From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jian.j.wang@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=134.134.136.100; helo=mga07.intel.com;
 envelope-from=jian.j.wang@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga07.intel.com (mga07.intel.com [134.134.136.100])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id C403620886F22
 for <edk2-devel@lists.01.org>; Thu, 28 Feb 2019 19:26:26 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
 by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 28 Feb 2019 19:26:25 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.58,425,1544515200"; d="scan'208";a="323090100"
Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201])
 by fmsmga006.fm.intel.com with ESMTP; 28 Feb 2019 19:26:25 -0800
Received: from fmsmsx111.amr.corp.intel.com (10.18.116.5) by
 FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS)
 id 14.3.408.0; Thu, 28 Feb 2019 19:26:25 -0800
Received: from shsmsx154.ccr.corp.intel.com (10.239.6.54) by
 fmsmsx111.amr.corp.intel.com (10.18.116.5) with Microsoft SMTP Server (TLS)
 id 14.3.408.0; Thu, 28 Feb 2019 19:26:24 -0800
Received: from shsmsx107.ccr.corp.intel.com ([169.254.9.252]) by
 SHSMSX154.ccr.corp.intel.com ([169.254.7.223]) with mapi id 14.03.0415.000;
 Fri, 1 Mar 2019 11:26:22 +0800
From: "Wang, Jian J" <jian.j.wang@intel.com>
To: "Dong, Eric" <eric.dong@intel.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
CC: "Ni, Ray" <ray.ni@intel.com>, Laszlo Ersek <lersek@redhat.com>, "Zeng,
 Star" <star.zeng@intel.com>
Thread-Topic: [edk2] [PATCH 2] UefiCpuPkg: restore strict page attributes
 via #DB in nonstop mode only
Thread-Index: AQHUz8nHTVYbyL1lakeGF+EBudIKKaX1ffYAgACfH4A=
Date: Fri, 1 Mar 2019 03:26:21 +0000
Message-ID: <D827630B58408649ACB04F44C5100036258C0413@SHSMSX107.ccr.corp.intel.com>
References: <20190301005733.5280-1-jian.j.wang@intel.com>
 <ED077930C258884BBCB450DB737E662259DCD09E@shsmsx102.ccr.corp.intel.com>
In-Reply-To: <ED077930C258884BBCB450DB737E662259DCD09E@shsmsx102.ccr.corp.intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiYmY1MGE5NjAtMDJiYy00NDlkLTg4YjEtNzA5ZmU0NDBlNzFlIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiNGdVTTNFMmZMeG1JSGxcL1pZVE1SYnpUMmk5Y3hjcDhQZWJDSjV2Q2xzODROaWFUamdtT3Qya3hWNXZhZWRUVXoifQ==
x-ctpclassification: CTP_NT
dlp-product: dlpe-windows
dlp-version: 11.0.400.15
dlp-reaction: no-action
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [PATCH 2] UefiCpuPkg: restore strict page attributes via #DB in nonstop mode only
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Mar 2019 03:26:28 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Thanks. To catch cold freeze, pushed earlier (2a93cccc24cfca12c66f13a41d52f=
b0a82fb924e)

Regards,
Jian


> -----Original Message-----
> From: Dong, Eric
> Sent: Friday, March 01, 2019 9:55 AM
> To: Wang, Jian J <jian.j.wang@intel.com>; edk2-devel@lists.01.org
> Cc: Ni, Ray <ray.ni@intel.com>; Laszlo Ersek <lersek@redhat.com>; Zeng, S=
tar
> <star.zeng@intel.com>
> Subject: RE: [edk2] [PATCH 2] UefiCpuPkg: restore strict page attributes =
via #DB
> in nonstop mode only
>=20
> Reviewed-by: Eric Dong <eric.dong@intel.com>
>=20
> > -----Original Message-----
> > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> > Jian J Wang
> > Sent: Friday, March 1, 2019 8:58 AM
> > To: edk2-devel@lists.01.org
> > Cc: Ni, Ray <ray.ni@intel.com>; Laszlo Ersek <lersek@redhat.com>; Dong,
> > Eric <eric.dong@intel.com>; Zeng, Star <star.zeng@intel.com>
> > Subject: [edk2] [PATCH 2] UefiCpuPkg: restore strict page attributes vi=
a #DB
> > in nonstop mode only
> >
> > > v2: Per Laszlo's comments, repack origianl two patches into one with
> > >     title changed and relevant commits added
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1576
> >
> > The root cause of this issue is that non-stop mode of Heap Guard and NU=
LL
> > Detection set TF bit (single-step) in EFLAG unconditionally in the comm=
on
> > handler in CpuExceptionLib.
> >
> > If PcdCpuSmmStaticPageTable is FALSE, the SMM will only create page tab=
le
> > for memory below 4G. If SMM tries to access memory beyond 4G, a page
> > fault exception will be triggered and the memory to access will be adde=
d to
> > page table so that SMM code can continue the access.
> >
> > Because of above issue, the TF bit is set after the page fault is handl=
ed and
> > then fall into another DEBUG exception. Since non-stop mode of Heap Gua=
rd
> > and NULL Detection are not enabled, no special DEBUG exception handler =
is
> > registered. The default handler just prints exception context and go in=
to
> > dead loop.
> >
> > Actually EFLAGS can be changed in any standard exception handler.
> > There's no need to do single-step setup in assembly code. So the fix is=
 to
> > move the logic to C code part of page fault exception handler so that w=
e can
> > fully validate the configuration and prevent TF bit from being set
> > unexpectedly.
> >
> > Fixes: dcc026217fdc363f55c217039fc43d344f69fed6
> >        16b918bbaf51211a32ae04d9d8a5ba6ccca25a6a
> > Test:
> >  - Pass special test of accessing memory beyond 4G in SMM mode
> >  - Boot to OS with Qemu emulator platform (Fedora27, Ubuntu18.04,
> >    Windows7, Windows10)
> >
> > Cc: Eric Dong <eric.dong@intel.com>
> > Cc: Laszlo Ersek <lersek@redhat.com>
> > Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> > Cc: Star Zeng <star.zeng@intel.com>
> > Contributed-under: TianoCore Contribution Agreement 1.1
> > Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> > Acked-by: Laszlo Ersek <lersek@redhat.com>
> > ---
> >  UefiCpuPkg/CpuDxe/CpuPageTable.c                      | 11 ++++++++++-
> >  .../Ia32/ExceptionHandlerAsm.nasm                     |  7 -------
> >  .../X64/ExceptionHandlerAsm.nasm                      |  4 ----
> >  3 files changed, 10 insertions(+), 12 deletions(-)
> >
> > diff --git a/UefiCpuPkg/CpuDxe/CpuPageTable.c
> > b/UefiCpuPkg/CpuDxe/CpuPageTable.c
> > index 4bee8c7772..812537417d 100644
> > --- a/UefiCpuPkg/CpuDxe/CpuPageTable.c
> > +++ b/UefiCpuPkg/CpuDxe/CpuPageTable.c
> > @@ -1300,7 +1300,16 @@ PageFaultExceptionHandler (
> >    // Display ExceptionType, CPU information and Image information
> >    //
> >    DumpCpuContext (ExceptionType, SystemContext);
> > -  if (!NonStopMode) {
> > +  if (NonStopMode) {
> > +    //
> > +    // Set TF in EFLAGS
> > +    //
> > +    if (mPagingContext.MachineType =3D=3D IMAGE_FILE_MACHINE_I386) {
> > +      SystemContext.SystemContextIa32->Eflags |=3D (UINT32)BIT8;
> > +    } else {
> > +      SystemContext.SystemContextX64->Rflags |=3D (UINT64)BIT8;
> > +    }
> > +  } else {
> >      CpuDeadLoop ();
> >    }
> >  }
> > diff --git
> > a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ExceptionHandlerAsm.
> > nasm
> > b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ExceptionHandlerAsm.
> > nasm
> > index 6fcf5fb23f..45d6474091 100644
> > ---
> > a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ExceptionHandlerAsm.
> > nasm
> > +++
> > b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ExceptionHandlerAsm
> > +++ .nasm
> > @@ -383,13 +383,6 @@ ErrorCodeAndVectorOnStack:
> >      pop     dword [ebp - 4]
> >      mov     esp, ebp
> >      pop     ebp
> > -
> > -; Enable TF bit after page fault handler runs
> > -    cmp     dword [esp], 14       ; #PF?
> > -    jne     .5
> > -    bts     dword [esp + 16], 8   ; EFLAGS
> > -
> > -.5:
> >      add     esp, 8
> >      cmp     dword [esp - 16], 0   ; check
> > EXCEPTION_HANDLER_CONTEXT.OldIdtHandler
> >      jz      DoReturn
> > diff --git
> > a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ExceptionHandlerAsm.n
> > asm
> > b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ExceptionHandlerAsm.n
> > asm
> > index f842af2336..7b97810d10 100644
> > ---
> > a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ExceptionHandlerAsm.n
> > asm
> > +++
> > b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ExceptionHandlerAsm.
> > +++ nasm
> > @@ -336,10 +336,6 @@ HasErrorCode:
> >      pop     r15
> >
> >      mov     rsp, rbp
> > -    cmp     qword [rbp + 8], 14 ; #PF?
> > -    jne     .1
> > -    bts     qword [rsp + 40], 8 ; RFLAGS.TF
> > -.1:
> >      pop     rbp
> >      add     rsp, 16
> >      cmp     qword [rsp - 32], 0  ; check
> > EXCEPTION_HANDLER_CONTEXT.OldIdtHandler
> > --
> > 2.17.1.windows.2
> >
> > _______________________________________________
> > edk2-devel mailing list
> > edk2-devel@lists.01.org
> > https://lists.01.org/mailman/listinfo/edk2-devel