diff options
| author | Ray Ni <ray.ni@intel.com> | 2019-08-26 06:13:17 +0800 |
|---|---|---|
| committer | Ray Ni <ray.ni@intel.com> | 2019-09-04 01:00:10 +0800 |
| commit | 79186ddcddcabe48eceb58efd296252e3d53b003 (patch) | |
| tree | ebc35efbbed75e5f4f4aefe27febc74fde827e1a /UefiCpuPkg/PiSmmCpuDxeSmm | |
| parent | 09f7c82b4c64956f58205dee7b661ab6c3253825 (diff) | |
| download | edk2-79186ddcddcabe48eceb58efd296252e3d53b003.zip edk2-79186ddcddcabe48eceb58efd296252e3d53b003.tar.gz edk2-79186ddcddcabe48eceb58efd296252e3d53b003.tar.bz2 | |
UefiCpuPkg/PiSmmCpu: Restrict access per PcdCpuSmmRestrictedMemoryAccess
Today's behavior is to always restrict access to non-SMRAM regardless
the value of PcdCpuSmmRestrictedMemoryAccess.
Because RAS components require to access all non-SMRAM memory, the
patch changes the code logic to honor PcdCpuSmmRestrictedMemoryAccess
so that only when the PCD is true, the restriction takes affect and
page table memory is also protected.
Because IA32 build doesn't reference this PCD, such restriction
always takes affect in IA32 build.
Signed-off-by: Ray Ni <ray.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Diffstat (limited to 'UefiCpuPkg/PiSmmCpuDxeSmm')
| -rw-r--r-- | UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c | 14 | ||||
| -rw-r--r-- | UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 18 | ||||
| -rw-r--r-- | UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 11 | ||||
| -rw-r--r-- | UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c | 14 |
4 files changed, 49 insertions, 8 deletions
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c index 05fb455..f891a81 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c @@ -336,3 +336,17 @@ RestoreCr2 ( {
return ;
}
+
+/**
+ Return whether access to non-SMRAM is restricted.
+
+ @retval TRUE Access to non-SMRAM is restricted.
+ @retval FALSE Access to non-SMRAM is not restricted.
+*/
+BOOLEAN
+IsRestrictedMemoryAccess (
+ VOID
+ )
+{
+ return TRUE;
+}
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c index 69a04df..723fd50 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c @@ -1431,15 +1431,17 @@ PerformRemainingTasks ( //
SetMemMapAttributes ();
- //
- // For outside SMRAM, we only map SMM communication buffer or MMIO.
- //
- SetUefiMemMapAttributes ();
+ if (IsRestrictedMemoryAccess ()) {
+ //
+ // For outside SMRAM, we only map SMM communication buffer or MMIO.
+ //
+ SetUefiMemMapAttributes ();
- //
- // Set page table itself to be read-only
- //
- SetPageTableAttributes ();
+ //
+ // Set page table itself to be read-only
+ //
+ SetPageTableAttributes ();
+ }
//
// Configure SMM Code Access Check feature if available.
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h index 8c29f1a..daf977f 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h @@ -1450,4 +1450,15 @@ InitializeDataForMmMp ( VOID
);
+/**
+ Return whether access to non-SMRAM is restricted.
+
+ @retval TRUE Access to non-SMRAM is restricted.
+ @retval FALSE Access to non-SMRAM is not restricted.
+*/
+BOOLEAN
+IsRestrictedMemoryAccess (
+ VOID
+ );
+
#endif
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c index 7516f35..733d107 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c @@ -1252,3 +1252,17 @@ RestoreCr2 ( AsmWriteCr2 (Cr2);
}
}
+
+/**
+ Return whether access to non-SMRAM is restricted.
+
+ @retval TRUE Access to non-SMRAM is restricted.
+ @retval FALSE Access to non-SMRAM is not restricted.
+*/
+BOOLEAN
+IsRestrictedMemoryAccess (
+ VOID
+ )
+{
+ return mCpuSmmRestrictedMemoryAccess;
+}
|