From: "Laszlo Ersek" <lersek@redhat.com>
To: devel@edk2.groups.io, taylor.d.beebe@gmail.com
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>,
Jiewen Yao <jiewen.yao@intel.com>,
Jordan Justen <jordan.l.justen@intel.com>,
Gerd Hoffmann <kraxel@redhat.com>
Subject: Re: [edk2-devel] [PATCH v5 11/28] OvmfPkg: Apply Memory Protections via SetMemoryProtectionsLib
Date: Mon, 9 Oct 2023 10:19:23 +0200 [thread overview]
Message-ID: <c9b31ab6-9f50-7fab-4815-e794a2d0dbed@redhat.com> (raw)
In-Reply-To: <20231009000742.1792-12-taylor.d.beebe@gmail.com>
On 10/9/23 02:07, Taylor Beebe wrote:
> Use SetMemoryProtectionsLib to set the memory protections for
> the platform in both normal and PEI-less boot. The protections
> set are equivalent to the PCD settings and the ability to set
> NxForStack via QemuCfg is preserved. Once the transition to use
> SetMemoryProtectionsLib and GetMemoryProtectionsLib is complete
> in the rest of EDK2, the mechanics of setting protections in
> OvmfPkg will be updated and the memory protection PCDs will
> be deleted.
>
> Signed-off-by: Taylor Beebe <taylor.d.beebe@gmail.com>
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> ---
> OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c | 15 +++++++++++++--
> OvmfPkg/PlatformPei/Platform.c | 15 +++++++++++++--
> OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf | 3 +++
> OvmfPkg/PlatformPei/PlatformPei.inf | 1 +
> 4 files changed, 30 insertions(+), 4 deletions(-)
This should be two patches; the audiences for both modules
(PeilessStartupLib vs. PlatformPei) are nearly distinct. I surely don't
care for PeilessStartupLib.
>
> diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c b/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c
> index 1632a2317718..cf645aad3246 100644
> --- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c
> +++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c
> @@ -14,10 +14,13 @@
> #include <Protocol/DebugSupport.h>
> #include <Library/TdxLib.h>
> #include <IndustryStandard/Tdx.h>
> +#include <Library/PcdLib.h>
> #include <Library/PrePiLib.h>
> #include <Library/PeilessStartupLib.h>
> #include <Library/PlatformInitLib.h>
> #include <Library/TdxHelperLib.h>
> +#include <Library/SetMemoryProtectionsLib.h>
> +#include <Library/QemuFwCfgSimpleParserLib.h>
> #include <ConfidentialComputingGuestAttr.h>
> #include <Guid/MemoryTypeInformation.h>
> #include <OvmfPlatforms.h>
> @@ -42,7 +45,9 @@ InitializePlatform (
> EFI_HOB_PLATFORM_INFO *PlatformInfoHob
> )
> {
> - VOID *VariableStore;
> + VOID *VariableStore;
> + DXE_MEMORY_PROTECTION_SETTINGS DxeSettings;
> + MM_MEMORY_PROTECTION_SETTINGS MmSettings;
>
> DEBUG ((DEBUG_INFO, "InitializePlatform in Pei-less boot\n"));
> PlatformDebugDumpCmos ();
> @@ -104,7 +109,13 @@ InitializePlatform (
>
> PlatformMemMapInitialization (PlatformInfoHob);
>
> - PlatformNoexecDxeInitialization (PlatformInfoHob);
> + DxeSettings = DxeMemoryProtectionProfiles[DxeMemoryProtectionSettingsPcd].Settings;
> + MmSettings = MmMemoryProtectionProfiles[MmMemoryProtectionSettingsPcd].Settings;
> + DxeSettings.StackExecutionProtectionEnabled = PcdGetBool (PcdSetNxForStack);
> + QemuFwCfgParseBool ("opt/ovmf/PcdSetNxForStack", &DxeSettings.StackExecutionProtectionEnabled);
> +
> + SetDxeMemoryProtectionSettings (&DxeSettings, DxeMemoryProtectionSettingsPcd);
> + SetMmMemoryProtectionSettings (&MmSettings, MmMemoryProtectionSettingsPcd);
>
> if (TdIsEnabled ()) {
> PlatformInfoHob->PcdConfidentialComputingGuestAttr = CCAttrIntelTdx;
> diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
> index f5dc41c3a8c4..bcd8d3a1be14 100644
> --- a/OvmfPkg/PlatformPei/Platform.c
> +++ b/OvmfPkg/PlatformPei/Platform.c
> @@ -38,6 +38,7 @@
> #include <IndustryStandard/QemuCpuHotplug.h>
> #include <Library/MemEncryptSevLib.h>
> #include <OvmfPlatforms.h>
> +#include <Library/SetMemoryProtectionsLib.h>
>
> #include "Platform.h"
>
> @@ -304,8 +305,10 @@ InitializePlatform (
> IN CONST EFI_PEI_SERVICES **PeiServices
> )
> {
> - EFI_HOB_PLATFORM_INFO *PlatformInfoHob;
> - EFI_STATUS Status;
> + EFI_HOB_PLATFORM_INFO *PlatformInfoHob;
> + EFI_STATUS Status;
> + DXE_MEMORY_PROTECTION_SETTINGS DxeSettings;
> + MM_MEMORY_PROTECTION_SETTINGS MmSettings;
>
> DEBUG ((DEBUG_INFO, "Platform PEIM Loaded\n"));
> PlatformInfoHob = BuildPlatformInfoHob ();
Can you check, in the OVMF debug log, the before-after temp stack usage?
My build of OVMF logs:
Temp Stack : BaseAddress=0x818000 Length=0x8000
Temp Heap : BaseAddress=0x810000 Length=0x8000
Total temporary memory: 65536 bytes.
temporary memory stack ever used: 30112 bytes.
temporary memory heap used for HobList: 7600 bytes.
I wonder if your change above makes a difference for stack usage here.
Point of interest: commit d41fd8e839a3 ("OvmfPkg: restore temporary
SEC/PEI RAM size to 64KB", 2017-11-17).
> @@ -342,6 +345,14 @@ InitializePlatform (
>
> PublishPeiMemory (PlatformInfoHob);
>
> + DxeSettings = DxeMemoryProtectionProfiles[DxeMemoryProtectionSettingsPcd].Settings;
> + MmSettings = MmMemoryProtectionProfiles[MmMemoryProtectionSettingsPcd].Settings;
Can you perhaps rearrange the source code somehow in order to prevent
uncrustify from turning these assignments into 110+ charater long lines?
But more importantly, these are structure assignments, and (I think)
structure assignments are (still) forbidden in edk2, because they can
produce calls to compiler-intrinsic helper functions.
So, please use CopyMem(). (And that should solve the line-too-long issue
as well!)
> + DxeSettings.StackExecutionProtectionEnabled = PcdGetBool (PcdSetNxForStack);
> + QemuFwCfgParseBool ("opt/ovmf/PcdSetNxForStack", &DxeSettings.StackExecutionProtectionEnabled);
> +
> + SetDxeMemoryProtectionSettings (&DxeSettings, DxeMemoryProtectionSettingsPcd);
> + SetMmMemoryProtectionSettings (&MmSettings, MmMemoryProtectionSettingsPcd);
> +
> PlatformQemuUc32BaseInitialization (PlatformInfoHob);
>
> InitializeRamRegions (PlatformInfoHob);
I don't like the placement of this logic (or minimally, I don't
understand it). This logic is supposed to be a superset of
NoexecDxeInitialization(), as the latter is what currently consumes the
"opt/ovmf/PcdSetNxForStack" fw_cfg file, and sets PcdSetNxForStack
accordingly.
But NoexecDxeInitialization() is restricted to
PlatformInfoHob->BootMode != BOOT_ON_S3_RESUME
whereas the new logic appears to run regardless of boot mode.
Did you test this series with ACPI S3 suspend/resume, both with and
without SMM_REQUIRE?
During S3 resume, there's not going to be a DXE phase, and so SMM is not
loaded yet again (it just survives from the first, cold, boot).
Therefore anything we expose (such as a HOB) that controls only DXE or
SMM is irrelevant during S3.
If there is at least one a setting in "DxeSettings" that *does* make a
difference even during S3 resume (stack guard?), then I'd argue that the
DXE settings are incorrectly structured / named.
Laszlo
> diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf
> index 585d50463748..f0a8a5a56df4 100644
> --- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf
> +++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf
> @@ -56,6 +56,8 @@ [LibraryClasses]
> PrePiLib
> QemuFwCfgLib
> PlatformInitLib
> + SetMemoryProtectionsLib
> + QemuFwCfgSimpleParserLib
>
> [Guids]
> gEfiHobMemoryAllocModuleGuid
> @@ -81,6 +83,7 @@ [Pcd]
> gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy ## SOMETIMES_CONSUMES
> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ## CONSUMES
> gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ## CONSUMES
> + gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## CONSUMES
> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase
> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize
> gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootSupported
> diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
> index 3934aeed9514..6b8442d12b2c 100644
> --- a/OvmfPkg/PlatformPei/PlatformPei.inf
> +++ b/OvmfPkg/PlatformPei/PlatformPei.inf
> @@ -65,6 +65,7 @@ [LibraryClasses]
> PcdLib
> CcExitLib
> PlatformInitLib
> + SetMemoryProtectionsLib
>
> [Pcd]
> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109443): https://edk2.groups.io/g/devel/message/109443
Mute This Topic: https://groups.io/mt/101843353/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/xyzzy [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2023-10-09 8:19 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-09 0:07 [edk2-devel] [PATCH v5 00/28] Implement Dynamic Memory Protection Settings Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 01/28] MdeModulePkg: Add DXE and MM Memory Protection Settings Definitions Taylor Beebe
2023-11-03 5:52 ` Ni, Ray
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 02/28] MdeModulePkg: Define SetMemoryProtectionsLib and GetMemoryProtectionsLib Taylor Beebe
2023-10-09 7:52 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 03/28] MdeModulePkg: Add NULL Instances for Get/SetMemoryProtectionsLib Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 04/28] MdeModulePkg: Implement SetMemoryProtectionsLib and GetMemoryProtectionsLib Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 05/28] MdeModulePkg: Copy PEI PCD Database Into New Buffer Taylor Beebe
2023-10-09 6:47 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 06/28] MdeModulePkg: Apply Protections to the HOB List Taylor Beebe
2023-10-09 6:54 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 07/28] MdeModulePkg: Check Print Level Before Dumping GCD Memory Map Taylor Beebe
2023-10-09 7:10 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 08/28] UefiCpuPkg: Always Set Stack Guard in MpPei Init Taylor Beebe
2023-10-09 7:28 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 09/28] ArmVirtPkg: Add Memory Protection Library Definitions to Platforms Taylor Beebe
2023-10-09 7:30 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 10/28] OvmfPkg: " Taylor Beebe
2023-10-09 7:47 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 11/28] OvmfPkg: Apply Memory Protections via SetMemoryProtectionsLib Taylor Beebe
2023-10-09 8:19 ` Laszlo Ersek [this message]
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 12/28] OvmfPkg: Update PeilessStartupLib to use SetMemoryProtectionsLib Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 13/28] UefiPayloadPkg: Update DXE Handoff " Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 14/28] MdeModulePkg: " Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 15/28] ArmPkg: Use GetMemoryProtectionsLib instead of Memory Protection PCDs Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 16/28] EmulatorPkg: " Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 17/28] OvmfPkg: " Taylor Beebe
2023-10-09 8:29 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 18/28] UefiCpuPkg: " Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 19/28] MdeModulePkg: " Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 20/28] MdeModulePkg: Add Additional Profiles to SetMemoryProtectionsLib Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 21/28] OvmfPkg: Add QemuFwCfgParseString to QemuFwCfgSimpleParserLib Taylor Beebe
2023-10-09 8:40 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 22/28] OvmfPkg: Add MemoryProtectionConfigLib Taylor Beebe
2023-10-09 9:17 ` Laszlo Ersek
2023-10-09 9:22 ` Laszlo Ersek
2023-10-09 9:34 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 23/28] OvmfPkg: Enable Choosing Memory Protection Profile via QemuCfg Taylor Beebe
2023-10-09 9:53 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 24/28] ArmVirtPkg: Apply Memory Protections via SetMemoryProtectionsLib Taylor Beebe
2023-10-09 10:00 ` Laszlo Ersek
2023-10-10 11:48 ` Gerd Hoffmann
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 25/28] MdeModulePkg: Delete PCD Profile from SetMemoryProtectionsLib Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 26/28] OvmfPkg: Delete Memory Protection PCDs Taylor Beebe
2023-10-09 10:02 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 27/28] ArmVirtPkg: " Taylor Beebe
2023-10-09 10:02 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 28/28] MdeModulePkg: " Taylor Beebe
2023-10-09 10:03 ` Laszlo Ersek
2023-10-09 14:47 ` Taylor Beebe
2023-10-09 10:16 ` [edk2-devel] [PATCH v5 00/28] Implement Dynamic Memory Protection Settings Yao, Jiewen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c9b31ab6-9f50-7fab-4815-e794a2d0dbed@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox