Virtualization
/
edk2
mirror of https://gitlab.com/qemu-project/edk2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

UefiCpuPkg/PiSmmCpuDxeSmm: Enable CodeAccessCheck in MM Entry Point 

For MM:
CodeAccessCheck is designed to enable in the MM CPU Driver Entry
Point.

For SMM:
CodeAccessCheck is still enabled in the first SMI when SMM ready
to lock happen.

This patch enables the CodeAccessCheck in MM CPU Driver Entry
Point for MM support.

Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Yuanhao Xie <yuanhao.xie@intel.com>
This commit is contained in:
Jiaxin Wu 2024-06-26 15:28:36 +08:00 committed by mergify[bot]
parent 1c19ccd510
commit 268397a892
4 changed files with 50 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuCommon.c
View File

@ -362,7 +362,20 @@ InitializeSmm (
// //
// Check XD and BTS features on each processor on normal boot // Check XD and BTS features on each processor on normal boot
// //
CheckFeatureSupported (); CheckFeatureSupported (Index);
if (mIsStandaloneMm) {
AcquireSpinLock (mConfigSmmCodeAccessCheckLock);
//
// Standalone MM does not allow call out to DXE at anytime.
// Code Access check can be enabled in the first SMI.
// While SMM needs to defer the enabling to EndOfDxe.
//
// Enable SMM Code Access Check feature.
//
ConfigSmmCodeAccessCheckOnCurrentProcessor (&Index);
}
} else if (IsBsp) { } else if (IsBsp) {
// //
// BSP rebase is already done above. // BSP rebase is already done above.
@ -410,6 +423,11 @@ ExecuteFirstSmiInit (
// //
ZeroMem ((VOID *)mSmmInitialized, sizeof (BOOLEAN) * mMaxNumberOfCpus); ZeroMem ((VOID *)mSmmInitialized, sizeof (BOOLEAN) * mMaxNumberOfCpus);
//
// Initialize the lock used to serialize the MSR programming in BSP and all APs
//
InitializeSpinLock (mConfigSmmCodeAccessCheckLock);
// //
// Get the BSP ApicId. // Get the BSP ApicId.
// //
@ -1427,26 +1445,6 @@ ConfigSmmCodeAccessCheck (
// Check to see if the Feature Control MSR is supported on this CPU // Check to see if the Feature Control MSR is supported on this CPU
// //
Index = gSmmCpuPrivate->SmmCoreEntryContext.CurrentlyExecutingCpu; Index = gSmmCpuPrivate->SmmCoreEntryContext.CurrentlyExecutingCpu;
if (!SmmCpuFeaturesIsSmmRegisterSupported (Index, SmmRegFeatureControl)) {
mSmmCodeAccessCheckEnable = FALSE;
PERF_FUNCTION_END ();
return;
}
//
// Check to see if the CPU supports the SMM Code Access Check feature
// Do not access this MSR unless the CPU supports the SmmRegFeatureControl
//
if ((AsmReadMsr64 (EFI_MSR_SMM_MCA_CAP) & SMM_CODE_ACCESS_CHK_BIT) == 0) {
mSmmCodeAccessCheckEnable = FALSE;
PERF_FUNCTION_END ();
return;
}
//
// Initialize the lock used to serialize the MSR programming in BSP and all APs
//
InitializeSpinLock (mConfigSmmCodeAccessCheckLock);
// //
// Acquire Config SMM Code Access Check spin lock. The BSP will release the // Acquire Config SMM Code Access Check spin lock. The BSP will release the

13
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuCommon.h
View File

@ -474,6 +474,7 @@ extern EFI_SMRAM_DESCRIPTOR *mSmmCpuSmramRanges;
extern UINTN mSmmCpuSmramRangeCount; extern UINTN mSmmCpuSmramRangeCount;
extern UINT8 mPhysicalAddressBits; extern UINT8 mPhysicalAddressBits;
extern BOOLEAN mSmmDebugAgentSupport; extern BOOLEAN mSmmDebugAgentSupport;
extern BOOLEAN mSmmCodeAccessCheckEnable;
// //
// Copy of the PcdPteMemoryEncryptionAddressOrMask // Copy of the PcdPteMemoryEncryptionAddressOrMask
@ -847,6 +848,18 @@ InitMsrSpinLockByIndex (
IN UINT32 MsrIndex IN UINT32 MsrIndex
); );
/**
Configure SMM Code Access Check feature on an AP.
SMM Feature Control MSR will be locked after configuration.
@param[in,out] Buffer Pointer to private data buffer.
**/
VOID
EFIAPI
ConfigSmmCodeAccessCheckOnCurrentProcessor (
IN OUT VOID *Buffer
);
/** /**
Configure SMM Code Access Check feature for all processors. Configure SMM Code Access Check feature for all processors.
SMM Feature Control MSR will be locked after configuration. SMM Feature Control MSR will be locked after configuration.

17
UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
View File

@ -859,10 +859,11 @@ InitSmmProfileInternal (
/** /**
Check if feature is supported by a processor. Check if feature is supported by a processor.
@param CpuIndex The index of the CPU.
**/ **/
VOID VOID
CheckFeatureSupported ( CheckFeatureSupported (
VOID IN UINTN CpuIndex
) )
{ {
UINT32 RegEax; UINT32 RegEax;
@ -904,6 +905,20 @@ CheckFeatureSupported (
} }
} }
} }
if (mSmmCodeAccessCheckEnable) {
if (!SmmCpuFeaturesIsSmmRegisterSupported (CpuIndex, SmmRegFeatureControl)) {
mSmmCodeAccessCheckEnable = FALSE;
}
//
// Check to see if the CPU supports the SMM Code Access Check feature
// Do not access this MSR unless the CPU supports the SmmRegFeatureControl
//
if ((AsmReadMsr64 (EFI_MSR_SMM_MCA_CAP) & SMM_CODE_ACCESS_CHK_BIT) == 0) {
mSmmCodeAccessCheckEnable = FALSE;
}
}
} }
/** /**

3
UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h
View File

@ -83,10 +83,11 @@ PageFaultIdtHandlerSmmProfile (
/** /**
Check if feature is supported by a processor. Check if feature is supported by a processor.
@param CpuIndex The index of the CPU.
**/ **/
VOID VOID
CheckFeatureSupported ( CheckFeatureSupported (
VOID IN UINTN CpuIndex
); );
/** /**