From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web11.57882.1672727653661940406 for ; Mon, 02 Jan 2023 22:34:14 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=gRzKt7BC; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: ray.ni@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1672727653; x=1704263653; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=PvdRp1WV70cnrv34AgjLjFiE6geVFIy07yeMmSgQFVg=; b=gRzKt7BCLL2ct2DncaaeN26PcGeBcDNxSQbuRk6Y95RFvxPpOMPcn4Ua jSWMLafvFvgp+WSU8XK7jAJ6y/KR22puSQ5V3tEoQTh7rxiYWLVaGBSd9 mc1OdrN+VguUJFbJOPBvGWYFMuSmW8j/YX0sURbTl/c2NqZiv92a+e5L9 edxkwi6sajTCZkBgF6ITnqgira02cfPr/3jgGJ+EAnKRGeGeohm+Ouo7D aC2lRVgbBGkKHcOI0KNIZwsvdV1TrHqpeA14oS5hsUGP+l9ieK0O6zI6+ JSYADgr+EC58BVxd8KieCR5sO4tyeAsLbK6vnSdCC4qW4IFTnHH5EZPBA g==; X-IronPort-AV: E=McAfee;i="6500,9779,10578"; a="383894241" X-IronPort-AV: E=Sophos;i="5.96,296,1665471600"; d="scan'208";a="383894241" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Jan 2023 22:34:12 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10578"; a="900055463" X-IronPort-AV: E=Sophos;i="5.96,296,1665471600"; d="scan'208";a="900055463" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by fmsmga006.fm.intel.com with ESMTP; 02 Jan 2023 22:34:12 -0800 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16; Mon, 2 Jan 2023 22:34:12 -0800 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16 via Frontend Transport; Mon, 2 Jan 2023 22:34:12 -0800 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.106) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.16; Mon, 2 Jan 2023 22:34:10 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LHy/XjFonFbklGHIPfFi+sPKWBCvjb0qW3Jwhf0A/l5+NRXYHF+zfVNzj1nQgpJKrbIzPzEwjekxzmdeK+u5TnCxZ7+U6PsabezxUlng9xK/VylPPoD3XvQVTkXUnl8smOWkRSXe7bYkhhNKQ0jyWFoFgv7UK/eDjHkfQ0q1zriKtM5jc2kdrfZg7+bl8blUw8cEqXyoFywBJXFh/orLybGoQMO6+fh1RFNARV9YyadY3DABhQZsvGP1Rg9f2CtS0RzC17roZO520l6EHOVjzYH3FN2RwTwYWIrVxQ2ZKQOeDHrtaW+9MyUO+Lu3QkdIFDRhqNs7DS6x5q0oKVPTcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0nKmqF8by+FJCns0KlG1uSXr1Spg0iUPxefvJuZYymI=; b=JzCQYFvfBFtkyKqiv9HiTw16/nZPG8UELaytIqZXqOWIGKfxYoLg68XXnIxWeVl1SDUC2pwpsqMRxCS6S34jlMssK/d6m1Dm+yFt6uuI1J+8ZHEoITCAHiekqOIPCCakVc8iDPNf0m3yMtbNH9wbLFCVGlg+JwmAWeZ9p4i2dnRmyDqKjwR5mtEyzSdtvhOe+xGXR2am/iGAgHahIQ0kHIJnOqisYO+GihH5+491y0tn7bVSl39yXfRBN0E2H2+mUfhTZlVmVDIrSinGiRugCNCaX+XERgw4OUQb+bM3YXNMOzx2SDokI4v9CUBWG2d/dDaODAdqgquw1Dqa/V/Y0A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MN6PR11MB8244.namprd11.prod.outlook.com (2603:10b6:208:470::14) by PH7PR11MB7148.namprd11.prod.outlook.com (2603:10b6:510:1ef::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5944.19; Tue, 3 Jan 2023 06:34:07 +0000 Received: from MN6PR11MB8244.namprd11.prod.outlook.com ([fe80::f890:e4ec:e2d8:5831]) by MN6PR11MB8244.namprd11.prod.outlook.com ([fe80::f890:e4ec:e2d8:5831%4]) with mapi id 15.20.5944.019; Tue, 3 Jan 2023 06:34:07 +0000 From: "Ni, Ray" To: "Tan, Dun" , "devel@edk2.groups.io" CC: "Dong, Eric" , "Kumar, Rahul R" Subject: Re: [Patch V4] UefiCpuPkg/PiSmmCpuDxeSmm:Fix PF issue caused by smm page table code Thread-Topic: [Patch V4] UefiCpuPkg/PiSmmCpuDxeSmm:Fix PF issue caused by smm page table code Thread-Index: AQHZHzgw4fy1LGx34EWUPPU7vUSWAa6MPEbQ Date: Tue, 3 Jan 2023 06:34:07 +0000 Message-ID: References: <20230103055617.2103-1-dun.tan@intel.com> In-Reply-To: <20230103055617.2103-1-dun.tan@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MN6PR11MB8244:EE_|PH7PR11MB7148:EE_ x-ms-office365-filtering-correlation-id: 3b8877be-8ab8-4872-44b2-08daed548432 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: gdgPjz2ZOlSL5J1n2Lmt3rKaMEUwoNjuAHnvP1o83HuGOZARAgtmN6Ad76SdRbr9za1euPpagH+di2/mBLSKdUS5V/aSTQfd1u1+ymqg2ajqdLvJ14FVHroGRqf2h/F8F5D3SUg+AwzsaemXBRuFo3aHbgSusne9xaB+ziZopBFF0F4GLS0Yv49aC2+qPo4/NvS0TJlHQESg4skQAU1BdKbfzwa93Pw2ztPPglAt2+mA9uXAbwUDMj8aUiiM+xdrZfoeS3MduL/XKaENDYmr6LmeWRp17Tj4JAUWNR9dxo8Spc4n3Y36ELyO8cENaIcSQtwtwWnJotFYpwM35lNhNQsi8IRTL5agg8yhS6HH9j4ZDmlrLSnYvwjmmtM15FLFFBVMSav2M8emMYRGs56O9gMYZp8nb2FbND83NwOLwaIUw/JYOdIJad/m65v8+N7hzMtyTuGj1V99maVlqPGWC/K4i7R3fCQpq2omkYLNjFMJabCoHSpreOxO2MN2Ca1a5eNo1D/DmqIubiEq0+jJ5RgTKr7TCiITTU8rwaYwdf42JuqcbjctkVhebWYIgrjQoRDTtn2DTZbibTSgNM9L6WW6XoMSdn/zVQItz2pS9Dn0ywPPxUQjyBFCzNGo6U992xxAfq2FITH1N/6KeTRzglH60tv1sIxWwy8M8rdP6JBudQx6pjWLWHkJ1zC3T8IxV949aEsaTy82YASeUGd3xVJbLAYjfP1sSI8aHkiRjsM= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MN6PR11MB8244.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(6029001)(39860400002)(346002)(376002)(396003)(136003)(366004)(451199015)(86362001)(6506007)(53546011)(26005)(66446008)(64756008)(66476007)(66946007)(8676002)(66556008)(110136005)(186003)(2906002)(4326008)(54906003)(107886003)(41300700001)(316002)(33656002)(8936002)(82960400001)(83380400001)(9686003)(52536014)(38100700002)(122000001)(478600001)(76116006)(38070700005)(5660300002)(71200400001)(55016003)(7696005)(22166006);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?GSQACYMuF/WkM2oE3WDU9IYfZIl/xxLB1Fkgdmb7xUsEzvCIR6bLKh0fdjLX?= =?us-ascii?Q?IAF7uphusCZXqOhp9JeAzN/6+T7f/z7tpIrJypQhOV1gXzHCzUcR09/sWyc+?= =?us-ascii?Q?rHhjqqwEwRx81zU1dVNWZr1rEBkTjyX/OK0hb3WkFeY67f8PrXCOLPsi2+D+?= =?us-ascii?Q?NeuYsXN61V+80R92c8zHj1EmoC6BQP2VeC324Oq8+iC0xhs/cuwSvvYmtaW6?= =?us-ascii?Q?sxO4PtBT4WnUwBo3bzumQweio4BnOoQhGoBcgggKV/uGQuKDx1pMm9JIKAZx?= =?us-ascii?Q?eT+SkVoF7qM6aWeIOtdD9QUtvE4wFfsHxWKeSlZu/fLXIO5hx/tjtcRKiuN6?= =?us-ascii?Q?1FgxDUcOD9KSm2HvKzGVpUtGNj2MQT+VbNtILZdIq6tL71k4zelfsPmPJQLR?= =?us-ascii?Q?YbDVlrzH2LJKxIsBxNto3dKyYVpr+qNT6Zo3pPby3AYs3+FM2XZZxoB45OHU?= =?us-ascii?Q?SXkJ0xyQi5xwvyuRukbolLBPfGcpiPCggbX0Mz9nFeVyXh5CoZgulWrwY8Ct?= =?us-ascii?Q?4/+6h8cOsPaLXlzhVZVZBfbV+daZBR1LXbylWHYn33vO88eyLkw0QzIcEv65?= =?us-ascii?Q?crmEZTcRxJn2UswMmbYFC82hvPhcnf+y4LVVm+PDx4cUQpZVgtJtSppM/Y2m?= =?us-ascii?Q?DBEUornuV0cEoYM4ws0gH1C9vh7f9a6SWoZfOgMJ56NE/wQs0awRbn34xcIc?= =?us-ascii?Q?eLw371sbsIVmTqd1ExggWTTAmQgR2KVJfP1gO/u2X4urAhb1KYHyrQnjsufj?= =?us-ascii?Q?sSYaoq+JeNwPAvayD0qc5K8Nh/R2sr+gyoXzi3apPlP40LbeP1y/j6K+lb6X?= =?us-ascii?Q?gBvWkoDNi95lmy+I57f76/oKHrU4SWIJvliHI92tcK+SeokDRRRxmVKAxAzX?= =?us-ascii?Q?uk3xSlIuwxAk/SamKFFv66OR4IRN9qe2jLmlzq7tKvFscphmRvkb356zEP2f?= =?us-ascii?Q?qIq/cn/Ss00gEqveAfgU/ZHYM8neMuMUBRh+46hrhO7KmhC729TrduUZvJKG?= =?us-ascii?Q?nLm2tSBDAn2hbWA04FpLDjMoeTqgJBItB823hBDlMUdUAZf44tFdvGmEhYGv?= =?us-ascii?Q?Y1aNfJ38dn8KBHY8aCsJrZI9iLyUFFFR7UaGetHKjwXg+EUCYy6lkRnbpqPm?= =?us-ascii?Q?A4dGM0k1wPAVvbR44x9/IKsCQnRsBkyHwF7pJil4+IIqLQyXvdOzye9jYli2?= =?us-ascii?Q?2VGKRn3vnDfLvWiTqj4yjidqk28+8CMiblaP4dfdO0fue7Efj+sOGVNTccri?= =?us-ascii?Q?lCfU1ZZK4QyhLyoooi4VKyYupe2t4G7Y2amFdoaRn9NYVEffK3gsvr6jVFKl?= =?us-ascii?Q?GkgZAfOo4dyMs9ZlffflmmMRASD4PR/kVEaZ37UbBuU5IImHvLwMymE1mxsE?= =?us-ascii?Q?F9852AlGxoOthFrxj6XTdfiGGYXKhHr/ioPa/RFWrb04nUPdo5D3BgP/HR8+?= =?us-ascii?Q?+KikazHlRqVPRaJ1bShyZZsx8fHjxLX+bbOtK1a+Qdj4r1oHP10w+BcgGJwz?= =?us-ascii?Q?03l+iYg1qMg8qahtETFVZ8sAxxc8wrsSvAFwvp4gsF4qpOJzlkztkcLXVa7o?= =?us-ascii?Q?9U6PYPaRdTvZ1/E5xBo=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MN6PR11MB8244.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3b8877be-8ab8-4872-44b2-08daed548432 X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jan 2023 06:34:07.7112 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: CtDaJeT5KnAM3ghA0X1LkD9PiqjO/4dUzUVJXWqzGrtw17MT22uuy/R5S2UMOevx8uM8rr94yHDzDoNK5KlIvw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR11MB7148 Return-Path: ray.ni@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Ray Ni > -----Original Message----- > From: Tan, Dun > Sent: Tuesday, January 3, 2023 1:56 PM > To: devel@edk2.groups.io > Cc: Dong, Eric ; Ni, Ray ; Kumar, = Rahul R > Subject: [Patch V4] UefiCpuPkg/PiSmmCpuDxeSmm:Fix PF issue caused by smm = page table code >=20 > When setting new page table pool to RO, only disable/enable WP when > Cr0.WP has been set to 1 to fix potential PF caused by b822be1a20 > (UefiCpuPkg/PiSmmCpuDxeSmm: Introduce page table pool mechanism). > With previous code, if someone want to modify the page table and > Cr0.WP has been cleared before modify page table, Cr0.WP may be set > to 1 again since new pool may be generated during this process > Then PF fault may happens. >=20 > Signed-off-by: Dun Tan > Cc: Eric Dong > Cc: Ray Ni > Cc: Rahul Kumar > --- > UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 40 ++++++++++++++++= ++++++++++++------------ > 1 file changed, 28 insertions(+), 12 deletions(-) >=20 > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c > b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c > index 4bb23f6920..bab7f1887b 100644 > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c > @@ -67,8 +67,10 @@ InitializePageTablePool ( > IN UINTN PoolPages > ) > { > - VOID *Buffer; > - BOOLEAN CetEnabled; > + VOID *Buffer; > + BOOLEAN CetEnabled; > + BOOLEAN WpEnabled; > + IA32_CR0 Cr0; >=20 > // > // Always reserve at least PAGE_TABLE_POOL_UNIT_PAGES, including one p= age for > @@ -106,21 +108,35 @@ InitializePageTablePool ( > // > if (mIsReadOnlyPageTable) { > CetEnabled =3D ((AsmReadCr4 () & CR4_CET_ENABLE) !=3D 0) ? TRUE : FA= LSE; > - if (CetEnabled) { > + Cr0.UintN =3D AsmReadCr0 (); > + WpEnabled =3D (Cr0.Bits.WP !=3D 0) ? TRUE : FALSE; > + if (WpEnabled) { > + if (CetEnabled) { > + // > + // CET must be disabled if WP is disabled. Disable CET before cl= earing CR0.WP. > + // > + DisableCet (); > + } > + > // > - // CET must be disabled if WP is disabled. > + // Only disable/enable WP when Cr0.Bits.WP has been set to 1. > // > - DisableCet (); > + Cr0.Bits.WP =3D 0; > + AsmWriteCr0 (Cr0.UintN); > } >=20 > - AsmWriteCr0 (AsmReadCr0 () & ~CR0_WP); > SmmSetMemoryAttributes ((EFI_PHYSICAL_ADDRESS)(UINTN)Buffer, EFI_PAG= ES_TO_SIZE (PoolPages), > EFI_MEMORY_RO); > - AsmWriteCr0 (AsmReadCr0 () | CR0_WP); > - if (CetEnabled) { > - // > - // re-enable CET. > - // > - EnableCet (); > + if (WpEnabled) { > + Cr0.UintN =3D AsmReadCr0 (); > + Cr0.Bits.WP =3D 1; > + AsmWriteCr0 (Cr0.UintN); > + > + if (CetEnabled) { > + // > + // re-enable CET. > + // > + EnableCet (); > + } > } > } >=20 > -- > 2.31.1.windows.1