Re: [edk2] [PATCH v4 13/41] OvmfPkg: LockBox: -D SMM_REQUIRE excludes our fake lockbox

Wed, 04 Nov 2015 02:48:08 -0800 

On 11/04/15 09:52, Paolo Bonzini wrote:
> 
> 
> On 03/11/2015 22:00, Laszlo Ersek wrote:
>> When the user builds OVMF with -D SMM_REQUIRE, our LockBox implementation
>> must not be used, since it doesn't actually protect data in the LockBox
>> from the runtime guest OS. Add an according assert to
>> LockBoxLibInitialize().
>>
>> Furthermore, since our LockBox must not be selected with -D SMM_REQUIRE,
>> it makes sense to set aside memory for it only if -D SMM_REQUIRE is
>> absent. Modify InitializeRamRegions() accordingly.
>>
>> This patch completes the -D SMM_REQUIRE-related tweaking of the special
>> OVMF memory areas.
>>
>> Contributed-under: TianoCore Contribution Agreement 1.0
>> Signed-off-by: Laszlo Ersek <ler...@redhat.com>
>> ---
>>  OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf |  3 ++
>>  OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf  |  3 ++
>>  OvmfPkg/Library/LockBoxLib/LockBoxLib.c       |  2 +
>>  OvmfPkg/PlatformPei/MemDetect.c               | 40 ++++++++++----------
>>  4 files changed, 29 insertions(+), 19 deletions(-)
>>
>> diff --git a/OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf 
>> b/OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
>> index 7203d07..81c893e 100644
>> --- a/OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
>> +++ b/OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
>> @@ -42,3 +42,6 @@ [LibraryClasses]
>>  [Pcd]
>>    gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase
>>    gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageSize
>> +
>> +[FeaturePcd]
>> +  gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
>> diff --git a/OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf 
>> b/OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf
>> index a4d27a5..08973a4 100644
>> --- a/OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf
>> +++ b/OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf
>> @@ -43,3 +43,6 @@ [LibraryClasses]
>>  [Pcd]
>>    gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase
>>    gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageSize
>> +
>> +[FeaturePcd]
>> +  gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
>> diff --git a/OvmfPkg/Library/LockBoxLib/LockBoxLib.c 
>> b/OvmfPkg/Library/LockBoxLib/LockBoxLib.c
>> index 89050ac..45481b9 100644
>> --- a/OvmfPkg/Library/LockBoxLib/LockBoxLib.c
>> +++ b/OvmfPkg/Library/LockBoxLib/LockBoxLib.c
>> @@ -44,6 +44,8 @@ LockBoxLibInitialize (
>>  {
>>    UINTN NumEntries;
>>  
>> +  ASSERT (!FeaturePcdGet (PcdSmmSmramRequire));
>> +
>>    if (PcdGet32 (PcdOvmfLockBoxStorageSize) < sizeof (LOCK_BOX_GLOBAL)) {
>>      return RETURN_UNSUPPORTED;
>>    }
>> diff --git a/OvmfPkg/PlatformPei/MemDetect.c 
>> b/OvmfPkg/PlatformPei/MemDetect.c
>> index 1bdc2df..455fcbb 100644
>> --- a/OvmfPkg/PlatformPei/MemDetect.c
>> +++ b/OvmfPkg/PlatformPei/MemDetect.c
>> @@ -407,25 +407,27 @@ InitializeRamRegions (
>>    }
>>  
>>    if (mBootMode != BOOT_ON_S3_RESUME) {
>> -    //
>> -    // Reserve the lock box storage area
>> -    //
>> -    // Since this memory range will be used on S3 resume, it must be
>> -    // reserved as ACPI NVS.
>> -    //
>> -    // If S3 is unsupported, then various drivers might still write to the
>> -    // LockBox area. We ought to prevent DXE from serving allocation 
>> requests
>> -    // such that they would overlap the LockBox storage.
>> -    //
>> -    ZeroMem (
>> -      (VOID*)(UINTN) PcdGet32 (PcdOvmfLockBoxStorageBase),
>> -      (UINTN) PcdGet32 (PcdOvmfLockBoxStorageSize)
>> -      );
>> -    BuildMemoryAllocationHob (
>> -      (EFI_PHYSICAL_ADDRESS)(UINTN) PcdGet32 (PcdOvmfLockBoxStorageBase),
>> -      (UINT64)(UINTN) PcdGet32 (PcdOvmfLockBoxStorageSize),
>> -      mS3Supported ? EfiACPIMemoryNVS : EfiBootServicesData
>> -      );
>> +    if (!FeaturePcdGet (PcdSmmSmramRequire)) {
>> +      //
>> +      // Reserve the lock box storage area
>> +      //
>> +      // Since this memory range will be used on S3 resume, it must be
>> +      // reserved as ACPI NVS.
>> +      //
>> +      // If S3 is unsupported, then various drivers might still write to the
>> +      // LockBox area. We ought to prevent DXE from serving allocation 
>> requests
>> +      // such that they would overlap the LockBox storage.
>> +      //
>> +      ZeroMem (
>> +        (VOID*)(UINTN) PcdGet32 (PcdOvmfLockBoxStorageBase),
>> +        (UINTN) PcdGet32 (PcdOvmfLockBoxStorageSize)
>> +        );
>> +      BuildMemoryAllocationHob (
>> +        (EFI_PHYSICAL_ADDRESS)(UINTN) PcdGet32 (PcdOvmfLockBoxStorageBase),
>> +        (UINT64)(UINTN) PcdGet32 (PcdOvmfLockBoxStorageSize),
>> +        mS3Supported ? EfiACPIMemoryNVS : EfiBootServicesData
>> +        );
>> +    }
>>  
>>      if (FeaturePcdGet (PcdSmmSmramRequire)) {
>>        UINT32 TsegSize;
>>
> 
> Reviewed-by: Paolo Bonzini <pbonz...@redhat.com>
> 

Thanks, picked this up (and the previous one).
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Reply via email to