From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) by mx.groups.io with SMTP id smtpd.web11.1765.1689119590578238129 for ; Tue, 11 Jul 2023 16:53:10 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@taylorbeebe.com header.s=google header.b=BtpBNp/9; spf=pass (domain: taylorbeebe.com, ip: 209.85.210.180, mailfrom: t@taylorbeebe.com) Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-6687466137bso4395303b3a.0 for ; Tue, 11 Jul 2023 16:53:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=taylorbeebe.com; s=google; t=1689119590; x=1691711590; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Ntgo/LdEM4QFMctYjwCbXPh4vIFSVkgMKUFl2x5HVNY=; b=BtpBNp/9fEV6lpapo1Auz583t1HlOxfT4hZZAJed0XhqLIBQ0/dSK9QEv5ZZyJXV7M gzAdMUPrU69+D8eRS76WYPZ05enhQeJRdF/eWg+q47hmlJirDgH37+czXFBIbzG5SNEG j/CG0vcl1uKgFspy9cnYLEY+lAW3vsmB9uShfy+E6xN/396QA2GFKNDE8M2jYCdf+Zjx sCCj1msw6A53cpDAAnQDep/Xkx+5+MKg5q4hsD0rrGmSKxxcJMkX6sI4MWGPMSaaT7vs dL6jTk+limJXo/il19m/yj03zm0kF9OG1hfBWXzziOzvQQoqYMXipTnMH34nqWnkzAo1 uskg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689119590; x=1691711590; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Ntgo/LdEM4QFMctYjwCbXPh4vIFSVkgMKUFl2x5HVNY=; b=gMlo+rcQkXLg15XGSqGLxqGHVpaCq15nwnewLADF6wdvyfX7kuFg3y4HPwhTeDcMbh lTxVXPWJ0XrJwuZ+pT0v8ColckSux5R7QpbZ4XQJcEANjoQ2RfLKcWUX7KmuXyqYMsKF HtA4nP5Zp5yLLupzJYKF1uXCrZBXbDMeb0Hq9Ikm5uls/Ttp9xc7hUylGMGrfUAj0P6i 9p4TKp2mBaDaeOZmz/OupXHY5ctzgep0hCL+TsWkRufQUR8oFFg0bMQg0ql4/X2pOppd D81vlOVDf8EvV/fCl9bkzbJCW9OmWJ4krRMCyBGH9SuvTIYoLxVQz6zLxB4JUmz80dOk 7P/g== X-Gm-Message-State: ABy/qLYnFCmv4T7fohL9I7AQ8CuMDE90OhjZQlfjv70hNXgPGQjVK0Z8 ruAzsG+h7V6+DDo4usrDSdl2AXmZspEfSHIXqEg6og== X-Google-Smtp-Source: APBJJlGggc9k/1plDMQ1vdvmy0M7zDh9NC6M6Qu7FGeCM4X3sge8GBw0ye8L2B26hu5pGHL2PwEZiA== X-Received: by 2002:a05:6a00:2303:b0:64f:7a9c:cb15 with SMTP id h3-20020a056a00230300b0064f7a9ccb15mr16138477pfh.11.1689119589684; Tue, 11 Jul 2023 16:53:09 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([50.46.230.135]) by smtp.gmail.com with ESMTPSA id a13-20020a62e20d000000b00660d80087a8sm2232677pfi.187.2023.07.11.16.53.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Jul 2023 16:53:09 -0700 (PDT) From: "Taylor Beebe" To: devel@edk2.groups.io Cc: Eric Dong , Ray Ni , Rahul Kumar , Gerd Hoffmann Subject: [PATCH 10/14] UefiCpuPkg: Update to use memory protection HOB Date: Tue, 11 Jul 2023 16:52:47 -0700 Message-ID: <2554f3e33488bdd5ec84c6a4c2cb3f33cfd77fa1.1689101263.git.t@taylorbeebe.com> X-Mailer: git-send-email 2.41.0.windows.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Taylor Beebe Replace references to the memory protection PCDs with references to the memory protection HOB. Stack guard will always be initialized after memory discovery in PEI, but the memory protection HOB will be checked when applying stack guard in DxeIpl when the page tables are rebuilt. Signed-off-by: Taylor Beebe Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: Gerd Hoffmann --- UefiCpuPkg/CpuDxe/CpuDxe.c | 2 +- UefiCpuPkg/CpuDxe/CpuDxe.h | 11 +++++--- UefiCpuPkg/CpuDxe/CpuDxe.inf | 4 +-- UefiCpuPkg/CpuDxe/CpuMp.c | 2 +- UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf | 3 --- UefiCpuPkg/CpuMpPei/CpuMpPei.c | 8 +++--- UefiCpuPkg/CpuMpPei/CpuMpPei.h | 3 ++- UefiCpuPkg/CpuMpPei/CpuMpPei.inf | 1 - UefiCpuPkg/CpuMpPei/CpuPaging.c | 14 +++++----- .../DxeCpuExceptionHandlerLib.inf | 1 - .../PeiCpuExceptionHandlerLib.inf | 1 - .../SecPeiCpuExceptionHandlerLib.inf | 1 - .../SmmCpuExceptionHandlerLib.inf | 1 - .../UnitTest/CpuExceptionHandlerTest.h | 3 ++- .../UnitTest/CpuExceptionHandlerTestCommon.c | 27 +++++++++++++++---- .../DxeCpuExceptionHandlerLibUnitTest.inf | 2 +- .../PeiCpuExceptionHandlerLibUnitTest.inf | 4 ++- UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 3 ++- UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 3 ++- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c | 2 +- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf | 3 +-- .../PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 13 ++++----- UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 2 +- .../PiSmmCpuDxeSmm/SmmProfileInternal.h | 10 ++++--- UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c | 2 +- UefiCpuPkg/UefiCpuPkg.dec | 7 +++-- UefiCpuPkg/UefiCpuPkg.dsc | 2 ++ UefiCpuPkg/UefiCpuPkg.uni | 10 +++---- 28 files changed, 80 insertions(+), 65 deletions(-) diff --git a/UefiCpuPkg/CpuDxe/CpuDxe.c b/UefiCpuPkg/CpuDxe/CpuDxe.c index 804ef5d1fe..b12c43f4c1 100644 --- a/UefiCpuPkg/CpuDxe/CpuDxe.c +++ b/UefiCpuPkg/CpuDxe/CpuDxe.c @@ -399,7 +399,7 @@ CpuSetMemoryAttributes ( // During memory attributes updating, new pages may be allocated to setup // smaller granularity of page table. Page allocation action might then cause // another calling of CpuSetMemoryAttributes() recursively, due to memory - // protection policy configured (such as PcdDxeNxMemoryProtectionPolicy). + // protection policy configured (such as the DXE NX Protection Policy). // Since this driver will always protect memory used as page table by itself, // there's no need to apply protection policy requested from memory service. // So it's safe to just return EFI_SUCCESS if this time of calling is caused diff --git a/UefiCpuPkg/CpuDxe/CpuDxe.h b/UefiCpuPkg/CpuDxe/CpuDxe.h index 0e7d88dd35..10eabd9b66 100644 --- a/UefiCpuPkg/CpuDxe/CpuDxe.h +++ b/UefiCpuPkg/CpuDxe/CpuDxe.h @@ -35,15 +35,18 @@ #include #include #include +#include #include #include -#define HEAP_GUARD_NONSTOP_MODE \ - ((PcdGet8 (PcdHeapGuardPropertyMask) & (BIT6|BIT4|BIT1|BIT0)) > BIT6) +#define HEAP_GUARD_NONSTOP_MODE (gDxeMps.HeapGuard.NonstopModeEnabled && \ + (gDxeMps.HeapGuard.PageGuardEnabled || \ + gDxeMps.HeapGuard.PoolGuardEnabled || \ + gDxeMps.HeapGuard.FreedMemoryGuardEnabled)) \ -#define NULL_DETECTION_NONSTOP_MODE \ - ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & (BIT6|BIT0)) > BIT6) +#define NULL_DETECTION_NONSTOP_MODE (gDxeMps.NullPointerDetection.Enabled && \ + gDxeMps.NullPointerDetection.NonstopModeEnabled) /** Flush CPU data cache. If the instruction cache is fully coherent diff --git a/UefiCpuPkg/CpuDxe/CpuDxe.inf b/UefiCpuPkg/CpuDxe/CpuDxe.inf index 1d3e9f8cdb..ab2bd96d97 100644 --- a/UefiCpuPkg/CpuDxe/CpuDxe.inf +++ b/UefiCpuPkg/CpuDxe/CpuDxe.inf @@ -40,6 +40,7 @@ MpInitLib TimerLib PeCoffGetEntryPointLib + DxeMemoryProtectionHobLib [Sources] CpuDxe.c @@ -74,9 +75,6 @@ [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ## CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList ## CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask ## CONSUMES diff --git a/UefiCpuPkg/CpuDxe/CpuMp.c b/UefiCpuPkg/CpuDxe/CpuMp.c index e7575d9b80..c06049a894 100644 --- a/UefiCpuPkg/CpuDxe/CpuMp.c +++ b/UefiCpuPkg/CpuDxe/CpuMp.c @@ -734,7 +734,7 @@ InitializeMpExceptionHandlers ( // // Setup stack switch for Stack Guard feature. // - if (PcdGetBool (PcdCpuStackGuard)) { + if (gDxeMps.CpuStackGuardEnabled) { InitializeMpExceptionStackSwitchHandlers (); } } diff --git a/UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf b/UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf index e8fa25446a..ca552f347d 100644 --- a/UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf +++ b/UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf @@ -54,9 +54,6 @@ gEfiSecPlatformInformationPpiGuid ## UNDEFINED # HOB [Pcd] - gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ## CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList ## CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize ## CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuCoreCrystalClockFrequency ## CONSUMES diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.c b/UefiCpuPkg/CpuMpPei/CpuMpPei.c index b504bea3cf..ca0c6bdb4b 100644 --- a/UefiCpuPkg/CpuMpPei/CpuMpPei.c +++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.c @@ -469,10 +469,6 @@ InitializeMpExceptionStackSwitchHandlers ( EFI_STATUS Status; UINT8 *Buffer; - if (!PcdGetBool (PcdCpuStackGuard)) { - return; - } - Status = MpInitLibGetNumberOfProcessors (&NumberOfProcessors, NULL); ASSERT_EFI_ERROR (Status); @@ -589,7 +585,9 @@ InitializeCpuMpWorker ( // // Special initialization for the sake of Stack Guard // - InitializeMpExceptionStackSwitchHandlers (); + if (mInitStackGuard) { + InitializeMpExceptionStackSwitchHandlers (); + } // // Update and publish CPU BIST information diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.h b/UefiCpuPkg/CpuMpPei/CpuMpPei.h index 1b9a94e18f..d0db4e480e 100644 --- a/UefiCpuPkg/CpuMpPei/CpuMpPei.h +++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.h @@ -31,6 +31,7 @@ #include extern EFI_PEI_PPI_DESCRIPTOR mPeiCpuMpPpiDesc; +extern BOOLEAN mInitStackGuard; /** This service retrieves the number of logical processor in the platform @@ -426,7 +427,7 @@ InitializeCpuMpWorker ( ); /** - Enable/setup stack guard for each processor if PcdCpuStackGuard is set to TRUE. + Enable/setup stack guard for each processor. Doing this in the memory-discovered callback is to make sure the Stack Guard feature to cover as most PEI code as possible. diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.inf b/UefiCpuPkg/CpuMpPei/CpuMpPei.inf index 865be5627e..6a98775412 100644 --- a/UefiCpuPkg/CpuMpPei/CpuMpPei.inf +++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.inf @@ -64,7 +64,6 @@ [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList ## SOMETIMES_CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize ## SOMETIMES_CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize ## SOMETIMES_CONSUMES diff --git a/UefiCpuPkg/CpuMpPei/CpuPaging.c b/UefiCpuPkg/CpuMpPei/CpuPaging.c index b7ddb0005b..b389d5ff67 100644 --- a/UefiCpuPkg/CpuMpPei/CpuPaging.c +++ b/UefiCpuPkg/CpuMpPei/CpuPaging.c @@ -68,6 +68,8 @@ EFI_PEI_NOTIFY_DESCRIPTOR mPostMemNotifyList[] = { } }; +BOOLEAN mInitStackGuard = FALSE; + /** The function will check if IA32 PAE is supported. @@ -553,7 +555,6 @@ MemoryDiscoveredPpiNotifyCallback ( ) { EFI_STATUS Status; - BOOLEAN InitStackGuard; EDKII_MIGRATED_FV_INFO *MigratedFvInfo; EFI_PEI_HOB_POINTERS Hob; IA32_CR0 Cr0; @@ -563,11 +564,10 @@ MemoryDiscoveredPpiNotifyCallback ( // initialization later will not contain paging information and then fail // the task switch (for the sake of stack switch). // - InitStackGuard = FALSE; - Hob.Raw = NULL; + Hob.Raw = NULL; if (IsIa32PaeSupported ()) { - Hob.Raw = GetFirstGuidHob (&gEdkiiMigratedFvInfoGuid); - InitStackGuard = PcdGetBool (PcdCpuStackGuard); + Hob.Raw = GetFirstGuidHob (&gEdkiiMigratedFvInfoGuid); + mInitStackGuard = TRUE; } // @@ -575,7 +575,7 @@ MemoryDiscoveredPpiNotifyCallback ( // is to enable paging if it is not enabled (only in 32bit mode). // Cr0.UintN = AsmReadCr0 (); - if ((Cr0.Bits.PG == 0) && (InitStackGuard || (Hob.Raw != NULL))) { + if ((Cr0.Bits.PG == 0) && (mInitStackGuard || (Hob.Raw != NULL))) { ASSERT (sizeof (UINTN) == sizeof (UINT32)); Status = EnablePaePageTable (); @@ -588,7 +588,7 @@ MemoryDiscoveredPpiNotifyCallback ( Status = InitializeCpuMpWorker ((CONST EFI_PEI_SERVICES **)PeiServices); ASSERT_EFI_ERROR (Status); - if (InitStackGuard) { + if (mInitStackGuard) { SetupStackGuardPage (); } diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf b/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf index fdbebadab9..1fddf15b70 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf @@ -39,7 +39,6 @@ DxeException.c [Pcd] - gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.inf b/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.inf index 3bcaff5c5f..348f7ed56c 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.inf +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.inf @@ -55,7 +55,6 @@ CcExitLib [Pcd] - gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard # CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf index e7b1144f69..0217c983d7 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf @@ -51,7 +51,6 @@ CcExitLib [Pcd] - gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf index 27f0b96fa9..6dc09b447f 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf @@ -54,7 +54,6 @@ CcExitLib [Pcd] - gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTest.h b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTest.h index bad3387db5..3f55e004cb 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTest.h +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTest.h @@ -27,7 +27,7 @@ In this test case, stack overflow is triggered by a funtion which calls itself continuously. This test case triggers stack overflow in both BSP and AP. All AP use same Idt with Bsp. The expectation is: 1. PF exception is triggered (leading to a DF if sepereated stack is not prepared for PF) when Rsp <= StackBase + SIZE_4KB - since [StackBase, StackBase + SIZE_4KB] is marked as not present in page table when PcdCpuStackGuard is TRUE. + since [StackBase, StackBase + SIZE_4KB] is marked as not present in page table when CpuStackGuard is TRUE. 2. Stack for PF/DF exception handler in both Bsp and AP is succussfully switched by InitializeSeparateExceptionStacks. **/ @@ -48,6 +48,7 @@ #include #include #include +#include #include #include #include diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTestCommon.c b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTestCommon.c index 9ba70c5b73..c5058a88a2 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTestCommon.c +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTestCommon.c @@ -708,6 +708,27 @@ InitializeMpExceptionStackSwitchHandlers ( return SwitchStackData; } +/** + Checks if the memory protection HOB entry is available and if stack guard is enabled. + + @param Context The unit test context +**/ +UNIT_TEST_STATUS +EFIAPI +IsStackGuardEnabled ( + IN UNIT_TEST_CONTEXT Context + ) +{ + VOID *Ptr; + + Ptr = GetFirstGuidHob (&gDxeMemoryProtectionSettingsGuid); + UT_ASSERT_NOT_NULL (Ptr); + UT_ASSERT_TRUE (DXE_MPS_IS_STRUCT_VALID (GET_GUID_HOB_DATA (Ptr))); + UT_ASSERT_TRUE (((DXE_MEMORY_PROTECTION_SETTINGS *)GET_GUID_HOB_DATA (Ptr))->CpuStackGuardEnabled); + + return UNIT_TEST_PASSED; +} + /** Test if stack overflow is captured by CpuStackGuard in both Bsp and AP. @@ -743,10 +764,6 @@ TestCpuStackGuardInBspAndAp ( VOID *NewIdtr; UINTN *CpuStackBaseBuffer; - if (!PcdGetBool (PcdCpuStackGuard)) { - return UNIT_TEST_PASSED; - } - // // Get MP Service Protocol // @@ -846,7 +863,7 @@ AddCommonTestCase ( AddTestCase (CpuExceptionLibUnitTestSuite, "Check if exception handler can be registered/unregistered for GP and PF", "TestRegisterHandlerForGPAndPF", TestRegisterHandlerForGPAndPF, NULL, NULL, NULL); AddTestCase (CpuExceptionLibUnitTestSuite, "Check if Cpu Context is consistent before and after exception.", "TestCpuContextConsistency", TestCpuContextConsistency, NULL, NULL, NULL); - AddTestCase (CpuExceptionLibUnitTestSuite, "Check if stack overflow is captured by CpuStackGuard in Bsp and AP", "TestCpuStackGuardInBspAndAp", TestCpuStackGuardInBspAndAp, NULL, NULL, NULL); + AddTestCase (CpuExceptionLibUnitTestSuite, "Check if stack overflow is captured by CpuStackGuard in Bsp and AP", "TestCpuStackGuardInBspAndAp", TestCpuStackGuardInBspAndAp, IsStackGuardEnabled, NULL, NULL); return EFI_SUCCESS; } diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerLibUnitTest.inf b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerLibUnitTest.inf index a904eb2504..4392d42fc4 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerLibUnitTest.inf +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerLibUnitTest.inf @@ -46,9 +46,9 @@ [Guids] gEfiHobMemoryAllocStackGuid + gDxeMemoryProtectionSettingsGuid [Pcd] - gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize ## CONSUMES [Protocols] diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerLibUnitTest.inf b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerLibUnitTest.inf index 25f8f8dbe0..12746ea018 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerLibUnitTest.inf +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerLibUnitTest.inf @@ -50,12 +50,14 @@ PeiServicesTablePointerLib [Pcd] - gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize ## CONSUMES [Ppis] gEdkiiPeiMpServices2PpiGuid ## CONSUMES +[Guids] + gDxeMemoryProtectionSettingsGuid ## CONSUMES + [Depex] gEdkiiPeiMpServices2PpiGuid AND gEfiPeiMemoryDiscoveredPpiGuid diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf index 7d45d3ad4d..345dc0afb1 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf @@ -58,6 +58,8 @@ PcdLib CcExitLib MicrocodeLib + DxeMemoryProtectionHobLib + [LibraryClasses.X64] CpuPageTableLib @@ -81,6 +83,5 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuApStatusCheckIntervalInMicroSeconds ## CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures ## CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## SOMETIMES_CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONSUMES gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr ## CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c index 57ddb86600..2dfaf0df69 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #include @@ -497,7 +498,7 @@ InitMpGlobalData ( return; } - if (PcdGetBool (PcdCpuStackGuard)) { + if (gDxeMps.CpuStackGuardEnabled) { // // One extra page at the bottom of the stack is needed for Guard page. // diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c index b11264ce4a..1a2312a248 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c @@ -160,7 +160,7 @@ SmiPFHandler ( // // If NULL pointer was just accessed // - if (((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0) && + if (gMmMps.NullPointerDetection.Enabled && (PFAddress < EFI_PAGE_SIZE)) { DumpCpuContext (InterruptType, SystemContext); diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf index 5d52ed7d13..8f9bdf8374 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf @@ -103,6 +103,7 @@ PerformanceLib CpuPageTableLib MmSaveStateLib + MmMemoryProtectionHobLib [Protocols] gEfiSmmAccess2ProtocolGuid ## CONSUMES @@ -146,8 +147,6 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuFeaturesInitOnS3Resume ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ## CONSUMES gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask ## CONSUMES [FixedPcd] diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c index 6f49866615..29552b11ce 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c @@ -1679,7 +1679,7 @@ GenSmmPageTable ( } } - if ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0) { + if (gMmMps.NullPointerDetection.Enabled) { // // Mark [0, 4k] as non-present // @@ -1834,13 +1834,13 @@ IfReadOnlyPageTableNeeded ( // // Don't mark page table memory as read-only if // - no restriction on access to non-SMRAM memory; or - // - SMM heap guard feature enabled; or - // BIT2: SMM page guard enabled - // BIT3: SMM pool guard enabled + // - SMM page guard enabled + // - SMM pool guard enabled // - SMM profile feature enabled // if (!IsRestrictedMemoryAccess () || - ((PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) != 0) || + (gMmMps.HeapGuard.PageGuardEnabled) || + (gMmMps.HeapGuard.PoolGuardEnabled) || FeaturePcdGet (PcdCpuSmmProfileEnable)) { if (sizeof (UINTN) == sizeof (UINT64)) { @@ -1849,7 +1849,8 @@ IfReadOnlyPageTableNeeded ( // ASSERT ( !(IsRestrictedMemoryAccess () && - (PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) != 0) + ((gMmMps.HeapGuard.PageGuardEnabled) || + (gMmMps.HeapGuard.PoolGuardEnabled))) ); // diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c index 7ac3c66f91..eceb0a565c 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c @@ -610,7 +610,7 @@ InitPaging ( // // [0, 4k] may be non-present. // - PreviousAddress = ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0) ? BASE_4KB : 0; + PreviousAddress = (gMmMps.NullPointerDetection.Enabled) ? BASE_4KB : 0; DEBUG ((DEBUG_INFO, "Patch page table start ...\n")); if (FeaturePcdGet (PcdCpuSmmProfileEnable)) { diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfileInternal.h b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfileInternal.h index 964dd52817..50397e4750 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfileInternal.h +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfileInternal.h @@ -15,6 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include "SmmProfileArch.h" @@ -57,11 +58,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define MSR_DEBUG_CTL_BTINT 0x100 #define MSR_DS_AREA 0x600 -#define HEAP_GUARD_NONSTOP_MODE \ - ((PcdGet8 (PcdHeapGuardPropertyMask) & (BIT6|BIT3|BIT2)) > BIT6) +#define HEAP_GUARD_NONSTOP_MODE (gMmMps.HeapGuard.NonstopModeEnabled && \ + (gMmMps.HeapGuard.PageGuardEnabled || \ + gMmMps.HeapGuard.PoolGuardEnabled)) \ -#define NULL_DETECTION_NONSTOP_MODE \ - ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & (BIT6|BIT1)) > BIT6) +#define NULL_DETECTION_NONSTOP_MODE (gMmMps.NullPointerDetection.NonstopModeEnabled && \ + gMmMps.NullPointerDetection.Enabled) typedef struct { EFI_PHYSICAL_ADDRESS Base; diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c index ddd9be66b5..28eaa18689 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c @@ -932,7 +932,7 @@ SmiPFHandler ( // // If NULL pointer was just accessed // - if (((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0) && + if (gMmMps.NullPointerDetection.Enabled && (PFAddress < EFI_PAGE_SIZE)) { DumpCpuContext (InterruptType, SystemContext); diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec index 25126c9136..4649bdef5d 100644 --- a/UefiCpuPkg/UefiCpuPkg.dec +++ b/UefiCpuPkg/UefiCpuPkg.dec @@ -187,13 +187,13 @@ [PcdsFixedAtBuild] ## List of exception vectors which need switching stack. - # This PCD will only take into effect if PcdCpuStackGuard is enabled. + # This PCD will only take into effect if the CPU Stack Guard is enabled. # By default exception #DD(8), #PF(14) are supported. # @Prompt Specify exception vectors which need switching stack. gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList|{0x08, 0x0E}|VOID*|0x30002000 ## Size of good stack for an exception. - # This PCD will only take into effect if PcdCpuStackGuard is enabled. + # This PCD will only take into effect if the CPU Stack Guard is enabled. # @Prompt Specify size of good stack of exception which need switching stack. gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize|2048|UINT32|0x30002001 @@ -372,9 +372,8 @@ # and the memory occupied by page table is protected by page table itself as read-only. # In X64 build, it cannot be enabled at the same time with SMM profile feature (PcdCpuSmmProfileEnable). # In X64 build, it could not be enabled also at the same time with heap guard feature for SMM - # (PcdHeapGuardPropertyMask in MdeModulePkg). # In IA32 build, page table memory is not marked as read-only when either SMM profile feature (PcdCpuSmmProfileEnable) - # or heap guard feature for SMM (PcdHeapGuardPropertyMask in MdeModulePkg) is enabled. + # or heap guard feature for SMM is enabled. # TRUE - Access to non-SMRAM memory is restricted to reserved, runtime and ACPI NVS type after SmmReadyToLock.
# FALSE - Access to any type of non-SMRAM memory after SmmReadyToLock is allowed.
# @Prompt Access to non-SMRAM memory is restricted to reserved, runtime and ACPI NVS type after SmmReadyToLock. diff --git a/UefiCpuPkg/UefiCpuPkg.dsc b/UefiCpuPkg/UefiCpuPkg.dsc index 45726b9efc..bff7fc5bd5 100644 --- a/UefiCpuPkg/UefiCpuPkg.dsc +++ b/UefiCpuPkg/UefiCpuPkg.dsc @@ -66,6 +66,8 @@ UnitTestLib|UnitTestFrameworkPkg/Library/UnitTestLib/UnitTestLib.inf UnitTestPersistenceLib|UnitTestFrameworkPkg/Library/UnitTestPersistenceLibNull/UnitTestPersistenceLibNull.inf UnitTestResultReportLib|UnitTestFrameworkPkg/Library/UnitTestResultReportLib/UnitTestResultReportLibDebugLib.inf + DxeMemoryProtectionHobLib|MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf + MmMemoryProtectionHobLib|MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf [LibraryClasses.common.SEC] PlatformSecLib|UefiCpuPkg/Library/PlatformSecLibNull/PlatformSecLibNull.inf diff --git a/UefiCpuPkg/UefiCpuPkg.uni b/UefiCpuPkg/UefiCpuPkg.uni index d17bcfd10c..5719917a04 100644 --- a/UefiCpuPkg/UefiCpuPkg.uni +++ b/UefiCpuPkg/UefiCpuPkg.uni @@ -170,8 +170,7 @@ "If enabled, SMM will not use on-demand paging. SMM will build static page table for all memory.\n" "This flag only impacts X64 build, because SMM always builds static page table for IA32.\n" "It could not be enabled at the same time with SMM profile feature (PcdCpuSmmProfileEnable).\n" - "It could not be enabled also at the same time with heap guard feature for SMM\n" - "(PcdHeapGuardPropertyMask in MdeModulePkg).

\n" + "It could not be enabled also at the same time with heap guard feature for SMM.

\n" "TRUE - SMM uses static page table for all memory.
\n" "FALSE - SMM uses static page table for below 4G memory and use on-demand paging for above 4G memory.
" @@ -217,9 +216,8 @@ "and the memory occupied by page table is protected by page table itself as read-only.
\n" "In X64 build, it cannot be enabled at the same time with SMM profile feature (PcdCpuSmmProfileEnable).
\n" "In X64 build, it could not be enabled also at the same time with heap guard feature for SMM
\n" - "(PcdHeapGuardPropertyMask in MdeModulePkg).
\n" "In IA32 build, page table memory is not marked as read-only when either SMM profile feature (PcdCpuSmmProfileEnable)
\n" - "or heap guard feature for SMM (PcdHeapGuardPropertyMask in MdeModulePkg) is enabled.
\n" + "or heap guard feature for SMM is enabled.
\n" "TRUE - Access to non-SMRAM memory is restricted to reserved, runtime and ACPI NVS type after SmmReadyToLock.
\n" "FALSE - Access to any type of non-SMRAM memory after SmmReadyToLock is allowed.
" @@ -266,13 +264,13 @@ #string STR_gUefiCpuPkgTokenSpaceGuid_PcdCpuStackSwitchExceptionList_PROMPT #language en-US "Specify exception vectors which need switching stack." #string STR_gUefiCpuPkgTokenSpaceGuid_PcdCpuStackSwitchExceptionList_HELP #language en-US "List of exception vectors which need switching stack.\n" - "This PCD will only take into effect if PcdCpuStackGuard is enabled.n" + "This PCD will only take into effect if the CPU Stack Guard is enabled.n" "By default exception #DD(8), #PF(14) are supported.n" #string STR_gUefiCpuPkgTokenSpaceGuid_PcdCpuKnownGoodStackSize_PROMPT #language en-US "Specify size of good stack of exception which need switching stack." #string STR_gUefiCpuPkgTokenSpaceGuid_PcdCpuKnownGoodStackSize_HELP #language en-US "Size of good stack for an exception.\n" - "This PCD will only take into effect if PcdCpuStackGuard is enabled.\n" + "This PCD will only take into effect if the CPU Stack Guard is enabled.\n" #string STR_gUefiCpuPkgTokenSpaceGuid_PcdCpuCoreCrystalClockFrequency_PROMPT #language en-US "Specifies CPUID Leaf 0x15 Time Stamp Counter and Nominal Core Crystal Clock Frequency." -- 2.41.0.windows.2