From: Taylor Beebe <tabe...@microsoft.com>
Replace references to the memory protection PCDs with references
to the memory protection HOB.
Stack guard will always be initialized after memory discovery
in PEI, but the memory protection HOB will be checked when
applying stack guard in DxeIpl when the page tables are
rebuilt.
Signed-off-by: Taylor Beebe <t...@taylorbeebe.com>
Cc: Eric Dong <eric.d...@intel.com>
Cc: Ray Ni <ray...@intel.com>
Cc: Rahul Kumar <rahul1.ku...@intel.com>
Cc: Gerd Hoffmann <kra...@redhat.com>
---
UefiCpuPkg/CpuDxe/CpuDxe.c | 2 +-
UefiCpuPkg/CpuDxe/CpuDxe.h | 11 +++++---
UefiCpuPkg/CpuDxe/CpuDxe.inf | 4 +--
UefiCpuPkg/CpuDxe/CpuMp.c | 2 +-
UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf | 3 ---
UefiCpuPkg/CpuMpPei/CpuMpPei.c | 8 +++---
UefiCpuPkg/CpuMpPei/CpuMpPei.h | 3 ++-
UefiCpuPkg/CpuMpPei/CpuMpPei.inf | 1 -
UefiCpuPkg/CpuMpPei/CpuPaging.c | 14 +++++-----
.../DxeCpuExceptionHandlerLib.inf | 1 -
.../PeiCpuExceptionHandlerLib.inf | 1 -
.../SecPeiCpuExceptionHandlerLib.inf | 1 -
.../SmmCpuExceptionHandlerLib.inf | 1 -
.../UnitTest/CpuExceptionHandlerTest.h | 3 ++-
.../UnitTest/CpuExceptionHandlerTestCommon.c | 27 +++++++++++++++----
.../DxeCpuExceptionHandlerLibUnitTest.inf | 2 +-
.../PeiCpuExceptionHandlerLibUnitTest.inf | 4 ++-
UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 3 ++-
UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 3 ++-
UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c | 2 +-
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf | 3 +--
.../PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 13 ++++-----
UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 2 +-
.../PiSmmCpuDxeSmm/SmmProfileInternal.h | 10 ++++---
UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c | 2 +-
UefiCpuPkg/UefiCpuPkg.dec | 7 +++--
UefiCpuPkg/UefiCpuPkg.dsc | 2 ++
UefiCpuPkg/UefiCpuPkg.uni | 10 +++----
28 files changed, 80 insertions(+), 65 deletions(-)
diff --git a/UefiCpuPkg/CpuDxe/CpuDxe.c b/UefiCpuPkg/CpuDxe/CpuDxe.c
index 804ef5d1fe..b12c43f4c1 100644
--- a/UefiCpuPkg/CpuDxe/CpuDxe.c
+++ b/UefiCpuPkg/CpuDxe/CpuDxe.c
@@ -399,7 +399,7 @@ CpuSetMemoryAttributes (
// During memory attributes updating, new pages may be allocated to setup
// smaller granularity of page table. Page allocation action might then cause
// another calling of CpuSetMemoryAttributes() recursively, due to memory
- // protection policy configured (such as PcdDxeNxMemoryProtectionPolicy).
+ // protection policy configured (such as the DXE NX Protection Policy).
// Since this driver will always protect memory used as page table by itself,
// there's no need to apply protection policy requested from memory service.
// So it's safe to just return EFI_SUCCESS if this time of calling is caused
diff --git a/UefiCpuPkg/CpuDxe/CpuDxe.h b/UefiCpuPkg/CpuDxe/CpuDxe.h
index 0e7d88dd35..10eabd9b66 100644
--- a/UefiCpuPkg/CpuDxe/CpuDxe.h
+++ b/UefiCpuPkg/CpuDxe/CpuDxe.h
@@ -35,15 +35,18 @@
#include <Library/ReportStatusCodeLib.h>
#include <Library/MpInitLib.h>
#include <Library/TimerLib.h>
+#include <Library/DxeMemoryProtectionHobLib.h>
#include <Guid/IdleLoopEvent.h>
#include <Guid/VectorHandoffTable.h>
-#define HEAP_GUARD_NONSTOP_MODE \
- ((PcdGet8 (PcdHeapGuardPropertyMask) & (BIT6|BIT4|BIT1|BIT0)) > BIT6)
+#define HEAP_GUARD_NONSTOP_MODE (gDxeMps.HeapGuard.NonstopModeEnabled
&& \
+ (gDxeMps.HeapGuard.PageGuardEnabled
|| \
+ gDxeMps.HeapGuard.PoolGuardEnabled
|| \
+
gDxeMps.HeapGuard.FreedMemoryGuardEnabled)) \
-#define NULL_DETECTION_NONSTOP_MODE \
- ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & (BIT6|BIT0)) > BIT6)
+#define NULL_DETECTION_NONSTOP_MODE (gDxeMps.NullPointerDetection.Enabled && \
+
gDxeMps.NullPointerDetection.NonstopModeEnabled)
/**
Flush CPU data cache. If the instruction cache is fully coherent
diff --git a/UefiCpuPkg/CpuDxe/CpuDxe.inf b/UefiCpuPkg/CpuDxe/CpuDxe.inf
index 1d3e9f8cdb..ab2bd96d97 100644
--- a/UefiCpuPkg/CpuDxe/CpuDxe.inf
+++ b/UefiCpuPkg/CpuDxe/CpuDxe.inf
@@ -40,6 +40,7 @@
MpInitLib
TimerLib
PeCoffGetEntryPointLib
+ DxeMemoryProtectionHobLib
[Sources]
CpuDxe.c
@@ -74,9 +75,6 @@
[Pcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ##
CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ##
CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ##
CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ##
CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList ##
CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize ##
CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask ##
CONSUMES
diff --git a/UefiCpuPkg/CpuDxe/CpuMp.c b/UefiCpuPkg/CpuDxe/CpuMp.c
index e7575d9b80..c06049a894 100644
--- a/UefiCpuPkg/CpuDxe/CpuMp.c
+++ b/UefiCpuPkg/CpuDxe/CpuMp.c
@@ -734,7 +734,7 @@ InitializeMpExceptionHandlers (
//
// Setup stack switch for Stack Guard feature.
//
- if (PcdGetBool (PcdCpuStackGuard)) {
+ if (gDxeMps.CpuStackGuardEnabled) {
InitializeMpExceptionStackSwitchHandlers ();
}
}
diff --git a/UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf
b/UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf
index e8fa25446a..ca552f347d 100644
--- a/UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf
+++ b/UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf
@@ -54,9 +54,6 @@
gEfiSecPlatformInformationPpiGuid ## UNDEFINED # HOB
[Pcd]
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ##
CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ##
CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ##
CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList ##
CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize ##
CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuCoreCrystalClockFrequency ##
CONSUMES
diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.c b/UefiCpuPkg/CpuMpPei/CpuMpPei.c
index b504bea3cf..ca0c6bdb4b 100644
--- a/UefiCpuPkg/CpuMpPei/CpuMpPei.c
+++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.c
@@ -469,10 +469,6 @@ InitializeMpExceptionStackSwitchHandlers (
EFI_STATUS Status;
UINT8 *Buffer;
- if (!PcdGetBool (PcdCpuStackGuard)) {
- return;
- }
-
Status = MpInitLibGetNumberOfProcessors (&NumberOfProcessors, NULL);
ASSERT_EFI_ERROR (Status);
@@ -589,7 +585,9 @@ InitializeCpuMpWorker (
//
// Special initialization for the sake of Stack Guard
//
- InitializeMpExceptionStackSwitchHandlers ();
+ if (mInitStackGuard) {
+ InitializeMpExceptionStackSwitchHandlers ();
+ }
//
// Update and publish CPU BIST information
diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.h b/UefiCpuPkg/CpuMpPei/CpuMpPei.h
index 1b9a94e18f..d0db4e480e 100644
--- a/UefiCpuPkg/CpuMpPei/CpuMpPei.h
+++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.h
@@ -31,6 +31,7 @@
#include <Library/CpuPageTableLib.h>
extern EFI_PEI_PPI_DESCRIPTOR mPeiCpuMpPpiDesc;
+extern BOOLEAN mInitStackGuard;
/**
This service retrieves the number of logical processor in the platform
@@ -426,7 +427,7 @@ InitializeCpuMpWorker (
);
/**
- Enable/setup stack guard for each processor if PcdCpuStackGuard is set to
TRUE.
+ Enable/setup stack guard for each processor.
Doing this in the memory-discovered callback is to make sure the Stack Guard
feature to cover as most PEI code as possible.
diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.inf b/UefiCpuPkg/CpuMpPei/CpuMpPei.inf
index 865be5627e..6a98775412 100644
--- a/UefiCpuPkg/CpuMpPei/CpuMpPei.inf
+++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.inf
@@ -64,7 +64,6 @@
[Pcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ##
CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ##
CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList ##
SOMETIMES_CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize ##
SOMETIMES_CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize ##
SOMETIMES_CONSUMES
diff --git a/UefiCpuPkg/CpuMpPei/CpuPaging.c b/UefiCpuPkg/CpuMpPei/CpuPaging.c
index b7ddb0005b..b389d5ff67 100644
--- a/UefiCpuPkg/CpuMpPei/CpuPaging.c
+++ b/UefiCpuPkg/CpuMpPei/CpuPaging.c
@@ -68,6 +68,8 @@ EFI_PEI_NOTIFY_DESCRIPTOR mPostMemNotifyList[] = {
}
};
+BOOLEAN mInitStackGuard = FALSE;
+
/**
The function will check if IA32 PAE is supported.
@@ -553,7 +555,6 @@ MemoryDiscoveredPpiNotifyCallback (
)
{
EFI_STATUS Status;
- BOOLEAN InitStackGuard;
EDKII_MIGRATED_FV_INFO *MigratedFvInfo;
EFI_PEI_HOB_POINTERS Hob;
IA32_CR0 Cr0;
@@ -563,11 +564,10 @@ MemoryDiscoveredPpiNotifyCallback (
// initialization later will not contain paging information and then fail
// the task switch (for the sake of stack switch).
//
- InitStackGuard = FALSE;
- Hob.Raw = NULL;
+ Hob.Raw = NULL;
if (IsIa32PaeSupported ()) {
- Hob.Raw = GetFirstGuidHob (&gEdkiiMigratedFvInfoGuid);
- InitStackGuard = PcdGetBool (PcdCpuStackGuard);
+ Hob.Raw = GetFirstGuidHob (&gEdkiiMigratedFvInfoGuid);
+ mInitStackGuard = TRUE;
}
//
@@ -575,7 +575,7 @@ MemoryDiscoveredPpiNotifyCallback (
// is to enable paging if it is not enabled (only in 32bit mode).
//
Cr0.UintN = AsmReadCr0 ();
- if ((Cr0.Bits.PG == 0) && (InitStackGuard || (Hob.Raw != NULL))) {
+ if ((Cr0.Bits.PG == 0) && (mInitStackGuard || (Hob.Raw != NULL))) {
ASSERT (sizeof (UINTN) == sizeof (UINT32));
Status = EnablePaePageTable ();
@@ -588,7 +588,7 @@ MemoryDiscoveredPpiNotifyCallback (
Status = InitializeCpuMpWorker ((CONST EFI_PEI_SERVICES **)PeiServices);
ASSERT_EFI_ERROR (Status);
- if (InitStackGuard) {
+ if (mInitStackGuard) {
SetupStackGuardPage ();
}
diff --git
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf
index fdbebadab9..1fddf15b70 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf
@@ -39,7 +39,6 @@
DxeException.c
[Pcd]
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard
gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList
gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize
diff --git
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.inf
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.inf
index 3bcaff5c5f..348f7ed56c 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.inf
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.inf
@@ -55,7 +55,6 @@
CcExitLib
[Pcd]
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard # CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize
gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList
diff --git
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
index e7b1144f69..0217c983d7 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
@@ -51,7 +51,6 @@
CcExitLib
[Pcd]
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard
gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList
gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize
diff --git
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf
index 27f0b96fa9..6dc09b447f 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf
@@ -54,7 +54,6 @@
CcExitLib
[Pcd]
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard
gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList
gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize
diff --git
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTest.h
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTest.h
index bad3387db5..3f55e004cb 100644
---
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTest.h
+++
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTest.h
@@ -27,7 +27,7 @@
In this test case, stack overflow is triggered by a funtion which calls
itself continuously. This test case triggers stack
overflow in both BSP and AP. All AP use same Idt with Bsp. The expectation
is:
1. PF exception is triggered (leading to a DF if sepereated stack is not
prepared for PF) when Rsp <= StackBase + SIZE_4KB
- since [StackBase, StackBase + SIZE_4KB] is marked as not present in
page table when PcdCpuStackGuard is TRUE.
+ since [StackBase, StackBase + SIZE_4KB] is marked as not present in
page table when CpuStackGuard is TRUE.
2. Stack for PF/DF exception handler in both Bsp and AP is succussfully
switched by InitializeSeparateExceptionStacks.
**/
@@ -48,6 +48,7 @@
#include <Library/HobLib.h>
#include <Library/CpuPageTableLib.h>
#include <Guid/MemoryAllocationHob.h>
+#include <Guid/DxeMemoryProtectionSettings.h>
#include <Protocol/MpService.h>
#include <PiPei.h>
#include <Ppi/MpServices2.h>
diff --git
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTestCommon.c
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTestCommon.c
index 9ba70c5b73..c5058a88a2 100644
---
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTestCommon.c
+++
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTestCommon.c
@@ -708,6 +708,27 @@ InitializeMpExceptionStackSwitchHandlers (
return SwitchStackData;
}
+/**
+ Checks if the memory protection HOB entry is available and if stack guard is
enabled.
+
+ @param Context The unit test context
+**/
+UNIT_TEST_STATUS
+EFIAPI
+IsStackGuardEnabled (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ VOID *Ptr;
+
+ Ptr = GetFirstGuidHob (&gDxeMemoryProtectionSettingsGuid);
+ UT_ASSERT_NOT_NULL (Ptr);
+ UT_ASSERT_TRUE (DXE_MPS_IS_STRUCT_VALID (GET_GUID_HOB_DATA (Ptr)));
+ UT_ASSERT_TRUE (((DXE_MEMORY_PROTECTION_SETTINGS *)GET_GUID_HOB_DATA
(Ptr))->CpuStackGuardEnabled);
+
+ return UNIT_TEST_PASSED;
+}
+
/**
Test if stack overflow is captured by CpuStackGuard in both Bsp and AP.
@@ -743,10 +764,6 @@ TestCpuStackGuardInBspAndAp (
VOID *NewIdtr;
UINTN *CpuStackBaseBuffer;
- if (!PcdGetBool (PcdCpuStackGuard)) {
- return UNIT_TEST_PASSED;
- }
-
//
// Get MP Service Protocol
//
@@ -846,7 +863,7 @@ AddCommonTestCase (
AddTestCase (CpuExceptionLibUnitTestSuite, "Check if exception handler can
be registered/unregistered for GP and PF", "TestRegisterHandlerForGPAndPF",
TestRegisterHandlerForGPAndPF, NULL, NULL, NULL);
AddTestCase (CpuExceptionLibUnitTestSuite, "Check if Cpu Context is
consistent before and after exception.", "TestCpuContextConsistency",
TestCpuContextConsistency, NULL, NULL, NULL);
- AddTestCase (CpuExceptionLibUnitTestSuite, "Check if stack overflow is
captured by CpuStackGuard in Bsp and AP", "TestCpuStackGuardInBspAndAp",
TestCpuStackGuardInBspAndAp, NULL, NULL, NULL);
+ AddTestCase (CpuExceptionLibUnitTestSuite, "Check if stack overflow is
captured by CpuStackGuard in Bsp and AP", "TestCpuStackGuardInBspAndAp",
TestCpuStackGuardInBspAndAp, IsStackGuardEnabled, NULL, NULL);
return EFI_SUCCESS;
}
diff --git
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerLibUnitTest.inf
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerLibUnitTest.inf
index a904eb2504..4392d42fc4 100644
---
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerLibUnitTest.inf
+++
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerLibUnitTest.inf
@@ -46,9 +46,9 @@
[Guids]
gEfiHobMemoryAllocStackGuid
+ gDxeMemoryProtectionSettingsGuid
[Pcd]
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize ## CONSUMES
[Protocols]
diff --git
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerLibUnitTest.inf
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerLibUnitTest.inf
index 25f8f8dbe0..12746ea018 100644
---
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerLibUnitTest.inf
+++
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerLibUnitTest.inf
@@ -50,12 +50,14 @@
PeiServicesTablePointerLib
[Pcd]
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize ## CONSUMES
[Ppis]
gEdkiiPeiMpServices2PpiGuid ## CONSUMES
+[Guids]
+ gDxeMemoryProtectionSettingsGuid ## CONSUMES
+
[Depex]
gEdkiiPeiMpServices2PpiGuid AND
gEfiPeiMemoryDiscoveredPpiGuid
diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
index 7d45d3ad4d..345dc0afb1 100644
--- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
+++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
@@ -58,6 +58,8 @@
PcdLib
CcExitLib
MicrocodeLib
+ DxeMemoryProtectionHobLib
+
[LibraryClasses.X64]
CpuPageTableLib
@@ -81,6 +83,5 @@
gUefiCpuPkgTokenSpaceGuid.PcdCpuApStatusCheckIntervalInMicroSeconds ##
CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures ##
CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ##
SOMETIMES_CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ##
CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ##
CONSUMES
gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr ##
CONSUMES
diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
index 57ddb86600..2dfaf0df69 100644
--- a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
@@ -13,6 +13,7 @@
#include <Library/DebugAgentLib.h>
#include <Library/DxeServicesTableLib.h>
#include <Library/CcExitLib.h>
+#include <Library/DxeMemoryProtectionHobLib.h>
#include <Register/Amd/Fam17Msr.h>
#include <Register/Amd/Ghcb.h>
@@ -497,7 +498,7 @@ InitMpGlobalData (
return;
}
- if (PcdGetBool (PcdCpuStackGuard)) {
+ if (gDxeMps.CpuStackGuardEnabled) {
//
// One extra page at the bottom of the stack is needed for Guard page.
//
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
index b11264ce4a..1a2312a248 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
@@ -160,7 +160,7 @@ SmiPFHandler (
//
// If NULL pointer was just accessed
//
- if (((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0) &&
+ if (gMmMps.NullPointerDetection.Enabled &&
(PFAddress < EFI_PAGE_SIZE))
{
DumpCpuContext (InterruptType, SystemContext);
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
index 5d52ed7d13..8f9bdf8374 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
@@ -103,6 +103,7 @@
PerformanceLib
CpuPageTableLib
MmSaveStateLib
+ MmMemoryProtectionHobLib
[Protocols]
gEfiSmmAccess2ProtocolGuid ## CONSUMES
@@ -146,8 +147,6 @@
gUefiCpuPkgTokenSpaceGuid.PcdCpuFeaturesInitOnS3Resume ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ##
CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ##
CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ##
CONSUMES
gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask ##
CONSUMES
[FixedPcd]
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
index 6f49866615..29552b11ce 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
@@ -1679,7 +1679,7 @@ GenSmmPageTable (
}
}
- if ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0) {
+ if (gMmMps.NullPointerDetection.Enabled) {
//
// Mark [0, 4k] as non-present
//
@@ -1834,13 +1834,13 @@ IfReadOnlyPageTableNeeded (
//
// Don't mark page table memory as read-only if
// - no restriction on access to non-SMRAM memory; or
- // - SMM heap guard feature enabled; or
- // BIT2: SMM page guard enabled
- // BIT3: SMM pool guard enabled
+ // - SMM page guard enabled
+ // - SMM pool guard enabled
// - SMM profile feature enabled
//
if (!IsRestrictedMemoryAccess () ||
- ((PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) != 0) ||
+ (gMmMps.HeapGuard.PageGuardEnabled) ||
+ (gMmMps.HeapGuard.PoolGuardEnabled) ||
FeaturePcdGet (PcdCpuSmmProfileEnable))
{
if (sizeof (UINTN) == sizeof (UINT64)) {
@@ -1849,7 +1849,8 @@ IfReadOnlyPageTableNeeded (
//
ASSERT (
!(IsRestrictedMemoryAccess () &&
- (PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) != 0)
+ ((gMmMps.HeapGuard.PageGuardEnabled) ||
+ (gMmMps.HeapGuard.PoolGuardEnabled)))
);
//
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
index 7ac3c66f91..eceb0a565c 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
@@ -610,7 +610,7 @@ InitPaging (
//
// [0, 4k] may be non-present.
//
- PreviousAddress = ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) !=
0) ? BASE_4KB : 0;
+ PreviousAddress = (gMmMps.NullPointerDetection.Enabled) ? BASE_4KB : 0;
DEBUG ((DEBUG_INFO, "Patch page table start ...\n"));
if (FeaturePcdGet (PcdCpuSmmProfileEnable)) {
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfileInternal.h
b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfileInternal.h
index 964dd52817..50397e4750 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfileInternal.h
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfileInternal.h
@@ -15,6 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/DxeServicesTableLib.h>
#include <Library/CpuLib.h>
#include <IndustryStandard/Acpi.h>
+#include <Library/MmMemoryProtectionHobLib.h>
#include "SmmProfileArch.h"
@@ -57,11 +58,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#define MSR_DEBUG_CTL_BTINT 0x100
#define MSR_DS_AREA 0x600
-#define HEAP_GUARD_NONSTOP_MODE \
- ((PcdGet8 (PcdHeapGuardPropertyMask) & (BIT6|BIT3|BIT2)) > BIT6)
+#define HEAP_GUARD_NONSTOP_MODE (gMmMps.HeapGuard.NonstopModeEnabled &&
\
+ (gMmMps.HeapGuard.PageGuardEnabled ||
\
+ gMmMps.HeapGuard.PoolGuardEnabled))
\
-#define NULL_DETECTION_NONSTOP_MODE \
- ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & (BIT6|BIT1)) > BIT6)
+#define NULL_DETECTION_NONSTOP_MODE
(gMmMps.NullPointerDetection.NonstopModeEnabled && \
+ gMmMps.NullPointerDetection.Enabled)
typedef struct {
EFI_PHYSICAL_ADDRESS Base;
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
index ddd9be66b5..28eaa18689 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
@@ -932,7 +932,7 @@ SmiPFHandler (
//
// If NULL pointer was just accessed
//
- if (((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0) &&
+ if (gMmMps.NullPointerDetection.Enabled &&
(PFAddress < EFI_PAGE_SIZE))
{
DumpCpuContext (InterruptType, SystemContext);
diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
index 25126c9136..4649bdef5d 100644
--- a/UefiCpuPkg/UefiCpuPkg.dec
+++ b/UefiCpuPkg/UefiCpuPkg.dec
@@ -187,13 +187,13 @@
[PcdsFixedAtBuild]
## List of exception vectors which need switching stack.
- # This PCD will only take into effect if PcdCpuStackGuard is enabled.
+ # This PCD will only take into effect if the CPU Stack Guard is enabled.
# By default exception #DD(8), #PF(14) are supported.
# @Prompt Specify exception vectors which need switching stack.
gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList|{0x08,
0x0E}|VOID*|0x30002000
## Size of good stack for an exception.
- # This PCD will only take into effect if PcdCpuStackGuard is enabled.
+ # This PCD will only take into effect if the CPU Stack Guard is enabled.
# @Prompt Specify size of good stack of exception which need switching stack.
gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize|2048|UINT32|0x30002001
@@ -372,9 +372,8 @@
# and the memory occupied by page table is protected by page table itself
as read-only.
# In X64 build, it cannot be enabled at the same time with SMM profile
feature (PcdCpuSmmProfileEnable).
# In X64 build, it could not be enabled also at the same time with heap
guard feature for SMM
- # (PcdHeapGuardPropertyMask in MdeModulePkg).
# In IA32 build, page table memory is not marked as read-only when either
SMM profile feature (PcdCpuSmmProfileEnable)
- # or heap guard feature for SMM (PcdHeapGuardPropertyMask in MdeModulePkg)
is enabled.
+ # or heap guard feature for SMM is enabled.
# TRUE - Access to non-SMRAM memory is restricted to reserved, runtime
and ACPI NVS type after SmmReadyToLock.<BR>
# FALSE - Access to any type of non-SMRAM memory after SmmReadyToLock is
allowed.<BR>
# @Prompt Access to non-SMRAM memory is restricted to reserved, runtime and
ACPI NVS type after SmmReadyToLock.
diff --git a/UefiCpuPkg/UefiCpuPkg.dsc b/UefiCpuPkg/UefiCpuPkg.dsc
index 45726b9efc..bff7fc5bd5 100644
--- a/UefiCpuPkg/UefiCpuPkg.dsc
+++ b/UefiCpuPkg/UefiCpuPkg.dsc
@@ -66,6 +66,8 @@
UnitTestLib|UnitTestFrameworkPkg/Library/UnitTestLib/UnitTestLib.inf
UnitTestPersistenceLib|UnitTestFrameworkPkg/Library/UnitTestPersistenceLibNull/UnitTestPersistenceLibNull.inf
UnitTestResultReportLib|UnitTestFrameworkPkg/Library/UnitTestResultReportLib/UnitTestResultReportLibDebugLib.inf
+
DxeMemoryProtectionHobLib|MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf
+
MmMemoryProtectionHobLib|MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf
[LibraryClasses.common.SEC]
PlatformSecLib|UefiCpuPkg/Library/PlatformSecLibNull/PlatformSecLibNull.inf
diff --git a/UefiCpuPkg/UefiCpuPkg.uni b/UefiCpuPkg/UefiCpuPkg.uni
index d17bcfd10c..5719917a04 100644
--- a/UefiCpuPkg/UefiCpuPkg.uni
+++ b/UefiCpuPkg/UefiCpuPkg.uni
@@ -170,8 +170,7 @@
"If enabled, SMM will not use on-demand paging. SMM will build static
page table for all memory.\n"
"This flag only impacts X64 build, because SMM always builds static page
table for IA32.\n"
"It could not be enabled at the same time with SMM profile feature
(PcdCpuSmmProfileEnable).\n"
-
"It could not be enabled also at the same time with heap guard feature
for SMM\n"
-
"(PcdHeapGuardPropertyMask in MdeModulePkg).<BR><BR>\n"
+
"It could not be enabled also at the same time with heap guard feature
for SMM.<BR><BR>\n"
"TRUE - SMM uses static page table for all memory.<BR>\n"
"FALSE - SMM uses static page table for below 4G memory and use on-demand
paging for above 4G memory.<BR>"
@@ -217,9 +216,8 @@
"and the memory occupied by page table is protected by page table
itself as read-only.<BR>\n"
"In X64 build, it cannot be enabled at the same time with SMM
profile feature (PcdCpuSmmProfileEnable).<BR>\n"
"In X64 build, it could not be enabled also at the same time with
heap guard feature for SMM<BR>\n"
-
"(PcdHeapGuardPropertyMask in MdeModulePkg).<BR>\n"
"In IA32 build, page table memory is not marked as read-only when
either SMM profile feature (PcdCpuSmmProfileEnable)<BR>\n"
-
"or heap guard feature for SMM (PcdHeapGuardPropertyMask in
MdeModulePkg) is enabled.<BR>\n"
+
"or heap guard feature for SMM is enabled.<BR>\n"
"TRUE - Access to non-SMRAM memory is restricted to reserved,
runtime and ACPI NVS type after SmmReadyToLock.<BR>\n"
"FALSE - Access to any type of non-SMRAM memory after
SmmReadyToLock is allowed.<BR>"
@@ -266,13 +264,13 @@
#string STR_gUefiCpuPkgTokenSpaceGuid_PcdCpuStackSwitchExceptionList_PROMPT
#language en-US "Specify exception vectors which need switching stack."
#string STR_gUefiCpuPkgTokenSpaceGuid_PcdCpuStackSwitchExceptionList_HELP
#language en-US "List of exception vectors which need switching stack.\n"
-
"This PCD will only take into effect if PcdCpuStackGuard is
enabled.n"
+
"This PCD will only take into effect if the CPU Stack Guard is
enabled.n"
"By default exception #DD(8), #PF(14) are supported.n"
#string STR_gUefiCpuPkgTokenSpaceGuid_PcdCpuKnownGoodStackSize_PROMPT
#language en-US "Specify size of good stack of exception which need switching
stack."
#string STR_gUefiCpuPkgTokenSpaceGuid_PcdCpuKnownGoodStackSize_HELP #language
en-US "Size of good stack for an exception.\n"
-
"This PCD will only take into effect if PcdCpuStackGuard is enabled.\n"
+
"This PCD will only take into effect if the CPU Stack Guard is enabled.\n"
#string STR_gUefiCpuPkgTokenSpaceGuid_PcdCpuCoreCrystalClockFrequency_PROMPT
#language en-US "Specifies CPUID Leaf 0x15 Time Stamp Counter and Nominal Core
Crystal Clock Frequency."
--
2.41.0.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106832): https://edk2.groups.io/g/devel/message/106832
Mute This Topic: https://groups.io/mt/100090642/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
