From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 35EA29417A5 for ; Fri, 2 Feb 2024 10:47:56 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=2Ox+uR16mjFKEf9aqry2GiNXeD6C8aMGurYQSEx+lPQ=; c=relaxed/simple; d=groups.io; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1706870875; v=1; b=enNrprVWFsF0zPnwERLOFDSnLgyOhG1LoynwIKKg3XoeoX9S6OaKZsbPg+L4o3idGpLzEu+l AU9UdjpnVRitrZlydytQWUBktNeUvLR3bIZBKk3du5rNklZo8UWG0QssQ1ysrQQSRAZJp7ZUWQU GiDmkdkSJZ46cf1j2nEgNmt0= X-Received: by 127.0.0.2 with SMTP id 9NWmYY7687511xrFvPfmzEmK; Fri, 02 Feb 2024 02:47:55 -0800 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web10.20104.1706870875025170866 for ; Fri, 02 Feb 2024 02:47:55 -0800 X-Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-696-4VtMSVlMM9yfxrdwR7wJvg-1; Fri, 02 Feb 2024 05:47:50 -0500 X-MC-Unique: 4VtMSVlMM9yfxrdwR7wJvg-1 X-Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id ADEEE8353E1; Fri, 2 Feb 2024 10:47:49 +0000 (UTC) X-Received: from [10.39.192.34] (unknown [10.39.192.34]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7BE95492BC6; Fri, 2 Feb 2024 10:47:48 +0000 (UTC) Message-ID: <2e5317e1-0280-7943-a042-478331fc6093@redhat.com> Date: Fri, 2 Feb 2024 11:47:43 +0100 MIME-Version: 1.0 Subject: Re: [edk2-devel] [PATCH v1 1/2] UefiCpuPkg/PiSmmCpuDxeSmm: Execute CET and XD check only on BSP To: devel@edk2.groups.io, jiaxin.wu@intel.com Cc: Ray Ni , Eric Dong , Zeng Star , Gerd Hoffmann , Rahul Kumar References: <20240201112001.14416-1-jiaxin.wu@intel.com> <20240201112001.14416-2-jiaxin.wu@intel.com> From: "Laszlo Ersek" In-Reply-To: <20240201112001.14416-2-jiaxin.wu@intel.com> X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.9 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: h8Cntr5CeNm1CaViZBS6MvGLx7686176AA= Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=enNrprVW; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io On 2/1/24 12:20, Wu, Jiaxin wrote: > Existing CheckFeatureSupported function will check CET & XD > features on each processor. >=20 > The CPUIDs for CET & XD features are software visible domain, > which means a properly configured platform will have consistent > values for these CPUID Leafs/SubLeafs/Fields on each logical > processor. So, execute Execute CET and XD check only on BSP. >=20 > As for MSR_IA32_MISC_ENABLE.BTS, it's core scope according SDM. > So, still keep it check on each processor. >=20 > Cc: Ray Ni > Cc: Laszlo Ersek > Cc: Eric Dong > Cc: Zeng Star > Cc: Gerd Hoffmann > Cc: Rahul Kumar > Signed-off-by: Jiaxin Wu > --- > UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 6 +-- > UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 78 +++++++++++++++++-------= ------ > UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h | 6 ++- > 3 files changed, 52 insertions(+), 38 deletions(-) >=20 > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c b/UefiCpuPkg/PiSm= mCpuDxeSmm/PiSmmCpuDxeSmm.c > index cd394826ff..15d26dd88f 100644 > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c > @@ -1,9 +1,9 @@ > /** @file > Agent Module to load other modules to deploy SMM Entry Vector for X86 CP= U. > =20 > -Copyright (c) 2009 - 2023, Intel Corporation. All rights reserved.
> +Copyright (c) 2009 - 2024, Intel Corporation. All rights reserved.
> Copyright (c) 2017, AMD Incorporated. All rights reserved.
> Copyright (C) 2023 Advanced Micro Devices, Inc. All rights reserved.
> =20 > SPDX-License-Identifier: BSD-2-Clause-Patent > =20 > @@ -375,13 +375,13 @@ SmmInitHandler ( > &mCpuHotPlugData > ); > =20 > if (!mSmmS3Flag) { > // > - // Check XD and BTS features on each processor on normal boot > + // Check CET & XD & BTS features on each processor on normal boo= t > // > - CheckFeatureSupported (); > + CheckFeatureSupported (IsBsp); > } else if (IsBsp) { > // > // BSP rebase is already done above. > // Initialize private data during S3 resume > // > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c b/UefiCpuPkg/PiSmmCpu= DxeSmm/SmmProfile.c > index 8142d3ceac..44c352ad98 100644 > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c > @@ -1,9 +1,9 @@ > /** @file > Enable SMM profile. > =20 > -Copyright (c) 2012 - 2023, Intel Corporation. All rights reserved.
> +Copyright (c) 2012 - 2024, Intel Corporation. All rights reserved.
> Copyright (c) 2017 - 2020, AMD Incorporated. All rights reserved.
> =20 > SPDX-License-Identifier: BSD-2-Clause-Patent > =20 > **/ > @@ -892,62 +892,74 @@ InitSmmProfileInternal ( > } > =20 > /** > Check if feature is supported by a processor. > =20 > + @param[in] IsBsp Indicate it's called by BSP or not. > + > **/ > VOID > CheckFeatureSupported ( > - VOID > + IN BOOLEAN IsBsp > ) > { > UINT32 RegEax; > UINT32 RegEcx; > UINT32 RegEdx; > MSR_IA32_MISC_ENABLE_REGISTER MiscEnableMsr; > =20 > - if ((PcdGet32 (PcdControlFlowEnforcementPropertyMask) !=3D 0) && mCetS= upported) { > - AsmCpuid (CPUID_SIGNATURE, &RegEax, NULL, NULL, NULL); > - if (RegEax >=3D CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS) { > - AsmCpuidEx (CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS, CPUID_STRUCTU= RED_EXTENDED_FEATURE_FLAGS_SUB_LEAF_INFO, NULL, NULL, &RegEcx, NULL); > - if ((RegEcx & CPUID_CET_SS) =3D=3D 0) { > + // > + // The feature scope is software visible domain. > + // Only need check on BSP. > + // > + if (IsBsp) { > + if ((PcdGet32 (PcdControlFlowEnforcementPropertyMask) !=3D 0) && mCe= tSupported) { > + AsmCpuid (CPUID_SIGNATURE, &RegEax, NULL, NULL, NULL); > + if (RegEax >=3D CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS) { > + AsmCpuidEx (CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS, CPUID_STRUC= TURED_EXTENDED_FEATURE_FLAGS_SUB_LEAF_INFO, NULL, NULL, &RegEcx, NULL); > + if ((RegEcx & CPUID_CET_SS) =3D=3D 0) { > + mCetSupported =3D FALSE; > + PatchInstructionX86 (mPatchCetSupported, mCetSupported, 1); > + } > + } else { > mCetSupported =3D FALSE; > PatchInstructionX86 (mPatchCetSupported, mCetSupported, 1); > } > - } else { > - mCetSupported =3D FALSE; > - PatchInstructionX86 (mPatchCetSupported, mCetSupported, 1); > } > - } > =20 > - if (mXdSupported) { > - AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); > - if (RegEax <=3D CPUID_EXTENDED_FUNCTION) { > - // > - // Extended CPUID functions are not supported on this processor. > - // > - mXdSupported =3D FALSE; > - PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1); > - } > + if (mXdSupported) { > + AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); > + if (RegEax <=3D CPUID_EXTENDED_FUNCTION) { > + // > + // Extended CPUID functions are not supported on this processor. > + // > + mXdSupported =3D FALSE; > + PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1); > + } > =20 > - AsmCpuid (CPUID_EXTENDED_CPU_SIG, NULL, NULL, NULL, &RegEdx); > - if ((RegEdx & CPUID1_EDX_XD_SUPPORT) =3D=3D 0) { > - // > - // Execute Disable Bit feature is not supported on this processor. > - // > - mXdSupported =3D FALSE; > - PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1); > - } > + AsmCpuid (CPUID_EXTENDED_CPU_SIG, NULL, NULL, NULL, &RegEdx); > + if ((RegEdx & CPUID1_EDX_XD_SUPPORT) =3D=3D 0) { > + // > + // Execute Disable Bit feature is not supported on this processo= r. > + // > + mXdSupported =3D FALSE; > + PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1); > + } > =20 > - if (StandardSignatureIsAuthenticAMD ()) { > - // > - // AMD processors do not support MSR_IA32_MISC_ENABLE > - // > - PatchInstructionX86 (gPatchMsrIa32MiscEnableSupported, FALSE, 1); > + if (StandardSignatureIsAuthenticAMD ()) { > + // > + // AMD processors do not support MSR_IA32_MISC_ENABLE > + // > + PatchInstructionX86 (gPatchMsrIa32MiscEnableSupported, FALSE, 1)= ; > + } > } > } > =20 > + // > + // The feature scope is core. > + // Need check on each processor. > + // > if (mBtsSupported) { > AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &RegEdx); > if ((RegEdx & CPUID1_EDX_BTS_AVAILABLE) !=3D 0) { > // > // Per IA32 manuals: > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h b/UefiCpuPkg/PiSmmCpu= DxeSmm/SmmProfile.h > index 1a82ac05ce..02554a9983 100644 > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h > @@ -1,9 +1,9 @@ > /** @file > SMM profile header file. > =20 > -Copyright (c) 2012 - 2019, Intel Corporation. All rights reserved.
> +Copyright (c) 2012 - 2024, Intel Corporation. All rights reserved.
> SPDX-License-Identifier: BSD-2-Clause-Patent > =20 > **/ > =20 > #ifndef _SMM_PROFILE_H_ > @@ -81,14 +81,16 @@ PageFaultIdtHandlerSmmProfile ( > ); > =20 > /** > Check if feature is supported by a processor. > =20 > + @param[in] IsBsp Indicate it's called by BSP or not. > + > **/ > VOID > CheckFeatureSupported ( > - VOID > + IN BOOLEAN IsBsp > ); > =20 > /** > Update page table according to protected memory ranges and the 4KB-pag= e mapped memory ranges. > =20 Do multiple processors execute CheckFeatureSupported() concurrently? Laszlo -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#115042): https://edk2.groups.io/g/devel/message/115042 Mute This Topic: https://groups.io/mt/104094806/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-