From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web11.55488.1672716162432221355 for ; Mon, 02 Jan 2023 19:22:42 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=LL31Oqwt; spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: ray.ni@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1672716162; x=1704252162; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=FAR3lzN0z4gwMM4SuXyknBEXzlMLKr6HXAGFXuV12VI=; b=LL31OqwtNhXFrK0DGFL996+2GV5o6CH4YFMokYVVPUcnt3dx6srL0Di+ 6ythWdovEfI3T8CIKyQ9ar0/EbQBow+raRIp6zvZcmcdR9+Wiug3nZtDR 2wp846in8BTusNwpmMPlv3qRcZ5kkZlGIYjD55PdTI+10XqH5TbxC5fyY w6tIDlP+zcnCHREOknu2Qo+a6R2ht3YrtCWPLnW0rm2d4rSjqtxMczvVY DgyoQctlZ79j6/bfRgIfsD1soAriWl7Q0RUZigZrmdwnn1pNid5NGRNBv RpA0muz7UTC5OI3Q7GjFKr5m/M+RiZ7/IuzAfpAChw571INQTIV12bwgN Q==; X-IronPort-AV: E=McAfee;i="6500,9779,10578"; a="301259682" X-IronPort-AV: E=Sophos;i="5.96,295,1665471600"; d="scan'208";a="301259682" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Jan 2023 19:22:39 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10578"; a="900019885" X-IronPort-AV: E=Sophos;i="5.96,295,1665471600"; d="scan'208";a="900019885" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by fmsmga006.fm.intel.com with ESMTP; 02 Jan 2023 19:22:38 -0800 Received: from fmsmsx612.amr.corp.intel.com (10.18.126.92) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16; Mon, 2 Jan 2023 19:22:37 -0800 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx612.amr.corp.intel.com (10.18.126.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16 via Frontend Transport; Mon, 2 Jan 2023 19:22:37 -0800 Received: from NAM02-BN1-obe.outbound.protection.outlook.com (104.47.51.42) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.16; Mon, 2 Jan 2023 19:22:37 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lP99BTfjU8InKI1/Oyv+ye0wE37tryyok52cJSj12ez/UP8AGkKR4fzL1jvjfimhf1IFCCMJ+y3vf7lKN0X9e/fVPRvs02tCrwRSfikoxW0VnmIRCEKuxDMAAI+LMGsE+uQ1Y9hQ8kHLicJfwHGYHtIIti9YWGPtOibtCczOwagULkCn3yWgph/2Be2WckDgAZHK3WkW+ApXH8aUHTXXl8N3iCn4UNZvWwwmFmF4DLAw4hYc8Q0E0MSjs50ESa3vR4OgXs993kXpUYaxX22wPU8tm09aOGPzynwDE2kWWvZNxXzITcJdVkM6yFyqB10N1e6eLUba2luD/QswB2AoDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=x0e7vui8mbCvbC2K0d2VZsX5BfgtaBSyFKNO5DNGqpY=; b=bKouiRqi9hnyS5WsmiiNdDBvozj42OFK+CJNcj6MK/AWe0/k6uU5nXobUCa0iFM6H368rJcaw1vfCPUHS6k9P3PBiLcw5cdNEqZmKEs2pvumJxh0fw1IUhahzk81JgiNprLVLZMpgq6S5LvAw1Eh8TEdykPIQqTQWjlPyN35uxkgm5hsaCzHYqncawo994YDW4JftoBLjp3QKxhwHZW5lZOWZJuud3wNRJ798+zTut0fkuGXrkSFUH1+tDnQVt62GG2BaVKhvbAubUVLWoEBGpHLdW+NFMoRBa9JTs9o5xvqMZMRYKVs2V50OVAMhWhzpElrAnEkqRB4oer03Eyb2w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MN6PR11MB8244.namprd11.prod.outlook.com (2603:10b6:208:470::14) by DM4PR11MB6357.namprd11.prod.outlook.com (2603:10b6:8:b5::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5944.19; Tue, 3 Jan 2023 03:22:35 +0000 Received: from MN6PR11MB8244.namprd11.prod.outlook.com ([fe80::f890:e4ec:e2d8:5831]) by MN6PR11MB8244.namprd11.prod.outlook.com ([fe80::f890:e4ec:e2d8:5831%4]) with mapi id 15.20.5944.019; Tue, 3 Jan 2023 03:22:35 +0000 From: "Ni, Ray" To: "Tan, Dun" , "devel@edk2.groups.io" CC: "Dong, Eric" , "Kumar, Rahul R" Subject: Re: [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm:Fix PF issue caused by smm page table code Thread-Topic: [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm:Fix PF issue caused by smm page table code Thread-Index: AQHZHx8k62h/42LSp0uSxy6h9/Kx766MBsAQ Date: Tue, 3 Jan 2023 03:22:35 +0000 Message-ID: References: <20230103025655.1867-1-dun.tan@intel.com> In-Reply-To: <20230103025655.1867-1-dun.tan@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MN6PR11MB8244:EE_|DM4PR11MB6357:EE_ x-ms-office365-filtering-correlation-id: b017598d-9228-4b87-35f3-08daed39c27a x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: EOmrPX6DUygiSAKjcDaA4F5UlDDY1QuSdXQc54Y6EBiELEe980z7zR7RlZ9vwKkKf1uESXw57bvcdCIPfqGwKijHWOZpUV6DPgOk/SCV6Xbs1C8y3IIaH+ibilxvVczXmb/GZXWSqHFGJhRzAK5QYFyGvdzeN1YodBkfFpJtTFGvz+xCd7xNhuFseE2UI6kS5e8BGJ7HBNq2nphSjQvgWSuMOhpGwkEWP/kYQnyaGWGoxBro83Z0i3P3uzrlmBULH/PMcniYt7wcz8ziW0aXopnybdG5UH5SmR6nezkXj1qxvOa4lXxHp40O6pg30CysTZQaAEYocSgsRmDvNxdwQFANt9j0Aia47mWt8g6p20JyBcSSmAGEjkG9KuVAgvTQgCJYWqPdM+MkdFJhhjdaodaLuMCkQZs6ZErjf1fsV7txKefaiiU1mAmB3KGUYLVEM701VbWLldPHwyo1ujIAmmcC2tniAQD2gb8LxrP7QoenCrHRyd4hclVogbLdA3eWEzhVcLDZ4bdzfN0pTKFWZN4CynLB1t+uKMadBs++Ju3wF+tKX3ZGjoFQRSAn45cYIS4oOgoMM2wkUYdWdSGRkSy557aru7+f8zDxlyHoPH/lzKZvvdbmAC1NGG0QZb7INWG3n17dyH8nDYvzYi2qG4mjjVjLD8yXiFaUdZFw56F2zlg6NfHbfoo1NvMpoMxhzcOLeUj8srodqJknnEYgmh87p0tTgxpQXwVuXtL50D0= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MN6PR11MB8244.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(6029001)(346002)(376002)(136003)(39860400002)(366004)(396003)(451199015)(41300700001)(66446008)(66476007)(8676002)(64756008)(66946007)(66556008)(76116006)(54906003)(2906002)(5660300002)(110136005)(52536014)(8936002)(4326008)(6506007)(7696005)(71200400001)(9686003)(478600001)(186003)(53546011)(26005)(107886003)(86362001)(55016003)(83380400001)(38100700002)(82960400001)(38070700005)(122000001)(316002)(33656002)(22166006);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?2vvrR7sz0iBnNnyjoPPcMuBrBmr4aJKQPMOV7t3+iJKEOmJgZppQmnnSD0YY?= =?us-ascii?Q?C0eKW1q3r/EWfxJ5OG6VtdjzNij0mz6NrK7Opbq4K7g/q3fr1VTgnYRYgZk/?= =?us-ascii?Q?ZJjKHpqjClTVAinBG0PygGIkvnOJStbUFQxNWq72VooSbNgHg/+pyP/Yctfo?= =?us-ascii?Q?2C89UBpE8r4scye5hId71J4KDw8GTUDe4sWoEZltgAk6CqdPYZU9oJy20r90?= =?us-ascii?Q?yA6rI5rkOrv5FQxqVV3r0dSusejujTEpF48wa/GG8l8S/9BcPVkt5kzdhHSe?= =?us-ascii?Q?LAZ3X9wzHVe70x6cRAZPZwv6ncqy8l97vhjYKLquZABkYio3fGFmWzovelDI?= =?us-ascii?Q?agySeJ/v1JkZXnAZw9y5q2a8a3QJDZ3TlA1gwW7+8wrCUdjrDpWS085XK3M6?= =?us-ascii?Q?RT4ujQBvUYh6VjmCw3qdF8/6Ri3yzbMPGXx7hwPws16yQQriE2bHm7WTGrt+?= =?us-ascii?Q?tEvM5mISei4qSKJQ02YqxcRnzB/ixth0b2r8arvLgwO/JxZvkvaoqAxdAp1X?= =?us-ascii?Q?Zhzm4M34oq38m7ZHSGy5TwtAbUg310RjaDAsRiL7SPyy7ti9xflBPoI7Uhrp?= =?us-ascii?Q?lPxv/JGbsLer0KuZZhDTTP09XWK+/XRAV38pJmmtGXeboBTEZk+109w7tTwP?= =?us-ascii?Q?sppOFlGrGqy+XRpSEWc0LBM/q2EUKAmdiUXfOPuClGezPcdcKlfvRsRxbuI8?= =?us-ascii?Q?3xw38/X7kPQP3rAvysa6B1Gncm0+PXdGaXfHC48A6E3hhqFT9JsqRzujBn7z?= =?us-ascii?Q?TBaOL58derEEKVukF18WICsVld7Cpc7cW2kThgjdgTBallOnivpF7yRAj8bV?= =?us-ascii?Q?bZMoOQT512KJDmaG7kxIazWR4AS90iVUlEAEjJ4NLjz0kz45cN7bvN3fGsQ9?= =?us-ascii?Q?os1MbTOSgEaY2jQkxDQemrq8bKHxk8ADcnh7EgkPkQzeSv/UmshnEiA04TVu?= =?us-ascii?Q?JAhkHdesEdsVG5wUky8vGnjorCPz5rg4hKDk+Mz+BF6yszOIDOLKEfq7m6n1?= =?us-ascii?Q?A2rKrcjQE5TE44iXpmwbdVGVzx2gsjtUpR5eANQI+UxbTQEu/2zCReqZe8IH?= =?us-ascii?Q?YwjwCHZEgJxAne4NUW9uCt7IWWu1mRBvPFDwoemTVSSsDtf31MpnQ3CYab1f?= =?us-ascii?Q?CCJy2SnyxSY2FZBgZsGqb3PJJzK0w2yWJrnNqW/4hTnqyu/38hJQ+q9dP+YF?= =?us-ascii?Q?Haxj52a5jdoY1a83uqgySPfgR6Q/p1XtvNw6EyWGQWK29VCXtGHMK2EOphGO?= =?us-ascii?Q?/VXsbCipbDVBHGXbVfwzFU9kaP/HziDEyKCoFHwCVrQ4uoUNMTb0xNV43rbu?= =?us-ascii?Q?jjDHMb+PTKUwpwiHafxVCyxcseEEIceVXS9Vncba3Hs83YPlFmC+jKO/MlJa?= =?us-ascii?Q?k4Q4+7eLCCclSBRqYXIn+2fVBJ2EKa6WcitAs+K6mlYX/WVF0qnIzTIqxR0a?= =?us-ascii?Q?Q5ipGWbIKv9a5FiWvWqiYT1wG2x3tV59o+TiXoN7amRBPBnZMIaMXjrr20MQ?= =?us-ascii?Q?KrOdIpAmY8WOrv3dsz06rnZjgR4K0RPn9ed+VAvCMB6FNrPqpai5CQ08A1KR?= =?us-ascii?Q?cfba4d0dVDB2aMCMgpU=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MN6PR11MB8244.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b017598d-9228-4b87-35f3-08daed39c27a X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jan 2023 03:22:35.7429 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: BEaBmr0k8EGr9fAUnxQ2KdAelt1xDT//xSdX8cAI3WGEnhtNzIkR829iJc+eE65LE0tp3WImCusYQTZrsGgrgw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR11MB6357 Return-Path: ray.ni@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Dun, CET should be disabled before clearing CR0.WP. > -----Original Message----- > From: Tan, Dun > Sent: Tuesday, January 3, 2023 10:57 AM > To: devel@edk2.groups.io > Cc: Dong, Eric ; Ni, Ray ; Kumar, = Rahul R > Subject: [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm:Fix PF issue caused by smm pag= e table code >=20 > When setting new page table pool to RO, only disable/enable WP when > Cr0.WP has been set to 1 to fix potential PF caused by b822be1a20 > (UefiCpuPkg/PiSmmCpuDxeSmm: Introduce page table pool mechanism). > With previous code, if someone want to modify the page table and > Cr0.WP has been cleared before modify page table, Cr0.WP may be set > to 1 again since new pool may be generated during this process > Then PF fault may happens. >=20 > Signed-off-by: Dun Tan > Cc: Eric Dong > Cc: Ray Ni > Cc: Rahul Kumar > --- > UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 40 ++++++++++++++++= ++++++++++++------------ > 1 file changed, 28 insertions(+), 12 deletions(-) >=20 > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c > b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c > index 4bb23f6920..c385f12d9c 100644 > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c > @@ -67,8 +67,10 @@ InitializePageTablePool ( > IN UINTN PoolPages > ) > { > - VOID *Buffer; > - BOOLEAN CetEnabled; > + VOID *Buffer; > + BOOLEAN CetEnabled; > + BOOLEAN WpEnabled; > + IA32_CR0 Cr0; >=20 > // > // Always reserve at least PAGE_TABLE_POOL_UNIT_PAGES, including one p= age for > @@ -106,21 +108,35 @@ InitializePageTablePool ( > // > if (mIsReadOnlyPageTable) { > CetEnabled =3D ((AsmReadCr4 () & CR4_CET_ENABLE) !=3D 0) ? TRUE : FA= LSE; > - if (CetEnabled) { > + Cr0.UintN =3D AsmReadCr0 (); > + WpEnabled =3D (Cr0.Bits.WP !=3D 0) ? TRUE : FALSE; > + if (WpEnabled) { > // > - // CET must be disabled if WP is disabled. > + // Only disable/enable WP when Cr0.Bits.WP has been set to 1. > // > - DisableCet (); > + Cr0.Bits.WP =3D 0; > + AsmWriteCr0 (Cr0.UintN); > + > + if (CetEnabled) { > + // > + // CET must be disabled if WP is disabled. > + // > + DisableCet (); > + } > } >=20 > - AsmWriteCr0 (AsmReadCr0 () & ~CR0_WP); > SmmSetMemoryAttributes ((EFI_PHYSICAL_ADDRESS)(UINTN)Buffer, EFI_PAG= ES_TO_SIZE (PoolPages), > EFI_MEMORY_RO); > - AsmWriteCr0 (AsmReadCr0 () | CR0_WP); > - if (CetEnabled) { > - // > - // re-enable CET. > - // > - EnableCet (); > + if (WpEnabled) { > + Cr0.UintN =3D AsmReadCr0 (); > + Cr0.Bits.WP =3D 1; > + AsmWriteCr0 (Cr0.UintN); > + > + if (CetEnabled) { > + // > + // re-enable CET. > + // > + EnableCet (); > + } > } > } >=20 > -- > 2.31.1.windows.1