From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <lersek@redhat.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=209.132.183.28; helo=mx1.redhat.com; envelope-from=lersek@redhat.com;
 receiver=edk2-devel@lists.01.org 
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id B5DA721F3B3FE
 for <edk2-devel@lists.01.org>; Fri, 27 Oct 2017 10:18:30 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 5755F356C2;
 Fri, 27 Oct 2017 17:22:17 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 5755F356C2
Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com;
 dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com;
 spf=fail smtp.mailfrom=lersek@redhat.com
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-122-3.rdu2.redhat.com
 [10.10.122.3])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 85E4160600;
 Fri, 27 Oct 2017 17:22:16 +0000 (UTC)
To: Jian J Wang <jian.j.wang@intel.com>
References: <20171027061140.17160-1-jian.j.wang@intel.com>
Cc: edk2-devel@lists.01.org
From: Laszlo Ersek <lersek@redhat.com>
Message-ID: <ca2da31e-c597-9814-bfde-67ccddbcb243@redhat.com>
Date: Fri, 27 Oct 2017 19:22:15 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <20171027061140.17160-1-jian.j.wang@intel.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.30]); Fri, 27 Oct 2017 17:22:17 +0000 (UTC)
Subject: Re: [PATCH v4 0/7] Implement heap guard feature
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Oct 2017 17:18:30 -0000
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit

Hi Jian,

On 10/27/17 08:11, Jian J Wang wrote:
>> Path V4 changes:
>> a. Change names of gEdkiiSmmMemoryAttributeProtocolGuid related
>>    definitions from EFI_ to EDKII_
>> b. Coding style cleanup
>> c. Split patches in a more reasonable order and groups
> 
>> Patch V3 changes:
>> a. Add new protocol gEdkiiSmmMemoryAttributeProtocolGuid to do
>>    memory attributes update instead of doing it directly in SmmCore
>> b. Fix GCC build error
> 
>> Patch V2 changes:
>> a. Remove local variable initializer with memory copy from globals
>> b. Change map table dump code to use DEBUG_PAGE|DEBUG_POOL level
>>    message 
>> c. Fix malfunction in 32-bit boot mode
>> d. Add comment for the use of mOnGuarding
>> e. Change name of function InitializePageTableLib to 
>>    InitializePageTableGlobals
>> f. Add code in 32-bit code to bypass setting page table to read-only
>> g. Coding style clean-up
>>
> 
> This feature makes use of paging mechanism to add a hidden (not present)
> page just before and after the allocated memory block. If the code tries
> to access memory outside of the allocated part, page fault exception will
> be triggered.
> 
> This feature is disabled by default and is not recommended to enable it
> in production build of BIOS.
> 
> This patch has passed following validations:
> 
>   a. Boot to shell (OVMF, Intel real platform)(32/64)
>   b. Boot to Fedora 25 (64)
> 
> NT32 emulation platform was not validated with this feature enabled
> due to the fact that it doesn't support paging which is needed for
> this feature to work. But all are validated with feature is disabled.
> 
> Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> 
> Jian J Wang (7):
>   MdeModulePkg/MdeModulePkg.dec,.uni: Add Protocol, PCDs and string
>     tokens
>   MdeModulePkg/SmmMemoryAttribute.h: Add new protocol definitions
>   UefiCpuPkg/CpuDxe: Reduce debug message
>   MdeModulePkg/DxeIpl: Enable paging for heap guard
>   MdeModulePkg/DxeCore: Implement heap guard feature for UEFI
>   UefiCpuPkg/PiSmmCpuDxeSmm: Add SmmMemoryAttribute protocol
>   MdeModulePkg/PiSmmCore: Implement heap guard feature for SMM mode
> 
>  MdeModulePkg/Core/Dxe/DxeMain.inf                  |    4 +
>  MdeModulePkg/Core/Dxe/Mem/HeapGuard.c              | 1182 ++++++++++++++++
>  MdeModulePkg/Core/Dxe/Mem/HeapGuard.h              |  394 ++++++
>  MdeModulePkg/Core/Dxe/Mem/Imem.h                   |   38 +-
>  MdeModulePkg/Core/Dxe/Mem/Page.c                   |  130 +-
>  MdeModulePkg/Core/Dxe/Mem/Pool.c                   |  154 +-
>  MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf            |    1 +
>  MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c    |   36 +-
>  MdeModulePkg/Core/PiSmmCore/HeapGuard.c            | 1467 ++++++++++++++++++++
>  MdeModulePkg/Core/PiSmmCore/HeapGuard.h            |  398 ++++++
>  MdeModulePkg/Core/PiSmmCore/Page.c                 |   52 +-
>  MdeModulePkg/Core/PiSmmCore/PiSmmCore.c            |    7 +-
>  MdeModulePkg/Core/PiSmmCore/PiSmmCore.h            |   81 +-
>  MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf          |    8 +
>  MdeModulePkg/Core/PiSmmCore/Pool.c                 |   81 +-
>  MdeModulePkg/Include/Protocol/SmmMemoryAttribute.h |  136 ++
>  MdeModulePkg/MdeModulePkg.dec                      |   60 +
>  MdeModulePkg/MdeModulePkg.uni                      |   58 +
>  UefiCpuPkg/CpuDxe/CpuPageTable.c                   |    5 +-
>  UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c           |   10 +
>  UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c         |   20 +
>  UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h         |   98 ++
>  UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf       |    2 +
>  UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c |  163 +++
>  UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c            |   10 +-
>  25 files changed, 4496 insertions(+), 99 deletions(-)
>  create mode 100644 MdeModulePkg/Core/Dxe/Mem/HeapGuard.c
>  create mode 100644 MdeModulePkg/Core/Dxe/Mem/HeapGuard.h
>  create mode 100644 MdeModulePkg/Core/PiSmmCore/HeapGuard.c
>  create mode 100644 MdeModulePkg/Core/PiSmmCore/HeapGuard.h
>  create mode 100644 MdeModulePkg/Include/Protocol/SmmMemoryAttribute.h
> 

I applied your patches on top of edk2 master (76fd5a660d70,
"MdeModulePkg/AtaAtapiPassThru: disable only BM-DMA at
ExitBootServices()", 2017-10-26), and regression-tested the following
platforms:

* ArmVirtQemu, AARCH64, QEMU TCG (x86_64) host, Fedora 25 Server guest,
normal boot. (I figured I'd test this because the DXE_CORE modifications
affect aarch64 too.)

* OVMF, IA32, QEMU/KVM, Fedora 25 guest, Q35 machine type, SMM. Normal
boot and S3. UEFI variable access test.

* OVMF, IA32X64, QEMU/KVM, Fedora 26 guest, Q35 machine type, SMM.
Normal boot and S3. UEFI variable access test. "multiprocessing" test.

* OVMF, IA32X64, QEMU/KVM, Windows 10 guest, Q35 machine type, SMM.
Normal boot and S3.

* OVMF, X64, QEMU/KVM, Fedora 26 guest, i440fx machine type, no SMM.
Normal boot and S3. "multiprocessing" test.

The test case references are from
<https://github.com/tianocore/tianocore.github.io/wiki/Testing-SMM-with-QEMU,-KVM-and-libvirt>.

I didn't encounter any regressions.

For the series:

Regression-tested-by: Laszlo Ersek <lersek@redhat.com>

Thanks
Laszlo