From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <lersek@redhat.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=209.132.183.28; helo=mx1.redhat.com; envelope-from=lersek@redhat.com;
 receiver=edk2-devel@lists.01.org 
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 87B8A2117CE9E
 for <edk2-devel@lists.01.org>; Tue,  6 Nov 2018 08:13:09 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 5B3267F6C7;
 Tue,  6 Nov 2018 16:13:08 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-95.rdu2.redhat.com
 [10.10.120.95])
 by smtp.corp.redhat.com (Postfix) with ESMTP id C225E71C35;
 Tue,  6 Nov 2018 16:13:05 +0000 (UTC)
To: Ruiyu Ni <ruiyu.ni@intel.com>, edk2-devel@lists.01.org
Cc: Jiewen Yao <jiewen.yao@intel.com>, Eric Dong <eric.dong@intel.com>
References: <20181106025935.102620-1-ruiyu.ni@intel.com>
From: Laszlo Ersek <lersek@redhat.com>
Message-ID: <de5d784b-ce40-6f18-8797-96a36041aadb@redhat.com>
Date: Tue, 6 Nov 2018 17:13:04 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <20181106025935.102620-1-ruiyu.ni@intel.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.25]); Tue, 06 Nov 2018 16:13:08 +0000 (UTC)
Subject: Re: [PATCH] UefiCpuPkg/SmmCpu: Block SMM read-out only when static paging is used
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Nov 2018 16:13:10 -0000
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit

On 11/06/18 03:59, Ruiyu Ni wrote:
> From: Jiewen Yao <jiewen.yao@intel.com>
> 
> Today's implementation blocks SMM read-out no matter static paging
> is enabled or not. But certain platform may need to read non-SMM
> content from SMM code. These platforms don't have a way to disable
> the read-out blocking.
> 
> The patch updates the policy to only block SMM read-out when static
> paging is enabled. So that the static paging can be disabled for
> those platforms that want SMM read-out.
> 
> Setting PcdCpuSmmStaticPageTable to FALSE can disable the static
> paging.
> 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> ---
>  UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
> index 5bb7d57238..117502dafa 100644
> --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
> +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
> @@ -1,7 +1,7 @@
>  /** @file
>  Page Fault (#PF) handler for X64 processors
>  
> -Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
>  Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>  
>  This program and the accompanying materials
> @@ -890,7 +890,7 @@ SmiPFHandler (
>        CpuDeadLoop ();
>      }
>  
> -    if (IsSmmCommBufferForbiddenAddress (PFAddress)) {
> +    if (mCpuSmmStaticPageTable && IsSmmCommBufferForbiddenAddress (PFAddress)) {
>        DumpCpuContext (InterruptType, SystemContext);
>        DEBUG ((DEBUG_ERROR, "Access SMM communication forbidden address (0x%lx)!\n", PFAddress));
>        DEBUG_CODE (
> 

OVMF inherits the default TRUE value for PcdCpuSmmStaticPageTable, from
"UefiCpuPkg.dec", and that's intentional. Therefore this patch should be
a no-op from OVMF's perspective.

Acked-by: Laszlo Ersek <lersek@redhat.com>

More generally, is the use of PcdCpuSmmStaticPageTable for controlling
this kind of read-out just a convenience / simplification (in which case
I don't think it's great!), or are these topics inherently connected
somehow?

I remember that Jiewen said earlier that with "static paging" enabled
(i.e., building the page tables used in SMM all in advance), we provide
more page protection.

Also, I see that PcdCpuSmmProfileEnable can only be enabled with
PcdCpuSmmStaticPageTable set to FALSE.

So it seems that with PcdCpuSmmStaticPageTable set to TRUE, our page
fault handling in SMM is generally strict(er). This patch looks
consistent with that, but it would be nice if the commit message spelled
out why *exactly* it makes sense to use PcdCpuSmmStaticPageTable for
this new purpose as well.

(I hope my question makes sense. :) )

Thanks
Laszlo