[edk2-devel] [PATCH v2 1/2] UefiCpuPkg: Add PCD PcdCpuSmmAccessOut to control SMM access out

Laszlo Ersek lersek at redhat.com
Wed Jul 31 22:21:32 UTC 2019 

On 07/31/19 18:38, Ni, Ray wrote:
> There is a requirement to allow SMM code access non-SMRAM memory
> after ReadyToLock.
> The requirement was expected to be satisfied by commit:
> c60d36b4d1ee1f69b7cca897d3621dfa951895c2
> * UefiCpuPkg/SmmCpu: Block access-out only when static paging is used
> 
> Commit c60d36b4 re-interpreted the PcdCpuSmmStaticPageTable as
> a way to control whether SMM module can access non-SMRAM memory
> after ReadyToLock.
> It brought confusion because "static page table" means the page table
> is created in advance and there is no dynamic page table modification
> at runtime. It only applies to 64bit environment because page table
> for memory below 4GB is always created in advance. But the control
> of whether allowing SMM module access non-SMRAM memory can also be
> applied to 32bit environment.
> It makes more sense to have a separate PCD as proposed in this
> patch to control the policy.
> 
> Signed-off-by: Ray Ni <ray.ni at intel.com>
> Cc: Eric Dong <eric.dong at intel.com>
> Cc: Laszlo Ersek <lersek at redhat.com>
> Cc: Jiewen Yao <jiewen.yao at intel.com>
> ---
>  UefiCpuPkg/UefiCpuPkg.dec | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
> index 6ddf0cd224..24b44bae39 100644
> --- a/UefiCpuPkg/UefiCpuPkg.dec
> +++ b/UefiCpuPkg/UefiCpuPkg.dec
> @@ -246,6 +246,13 @@ [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
>    # @Prompt Use static page table for all memory in SMM.
>    gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStaticPageTable|TRUE|BOOLEAN|0x3213210D
>  
> +  ## Controls whether SMM modules can access all non-SMRAM memory after SmmReadyToLock.
> +  #   TRUE  - SMM modules can access all non-SMRAM memory after SmmReadyToLock.<BR>
> +  #   FALSE - SMM modules can only access reserved, runtime and ACPI NVS type of non-SMRAM memory
> +  #           after SmmReadyToLock.<BR>
> +  # @Prompt SMM modules can access all non-SMRAM memory after SmmReadyToLock.
> +  gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmAccessOut|FALSE|BOOLEAN|0x3213210F
> +
>    ## Specifies timeout value in microseconds for the BSP in SMM to wait for all APs to come into SMM.
>    # @Prompt AP synchronization timeout value in SMM.
>    gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|1000000|UINT64|0x32132104
> 

Reviewed-by: Laszlo Ersek <lersek at redhat.com>

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#44704): https://edk2.groups.io/g/devel/message/44704
Mute This Topic: https://groups.io/mt/32668871/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list