From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web12.8466.1614575105891275396 for ; Sun, 28 Feb 2021 21:05:06 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=abUi0dgC; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: ray.ni@intel.com) IronPort-SDR: UlDU2EtGctKpb1+5QwYAAdu+JjfRnESmPeALp6DIeBahk1u0L5dIwRAOxOaUdBGb43Lz+wO+iI lmdApVlXAuSw== X-IronPort-AV: E=McAfee;i="6000,8403,9909"; a="205957160" X-IronPort-AV: E=Sophos;i="5.81,214,1610438400"; d="scan'208";a="205957160" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Feb 2021 21:05:04 -0800 IronPort-SDR: R7YpExTW68DCcyjgLaC9yCEmYWbspve7vd8cFeOh8cXguPyikjG2eWe0gaOX0q0UemKYBBeYEm xc9Js51eOiHg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.81,214,1610438400"; d="scan'208";a="382918265" Received: from orsmsx606.amr.corp.intel.com ([10.22.229.19]) by orsmga002.jf.intel.com with ESMTP; 28 Feb 2021 21:05:04 -0800 Received: from orsmsx602.amr.corp.intel.com (10.22.229.15) by ORSMSX606.amr.corp.intel.com (10.22.229.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Sun, 28 Feb 2021 21:01:41 -0800 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2 via Frontend Transport; Sun, 28 Feb 2021 21:01:41 -0800 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.104) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2106.2; Sun, 28 Feb 2021 21:01:41 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g2M2RRX0G3TyAZEhfFpzgL0Fsu8yXiVUxphU05Fr0efdQulEBXNkPiC/3h6rTs5t/h9nqgFMZeWBhJJ97Kj8DkWBKsvVvQQxodWI5eQom00xw5foo59BkZvuULP9vPh9EgKJnDssdY0d9jQMbkONPbHT7ykH3WC2rv8Ro+OuvI3acFR/BV9euvzqDKip+Rmkw4x6mJlfFI97SVsZBmWV7lqWzO4LoC8CTxNPfvOaixia8Wvv/Og1kbx8TUdTtMhYvj/nsPLYFMBAX3uFxMGgFHN1hQ0tsiw0cJxlSqLZW4C38lSp+biDbuW4tAh/LQog+gWSIyqCMi8acQTXvJmlZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=klOfz9msZRdxjuVVDTFICj3dBwNHvn7OF4tNceU3CHE=; b=H4Q/MlqEqjQ1grS15VuxPoDG4xzG/C5c88P/hIjOJAzLulkMbjzvOzmHLIBUS3quC/MWf1NdOSygRT3XjI4F7CSxcz0yhCHYvwbWCCd7GJLW+WdWML/+xHLwtO6MEQMAIiC2BKeNYc0vXxYqbfQ08fzxTC1WrWjxYJODuD/yRyIGLHZZ1I9YOhQv8Sv0XTqfMU33cVLuv7aVX9K4/TtGpNZSr/3xF9wb3mZI9x7EU64bw7IEbqk1XennQnTbLc5DD1GAmlbdaEykDuh/wkgl6ZKomqJgZKKYDkQ7HQygwYuKXgqJFtpz/Z1bDX+MBzde+bpIAdS3rNg509nytAazvw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=klOfz9msZRdxjuVVDTFICj3dBwNHvn7OF4tNceU3CHE=; b=abUi0dgCf7fjRMkRvKHTZQO5CKmavIKLxsPb1V6mcvTFuMUZlQqoUjEJVhG4I/bqdYxKxWugnsxrBomo6SqVXHZUH5NEgij0IJu2sLe8Jv2zhl+F/Z0mxF7/kzLxyB2DaaFzyQ6KcYZqaH52xsSlDXdSAZWbBpIMWj4Y6OoRvnY= Received: from CO1PR11MB4930.namprd11.prod.outlook.com (2603:10b6:303:9b::11) by MW3PR11MB4747.namprd11.prod.outlook.com (2603:10b6:303:2f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.23; Mon, 1 Mar 2021 05:01:39 +0000 Received: from CO1PR11MB4930.namprd11.prod.outlook.com ([fe80::8d64:91ed:c259:e95]) by CO1PR11MB4930.namprd11.prod.outlook.com ([fe80::8d64:91ed:c259:e95%7]) with mapi id 15.20.3890.028; Mon, 1 Mar 2021 05:01:39 +0000 From: "Ni, Ray" To: "Yao, Jiewen" , "Sheng, W" , "devel@edk2.groups.io" CC: "Dong, Eric" , Laszlo Ersek , "Kumar, Rahul1" , "Feng, Roger" Subject: Re: [PATCH v6 3/3] UefiCpuPkg/PiSmmCpuDxeSmm: Fix SMM stack offset is not correct Thread-Topic: [PATCH v6 3/3] UefiCpuPkg/PiSmmCpuDxeSmm: Fix SMM stack offset is not correct Thread-Index: AQHXDBY6vgASEOQx3kqUYVImbPZMYKpqW7IAgAQ7/9A= Date: Mon, 1 Mar 2021 05:01:39 +0000 Message-ID: References: <20210226080316.13724-1-w.sheng@intel.com> <20210226080316.13724-4-w.sheng@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.194] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 15529ae7-d106-4fde-e79f-08d8dc6f1961 x-ms-traffictypediagnostic: MW3PR11MB4747: x-ms-exchange-minimumurldomainage: tianocore.org#6026 x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: +vgA1BDryXSVaiOYRdQybsm2+JBNyYMIzEh1n+3xIFX8hR8Tvhbkkwl5ghY0gieH69Lx5rfm4pv3HckIVsfiH4b1em5Wt+VCTa/gAm57NXuOQTlmIT7UcmlkEne1mcIiyk3x+cLR7fAwWkGu6bglP5L50mRz0IM+AmAw+CICI4amT2mWfca7lVMqlXOL7LeNTycibqV01f7aR59wlTC38ysuyUCCWC41a4qOKQS3xvtNLGL7ISQ1qsgExEMeNO0oujopeb9sNLlhDEAvELJED8DbH1rmH76t2qFAuxCe4wvytoqVTKRlpe6Mh/YCs3z8wmEOHtRw1Q9VnwGtcoiGsvH8FgDZj723Hr2gy5BgEiXB4DUumA+Pl+0D9hgwyBRo4pdv4LvK1Jiwv+MICQxRKGtwuxQoFwHniHYTHY6cYBxprNSKCvKQvKjy3Suj/zZO46hdBLWd0IB99MGE/tjA7r/0LRVB6V3XTI5HEX5mVTppwob6nAZP4Mprc8cl1nospLeKHAuRsmWM1Q+jQe9bFbdx9/nQZnyzw75per4kZp4lGXRoDTLSzxbVkzsJbM5IS9TgDTa/kA+3hEfzvjNYM2T1g2ZqvtN2IK9IBvtZb68= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO1PR11MB4930.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(366004)(376002)(136003)(39860400002)(346002)(396003)(26005)(76116006)(316002)(186003)(110136005)(54906003)(2906002)(71200400001)(52536014)(66946007)(66476007)(66446008)(33656002)(83380400001)(5660300002)(107886003)(6506007)(53546011)(9686003)(8936002)(8676002)(86362001)(55016002)(4326008)(966005)(64756008)(66556008)(478600001)(7696005)(19627235002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?FPfYEyloIRq8u0mK0koYY5uXrcq74PlZg9H4AV3nTxVDNG2OsGRK2Zv3EijT?= =?us-ascii?Q?DUFTzN4RtOFn3p81o682Kxj8JczcJyRCIAqWxFrdKX1BqoFo/LDgSXiSbpFW?= =?us-ascii?Q?dJvF3zuPLukUwqXb5iHrA7h7PtKlwlFYnsbQ/b3Wl37wa2aBH7FOPBEXx+Mm?= =?us-ascii?Q?N24u1g+l0vJPVwQpW7briH7YxL3Wm0fwoz8sOrphLDyQAEvl+oBLm/WmrCmR?= =?us-ascii?Q?a93rbRV8ALW+erpFlsETz+uJPnH8RfA3Oz9D+rFP9Xh8USHMAT7mNa8mLET1?= =?us-ascii?Q?x2CSBZ1xqAB9z4zo0Ebain6gl/NF0lWICuJ7oqwFDe9EYY+QgbCIY19pGpq9?= =?us-ascii?Q?cx+T9eYSZ1JisLBhK/klEqNpU7YD921Qp6u0hRVO8E24rAndOYHiTLM1C/rx?= =?us-ascii?Q?zaFe+x0Bcqv8kzE/sStNKC5MnsORda8ERlzqljXvwr40mM4ELrnjpdD4LZ2J?= =?us-ascii?Q?vQv81PzEq03M9RpmLfbIFCSiVviWz4jO811369U/g7kIPbUuS/91DkHGm0Vt?= =?us-ascii?Q?NBg0YCyB3fNk+JwR6Hibh6YNFq4Qp9mAHYF5MsTKNE1taKGuRz/dp1JuGhii?= =?us-ascii?Q?oMjqCeFWz1DR87NKAFS22+LZBaHvSLhBFxm5o3wZ9H0G3RS6mCf0PObzeszb?= =?us-ascii?Q?rboPmZN9qb44fmL3oo6ygzOOcS4zFdPHoP4QcJV3f1c+fEbSerPvHMYUU+XJ?= =?us-ascii?Q?ekL7ODAqfm2PyTCG4uq6zFdPjYYDhwoicOx21VTPUjc/ehE/Y0Q5C+mMdrP3?= =?us-ascii?Q?asR4R6uLTt9VF6OSWVJblGmtw5K26+1rB97ldxE3FBx6YMKhqdjEM/qD+SAP?= =?us-ascii?Q?iNRJJ/lj67n/sPglnfsDQ1Neva3rIWmDnCa5vFmA71ouF18swNYgPeIdIVsT?= =?us-ascii?Q?ppkZoGW+Fma04M3n5ZGjmiJ2zwL/Hck6fHYhzu8IRgNes1NLt2WzqU/XZZsy?= =?us-ascii?Q?DUiHgSIXlp0XKH7VU/E1tYb/xRrTRweh/jJ2y8uoCtnn+Vbk42xPDvdfkvwu?= =?us-ascii?Q?8x7IMsg/0BUBibt5MAjkvSrwZ1nAGGwuzZJp0uQDlH3elUrpw9fj6YGq+BXF?= =?us-ascii?Q?Ox6pTuwjVW6/s0q51fZm2/pws7LCA0MTGyBudBUzhAQPkDD0Ythwe2ZveTyu?= =?us-ascii?Q?AhH/I1x1btCtVh8xswPYrRFfrQ+PijyM8Ie1ADmRb4eq0DHqtD5kjyWGnp0p?= =?us-ascii?Q?NG9g2IgU6xRbNIyPnDcGmVk9NXGVbd8h3dpIKuJzpYHZruLlWS3NXYVIIEK5?= =?us-ascii?Q?A4oPNOsNC+YTvVGRkN87xWtsB9w3NZX3Z9YTCJz6BwkiKhdAQaMk3VnAKjqu?= =?us-ascii?Q?3McQNxmz4cwsAeUtR2nLPslb?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4930.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 15529ae7-d106-4fde-e79f-08d8dc6f1961 X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Mar 2021 05:01:39.6460 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ocmws09zaoPkX39rquCgIxMVOwXoE7MFEMNVDMKHX4UkrvRLSixY2KtGBjEhZDksWNwLzFZgwog1p3oAj2Znqg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR11MB4747 Return-Path: ray.ni@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Ray Ni > -----Original Message----- > From: Yao, Jiewen > Sent: Friday, February 26, 2021 8:22 PM > To: Sheng, W ; devel@edk2.groups.io > Cc: Dong, Eric ; Ni, Ray ; Laszlo > Ersek ; Kumar, Rahul1 ; > Feng, Roger > Subject: RE: [PATCH v6 3/3] UefiCpuPkg/PiSmmCpuDxeSmm: Fix SMM stack > offset is not correct >=20 > Reviewed-by: Jiewen Yao >=20 > > -----Original Message----- > > From: Sheng, W > > Sent: Friday, February 26, 2021 4:03 PM > > To: devel@edk2.groups.io > > Cc: Dong, Eric ; Ni, Ray ; Laszl= o > Ersek > > ; Kumar, Rahul1 ; Yao, > Jiewen > > ; Feng, Roger > > Subject: [PATCH v6 3/3] UefiCpuPkg/PiSmmCpuDxeSmm: Fix SMM stack > offset is > > not correct > > > > In function InitGdt(), SmiPFHandler() and Gen4GPageTable(), it uses > > CpuIndex * mSmmStackSize to get the SMM stack address offset for > > multi processor. It misses the SMM Shadow Stack Size. Each processor > > will use mSmmStackSize + mSmmShadowStackSize in the memory. > > It should use CpuIndex * (mSmmStackSize + mSmmShadowStackSize) to > get > > this SMM stack address offset. If mSmmShadowStackSize > 0 and multi > > processor enabled, it will get the wrong offset value. > > CET shadow stack feature will set the value of mSmmShadowStackSize. > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3237 > > > > Signed-off-by: Sheng Wei > > Cc: Eric Dong > > Cc: Ray Ni > > Cc: Laszlo Ersek > > Cc: Rahul Kumar > > Cc: Jiewen Yao > > Cc: Roger Feng > > --- > > UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 6 ++++-- > > UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c | 4 +++- > > UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c | 2 +- > > 3 files changed, 8 insertions(+), 4 deletions(-) > > > > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c > > b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c > > index 4bcd217917..6227b2428a 100644 > > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c > > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c > > @@ -23,6 +23,8 @@ SPIN_LOCK *mPFLock = =3D NULL; > > SMM_CPU_SYNC_MODE mCpuSmmSyncMode; > > BOOLEAN mMachineCheckSupported =3D= FALSE; > > > > +extern UINTN mSmmShadowStackSize; > > + > > /** > > Performs an atomic compare exchange operation to get semaphore. > > The compare exchange operation must be performed using > > @@ -920,7 +922,7 @@ Gen4GPageTable ( > > // Add two more pages for known good stack and stack guard page, > > // then find the lower 2MB aligned address. > > // > > - High2MBoundary =3D (mSmmStackArrayEnd - mSmmStackSize + > EFI_PAGE_SIZE > > * 2) & ~(SIZE_2MB-1); > > + High2MBoundary =3D (mSmmStackArrayEnd - mSmmStackSize - > > mSmmShadowStackSize + EFI_PAGE_SIZE * 2) & ~(SIZE_2MB-1); > > PagesNeeded =3D ((High2MBoundary - Low2MBoundary) / SIZE_2MB) + 1; > > } > > // > > @@ -971,7 +973,7 @@ Gen4GPageTable ( > > // Mark the guard page as non-present > > // > > Pte[Index] =3D PageAddress | mAddressEncMask; > > - GuardPage +=3D mSmmStackSize; > > + GuardPage +=3D (mSmmStackSize + mSmmShadowStackSize); > > if (GuardPage > mSmmStackArrayEnd) { > > GuardPage =3D 0; > > } > > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c > > b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c > > index cdc1fcefc5..07e7ea70de 100644 > > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c > > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c > > @@ -13,6 +13,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > #define PAGE_TABLE_PAGES 8 > > #define ACC_MAX_BIT BIT3 > > > > +extern UINTN mSmmShadowStackSize; > > + > > LIST_ENTRY mPagePool =3D INITIALIZE_LIST_HEAD= _VARIABLE > > (mPagePool); > > BOOLEAN m1GPageTableSupport =3D FALSE; > > BOOLEAN mCpuSmmRestrictedMemoryAccess; > > @@ -1037,7 +1039,7 @@ SmiPFHandler ( > > (PFAddress < (mCpuHotPlugData.SmrrBase + > mCpuHotPlugData.SmrrSize))) { > > DumpCpuContext (InterruptType, SystemContext); > > CpuIndex =3D GetCpuIndex (); > > - GuardPageAddress =3D (mSmmStackArrayBase + EFI_PAGE_SIZE + > CpuIndex * > > mSmmStackSize); > > + GuardPageAddress =3D (mSmmStackArrayBase + EFI_PAGE_SIZE + > CpuIndex * > > (mSmmStackSize + mSmmShadowStackSize)); > > if ((FeaturePcdGet (PcdCpuSmmStackGuard)) && > > (PFAddress >=3D GuardPageAddress) && > > (PFAddress < (GuardPageAddress + EFI_PAGE_SIZE))) { > > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c > > b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c > > index 7ef3b1d488..661c1ba294 100644 > > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c > > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c > > @@ -93,7 +93,7 @@ InitGdt ( > > // > > // Setup top of known good stack as IST1 for each processor. > > // > > - *(UINTN *)(TssBase + TSS_X64_IST1_OFFSET) =3D (mSmmStackArrayBas= e > + > > EFI_PAGE_SIZE + Index * mSmmStackSize); > > + *(UINTN *)(TssBase + TSS_X64_IST1_OFFSET) =3D > (mSmmStackArrayBase + > > EFI_PAGE_SIZE + Index * (mSmmStackSize + mSmmShadowStackSize)); > > } > > } > > > > -- > > 2.16.2.windows.1