From 509f8425b75dd0b0698b159db71379f49c36b2fc Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 1 Jun 2016 19:23:20 +0200
Subject: [PATCH] UefiCpuPkg: change PcdCpuSmmStackGuard default to TRUE

This Feature PCD causes PiSmmCpuDxe to catch SMM stack overflow at
runtime, logging a clear error message, and entering a CPU dead loop.
Compared to the chaotic and catastrophic consequences of the stack leaking
into, and corrupting, the SMM page table, a stack guard that is enabled by
default is vastly superior.

We should not require sane platforms to explicitly opt in to this
safeguard; instead, we should require platforms that prefer to live
dangerously to opt out of it.

Stack overflow in SMM might even give rise to security vulnerabilities.

Cc: Jeff Fan <jeff.fan@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Ref: http://thread.gmane.org/gmane.comp.bios.edk2.devel/12864
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1341733
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
---
 UefiCpuPkg/UefiCpuPkg.dec | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
index 16637dfdc1..ef46318a89 100644
--- a/UefiCpuPkg/UefiCpuPkg.dec
+++ b/UefiCpuPkg/UefiCpuPkg.dec
@@ -85,11 +85,11 @@
   gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmBlockStartupThisAp|FALSE|BOOLEAN|0x32132108
 
   ## Indicates if SMM Stack Guard will be enabled.
-  #  If enabled, stack overflow in SMM can be caught which eases debugging.<BR><BR>
+  #  If enabled, stack overflow in SMM can be caught, preventing chaotic consequences.<BR><BR>
   #   TRUE  - SMM Stack Guard will be enabled.<BR>
   #   FALSE - SMM Stack Guard will be disabled.<BR>
   # @Prompt Enable SMM Stack Guard.
-  gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackGuard|FALSE|BOOLEAN|0x1000001C
+  gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackGuard|TRUE|BOOLEAN|0x1000001C
 
   ## Indicates if BSP election in SMM will be enabled.
   #  If enabled, a BSP will be dynamically elected among all processors in each SMI.
-- 
2.39.2