| d2fc7711136a13ea3ea8e00de6d9651507b8ed50 |
|
24-Nov-2016 |
Jiewen Yao <jiewen.yao@intel.com> |
UefiCpuPkg/PiSmmCpu: Add SMM Comm Buffer Paging Protection.
This patch sets the normal OS buffer EfiLoaderCode/Data,
EfiBootServicesCode/Data, EfiConventionalMemory, EfiACPIReclaimMemory
to be not present after SmmReadyToLock.
To access these region in OS runtime phase is not a good solution.
Previously, we did similar check in SmmMemLib to help SMI handler
do the check. But if SMI handler forgets the check, it can still
access these OS region and bring risk.
So here we enforce the policy to prevent it happening.
Cc: Jeff Fan <jeff.fan@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
/device/linaro/bootloader/edk2/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
|
| 7fa1376c5c97d18eac719f35e5e85356d3c1b033 |
|
22-Nov-2016 |
Jiewen Yao <jiewen.yao@intel.com> |
UefiCpuPkg/PiSmmCpu: Correct exception message.
This patch fixes the first part of
https://bugzilla.tianocore.org/show_bug.cgi?id=242
Previously, when SMM exception happens, "stack overflow" is misreported.
This patch checked the PF address to see it is stack overflow, or
it is caused by SMM page protection.
It dumps exception data, PF address and the module trigger the issue.
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Jeff Fan <jeff.fan@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
/device/linaro/bootloader/edk2/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
|
| 5c88af795dadb81c9fe43af813b7b6d69bc5e0e4 |
|
16-Nov-2016 |
Jeff Fan <jeff.fan@intel.com> |
MdeModulePkg/PiSmmCpuDxeSmm: Check RegisterCpuInterruptHandler status
Once platform selects the incorrect instance, the caller could know it from
return status and ASSERT().
Cc: Feng Tian <feng.tian@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
/device/linaro/bootloader/edk2/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
|
| 717fb60443fbaedfab9a37fd186361b3b9e1ecfe |
|
23-Oct-2016 |
Jiewen Yao <jiewen.yao@intel.com> |
UefiCpuPkg/PiSmmCpuDxeSmm: Add paging protection.
PiSmmCpuDxeSmm consumes SmmAttributesTable and setup page table:
1) Code region is marked as read-only and Data region is non-executable,
if the PE image is 4K aligned.
2) Important data structure is set to RO, such as GDT/IDT.
3) SmmSaveState is set to non-executable,
and SmmEntrypoint is set to read-only.
4) If static page is supported, page table is read-only.
We use page table to protect other components, and itself.
If we use dynamic paging, we can still provide *partial* protection.
And hope page table is not modified by other components.
The XD enabling code is moved to SmiEntry to let NX take effect.
Cc: Jeff Fan <jeff.fan@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
/device/linaro/bootloader/edk2/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
|
| fe3a75bc41545125f76c28238016658f48833ba2 |
|
22-Mar-2016 |
Jeff Fan <jeff.fan@intel.com> |
UefiCpuPkg/PiSmmCpuDxeSmm: Using global semaphores in aligned buffer
Update all global semaphores to the ones in allocated aligned
semaphores buffer.
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
/device/linaro/bootloader/edk2/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
|
| 881520ea6778953c57d975ca2a9cf3f2114f99c4 |
|
30-Nov-2015 |
Yao, Jiewen <jiewen.yao@intel.com> |
UefiCpuPkg/PiSmmCpu: Always set RW+P bit for page table by default
So that we can use write-protection for code later.
This is REPOST.
It includes the bug fix from "Paolo Bonzini" <pbonzini@redhat.com>:
Title: fix generation of 32-bit PAE page tables
"Bits 1 and 2 are reserved in 32-bit PAE Page Directory Pointer Table
Entries (PDPTEs); see Table 4-8 in the SDM. With VMX extended page
tables, the processor notices and fails the VM entry as soon as CR0.PG
is set to 1."
And thanks "Laszlo Ersek" <lersek@redhat.com> to validate the fix.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Signed-off-by: "Paolo Bonzini" <pbonzini@redhat.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Cc: "Fan, Jeff" <jeff.fan@intel.com>
Cc: "Kinney, Michael D" <michael.d.kinney@intel.com>
Cc: "Laszlo Ersek" <lersek@redhat.com>
Cc: "Paolo Bonzini" <pbonzini@redhat.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19067 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
|
| fc8c919525d40dd332eef6adbc20bf93adb74227 |
|
27-Nov-2015 |
Laszlo Ersek <lersek@redhat.com> |
Revert "Always set WP in CR0."
This reverts SVN r18960 / git commit
8e496a7abcb78c36b0af47ed473096ef7f171606.
The patch series had been fully reviewed on edk2-devel, but it got
committed as a single squashed patch. Revert it for now.
Link: http://thread.gmane.org/gmane.comp.bios.edk2.devel/4951
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18977 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
|
| 8e496a7abcb78c36b0af47ed473096ef7f171606 |
|
26-Nov-2015 |
Yao, Jiewen <jiewen.yao@intel.com> |
Always set WP in CR0.
Always set RW+P bit for page table by default.
So that we can use write-protection for code later.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Kinney, Michael D" <michael.d.kinney@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18960 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
|
| 427e3573426fe425141e413d17cf3ff65452fdb8 |
|
19-Oct-2015 |
Michael Kinney <michael.d.kinney@intel.com> |
UefiCpuPkg: Add PiSmmCpuDxeSmm module X64 files
Add module that initializes a CPU for the SMM environment and
installs the first level SMI handler. This module along with the
SMM IPL and SMM Core provide the services required for
DXE_SMM_DRIVERS to register hardware and software SMI handlers.
CPU specific features are abstracted through the SmmCpuFeaturesLib
Platform specific features are abstracted through the
SmmCpuPlatformHookLib
Several PCDs are added to enable/disable features and configure
settings for the PiSmmCpuDxeSmm module
[jeff.fan@intel.com: Fix code style issues reported by ECC]
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18647 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
|