UefiCpuPkg: Always Initialize Separate AP Exception Stacks

Today, CpuMpPei and CpuDxe only initialize separate exception stacks for the APs when PcdCpuStackGuard is enabled so that if a stack overflow occurs, hitting the guard page, the exception can be handler with a separate stack. However, this operation also creates a separate GDT for each AP. This is a safer option than all APs sharing the BSP's GDT because there are issues with concurrent access to the structures contained within. Furthermore, even when a stack guard page is not present, stack overflows can still occur and corrupt the stack; if an exception is taken here, it is still valuable to have a separate exception stack for sanity. This commit updates CpuMpPei and CpuDxe to always create separate exception stacks for the APs (and therefore separate GDTs). Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
2025-10-30 07:56:39 +08:00 · 2025-09-26 09:43:44 -07:00
parent f64b4065b7
commit e67f405713
3 changed files with 4 additions and 10 deletions
--- a/UefiCpuPkg/CpuDxe/CpuDxe.inf
+++ b/UefiCpuPkg/CpuDxe/CpuDxe.inf
@ -89,7 +89,6 @@

 [Pcd]
  gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask    ## CONSUMES
-  gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard                       ## CONSUMES
  gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask               ## CONSUMES
  gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask    ## CONSUMES
  gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask                    ## CONSUMES
--- a/UefiCpuPkg/CpuDxe/CpuMp.c
+++ b/UefiCpuPkg/CpuDxe/CpuMp.c
@ -761,11 +761,9 @@ InitializeMpExceptionHandlers (
  }

  //
-  // Setup stack switch for Stack Guard feature.
+  // Setup stack switch for Stack Guard feature and separate AP GDTs.
  //
-  if (PcdGetBool (PcdCpuStackGuard)) {
-    InitializeMpExceptionStackSwitchHandlers ();
-  }
+  InitializeMpExceptionStackSwitchHandlers ();
 }

 /**
--- a/UefiCpuPkg/CpuMpPei/CpuMpPei.c
+++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.c
@ -68,7 +68,8 @@ InitializeExceptionStackSwitchHandlers (
 }

 /**
-  Initializes MP exceptions handlers for the sake of stack switch requirement.
+  Initializes MP exceptions handlers for the sake of stack switch requirement and giving the APs
+  their own GDTs.

  This function will allocate required resources required to setup stack switch
  and pass them through SwitchStackData to each logic processor.
@ -86,10 +87,6 @@ InitializeMpExceptionStackSwitchHandlers (
  EFI_STATUS                      Status;
  UINT8                           *Buffer;

-  if (!PcdGetBool (PcdCpuStackGuard)) {
-    return;
-  }
-
  Status = MpInitLibGetNumberOfProcessors (&NumberOfProcessors, NULL);
  ASSERT_EFI_ERROR (Status);