From: Laszlo Ersek <lersek@redhat.com>
To: "Yao, Jiewen" <jiewen.yao@intel.com>,
"edk2-devel@ml01.01.org" <edk2-devel@ml01.01.org>
Cc: "Kinney, Michael D" <michael.d.kinney@intel.com>,
"Tian, Feng" <feng.tian@intel.com>,
"Fan, Jeff" <jeff.fan@intel.com>,
"Zeng, Star" <star.zeng@intel.com>
Subject: Re: [PATCH 4/6] UefiCpuPkg/dec: Add PcdCpuSmmStaticPageTable.
Date: Thu, 3 Nov 2016 22:35:42 +0100 [thread overview]
Message-ID: <4974a9c8-0753-b757-130b-36621f9385dd@redhat.com> (raw)
In-Reply-To: <74D8A39837DF1E4DA445A8C0B3885C50386BD98A@shsmsx102.ccr.corp.intel.com>
On 11/03/16 11:46, Yao, Jiewen wrote:
> Sure. Answer inline.
Thanks -- those pieces of info are helpful; can you please add them to
the commit messages of the appropriate patches?
(If there's a design document or Intel whitepaper about these
protections, referencing that in a commit message would also be nice.)
I'll follow up with my test results soon.
Thanks!
Laszlo
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Laszlo Ersek
> Sent: Thursday, November 3, 2016 4:29 PM
> To: Yao, Jiewen <jiewen.yao@intel.com>; edk2-devel@ml01.01.org
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Tian, Feng <feng.tian@intel.com>; Fan, Jeff <jeff.fan@intel.com>; Zeng, Star <star.zeng@intel.com>
> Subject: Re: [edk2] [PATCH 4/6] UefiCpuPkg/dec: Add PcdCpuSmmStaticPageTable.
>
> Jiewen,
>
> On 11/03/16 07:53, Jiewen Yao wrote:
>> If enabled, SMM will not use on-demand paging.
>> SMM will build static page table for all memory.
>>
>> Cc: Jeff Fan <jeff.fan@intel.com<mailto:jeff.fan@intel.com>>
>> Cc: Feng Tian <feng.tian@intel.com<mailto:feng.tian@intel.com>>
>> Cc: Star Zeng <star.zeng@intel.com<mailto:star.zeng@intel.com>>
>> Cc: Michael D Kinney <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>
>> Cc: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>
>> Contributed-under: TianoCore Contribution Agreement 1.0
>> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
>> ---
>> UefiCpuPkg/UefiCpuPkg.dec | 8 ++++++++
>> 1 file changed, 8 insertions(+)
>>
>> diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
>> index 8674533..a110820 100644
>> --- a/UefiCpuPkg/UefiCpuPkg.dec
>> +++ b/UefiCpuPkg/UefiCpuPkg.dec
>> @@ -199,6 +199,14 @@
>> # @Prompt The specified AP target C-state for Mwait.
>> gUefiCpuPkgTokenSpaceGuid.PcdCpuApTargetCstate|0|UINT8|0x00000007
>>
>> + ## Indicates if SMM uses static page table.
>> + # If enabled, SMM will not use on-demand paging. SMM will build static page table for all memory.<BR><BR>
>> + # This flag only impacts X64 build, because SMM alway builds static page table for IA32.
>> + # TRUE - SMM uses static page table for all memory.<BR>
>> + # FALSE - SMM uses static page table for below 4G memory and use on-demand paging for above 4G memory.<BR>
>> + # @Prompt Use static page table for all memory in SMM.
>> + gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStaticPageTable|TRUE|BOOLEAN|0x3213210D
>> +
>> [PcdsDynamic, PcdsDynamicEx]
>> ## Contains the pointer to a CPU S3 data buffer of structure ACPI_CPU_DATA.
>> # @Prompt The pointer to a CPU S3 data buffer.
>>
>
> can you add more documentation about the PCD (to this patch or the next
> patch)? Such as:
>
> - What SMRAM footprint do we expect for the page tables, for what main
> RAM size?
> [Jiewen] The page table size depend on 2 things:
>
> 1) The 1G paging capability.
>
> 2) The whole system memory/MMIO addressing capability.
>
> Let's discuss one by one.
>
> If the system only supports 2M paging
> When the whole memory/MMIO is 32bit, we only need 1+1+4=6 pages for 4G.
> When the whole memory/MMIO is 39bit, we need 1+1+256 pages (~ 1M)
> When the whole memory/MMIO is 48bit, we need 1+256+256*256 pages (~ 257M)
>
> If the system supports 1G paging.
> When the whole memory/MMIO is 32bit, we only need 1+1+4=6 pages for 4G. We still generate 2M page for maintenance consideration.
> When the whole memory/MMIO is 39bit, we still need 6 pages. We setup 1G paging for >1G.
> When the whole memory/MMIO is 48bit, we need 1+256 pages (~ 1M)
>
>
>
>
> QEMU's Q35 machine type offers 8MB SMRAM at the most, and that's already
> quite consumed if you specify a high CPU count for the guest. I don't
> have any numbers ready, but I seem to recall that with 255 CPUs it gets
> quite tight.
> [Jiewen] I see. I tried default build and OVMF can boot. So I did not touch OVMF.
> If you want, I can update Ovmf to disable static paging. Then you can try to see what happen and decide to enable or disable later.
>
>
> - If a platform disables PcdCpuSmmStaticPageTable, does it lose the SMM
> page level protection then?
> [Jiewen] It depends.
> This set of patch added multiple protection
>
> 1) For PE/COFF image - Only code region is marked as executable. Data region is non-executable, if it is 4K aligned.
>
> 2) Important data structure is set to NX and RO, such as IDT/GDT.
>
> 3) SmmSaveState is set to NX.
>
> 4) SmmEntrypoint is set to RO.
>
> 5) If static page is supported, page table is RO
>
>
>
> We use page table to protect other component, and itself.
>
> If we use dynamic paging, we can still provide *partial* protection. And hope page table is not modified by other component.
>
>
>
>
>
>
>
> If that's the case, then it should be documented in UefiCpuPkg.dec. One
> might even argue that the PCD should be renamed: the protection is the
> main featue (our end goal), and the page tables being fully
> pre-allocated are just an implementation detail for that.
>
> Thanks
> Laszlo
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
> https://lists.01.org/mailman/listinfo/edk2-devel
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
>
next prev parent reply other threads:[~2016-11-03 21:35 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-03 6:53 [PATCH 0/6] Enable SMM page level protection Jiewen Yao
2016-11-03 6:53 ` [PATCH 1/6] MdeModulePkg/Include: Add PiSmmMemoryAttributesTable.h Jiewen Yao
2016-11-03 6:53 ` [PATCH 2/6] MdeModulePkg/dec: Add gEdkiiPiSmmMemoryAttributesTableGuid Jiewen Yao
2016-11-03 6:53 ` [PATCH 3/6] MdeModulePkg/PiSmmCore: Add MemoryAttributes support Jiewen Yao
2016-11-03 6:53 ` [PATCH 4/6] UefiCpuPkg/dec: Add PcdCpuSmmStaticPageTable Jiewen Yao
2016-11-03 8:28 ` Laszlo Ersek
2016-11-03 10:46 ` Yao, Jiewen
2016-11-03 21:35 ` Laszlo Ersek [this message]
2016-11-03 6:53 ` [PATCH 5/6] UefiCpuPkg/PiSmmCpuDxeSmm: Add paging protection Jiewen Yao
2016-11-03 6:53 ` [PATCH 6/6] QuarkPlatformPkg/dsc: enable Smm " Jiewen Yao
2016-11-03 6:55 ` [PATCH 0/6] Enable SMM page level protection Yao, Jiewen
2016-11-03 21:43 ` Laszlo Ersek
2016-11-03 23:51 ` Yao, Jiewen
2016-11-04 0:09 ` Kinney, Michael D
2016-11-04 1:15 ` Yao, Jiewen
2016-11-04 16:15 ` Laszlo Ersek
2016-11-04 15:22 ` Laszlo Ersek
2016-11-04 15:29 ` Paolo Bonzini
2016-11-04 17:36 ` Laszlo Ersek
2016-11-04 9:35 ` Yao, Jiewen
2016-11-04 15:23 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4974a9c8-0753-b757-130b-36621f9385dd@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox