From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Thu, 18 Jul 2019 08:14:22 -0700 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C43DB307D960; Thu, 18 Jul 2019 15:14:21 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-84.ams2.redhat.com [10.36.116.84]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3471E5ED35; Thu, 18 Jul 2019 15:14:20 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH] UefiCpuPkg/PiSmmCpu: Allow SMM access-out when static paging is OFF To: devel@edk2.groups.io, ray.ni@intel.com Cc: Eric Dong , Jiewen Yao , Jian J Wang References: <20190718065807.434928-1-ray.ni@intel.com> From: "Laszlo Ersek" Message-ID: <9d919889-4990-f557-a8ba-89fc57fb6cfc@redhat.com> Date: Thu, 18 Jul 2019 17:14:19 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20190718065807.434928-1-ray.ni@intel.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]); Thu, 18 Jul 2019 15:14:21 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 07/18/19 08:58, Ni, Ray wrote: > Commit c60d36b4d1ee1f69b7cca897d3621dfa951895c2 > * UefiCpuPkg/SmmCpu: Block access-out only when static paging is used > > updated page fault handler to treat SMM access-out as allowed > address when static paging is not used. > > But that commit is not complete because the page table is still > updated in SetUefiMemMapAttributes() for non-SMRAM memory. When SMM > code accesses non-SMRAM memory, page fault is still generated. > > This patch skips to update page table for non-SMRAM memory and > page table itself. > > Signed-off-by: Ray Ni > Cc: Eric Dong > Cc: Jiewen Yao > Cc: Jian J Wang > --- > UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 21 +++++++++++++++------ > 1 file changed, 15 insertions(+), 6 deletions(-) > > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c > index 2f7d777ee7..f75e75f55c 100644 > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c > @@ -1103,6 +1103,9 @@ FindSmramInfo ( > *SmrrBase = (UINT32)CurrentSmramRange->CpuStart; > *SmrrSize = (UINT32)CurrentSmramRange->PhysicalSize; > > + // > + // Extend *SmrrBase/*SmrrSize to include adjacent SMRAM ranges > + // > do { > Found = FALSE; > for (Index = 0; Index < mSmmCpuSmramRangeCount; Index++) { > @@ -1414,14 +1417,20 @@ PerformRemainingTasks ( > SetMemMapAttributes (); > > // > - // For outside SMRAM, we only map SMM communication buffer or MMIO. > + // Do not protect memory outside SMRAM when SMM static page table is not enabled. > // > - SetUefiMemMapAttributes (); > + if (mCpuSmmStaticPageTable) { > > - // > - // Set page table itself to be read-only > - // > - SetPageTableAttributes (); > + // > + // For outside SMRAM, we only map SMM communication buffer or MMIO. > + // > + SetUefiMemMapAttributes (); > + > + // > + // Set page table itself to be read-only > + // > + SetPageTableAttributes (); > + } > > // > // Configure SMM Code Access Check feature if available. > This patch is a no-op for platforms with PcdCpuSmmStaticPageTable=TRUE (which is both the UefiCpuPkg default and what OVMF uses), so, from my side: Acked-by: Laszlo Ersek Thanks Laszlo