Re: [edk2] [PATCH] Fix links in Maintainers.txt and remove slow, outdated sourceforge git mirror

2019-02-22 Thread Rebecca Cran via edk2-devel

On 2/22/19 10:18 PM, Rebecca Cran wrote:


-T: git (mirror) - http://git.code.sf.net/p/tianocore/edk2



I removed the sourceforge git mirror because the latest changeset is 
from a couple of weeks ago. We already have Github and Bitbucket, so I'm 
not sure of the value of having a third mirror that's relatively slow to 
clone and gets outdated?



--

Rebecca Cran

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


[edk2] [PATCH] Fix links in Maintainers.txt and remove slow, outdated sourceforge git mirror

2019-02-22 Thread Rebecca Cran via edk2-devel
---
 Maintainers.txt | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/Maintainers.txt b/Maintainers.txt
index 7f1061d6c1..d9d3d840c5 100644
--- a/Maintainers.txt
+++ b/Maintainers.txt
@@ -31,11 +31,10 @@ Descriptions of section entries:
 
 EDK II
 --
-W: http://www.tianocore.org/edk2/
-L: https://lists.sourceforge.net/lists/listinfo/edk2-devel
+W: https://github.com/tianocore/tianocore.github.io/wiki/EDK-II
+L: https://lists.01.org/mailman/listinfo/edk2-devel
 T: git - https://github.com/tianocore/edk2.git
 T: git (mirror) - https://bitbucket.org/tianocore/edk2.git
-T: git (mirror) - http://git.code.sf.net/p/tianocore/edk2
 T: svn (read-only, deprecated) - https://svn.code.sf.net/p/edk2/code/trunk/edk2
 
 Tianocore Stewards
@@ -203,7 +202,7 @@ W: 
https://github.com/tianocore/tianocore.github.io/wiki/OptionRomPkg
 M: Ruiyu Ni 
 
 OvmfPkg
-W: http://www.tianocore.org/ovmf/
+W: https://github.com/tianocore/tianocore.github.io/wiki/OVMF
 M: Jordan Justen 
 M: Laszlo Ersek 
 M: Ard Biesheuvel 
-- 
2.20.1

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


Re: [edk2] [PATCH] StdLib: Update resolv.conf to use Google's DNS servers.

2019-02-22 Thread Rebecca Cran via edk2-devel

Sorry, I've fixed the subject line and added maintainers to the Cc list.

This patch also changes the domain from intel.com to example.com, to be 
more applicable to consumers outside Intel.



--

Rebecca Cran


On 2/22/19 8:38 PM, Rebecca Cran wrote:

The current servers listed appear to be unusable. I suspect most
people will get correct DNS servers via DHCP, but the defaults
should work for anyone.
---
  StdLib/Efi/StdLib/etc/resolv.conf | 6 +++---
  1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/StdLib/Efi/StdLib/etc/resolv.conf 
b/StdLib/Efi/StdLib/etc/resolv.conf
index 3ac16ac230..724e6297b2 100644
--- a/StdLib/Efi/StdLib/etc/resolv.conf
+++ b/StdLib/Efi/StdLib/etc/resolv.conf
@@ -1,13 +1,13 @@
  #
  #   Domain name
  #
-domain  intel.com
+domain  example.com
  
  ;

  ;   Name Servers
  ;
-nameserver  206.63.63.61
-nameserver  216.251.100.1
+nameserver  8.8.8.8
+nameserver  8.8.4.4
  
  ; nameserver  10.248.2.1

  ; nameserver  10.22.224.204

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


[edk2] [PATCH] Update resolv.conf to use Google's DNS servers.

2019-02-22 Thread Rebecca Cran via edk2-devel
The current servers listed appear to be unusable. I suspect most
people will get correct DNS servers via DHCP, but the defaults
should work for anyone.
---
 StdLib/Efi/StdLib/etc/resolv.conf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/StdLib/Efi/StdLib/etc/resolv.conf 
b/StdLib/Efi/StdLib/etc/resolv.conf
index 3ac16ac230..724e6297b2 100644
--- a/StdLib/Efi/StdLib/etc/resolv.conf
+++ b/StdLib/Efi/StdLib/etc/resolv.conf
@@ -1,13 +1,13 @@
 #
 #   Domain name
 #
-domain  intel.com
+domain  example.com
 
 ;
 ;   Name Servers
 ;
-nameserver  206.63.63.61
-nameserver  216.251.100.1
+nameserver  8.8.8.8
+nameserver  8.8.4.4
 
 ; nameserver  10.248.2.1
 ; nameserver  10.22.224.204
-- 
2.20.1

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


Re: [edk2] [PATCH V3 0/4] Add SMM CET support

2019-02-22 Thread Yao, Jiewen
Good comment!
Response inline


thank you!
Yao, Jiewen


> 在 2019年2月23日,上午5:42,Laszlo Ersek  写道:
> 
> Hi Jiewen,
> 
>> On 02/22/19 14:30, Jiewen Yao wrote:
>> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1521
>> 
>> V3:
>> Add Nasm.inc to include CET related instruction as MACRO.
>> This is the only place to use DB.
>> Any other NASM just use the MACRO - 
>> SETSSBSY, READSSP_[E|R]AX, INCSSP_[E|R]AX
>> =
>> 
>> V2:
>> Fix emulation platform issue.
>> The NT32 platform cannot access CR4 register.
>> So we add a global PCD to choose disable CR4 access in SetJump/LongJump.
>> gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask
>> =
> 
> (1) I think there is another difference (I don't know if it was
> introduced in v2 or in v3; I only compared v1<->v3). It seems that the
> LongJump / SetJump changes for IA32 MSFT were implemented in v2/v3 as well.
[jiewen] you are right. I realize that I forgot to Chang the C file. I only 
changed the nasm file in V1. This is not caught because we don’t have IA32 CET 
enabled platform, as I mentioned in V1 comment.
I think we should only have 1 solution. Both C and Nasm is a bad choice, that 
increase the maintenance effort and validation effort. 
I have talked with Liming. Hope we will do sth after Q1 release. 

> 
> (2) When we introduce another bit for
> PcdControlFlowEnforcementPropertyMask, we'll have to update the checks,
> because currently we check the whole PCD against zero. When the next bit
> is introduced, we'll have to use a bitmask (with value 1) for checking.
> Anyway that can indeed be a later enhancement, just stating what I've
> noticed.
[jiewen] Yes I did think a lot what check we should do.
The potential future bit is: 1) SMM IBT support. 2) DXE SSP support. 3) DXE IBT 
support. We have not done IBT yet today because it depends upon compiler 
update. For DXE I did POC as test environment. 
If we add SMM IBT, some check should be global CET. Some should be SSP 
specific. Case by case. I think we can cross the bridge when we come to it. 

Anyway both 1 and 2 are excellent feedback. Appreciate your review.  


> 
> (3) For the series:
> 
> Regression-tested-by: Laszlo Ersek 
[jiewen] thank you!
> 
> Thanks,
> Laszlo
> 
>> 
>> This patch series implement add CET ShadowStack support for SMM.
>> 
>> The CET document can be found at:
>> https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf
>> 
>> Patch 1 adds SSP (ShadowStackPointer) to JUMP_BUFFER.
>> Patch 2 adds Control Protection exception (CP#) dump info.
>> Patch 3 adds CET ShadowStack support in SMM.
>> 
>> For more detail please refer to each patch. 
>> 
>> I also post all update to https://github.com/jyao1/edk2/tree/CET_V2
>> 
>> Cc: Michael D Kinney 
>> Cc: Liming Gao 
>> Cc: Eric Dong 
>> Cc: Ray Ni 
>> Cc: Laszlo Ersek 
>> Contributed-under: TianoCore Contribution Agreement 1.1
>> Signed-off-by: Yao Jiewen 
>> 
>> Jiewen Yao (4):
>>  MdePkg/Include: Add Nasm.inc
>>  MdePkg/BaseLib: Add Shadow Stack Support for X86.
>>  UefiCpuPkg/ExceptionLib: Add CET support.
>>  UefiCpuPkg/PiSmmCpu: Add Shadow Stack Support for X86 SMM.
>> 
>> MdePkg/Include/Ia32/Nasm.inc  |  28 
>> MdePkg/Include/Library/BaseLib.h  |   2 +
>> MdePkg/Include/X64/Nasm.inc   |  28 
>> MdePkg/Library/BaseLib/BaseLib.inf|   3 +-
>> MdePkg/Library/BaseLib/Ia32/LongJump.c|  28 +++-
>> MdePkg/Library/BaseLib/Ia32/LongJump.nasm |  25 +++-
>> MdePkg/Library/BaseLib/Ia32/SetJump.c |  28 +++-
>> MdePkg/Library/BaseLib/Ia32/SetJump.nasm  |  23 +++-
>> MdePkg/Library/BaseLib/X64/LongJump.nasm  |  27 +++-
>> MdePkg/Library/BaseLib/X64/SetJump.nasm   |  23 +++-
>> MdePkg/MdePkg.dec |   7 +
>> .../Include/Library/SmmCpuFeaturesLib.h   |  23 +++-
>> .../CpuExceptionCommon.c  |   7 +-
>> .../CpuExceptionCommon.h  |   3 +-
>> .../Ia32/ArchExceptionHandler.c   |   5 +-
>> .../X64/ArchExceptionHandler.c|   5 +-
>> UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm   |  39 ++
>> UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c  |  38 +-
>> UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm  |  99 ++-
>> .../PiSmmCpuDxeSmm/Ia32/SmiException.nasm |   6 +-
>> UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c |  57 -
>> UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c |  12 +-
>> UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c|  97 --
>> UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h| 103 ++-
>> UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf  |   6 +-
>> .../PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c   |  85 -
>> UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c|  18 ++-
>> UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h|   4 +-
>> UefiCpuPkg/PiSmmCpuDxeSmm/SmramSaveState.c|   4 +-
>> UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet

Re: [edk2] [Patch] BaseTools: Enable component override functionality

2019-02-22 Thread Felix Polyudov
Bob,

Do you know if DSC specification has been updated to document this new behavior?
If not, it should be updated.

-Original Message-
From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of BobCF
Sent: Thursday, January 10, 2019 9:39 PM
To: edk2-devel@lists.01.org
Cc: Carsey Jaben; Liming Gao
Subject: [edk2] [Patch] BaseTools: Enable component override functionality

https://bugzilla.tianocore.org/show_bug.cgi?id=1449
This patch enable build tools to recognize that
when two given files have the same GUID, file path and ARCH in Dsc,
The later one's definition will be used.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Bob Feng 
Cc: Liming Gao 
Cc: Carsey Jaben 
---
 .../Source/Python/Workspace/DscBuildData.py   | 24 ---
 .../Source/Python/Workspace/MetaFileParser.py |  5 
 .../Source/Python/Workspace/MetaFileTable.py  |  7 --
 3 files changed, 25 insertions(+), 11 deletions(-)

diff --git a/BaseTools/Source/Python/Workspace/DscBuildData.py 
b/BaseTools/Source/Python/Workspace/DscBuildData.py
index 7e82e8e934..f9805f58f5 100644
--- a/BaseTools/Source/Python/Workspace/DscBuildData.py
+++ b/BaseTools/Source/Python/Workspace/DscBuildData.py
@@ -704,36 +704,44 @@ class DscBuildData(PlatformBuildClassObject):
 if TAB_DEFAULT_STORES_DEFAULT not in self.DefaultStores:
 self.DefaultStores[TAB_DEFAULT_STORES_DEFAULT] = (0, 
TAB_DEFAULT_STORES_DEFAULT)
 GlobalData.gDefaultStores = sorted(self.DefaultStores.keys())
 return self.DefaultStores
 
+def OverrideDuplicateModule(self):
+RecordList = self._RawData[MODEL_META_DATA_COMPONENT, self._Arch]
+Macros = self._Macros
+Macros["EDK_SOURCE"] = GlobalData.gEcpSource
+Components = {}
+for Record in RecordList:
+ModuleId = Record[6]
+file_guid = self._RawData[MODEL_META_DATA_HEADER, self._Arch, 
None, ModuleId]
+file_guid_str = file_guid[0][2] if file_guid else "NULL"
+ModuleFile = PathClass(NormPath(Record[0], Macros), 
GlobalData.gWorkspace, Arch=self._Arch)
+if self._Arch != TAB_ARCH_COMMON and 
(file_guid_str,str(ModuleFile)) in Components:
+
self._RawData.DisableOverrideComponent(Components[(file_guid_str,str(ModuleFile))])
+Components[(file_guid_str,str(ModuleFile))] = ModuleId
+self._RawData._PostProcessed = False
 ## Retrieve [Components] section information
 @property
 def Modules(self):
 if self._Modules is not None:
 return self._Modules
-
+self.OverrideDuplicateModule()
 self._Modules = OrderedDict()
 RecordList = self._RawData[MODEL_META_DATA_COMPONENT, self._Arch]
 Macros = self._Macros
 Macros["EDK_SOURCE"] = GlobalData.gEcpSource
 for Record in RecordList:
-DuplicatedFile = False
-
 ModuleFile = PathClass(NormPath(Record[0], Macros), 
GlobalData.gWorkspace, Arch=self._Arch)
 ModuleId = Record[6]
 LineNo = Record[7]
 
 # check the file validation
 ErrorCode, ErrorInfo = ModuleFile.Validate('.inf')
 if ErrorCode != 0:
 EdkLogger.error('build', ErrorCode, File=self.MetaFile, 
Line=LineNo,
 ExtraData=ErrorInfo)
-# Check duplication
-# If arch is COMMON, no duplicate module is checked since all 
modules in all component sections are selected
-if self._Arch != TAB_ARCH_COMMON and ModuleFile in self._Modules:
-DuplicatedFile = True
 
 Module = ModuleBuildClassObject()
 Module.MetaFile = ModuleFile
 
 # get module private library instance
@@ -792,12 +800,10 @@ class DscBuildData(PlatformBuildClassObject):
 else:
 OptionString = Module.BuildOptions[ToolChainFamily, 
ToolChain]
 Module.BuildOptions[ToolChainFamily, ToolChain] = 
OptionString + " " + Option
 
 RecordList = self._RawData[MODEL_META_DATA_HEADER, self._Arch, 
None, ModuleId]
-if DuplicatedFile and not RecordList:
-EdkLogger.error('build', FILE_DUPLICATED, File=self.MetaFile, 
ExtraData=str(ModuleFile), Line=LineNo)
 if RecordList:
 if len(RecordList) != 1:
 EdkLogger.error('build', OPTION_UNKNOWN, 'Only FILE_GUID 
can be listed in  section.',
 File=self.MetaFile, 
ExtraData=str(ModuleFile), Line=LineNo)
 ModuleFile = ProcessDuplicatedInf(ModuleFile, 
RecordList[0][2], GlobalData.gWorkspace)
diff --git a/BaseTools/Source/Python/Workspace/MetaFileParser.py 
b/BaseTools/Source/Python/Workspace/MetaFileParser.py
index 032220813b..a52e9229df 100644
--- a/BaseTools/Source/Python/Workspace/MetaFileParser.py
+++ b/BaseTools/Source/Python/Workspace/MetaFileParser.py
@@ 

Re: [edk2] [PATCH V3 0/4] Add SMM CET support

2019-02-22 Thread Laszlo Ersek
Hi Jiewen,

On 02/22/19 14:30, Jiewen Yao wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1521
> 
> V3:
> Add Nasm.inc to include CET related instruction as MACRO.
> This is the only place to use DB.
> Any other NASM just use the MACRO - 
> SETSSBSY, READSSP_[E|R]AX, INCSSP_[E|R]AX
> =
> 
> V2:
> Fix emulation platform issue.
> The NT32 platform cannot access CR4 register.
> So we add a global PCD to choose disable CR4 access in SetJump/LongJump.
> gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask
> =

(1) I think there is another difference (I don't know if it was
introduced in v2 or in v3; I only compared v1<->v3). It seems that the
LongJump / SetJump changes for IA32 MSFT were implemented in v2/v3 as well.

(2) When we introduce another bit for
PcdControlFlowEnforcementPropertyMask, we'll have to update the checks,
because currently we check the whole PCD against zero. When the next bit
is introduced, we'll have to use a bitmask (with value 1) for checking.
Anyway that can indeed be a later enhancement, just stating what I've
noticed.

(3) For the series:

Regression-tested-by: Laszlo Ersek 

Thanks,
Laszlo

> 
> This patch series implement add CET ShadowStack support for SMM.
> 
> The CET document can be found at:
> https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf
> 
> Patch 1 adds SSP (ShadowStackPointer) to JUMP_BUFFER.
> Patch 2 adds Control Protection exception (CP#) dump info.
> Patch 3 adds CET ShadowStack support in SMM.
> 
> For more detail please refer to each patch. 
> 
> I also post all update to https://github.com/jyao1/edk2/tree/CET_V2
> 
> Cc: Michael D Kinney 
> Cc: Liming Gao 
> Cc: Eric Dong 
> Cc: Ray Ni 
> Cc: Laszlo Ersek 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Yao Jiewen 
> 
> Jiewen Yao (4):
>   MdePkg/Include: Add Nasm.inc
>   MdePkg/BaseLib: Add Shadow Stack Support for X86.
>   UefiCpuPkg/ExceptionLib: Add CET support.
>   UefiCpuPkg/PiSmmCpu: Add Shadow Stack Support for X86 SMM.
> 
>  MdePkg/Include/Ia32/Nasm.inc  |  28 
>  MdePkg/Include/Library/BaseLib.h  |   2 +
>  MdePkg/Include/X64/Nasm.inc   |  28 
>  MdePkg/Library/BaseLib/BaseLib.inf|   3 +-
>  MdePkg/Library/BaseLib/Ia32/LongJump.c|  28 +++-
>  MdePkg/Library/BaseLib/Ia32/LongJump.nasm |  25 +++-
>  MdePkg/Library/BaseLib/Ia32/SetJump.c |  28 +++-
>  MdePkg/Library/BaseLib/Ia32/SetJump.nasm  |  23 +++-
>  MdePkg/Library/BaseLib/X64/LongJump.nasm  |  27 +++-
>  MdePkg/Library/BaseLib/X64/SetJump.nasm   |  23 +++-
>  MdePkg/MdePkg.dec |   7 +
>  .../Include/Library/SmmCpuFeaturesLib.h   |  23 +++-
>  .../CpuExceptionCommon.c  |   7 +-
>  .../CpuExceptionCommon.h  |   3 +-
>  .../Ia32/ArchExceptionHandler.c   |   5 +-
>  .../X64/ArchExceptionHandler.c|   5 +-
>  UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm   |  39 ++
>  UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c  |  38 +-
>  UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm  |  99 ++-
>  .../PiSmmCpuDxeSmm/Ia32/SmiException.nasm |   6 +-
>  UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c |  57 -
>  UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c |  12 +-
>  UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c|  97 --
>  UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h| 103 ++-
>  UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf  |   6 +-
>  .../PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c   |  85 -
>  UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c|  18 ++-
>  UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h|   4 +-
>  UefiCpuPkg/PiSmmCpuDxeSmm/SmramSaveState.c|   4 +-
>  UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm|  40 ++
>  UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c   |  39 +-
>  UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm   | 120 +-
>  UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c  |  58 -
>  UefiCpuPkg/UefiCpuPkg.dec |   6 +-
>  34 files changed, 1034 insertions(+), 62 deletions(-)
>  create mode 100644 MdePkg/Include/Ia32/Nasm.inc
>  create mode 100644 MdePkg/Include/X64/Nasm.inc
>  create mode 100644 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm
>  create mode 100644 UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm
> 

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


Re: [edk2] Configure bugs.tianocore.org as an alias for bugzilla.tianocore.org?

2019-02-22 Thread stephano

On 2/22/2019 12:13 PM, Laszlo Ersek wrote:

On 02/22/19 20:56, stephano wrote:




That IP address maps back to
"ec2-54-245-252-80.us-west-2.compute.amazonaws.com" (reverse DNS).


Huh, good to know, thank you.

/me texting Bezos to complain...
___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


Re: [edk2] [edk2-announce] Soft Feature Freeze starts today for edk2-stable201903

2019-02-22 Thread Laszlo Ersek
Hi Liming,

On 02/22/19 15:25, Gao, Liming wrote:
> Hi, all
>   
> https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-Planning 
> lists edk2-stable201903 tag planning. Now, we enter into Soft Feature Freeze 
> phase. In this phase, the feature without Reviewed-by or Acked-by tags will 
> be delayed after the upcoming stable tag. The patch review can continue 
> without break. Below is edk2-stable201903 tag planning.
> 
> 2019-03-08 Beginning of development
> 2019-02-22 Soft Feature Freeze
> 2019-03-01 Hard Feature Freeze
> 2019-03-08 Release

I got the last missing R-b from Ray for my patch set

[edk2] [PATCH v3 0/5] MdeModulePkg, OvmfPkg, ArmVirtPkg: more visible
boot progress reporting

today (2019-02-22) at 12:50 in my time zone (CET = UTC+01:00). Before
pushing the series, I asked Ray to confirm one last thing about his
review. I consider the series properly reviewed, but due to this last
question, I expect I should push it early next week.

IMO that satisfies the soft feature freeze definition:

https://github.com/tianocore/tianocore.github.io/wiki/SoftFeatureFreeze

"By the date of the soft feature freeze, developers must have sent their
patches to the mailing list and received positive maintainer reviews
(Reviewed-by or Acked-by tags). [...] Between the soft feature freeze
and the hard feature freeze, previously reviewed and unit-tested
features may be applied (or merged) to the master branch, for
integration testing."

Do you (and others) agree?

If not, I won't insist -- while I'd certainly prefer these patches to be
in the upcoming stable tag, if the community perceives it would mean
bending the rules, I wouldn't want to do that. (Right now I don't think
it would bend the rules).

Thanks,
Laszlo
___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


Re: [edk2] Configure bugs.tianocore.org as an alias for bugzilla.tianocore.org?

2019-02-22 Thread Laszlo Ersek
On 02/22/19 20:56, stephano wrote:
> 
> On 2/21/2019 4:15 PM, Rebecca Cran via edk2-devel wrote:
>> Could we allow people to access the Bugzilla tracker via
>> bugs.tianocore.org (in addition to bugzilla.tianocore.org) please?
> 
> Sure, let me look into this. I know it is an "easy" fix, but I'm not the
> admin, so I'll work with that vendor and we'll see how "easy" it is to
> work with them. :)
> 
>>
>> It looks like .tianocore.org (except www, bugzilla etc.) is
>> configured as address 54.245.252.80, which just times out trying to
>> access via http or https.

That IP address maps back to
"ec2-54-245-252-80.us-west-2.compute.amazonaws.com" (reverse DNS).

Thanks
Laszlo

>>
>>
> 
> Huh. Okay. That's strange.
> 
> I'll ask about this as well.
> 
> Cheers,
> Stephano
> ___
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


Re: [edk2] [Patch V2] BaseTool: Fixed incremental rebuild issue.

2019-02-22 Thread Laszlo Ersek
On 02/22/19 20:21, Ard Biesheuvel wrote:
> On Fri, 22 Feb 2019 at 08:26, Gao, Liming  wrote:
>>
>> Reviewed-by: Liming Gao 
>>
> 
> Incremental builds are still broken for me, even with this patch. Is
> anyone else seeing the same?

I am not; but I've been using Python3.4 for a while now (it is needed by
another package on my system, and then the build tools find it too).

The regression is attributed to commit d943b0c339fe ("BaseTools: Handle
the bytes and str difference", 2019-02-01), which I believe is related
to the python2/3 conversion. So I assume python3.4 masks the problem.

Thanks
Laszlo

>>> -Original Message-
>>> From: Feng, Bob C
>>> Sent: Wednesday, February 20, 2019 11:22 PM
>>> To: edk2-devel@lists.01.org
>>> Cc: Feng, Bob C ; Gao, Liming 
>>> Subject: [Patch V2] BaseTool: Fixed incremental rebuild issue.
>>>
>>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1540
>>>
>>> This issue in introduced by commit
>>> d943b0c339fe3d35ffdf9f580ccb7a55915c6854
>>>
>>> To convert bytes to string, we need to use bytes.decode()
>>> instead of using str(bytes).
>>>
>>> If the source file is not a txt file, ignore that file.
>>>
>>> Contributed-under: TianoCore Contribution Agreement 1.1
>>> Signed-off-by: Bob Feng 
>>> Cc: Liming Gao 
>>> ---
>>> BaseTools/Source/Python/AutoGen/GenMake.py  | 16 
>>> .../Source/Python/Workspace/DscBuildData.py | 17 -
>>> 2 files changed, 16 insertions(+), 17 deletions(-)
>>>
>>> diff --git a/BaseTools/Source/Python/AutoGen/GenMake.py
>>> b/BaseTools/Source/Python/AutoGen/GenMake.py
>>> index 53c5b8577d..b441817b52 100644
>>> --- a/BaseTools/Source/Python/AutoGen/GenMake.py
>>> +++ b/BaseTools/Source/Python/AutoGen/GenMake.py
>>> @@ -1043,18 +1043,18 @@ cleanlib:
>>> Fd.close()
>>> except BaseException as X:
>>> EdkLogger.error("build", FILE_OPEN_FAILURE, 
>>> ExtraData=F.Path +
>>> "\n\t" + str(X))
>>> if len(FileContent) == 0:
>>> continue
>>> -
>>> -if FileContent[0] == 0xff or FileContent[0] == 0xfe:
>>> -FileContent = FileContent.decode('utf-16')
>>> -else:
>>> -try:
>>> -FileContent = str(FileContent)
>>> -except:
>>> -pass
>>> +try:
>>> +if FileContent[0] == 0xff or FileContent[0] == 0xfe:
>>> +FileContent = FileContent.decode('utf-16')
>>> +else:
>>> +FileContent = FileContent.decode()
>>> +except:
>>> +# The file is not txt file. for example .mcb file
>>> +continue
>>> IncludedFileList = gIncludePattern.findall(FileContent)
>>>
>>> for Inc in IncludedFileList:
>>> Inc = Inc.strip()
>>> # if there's macro used to reference header file, 
>>> expand it
>>> diff --git a/BaseTools/Source/Python/Workspace/DscBuildData.py
>>> b/BaseTools/Source/Python/Workspace/DscBuildData.py
>>> index 1ffefe6e7e..7221946062 100644
>>> --- a/BaseTools/Source/Python/Workspace/DscBuildData.py
>>> +++ b/BaseTools/Source/Python/Workspace/DscBuildData.py
>>> @@ -153,19 +153,18 @@ def GetDependencyList(FileStack, SearchPathList):
>>> Fd.close()
>>>
>>> if len(FileContent) == 0:
>>> continue
>>>
>>> -if FileContent[0] == 0xff or FileContent[0] == 0xfe:
>>> -FileContent = FileContent.decode('utf-16')
>>> -IncludedFileList = gIncludePattern.findall(FileContent)
>>> -else:
>>> -try:
>>> -FileContent = str(FileContent)
>>> -IncludedFileList = gIncludePattern.findall(FileContent)
>>> -except:
>>> -pass
>>> +try:
>>> +if FileContent[0] == 0xff or FileContent[0] == 0xfe:
>>> +FileContent = FileContent.decode('utf-16')
>>> +else:
>>> +FileContent = FileContent.decode()
>>> +except:
>>> +# The file is not txt file. for example .mcb file
>>> +continue
>>> IncludedFileList = gIncludePattern.findall(FileContent)
>>>
>>> for Inc in IncludedFileList:
>>> Inc = Inc.strip()
>>> Inc = os.path.normpath(Inc)
>>> --
>>> 2.18.0.windows.1
>>
>> ___
>> edk2-devel mailing list
>> edk2-devel@lists.01.org
>> https://lists.01.org/mailman/listinfo/edk2-devel

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


Re: [edk2] Configure bugs.tianocore.org as an alias for bugzilla.tianocore.org?

2019-02-22 Thread stephano



On 2/21/2019 4:15 PM, Rebecca Cran via edk2-devel wrote:
Could we allow people to access the Bugzilla tracker via 
bugs.tianocore.org (in addition to bugzilla.tianocore.org) please?


Sure, let me look into this. I know it is an "easy" fix, but I'm not the 
admin, so I'll work with that vendor and we'll see how "easy" it is to 
work with them. :)




It looks like .tianocore.org (except www, bugzilla etc.) is 
configured as address 54.245.252.80, which just times out trying to 
access via http or https.





Huh. Okay. That's strange.

I'll ask about this as well.

Cheers,
Stephano
___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


[edk2] [PATCH v1 1/1] ArmPkg: Fix writes to GICv3 GICD_IROUTER reg

2019-02-22 Thread Sami Mujawar
According to ARM Generic Interrupt Controller Architecture
Specification, GIC architecture version 3.0 and version 4.0,
GICD_IROUTER is a 64-bit register.

Fixed code to use 64 bit MMIO write operations so that the
Aff3 value (bits [39:32]) is written to GICD_IROUTER.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Sami Mujawar 
Reported-by: Carl van Schaik 
---

The changes can be seen at 
https://github.com/samimujawar/edk2/tree/352_fix_gicv3_GICD_IROUTERn_v1


 ArmPkg/Drivers/ArmGic/GicV3/ArmGicV3Dxe.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ArmPkg/Drivers/ArmGic/GicV3/ArmGicV3Dxe.c 
b/ArmPkg/Drivers/ArmGic/GicV3/ArmGicV3Dxe.c
index 
1558db31713a828f324a807583076b21dd3302d0..67c74f79654586f8b6e47795d3c7400b88172d6e
 100644
--- a/ArmPkg/Drivers/ArmGic/GicV3/ArmGicV3Dxe.c
+++ b/ArmPkg/Drivers/ArmGic/GicV3/ArmGicV3Dxe.c
@@ -1,6 +1,6 @@
 /** @file
 *
-*  Copyright (c) 2011-2017, ARM Limited. All rights reserved.
+*  Copyright (c) 2011-2018, ARM Limited. All rights reserved.
 *
 *  This program and the accompanying materials
 *  are licensed and made available under the terms and conditions of the BSD 
License
@@ -467,7 +467,7 @@ GicV3DxeInitialize (
 
 // Route the SPIs to the primary CPU. SPIs start at the INTID 32
 for (Index = 0; Index < (mGicNumInterrupts - 32); Index++) {
-  MmioWrite32 (
+  MmioWrite64 (
 mGicDistributorBase + ARM_GICD_IROUTER + (Index * 8),
 CpuTarget
 );
-- 
'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'


___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


Re: [edk2] [Patch V2] BaseTool: Fixed incremental rebuild issue.

2019-02-22 Thread Ard Biesheuvel
On Fri, 22 Feb 2019 at 08:26, Gao, Liming  wrote:
>
> Reviewed-by: Liming Gao 
>

Incremental builds are still broken for me, even with this patch. Is
anyone else seeing the same?


> >-Original Message-
> >From: Feng, Bob C
> >Sent: Wednesday, February 20, 2019 11:22 PM
> >To: edk2-devel@lists.01.org
> >Cc: Feng, Bob C ; Gao, Liming 
> >Subject: [Patch V2] BaseTool: Fixed incremental rebuild issue.
> >
> >BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1540
> >
> >This issue in introduced by commit
> >d943b0c339fe3d35ffdf9f580ccb7a55915c6854
> >
> >To convert bytes to string, we need to use bytes.decode()
> >instead of using str(bytes).
> >
> >If the source file is not a txt file, ignore that file.
> >
> >Contributed-under: TianoCore Contribution Agreement 1.1
> >Signed-off-by: Bob Feng 
> >Cc: Liming Gao 
> >---
> > BaseTools/Source/Python/AutoGen/GenMake.py  | 16 
> > .../Source/Python/Workspace/DscBuildData.py | 17 -
> > 2 files changed, 16 insertions(+), 17 deletions(-)
> >
> >diff --git a/BaseTools/Source/Python/AutoGen/GenMake.py
> >b/BaseTools/Source/Python/AutoGen/GenMake.py
> >index 53c5b8577d..b441817b52 100644
> >--- a/BaseTools/Source/Python/AutoGen/GenMake.py
> >+++ b/BaseTools/Source/Python/AutoGen/GenMake.py
> >@@ -1043,18 +1043,18 @@ cleanlib:
> > Fd.close()
> > except BaseException as X:
> > EdkLogger.error("build", FILE_OPEN_FAILURE, 
> > ExtraData=F.Path +
> >"\n\t" + str(X))
> > if len(FileContent) == 0:
> > continue
> >-
> >-if FileContent[0] == 0xff or FileContent[0] == 0xfe:
> >-FileContent = FileContent.decode('utf-16')
> >-else:
> >-try:
> >-FileContent = str(FileContent)
> >-except:
> >-pass
> >+try:
> >+if FileContent[0] == 0xff or FileContent[0] == 0xfe:
> >+FileContent = FileContent.decode('utf-16')
> >+else:
> >+FileContent = FileContent.decode()
> >+except:
> >+# The file is not txt file. for example .mcb file
> >+continue
> > IncludedFileList = gIncludePattern.findall(FileContent)
> >
> > for Inc in IncludedFileList:
> > Inc = Inc.strip()
> > # if there's macro used to reference header file, 
> > expand it
> >diff --git a/BaseTools/Source/Python/Workspace/DscBuildData.py
> >b/BaseTools/Source/Python/Workspace/DscBuildData.py
> >index 1ffefe6e7e..7221946062 100644
> >--- a/BaseTools/Source/Python/Workspace/DscBuildData.py
> >+++ b/BaseTools/Source/Python/Workspace/DscBuildData.py
> >@@ -153,19 +153,18 @@ def GetDependencyList(FileStack, SearchPathList):
> > Fd.close()
> >
> > if len(FileContent) == 0:
> > continue
> >
> >-if FileContent[0] == 0xff or FileContent[0] == 0xfe:
> >-FileContent = FileContent.decode('utf-16')
> >-IncludedFileList = gIncludePattern.findall(FileContent)
> >-else:
> >-try:
> >-FileContent = str(FileContent)
> >-IncludedFileList = gIncludePattern.findall(FileContent)
> >-except:
> >-pass
> >+try:
> >+if FileContent[0] == 0xff or FileContent[0] == 0xfe:
> >+FileContent = FileContent.decode('utf-16')
> >+else:
> >+FileContent = FileContent.decode()
> >+except:
> >+# The file is not txt file. for example .mcb file
> >+continue
> > IncludedFileList = gIncludePattern.findall(FileContent)
> >
> > for Inc in IncludedFileList:
> > Inc = Inc.strip()
> > Inc = os.path.normpath(Inc)
> >--
> >2.18.0.windows.1
>
> ___
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


Re: [edk2] [PATCH v3 1/5] MdeModulePkg/UefiBootManagerLib: fix LoadImage/StartImage status code rep.

2019-02-22 Thread Laszlo Ersek
On 02/22/19 12:50, Ni, Ray wrote:
> 
>> -Original Message-
>> From: Laszlo Ersek [mailto:ler...@redhat.com]
>> Sent: Thursday, February 21, 2019 6:41 PM
>> To: edk2-devel@lists.01.org
>> Cc: Bi, Dandan ; Wu, Hao A ;
>> Wang, Jian J ; Ni, Ray ; Sean Brogan
>> ; Zeng, Star 
>> Subject: [PATCH v3 1/5] MdeModulePkg/UefiBootManagerLib: fix
>> LoadImage/StartImage status code rep.
> 
> 
>> +  if (!ReportErrorCodeEnabled ()) {
>> +return;
>> +  }
> 
> Sorry I didn't notice this piece of code in V2.
> The if-check-return code is not needed here.
> Because the implementation of ReportStatusCodeLib is
> responsible to do the filter.
> See below:
> 
> EFI_STATUS
> InternalReportStatusCode (
>   IN EFI_STATUS_CODE_TYPE Type,
>   IN EFI_STATUS_CODE_VALUEValue,
>   IN UINT32   Instance,
>   IN CONST EFI_GUID   *CallerId OPTIONAL,
>   IN EFI_STATUS_CODE_DATA *Data OPTIONAL
>   )
> {
>   if ((ReportProgressCodeEnabled() && ((Type) & EFI_STATUS_CODE_TYPE_MASK) == 
> EFI_PROGRESS_CODE) ||
>   (ReportErrorCodeEnabled() && ((Type) & EFI_STATUS_CODE_TYPE_MASK) == 
> EFI_ERROR_CODE) ||
>   (ReportDebugCodeEnabled() && ((Type) & EFI_STATUS_CODE_TYPE_MASK) == 
> EFI_DEBUG_CODE)) {
> ...

Yes, I was fully aware of that.

However:

The issue is that, in the BmReportLoadFailure() function, we do some
work *before* we call REPORT_STATUS_CODE_EX(). We have an ASSERT(), a
ZeroMem(), and a field assignment.

If status code reporting is disabled for EFI_ERROR_CODE in the platform,
then said work will be wasted. We can optimize this by checking for
ReportErrorCodeEnabled() up-front, because we know for sure that later
on we will report the status code with EFI_ERROR_CODE type.

In other words, this approach is similar to DEBUG_CODE(). In some cases,
logging a piece of information with DEBUG() takes non-trivial
computation. And it would be a waste, for example in RELEASE builds, to
perform the computation, and then throw away only the result (the log
message). Therefore the DEBUG_CODE macro is used, and the whole work is
eliminated in RELEASE builds.

The idea is the same here. If the compiler can statically deduce that
ReportErrorCodeEnabled() will always return FALSE -- for example because
the ReportStatusCodeLib instance in question looks at
"PcdReportStatusCodePropertyMask", and the PCD is Fixed-at-Build, and
the corresponding bit is clear --, then the compiler can eliminate the
entire BmReportLoadFailure() function. This is good for both flash usage
and for performance.

I'm fine either way, but first, please confirm again that you really
want me to remove the ReportErrorCodeEnabled() check, before pushing.

Thanks!
Laszlo


> 
> 
> With the removal of the three lines code, Reviewed-by: Ray Ni 
> 
> 

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


Re: [edk2] [patch edk2-wiki] Update ECC wiki page

2019-02-22 Thread Gao, Liming
Reviewed-by: Liming Gao 

> -Original Message-
> From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Bi, 
> Dandan
> Sent: Monday, February 18, 2019 3:36 PM
> To: edk2-devel@lists.01.org
> Cc: Gao, Liming 
> Subject: [edk2] [patch edk2-wiki] Update ECC wiki page
> 
> Update ECC wiki page to record how to solve the
> problem “ModuleNotFoundError: No module named 'antlr4'”
> when run ECC tool with python3.x.
> 
> Cc: Liming Gao 
> Cc: Bob Feng 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Dandan Bi 
> ---
>  ECC-tool.md | 15 ---
>  1 file changed, 12 insertions(+), 3 deletions(-)
> 
> diff --git a/ECC-tool.md b/ECC-tool.md
> index eaf4137..03dbb30 100644
> --- a/ECC-tool.md
> +++ b/ECC-tool.md
> @@ -12,18 +12,27 @@ Steps to run ECC tool:
>  **1). Enter edk2 directory, run: **edksetup.bat (**on Windows**)
>**Enter edk2 directory, run: **source edksetup.sh (**on 
> Linux**)
> 
>  **2). Then in edk2 directory, you can type "Ecc" to run ECC tool 
> directly**.
> 
> -**3). If you meet following error:**
> +**3). If you meet following errors:**
> +**Error 1:**
>  **import antlr3**
>  **ImportError: No module named antlr3**
> 
> -Since ECC depends on antlr V3.0.1, you can download it from 
> http://www.antlr3.org/download/Python/ 
> +This error may be met when you run ECC tool with python 2.x, then ECC 
> depends on antlr V3.0.1, you can download it from
> http://www.antlr3.org/download/Python/ 
>  After download and extract it, you can enter the antlr tool directory and 
> run: 
>  **C:\Python27\python.exe setup.py install** to install it.(**on Windows**) 
> 
> -**python setup.py install**" to install it, root access may be 
> required.(**on Linux**) 
> +**python setup.py install** to install it, root access may be required.(**on 
> Linux**) 
> +
> +**Error 2:**
> +**import antlr4 as antlr** 
> +**ModuleNotFoundError: No module named 'antlr4'** 
> +
> +This error may be met when you run ECC tool with python 3.x, then ECC 
> depends on antlr4, you can install it through following
> command.
> +**py -3 -m pip install antlr4-python3-runtime** to install it.(**on 
> Windows**) 
> +**sudo python3 -m pip install antlr4-python3-runtime** to install it. (**on 
> Linux**) 
> 
>  **4). You can type "Ecc -h/Ecc --help" to get the help info of ECC 
> tool**.
> 
>  **5). Common usage model:**
>  **Ecc -c config file  -e exception file  -t  the target directory which need 
> to be scanned by ECC -r the ECC scan result csv file**
> --
> 2.18.0.windows.1
> 
> ___
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


Re: [edk2] [Patch] BaseTools: Add parameter check for the AsciiStringToUint64

2019-02-22 Thread Gao, Liming
Bob:
  This function is used to convert string to UINT64. So, the string len should 
not be too long. I think UINT8 max value 255 is enough for its usage.

Thanks
Liming
> -Original Message-
> From: Feng, Bob C
> Sent: Friday, February 22, 2019 6:05 PM
> To: edk2-devel@lists.01.org
> Cc: Feng, Bob C ; Gao, Liming 
> Subject: [Patch] BaseTools: Add parameter check for the AsciiStringToUint64
> 
> If the input parameter AsciiString length is greater
> than 255, the GenFv will hang.
> 
> This patch is to fix this issue.
> 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Bob Feng 
> Cc: Liming Gao 
> ---
>  BaseTools/Source/C/Common/ParseInf.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/BaseTools/Source/C/Common/ParseInf.c 
> b/BaseTools/Source/C/Common/ParseInf.c
> index 3907f44331..b29f4c2f93 100644
> --- a/BaseTools/Source/C/Common/ParseInf.c
> +++ b/BaseTools/Source/C/Common/ParseInf.c
> @@ -493,11 +493,11 @@ Returns:
>EFI_SUCCESS   Number successfully converted.
>EFI_ABORTED   Invalid character encountered.
> 
>  --*/
>  {
> -  UINT8   Index;
> +  UINT32   Index;
>UINT64  Value;
>CHAR8   CurrentChar;
> 
>//
>// Initialize the result
> @@ -506,11 +506,11 @@ Returns:
>Index = 0;
> 
>//
>// Check input parameter
>//
> -  if (AsciiString == NULL || ReturnValue == NULL) {
> +  if (AsciiString == NULL || ReturnValue == NULL || strlen(AsciiString) > 
> 0x) {
>  return EFI_INVALID_PARAMETER;
>}
>while (AsciiString[Index] == ' ') {
>  Index ++;
>}
> --
> 2.20.1.windows.1

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


Re: [edk2] [PATCH V3 0/4] Add SMM CET support

2019-02-22 Thread Ni, Ray
Reviewed-by: Ray Ni 

> -Original Message-
> From: Yao, Jiewen
> Sent: Friday, February 22, 2019 9:31 PM
> To: edk2-devel@lists.01.org
> Cc: Kinney, Michael D ; Gao, Liming
> ; Dong, Eric ; Ni, Ray
> ; Laszlo Ersek ; Yao, Jiewen
> 
> Subject: [PATCH V3 0/4] Add SMM CET support
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1521
> 
> V3:
> Add Nasm.inc to include CET related instruction as MACRO.
> This is the only place to use DB.
> Any other NASM just use the MACRO -
> SETSSBSY, READSSP_[E|R]AX, INCSSP_[E|R]AX =
> 
> V2:
> Fix emulation platform issue.
> The NT32 platform cannot access CR4 register.
> So we add a global PCD to choose disable CR4 access in SetJump/LongJump.
> gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask
> =
> 
> This patch series implement add CET ShadowStack support for SMM.
> 
> The CET document can be found at:
> https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-
> enforcement-technology-preview.pdf
> 
> Patch 1 adds SSP (ShadowStackPointer) to JUMP_BUFFER.
> Patch 2 adds Control Protection exception (CP#) dump info.
> Patch 3 adds CET ShadowStack support in SMM.
> 
> For more detail please refer to each patch.
> 
> I also post all update to https://github.com/jyao1/edk2/tree/CET_V2
> 
> Cc: Michael D Kinney 
> Cc: Liming Gao 
> Cc: Eric Dong 
> Cc: Ray Ni 
> Cc: Laszlo Ersek 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Yao Jiewen 
> 
> Jiewen Yao (4):
>   MdePkg/Include: Add Nasm.inc
>   MdePkg/BaseLib: Add Shadow Stack Support for X86.
>   UefiCpuPkg/ExceptionLib: Add CET support.
>   UefiCpuPkg/PiSmmCpu: Add Shadow Stack Support for X86 SMM.
> 
>  MdePkg/Include/Ia32/Nasm.inc  |  28 
>  MdePkg/Include/Library/BaseLib.h  |   2 +
>  MdePkg/Include/X64/Nasm.inc   |  28 
>  MdePkg/Library/BaseLib/BaseLib.inf|   3 +-
>  MdePkg/Library/BaseLib/Ia32/LongJump.c|  28 +++-
>  MdePkg/Library/BaseLib/Ia32/LongJump.nasm |  25 +++-
>  MdePkg/Library/BaseLib/Ia32/SetJump.c |  28 +++-
>  MdePkg/Library/BaseLib/Ia32/SetJump.nasm  |  23 +++-
>  MdePkg/Library/BaseLib/X64/LongJump.nasm  |  27 +++-
>  MdePkg/Library/BaseLib/X64/SetJump.nasm   |  23 +++-
>  MdePkg/MdePkg.dec |   7 +
>  .../Include/Library/SmmCpuFeaturesLib.h   |  23 +++-
>  .../CpuExceptionCommon.c  |   7 +-
>  .../CpuExceptionCommon.h  |   3 +-
>  .../Ia32/ArchExceptionHandler.c   |   5 +-
>  .../X64/ArchExceptionHandler.c|   5 +-
>  UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm   |  39 ++
>  UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c  |  38 +-
>  UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm  |  99 ++-
>  .../PiSmmCpuDxeSmm/Ia32/SmiException.nasm |   6 +-
>  UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c |  57 -
>  UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c |  12 +-
>  UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c|  97 --
>  UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h| 103
> ++-
>  UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf  |   6 +-
>  .../PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c   |  85 -
>  UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c|  18 ++-
>  UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h|   4 +-
>  UefiCpuPkg/PiSmmCpuDxeSmm/SmramSaveState.c|   4 +-
>  UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm|  40 ++
>  UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c   |  39 +-
>  UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm   | 120
> +-
>  UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c  |  58 -
>  UefiCpuPkg/UefiCpuPkg.dec |   6 +-
>  34 files changed, 1034 insertions(+), 62 deletions(-)  create mode 100644
> MdePkg/Include/Ia32/Nasm.inc  create mode 100644
> MdePkg/Include/X64/Nasm.inc  create mode 100644
> UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm
>  create mode 100644 UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm
> 
> --
> 2.19.2.windows.1

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


Re: [edk2] [Patch edk2 wiki] Add new feature: WiFi Connection Manager for edk2-stable201903 in EDK-II-Release-Planning

2019-02-22 Thread Gao, Liming
Reviewed-by: Liming Gao 

> -Original Message-
> From: Wang, Fan
> Sent: Wednesday, February 13, 2019 11:27 AM
> To: edk2-devel@lists.01.org
> Cc: Gao, Liming 
> Subject: [Patch edk2 wiki] Add new feature: WiFi Connection Manager for 
> edk2-stable201903 in EDK-II-Release-Planning
> 
> Cc: Liming Gao 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Wang Fan 
> ---
>  EDK-II-Release-Planning.md | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/EDK-II-Release-Planning.md b/EDK-II-Release-Planning.md
> index f302be3..eba2afe 100644
> --- a/EDK-II-Release-Planning.md
> +++ b/EDK-II-Release-Planning.md
> @@ -23,9 +23,10 @@
>  * [Split the S3 phase device initialization codes from the OpalPassword PEI 
> driver](https://bugzilla.tianocore.org/show_bug.cgi?id=1409)
>  * [Remove PcdPeiCoreMaxXXX 
> PCDs](https://bugzilla.tianocore.org/show_bug.cgi?id=1405)
>  * [Remove unused tool logic in BaseTools 
> C\Python](https://bugzilla.tianocore.org/show_bug.cgi?id=1350)
>  * [BaseTools: Enable component override 
> functionality](https://bugzilla.tianocore.org/show_bug.cgi?id=1449)
>  * [SMM CET support](https://bugzilla.tianocore.org/show_bug.cgi?id=1521)
> +* [Add Wi-Fi Connection Manager to 
> NetworkPkg](https://bugzilla.tianocore.org/show_bug.cgi?id=1492)
>  * Standalone MM build of authenticated variable stack (bugzilla link TBD)
>  * TBD Bugzilla List
> 
>  ---
> --
> 2.16.2.windows.1

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


[edk2] [edk2-announce] Soft Feature Freeze starts today for edk2-stable201903

2019-02-22 Thread Gao, Liming
Hi, all
  https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-Planning 
lists edk2-stable201903 tag planning. Now, we enter into Soft Feature Freeze 
phase. In this phase, the feature without Reviewed-by or Acked-by tags will be 
delayed after the upcoming stable tag. The patch review can continue without 
break. Below is edk2-stable201903 tag planning.

2019-03-08 Beginning of development
2019-02-22 Soft Feature Freeze
2019-03-01 Hard Feature Freeze
2019-03-08 Release

Thanks
Liming

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


[edk2] [PATCH V3 2/4] MdePkg/BaseLib: Add Shadow Stack Support for X86.

2019-02-22 Thread Jiewen Yao
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1521

This patch adds SSP - shadow stack pointer to JumpBuffer.
It will be used for the platform that enabled CET/ShadowStack.

We add gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask
to control the global enable/disable.

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Eric Dong 
Cc: Ray Ni 
Cc: Laszlo Ersek 
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Yao Jiewen 
---
 MdePkg/Include/Library/BaseLib.h  |  2 ++
 MdePkg/Library/BaseLib/BaseLib.inf|  3 ++-
 MdePkg/Library/BaseLib/Ia32/LongJump.c| 28 +++-
 MdePkg/Library/BaseLib/Ia32/LongJump.nasm | 25 -
 MdePkg/Library/BaseLib/Ia32/SetJump.c | 28 +++-
 MdePkg/Library/BaseLib/Ia32/SetJump.nasm  | 23 +++-
 MdePkg/Library/BaseLib/X64/LongJump.nasm  | 27 ++-
 MdePkg/Library/BaseLib/X64/SetJump.nasm   | 23 +++-
 MdePkg/MdePkg.dec |  7 +
 9 files changed, 159 insertions(+), 7 deletions(-)

diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/BaseLib.h
index 9c42f82a7d..616ba2e95b 100644
--- a/MdePkg/Include/Library/BaseLib.h
+++ b/MdePkg/Include/Library/BaseLib.h
@@ -31,6 +31,7 @@ typedef struct {
   UINT32Ebp;
   UINT32Esp;
   UINT32Eip;
+  UINT32Ssp;
 } BASE_LIBRARY_JUMP_BUFFER;
 
 #define BASE_LIBRARY_JUMP_BUFFER_ALIGNMENT 4
@@ -54,6 +55,7 @@ typedef struct {
   UINT64Rip;
   UINT64MxCsr;
   UINT8 XmmBuffer[160]; ///< XMM6-XMM15.
+  UINT64Ssp;
 } BASE_LIBRARY_JUMP_BUFFER;
 
 #define BASE_LIBRARY_JUMP_BUFFER_ALIGNMENT 8
diff --git a/MdePkg/Library/BaseLib/BaseLib.inf 
b/MdePkg/Library/BaseLib/BaseLib.inf
index f25a067a23..a0d6c372f9 100644
--- a/MdePkg/Library/BaseLib/BaseLib.inf
+++ b/MdePkg/Library/BaseLib/BaseLib.inf
@@ -1,7 +1,7 @@
 ## @file
 #  Base Library implementation.
 #
-#  Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.
+#  Copyright (c) 2007 - 2019, Intel Corporation. All rights reserved.
 #  Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.
 #  Portions copyright (c) 2011 - 2013, ARM Ltd. All rights reserved.
 #
@@ -620,6 +620,7 @@
   gEfiMdePkgTokenSpaceGuid.PcdMaximumLinkedListLength  ## 
SOMETIMES_CONSUMES
   gEfiMdePkgTokenSpaceGuid.PcdMaximumAsciiStringLength ## 
SOMETIMES_CONSUMES
   gEfiMdePkgTokenSpaceGuid.PcdMaximumUnicodeStringLength   ## 
SOMETIMES_CONSUMES
+  gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask   ## 
SOMETIMES_CONSUMES
 
 [FeaturePcd]
   gEfiMdePkgTokenSpaceGuid.PcdVerifyNodeInList  ## CONSUMES
diff --git a/MdePkg/Library/BaseLib/Ia32/LongJump.c 
b/MdePkg/Library/BaseLib/Ia32/LongJump.c
index 73973a9cce..2c1feb8373 100644
--- a/MdePkg/Library/BaseLib/Ia32/LongJump.c
+++ b/MdePkg/Library/BaseLib/Ia32/LongJump.c
@@ -1,7 +1,7 @@
 /** @file
   Implementation of _LongJump() on IA-32.
 
-  Copyright (c) 2006 - 2008, Intel Corporation. All rights reserved.
+  Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
   This program and the accompanying materials
   are licensed and made available under the terms and conditions of the BSD 
License
   which accompanies this distribution.  The full text of the license may be 
found at
@@ -36,6 +36,32 @@ InternalLongJump (
   )
 {
   _asm {
+mov eax, [PcdGet32 (PcdControlFlowEnforcementPropertyMask)]
+testeax, eax
+jz  CetDone
+_emit  0x0F
+_emit  0x20
+_emit  0xE0; mov eax, cr4
+bt  eax, 23; check if CET is enabled
+jnc CetDone
+
+mov edx, [esp + 4] ; edx = JumpBuffer
+mov edx, [edx + 24]; edx = target SSP
+_emit  0xF3
+_emit  0x0F
+_emit  0x1E
+_emit  0xC8; READSSP EAX
+sub edx, eax   ; edx = delta
+mov eax, edx   ; eax = delta
+
+shr eax, 2 ; eax = delta/sizeof(UINT32)
+_emit  0xF3
+_emit  0x0F
+_emit  0xAE
+_emit  0xE8; INCSSP EAX
+
+CetDone:
+
 pop eax ; skip return address
 pop edx ; edx <- JumpBuffer
 pop eax ; eax <- Value
diff --git a/MdePkg/Library/BaseLib/Ia32/LongJump.nasm 
b/MdePkg/Library/BaseLib/Ia32/LongJump.nasm
index 7ef03462ee..57305d4981 100644
--- a/MdePkg/Library/BaseLib/Ia32/LongJump.nasm
+++ b/MdePkg/Library/BaseLib/Ia32/LongJump.nasm
@@ -1,6 +1,6 @@
 ;--
 ;
-; Copyright (c) 2006, Intel Corporation. All rights reserved.
+; Copyright (c) 2006 - 2019, Intel Corporation. All rights 

Re: [edk2] [PATCH 0/3] Add SMM CET support

2019-02-22 Thread Yao, Jiewen
The V3 patch is posted.
I add NASM.INC files.

Thank you
Yao Jiewen


> -Original Message-
> From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of
> Yao, Jiewen
> Sent: Friday, February 22, 2019 8:11 PM
> To: Laszlo Ersek ; edk2-devel@lists.01.org
> Cc: Kinney, Michael D ; Dong, Eric
> ; Gao, Liming 
> Subject: Re: [edk2] [PATCH 0/3] Add SMM CET support
> 
> Thanks Laszlo.
> 
> 2) I have checked NASM instruction list at
> https://www.nasm.us/xdoc/2.14.02/html/nasmdocb.html
> SSP related instruction is not there.
> 
> I believe using DB maybe the only choice at this moment.
> 
> I will create include file.
> 
> 3) I will fix comment. Thanks to catch that.
> 
> 
> 
> > -Original Message-
> > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of
> > Laszlo Ersek
> > Sent: Friday, February 22, 2019 8:01 PM
> > To: Yao, Jiewen ; edk2-devel@lists.01.org
> > Cc: Kinney, Michael D ; Dong, Eric
> > ; Gao, Liming 
> > Subject: Re: [edk2] [PATCH 0/3] Add SMM CET support
> >
> > On 02/22/19 05:15, Jiewen Yao wrote:
> > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1521
> > >
> > > This patch series implement add CET ShadowStack support for SMM.
> > >
> > > The CET document can be found at:
> > >
> >
> https://software.intel.com/sites/default/files/managed/4d/2a/control-flow
> > -enforcement-technology-preview.pdf
> > >
> > > Patch 1 adds SSP (ShadowStackPointer) to JUMP_BUFFER.
> > > Patch 2 adds Control Protection exception (CP#) dump info.
> > > Patch 3 adds CET ShadowStack support in SMM.
> > >
> > > For more detail please refer to each patch.
> > >
> > > I also post all update to https://github.com/jyao1/edk2/tree/CET
> > >
> > > Cc: Michael D Kinney 
> > > Cc: Liming Gao 
> > > Cc: Eric Dong 
> > > Cc: Ray Ni 
> > > Cc: Laszlo Ersek 
> > > Contributed-under: TianoCore Contribution Agreement 1.1
> > > Signed-off-by: Yao Jiewen 
> > >
> > > Jiewen Yao (3):
> > >   MdePkg/BaseLib: Add Shadow Stack Support for X86.
> > >   UefiCpuPkg/ExceptionLib: Add CET support.
> > >   UefiCpuPkg/PiSmmCpu: Add Shadow Stack Support for X86 SMM.
> >
> >
> > (1) For the series, in my usual environment:
> >
> > Regression-tested-by: Laszlo Ersek 
> >
> >
> > (2) I notice that the NASM code receives a bunch of DB encodings for
> > various instructions. I think that's a bad idea. It was pretty difficult
> > to eliminate DBs; please refer to
> > , and the commit
> > range aae02dccf5b0..d22c995a4814.
> >
> > As far as I can see, the DBs are added to encode three instructions,
> > namely READSSP, INCSSP, and SETSSBSY. Can you please confirm that the
> > only reason we use DBs for these instructions is that they are related
> > to the CET extension, and they are not yet supported by NASM? (Or at
> > least not by the NASM that that we require?)
> >
> > In other words, I'd like to be sure that the DBs are not used for
> > runtime instruction patching.
> >
> > Even that way, I think it would be better to use NASM macros for these
> > instructions. The code doesn't use many forms:
> >
> > * SETSSBSY:   DB 0xF3, 0x0F, 0x01, 0xE8
> > * READSSP EAX:DB 0xF3, 0x0F, 0x1E, 0xC8
> > * INCSSP EAX: DB 0xF3, 0x0F, 0xAE, 0xE8
> > * READSSP RAX:DB 0xF3, 0x48, 0x0F, 0x1E, 0xC8
> > * INCSSP RAX: DB 0xF3, 0x48, 0x0F, 0xAE, 0xE8
> >
> > (It seems that the EAX <-> RAX encodings, for READSSP and INCSSP, are
> > differentiated through the 0x48 REX.W prefix (64-bit operand size).)
> >
> > I think we should add the macros in a NASM include file under
> > "MdePkg/Include". Later, only those macros would have to be updated,
> > once NASM starts supporting these instructions directly.
> >
> > We've supported shared NASM include files since
> > . Therefore, both
> > UefiCpuPkg and MdePkg modules could consume the macros, from under
> > MdePkg/Include.
> >
> >
> > (3) In fact, looking at the DB encodings, I think some of the comments
> > are incorrect. Namely, in patch #3, in file
> > "UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm", function DisableCet, we
> > have
> >
> > +DB  0xF3, 0x0F, 0xAE, 0xE8   ; INCSSP RAX
> >
> > but that's INCSSP EAX, not RAX, in reality. (The code is correct, the
> > comment is wrong.) Using NASM macros would help us avoid such typos.
> >
> > Thanks
> > Laszlo
> >
> > ___
> > edk2-devel mailing list
> > edk2-devel@lists.01.org
> > https://lists.01.org/mailman/listinfo/edk2-devel
> ___
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


[edk2] [PATCH V3 4/4] UefiCpuPkg/PiSmmCpu: Add Shadow Stack Support for X86 SMM.

2019-02-22 Thread Jiewen Yao
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1521

We scan the SMM code with ROPgadget.
http://shell-storm.org/project/ROPgadget/
https://github.com/JonathanSalwan/ROPgadget/tree/master
This tool reports the gadget in SMM driver.

This patch enabled CET ShadowStack for X86 SMM.
If CET is supported, SMM will enable CET ShadowStack.
SMM CET will save the OS CET context at SmmEntry and
restore OS CET context at SmmExit.

Test:
1) test Intel internal platform (x64 only, CET enabled/disabled)
Boot test:
CET supported or not supported CPU
on CET supported platform
  CET enabled/disabled
  PcdCpuSmmCetEnable enabled/disabled
  Single core/Multiple core
  PcdCpuSmmStackGuard enabled/disabled
  PcdCpuSmmProfileEnable enabled/disabled
  PcdCpuSmmStaticPageTable enabled/disabled
CET exception test:
  #CF generated with PcdCpuSmmStackGuard enabled/disabled.
Other exception test:
  #PF for normal stack overflow
  #PF for NX protection
  #PF for RO protection
CET env test:
  Launch SMM in CET enabled/disabled environment (DXE) - no impact to DXE

The test case can be found at
https://github.com/jyao1/SecurityEx/tree/master/ControlFlowPkg

2) test ovmf (both IA32 and X64 SMM, CET disabled only)
test OvmfIa32/Ovmf3264, with -D SMM_REQUIRE.
  qemu-system-x86_64.exe -machine q35,smm=on -smp 4
-serial file:serial.log
-drive if=pflash,format=raw,unit=0,file=OVMF_CODE.fd,readonly=on
-drive if=pflash,format=raw,unit=1,file=OVMF_VARS.fd
QEMU emulator version 3.1.0 (v3.1.0-11736-g7a30e7adb0-dirty)

3) not tested
IA32 CET enabled platform

Cc: Eric Dong 
Cc: Ray Ni 
Cc: Laszlo Ersek 
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Yao Jiewen 
---
 UefiCpuPkg/Include/Library/SmmCpuFeaturesLib.h |  23 +++-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm|  39 +++
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c   |  38 ++-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm   |  99 +++-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.nasm   |   6 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c  |  57 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c  |  12 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c |  97 ++--
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 103 -
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf   |   6 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c |  85 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c |  18 ++-
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h |   4 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/SmramSaveState.c |   4 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm |  40 +++
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c|  39 ++-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm| 120 +++-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c   |  58 +-
 UefiCpuPkg/UefiCpuPkg.dec  |   6 +-
 19 files changed, 807 insertions(+), 47 deletions(-)

diff --git a/UefiCpuPkg/Include/Library/SmmCpuFeaturesLib.h 
b/UefiCpuPkg/Include/Library/SmmCpuFeaturesLib.h
index 4478003467..aec24b5dda 100644
--- a/UefiCpuPkg/Include/Library/SmmCpuFeaturesLib.h
+++ b/UefiCpuPkg/Include/Library/SmmCpuFeaturesLib.h
@@ -1,7 +1,7 @@
 /** @file
 Library that provides CPU specific functions to support the PiSmmCpuDxeSmm 
module.
 
-Copyright (c) 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved.
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD 
License
 which accompanies this distribution.  The full text of the license may be 
found at
@@ -160,14 +160,33 @@ SmmCpuFeaturesGetSmiHandlerSize (
   than zero and is called by the CPU that was elected as monarch during System
   Management Mode initialization.
 
+//
+// Append Shadow Stack after normal stack
+//
+// |= SmiStack
+// 
+--+---+
+// | Known Good Stack | Guard Page |SMM Stack | Known Good Shadow 
Stack | Guard Page |SMM Shadow Stack|
+// 
+--+---+
+// |   |PcdCpuSmmStackSize|
  |PcdCpuSmmShadowStackSize|
+// |< StackSize 
->|<- ShadowStackSize 
--->|
+// |   
   |
+// |< Processor N 
--->|
+// | low address (bottom)  
high address (top) |
+//

[edk2] [PATCH V3 0/4] Add SMM CET support

2019-02-22 Thread Jiewen Yao
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1521

V3:
Add Nasm.inc to include CET related instruction as MACRO.
This is the only place to use DB.
Any other NASM just use the MACRO - 
SETSSBSY, READSSP_[E|R]AX, INCSSP_[E|R]AX
=

V2:
Fix emulation platform issue.
The NT32 platform cannot access CR4 register.
So we add a global PCD to choose disable CR4 access in SetJump/LongJump.
gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask
=

This patch series implement add CET ShadowStack support for SMM.

The CET document can be found at:
https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf

Patch 1 adds SSP (ShadowStackPointer) to JUMP_BUFFER.
Patch 2 adds Control Protection exception (CP#) dump info.
Patch 3 adds CET ShadowStack support in SMM.

For more detail please refer to each patch. 

I also post all update to https://github.com/jyao1/edk2/tree/CET_V2

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Eric Dong 
Cc: Ray Ni 
Cc: Laszlo Ersek 
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Yao Jiewen 

Jiewen Yao (4):
  MdePkg/Include: Add Nasm.inc
  MdePkg/BaseLib: Add Shadow Stack Support for X86.
  UefiCpuPkg/ExceptionLib: Add CET support.
  UefiCpuPkg/PiSmmCpu: Add Shadow Stack Support for X86 SMM.

 MdePkg/Include/Ia32/Nasm.inc  |  28 
 MdePkg/Include/Library/BaseLib.h  |   2 +
 MdePkg/Include/X64/Nasm.inc   |  28 
 MdePkg/Library/BaseLib/BaseLib.inf|   3 +-
 MdePkg/Library/BaseLib/Ia32/LongJump.c|  28 +++-
 MdePkg/Library/BaseLib/Ia32/LongJump.nasm |  25 +++-
 MdePkg/Library/BaseLib/Ia32/SetJump.c |  28 +++-
 MdePkg/Library/BaseLib/Ia32/SetJump.nasm  |  23 +++-
 MdePkg/Library/BaseLib/X64/LongJump.nasm  |  27 +++-
 MdePkg/Library/BaseLib/X64/SetJump.nasm   |  23 +++-
 MdePkg/MdePkg.dec |   7 +
 .../Include/Library/SmmCpuFeaturesLib.h   |  23 +++-
 .../CpuExceptionCommon.c  |   7 +-
 .../CpuExceptionCommon.h  |   3 +-
 .../Ia32/ArchExceptionHandler.c   |   5 +-
 .../X64/ArchExceptionHandler.c|   5 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm   |  39 ++
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c  |  38 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm  |  99 ++-
 .../PiSmmCpuDxeSmm/Ia32/SmiException.nasm |   6 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c |  57 -
 UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c |  12 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c|  97 --
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h| 103 ++-
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf  |   6 +-
 .../PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c   |  85 -
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c|  18 ++-
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h|   4 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/SmramSaveState.c|   4 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm|  40 ++
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c   |  39 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm   | 120 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c  |  58 -
 UefiCpuPkg/UefiCpuPkg.dec |   6 +-
 34 files changed, 1034 insertions(+), 62 deletions(-)
 create mode 100644 MdePkg/Include/Ia32/Nasm.inc
 create mode 100644 MdePkg/Include/X64/Nasm.inc
 create mode 100644 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm
 create mode 100644 UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm

-- 
2.19.2.windows.1

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


[edk2] [PATCH V3 1/4] MdePkg/Include: Add Nasm.inc

2019-02-22 Thread Jiewen Yao
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1521

This is to add CET related instruction in Nasm
because CET instruction is not supported yet.

See https://www.nasm.us/xdoc/2.14.02/html/nasmdocb.html

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Eric Dong 
Cc: Ray Ni 
Cc: Laszlo Ersek 
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Yao Jiewen 
---
 MdePkg/Include/Ia32/Nasm.inc | 28 
 MdePkg/Include/X64/Nasm.inc  | 28 
 2 files changed, 56 insertions(+)

diff --git a/MdePkg/Include/Ia32/Nasm.inc b/MdePkg/Include/Ia32/Nasm.inc
new file mode 100644
index 00..c018bb3cae
--- /dev/null
+++ b/MdePkg/Include/Ia32/Nasm.inc
@@ -0,0 +1,28 @@
+;--
+;
+; Copyright (c) 2019, Intel Corporation. All rights reserved.
+; This program and the accompanying materials
+; are licensed and made available under the terms and conditions of the BSD 
License
+; which accompanies this distribution.  The full text of the license may be 
found at
+; http://opensource.org/licenses/bsd-license.php.
+;
+; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+;
+; Abstract:
+;
+;   This file provides macro definitions for NASM files.
+;
+;--
+
+%macro SETSSBSY0
+DB 0xF3, 0x0F, 0x01, 0xE8
+%endmacro
+
+%macro READSSP_EAX 0
+DB 0xF3, 0x0F, 0x1E, 0xC8
+%endmacro
+
+%macro INCSSP_EAX  0
+DB 0xF3, 0x0F, 0xAE, 0xE8
+%endmacro
diff --git a/MdePkg/Include/X64/Nasm.inc b/MdePkg/Include/X64/Nasm.inc
new file mode 100644
index 00..129a330212
--- /dev/null
+++ b/MdePkg/Include/X64/Nasm.inc
@@ -0,0 +1,28 @@
+;--
+;
+; Copyright (c) 2019, Intel Corporation. All rights reserved.
+; This program and the accompanying materials
+; are licensed and made available under the terms and conditions of the BSD 
License
+; which accompanies this distribution.  The full text of the license may be 
found at
+; http://opensource.org/licenses/bsd-license.php.
+;
+; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+;
+; Abstract:
+;
+;   This file provides macro definitions for NASM files.
+;
+;--
+
+%macro SETSSBSY0
+DB 0xF3, 0x0F, 0x01, 0xE8
+%endmacro
+
+%macro READSSP_RAX 0
+DB 0xF3, 0x48, 0x0F, 0x1E, 0xC8
+%endmacro
+
+%macro INCSSP_RAX  0
+DB 0xF3, 0x48, 0x0F, 0xAE, 0xE8
+%endmacro
-- 
2.19.2.windows.1

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


[edk2] [PATCH V3 3/4] UefiCpuPkg/ExceptionLib: Add CET support.

2019-02-22 Thread Jiewen Yao
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1521

Add information dump for Control Protection exception.

Cc: Eric Dong 
Cc: Ray Ni 
Cc: Laszlo Ersek 
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Yao Jiewen 
---
 UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c| 7 
---
 UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h| 3 ++-
 UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c | 5 +++--
 UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c  | 5 +++--
 4 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c 
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c
index 0576144a97..ca210d1de2 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c
@@ -1,7 +1,7 @@
 /** @file
   CPU Exception Handler Library common functions.
 
-  Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
+  Copyright (c) 2012 - 2019, Intel Corporation. All rights reserved.
   This program and the accompanying materials
   are licensed and made available under the terms and conditions of the BSD 
License
   which accompanies this distribution.  The full text of the license may be 
found at
@@ -20,7 +20,7 @@
 //
 // 1 means an error code will be pushed, otherwise 0
 //
-CONST UINT32 mErrorCodeFlag = 0x00027d00;
+CONST UINT32 mErrorCodeFlag = 0x00227d00;
 
 //
 // Define the maximum message length
@@ -49,7 +49,8 @@ CONST CHAR8 *mExceptionNameStr[] = {
   "#AC - Alignment Check",
   "#MC - Machine-Check",
   "#XM - SIMD floating-point",
-  "#VE - Virtualization"
+  "#VE - Virtualization",
+  "#CP - Control Protection"
 };
 
 #define EXCEPTION_KNOWN_NAME_NUM  (sizeof (mExceptionNameStr) / sizeof (CHAR8 
*))
diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h 
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h
index 83e55ab828..edf46cb60d 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h
@@ -1,7 +1,7 @@
 /** @file
   Common header file for CPU Exception Handler Library.
 
-  Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
+  Copyright (c) 2012 - 2019, Intel Corporation. All rights reserved.
   This program and the accompanying materials
   are licensed and made available under the terms and conditions of the BSD 
License
   which accompanies this distribution.  The full text of the license may be 
found at
@@ -39,6 +39,7 @@
 #define IA32_PF_EC_RSVD BIT3
 #define IA32_PF_EC_ID   BIT4
 #define IA32_PF_EC_PK   BIT5
+#define IA32_PF_EC_SS   BIT6
 #define IA32_PF_EC_SGX  BIT15
 
 #include "ArchInterruptDefs.h"
diff --git 
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c 
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
index 531258610a..f3d993af75 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
@@ -1,7 +1,7 @@
 /** @file
   IA32 CPU Exception Handler functons.
 
-  Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
+  Copyright (c) 2012 - 2019, Intel Corporation. All rights reserved.
   This program and the accompanying materials
   are licensed and made available under the terms and conditions of the BSD 
License
   which accompanies this distribution.  The full text of the license may be 
found at
@@ -326,13 +326,14 @@ DumpCpuContext (
   );
 if (ExceptionType == EXCEPT_IA32_PAGE_FAULT) {
   InternalPrintMessage (
-"  I:%x R:%x U:%x W:%x P:%x PK:%x S:%x",
+"  I:%x R:%x U:%x W:%x P:%x PK:%x SS:%x SGX:%x",
 (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_ID)   != 
0,
 (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_RSVD) != 
0,
 (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_US)   != 
0,
 (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_WR)   != 
0,
 (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_P)!= 
0,
 (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_PK)   != 
0,
+(SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_SS)   != 
0,
 (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_SGX)  != 0
 );
 }
diff --git 
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c 
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c
index d7e883d19a..0183239e59 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c
@@ -1,7 +1,7 @@
 /** @file
   x64 CP

Re: [edk2] [PATCH V2 2/3] UefiCpuPkg/ExceptionLib: Add CET support.

2019-02-22 Thread Ni, Ray
Reviewed-by: Ray Ni 

> -Original Message-
> From: Yao, Jiewen
> Sent: Friday, February 22, 2019 7:00 PM
> To: edk2-devel@lists.01.org
> Cc: Dong, Eric ; Ni, Ray ; Laszlo Ersek
> ; Yao, Jiewen 
> Subject: [PATCH V2 2/3] UefiCpuPkg/ExceptionLib: Add CET support.
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1521
> 
> Add information dump for Control Protection exception.
> 
> Cc: Eric Dong 
> Cc: Ray Ni 
> Cc: Laszlo Ersek 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Yao Jiewen 
> ---
>  UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c| 7
> ---
>  UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h| 3
> ++-
>  UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c | 5
> +++--
>  UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c  | 5
> +++--
>  4 files changed, 12 insertions(+), 8 deletions(-)
> 
> diff --git
> a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c
> b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c
> index 0576144a97..ca210d1de2 100644
> --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c
> +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c
> @@ -1,7 +1,7 @@
>  /** @file
>CPU Exception Handler Library common functions.
> 
> -  Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
> +  Copyright (c) 2012 - 2019, Intel Corporation. All rights reserved.
>This program and the accompanying materials
>are licensed and made available under the terms and conditions of the BSD
> License
>which accompanies this distribution.  The full text of the license may be 
> found
> at
> @@ -20,7 +20,7 @@
>  //
>  // 1 means an error code will be pushed, otherwise 0
>  //
> -CONST UINT32 mErrorCodeFlag = 0x00027d00;
> +CONST UINT32 mErrorCodeFlag = 0x00227d00;
> 
>  //
>  // Define the maximum message length
> @@ -49,7 +49,8 @@ CONST CHAR8 *mExceptionNameStr[] = {
>"#AC - Alignment Check",
>"#MC - Machine-Check",
>"#XM - SIMD floating-point",
> -  "#VE - Virtualization"
> +  "#VE - Virtualization",
> +  "#CP - Control Protection"
>  };
> 
>  #define EXCEPTION_KNOWN_NAME_NUM  (sizeof (mExceptionNameStr) /
> sizeof (CHAR8 *))
> diff --git
> a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h
> b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h
> index 83e55ab828..edf46cb60d 100644
> --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h
> +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h
> @@ -1,7 +1,7 @@
>  /** @file
>Common header file for CPU Exception Handler Library.
> 
> -  Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
> +  Copyright (c) 2012 - 2019, Intel Corporation. All rights reserved.
>This program and the accompanying materials
>are licensed and made available under the terms and conditions of the BSD
> License
>which accompanies this distribution.  The full text of the license may be 
> found
> at
> @@ -39,6 +39,7 @@
>  #define IA32_PF_EC_RSVD BIT3
>  #define IA32_PF_EC_ID   BIT4
>  #define IA32_PF_EC_PK   BIT5
> +#define IA32_PF_EC_SS   BIT6
>  #define IA32_PF_EC_SGX  BIT15
> 
>  #include "ArchInterruptDefs.h"
> diff --git
> a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
> b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
> index 531258610a..f3d993af75 100644
> --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
> +++
> b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
> @@ -1,7 +1,7 @@
>  /** @file
>IA32 CPU Exception Handler functons.
> 
> -  Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
> +  Copyright (c) 2012 - 2019, Intel Corporation. All rights reserved.
>This program and the accompanying materials
>are licensed and made available under the terms and conditions of the BSD
> License
>which accompanies this distribution.  The full text of the license may be 
> found
> at
> @@ -326,13 +326,14 @@ DumpCpuContext (
>);
>  if (ExceptionType == EXCEPT_IA32_PAGE_FAULT) {
>InternalPrintMessage (
> -"  I:%x R:%x U:%x W:%x P:%x PK:%x S:%x",
> +"  I:%x R:%x U:%x W:%x P:%x PK:%x SS:%x SGX:%x",
>  (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_ID)   !=
> 0,
>  (SystemContext.SystemContextIa32->ExceptionData &
> IA32_PF_EC_RSVD) != 0,
>  (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_US)   !=
> 0,
>  (SystemContext.SystemContextIa32->ExceptionData &
> IA32_PF_EC_WR)   != 0,
>  (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_P)!=
> 0,
>  (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_PK)   !=
> 0,
> +(SystemContext.SystemContextIa32->ExceptionData &
> IA3

Re: [edk2] [PATCH V2 1/3] MdePkg/BaseLib: Add Shadow Stack Support for X86.

2019-02-22 Thread Ni, Ray
Reviewed-by: Ray Ni 

> -Original Message-
> From: Yao, Jiewen
> Sent: Friday, February 22, 2019 7:00 PM
> To: edk2-devel@lists.01.org
> Cc: Dong, Eric ; Ni, Ray ; Laszlo Ersek
> ; Yao, Jiewen 
> Subject: [PATCH V2 1/3] MdePkg/BaseLib: Add Shadow Stack Support for X86.
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1521
> 
> This patch adds SSP - shadow stack pointer to JumpBuffer.
> It will be used for the platform that enabled CET/ShadowStack.
> 
> We add gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask
> to control the global enable/disable.
> 
> Cc: Eric Dong 
> Cc: Ray Ni 
> Cc: Laszlo Ersek 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Yao Jiewen 
> ---
>  MdePkg/Include/Library/BaseLib.h  |  2 ++
>  MdePkg/Library/BaseLib/BaseLib.inf|  3 ++-
>  MdePkg/Library/BaseLib/Ia32/LongJump.c| 28 +++-
>  MdePkg/Library/BaseLib/Ia32/LongJump.nasm | 23 +++-
>  MdePkg/Library/BaseLib/Ia32/SetJump.c | 28 +++-
>  MdePkg/Library/BaseLib/Ia32/SetJump.nasm  | 21 ++-
> MdePkg/Library/BaseLib/X64/LongJump.nasm  | 25 -
>  MdePkg/Library/BaseLib/X64/SetJump.nasm   | 21 ++-
>  MdePkg/MdePkg.dec |  7 +
>  9 files changed, 151 insertions(+), 7 deletions(-)
> 
> diff --git a/MdePkg/Include/Library/BaseLib.h
> b/MdePkg/Include/Library/BaseLib.h
> index 9c42f82a7d..616ba2e95b 100644
> --- a/MdePkg/Include/Library/BaseLib.h
> +++ b/MdePkg/Include/Library/BaseLib.h
> @@ -31,6 +31,7 @@ typedef struct {
>UINT32Ebp;
>UINT32Esp;
>UINT32Eip;
> +  UINT32Ssp;
>  } BASE_LIBRARY_JUMP_BUFFER;
> 
>  #define BASE_LIBRARY_JUMP_BUFFER_ALIGNMENT 4 @@ -54,6 +55,7 @@
> typedef struct {
>UINT64Rip;
>UINT64MxCsr;
>UINT8 XmmBuffer[160]; ///< XMM6-XMM15.
> +  UINT64Ssp;
>  } BASE_LIBRARY_JUMP_BUFFER;
> 
>  #define BASE_LIBRARY_JUMP_BUFFER_ALIGNMENT 8 diff --git
> a/MdePkg/Library/BaseLib/BaseLib.inf b/MdePkg/Library/BaseLib/BaseLib.inf
> index f25a067a23..a0d6c372f9 100644
> --- a/MdePkg/Library/BaseLib/BaseLib.inf
> +++ b/MdePkg/Library/BaseLib/BaseLib.inf
> @@ -1,7 +1,7 @@
>  ## @file
>  #  Base Library implementation.
>  #
> -#  Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.
> +#  Copyright (c) 2007 - 2019, Intel Corporation. All rights
> +reserved.
>  #  Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.  #
> Portions copyright (c) 2011 - 2013, ARM Ltd. All rights reserved.  # @@ -
> 620,6 +620,7 @@
>gEfiMdePkgTokenSpaceGuid.PcdMaximumLinkedListLength  ##
> SOMETIMES_CONSUMES
>gEfiMdePkgTokenSpaceGuid.PcdMaximumAsciiStringLength ##
> SOMETIMES_CONSUMES
>gEfiMdePkgTokenSpaceGuid.PcdMaximumUnicodeStringLength   ##
> SOMETIMES_CONSUMES
> +  gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask   ##
> SOMETIMES_CONSUMES
> 
>  [FeaturePcd]
>gEfiMdePkgTokenSpaceGuid.PcdVerifyNodeInList  ## CONSUMES diff --git
> a/MdePkg/Library/BaseLib/Ia32/LongJump.c
> b/MdePkg/Library/BaseLib/Ia32/LongJump.c
> index 73973a9cce..2c1feb8373 100644
> --- a/MdePkg/Library/BaseLib/Ia32/LongJump.c
> +++ b/MdePkg/Library/BaseLib/Ia32/LongJump.c
> @@ -1,7 +1,7 @@
>  /** @file
>Implementation of _LongJump() on IA-32.
> 
> -  Copyright (c) 2006 - 2008, Intel Corporation. All rights reserved.
> +  Copyright (c) 2006 - 2019, Intel Corporation. All rights
> + reserved.
>This program and the accompanying materials
>are licensed and made available under the terms and conditions of the BSD
> License
>which accompanies this distribution.  The full text of the license may be 
> found
> at @@ -36,6 +36,32 @@ InternalLongJump (
>)
>  {
>_asm {
> +mov eax, [PcdGet32 (PcdControlFlowEnforcementPropertyMask)]
> +testeax, eax
> +jz  CetDone
> +_emit  0x0F
> +_emit  0x20
> +_emit  0xE0; mov eax, cr4
> +bt  eax, 23; check if CET is enabled
> +jnc CetDone
> +
> +mov edx, [esp + 4] ; edx = JumpBuffer
> +mov edx, [edx + 24]; edx = target SSP
> +_emit  0xF3
> +_emit  0x0F
> +_emit  0x1E
> +_emit  0xC8; READSSP EAX
> +sub edx, eax   ; edx = delta
> +mov eax, edx   ; eax = delta
> +
> +shr eax, 2 ; eax = delta/sizeof(UINT32)
> +_emit  0xF3
> +_emit  0x0F
> +_emit  0xAE
> +_emit  0xE8; INCSSP EAX
> +
> +CetDone:
> +
>  pop eax ; skip return address
>  pop edx ; edx <- JumpBuffer
>  pop eax

Re: [edk2] [PATCH 0/3] Add SMM CET support

2019-02-22 Thread Yao, Jiewen
Thanks Laszlo.

2) I have checked NASM instruction list at 
https://www.nasm.us/xdoc/2.14.02/html/nasmdocb.html
SSP related instruction is not there.

I believe using DB maybe the only choice at this moment.

I will create include file.

3) I will fix comment. Thanks to catch that.



> -Original Message-
> From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of
> Laszlo Ersek
> Sent: Friday, February 22, 2019 8:01 PM
> To: Yao, Jiewen ; edk2-devel@lists.01.org
> Cc: Kinney, Michael D ; Dong, Eric
> ; Gao, Liming 
> Subject: Re: [edk2] [PATCH 0/3] Add SMM CET support
> 
> On 02/22/19 05:15, Jiewen Yao wrote:
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1521
> >
> > This patch series implement add CET ShadowStack support for SMM.
> >
> > The CET document can be found at:
> >
> https://software.intel.com/sites/default/files/managed/4d/2a/control-flow
> -enforcement-technology-preview.pdf
> >
> > Patch 1 adds SSP (ShadowStackPointer) to JUMP_BUFFER.
> > Patch 2 adds Control Protection exception (CP#) dump info.
> > Patch 3 adds CET ShadowStack support in SMM.
> >
> > For more detail please refer to each patch.
> >
> > I also post all update to https://github.com/jyao1/edk2/tree/CET
> >
> > Cc: Michael D Kinney 
> > Cc: Liming Gao 
> > Cc: Eric Dong 
> > Cc: Ray Ni 
> > Cc: Laszlo Ersek 
> > Contributed-under: TianoCore Contribution Agreement 1.1
> > Signed-off-by: Yao Jiewen 
> >
> > Jiewen Yao (3):
> >   MdePkg/BaseLib: Add Shadow Stack Support for X86.
> >   UefiCpuPkg/ExceptionLib: Add CET support.
> >   UefiCpuPkg/PiSmmCpu: Add Shadow Stack Support for X86 SMM.
> 
> 
> (1) For the series, in my usual environment:
> 
> Regression-tested-by: Laszlo Ersek 
> 
> 
> (2) I notice that the NASM code receives a bunch of DB encodings for
> various instructions. I think that's a bad idea. It was pretty difficult
> to eliminate DBs; please refer to
> , and the commit
> range aae02dccf5b0..d22c995a4814.
> 
> As far as I can see, the DBs are added to encode three instructions,
> namely READSSP, INCSSP, and SETSSBSY. Can you please confirm that the
> only reason we use DBs for these instructions is that they are related
> to the CET extension, and they are not yet supported by NASM? (Or at
> least not by the NASM that that we require?)
> 
> In other words, I'd like to be sure that the DBs are not used for
> runtime instruction patching.
> 
> Even that way, I think it would be better to use NASM macros for these
> instructions. The code doesn't use many forms:
> 
> * SETSSBSY:   DB 0xF3, 0x0F, 0x01, 0xE8
> * READSSP EAX:DB 0xF3, 0x0F, 0x1E, 0xC8
> * INCSSP EAX: DB 0xF3, 0x0F, 0xAE, 0xE8
> * READSSP RAX:DB 0xF3, 0x48, 0x0F, 0x1E, 0xC8
> * INCSSP RAX: DB 0xF3, 0x48, 0x0F, 0xAE, 0xE8
> 
> (It seems that the EAX <-> RAX encodings, for READSSP and INCSSP, are
> differentiated through the 0x48 REX.W prefix (64-bit operand size).)
> 
> I think we should add the macros in a NASM include file under
> "MdePkg/Include". Later, only those macros would have to be updated,
> once NASM starts supporting these instructions directly.
> 
> We've supported shared NASM include files since
> . Therefore, both
> UefiCpuPkg and MdePkg modules could consume the macros, from under
> MdePkg/Include.
> 
> 
> (3) In fact, looking at the DB encodings, I think some of the comments
> are incorrect. Namely, in patch #3, in file
> "UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm", function DisableCet, we
> have
> 
> +DB  0xF3, 0x0F, 0xAE, 0xE8   ; INCSSP RAX
> 
> but that's INCSSP EAX, not RAX, in reality. (The code is correct, the
> comment is wrong.) Using NASM macros would help us avoid such typos.
> 
> Thanks
> Laszlo
> 
> ___
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


Re: [edk2] [PATCH 0/3] Add SMM CET support

2019-02-22 Thread Laszlo Ersek
On 02/22/19 05:15, Jiewen Yao wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1521
> 
> This patch series implement add CET ShadowStack support for SMM.
> 
> The CET document can be found at:
> https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf
> 
> Patch 1 adds SSP (ShadowStackPointer) to JUMP_BUFFER.
> Patch 2 adds Control Protection exception (CP#) dump info.
> Patch 3 adds CET ShadowStack support in SMM.
> 
> For more detail please refer to each patch. 
> 
> I also post all update to https://github.com/jyao1/edk2/tree/CET
> 
> Cc: Michael D Kinney 
> Cc: Liming Gao 
> Cc: Eric Dong 
> Cc: Ray Ni 
> Cc: Laszlo Ersek 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Yao Jiewen 
> 
> Jiewen Yao (3):
>   MdePkg/BaseLib: Add Shadow Stack Support for X86.
>   UefiCpuPkg/ExceptionLib: Add CET support.
>   UefiCpuPkg/PiSmmCpu: Add Shadow Stack Support for X86 SMM.


(1) For the series, in my usual environment:

Regression-tested-by: Laszlo Ersek 


(2) I notice that the NASM code receives a bunch of DB encodings for
various instructions. I think that's a bad idea. It was pretty difficult
to eliminate DBs; please refer to
, and the commit
range aae02dccf5b0..d22c995a4814.

As far as I can see, the DBs are added to encode three instructions,
namely READSSP, INCSSP, and SETSSBSY. Can you please confirm that the
only reason we use DBs for these instructions is that they are related
to the CET extension, and they are not yet supported by NASM? (Or at
least not by the NASM that that we require?)

In other words, I'd like to be sure that the DBs are not used for
runtime instruction patching.

Even that way, I think it would be better to use NASM macros for these
instructions. The code doesn't use many forms:

* SETSSBSY:   DB 0xF3, 0x0F, 0x01, 0xE8
* READSSP EAX:DB 0xF3, 0x0F, 0x1E, 0xC8
* INCSSP EAX: DB 0xF3, 0x0F, 0xAE, 0xE8
* READSSP RAX:DB 0xF3, 0x48, 0x0F, 0x1E, 0xC8
* INCSSP RAX: DB 0xF3, 0x48, 0x0F, 0xAE, 0xE8

(It seems that the EAX <-> RAX encodings, for READSSP and INCSSP, are
differentiated through the 0x48 REX.W prefix (64-bit operand size).)

I think we should add the macros in a NASM include file under
"MdePkg/Include". Later, only those macros would have to be updated,
once NASM starts supporting these instructions directly.

We've supported shared NASM include files since
. Therefore, both
UefiCpuPkg and MdePkg modules could consume the macros, from under
MdePkg/Include.


(3) In fact, looking at the DB encodings, I think some of the comments
are incorrect. Namely, in patch #3, in file
"UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm", function DisableCet, we have

+DB  0xF3, 0x0F, 0xAE, 0xE8   ; INCSSP RAX

but that's INCSSP EAX, not RAX, in reality. (The code is correct, the
comment is wrong.) Using NASM macros would help us avoid such typos.

Thanks
Laszlo

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


Re: [edk2] [edk2-announce] Community Meeting Minutes

2019-02-22 Thread Rebecca Cran via edk2-devel

On 2/8/19 10:52 AM, Andrew Fish wrote:


I think the patch workflow is kind of like a coding standards. Some folks 
advocate for lots of small patches (common in open source projects), and some 
folks advocate for a patch per bug. I think the biggest upside to the patch 
granularity is it is much easier to bisect a failure.

So I've used Bitbucket with a branch per commit (you name your branch with a 
standard pattern and the bugzilla  ) model and if your branch has a patch 
series (set of commits) you can view each commit independently from the UI and 
the default view is the entire patch series. So you can see both.



I think I see the difference now: I've used several review systems, most 
recently including Bitbucket, and with Review Board, Phabricator, and I 
think Gerrit people tend to post several patches against the same bug, 
often not labeling them as patch 1/3, 2/3 etc. but just using the same 
bug number.


Seeing the entire series clearly as an email thread on here is rather nice.


--

Rebecca Cran

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


Re: [edk2] [PATCH v3 1/5] MdeModulePkg/UefiBootManagerLib: fix LoadImage/StartImage status code rep.

2019-02-22 Thread Ni, Ray


> -Original Message-
> From: Laszlo Ersek [mailto:ler...@redhat.com]
> Sent: Thursday, February 21, 2019 6:41 PM
> To: edk2-devel@lists.01.org
> Cc: Bi, Dandan ; Wu, Hao A ;
> Wang, Jian J ; Ni, Ray ; Sean Brogan
> ; Zeng, Star 
> Subject: [PATCH v3 1/5] MdeModulePkg/UefiBootManagerLib: fix
> LoadImage/StartImage status code rep.


> +  if (!ReportErrorCodeEnabled ()) {
> +return;
> +  }

Sorry I didn't notice this piece of code in V2.
The if-check-return code is not needed here.
Because the implementation of ReportStatusCodeLib is
responsible to do the filter.
See below:

EFI_STATUS
InternalReportStatusCode (
  IN EFI_STATUS_CODE_TYPE Type,
  IN EFI_STATUS_CODE_VALUEValue,
  IN UINT32   Instance,
  IN CONST EFI_GUID   *CallerId OPTIONAL,
  IN EFI_STATUS_CODE_DATA *Data OPTIONAL
  )
{
  if ((ReportProgressCodeEnabled() && ((Type) & EFI_STATUS_CODE_TYPE_MASK) == 
EFI_PROGRESS_CODE) ||
  (ReportErrorCodeEnabled() && ((Type) & EFI_STATUS_CODE_TYPE_MASK) == 
EFI_ERROR_CODE) ||
  (ReportDebugCodeEnabled() && ((Type) & EFI_STATUS_CODE_TYPE_MASK) == 
EFI_DEBUG_CODE)) {
...


With the removal of the three lines code, Reviewed-by: Ray Ni 
___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


Re: [edk2] [PATCH 0/3] Add SMM CET support

2019-02-22 Thread Yao, Jiewen
Thank you Laszlo.

I just fixed the emulation platform issue (NT32).
So I posted the V2 version.

Please review the latest version and ignore this one.
Sorry for the inconvenience.

Thank you
Yao Jiewen


> -Original Message-
> From: Laszlo Ersek [mailto:ler...@redhat.com]
> Sent: Friday, February 22, 2019 5:07 PM
> To: Yao, Jiewen ; edk2-devel@lists.01.org
> Cc: Kinney, Michael D ; Gao, Liming
> ; Dong, Eric ; Ni, Ray
> 
> Subject: Re: [PATCH 0/3] Add SMM CET support
> 
> Hi Jiewen,
> 
> On 02/22/19 05:15, Jiewen Yao wrote:
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1521
> >
> > This patch series implement add CET ShadowStack support for SMM.
> >
> > The CET document can be found at:
> >
> https://software.intel.com/sites/default/files/managed/4d/2a/control-flow
> -enforcement-technology-preview.pdf
> >
> > Patch 1 adds SSP (ShadowStackPointer) to JUMP_BUFFER.
> > Patch 2 adds Control Protection exception (CP#) dump info.
> > Patch 3 adds CET ShadowStack support in SMM.
> >
> > For more detail please refer to each patch.
> >
> > I also post all update to https://github.com/jyao1/edk2/tree/CET
> >
> > Cc: Michael D Kinney 
> > Cc: Liming Gao 
> > Cc: Eric Dong 
> > Cc: Ray Ni 
> > Cc: Laszlo Ersek 
> > Contributed-under: TianoCore Contribution Agreement 1.1
> > Signed-off-by: Yao Jiewen 
> >
> > Jiewen Yao (3):
> >   MdePkg/BaseLib: Add Shadow Stack Support for X86.
> >   UefiCpuPkg/ExceptionLib: Add CET support.
> >   UefiCpuPkg/PiSmmCpu: Add Shadow Stack Support for X86 SMM.
> 
> Thank you for the CC. I'll run my regression-tests on this. I might need
> a few days; I'm tagging the series for now. Thanks for your patience!
> 
> Laszlo
___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


[edk2] [PATCH V2 3/3] UefiCpuPkg/PiSmmCpu: Add Shadow Stack Support for X86 SMM.

2019-02-22 Thread Jiewen Yao
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1521

We scan the SMM code with ROPgadget.
http://shell-storm.org/project/ROPgadget/
https://github.com/JonathanSalwan/ROPgadget/tree/master
This tool reports the gadget in SMM driver.

This patch enabled CET ShadowStack for X86 SMM.
If CET is supported, SMM will enable CET ShadowStack.
SMM CET will save the OS CET context at SmmEntry and
restore OS CET context at SmmExit.

Test:
1) test Intel internal platform (x64 only, CET enabled/disabled)
Boot test:
CET supported or not supported CPU
on CET supported platform
  CET enabled/disabled
  PcdCpuSmmCetEnable enabled/disabled
  Single core/Multiple core
  PcdCpuSmmStackGuard enabled/disabled
  PcdCpuSmmProfileEnable enabled/disabled
  PcdCpuSmmStaticPageTable enabled/disabled
CET exception test:
  #CF generated with PcdCpuSmmStackGuard enabled/disabled.
Other exception test:
  #PF for normal stack overflow
  #PF for NX protection
  #PF for RO protection
CET env test:
  Launch SMM in CET enabled/disabled environment (DXE) - no impact to DXE

The test case can be found at
https://github.com/jyao1/SecurityEx/tree/master/ControlFlowPkg

2) test ovmf (both IA32 and X64 SMM, CET disabled only)
test OvmfIa32/Ovmf3264, with -D SMM_REQUIRE.
  qemu-system-x86_64.exe -machine q35,smm=on -smp 4
-serial file:serial.log
-drive if=pflash,format=raw,unit=0,file=OVMF_CODE.fd,readonly=on
-drive if=pflash,format=raw,unit=1,file=OVMF_VARS.fd
QEMU emulator version 3.1.0 (v3.1.0-11736-g7a30e7adb0-dirty)

3) not tested
IA32 CET enabled platform

Cc: Eric Dong 
Cc: Ray Ni 
Cc: Laszlo Ersek 
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Yao Jiewen 
---
 UefiCpuPkg/Include/Library/SmmCpuFeaturesLib.h |  23 +++-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm|  37 ++
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c   |  38 ++-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm   |  98 +++-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.nasm   |   6 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c  |  57 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c  |  12 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c |  97 ++--
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 103 -
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf   |   6 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c |  85 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c |  18 ++-
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h |   4 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/SmramSaveState.c |   4 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm |  38 +++
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c|  39 ++-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm| 119 +++-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c   |  58 +-
 UefiCpuPkg/UefiCpuPkg.dec  |   6 +-
 19 files changed, 801 insertions(+), 47 deletions(-)

diff --git a/UefiCpuPkg/Include/Library/SmmCpuFeaturesLib.h 
b/UefiCpuPkg/Include/Library/SmmCpuFeaturesLib.h
index 4478003467..aec24b5dda 100644
--- a/UefiCpuPkg/Include/Library/SmmCpuFeaturesLib.h
+++ b/UefiCpuPkg/Include/Library/SmmCpuFeaturesLib.h
@@ -1,7 +1,7 @@
 /** @file
 Library that provides CPU specific functions to support the PiSmmCpuDxeSmm 
module.
 
-Copyright (c) 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved.
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD 
License
 which accompanies this distribution.  The full text of the license may be 
found at
@@ -160,14 +160,33 @@ SmmCpuFeaturesGetSmiHandlerSize (
   than zero and is called by the CPU that was elected as monarch during System
   Management Mode initialization.
 
+//
+// Append Shadow Stack after normal stack
+//
+// |= SmiStack
+// 
+--+---+
+// | Known Good Stack | Guard Page |SMM Stack | Known Good Shadow 
Stack | Guard Page |SMM Shadow Stack|
+// 
+--+---+
+// |   |PcdCpuSmmStackSize|
  |PcdCpuSmmShadowStackSize|
+// |< StackSize 
->|<- ShadowStackSize 
--->|
+// |   
   |
+// |< Processor N 
--->|
+// | low address (bottom)  
high address (top) |
+//

[edk2] [PATCH V2 0/3] Add SMM CET support

2019-02-22 Thread Jiewen Yao
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1521

V2:
Fix emulation platform issue.
The NT32 platform cannot access CR4 register.
So we add a global PCD to choose disable CR4 access in SetJump/LongJump.
gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask
=

This patch series implement add CET ShadowStack support for SMM.

The CET document can be found at:
https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf

Patch 1 adds SSP (ShadowStackPointer) to JUMP_BUFFER.
Patch 2 adds Control Protection exception (CP#) dump info.
Patch 3 adds CET ShadowStack support in SMM.

For more detail please refer to each patch. 

I also post all update to https://github.com/jyao1/edk2/tree/CET_V2

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Eric Dong 
Cc: Ray Ni 
Cc: Laszlo Ersek 
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Yao Jiewen 

Jiewen Yao (3):
  MdePkg/BaseLib: Add Shadow Stack Support for X86.
  UefiCpuPkg/ExceptionLib: Add CET support.
  UefiCpuPkg/PiSmmCpu: Add Shadow Stack Support for X86 SMM.

 MdePkg/Include/Library/BaseLib.h  |   2 +
 MdePkg/Library/BaseLib/BaseLib.inf|   3 +-
 MdePkg/Library/BaseLib/Ia32/LongJump.c|  28 -
 MdePkg/Library/BaseLib/Ia32/LongJump.nasm |  23 +++-
 MdePkg/Library/BaseLib/Ia32/SetJump.c |  28 -
 MdePkg/Library/BaseLib/Ia32/SetJump.nasm  |  21 +++-
 MdePkg/Library/BaseLib/X64/LongJump.nasm  |  25 +++-
 MdePkg/Library/BaseLib/X64/SetJump.nasm   |  21 +++-
 MdePkg/MdePkg.dec |   7 ++
 .../Include/Library/SmmCpuFeaturesLib.h   |  23 +++-
 .../CpuExceptionCommon.c  |   7 +-
 .../CpuExceptionCommon.h  |   3 +-
 .../Ia32/ArchExceptionHandler.c   |   5 +-
 .../X64/ArchExceptionHandler.c|   5 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm   |  37 ++
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c  |  38 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm  |  98 ++-
 .../PiSmmCpuDxeSmm/Ia32/SmiException.nasm |   6 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c |  57 -
 UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c |  12 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c|  97 --
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h| 103 ++-
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf  |   6 +-
 .../PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c   |  85 -
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c|  18 ++-
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h|   4 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/SmramSaveState.c|   4 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm|  38 ++
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c   |  39 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm   | 119 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c  |  58 -
 UefiCpuPkg/UefiCpuPkg.dec |   6 +-
 32 files changed, 964 insertions(+), 62 deletions(-)
 create mode 100644 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm
 create mode 100644 UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm

-- 
2.19.2.windows.1

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


[edk2] [PATCH V2 2/3] UefiCpuPkg/ExceptionLib: Add CET support.

2019-02-22 Thread Jiewen Yao
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1521

Add information dump for Control Protection exception.

Cc: Eric Dong 
Cc: Ray Ni 
Cc: Laszlo Ersek 
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Yao Jiewen 
---
 UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c| 7 
---
 UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h| 3 ++-
 UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c | 5 +++--
 UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c  | 5 +++--
 4 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c 
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c
index 0576144a97..ca210d1de2 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c
@@ -1,7 +1,7 @@
 /** @file
   CPU Exception Handler Library common functions.
 
-  Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
+  Copyright (c) 2012 - 2019, Intel Corporation. All rights reserved.
   This program and the accompanying materials
   are licensed and made available under the terms and conditions of the BSD 
License
   which accompanies this distribution.  The full text of the license may be 
found at
@@ -20,7 +20,7 @@
 //
 // 1 means an error code will be pushed, otherwise 0
 //
-CONST UINT32 mErrorCodeFlag = 0x00027d00;
+CONST UINT32 mErrorCodeFlag = 0x00227d00;
 
 //
 // Define the maximum message length
@@ -49,7 +49,8 @@ CONST CHAR8 *mExceptionNameStr[] = {
   "#AC - Alignment Check",
   "#MC - Machine-Check",
   "#XM - SIMD floating-point",
-  "#VE - Virtualization"
+  "#VE - Virtualization",
+  "#CP - Control Protection"
 };
 
 #define EXCEPTION_KNOWN_NAME_NUM  (sizeof (mExceptionNameStr) / sizeof (CHAR8 
*))
diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h 
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h
index 83e55ab828..edf46cb60d 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h
@@ -1,7 +1,7 @@
 /** @file
   Common header file for CPU Exception Handler Library.
 
-  Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
+  Copyright (c) 2012 - 2019, Intel Corporation. All rights reserved.
   This program and the accompanying materials
   are licensed and made available under the terms and conditions of the BSD 
License
   which accompanies this distribution.  The full text of the license may be 
found at
@@ -39,6 +39,7 @@
 #define IA32_PF_EC_RSVD BIT3
 #define IA32_PF_EC_ID   BIT4
 #define IA32_PF_EC_PK   BIT5
+#define IA32_PF_EC_SS   BIT6
 #define IA32_PF_EC_SGX  BIT15
 
 #include "ArchInterruptDefs.h"
diff --git 
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c 
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
index 531258610a..f3d993af75 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchExceptionHandler.c
@@ -1,7 +1,7 @@
 /** @file
   IA32 CPU Exception Handler functons.
 
-  Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
+  Copyright (c) 2012 - 2019, Intel Corporation. All rights reserved.
   This program and the accompanying materials
   are licensed and made available under the terms and conditions of the BSD 
License
   which accompanies this distribution.  The full text of the license may be 
found at
@@ -326,13 +326,14 @@ DumpCpuContext (
   );
 if (ExceptionType == EXCEPT_IA32_PAGE_FAULT) {
   InternalPrintMessage (
-"  I:%x R:%x U:%x W:%x P:%x PK:%x S:%x",
+"  I:%x R:%x U:%x W:%x P:%x PK:%x SS:%x SGX:%x",
 (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_ID)   != 
0,
 (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_RSVD) != 
0,
 (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_US)   != 
0,
 (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_WR)   != 
0,
 (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_P)!= 
0,
 (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_PK)   != 
0,
+(SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_SS)   != 
0,
 (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_SGX)  != 0
 );
 }
diff --git 
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c 
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c
index d7e883d19a..0183239e59 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchExceptionHandler.c
@@ -1,7 +1,7 @@
 /** @file
   x64 CP

[edk2] [PATCH V2 1/3] MdePkg/BaseLib: Add Shadow Stack Support for X86.

2019-02-22 Thread Jiewen Yao
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1521

This patch adds SSP - shadow stack pointer to JumpBuffer.
It will be used for the platform that enabled CET/ShadowStack.

We add gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask
to control the global enable/disable.

Cc: Eric Dong 
Cc: Ray Ni 
Cc: Laszlo Ersek 
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Yao Jiewen 
---
 MdePkg/Include/Library/BaseLib.h  |  2 ++
 MdePkg/Library/BaseLib/BaseLib.inf|  3 ++-
 MdePkg/Library/BaseLib/Ia32/LongJump.c| 28 +++-
 MdePkg/Library/BaseLib/Ia32/LongJump.nasm | 23 +++-
 MdePkg/Library/BaseLib/Ia32/SetJump.c | 28 +++-
 MdePkg/Library/BaseLib/Ia32/SetJump.nasm  | 21 ++-
 MdePkg/Library/BaseLib/X64/LongJump.nasm  | 25 -
 MdePkg/Library/BaseLib/X64/SetJump.nasm   | 21 ++-
 MdePkg/MdePkg.dec |  7 +
 9 files changed, 151 insertions(+), 7 deletions(-)

diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/BaseLib.h
index 9c42f82a7d..616ba2e95b 100644
--- a/MdePkg/Include/Library/BaseLib.h
+++ b/MdePkg/Include/Library/BaseLib.h
@@ -31,6 +31,7 @@ typedef struct {
   UINT32Ebp;
   UINT32Esp;
   UINT32Eip;
+  UINT32Ssp;
 } BASE_LIBRARY_JUMP_BUFFER;
 
 #define BASE_LIBRARY_JUMP_BUFFER_ALIGNMENT 4
@@ -54,6 +55,7 @@ typedef struct {
   UINT64Rip;
   UINT64MxCsr;
   UINT8 XmmBuffer[160]; ///< XMM6-XMM15.
+  UINT64Ssp;
 } BASE_LIBRARY_JUMP_BUFFER;
 
 #define BASE_LIBRARY_JUMP_BUFFER_ALIGNMENT 8
diff --git a/MdePkg/Library/BaseLib/BaseLib.inf 
b/MdePkg/Library/BaseLib/BaseLib.inf
index f25a067a23..a0d6c372f9 100644
--- a/MdePkg/Library/BaseLib/BaseLib.inf
+++ b/MdePkg/Library/BaseLib/BaseLib.inf
@@ -1,7 +1,7 @@
 ## @file
 #  Base Library implementation.
 #
-#  Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.
+#  Copyright (c) 2007 - 2019, Intel Corporation. All rights reserved.
 #  Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.
 #  Portions copyright (c) 2011 - 2013, ARM Ltd. All rights reserved.
 #
@@ -620,6 +620,7 @@
   gEfiMdePkgTokenSpaceGuid.PcdMaximumLinkedListLength  ## 
SOMETIMES_CONSUMES
   gEfiMdePkgTokenSpaceGuid.PcdMaximumAsciiStringLength ## 
SOMETIMES_CONSUMES
   gEfiMdePkgTokenSpaceGuid.PcdMaximumUnicodeStringLength   ## 
SOMETIMES_CONSUMES
+  gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask   ## 
SOMETIMES_CONSUMES
 
 [FeaturePcd]
   gEfiMdePkgTokenSpaceGuid.PcdVerifyNodeInList  ## CONSUMES
diff --git a/MdePkg/Library/BaseLib/Ia32/LongJump.c 
b/MdePkg/Library/BaseLib/Ia32/LongJump.c
index 73973a9cce..2c1feb8373 100644
--- a/MdePkg/Library/BaseLib/Ia32/LongJump.c
+++ b/MdePkg/Library/BaseLib/Ia32/LongJump.c
@@ -1,7 +1,7 @@
 /** @file
   Implementation of _LongJump() on IA-32.
 
-  Copyright (c) 2006 - 2008, Intel Corporation. All rights reserved.
+  Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
   This program and the accompanying materials
   are licensed and made available under the terms and conditions of the BSD 
License
   which accompanies this distribution.  The full text of the license may be 
found at
@@ -36,6 +36,32 @@ InternalLongJump (
   )
 {
   _asm {
+mov eax, [PcdGet32 (PcdControlFlowEnforcementPropertyMask)]
+testeax, eax
+jz  CetDone
+_emit  0x0F
+_emit  0x20
+_emit  0xE0; mov eax, cr4
+bt  eax, 23; check if CET is enabled
+jnc CetDone
+
+mov edx, [esp + 4] ; edx = JumpBuffer
+mov edx, [edx + 24]; edx = target SSP
+_emit  0xF3
+_emit  0x0F
+_emit  0x1E
+_emit  0xC8; READSSP EAX
+sub edx, eax   ; edx = delta
+mov eax, edx   ; eax = delta
+
+shr eax, 2 ; eax = delta/sizeof(UINT32)
+_emit  0xF3
+_emit  0x0F
+_emit  0xAE
+_emit  0xE8; INCSSP EAX
+
+CetDone:
+
 pop eax ; skip return address
 pop edx ; edx <- JumpBuffer
 pop eax ; eax <- Value
diff --git a/MdePkg/Library/BaseLib/Ia32/LongJump.nasm 
b/MdePkg/Library/BaseLib/Ia32/LongJump.nasm
index 7ef03462ee..1e806fb635 100644
--- a/MdePkg/Library/BaseLib/Ia32/LongJump.nasm
+++ b/MdePkg/Library/BaseLib/Ia32/LongJump.nasm
@@ -1,6 +1,6 @@
 ;--
 ;
-; Copyright (c) 2006, Intel Corporation. All rights reserved.
+; Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
 ; This program and the accompany

[edk2] [Patch] BaseTools: Add parameter check for the AsciiStringToUint64

2019-02-22 Thread Feng, Bob C
If the input parameter AsciiString length is greater
than 255, the GenFv will hang.

This patch is to fix this issue.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Bob Feng 
Cc: Liming Gao 
---
 BaseTools/Source/C/Common/ParseInf.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/BaseTools/Source/C/Common/ParseInf.c 
b/BaseTools/Source/C/Common/ParseInf.c
index 3907f44331..b29f4c2f93 100644
--- a/BaseTools/Source/C/Common/ParseInf.c
+++ b/BaseTools/Source/C/Common/ParseInf.c
@@ -493,11 +493,11 @@ Returns:
   EFI_SUCCESS   Number successfully converted.
   EFI_ABORTED   Invalid character encountered.
 
 --*/
 {
-  UINT8   Index;
+  UINT32   Index;
   UINT64  Value;
   CHAR8   CurrentChar;
 
   //
   // Initialize the result
@@ -506,11 +506,11 @@ Returns:
   Index = 0;
 
   //
   // Check input parameter
   //
-  if (AsciiString == NULL || ReturnValue == NULL) {
+  if (AsciiString == NULL || ReturnValue == NULL || strlen(AsciiString) > 
0x) {
 return EFI_INVALID_PARAMETER;
   }
   while (AsciiString[Index] == ' ') {
 Index ++;
   }
-- 
2.20.1.windows.1

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


Re: [edk2] [PATCH] MdeModulePkg: Rename confusion function name

2019-02-22 Thread Ni, Ray
Reviewed-by: Ray Ni 

> -Original Message-
> From: Chen, Chen A
> Sent: Friday, February 22, 2019 8:34 AM
> To: edk2-devel@lists.01.org
> Cc: Chen, Chen A ; Ni, Ray ; Gao,
> Liming 
> Subject: [PATCH] MdeModulePkg: Rename confusion function name
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1536
> 
> To avoid the confusion caused by function name,
> rename EfiBootManagerGetNextFullDevicePath to
> EfiBootManagerGetNextLoadOptionDevicePath.
> As an API function should add EFIAPI prefix for this function.
> 
> Cc: Ray Ni 
> Cc: Liming Gao 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Chen A Chen 
> ---
>  MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c | 2 +-
>  MdeModulePkg/Include/Library/UefiBootManagerLib.h   | 3 ++-
>  MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c| 3 ++-
>  3 files changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c
> b/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c
> index f6e46cbdb1..4ff69af1b4 100644
> --- a/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c
> +++ b/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c
> @@ -355,7 +355,7 @@ GetEfiSysPartitionFromBootOptionFilePath (
>//
>do {
>  PreFullPath = CurFullPath;
> -CurFullPath = EfiBootManagerGetNextFullDevicePath (DevicePath,
> CurFullPath);
> +CurFullPath = EfiBootManagerGetNextLoadOptionDevicePath (DevicePath,
> CurFullPath);
> 
>  if (PreFullPath != NULL) {
>FreePool (PreFullPath);
> diff --git a/MdeModulePkg/Include/Library/UefiBootManagerLib.h
> b/MdeModulePkg/Include/Library/UefiBootManagerLib.h
> index 64347ff160..69678a62ca 100644
> --- a/MdeModulePkg/Include/Library/UefiBootManagerLib.h
> +++ b/MdeModulePkg/Include/Library/UefiBootManagerLib.h
> @@ -460,7 +460,8 @@ EfiBootManagerGetBootManagerMenu (
>Caller is responsible to free the memory.
>  **/
>  EFI_DEVICE_PATH_PROTOCOL *
> -EfiBootManagerGetNextFullDevicePath (
> +EFIAPI
> +EfiBootManagerGetNextLoadOptionDevicePath (
>IN  EFI_DEVICE_PATH_PROTOCOL  *FilePath,
>IN  EFI_DEVICE_PATH_PROTOCOL  *FullPath
>);
> diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c
> b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c
> index 9be1633b74..d5957db610 100644
> --- a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c
> +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c
> @@ -2482,7 +2482,8 @@ EfiBootManagerGetBootManagerMenu (
>Caller is responsible to free the memory.
>  **/
>  EFI_DEVICE_PATH_PROTOCOL *
> -EfiBootManagerGetNextFullDevicePath (
> +EFIAPI
> +EfiBootManagerGetNextLoadOptionDevicePath (
>IN  EFI_DEVICE_PATH_PROTOCOL  *FilePath,
>IN  EFI_DEVICE_PATH_PROTOCOL  *FullPath
>)
> --
> 2.16.2.windows.1

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


Re: [edk2] [PATCH] IntelSiliconPkg/MicrocodeUpdate: Fix incorrect checksum issue

2019-02-22 Thread Ni, Ray
Reviewed-by: Ray Ni 

> -Original Message-
> From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Chen
> A Chen
> Sent: Friday, February 22, 2019 8:49 AM
> To: edk2-devel@lists.01.org
> Subject: [edk2] [PATCH] IntelSiliconPkg/MicrocodeUpdate: Fix incorrect
> checksum issue
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1020
> 
> The same issue has fixed in UefiCpuPkg/Microcode.c file.
> Please reference b6f67b4d58b81f12f63f5f8c94cf8af3600297ab
> to get more detail information.
> 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Chen A Chen 
> Cc: Ray Ni 
> Cc: Rangasai V Chaganty 
> ---
>  .../Feature/Capsule/MicrocodeUpdateDxe/MicrocodeUpdate.c   | 10
> +-
>  1 file changed, 9 insertions(+), 1 deletion(-)
> 
> diff --git
> a/IntelSiliconPkg/Feature/Capsule/MicrocodeUpdateDxe/MicrocodeUpdate.c
> b/IntelSiliconPkg/Feature/Capsule/MicrocodeUpdateDxe/MicrocodeUpdate.c
> index 9b5757da71..e45c7a8def 100644
> ---
> a/IntelSiliconPkg/Feature/Capsule/MicrocodeUpdateDxe/MicrocodeUpdate.c
> +++
> b/IntelSiliconPkg/Feature/Capsule/MicrocodeUpdateDxe/MicrocodeUpdate.c
> @@ -390,6 +390,7 @@ VerifyMicrocode (
>UINTN   DataSize;
>UINT32  CurrentRevision;
>PROCESSOR_INFO  *ProcessorInfo;
> +  UINT32  InCompleteCheckSum32;
>UINT32  CheckSum32;
>UINTN   ExtendedTableLength;
>UINT32  ExtendedTableCount;
> @@ -488,6 +489,10 @@ VerifyMicrocode (
>  }
>  return EFI_VOLUME_CORRUPTED;
>}
> +  InCompleteCheckSum32 = CheckSum32;
> +  InCompleteCheckSum32 -= MicrocodeEntryPoint->ProcessorSignature.Uint32;
> +  InCompleteCheckSum32 -= MicrocodeEntryPoint->ProcessorFlags;
> +  InCompleteCheckSum32 -= MicrocodeEntryPoint->Checksum;
> 
>//
>// Check ProcessorSignature/ProcessorFlags
> @@ -522,7 +527,10 @@ VerifyMicrocode (
>} else {
>  ExtendedTable = (CPU_MICROCODE_EXTENDED_TABLE
> *)(ExtendedTableHeader + 1);
>  for (Index = 0; Index < ExtendedTableCount; Index++) {
> -  CheckSum32 = CalculateSum32((UINT32 *)ExtendedTable,
> sizeof(CPU_MICROCODE_EXTENDED_TABLE));
> +  CheckSum32 = InCompleteCheckSum32;
> +  CheckSum32 += ExtendedTable->ProcessorSignature.Uint32;
> +  CheckSum32 += ExtendedTable->ProcessorFlag;
> +  CheckSum32 += ExtendedTable->Checksum;
>if (CheckSum32 != 0) {
>  DEBUG((DEBUG_ERROR, "VerifyMicrocode - The checksum for
> ExtendedTable entry with index 0x%x is incorrect\n", Index));
>} else {
> --
> 2.16.2.windows.1
> 
> ___
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


Re: [edk2] [PATCH 0/3] Add SMM CET support

2019-02-22 Thread Laszlo Ersek
Hi Jiewen,

On 02/22/19 05:15, Jiewen Yao wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1521
> 
> This patch series implement add CET ShadowStack support for SMM.
> 
> The CET document can be found at:
> https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf
> 
> Patch 1 adds SSP (ShadowStackPointer) to JUMP_BUFFER.
> Patch 2 adds Control Protection exception (CP#) dump info.
> Patch 3 adds CET ShadowStack support in SMM.
> 
> For more detail please refer to each patch. 
> 
> I also post all update to https://github.com/jyao1/edk2/tree/CET
> 
> Cc: Michael D Kinney 
> Cc: Liming Gao 
> Cc: Eric Dong 
> Cc: Ray Ni 
> Cc: Laszlo Ersek 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Yao Jiewen 
> 
> Jiewen Yao (3):
>   MdePkg/BaseLib: Add Shadow Stack Support for X86.
>   UefiCpuPkg/ExceptionLib: Add CET support.
>   UefiCpuPkg/PiSmmCpu: Add Shadow Stack Support for X86 SMM.

Thank you for the CC. I'll run my regression-tests on this. I might need
a few days; I'm tagging the series for now. Thanks for your patience!

Laszlo
___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


Re: [edk2] [PATCH v3 1/5] MdeModulePkg/UefiBootManagerLib: fix LoadImage/StartImage status code rep.

2019-02-22 Thread Laszlo Ersek
On 02/22/19 02:05, Bi, Dandan wrote:
> Hi Laszlo,
> 
> Thanks for helping fix it.
> Reviewed-by: Bi Dandan 

Thanks!

I'll wait for Ray's review too.

Cheers!
Laszlo


>> -Original Message-
>> From: Laszlo Ersek [mailto:ler...@redhat.com]
>> Sent: Thursday, February 21, 2019 6:41 PM
>> To: edk2-devel@lists.01.org
>> Cc: Bi, Dandan ; Wu, Hao A ;
>> Wang, Jian J ; Ni, Ray ; Sean
>> Brogan ; Zeng, Star 
>> Subject: [PATCH v3 1/5] MdeModulePkg/UefiBootManagerLib: fix
>> LoadImage/StartImage status code rep.
>>
>> In the EFI_RETURN_STATUS_EXTENDED_DATA structure from PI-1.7, there
>> may be padding between the DataHeader and ReturnStatus members. The
>> REPORT_STATUS_CODE_EX() macro starts populating the structure
>> immediately after DataHeader, therefore the source data must provide for
>> the padding.
>>
>> Extract the BmReportLoadFailure() function from EfiBootManagerBoot(),
>> prepare a zero padding (if any) in a temporary
>> EFI_RETURN_STATUS_EXTENDED_DATA object, and fix the
>> REPORT_STATUS_CODE_EX() macro invocation.
>>
>> Cc: Dandan Bi 
>> Cc: Hao Wu 
>> Cc: Jian J Wang 
>> Cc: Ray Ni 
>> Cc: Sean Brogan 
>> Cc: Star Zeng 
>> Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1539
>> Fixes: c2cf8720a5aad74230767a1f11bade2d86de3745
>> Contributed-under: TianoCore Contribution Agreement 1.1
>> Signed-off-by: Laszlo Ersek 
>> ---
>>
>> Notes:
>> v3:
>>
>> - rename BmReportImageFailure() to BmReportLoadFailure() [Ray]
>>
>> - eliminate PaddingStart and PaddingSize; zero out the full ExtendedData
>>   struct [Ray]
>>
>> - don't pick up Ard's R-b due to the change above being functional in
>>   nature
>>
>> v2:
>> - new in v2
>>
>>  MdeModulePkg/Library/UefiBootManagerLib/InternalBm.h |  1 +
>>  MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c | 65
>> ++--
>>  2 files changed, 48 insertions(+), 18 deletions(-)
>>
>> diff --git a/MdeModulePkg/Library/UefiBootManagerLib/InternalBm.h
>> b/MdeModulePkg/Library/UefiBootManagerLib/InternalBm.h
>> index 978fbff966f6..0fef63fceedf 100644
>> --- a/MdeModulePkg/Library/UefiBootManagerLib/InternalBm.h
>> +++ b/MdeModulePkg/Library/UefiBootManagerLib/InternalBm.h
>> @@ -51,6 +51,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY
>> KIND, EITHER EXPRESS OR IMPLIED.
>>  #include   #include 
>> #include 
>> +#include 
>>  #include 
>>
>>  #include 
>> diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c
>> b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c
>> index 9be1633b7480..02ff354ef6a3 100644
>> --- a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c
>> +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c
>> @@ -1667,6 +1667,51 @@ BmIsBootManagerMenuFilePath (
>>return FALSE;
>>  }
>>
>> +/**
>> +  Report status code with EFI_RETURN_STATUS_EXTENDED_DATA about
>> +LoadImage() or
>> +  StartImage() failure.
>> +
>> +  @param[in] ErrorCode  An Error Code in the Software Class, DXE Boot
>> +Service Driver Subclass. ErrorCode will be used 
>> to
>> +compose the Value parameter for status code
>> +reporting. Must be one of
>> +EFI_SW_DXE_BS_EC_BOOT_OPTION_LOAD_ERROR and
>> +EFI_SW_DXE_BS_EC_BOOT_OPTION_FAILED.
>> +
>> +  @param[in] FailureStatus  The failure status returned by the boot service
>> +that should be reported.
>> +**/
>> +VOID
>> +BmReportLoadFailure (
>> +  IN UINT32 ErrorCode,
>> +  IN EFI_STATUS FailureStatus
>> +  )
>> +{
>> +  EFI_RETURN_STATUS_EXTENDED_DATA ExtendedData;
>> +
>> +  if (!ReportErrorCodeEnabled ()) {
>> +return;
>> +  }
>> +
>> +  ASSERT (
>> +(ErrorCode == EFI_SW_DXE_BS_EC_BOOT_OPTION_LOAD_ERROR) ||
>> +(ErrorCode == EFI_SW_DXE_BS_EC_BOOT_OPTION_FAILED)
>> +);
>> +
>> +  ZeroMem (&ExtendedData, sizeof (ExtendedData));
>> + ExtendedData.ReturnStatus = FailureStatus;
>> +
>> +  REPORT_STATUS_CODE_EX (
>> +(EFI_ERROR_CODE | EFI_ERROR_MINOR),
>> +(EFI_SOFTWARE_DXE_BS_DRIVER | ErrorCode),
>> +0,
>> +NULL,
>> +NULL,
>> +&ExtendedData.DataHeader + 1,
>> +sizeof (ExtendedData) - sizeof (ExtendedData.DataHeader)
>> +);
>> +}
>> +
>>  /**
>>Attempt to boot the EFI boot option. This routine sets L"BootCurent" and
>>also signals the EFI ready to boot event. If the device path for the 
>> option
>> @@ -1822,15 +1867,7 @@ EfiBootManagerBoot (
>>//
>>// Report Status Code with the failure status to indicate that the 
>> failure to
>> load boot option
>>//
>> -  REPORT_STATUS_CODE_EX (
>> -EFI_ERROR_CODE | EFI_ERROR_MINOR,
>> -(EFI_SOFTWARE_DXE_BS_DRIVER |
>> EFI_SW_DXE_BS_EC_BOOT_OPTION_LOAD_ERROR),
>> -0,
>> -NULL,
>> -NULL,
>> -&Status,
>> -sizeof (EFI_STATUS)
>> -);
>> +  BmReportLoadFailure
>> (EFI_SW_DXE_BS_EC_BOOT_OPTION_LOAD_ERROR,
>> + Status);
>

[edk2] [PATCH 1/4] EmbeddedPkg/DwEmmc: Remove unnecessary MicroSecondDelay

2019-02-22 Thread tien . hock . loh
From: "Loh, Tien Hock" 

Existing implementation checks for error regardless of if
DWEMMC_INT_CMD_DONE is set, causing the loop check to errors out
even when it shouldn't if the MicroSecondDelay doesn't do long
enough delays. This removes MicroSecondDelay and updates the
function to check for CMD_DONE before doing any error checking.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Loh Tien Hock 
---
 EmbeddedPkg/Drivers/DwEmmcDxe/DwEmmcDxe.c | 14 ++
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/EmbeddedPkg/Drivers/DwEmmcDxe/DwEmmcDxe.c 
b/EmbeddedPkg/Drivers/DwEmmcDxe/DwEmmcDxe.c
index 0437e30..6d0f472 100644
--- a/EmbeddedPkg/Drivers/DwEmmcDxe/DwEmmcDxe.c
+++ b/EmbeddedPkg/Drivers/DwEmmcDxe/DwEmmcDxe.c
@@ -290,17 +290,15 @@ SendCommand (
   ErrMask = DWEMMC_INT_EBE | DWEMMC_INT_HLE | DWEMMC_INT_RTO |
 DWEMMC_INT_RCRC | DWEMMC_INT_RE;
   ErrMask |= DWEMMC_INT_DCRC | DWEMMC_INT_DRT | DWEMMC_INT_SBE;
+
   do {
-MicroSecondDelay(500);
 Data = MmioRead32 (DWEMMC_RINTSTS);
-
-if (Data & ErrMask) {
-  return EFI_DEVICE_ERROR;
-}
-if (Data & DWEMMC_INT_DTO) { // Transfer Done
-  break;
-}
   } while (!(Data & DWEMMC_INT_CMD_DONE));
+
+  if (Data & ErrMask) {
+return EFI_DEVICE_ERROR;
+  }
+
   return EFI_SUCCESS;
 }
 
-- 
2.2.2

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


[edk2] [PATCH 4/4] EmbeddedPkg/DwEmmc: Check DMA completion in SendCommand

2019-02-22 Thread tien . hock . loh
From: "Tien Hock, Loh" 

DwEmmcReadBlockData and DwEmmcWriteBlockData needs to check for the
transfer completion before returning. This also adds error checking
to the DMA transfer.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Tien Hock, Loh 
---
 EmbeddedPkg/Drivers/DwEmmcDxe/DwEmmcDxe.c | 36 +--
 1 file changed, 30 insertions(+), 6 deletions(-)

diff --git a/EmbeddedPkg/Drivers/DwEmmcDxe/DwEmmcDxe.c 
b/EmbeddedPkg/Drivers/DwEmmcDxe/DwEmmcDxe.c
index c232309..c13cd97 100644
--- a/EmbeddedPkg/Drivers/DwEmmcDxe/DwEmmcDxe.c
+++ b/EmbeddedPkg/Drivers/DwEmmcDxe/DwEmmcDxe.c
@@ -212,6 +212,7 @@ DwEmmcNotifyState (
 MmioWrite32 (DWEMMC_TMOUT, ~0);
 MmioWrite32 (DWEMMC_IDINTEN, 0);
 MmioWrite32 (DWEMMC_BMOD, DWEMMC_IDMAC_SWRESET);
+MmioWrite32 (DWEMMC_CTYPE, 0);
 
 MmioWrite32 (DWEMMC_BLKSIZ, DWEMMC_BLOCK_SIZE);
 do {
@@ -497,10 +498,7 @@ PrepareDmaData (
   Cnt = (Length + DWEMMC_DMA_BUF_SIZE - 1) / DWEMMC_DMA_BUF_SIZE;
   Blks = (Length + DWEMMC_BLOCK_SIZE - 1) / DWEMMC_BLOCK_SIZE;
 
-  if(Length < DWEMMC_BLOCK_SIZE) {
-Length = Length;
-  }
-  else {
+  if(Length >= DWEMMC_BLOCK_SIZE) {
 Length = DWEMMC_BLOCK_SIZE * Blks;
   }
 
@@ -563,8 +561,9 @@ DwEmmcReadBlockData (
   )
 {
   EFI_STATUS  Status;
-  UINT32  DescPages, CountPerPage, Count;
+  UINT32  DescPages, CountPerPage, Count, ErrMask;
   EFI_TPL Tpl;
+  UINTN Rintsts = 0;
 
   Tpl = gBS->RaiseTPL (TPL_NOTIFY);
 
@@ -587,6 +586,18 @@ DwEmmcReadBlockData (
 DEBUG ((DEBUG_ERROR, "Failed to read data, mDwEmmcCommand:%x, 
mDwEmmcArgument:%x, Status:%r\n", mDwEmmcCommand, mDwEmmcArgument, Status));
 goto out;
   }
+
+  while(!((MmioRead32(DWEMMC_RINTSTS) & (DWEMMC_INT_DTO {
+Rintsts = MmioRead32 (DWEMMC_RINTSTS);
+  }
+  ErrMask = DWEMMC_INT_EBE | DWEMMC_INT_HLE | DWEMMC_INT_RTO |
+DWEMMC_INT_RCRC | DWEMMC_INT_RE | DWEMMC_INT_DCRC |
+DWEMMC_INT_DRT | DWEMMC_INT_SBE;
+
+  if (Rintsts & ErrMask) {
+Status = EFI_DEVICE_ERROR;
+goto out;
+  }
 out:
   // Restore Tpl
   gBS->RestoreTPL (Tpl);
@@ -602,8 +613,9 @@ DwEmmcWriteBlockData (
   )
 {
   EFI_STATUS  Status;
-  UINT32  DescPages, CountPerPage, Count;
+  UINT32  DescPages, CountPerPage, Count, ErrMask;
   EFI_TPL Tpl;
+  UINTN Rintsts = 0;
 
   Tpl = gBS->RaiseTPL (TPL_NOTIFY);
 
@@ -626,6 +638,18 @@ DwEmmcWriteBlockData (
 DEBUG ((DEBUG_ERROR, "Failed to write data, mDwEmmcCommand:%x, 
mDwEmmcArgument:%x, Status:%r\n", mDwEmmcCommand, mDwEmmcArgument, Status));
 goto out;
   }
+
+  while(!((MmioRead32(DWEMMC_RINTSTS) & (DWEMMC_INT_DTO {
+Rintsts = MmioRead32 (DWEMMC_RINTSTS);
+  }
+  ErrMask = DWEMMC_INT_EBE | DWEMMC_INT_HLE | DWEMMC_INT_RTO |
+DWEMMC_INT_RCRC | DWEMMC_INT_RE | DWEMMC_INT_DCRC |
+DWEMMC_INT_DRT | DWEMMC_INT_SBE;
+
+  if (Rintsts & ErrMask) {
+Status = EFI_DEVICE_ERROR;
+goto out;
+  }
 out:
   // Restore Tpl
   gBS->RestoreTPL (Tpl);
-- 
2.2.2

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


[edk2] [PATCH 3/4] EmbeddedPkg/DwEmmc: Fix DMA transfer length

2019-02-22 Thread tien . hock . loh
From: "Loh, Tien Hock" 

DMA should not transfer more than requested length otherwise FIFO might run
into buffer underrun and causes errors in future transfers.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Loh Tien Hock 
---
 EmbeddedPkg/Drivers/DwEmmcDxe/DwEmmcDxe.c | 19 ---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/EmbeddedPkg/Drivers/DwEmmcDxe/DwEmmcDxe.c 
b/EmbeddedPkg/Drivers/DwEmmcDxe/DwEmmcDxe.c
index 600ab01..c232309 100644
--- a/EmbeddedPkg/Drivers/DwEmmcDxe/DwEmmcDxe.c
+++ b/EmbeddedPkg/Drivers/DwEmmcDxe/DwEmmcDxe.c
@@ -496,7 +496,13 @@ PrepareDmaData (
 
   Cnt = (Length + DWEMMC_DMA_BUF_SIZE - 1) / DWEMMC_DMA_BUF_SIZE;
   Blks = (Length + DWEMMC_BLOCK_SIZE - 1) / DWEMMC_BLOCK_SIZE;
-  Length = DWEMMC_BLOCK_SIZE * Blks;
+
+  if(Length < DWEMMC_BLOCK_SIZE) {
+Length = Length;
+  }
+  else {
+Length = DWEMMC_BLOCK_SIZE * Blks;
+  }
 
   for (Idx = 0; Idx < Cnt; Idx++) {
 (IdmacDesc + Idx)->Des0 = DWEMMC_IDMAC_DES0_OWN | DWEMMC_IDMAC_DES0_CH |
@@ -534,11 +540,18 @@ StartDma (
   Data |= DWEMMC_CTRL_INT_EN | DWEMMC_CTRL_DMA_EN | DWEMMC_CTRL_IDMAC_EN;
   MmioWrite32 (DWEMMC_CTRL, Data);
   Data = MmioRead32 (DWEMMC_BMOD);
+
   Data |= DWEMMC_IDMAC_ENABLE | DWEMMC_IDMAC_FB;
   MmioWrite32 (DWEMMC_BMOD, Data);
 
-  MmioWrite32 (DWEMMC_BLKSIZ, DWEMMC_BLOCK_SIZE);
-  MmioWrite32 (DWEMMC_BYTCNT, Length);
+  if(Length < DWEMMC_BLOCK_SIZE) {
+MmioWrite32 (DWEMMC_BLKSIZ, Length);
+MmioWrite32 (DWEMMC_BYTCNT, Length);
+  }
+  else {
+MmioWrite32 (DWEMMC_BLKSIZ, DWEMMC_BLOCK_SIZE);
+MmioWrite32 (DWEMMC_BYTCNT, Length);
+  }
 }
 
 EFI_STATUS
-- 
2.2.2

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


[edk2] [PATCH 2/4] EmbeddedPkg/DwEmmc: Fix SendCommand parameters

2019-02-22 Thread tien . hock . loh
From: "Loh, Tien Hock" 

Only send BIT_CMD_CHECK_RESPONSE_CRC if MMC commands needs it.

Fixes parameters to ACMD6 where if CMD is application command, ie. CMD55 is
sent before ACMD6, to do response instead of data transfer.

Added CMD51 handling as CMD51 is a data transfer, and needs BIT_CMD_READ
and BIT_CMD_DATA_EXPECTED to be set.

Updates DwEmmcReceiveResponse to SendCommand only if IsPendingReadCommand
or IsPendingWriteCommand is true.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Loh Tien Hock 
---
 EmbeddedPkg/Drivers/DwEmmcDxe/DwEmmcDxe.c | 59 +++
 1 file changed, 45 insertions(+), 14 deletions(-)

diff --git a/EmbeddedPkg/Drivers/DwEmmcDxe/DwEmmcDxe.c 
b/EmbeddedPkg/Drivers/DwEmmcDxe/DwEmmcDxe.c
index 6d0f472..600ab01 100644
--- a/EmbeddedPkg/Drivers/DwEmmcDxe/DwEmmcDxe.c
+++ b/EmbeddedPkg/Drivers/DwEmmcDxe/DwEmmcDxe.c
@@ -45,6 +45,7 @@ DWEMMC_IDMAC_DESCRIPTOR   *gpIdmacDesc;
 EFI_GUID mDwEmmcDevicePathGuid = EFI_CALLER_ID_GUID;
 STATIC UINT32 mDwEmmcCommand;
 STATIC UINT32 mDwEmmcArgument;
+STATIC BOOLEAN mIsACmd = FALSE;
 
 EFI_STATUS
 DwEmmcReadBlockData (
@@ -321,68 +322,93 @@ DwEmmcSendCommand (
 break;
   case MMC_INDX(2):
 Cmd = BIT_CMD_RESPONSE_EXPECT | BIT_CMD_LONG_RESPONSE |
-   BIT_CMD_CHECK_RESPONSE_CRC | BIT_CMD_SEND_INIT;
+   BIT_CMD_SEND_INIT;
 break;
   case MMC_INDX(3):
-Cmd = BIT_CMD_RESPONSE_EXPECT | BIT_CMD_CHECK_RESPONSE_CRC |
+Cmd = BIT_CMD_RESPONSE_EXPECT |
BIT_CMD_SEND_INIT;
 break;
+  case MMC_INDX(6):
+if(mIsACmd) {
+  Cmd = BIT_CMD_RESPONSE_EXPECT ;
+}
+else {
+  Cmd = BIT_CMD_RESPONSE_EXPECT | BIT_CMD_DATA_EXPECTED |
+BIT_CMD_READ;
+}
+break;
   case MMC_INDX(7):
 if (Argument)
-Cmd = BIT_CMD_RESPONSE_EXPECT | BIT_CMD_CHECK_RESPONSE_CRC;
+Cmd = BIT_CMD_RESPONSE_EXPECT;
 else
 Cmd = 0;
 break;
   case MMC_INDX(8):
-Cmd = BIT_CMD_RESPONSE_EXPECT | BIT_CMD_CHECK_RESPONSE_CRC |
-   BIT_CMD_DATA_EXPECTED | BIT_CMD_READ |
+Cmd = BIT_CMD_RESPONSE_EXPECT |
BIT_CMD_WAIT_PRVDATA_COMPLETE;
 break;
   case MMC_INDX(9):
-Cmd = BIT_CMD_RESPONSE_EXPECT | BIT_CMD_CHECK_RESPONSE_CRC |
+Cmd = BIT_CMD_RESPONSE_EXPECT |
BIT_CMD_LONG_RESPONSE;
 break;
   case MMC_INDX(12):
-Cmd = BIT_CMD_RESPONSE_EXPECT | BIT_CMD_CHECK_RESPONSE_CRC |
+Cmd = BIT_CMD_RESPONSE_EXPECT  |
BIT_CMD_STOP_ABORT_CMD;
 break;
   case MMC_INDX(13):
-Cmd = BIT_CMD_RESPONSE_EXPECT | BIT_CMD_CHECK_RESPONSE_CRC |
+Cmd = BIT_CMD_RESPONSE_EXPECT  |
BIT_CMD_WAIT_PRVDATA_COMPLETE;
 break;
   case MMC_INDX(16):
-Cmd = BIT_CMD_RESPONSE_EXPECT | BIT_CMD_CHECK_RESPONSE_CRC |
+Cmd = BIT_CMD_RESPONSE_EXPECT  |
BIT_CMD_DATA_EXPECTED | BIT_CMD_READ |
BIT_CMD_WAIT_PRVDATA_COMPLETE;
 break;
   case MMC_INDX(17):
   case MMC_INDX(18):
-Cmd = BIT_CMD_RESPONSE_EXPECT | BIT_CMD_CHECK_RESPONSE_CRC |
+Cmd = BIT_CMD_RESPONSE_EXPECT |
BIT_CMD_DATA_EXPECTED | BIT_CMD_READ |
BIT_CMD_WAIT_PRVDATA_COMPLETE;
 break;
   case MMC_INDX(24):
   case MMC_INDX(25):
-Cmd = BIT_CMD_RESPONSE_EXPECT | BIT_CMD_CHECK_RESPONSE_CRC |
+Cmd = BIT_CMD_RESPONSE_EXPECT  |
BIT_CMD_DATA_EXPECTED | BIT_CMD_WRITE |
BIT_CMD_WAIT_PRVDATA_COMPLETE;
 break;
   case MMC_INDX(30):
-Cmd = BIT_CMD_RESPONSE_EXPECT | BIT_CMD_CHECK_RESPONSE_CRC |
+Cmd = BIT_CMD_RESPONSE_EXPECT  |
BIT_CMD_DATA_EXPECTED;
 break;
+  case MMC_INDX(51):
+Cmd = BIT_CMD_RESPONSE_EXPECT | BIT_CMD_DATA_EXPECTED |
+   BIT_CMD_READ | BIT_CMD_WAIT_PRVDATA_COMPLETE;
+break;
   default:
-Cmd = BIT_CMD_RESPONSE_EXPECT | BIT_CMD_CHECK_RESPONSE_CRC;
+Cmd = BIT_CMD_RESPONSE_EXPECT ;
 break;
   }
 
   Cmd |= MMC_GET_INDX(MmcCmd) | BIT_CMD_USE_HOLD_REG | BIT_CMD_START;
+
+  if(MMC_INDX(55) == MMC_GET_INDX(MmcCmd))
+mIsACmd = TRUE;
+  else
+mIsACmd = FALSE;
+
+  if (!(MmcCmd & MMC_CMD_NO_CRC_RESPONSE)) {
+Cmd |= BIT_CMD_CHECK_RESPONSE_CRC;
+  }
+
   if (IsPendingReadCommand (Cmd) || IsPendingWriteCommand (Cmd)) {
 mDwEmmcCommand = Cmd;
 mDwEmmcArgument = Argument;
   } else {
+mDwEmmcCommand = Cmd;
+mDwEmmcArgument = Argument;
 Status = SendCommand (Cmd, Argument);
   }
+
   return Status;
 }
 
@@ -393,6 +419,11 @@ DwEmmcReceiveResponse (
   IN UINT32*Buffer
   )
 {
+  EFI_STATUS Status = EFI_SUCCESS;
+
+  if(IsPendingReadCommand (mDwEmmcCommand) || 
IsPendingWriteCommand(mDwEmmcCommand))
+Status = SendCommand (mDwEmmcCommand, mDwEmmcArgument);
+
   if (Buffer == NULL) {
 return EFI_INVALID_PARAMETER;
   }
@@ -410,7 +441,7 @@ DwEmmcReceiveResponse (
 Buffer[2] = MmioRead32 (DWEMMC_RESP2);
 Buffer[3] = MmioRead32 (DWEMMC_RESP3);
   }
-  return EFI_SUCCESS;
+  return Status;
 }
 
 VOID
-- 
2.2.2

_

[edk2] [PATCH 0/4] EmbeddedPkg/DwEmmc: Fix bugs causing DwEmmc to fail to initialize

2019-02-22 Thread tien . hock . loh
From: "Tien Hock, Loh" 

This patch series fixes bugs with DwEmmc driver, namely:
* Added CMD6 handling
* Fixed workaround querying SendCommand using delays
* Fix DMA transfer length causing buffer underrun in FIFO
* Check DMA completion before returning from SendCommand

Loh, Tien Hock (3):
  EmbeddedPkg/DwEmmc: Remove unnecessary MicroSecondDelay
  EmbeddedPkg/DwEmmc: Fix SendCommand parameters
  EmbeddedPkg/DwEmmc: Fix DMA transfer length

Tien Hock, Loh (1):
  EmbeddedPkg/DwEmmc: Check DMA completion in SendCommand

 EmbeddedPkg/Drivers/DwEmmcDxe/DwEmmcDxe.c | 120 +++---
 1 file changed, 93 insertions(+), 27 deletions(-)

-- 
2.2.2

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel