UefiCpuPkg/PiSmmCpuDxeSmm: Implement NULL pointer detection for SMM code

The mechanism behind is the same as NULL pointer detection enabled in EDK-II
core. SMM has its own page table and we have to disable page 0 again in SMM
mode.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Ayellet Wolman <ayellet.wolman@intel.com>
Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
index f295c2ebf228b6220a4ab8c97f035f9713fdb873..641a1d69a238f563eccb7f77e2f2869ef7e0d05b 100644 (file)
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
@@ -155,6 +155,18 @@ SmiPFHandler (
     }\r
   }\r
 \r
+  //\r
+  // If NULL pointer was just accessed\r
+  //\r
+  if ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0 &&\r
+      (PFAddress < EFI_PAGE_SIZE)) {\r
+    DEBUG ((DEBUG_ERROR, "!!! NULL pointer access !!!\n"));\r
+    DEBUG_CODE (\r
+      DumpModuleInfoByIp ((UINTN)SystemContext.SystemContextIa32->Eip);\r
+    );\r
+    CpuDeadLoop ();\r
+  }\r
+\r
   if (FeaturePcdGet (PcdCpuSmmProfileEnable)) {\r
     SmmProfilePFHandler (\r
       SystemContext.SystemContextIa32->Eip,\r

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
index f086b97c30aa538a588bb27bb1929b130497164d..0d3223d714459fa7e616509513272c98ed30cd0f 100644 (file)
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
@@ -855,10 +855,10 @@ Gen4GPageTable (
     Pte[Index] = (Index << 21) | mAddressEncMask | IA32_PG_PS | PAGE_ATTRIBUTE_BITS;\r
   }\r
 \r
+  Pdpte = (UINT64*)PageTable;\r
   if (FeaturePcdGet (PcdCpuSmmStackGuard)) {\r
     Pages = (UINTN)PageTable + EFI_PAGES_TO_SIZE (5);\r
     GuardPage = mSmmStackArrayBase + EFI_PAGE_SIZE;\r
-    Pdpte = (UINT64*)PageTable;\r
     for (PageIndex = Low2MBoundary; PageIndex <= High2MBoundary; PageIndex += SIZE_2MB) {\r
       Pte = (UINT64*)(UINTN)(Pdpte[BitFieldRead32 ((UINT32)PageIndex, 30, 31)] & ~mAddressEncMask & ~(EFI_PAGE_SIZE - 1));\r
       Pte[BitFieldRead32 ((UINT32)PageIndex, 21, 29)] = (UINT64)Pages | mAddressEncMask | PAGE_ATTRIBUTE_BITS;\r
@@ -886,6 +886,29 @@ Gen4GPageTable (
     }\r
   }\r
 \r
+  if ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0) {\r
+    Pte = (UINT64*)(UINTN)(Pdpte[0] & ~mAddressEncMask & ~(EFI_PAGE_SIZE - 1));\r
+    if ((Pte[0] & IA32_PG_PS) == 0) {\r
+      // 4K-page entries are already mapped. Just hide the first one anyway.\r
+      Pte = (UINT64*)(UINTN)(Pte[0] & ~mAddressEncMask & ~(EFI_PAGE_SIZE - 1));\r
+      Pte[0] &= ~IA32_PG_P; // Hide page 0\r
+    } else {\r
+      // Create 4K-page entries\r
+      Pages = (UINTN)AllocatePageTableMemory (1);\r
+      ASSERT (Pages != 0);\r
+\r
+      Pte[0] = (UINT64)(Pages | mAddressEncMask | PAGE_ATTRIBUTE_BITS);\r
+\r
+      Pte = (UINT64*)Pages;\r
+      PageAddress = 0;\r
+      Pte[0] = PageAddress | mAddressEncMask; // Hide page 0 but present left\r
+      for (Index = 1; Index < EFI_PAGE_SIZE / sizeof (*Pte); Index++) {\r
+        PageAddress += EFI_PAGE_SIZE;\r
+        Pte[Index] = PageAddress | mAddressEncMask | PAGE_ATTRIBUTE_BITS;\r
+      }\r
+    }\r
+  }\r
+\r
   return (UINT32)(UINTN)PageTable;\r
 }\r
 \r

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
index 099792e6ce784e68007fa1bac4740d30f4b47dd2..31cb215342cac1ccc9f127334bce36339fa902c1 100644 (file)
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
@@ -159,6 +159,7 @@
   gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStaticPageTable               ## CONSUMES\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable                   ## CONSUMES\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask    ## CONSUMES\r
+  gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask    ## CONSUMES\r
 \r
 [Depex]\r
   gEfiMpServiceProtocolGuid\r

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
index 3dde80f9bad632d1c5cab4318d505efa9cda33eb..f3791ce89792e92887ead38bd08e610d4de7fd38 100644 (file)
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
@@ -872,6 +872,18 @@ SmiPFHandler (
     }\r
   }\r
 \r
+  //\r
+  // If NULL pointer was just accessed\r
+  //\r
+  if ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0 &&\r
+      (PFAddress < EFI_PAGE_SIZE)) {\r
+    DEBUG ((DEBUG_ERROR, "!!! NULL pointer access !!!\n"));\r
+    DEBUG_CODE (\r
+      DumpModuleInfoByIp ((UINTN)SystemContext.SystemContextX64->Rip);\r
+    );\r
+    CpuDeadLoop ();\r
+  }\r
+\r
   if (FeaturePcdGet (PcdCpuSmmProfileEnable)) {\r
     SmmProfilePFHandler (\r
       SystemContext.SystemContextX64->Rip,\r