UefiCpuPkg/PiSmmCpu: Add SMM Comm Buffer Paging Protection.

This patch sets the normal OS buffer EfiLoaderCode/Data,
EfiBootServicesCode/Data, EfiConventionalMemory, EfiACPIReclaimMemory
to be not present after SmmReadyToLock.

To access these region in OS runtime phase is not a good solution.

Previously, we did similar check in SmmMemLib to help SMI handler
do the check. But if SMI handler forgets the check, it can still
access these OS region and bring risk.

So here we enforce the policy to prevent it happening.

Cc: Jeff Fan <jeff.fan@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>

1 files changed, 29 insertions, 0 deletions

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
index 9160fa8..69c54fb 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
@@ -839,6 +839,35 @@ SetMemMapAttributes (
   );

 

 /**

+  This function sets UEFI memory attribute according to UEFI memory map.

+**/

+VOID

+SetUefiMemMapAttributes (

+  VOID

+  );

+

+/**

+  Return if the Address is forbidden as SMM communication buffer.

+

+  @param[in] Address the address to be checked

+

+  @return TRUE  The address is forbidden as SMM communication buffer.

+  @return FALSE The address is allowed as SMM communication buffer.

+**/

+BOOLEAN

+IsSmmCommBufferForbiddenAddress (

+  IN UINT64  Address

+  );

+

+/**

+  This function caches the UEFI memory map information.

+**/

+VOID

+GetUefiMemoryMap (

+  VOID

+  );

+

+/**

   This function sets memory attribute for page table.

 **/

 VOID