On 08/05/15 18:18, Andrew Fish wrote: > >> On Aug 5, 2015, at 8:41 AM, Laszlo Ersek <ler...@redhat.com >> <mailto:ler...@redhat.com>> wrote: >> >> >> On 07/31/15 14:22, Star Zeng wrote: >>> This feature is added for UEFI spec that says >>> "Stack may be marked as non-executable in identity mapped page tables". >>> A PCD PcdSetNxForStack is added to turn on/off this feature, and it is >>> FALSE by default. >>> >>> Cc: Jiewen Yao <jiewen....@intel.com <mailto:jiewen....@intel.com>> >>> Contributed-under: TianoCore Contribution Agreement 1.0 >>> Signed-off-by: Star Zeng <star.z...@intel.com >>> <mailto:star.z...@intel.com>> >>> --- >>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 3 +- >>> MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 185 >>> ++++++++++++++++++++++- >>> MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c | 10 +- >>> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 160 >>> +++++++++++++++++--- >>> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 61 +++++++- >>> MdeModulePkg/MdeModulePkg.dec | 11 +- >>> MdeModulePkg/MdeModulePkg.uni | Bin 166792 -> >>> 168862 bytes >>> 7 files changed, 392 insertions(+), 38 deletions(-) >> >> I tried to enable this feature in the OvmfPkg builds (all three of them). >> > > Good thing it is a PCD flag.
I thought the same :) >> Unfortunately, I have found that a non-executable DXE stack breaks the >> EFI_MP_SERVICE_PROTOCOL.StartupAllAPs() function. (Which is provided by >> "UefiCpuPkg/CpuDxe/CpuMp.c".) The virtual machine is re-set when that >> function is called. >> > > I would think it would just be the BSP stack that is set to NX. This > could be a bug in the code, as the AP’s run off a different stack that > is not NX, and it looks like the code gets copied to BootServices, and > the AP startup code in ACPI NVS memory? I hope the respective package maintainers / feature developers will seize the opportunity to investigate this! :) I have the interest, but not the time, to dig into it right now. Thanks! Laszlo > > Thanks, > > Andrew Fish > >> I presume the starup code for the APs resides in an area that happens to >> be marked non-executable (if this feature enabled), and that causes a >> fatal fault or some such when the APs get the startup IPI. >> >> Thanks >> Laszlo >> _______________________________________________ >> edk2-devel mailing list >> edk2-devel@lists.01.org <mailto:edk2-devel@lists.01.org> >> https://lists.01.org/mailman/listinfo/edk2-devel > _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
