From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 0CB55D811B2 for ; Thu, 1 Feb 2024 11:20:09 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=GTd18kjIBFId4lH734bU2YlU9aVKWBTdUSmiNYQLt34=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe; s=20140610; t=1706786408; v=1; b=KNpOXZnYI+gneJcIwy0ODRg3pMOhkuz0O9/UW+TgGdPSF2svFuMz29N69ZAg9RoSdnwp6Kz3 HAmrBESg3TRUOvGS/G4AQOwXMGzYChx+wWJzDWEDNC96KFa/mOzDHVjo6j6razHLBlhkbgcfZoN +Uin6tMkC7Bd8K5sZ03cDmeI= X-Received: by 127.0.0.2 with SMTP id fSljYY7687511x722ynDqWe9; Thu, 01 Feb 2024 03:20:08 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.65]) by mx.groups.io with SMTP id smtpd.web11.13072.1706786406013912604 for ; Thu, 01 Feb 2024 03:20:08 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,10969"; a="407589406" X-IronPort-AV: E=Sophos;i="6.05,234,1701158400"; d="scan'208";a="407589406" X-Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Feb 2024 03:20:08 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10969"; a="912097606" X-IronPort-AV: E=Sophos;i="6.05,234,1701158400"; d="scan'208";a="912097606" X-Received: from sh1gapp1009.ccr.corp.intel.com ([10.239.189.219]) by orsmga004.jf.intel.com with ESMTP; 01 Feb 2024 03:20:05 -0800 From: "Wu, Jiaxin" To: devel@edk2.groups.io Cc: Ray Ni , Laszlo Ersek , Eric Dong , Zeng Star , Gerd Hoffmann , Rahul Kumar Subject: [edk2-devel] [PATCH v1 1/2] UefiCpuPkg/PiSmmCpuDxeSmm: Execute CET and XD check only on BSP Date: Thu, 1 Feb 2024 19:20:00 +0800 Message-Id: <20240201112001.14416-2-jiaxin.wu@intel.com> In-Reply-To: <20240201112001.14416-1-jiaxin.wu@intel.com> References: <20240201112001.14416-1-jiaxin.wu@intel.com> Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jiaxin.wu@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: doLIOtS5LQrbh5wrkIko6UjUx7686176AA= X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=KNpOXZnY; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none) Existing CheckFeatureSupported function will check CET & XD features on each processor. The CPUIDs for CET & XD features are software visible domain, which means a properly configured platform will have consistent values for these CPUID Leafs/SubLeafs/Fields on each logical processor. So, execute Execute CET and XD check only on BSP. As for MSR_IA32_MISC_ENABLE.BTS, it's core scope according SDM. So, still keep it check on each processor. Cc: Ray Ni Cc: Laszlo Ersek Cc: Eric Dong Cc: Zeng Star Cc: Gerd Hoffmann Cc: Rahul Kumar Signed-off-by: Jiaxin Wu --- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 6 +-- UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 78 +++++++++++++++++------------- UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h | 6 ++- 3 files changed, 52 insertions(+), 38 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c index cd394826ff..15d26dd88f 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c @@ -1,9 +1,9 @@ /** @file Agent Module to load other modules to deploy SMM Entry Vector for X86 CPU. -Copyright (c) 2009 - 2023, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2024, Intel Corporation. All rights reserved.
Copyright (c) 2017, AMD Incorporated. All rights reserved.
Copyright (C) 2023 Advanced Micro Devices, Inc. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent @@ -375,13 +375,13 @@ SmmInitHandler ( &mCpuHotPlugData ); if (!mSmmS3Flag) { // - // Check XD and BTS features on each processor on normal boot + // Check CET & XD & BTS features on each processor on normal boot // - CheckFeatureSupported (); + CheckFeatureSupported (IsBsp); } else if (IsBsp) { // // BSP rebase is already done above. // Initialize private data during S3 resume // diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c index 8142d3ceac..44c352ad98 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c @@ -1,9 +1,9 @@ /** @file Enable SMM profile. -Copyright (c) 2012 - 2023, Intel Corporation. All rights reserved.
+Copyright (c) 2012 - 2024, Intel Corporation. All rights reserved.
Copyright (c) 2017 - 2020, AMD Incorporated. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -892,62 +892,74 @@ InitSmmProfileInternal ( } /** Check if feature is supported by a processor. + @param[in] IsBsp Indicate it's called by BSP or not. + **/ VOID CheckFeatureSupported ( - VOID + IN BOOLEAN IsBsp ) { UINT32 RegEax; UINT32 RegEcx; UINT32 RegEdx; MSR_IA32_MISC_ENABLE_REGISTER MiscEnableMsr; - if ((PcdGet32 (PcdControlFlowEnforcementPropertyMask) != 0) && mCetSupported) { - AsmCpuid (CPUID_SIGNATURE, &RegEax, NULL, NULL, NULL); - if (RegEax >= CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS) { - AsmCpuidEx (CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS, CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS_SUB_LEAF_INFO, NULL, NULL, &RegEcx, NULL); - if ((RegEcx & CPUID_CET_SS) == 0) { + // + // The feature scope is software visible domain. + // Only need check on BSP. + // + if (IsBsp) { + if ((PcdGet32 (PcdControlFlowEnforcementPropertyMask) != 0) && mCetSupported) { + AsmCpuid (CPUID_SIGNATURE, &RegEax, NULL, NULL, NULL); + if (RegEax >= CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS) { + AsmCpuidEx (CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS, CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS_SUB_LEAF_INFO, NULL, NULL, &RegEcx, NULL); + if ((RegEcx & CPUID_CET_SS) == 0) { + mCetSupported = FALSE; + PatchInstructionX86 (mPatchCetSupported, mCetSupported, 1); + } + } else { mCetSupported = FALSE; PatchInstructionX86 (mPatchCetSupported, mCetSupported, 1); } - } else { - mCetSupported = FALSE; - PatchInstructionX86 (mPatchCetSupported, mCetSupported, 1); } - } - if (mXdSupported) { - AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); - if (RegEax <= CPUID_EXTENDED_FUNCTION) { - // - // Extended CPUID functions are not supported on this processor. - // - mXdSupported = FALSE; - PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1); - } + if (mXdSupported) { + AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); + if (RegEax <= CPUID_EXTENDED_FUNCTION) { + // + // Extended CPUID functions are not supported on this processor. + // + mXdSupported = FALSE; + PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1); + } - AsmCpuid (CPUID_EXTENDED_CPU_SIG, NULL, NULL, NULL, &RegEdx); - if ((RegEdx & CPUID1_EDX_XD_SUPPORT) == 0) { - // - // Execute Disable Bit feature is not supported on this processor. - // - mXdSupported = FALSE; - PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1); - } + AsmCpuid (CPUID_EXTENDED_CPU_SIG, NULL, NULL, NULL, &RegEdx); + if ((RegEdx & CPUID1_EDX_XD_SUPPORT) == 0) { + // + // Execute Disable Bit feature is not supported on this processor. + // + mXdSupported = FALSE; + PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1); + } - if (StandardSignatureIsAuthenticAMD ()) { - // - // AMD processors do not support MSR_IA32_MISC_ENABLE - // - PatchInstructionX86 (gPatchMsrIa32MiscEnableSupported, FALSE, 1); + if (StandardSignatureIsAuthenticAMD ()) { + // + // AMD processors do not support MSR_IA32_MISC_ENABLE + // + PatchInstructionX86 (gPatchMsrIa32MiscEnableSupported, FALSE, 1); + } } } + // + // The feature scope is core. + // Need check on each processor. + // if (mBtsSupported) { AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &RegEdx); if ((RegEdx & CPUID1_EDX_BTS_AVAILABLE) != 0) { // // Per IA32 manuals: diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h index 1a82ac05ce..02554a9983 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h @@ -1,9 +1,9 @@ /** @file SMM profile header file. -Copyright (c) 2012 - 2019, Intel Corporation. All rights reserved.
+Copyright (c) 2012 - 2024, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ #ifndef _SMM_PROFILE_H_ @@ -81,14 +81,16 @@ PageFaultIdtHandlerSmmProfile ( ); /** Check if feature is supported by a processor. + @param[in] IsBsp Indicate it's called by BSP or not. + **/ VOID CheckFeatureSupported ( - VOID + IN BOOLEAN IsBsp ); /** Update page table according to protected memory ranges and the 4KB-page mapped memory ranges. -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114943): https://edk2.groups.io/g/devel/message/114943 Mute This Topic: https://groups.io/mt/104094806/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-