build, it could not be enabled also at the same time with heap guard feature for SMM<BR>\n"
- "(PcdHeapGuardPropertyMask in MdeModulePkg).<BR>\n"
"In IA32 build, page table memory is not marked as read-only when either SMM profile feature (PcdCpuSmmProfileEnable)<BR>\n"
- "or heap guard feature for SMM (PcdHeapGuardPropertyMask in MdeModulePkg) is enabled.<BR>\n"
+ "or heap guard feature for SMM is enabled.<BR>\n"
"TRUE - Access to non-SMRAM memory is restricted to reserved, runtime and ACPI NVS type after SmmReadyToLock.<BR>\n"
"FALSE - Access to any type of non-SMRAM memory after SmmReadyToLock is allowed.<BR>"
@@ -266,13 +264,13 @@
#string STR_gUefiCpuPkgTokenSpaceGuid_PcdCpuStackSwitchExceptionList_PROMPT #language en-US "Specify exception vectors which need switching stack."
#string STR_gUefiCpuPkgTokenSpaceGuid_PcdCpuStackSwitchExceptionList_HELP #language en-US "List of exception vectors which need switching stack.\n"
- "This PCD will only take into effect if PcdCpuStackGuard is enabled.n"
+ "This PCD will only take into effect if the CPU Stack Guard is enabled.n"
"By default exception #DD(8), #PF(14) are supported.n"
#string STR_gUefiCpuPkgTokenSpaceGuid_PcdCpuKnownGoodStackSize_PROMPT #language en-US "Specify size of good stack of exception which need switching stack."
#string STR_gUefiCpuPkgTokenSpaceGuid_PcdCpuKnownGoodStackSize_HELP #language en-US "Size of good stack for an exception.\n"
- "This PCD will only take into effect if PcdCpuStackGuard is enabled.\n"
+ "This PCD will only take into effect if the CPU Stack Guard is enabled.\n"
#string STR_gUefiCpuPkgTokenSpaceGuid_PcdCpuCoreCrystalClockFrequency_PROMPT #language en-US "Specifies CPUID Leaf 0x15 Time Stamp Counter and Nominal Core Crystal Clock Frequency."
--
2.42.0.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108880): https://edk2.groups.io/g/devel/message/108880
Mute This Topic: https://groups.io/mt/101469958/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2023-09-20 0:58 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-20 0:57 [edk2-devel] [PATCH v4 00/28] Implement Dynamic Memory Protection Settings Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 01/28] MdeModulePkg: Add DXE and MM Memory Protection Settings Definitions Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 02/28] MdeModulePkg: Define SetMemoryProtectionsLib and GetMemoryProtectionsLib Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 03/28] MdeModulePkg: Add NULL Instances for Get/SetMemoryProtectionsLib Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 04/28] MdeModulePkg: Implement SetMemoryProtectionsLib and GetMemoryProtectionsLib Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 05/28] MdeModulePkg: Copy PEI PCD Database Into New Buffer Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 06/28] MdeModulePkg: Apply Protections to the HOB List Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 07/28] MdeModulePkg: Check Print Level Before Dumping GCD Memory Map Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 08/28] UefiCpuPkg: Always Set Stack Guard in MpPei Init Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 09/28] ArmVirtPkg: Add Memory Protection Library Definitions to Platforms Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 10/28] OvmfPkg: " Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 11/28] OvmfPkg: Apply Memory Protections via SetMemoryProtectionsLib Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 12/28] OvmfPkg: Update PeilessStartupLib to use SetMemoryProtectionsLib Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 13/28] UefiPayloadPkg: Update DXE Handoff " Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 14/28] MdeModulePkg: " Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 15/28] ArmPkg: Use GetMemoryProtectionsLib instead of Memory Protection PCDs Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 16/28] EmulatorPkg: " Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 17/28] OvmfPkg: " Taylor Beebe
2023-09-20 0:57 ` Taylor Beebe [this message]
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 19/28] MdeModulePkg: " Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 20/28] MdeModulePkg: Add Additional Profiles to SetMemoryProtectionsLib Taylor Beebe
2023-09-27 8:19 ` Gerd Hoffmann
2023-09-29 19:52 ` Taylor Beebe
2023-10-04 8:46 ` Gerd Hoffmann
2023-10-04 16:31 ` Taylor Beebe
2023-10-05 8:20 ` Laszlo Ersek
2023-10-05 9:29 ` Gerd Hoffmann
2023-10-05 10:23 ` Gerd Hoffmann
2023-10-05 12:57 ` Laszlo Ersek
2023-10-08 20:26 ` Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 21/28] OvmfPkg: Add QemuFwCfgParseString to QemuFwCfgSimpleParserLib Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 22/28] OvmfPkg: Add MemoryProtectionConfigLib Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 23/28] OvmfPkg: Enable Choosing Memory Protection Profile via QemuCfg Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 24/28] ArmVirtPkg: Apply Memory Protections via SetMemoryProtectionsLib Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 25/28] MdeModulePkg: Delete PCD Profile from SetMemoryProtectionsLib Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 26/28] OvmfPkg: Delete Memory Protection PCDs Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 27/28] ArmVirtPkg: " Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 28/28] MdeModulePkg: " Taylor Beebe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230920005752.2041-19-taylor.d.beebe@gmail.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox