From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <lersek@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id CEAEF81D40
 for <edk2-devel@ml01.01.org>; Thu,  3 Nov 2016 14:35:43 -0700 (PDT)
Received: from int-mx09.intmail.prod.int.phx2.redhat.com
 (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 3FA6E804EB;
 Thu,  3 Nov 2016 21:35:45 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-178.phx2.redhat.com
 [10.3.116.178])
 by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id
 uA3LZgvm030356; Thu, 3 Nov 2016 17:35:43 -0400
To: "Yao, Jiewen" <jiewen.yao@intel.com>,
 "edk2-devel@ml01.01.org" <edk2-devel@ml01.01.org>
References: <1478156028-21572-1-git-send-email-jiewen.yao@intel.com>
 <1478156028-21572-5-git-send-email-jiewen.yao@intel.com>
 <71b09441-6903-75d0-de06-0f9e18642c85@redhat.com>
 <74D8A39837DF1E4DA445A8C0B3885C50386BD98A@shsmsx102.ccr.corp.intel.com>
Cc: "Kinney, Michael D" <michael.d.kinney@intel.com>,
 "Tian, Feng" <feng.tian@intel.com>, "Fan, Jeff" <jeff.fan@intel.com>,
 "Zeng, Star" <star.zeng@intel.com>
From: Laszlo Ersek <lersek@redhat.com>
Message-ID: <4974a9c8-0753-b757-130b-36621f9385dd@redhat.com>
Date: Thu, 3 Nov 2016 22:35:42 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <74D8A39837DF1E4DA445A8C0B3885C50386BD98A@shsmsx102.ccr.corp.intel.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.27]); Thu, 03 Nov 2016 21:35:45 +0000 (UTC)
Subject: Re: [PATCH 4/6] UefiCpuPkg/dec: Add PcdCpuSmmStaticPageTable.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Nov 2016 21:35:43 -0000
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit

On 11/03/16 11:46, Yao, Jiewen wrote:
> Sure. Answer inline.

Thanks -- those pieces of info are helpful; can you please add them to
the commit messages of the appropriate patches?

(If there's a design document or Intel whitepaper about these
protections, referencing that in a commit message would also be nice.)

I'll follow up with my test results soon.

Thanks!
Laszlo

> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Laszlo Ersek
> Sent: Thursday, November 3, 2016 4:29 PM
> To: Yao, Jiewen <jiewen.yao@intel.com>; edk2-devel@ml01.01.org
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Tian, Feng <feng.tian@intel.com>; Fan, Jeff <jeff.fan@intel.com>; Zeng, Star <star.zeng@intel.com>
> Subject: Re: [edk2] [PATCH 4/6] UefiCpuPkg/dec: Add PcdCpuSmmStaticPageTable.
> 
> Jiewen,
> 
> On 11/03/16 07:53, Jiewen Yao wrote:
>> If enabled, SMM will not use on-demand paging.
>> SMM will build static page table for all memory.
>>
>> Cc: Jeff Fan <jeff.fan@intel.com<mailto:jeff.fan@intel.com>>
>> Cc: Feng Tian <feng.tian@intel.com<mailto:feng.tian@intel.com>>
>> Cc: Star Zeng <star.zeng@intel.com<mailto:star.zeng@intel.com>>
>> Cc: Michael D Kinney <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>
>> Cc: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>
>> Contributed-under: TianoCore Contribution Agreement 1.0
>> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
>> ---
>>  UefiCpuPkg/UefiCpuPkg.dec | 8 ++++++++
>>  1 file changed, 8 insertions(+)
>>
>> diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
>> index 8674533..a110820 100644
>> --- a/UefiCpuPkg/UefiCpuPkg.dec
>> +++ b/UefiCpuPkg/UefiCpuPkg.dec
>> @@ -199,6 +199,14 @@
>>    # @Prompt The specified AP target C-state for Mwait.
>>    gUefiCpuPkgTokenSpaceGuid.PcdCpuApTargetCstate|0|UINT8|0x00000007
>>
>> +  ## Indicates if SMM uses static page table.
>> +  #  If enabled, SMM will not use on-demand paging. SMM will build static page table for all memory.<BR><BR>
>> +  #  This flag only impacts X64 build, because SMM alway builds static page table for IA32.
>> +  #   TRUE  - SMM uses static page table for all memory.<BR>
>> +  #   FALSE - SMM uses static page table for below 4G memory and use on-demand paging for above 4G memory.<BR>
>> +  # @Prompt Use static page table for all memory in SMM.
>> +  gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStaticPageTable|TRUE|BOOLEAN|0x3213210D
>> +
>>  [PcdsDynamic, PcdsDynamicEx]
>>    ## Contains the pointer to a CPU S3 data buffer of structure ACPI_CPU_DATA.
>>    # @Prompt The pointer to a CPU S3 data buffer.
>>
> 
> can you add more documentation about the PCD (to this patch or the next
> patch)? Such as:
> 
> - What SMRAM footprint do we expect for the page tables, for what main
> RAM size?
> [Jiewen] The page table size depend on 2 things:
> 
> 1)      The 1G paging capability.
> 
> 2)      The whole system memory/MMIO addressing capability.
> 
> Let's discuss one by one.
> 
> If the system only supports 2M paging
> When the whole memory/MMIO is 32bit, we only need 1+1+4=6 pages for 4G.
> When the whole memory/MMIO is 39bit, we need 1+1+256 pages (~ 1M)
> When the whole memory/MMIO is 48bit, we need 1+256+256*256 pages (~ 257M)
> 
> If the system supports 1G paging.
> When the whole memory/MMIO is 32bit, we only need 1+1+4=6 pages for 4G. We still generate 2M page for maintenance consideration.
> When the whole memory/MMIO is 39bit, we still need 6 pages. We setup 1G paging for >1G.
> When the whole memory/MMIO is 48bit, we need 1+256 pages (~ 1M)
> 
> 
> 
> 
> QEMU's Q35 machine type offers 8MB SMRAM at the most, and that's already
> quite consumed if you specify a high CPU count for the guest. I don't
> have any numbers ready, but I seem to recall that with 255 CPUs it gets
> quite tight.
> [Jiewen] I see. I tried default build and OVMF can boot. So I did not touch OVMF.
> If you want, I can update Ovmf to disable static paging. Then you can try to see what happen and decide to enable or disable later.
> 
> 
> - If a platform disables PcdCpuSmmStaticPageTable, does it lose the SMM
> page level protection then?
> [Jiewen] It depends.
> This set of patch added multiple protection
> 
> 1) For PE/COFF image - Only code region is marked as executable. Data region is non-executable, if it is 4K aligned.
> 
> 2) Important data structure is set to NX and RO, such as IDT/GDT.
> 
> 3) SmmSaveState is set to NX.
> 
> 4) SmmEntrypoint is set to RO.
> 
> 5) If static page is supported, page table is RO
> 
> 
> 
> We use page table to protect other component, and itself.
> 
> If we use dynamic paging, we can still provide *partial* protection. And hope page table is not modified by other component.
> 
> 
> 
> 
> 
> 
> 
> If that's the case, then it should be documented in UefiCpuPkg.dec. One
> might even argue that the PCD should be renamed: the protection is the
> main featue (our end goal), and the page tables being fully
> pre-allocated are just an implementation detail for that.
> 
> Thanks
> Laszlo
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
> https://lists.01.org/mailman/listinfo/edk2-devel
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
>