This Feature PCD causes PiSmmCpuDxe to catch SMM stack overflow at
runtime, logging a clear error message, and entering a CPU dead loop.
Compared to the chaotic and catastrophic consequences of the stack leaking
into, and corrupting, the SMM page table, a stack guard that is enabled by
default is vastly superior.
We should not require sane platforms to explicitly opt in to this
safeguard; instead, we should require platforms that prefer to live
dangerously to opt out of it.
Stack overflow in SMM might even give rise to security vulnerabilities.
Cc: Jeff Fan <jeff.fan@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Ref: http://thread.gmane.org/gmane.comp.bios.edk2.devel/12864
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=
1341733
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmBlockStartupThisAp|FALSE|BOOLEAN|0x32132108\r
\r
## Indicates if SMM Stack Guard will be enabled.\r
- # If enabled, stack overflow in SMM can be caught which eases debugging.<BR><BR>\r
+ # If enabled, stack overflow in SMM can be caught, preventing chaotic consequences.<BR><BR>\r
# TRUE - SMM Stack Guard will be enabled.<BR>\r
# FALSE - SMM Stack Guard will be disabled.<BR>\r
# @Prompt Enable SMM Stack Guard.\r
- gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackGuard|FALSE|BOOLEAN|0x1000001C\r
+ gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackGuard|TRUE|BOOLEAN|0x1000001C\r
\r
## Indicates if BSP election in SMM will be enabled.\r
# If enabled, a BSP will be dynamically elected among all processors in each SMI.\r
projects / mirror_edk2.git / commitdiff