Replace references to the memory protection PCDs to instead
check the platform protections via GetMemoryProtectionsLib.
Because the protection profile is equivalent to the PCD settings,
this updated does not cause a torn state.
Signed-off-by: Taylor Beebe <taylor.d.be...@gmail.com>
Cc: Eric Dong <eric.d...@intel.com>
Cc: Ray Ni <ray...@intel.com>
Cc: Rahul Kumar <rahul1.ku...@intel.com>
Cc: Gerd Hoffmann <kra...@redhat.com>
---
UefiCpuPkg/CpuDxe/CpuDxe.c
| 2 +-
UefiCpuPkg/CpuDxe/CpuMp.c
| 2 +-
UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTestCommon.c
| 6 +-----
UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerUnitTest.c
| 15 ++++++++++++++
UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerUnitTest.c
| 21 ++++++++++++++++++++
UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
| 3 ++-
UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
| 2 +-
UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
| 13 ++++++------
UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
| 2 +-
UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
| 2 +-
UefiCpuPkg/CpuDxe/CpuDxe.h
| 11 ++++++----
UefiCpuPkg/CpuDxe/CpuDxe.inf
| 4 +---
UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf
| 3 ---
UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf
| 1 -
UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.inf
| 1 -
UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
| 1 -
UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf
| 1 -
UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTest.h
| 13 +++++++++++-
UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerLibUnitTest.inf
| 2 +-
UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerLibUnitTest.inf
| 2 +-
UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
| 3 ++-
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
| 3 +--
UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfileInternal.h
| 9 +++++----
UefiCpuPkg/UefiCpuPkg.dec
| 7 +++----
UefiCpuPkg/UefiCpuPkg.dsc
| 2 ++
UefiCpuPkg/UefiCpuPkg.uni
| 10 ++++------
26 files changed, 90 insertions(+), 51 deletions(-)
diff --git a/UefiCpuPkg/CpuDxe/CpuDxe.c b/UefiCpuPkg/CpuDxe/CpuDxe.c
index 804ef5d1fe8e..b12c43f4c1d4 100644
--- a/UefiCpuPkg/CpuDxe/CpuDxe.c
+++ b/UefiCpuPkg/CpuDxe/CpuDxe.c
@@ -399,7 +399,7 @@ CpuSetMemoryAttributes (
// During memory attributes updating, new pages may be allocated to setup
// smaller granularity of page table. Page allocation action might then cause
// another calling of CpuSetMemoryAttributes() recursively, due to memory
- // protection policy configured (such as PcdDxeNxMemoryProtectionPolicy).
+ // protection policy configured (such as the DXE NX Protection Policy).
// Since this driver will always protect memory used as page table by itself,
// there's no need to apply protection policy requested from memory service.
// So it's safe to just return EFI_SUCCESS if this time of calling is caused
diff --git a/UefiCpuPkg/CpuDxe/CpuMp.c b/UefiCpuPkg/CpuDxe/CpuMp.c
index e7575d9b8062..d8f978eec09d 100644
--- a/UefiCpuPkg/CpuDxe/CpuMp.c
+++ b/UefiCpuPkg/CpuDxe/CpuMp.c
@@ -734,7 +734,7 @@ InitializeMpExceptionHandlers (
//
// Setup stack switch for Stack Guard feature.
//
- if (PcdGetBool (PcdCpuStackGuard)) {
+ if (gMps.Dxe.CpuStackGuardEnabled) {
InitializeMpExceptionStackSwitchHandlers ();
}
}
diff --git
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTestCommon.c
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTestCommon.c
index 9ba70c5b7340..fe74b0e0eaae 100644
---
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTestCommon.c
+++
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTestCommon.c
@@ -743,10 +743,6 @@ TestCpuStackGuardInBspAndAp (
VOID *NewIdtr;
UINTN *CpuStackBaseBuffer;
- if (!PcdGetBool (PcdCpuStackGuard)) {
- return UNIT_TEST_PASSED;
- }
-
//
// Get MP Service Protocol
//
@@ -846,7 +842,7 @@ AddCommonTestCase (
AddTestCase (CpuExceptionLibUnitTestSuite, "Check if exception handler can
be registered/unregistered for GP and PF", "TestRegisterHandlerForGPAndPF",
TestRegisterHandlerForGPAndPF, NULL, NULL, NULL);
AddTestCase (CpuExceptionLibUnitTestSuite, "Check if Cpu Context is
consistent before and after exception.", "TestCpuContextConsistency",
TestCpuContextConsistency, NULL, NULL, NULL);
- AddTestCase (CpuExceptionLibUnitTestSuite, "Check if stack overflow is
captured by CpuStackGuard in Bsp and AP", "TestCpuStackGuardInBspAndAp",
TestCpuStackGuardInBspAndAp, NULL, NULL, NULL);
+ AddTestCase (CpuExceptionLibUnitTestSuite, "Check if stack overflow is
captured by CpuStackGuard in Bsp and AP", "TestCpuStackGuardInBspAndAp",
TestCpuStackGuardInBspAndAp, IsStackGuardEnabled, NULL, NULL);
return EFI_SUCCESS;
}
diff --git
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerUnitTest.c
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerUnitTest.c
index 1cec3ed809d9..c1de3a6663ae 100644
---
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerUnitTest.c
+++
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerUnitTest.c
@@ -8,6 +8,7 @@
#include "CpuExceptionHandlerTest.h"
#include <Library/UefiBootServicesTableLib.h>
+#include <Library/GetMemoryProtectionsLib.h>
#include <Protocol/Timer.h>
/**
@@ -145,6 +146,20 @@ GetMpServices (
return gBS->LocateProtocol (&gEfiMpServiceProtocolGuid, NULL, (VOID
**)&MpServices->Protocol);
}
+/**
+ Checks if stack guard is enabled.
+
+ @param[in] Context The unit test context
+**/
+UNIT_TEST_STATUS
+EFIAPI
+IsStackGuardEnabled (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ return gMps.Dxe.CpuStackGuardEnabled;
+}
+
/**
Entry for CpuExceptionHandlerDxeTest driver.
diff --git
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerUnitTest.c
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerUnitTest.c
index d9408d2f5e2f..763268f55314 100644
---
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerUnitTest.c
+++
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerUnitTest.c
@@ -10,6 +10,7 @@
#include <Library/PeimEntryPoint.h>
#include <Library/PeiServicesLib.h>
#include <Library/PeiServicesTablePointerLib.h>
+#include <Library/SetMemoryProtectionsLib.h>
/**
Initialize Bsp Idt with a new Idt table and return the IA32_DESCRIPTOR
buffer.
@@ -152,6 +153,26 @@ GetMpServices (
return PeiServicesLocatePpi (&gEdkiiPeiMpServices2PpiGuid, 0, NULL, (VOID
**)&MpServices->Ppi);
}
+/**
+ Checks if stack guard is enabled.
+
+ @param[in] Context The unit test context
+**/
+UNIT_TEST_STATUS
+EFIAPI
+IsStackGuardEnabled (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ MEMORY_PROTECTION_SETTINGS Mps;
+
+ if (!EFI_ERROR (GetCurrentMemoryProtectionSettings (&Mps))) {
+ return Mps.Dxe.CpuStackGuardEnabled;
+ }
+
+ return FALSE;
+}
+
/**
Entry point of CpuExceptionHandlerPeiTest PEIM.
diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
index 57ddb86600a7..551a7924fad3 100644
--- a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
@@ -13,6 +13,7 @@
#include <Library/DebugAgentLib.h>
#include <Library/DxeServicesTableLib.h>
#include <Library/CcExitLib.h>
+#include <Library/GetMemoryProtectionsLib.h>
#include <Register/Amd/Fam17Msr.h>
#include <Register/Amd/Ghcb.h>
@@ -497,7 +498,7 @@ InitMpGlobalData (
return;
}
- if (PcdGetBool (PcdCpuStackGuard)) {
+ if (gMps.Dxe.CpuStackGuardEnabled) {
//
// One extra page at the bottom of the stack is needed for Guard page.
//
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
index b11264ce4aa7..7e6c9899b069 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
@@ -160,7 +160,7 @@ SmiPFHandler (
//
// If NULL pointer was just accessed
//
- if (((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0) &&
+ if (gMps.Mm.NullPointerDetection.Enabled &&
(PFAddress < EFI_PAGE_SIZE))
{
DumpCpuContext (InterruptType, SystemContext);
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
index 6f498666157e..4c02749c174e 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
@@ -1679,7 +1679,7 @@ GenSmmPageTable (
}
}
- if ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0) {
+ if (gMps.Mm.NullPointerDetection.Enabled) {
//
// Mark [0, 4k] as non-present
//
@@ -1834,13 +1834,13 @@ IfReadOnlyPageTableNeeded (
//
// Don't mark page table memory as read-only if
// - no restriction on access to non-SMRAM memory; or
- // - SMM heap guard feature enabled; or
- // BIT2: SMM page guard enabled
- // BIT3: SMM pool guard enabled
+ // - SMM page guard enabled
+ // - SMM pool guard enabled
// - SMM profile feature enabled
//
if (!IsRestrictedMemoryAccess () ||
- ((PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) != 0) ||
+ IS_MM_PAGE_GUARD_ACTIVE ||
+ IS_MM_POOL_GUARD_ACTIVE ||
FeaturePcdGet (PcdCpuSmmProfileEnable))
{
if (sizeof (UINTN) == sizeof (UINT64)) {
@@ -1849,7 +1849,8 @@ IfReadOnlyPageTableNeeded (
//
ASSERT (
!(IsRestrictedMemoryAccess () &&
- (PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) != 0)
+ (IS_MM_PAGE_GUARD_ACTIVE ||
+ IS_MM_POOL_GUARD_ACTIVE))
);
//
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
index 7ac3c66f911c..4f48e0c4f399 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
@@ -610,7 +610,7 @@ InitPaging (
//
// [0, 4k] may be non-present.
//
- PreviousAddress = ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) !=
0) ? BASE_4KB : 0;
+ PreviousAddress = (gMps.Mm.NullPointerDetection.Enabled) ? BASE_4KB : 0;
DEBUG ((DEBUG_INFO, "Patch page table start ...\n"));
if (FeaturePcdGet (PcdCpuSmmProfileEnable)) {
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
index ddd9be66b53f..10e26cd72f6d 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
@@ -932,7 +932,7 @@ SmiPFHandler (
//
// If NULL pointer was just accessed
//
- if (((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0) &&
+ if (gMps.Mm.NullPointerDetection.Enabled &&
(PFAddress < EFI_PAGE_SIZE))
{
DumpCpuContext (InterruptType, SystemContext);
diff --git a/UefiCpuPkg/CpuDxe/CpuDxe.h b/UefiCpuPkg/CpuDxe/CpuDxe.h
index 0e7d88dd357c..a0284c562fa1 100644
--- a/UefiCpuPkg/CpuDxe/CpuDxe.h
+++ b/UefiCpuPkg/CpuDxe/CpuDxe.h
@@ -35,15 +35,18 @@
#include <Library/ReportStatusCodeLib.h>
#include <Library/MpInitLib.h>
#include <Library/TimerLib.h>
+#include <Library/GetMemoryProtectionsLib.h>
#include <Guid/IdleLoopEvent.h>
#include <Guid/VectorHandoffTable.h>
-#define HEAP_GUARD_NONSTOP_MODE \
- ((PcdGet8 (PcdHeapGuardPropertyMask) & (BIT6|BIT4|BIT1|BIT0)) > BIT6)
+#define HEAP_GUARD_NONSTOP_MODE (gMps.Dxe.HeapGuard.NonstopModeEnabled
&& \
+ (IS_DXE_PAGE_GUARD_ACTIVE
|| \
+ IS_DXE_POOL_GUARD_ACTIVE
|| \
+
gMps.Dxe.HeapGuard.FreedMemoryGuardEnabled)) \
-#define NULL_DETECTION_NONSTOP_MODE \
- ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & (BIT6|BIT0)) > BIT6)
+#define NULL_DETECTION_NONSTOP_MODE (gMps.Dxe.NullPointerDetection.Enabled &&
\
+
gMps.Dxe.NullPointerDetection.NonstopModeEnabled)
/**
Flush CPU data cache. If the instruction cache is fully coherent
diff --git a/UefiCpuPkg/CpuDxe/CpuDxe.inf b/UefiCpuPkg/CpuDxe/CpuDxe.inf
index 1d3e9f8cdb29..85387c3ecdf2 100644
--- a/UefiCpuPkg/CpuDxe/CpuDxe.inf
+++ b/UefiCpuPkg/CpuDxe/CpuDxe.inf
@@ -40,6 +40,7 @@ [LibraryClasses]
MpInitLib
TimerLib
PeCoffGetEntryPointLib
+ GetMemoryProtectionsLib
[Sources]
CpuDxe.c
@@ -74,9 +75,6 @@ [Ppis]
[Pcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ##
CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ##
CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ##
CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ##
CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList ##
CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize ##
CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask ##
CONSUMES
diff --git a/UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf
b/UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf
index 9d9a5ef8f247..262f9e6d9d5a 100644
--- a/UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf
+++ b/UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf
@@ -56,9 +56,6 @@ [Ppis]
gEfiSecPlatformInformationPpiGuid ## UNDEFINED # HOB
[Pcd]
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ##
CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ##
CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ##
CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList ##
CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize ##
CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuCoreCrystalClockFrequency ##
CONSUMES
diff --git
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf
index fdbebadab93d..1fddf15b70bd 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf
@@ -39,7 +39,6 @@ [Sources.common]
DxeException.c
[Pcd]
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard
gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList
gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize
diff --git
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.inf
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.inf
index 3bcaff5c5fe4..348f7ed56c99 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.inf
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.inf
@@ -55,7 +55,6 @@ [LibraryClasses]
CcExitLib
[Pcd]
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard # CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize
gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList
diff --git
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
index e7b1144f6941..0217c983d7c6 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
@@ -51,7 +51,6 @@ [LibraryClasses]
CcExitLib
[Pcd]
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard
gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList
gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize
diff --git
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf
index 27f0b96fa9e9..6dc09b447ff0 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf
@@ -54,7 +54,6 @@ [LibraryClasses]
CcExitLib
[Pcd]
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard
gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList
gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize
diff --git
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTest.h
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTest.h
index bad3387db5bc..47bde8574b32 100644
---
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTest.h
+++
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTest.h
@@ -27,7 +27,7 @@
In this test case, stack overflow is triggered by a funtion which calls
itself continuously. This test case triggers stack
overflow in both BSP and AP. All AP use same Idt with Bsp. The expectation
is:
1. PF exception is triggered (leading to a DF if sepereated stack is not
prepared for PF) when Rsp <= StackBase + SIZE_4KB
- since [StackBase, StackBase + SIZE_4KB] is marked as not present in
page table when PcdCpuStackGuard is TRUE.
+ since [StackBase, StackBase + SIZE_4KB] is marked as not present in
page table when CpuStackGuard is TRUE.
2. Stack for PF/DF exception handler in both Bsp and AP is succussfully
switched by InitializeSeparateExceptionStacks.
**/
@@ -342,4 +342,15 @@ CpuStackGuardExceptionHandler (
IN EFI_SYSTEM_CONTEXT SystemContext
);
+/**
+ Checks if stack guard is enabled.
+
+ @param[in] Context The unit test context
+**/
+UNIT_TEST_STATUS
+EFIAPI
+IsStackGuardEnabled (
+ IN UNIT_TEST_CONTEXT Context
+ );
+
#endif
diff --git
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerLibUnitTest.inf
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerLibUnitTest.inf
index a904eb250475..09c00fce8627 100644
---
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerLibUnitTest.inf
+++
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerLibUnitTest.inf
@@ -43,12 +43,12 @@ [LibraryClasses]
HobLib
UefiBootServicesTableLib
CpuPageTableLib
+ GetMemoryProtectionsLib
[Guids]
gEfiHobMemoryAllocStackGuid
[Pcd]
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize ## CONSUMES
[Protocols]
diff --git
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerLibUnitTest.inf
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerLibUnitTest.inf
index 25f8f8dbe0e9..41fa759bf31e 100644
---
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerLibUnitTest.inf
+++
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerLibUnitTest.inf
@@ -48,9 +48,9 @@ [LibraryClasses]
PeiServicesLib
CpuPageTableLib
PeiServicesTablePointerLib
+ SetMemoryProtectionsLib
[Pcd]
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize ## CONSUMES
[Ppis]
diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
index 55e46d4a1fad..8edc7227d108 100644
--- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
+++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
@@ -58,6 +58,8 @@ [LibraryClasses]
PcdLib
CcExitLib
MicrocodeLib
+ GetMemoryProtectionsLib
+
[LibraryClasses.X64]
CpuPageTableLib
@@ -82,6 +84,5 @@ [Pcd]
gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures ##
CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ##
SOMETIMES_CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi ##
CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ##
CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ##
CONSUMES
gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr ##
CONSUMES
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
index 5d52ed7d1329..56f64873fe50 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
@@ -103,6 +103,7 @@ [LibraryClasses]
PerformanceLib
CpuPageTableLib
MmSaveStateLib
+ GetMemoryProtectionsLib
[Protocols]
gEfiSmmAccess2ProtocolGuid ## CONSUMES
@@ -146,8 +147,6 @@ [Pcd]
gUefiCpuPkgTokenSpaceGuid.PcdCpuFeaturesInitOnS3Resume ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ##
CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ##
CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ##
CONSUMES
gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask ##
CONSUMES
[FixedPcd]
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfileInternal.h
b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfileInternal.h
index 964dd5281780..1ac91d9d3ce4 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfileInternal.h
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfileInternal.h
@@ -15,6 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/DxeServicesTableLib.h>
#include <Library/CpuLib.h>
#include <IndustryStandard/Acpi.h>
+#include <Library/GetMemoryProtectionsLib.h>
#include "SmmProfileArch.h"
@@ -57,11 +58,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#define MSR_DEBUG_CTL_BTINT 0x100
#define MSR_DS_AREA 0x600
-#define HEAP_GUARD_NONSTOP_MODE \
- ((PcdGet8 (PcdHeapGuardPropertyMask) & (BIT6|BIT3|BIT2)) > BIT6)
+#define HEAP_GUARD_NONSTOP_MODE (gMps.Mm.HeapGuard.NonstopModeEnabled
&& \
+ (IS_MM_PAGE_GUARD_ACTIVE ||
IS_MM_POOL_GUARD_ACTIVE))
-#define NULL_DETECTION_NONSTOP_MODE \
- ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & (BIT6|BIT1)) > BIT6)
+#define NULL_DETECTION_NONSTOP_MODE
(gMps.Mm.NullPointerDetection.NonstopModeEnabled && \
+ gMps.Mm.NullPointerDetection.Enabled)
typedef struct {
EFI_PHYSICAL_ADDRESS Base;
diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
index 68473fc640e6..8c667269ad7f 100644
--- a/UefiCpuPkg/UefiCpuPkg.dec
+++ b/UefiCpuPkg/UefiCpuPkg.dec
@@ -192,13 +192,13 @@ [PcdsFeatureFlag]
[PcdsFixedAtBuild]
## List of exception vectors which need switching stack.
- # This PCD will only take into effect if PcdCpuStackGuard is enabled.
+ # This PCD will only take into effect if the CPU Stack Guard is enabled.
# By default exception #DD(8), #PF(14) are supported.
# @Prompt Specify exception vectors which need switching stack.
gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList|{0x08,
0x0E}|VOID*|0x30002000
## Size of good stack for an exception.
- # This PCD will only take into effect if PcdCpuStackGuard is enabled.
+ # This PCD will only take into effect if the CPU Stack Guard is enabled.
# @Prompt Specify size of good stack of exception which need switching stack.
gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize|2048|UINT32|0x30002001
@@ -388,9 +388,8 @@ [PcdsFixedAtBuild.X64, PcdsPatchableInModule.X64,
PcdsDynamic.X64, PcdsDynamicEx
# and the memory occupied by page table is protected by page table itself
as read-only.
# In X64 build, it cannot be enabled at the same time with SMM profile
feature (PcdCpuSmmProfileEnable).
# In X64 build, it could not be enabled also at the same time with heap
guard feature for SMM
- # (PcdHeapGuardPropertyMask in MdeModulePkg).
# In IA32 build, page table memory is not marked as read-only when either
SMM profile feature (PcdCpuSmmProfileEnable)
- # or heap guard feature for SMM (PcdHeapGuardPropertyMask in MdeModulePkg)
is enabled.
+ # or heap guard feature for SMM is enabled.
# TRUE - Access to non-SMRAM memory is restricted to reserved, runtime
and ACPI NVS type after SmmReadyToLock.<BR>
# FALSE - Access to any type of non-SMRAM memory after SmmReadyToLock is
allowed.<BR>
# @Prompt Access to non-SMRAM memory is restricted to reserved, runtime and
ACPI NVS type after SmmReadyToLock.
diff --git a/UefiCpuPkg/UefiCpuPkg.dsc b/UefiCpuPkg/UefiCpuPkg.dsc
index 074fd774616d..2dbb8394b382 100644
--- a/UefiCpuPkg/UefiCpuPkg.dsc
+++ b/UefiCpuPkg/UefiCpuPkg.dsc
@@ -66,6 +66,8 @@ [LibraryClasses]
UnitTestLib|UnitTestFrameworkPkg/Library/UnitTestLib/UnitTestLib.inf
UnitTestPersistenceLib|UnitTestFrameworkPkg/Library/UnitTestPersistenceLibNull/UnitTestPersistenceLibNull.inf
UnitTestResultReportLib|UnitTestFrameworkPkg/Library/UnitTestResultReportLib/UnitTestResultReportLibDebugLib.inf
+
GetMemoryProtectionsLib|MdeModulePkg/Library/GetMemoryProtectionsLib/GetMemoryProtectionsLibNull.inf
+
SetMemoryProtectionsLib|MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLibNull.inf
[LibraryClasses.common.SEC]
PlatformSecLib|UefiCpuPkg/Library/PlatformSecLibNull/PlatformSecLibNull.inf
diff --git a/UefiCpuPkg/UefiCpuPkg.uni b/UefiCpuPkg/UefiCpuPkg.uni
index d17bcfd10c7a..5719917a041e 100644
--- a/UefiCpuPkg/UefiCpuPkg.uni
+++ b/UefiCpuPkg/UefiCpuPkg.uni
@@ -170,8 +170,7 @@
"If enabled, SMM will not use on-demand paging. SMM will build static
page table for all memory.\n"
"This flag only impacts X64 build, because SMM always builds static page
table for IA32.\n"
"It could not be enabled at the same time with SMM profile feature
(PcdCpuSmmProfileEnable).\n"
-
"It could not be enabled also at the same time with heap guard feature
for SMM\n"
-
"(PcdHeapGuardPropertyMask in MdeModulePkg).<BR><BR>\n"
+
"It could not be enabled also at the same time with heap guard feature
for SMM.<BR><BR>\n"
"TRUE - SMM uses static page table for all memory.<BR>\n"
"FALSE - SMM uses static page table for below 4G memory and use on-demand
paging for above 4G memory.<BR>"
@@ -217,9 +216,8 @@
"and the memory occupied by page table is protected by page table
itself as read-only.<BR>\n"
"In X64 build, it cannot be enabled at the same time with SMM
profile feature (PcdCpuSmmProfileEnable).<BR>\n"
"In X64 build, it could not be enabled also at the same time with
heap guard feature for SMM<BR>\n"
-
"(PcdHeapGuardPropertyMask in MdeModulePkg).<BR>\n"
"In IA32 build, page table memory is not marked as read-only when
either SMM profile feature (PcdCpuSmmProfileEnable)<BR>\n"
-
"or heap guard feature for SMM (PcdHeapGuardPropertyMask in
MdeModulePkg) is enabled.<BR>\n"
+
"or heap guard feature for SMM is enabled.<BR>\n"
"TRUE - Access to non-SMRAM memory is restricted to reserved,
runtime and ACPI NVS type after SmmReadyToLock.<BR>\n"
"FALSE - Access to any type of non-SMRAM memory after
SmmReadyToLock is allowed.<BR>"
@@ -266,13 +264,13 @@
#string STR_gUefiCpuPkgTokenSpaceGuid_PcdCpuStackSwitchExceptionList_PROMPT
#language en-US "Specify exception vectors which need switching stack."
#string STR_gUefiCpuPkgTokenSpaceGuid_PcdCpuStackSwitchExceptionList_HELP
#language en-US "List of exception vectors which need switching stack.\n"
-
"This PCD will only take into effect if PcdCpuStackGuard is
enabled.n"
+
"This PCD will only take into effect if the CPU Stack Guard is
enabled.n"
"By default exception #DD(8), #PF(14) are supported.n"
#string STR_gUefiCpuPkgTokenSpaceGuid_PcdCpuKnownGoodStackSize_PROMPT
#language en-US "Specify size of good stack of exception which need switching
stack."
#string STR_gUefiCpuPkgTokenSpaceGuid_PcdCpuKnownGoodStackSize_HELP #language
en-US "Size of good stack for an exception.\n"
-
"This PCD will only take into effect if PcdCpuStackGuard is enabled.\n"
+
"This PCD will only take into effect if the CPU Stack Guard is enabled.\n"
#string STR_gUefiCpuPkgTokenSpaceGuid_PcdCpuCoreCrystalClockFrequency_PROMPT
#language en-US "Specifies CPUID Leaf 0x15 Time Stamp Counter and Nominal Core
Crystal Clock Frequency."
--
2.42.0.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108172): https://edk2.groups.io/g/devel/message/108172
Mute This Topic: https://groups.io/mt/101064092/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
