From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 66ADF7803CF for ; Mon, 9 Oct 2023 00:08:06 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=ScMxjh8p7G7ST5cxcVJDG5jEzlGHHfuh6eBsVATTk6Q=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1696810085; v=1; b=mF9vY28HqwbA2MqMw2jH1m7kkBE7VpI5AXYKrSlwbAWoTTfzixBTIbFv3vq2WbnSFh5gpdLF ShEtCIYOIsnBM3e6OtB1JrBpwQronsoxtsQqUeWVhm4ZMjSOw8TpK//vmJbc32MqLB3QRFjduC3 QICtjIUe16eBT2LzEXf6GubM= X-Received: by 127.0.0.2 with SMTP id 4dEeYY7687511x3RNM2RSzys; Sun, 08 Oct 2023 17:08:05 -0700 X-Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) by mx.groups.io with SMTP id smtpd.web11.50035.1696810080150392412 for ; Sun, 08 Oct 2023 17:08:00 -0700 X-Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-690f7d73a3aso3604688b3a.0 for ; Sun, 08 Oct 2023 17:08:00 -0700 (PDT) X-Gm-Message-State: mNKDiJj7OSUfAjAShCYSaeyrx7686176AA= X-Google-Smtp-Source: AGHT+IEVfXELz9YcgHs4BWXg46oMnJT2gckvGs64AfCSb8e51HInaaDl2Ek5X+gFI42cpKJ0J4H9Vw== X-Received: by 2002:a05:6a00:1494:b0:693:3870:edf5 with SMTP id v20-20020a056a00149400b006933870edf5mr17502598pfu.22.1696810079408; Sun, 08 Oct 2023 17:07:59 -0700 (PDT) X-Received: from localhost.localdomain ([50.46.253.1]) by smtp.gmail.com with ESMTPSA id t20-20020a62ea14000000b0068fcc7f6b00sm5048320pfh.74.2023.10.08.17.07.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 08 Oct 2023 17:07:59 -0700 (PDT) From: "Taylor Beebe" To: devel@edk2.groups.io Cc: Eric Dong , Ray Ni , Rahul Kumar , Gerd Hoffmann Subject: [edk2-devel] [PATCH v5 08/28] UefiCpuPkg: Always Set Stack Guard in MpPei Init Date: Sun, 8 Oct 2023 17:07:20 -0700 Message-ID: <20231009000742.1792-9-taylor.d.beebe@gmail.com> In-Reply-To: <20231009000742.1792-1-taylor.d.beebe@gmail.com> References: <20231009000742.1792-1-taylor.d.beebe@gmail.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,taylor.d.beebe@gmail.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=mF9vY28H; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Memory protection is not set in PEI and ingested during and after DXE handoff. This paradigm means that the platform cannot reliably query the stack guard setting during MpInit. Because the execution path of PEI consistent and no third party code is executed, setting the stack guard in MpInit on every boot should be fine. Signed-off-by: Taylor Beebe Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: Gerd Hoffmann --- UefiCpuPkg/CpuMpPei/CpuMpPei.c | 8 +++----- UefiCpuPkg/CpuMpPei/CpuPaging.c | 16 ++++++++-------- UefiCpuPkg/CpuMpPei/CpuMpPei.h | 3 ++- UefiCpuPkg/CpuMpPei/CpuMpPei.inf | 1 - 4 files changed, 13 insertions(+), 15 deletions(-) diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.c b/UefiCpuPkg/CpuMpPei/CpuMpPei.c index b504bea3cfeb..ca0c6bdb4b21 100644 --- a/UefiCpuPkg/CpuMpPei/CpuMpPei.c +++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.c @@ -469,10 +469,6 @@ InitializeMpExceptionStackSwitchHandlers ( EFI_STATUS Status; UINT8 *Buffer; - if (!PcdGetBool (PcdCpuStackGuard)) { - return; - } - Status = MpInitLibGetNumberOfProcessors (&NumberOfProcessors, NULL); ASSERT_EFI_ERROR (Status); @@ -589,7 +585,9 @@ InitializeCpuMpWorker ( // // Special initialization for the sake of Stack Guard // - InitializeMpExceptionStackSwitchHandlers (); + if (mInitStackGuard) { + InitializeMpExceptionStackSwitchHandlers (); + } // // Update and publish CPU BIST information diff --git a/UefiCpuPkg/CpuMpPei/CpuPaging.c b/UefiCpuPkg/CpuMpPei/CpuPaging.c index b7ddb0005b6f..0ab8ceeee8a6 100644 --- a/UefiCpuPkg/CpuMpPei/CpuPaging.c +++ b/UefiCpuPkg/CpuMpPei/CpuPaging.c @@ -68,6 +68,8 @@ EFI_PEI_NOTIFY_DESCRIPTOR mPostMemNotifyList[] = { } }; +BOOLEAN mInitStackGuard = FALSE; + /** The function will check if IA32 PAE is supported. @@ -532,7 +534,7 @@ SetupStackGuardPage ( } /** - Enable/setup stack guard for each processor if PcdCpuStackGuard is set to TRUE. + Enable/setup stack guard for each processor. Doing this in the memory-discovered callback is to make sure the Stack Guard feature to cover as most PEI code as possible. @@ -553,7 +555,6 @@ MemoryDiscoveredPpiNotifyCallback ( ) { EFI_STATUS Status; - BOOLEAN InitStackGuard; EDKII_MIGRATED_FV_INFO *MigratedFvInfo; EFI_PEI_HOB_POINTERS Hob; IA32_CR0 Cr0; @@ -563,11 +564,10 @@ MemoryDiscoveredPpiNotifyCallback ( // initialization later will not contain paging information and then fail // the task switch (for the sake of stack switch). // - InitStackGuard = FALSE; - Hob.Raw = NULL; + Hob.Raw = NULL; if (IsIa32PaeSupported ()) { - Hob.Raw = GetFirstGuidHob (&gEdkiiMigratedFvInfoGuid); - InitStackGuard = PcdGetBool (PcdCpuStackGuard); + Hob.Raw = GetFirstGuidHob (&gEdkiiMigratedFvInfoGuid); + mInitStackGuard = TRUE; } // @@ -575,7 +575,7 @@ MemoryDiscoveredPpiNotifyCallback ( // is to enable paging if it is not enabled (only in 32bit mode). // Cr0.UintN = AsmReadCr0 (); - if ((Cr0.Bits.PG == 0) && (InitStackGuard || (Hob.Raw != NULL))) { + if ((Cr0.Bits.PG == 0) && (mInitStackGuard || (Hob.Raw != NULL))) { ASSERT (sizeof (UINTN) == sizeof (UINT32)); Status = EnablePaePageTable (); @@ -588,7 +588,7 @@ MemoryDiscoveredPpiNotifyCallback ( Status = InitializeCpuMpWorker ((CONST EFI_PEI_SERVICES **)PeiServices); ASSERT_EFI_ERROR (Status); - if (InitStackGuard) { + if (mInitStackGuard) { SetupStackGuardPage (); } diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.h b/UefiCpuPkg/CpuMpPei/CpuMpPei.h index 1b9a94e18fdf..d0db4e480e13 100644 --- a/UefiCpuPkg/CpuMpPei/CpuMpPei.h +++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.h @@ -31,6 +31,7 @@ #include extern EFI_PEI_PPI_DESCRIPTOR mPeiCpuMpPpiDesc; +extern BOOLEAN mInitStackGuard; /** This service retrieves the number of logical processor in the platform @@ -426,7 +427,7 @@ InitializeCpuMpWorker ( ); /** - Enable/setup stack guard for each processor if PcdCpuStackGuard is set to TRUE. + Enable/setup stack guard for each processor. Doing this in the memory-discovered callback is to make sure the Stack Guard feature to cover as most PEI code as possible. diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.inf b/UefiCpuPkg/CpuMpPei/CpuMpPei.inf index 865be5627e85..6a987754120a 100644 --- a/UefiCpuPkg/CpuMpPei/CpuMpPei.inf +++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.inf @@ -64,7 +64,6 @@ [Ppis] [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList ## SOMETIMES_CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize ## SOMETIMES_CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize ## SOMETIMES_CONSUMES -- 2.42.0.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#109413): https://edk2.groups.io/g/devel/message/109413 Mute This Topic: https://groups.io/mt/101843349/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-