From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jiewen.yao@intel.com>
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 0419981D3F
 for <edk2-devel@ml01.01.org>; Thu,  3 Nov 2016 03:46:53 -0700 (PDT)
Received: from orsmga001.jf.intel.com ([10.7.209.18])
 by orsmga104.jf.intel.com with ESMTP; 03 Nov 2016 03:46:54 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.31,438,1473145200"; 
 d="scan'208,217";a="1054566577"
Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206])
 by orsmga001.jf.intel.com with ESMTP; 03 Nov 2016 03:46:54 -0700
Received: from fmsmsx153.amr.corp.intel.com (10.18.125.6) by
 FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Thu, 3 Nov 2016 03:46:54 -0700
Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by
 FMSMSX153.amr.corp.intel.com (10.18.125.6) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Thu, 3 Nov 2016 03:46:53 -0700
Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.206]) by
 SHSMSX103.ccr.corp.intel.com ([169.254.4.139]) with mapi id 14.03.0248.002;
 Thu, 3 Nov 2016 18:46:45 +0800
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: Laszlo Ersek <lersek@redhat.com>, "edk2-devel@ml01.01.org"
 <edk2-devel@ml01.01.org>
CC: "Kinney, Michael D" <michael.d.kinney@intel.com>, "Tian, Feng"
 <feng.tian@intel.com>, "Fan, Jeff" <jeff.fan@intel.com>, "Zeng, Star"
 <star.zeng@intel.com>
Thread-Topic: [edk2] [PATCH 4/6] UefiCpuPkg/dec: Add PcdCpuSmmStaticPageTable.
Thread-Index: AQHSNZ9ndK4bNFex50yLZ4FU1p+v/qDGZ0AAgACK45A=
Date: Thu, 3 Nov 2016 10:46:44 +0000
Message-ID: <74D8A39837DF1E4DA445A8C0B3885C50386BD98A@shsmsx102.ccr.corp.intel.com>
References: <1478156028-21572-1-git-send-email-jiewen.yao@intel.com>
 <1478156028-21572-5-git-send-email-jiewen.yao@intel.com>
 <71b09441-6903-75d0-de06-0f9e18642c85@redhat.com>
In-Reply-To: <71b09441-6903-75d0-de06-0f9e18642c85@redhat.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
X-Content-Filtered-By: Mailman/MimeDel 2.1.21
Subject: Re: [PATCH 4/6] UefiCpuPkg/dec: Add PcdCpuSmmStaticPageTable.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Nov 2016 10:46:53 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Sure. Answer inline.

From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Lasz=
lo Ersek
Sent: Thursday, November 3, 2016 4:29 PM
To: Yao, Jiewen <jiewen.yao@intel.com>; edk2-devel@ml01.01.org
Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Tian, Feng <feng.tian@i=
ntel.com>; Fan, Jeff <jeff.fan@intel.com>; Zeng, Star <star.zeng@intel.com>
Subject: Re: [edk2] [PATCH 4/6] UefiCpuPkg/dec: Add PcdCpuSmmStaticPageTabl=
e.

Jiewen,

On 11/03/16 07:53, Jiewen Yao wrote:
> If enabled, SMM will not use on-demand paging.
> SMM will build static page table for all memory.
>
> Cc: Jeff Fan <jeff.fan@intel.com<mailto:jeff.fan@intel.com>>
> Cc: Feng Tian <feng.tian@intel.com<mailto:feng.tian@intel.com>>
> Cc: Star Zeng <star.zeng@intel.com<mailto:star.zeng@intel.com>>
> Cc: Michael D Kinney <michael.d.kinney@intel.com<mailto:michael.d.kinney@=
intel.com>>
> Cc: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.c=
om>>
> ---
>  UefiCpuPkg/UefiCpuPkg.dec | 8 ++++++++
>  1 file changed, 8 insertions(+)
>
> diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
> index 8674533..a110820 100644
> --- a/UefiCpuPkg/UefiCpuPkg.dec
> +++ b/UefiCpuPkg/UefiCpuPkg.dec
> @@ -199,6 +199,14 @@
>    # @Prompt The specified AP target C-state for Mwait.
>    gUefiCpuPkgTokenSpaceGuid.PcdCpuApTargetCstate|0|UINT8|0x00000007
>
> +  ## Indicates if SMM uses static page table.
> +  #  If enabled, SMM will not use on-demand paging. SMM will build stati=
c page table for all memory.<BR><BR>
> +  #  This flag only impacts X64 build, because SMM alway builds static p=
age table for IA32.
> +  #   TRUE  - SMM uses static page table for all memory.<BR>
> +  #   FALSE - SMM uses static page table for below 4G memory and use on-=
demand paging for above 4G memory.<BR>
> +  # @Prompt Use static page table for all memory in SMM.
> +  gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStaticPageTable|TRUE|BOOLEAN|0x3213=
210D
> +
>  [PcdsDynamic, PcdsDynamicEx]
>    ## Contains the pointer to a CPU S3 data buffer of structure ACPI_CPU_=
DATA.
>    # @Prompt The pointer to a CPU S3 data buffer.
>

can you add more documentation about the PCD (to this patch or the next
patch)? Such as:

- What SMRAM footprint do we expect for the page tables, for what main
RAM size?
[Jiewen] The page table size depend on 2 things:

1)      The 1G paging capability.

2)      The whole system memory/MMIO addressing capability.

Let's discuss one by one.

If the system only supports 2M paging
When the whole memory/MMIO is 32bit, we only need 1+1+4=3D6 pages for 4G.
When the whole memory/MMIO is 39bit, we need 1+1+256 pages (~ 1M)
When the whole memory/MMIO is 48bit, we need 1+256+256*256 pages (~ 257M)

If the system supports 1G paging.
When the whole memory/MMIO is 32bit, we only need 1+1+4=3D6 pages for 4G. W=
e still generate 2M page for maintenance consideration.
When the whole memory/MMIO is 39bit, we still need 6 pages. We setup 1G pag=
ing for >1G.
When the whole memory/MMIO is 48bit, we need 1+256 pages (~ 1M)




QEMU's Q35 machine type offers 8MB SMRAM at the most, and that's already
quite consumed if you specify a high CPU count for the guest. I don't
have any numbers ready, but I seem to recall that with 255 CPUs it gets
quite tight.
[Jiewen] I see. I tried default build and OVMF can boot. So I did not touch=
 OVMF.
If you want, I can update Ovmf to disable static paging. Then you can try t=
o see what happen and decide to enable or disable later.


- If a platform disables PcdCpuSmmStaticPageTable, does it lose the SMM
page level protection then?
[Jiewen] It depends.
This set of patch added multiple protection

1) For PE/COFF image - Only code region is marked as executable. Data regio=
n is non-executable, if it is 4K aligned.

2) Important data structure is set to NX and RO, such as IDT/GDT.

3) SmmSaveState is set to NX.

4) SmmEntrypoint is set to RO.

5) If static page is supported, page table is RO



We use page table to protect other component, and itself.

If we use dynamic paging, we can still provide *partial* protection. And ho=
pe page table is not modified by other component.







If that's the case, then it should be documented in UefiCpuPkg.dec. One
might even argue that the PCD should be renamed: the protection is the
main featue (our end goal), and the page tables being fully
pre-allocated are just an implementation detail for that.

Thanks
Laszlo
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
https://lists.01.org/mailman/listinfo/edk2-devel