From: "Ni, Ray" <ray.ni@intel.com>
To: "Wu, Jiaxin" <jiaxin.wu@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: Laszlo Ersek <lersek@redhat.com>,
"Dong, Eric" <eric.dong@intel.com>,
"Zeng, Star" <star.zeng@intel.com>,
Gerd Hoffmann <kraxel@redhat.com>,
"Kumar, Rahul R" <rahul.r.kumar@intel.com>
Subject: Re: [edk2-devel] [PATCH v1 1/2] UefiCpuPkg/PiSmmCpuDxeSmm: Execute CET and XD check only on BSP
Date: Fri, 2 Feb 2024 06:03:34 +0000 [thread overview]
Message-ID: <MN6PR11MB82441C9F5085F6763FA92F698C422@MN6PR11MB8244.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20240201112001.14416-2-jiaxin.wu@intel.com>
Reviewed-by: Ray Ni <ray.ni@Intel.com>
I originally thought CheckFeatureSupported() when running in parallel when SMM base relocation is done in PEI
might corrupt the global variables.
But then I realized the function only perform variable modification from TRUE to FALSE.
So even the code runs in parallel, it should be safe.
Thanks,
Ray
> -----Original Message-----
> From: Wu, Jiaxin <jiaxin.wu@intel.com>
> Sent: Thursday, February 1, 2024 7:20 PM
> To: devel@edk2.groups.io
> Cc: Ni, Ray <ray.ni@intel.com>; Laszlo Ersek <lersek@redhat.com>; Dong, Eric
> <eric.dong@intel.com>; Zeng, Star <star.zeng@intel.com>; Gerd Hoffmann
> <kraxel@redhat.com>; Kumar, Rahul R <rahul.r.kumar@intel.com>
> Subject: [PATCH v1 1/2] UefiCpuPkg/PiSmmCpuDxeSmm: Execute CET and XD
> check only on BSP
>
> Existing CheckFeatureSupported function will check CET & XD
> features on each processor.
>
> The CPUIDs for CET & XD features are software visible domain,
> which means a properly configured platform will have consistent
> values for these CPUID Leafs/SubLeafs/Fields on each logical
> processor. So, execute Execute CET and XD check only on BSP.
>
> As for MSR_IA32_MISC_ENABLE.BTS, it's core scope according SDM.
> So, still keep it check on each processor.
>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Zeng Star <star.zeng@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
> ---
> UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 6 +--
> UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 78 +++++++++++++++++-
> ------------
> UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h | 6 ++-
> 3 files changed, 52 insertions(+), 38 deletions(-)
>
> diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
> b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
> index cd394826ff..15d26dd88f 100644
> --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
> +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
> @@ -1,9 +1,9 @@
> /** @file
> Agent Module to load other modules to deploy SMM Entry Vector for X86
> CPU.
>
> -Copyright (c) 2009 - 2023, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2009 - 2024, Intel Corporation. All rights reserved.<BR>
> Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
> Copyright (C) 2023 Advanced Micro Devices, Inc. All rights reserved.<BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> @@ -375,13 +375,13 @@ SmmInitHandler (
> &mCpuHotPlugData
> );
>
> if (!mSmmS3Flag) {
> //
> - // Check XD and BTS features on each processor on normal boot
> + // Check CET & XD & BTS features on each processor on normal boot
> //
> - CheckFeatureSupported ();
> + CheckFeatureSupported (IsBsp);
> } else if (IsBsp) {
> //
> // BSP rebase is already done above.
> // Initialize private data during S3 resume
> //
> diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
> b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
> index 8142d3ceac..44c352ad98 100644
> --- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
> +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
> @@ -1,9 +1,9 @@
> /** @file
> Enable SMM profile.
>
> -Copyright (c) 2012 - 2023, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2012 - 2024, Intel Corporation. All rights reserved.<BR>
> Copyright (c) 2017 - 2020, AMD Incorporated. All rights reserved.<BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -892,62 +892,74 @@ InitSmmProfileInternal (
> }
>
> /**
> Check if feature is supported by a processor.
>
> + @param[in] IsBsp Indicate it's called by BSP or not.
> +
> **/
> VOID
> CheckFeatureSupported (
> - VOID
> + IN BOOLEAN IsBsp
> )
> {
> UINT32 RegEax;
> UINT32 RegEcx;
> UINT32 RegEdx;
> MSR_IA32_MISC_ENABLE_REGISTER MiscEnableMsr;
>
> - if ((PcdGet32 (PcdControlFlowEnforcementPropertyMask) != 0) &&
> mCetSupported) {
> - AsmCpuid (CPUID_SIGNATURE, &RegEax, NULL, NULL, NULL);
> - if (RegEax >= CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS) {
> - AsmCpuidEx (CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS,
> CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS_SUB_LEAF_INFO, NULL,
> NULL, &RegEcx, NULL);
> - if ((RegEcx & CPUID_CET_SS) == 0) {
> + //
> + // The feature scope is software visible domain.
> + // Only need check on BSP.
> + //
> + if (IsBsp) {
> + if ((PcdGet32 (PcdControlFlowEnforcementPropertyMask) != 0) &&
> mCetSupported) {
> + AsmCpuid (CPUID_SIGNATURE, &RegEax, NULL, NULL, NULL);
> + if (RegEax >= CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS) {
> + AsmCpuidEx (CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS,
> CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS_SUB_LEAF_INFO, NULL,
> NULL, &RegEcx, NULL);
> + if ((RegEcx & CPUID_CET_SS) == 0) {
> + mCetSupported = FALSE;
> + PatchInstructionX86 (mPatchCetSupported, mCetSupported, 1);
> + }
> + } else {
> mCetSupported = FALSE;
> PatchInstructionX86 (mPatchCetSupported, mCetSupported, 1);
> }
> - } else {
> - mCetSupported = FALSE;
> - PatchInstructionX86 (mPatchCetSupported, mCetSupported, 1);
> }
> - }
>
> - if (mXdSupported) {
> - AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);
> - if (RegEax <= CPUID_EXTENDED_FUNCTION) {
> - //
> - // Extended CPUID functions are not supported on this processor.
> - //
> - mXdSupported = FALSE;
> - PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1);
> - }
> + if (mXdSupported) {
> + AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);
> + if (RegEax <= CPUID_EXTENDED_FUNCTION) {
> + //
> + // Extended CPUID functions are not supported on this processor.
> + //
> + mXdSupported = FALSE;
> + PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1);
> + }
>
> - AsmCpuid (CPUID_EXTENDED_CPU_SIG, NULL, NULL, NULL, &RegEdx);
> - if ((RegEdx & CPUID1_EDX_XD_SUPPORT) == 0) {
> - //
> - // Execute Disable Bit feature is not supported on this processor.
> - //
> - mXdSupported = FALSE;
> - PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1);
> - }
> + AsmCpuid (CPUID_EXTENDED_CPU_SIG, NULL, NULL, NULL, &RegEdx);
> + if ((RegEdx & CPUID1_EDX_XD_SUPPORT) == 0) {
> + //
> + // Execute Disable Bit feature is not supported on this processor.
> + //
> + mXdSupported = FALSE;
> + PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1);
> + }
>
> - if (StandardSignatureIsAuthenticAMD ()) {
> - //
> - // AMD processors do not support MSR_IA32_MISC_ENABLE
> - //
> - PatchInstructionX86 (gPatchMsrIa32MiscEnableSupported, FALSE, 1);
> + if (StandardSignatureIsAuthenticAMD ()) {
> + //
> + // AMD processors do not support MSR_IA32_MISC_ENABLE
> + //
> + PatchInstructionX86 (gPatchMsrIa32MiscEnableSupported, FALSE, 1);
> + }
> }
> }
>
> + //
> + // The feature scope is core.
> + // Need check on each processor.
> + //
> if (mBtsSupported) {
> AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &RegEdx);
> if ((RegEdx & CPUID1_EDX_BTS_AVAILABLE) != 0) {
> //
> // Per IA32 manuals:
> diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h
> b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h
> index 1a82ac05ce..02554a9983 100644
> --- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h
> +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h
> @@ -1,9 +1,9 @@
> /** @file
> SMM profile header file.
>
> -Copyright (c) 2012 - 2019, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2012 - 2024, Intel Corporation. All rights reserved.<BR>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
>
> #ifndef _SMM_PROFILE_H_
> @@ -81,14 +81,16 @@ PageFaultIdtHandlerSmmProfile (
> );
>
> /**
> Check if feature is supported by a processor.
>
> + @param[in] IsBsp Indicate it's called by BSP or not.
> +
> **/
> VOID
> CheckFeatureSupported (
> - VOID
> + IN BOOLEAN IsBsp
> );
>
> /**
> Update page table according to protected memory ranges and the 4KB-page
> mapped memory ranges.
>
> --
> 2.16.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115017): https://edk2.groups.io/g/devel/message/115017
Mute This Topic: https://groups.io/mt/104094806/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2024-02-02 6:03 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-01 11:19 [edk2-devel] [PATCH v1 0/2] SMM CPU Optimization for SMM Init & SMI Process Wu, Jiaxin
2024-02-01 11:20 ` [edk2-devel] [PATCH v1 1/2] UefiCpuPkg/PiSmmCpuDxeSmm: Execute CET and XD check only on BSP Wu, Jiaxin
2024-02-02 6:03 ` Ni, Ray [this message]
2024-02-02 6:35 ` Wu, Jiaxin
2024-02-02 14:05 ` Laszlo Ersek
2024-02-04 0:50 ` Wu, Jiaxin
2024-02-02 10:47 ` Laszlo Ersek
2024-02-01 11:20 ` [edk2-devel] [PATCH v1 2/2] UefiCpuPkg/PiSmmCpuDxeSmm: Check BspIndex first before lock cmpxchg Wu, Jiaxin
2024-02-01 18:20 ` Michael D Kinney
2024-02-02 6:33 ` Wu, Jiaxin
2024-02-02 10:37 ` Laszlo Ersek
2024-02-06 1:40 ` Ni, Ray
2024-02-06 12:46 ` Laszlo Ersek
2024-02-20 3:41 ` Wu, Jiaxin
2024-02-20 16:21 ` Laszlo Ersek
2024-02-19 7:12 ` Ni, Ray
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MN6PR11MB82441C9F5085F6763FA92F698C422@MN6PR11MB8244.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox